[Kimchi-devel] [PATCH] Get user groups correctly

[Crístian Viana]

Kimchi uses the Python API (module "grp") to get the groups which a user
belongs to. But that implementation is not correct, in some cases
some groups are left out.

For example, take a look at the following commands. Here's the Python
method of getting the user groups (user=vianac):

$ python -c "import grp; u = 'vianac'; print [ g.gr_name for g in grp.getgrall() if u in g.gr_mem ]"
['wheel', 'vianac', 'desktop_admin_r', 'aline']

And here's another method of getting the same groups, using a GNU/Linux
command:

$ id -Gn vianac
vianac wheel desktop_admin_r aline

Now, let's try the same thing with a different user (user=root):

$ python -c "import grp; u = 'root'; print [ g.gr_name for g in grp.getgrall() if u in g.gr_mem ]"
[]

$ id -Gn root
root

As shown above, the Python method doesn't always display the correct
results. As the command "id" is bundled in the GNU/Linux package
"coreutils", I'd say its output is the correct one.

Use the external command "id" to get the user groups instead of the
Python API.

Signed-off-by: Crístian Viana <vianac at linux.vnet.ibm.com>
---
 src/kimchi/auth.py | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/src/kimchi/auth.py b/src/kimchi/auth.py
index aabcb6c..41538f1 100644
--- a/src/kimchi/auth.py
+++ b/src/kimchi/auth.py
@@ -20,7 +20,6 @@
 import base64
 import cherrypy
 import fcntl
-import grp
 import multiprocessing
 import os
 import PAM
@@ -71,8 +70,10 @@ class User(object):
         self.user[USER_ROLES] = dict.fromkeys(tabs, 'user')
 
     def get_groups(self):
-        self.user[USER_GROUPS] = [g.gr_name for g in grp.getgrall()
-                                  if self.user[USER_NAME] in g.gr_mem]
+        out, err, rc = run_command([ 'id', '-Gn', self.user[USER_NAME] ])
+        if rc == 0:
+            self.user[USER_GROUPS] = out.rstrip().split(" ")
+
         return self.user[USER_GROUPS]
 
     def get_roles(self):
-- 
1.9.3