Summary

One of our applications is infinitely looping while iterating user accounts and getting the user's primary group.

Steps to Reproduce

• Create a VM instance on GCP with oslogin enabled.
• Login to the VM instance using the gcloud SDK.
• Compile and run the program below on the instance.
• Program infinitely loops.

#define _GNU_SOURCE
#include <stdlib.h>
#include <pwd.h>
#include <stdio.h>
#include <stdint.h>
#include <grp.h>
#define BUFLEN 4096

int
main(void)
{
    struct passwd pw;
    struct passwd *pwp;
    char buf[BUFLEN];
    int i;

    setpwent();
    while (1) {
        i = getpwent_r(&pw, buf, sizeof(buf), &pwp);
        if ((i != 0) || (pwp == NULL))
        {
            break;
        }

        struct group *group = getgrgid(pw.pw_gid);

        printf("name=%s, uid=%u, group=%s\n", pwp->pw_name, pwp->pw_uid, group->gr_name);
    }
    endpwent();
    exit(EXIT_SUCCESS);
}

Expected Behaviour

All users and their primary group should be listed before exiting gracefully.

Actual Behaviour

Looking at the nss cache oslogin implementation in src/nss/nss_cache_oslogin.c, I see that calls to getpwuid and getpwnam reset the internal file handle p_file, this causes the subsequent call to getpwent to return the first entry again. This also affects getgrgid and getgrnam since they call getpwuid and getpwnam internally.

I could not find any documented restrictions or interactions, in the man pages or POSIX standard, between the iterating functions (set{gr,pw}ent, get{gr,pw}ent, end{gr,pw}ent) and the independent lookup functions (getpwuid, getpwnam, getgrgid, getgrnam).