01409e3d48
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
or machine swaps
Resolves: failure in glibc tests
https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
auth_provider ldap, login fails if the LDAP server
is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
in /etc/systemd/system
Backport few upstream features from 1.16.1
(cherry picked from commit 1dedfbb334
)
97 lines
3.4 KiB
Diff
97 lines
3.4 KiB
Diff
From 57720f0d0945262a13d9ab7d1ec8220837ab618f Mon Sep 17 00:00:00 2001
|
|
From: Lukas Slebodnik <lslebodn@redhat.com>
|
|
Date: Wed, 29 Nov 2017 20:02:35 +0100
|
|
Subject: [PATCH 77/79] confdb: Fix starting of implicit files domain
|
|
|
|
We did not start implicit_files domain when sssd configuration
|
|
contains files domain which was disabled.
|
|
---
|
|
src/confdb/confdb.c | 36 +++++++++++++++++++++++++++++++++--
|
|
src/tests/intg/test_files_provider.py | 3 +++
|
|
2 files changed, 37 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
|
|
index c41bd5087592ba15d8956e0279aaf72ba86936ed..ef1be4a6e6daee2644d535e561fac7735eb6a0b2 100644
|
|
--- a/src/confdb/confdb.c
|
|
+++ b/src/confdb/confdb.c
|
|
@@ -1719,12 +1719,43 @@ done:
|
|
}
|
|
|
|
static bool need_implicit_files_domain(TALLOC_CTX *tmp_ctx,
|
|
+ struct confdb_ctx *cdb,
|
|
struct ldb_result *doms)
|
|
{
|
|
const char *id_provider = NULL;
|
|
unsigned int i;
|
|
+ errno_t ret;
|
|
+ char **domlist;
|
|
+ const char *val;
|
|
+
|
|
+ ret = confdb_get_string_as_list(cdb, tmp_ctx,
|
|
+ CONFDB_MONITOR_CONF_ENTRY,
|
|
+ CONFDB_MONITOR_ACTIVE_DOMAINS,
|
|
+ &domlist);
|
|
+ if (ret == ENOENT) {
|
|
+ return true;
|
|
+ } else if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "Cannot get active domains %d[%s]\n",
|
|
+ ret, sss_strerror(ret));
|
|
+ return false;
|
|
+ }
|
|
|
|
for (i = 0; i < doms->count; i++) {
|
|
+ val = ldb_msg_find_attr_as_string(doms->msgs[i], CONFDB_DOMAIN_ATTR,
|
|
+ NULL);
|
|
+ if (val == NULL) {
|
|
+ DEBUG(SSSDBG_CRIT_FAILURE,
|
|
+ "The object [%s] doesn't have a name\n",
|
|
+ ldb_dn_get_linearized(doms->msgs[i]->dn));
|
|
+ continue;
|
|
+ }
|
|
+
|
|
+ /* skip disabled domain */
|
|
+ if (!string_in_list(val, domlist, false)) {
|
|
+ continue;
|
|
+ }
|
|
+
|
|
id_provider = ldb_msg_find_attr_as_string(doms->msgs[i],
|
|
CONFDB_DOMAIN_ID_PROVIDER,
|
|
NULL);
|
|
@@ -1748,7 +1779,8 @@ static int confdb_has_files_domain(struct confdb_ctx *cdb)
|
|
TALLOC_CTX *tmp_ctx = NULL;
|
|
struct ldb_dn *dn = NULL;
|
|
struct ldb_result *res = NULL;
|
|
- static const char *attrs[] = { CONFDB_DOMAIN_ID_PROVIDER, NULL };
|
|
+ static const char *attrs[] = { CONFDB_DOMAIN_ID_PROVIDER,
|
|
+ CONFDB_DOMAIN_ATTR, NULL };
|
|
int ret;
|
|
bool need_files_dom;
|
|
|
|
@@ -1770,7 +1802,7 @@ static int confdb_has_files_domain(struct confdb_ctx *cdb)
|
|
goto done;
|
|
}
|
|
|
|
- need_files_dom = need_implicit_files_domain(tmp_ctx, res);
|
|
+ need_files_dom = need_implicit_files_domain(tmp_ctx, cdb, res);
|
|
|
|
ret = need_files_dom ? ENOENT : EOK;
|
|
done:
|
|
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
|
|
index e507ea10d78b9b35ee57178e78f4621372d0c2e5..169da713767b6495e117d805b29d8d6346237ebc 100644
|
|
--- a/src/tests/intg/test_files_provider.py
|
|
+++ b/src/tests/intg/test_files_provider.py
|
|
@@ -167,6 +167,9 @@ def no_files_domain(request):
|
|
|
|
[domain/local]
|
|
id_provider = local
|
|
+
|
|
+ [domain/disabled.files]
|
|
+ id_provider = files
|
|
""").format(**locals())
|
|
create_conf_fixture(request, conf)
|
|
create_sssd_fixture(request)
|
|
--
|
|
2.15.1
|
|
|