sssd/0077-confdb-Fix-starting-of-implicit-files-domain.patch
Lukas Slebodnik 01409e3d48 Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout
Resolves: upstream#3588 - sssd_nss consumes more memory until restarted
                          or machine swaps
Resolves: failure in glibc tests
          https://sourceware.org/bugzilla/show_bug.cgi?id=22530
Resolves: upstream#3451 - When sssd is configured with id_provider proxy and
                          auth_provider ldap, login fails if the LDAP server
                          is not allowing anonymous binds
Resolves: upstream#3285 - SSSD needs restart after incorrect clock is
                          corrected with AD
Resolves: upstream#3586 - Give a more detailed debug and system-log message
                          if krb5_init_context() failed
Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet
                         in /etc/systemd/system
Backport few upstream features from 1.16.1

(cherry picked from commit 1dedfbb334)
2017-12-04 21:53:43 +01:00

97 lines
3.4 KiB
Diff

From 57720f0d0945262a13d9ab7d1ec8220837ab618f Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed, 29 Nov 2017 20:02:35 +0100
Subject: [PATCH 77/79] confdb: Fix starting of implicit files domain
We did not start implicit_files domain when sssd configuration
contains files domain which was disabled.
---
src/confdb/confdb.c | 36 +++++++++++++++++++++++++++++++++--
src/tests/intg/test_files_provider.py | 3 +++
2 files changed, 37 insertions(+), 2 deletions(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index c41bd5087592ba15d8956e0279aaf72ba86936ed..ef1be4a6e6daee2644d535e561fac7735eb6a0b2 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1719,12 +1719,43 @@ done:
}
static bool need_implicit_files_domain(TALLOC_CTX *tmp_ctx,
+ struct confdb_ctx *cdb,
struct ldb_result *doms)
{
const char *id_provider = NULL;
unsigned int i;
+ errno_t ret;
+ char **domlist;
+ const char *val;
+
+ ret = confdb_get_string_as_list(cdb, tmp_ctx,
+ CONFDB_MONITOR_CONF_ENTRY,
+ CONFDB_MONITOR_ACTIVE_DOMAINS,
+ &domlist);
+ if (ret == ENOENT) {
+ return true;
+ } else if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "Cannot get active domains %d[%s]\n",
+ ret, sss_strerror(ret));
+ return false;
+ }
for (i = 0; i < doms->count; i++) {
+ val = ldb_msg_find_attr_as_string(doms->msgs[i], CONFDB_DOMAIN_ATTR,
+ NULL);
+ if (val == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ "The object [%s] doesn't have a name\n",
+ ldb_dn_get_linearized(doms->msgs[i]->dn));
+ continue;
+ }
+
+ /* skip disabled domain */
+ if (!string_in_list(val, domlist, false)) {
+ continue;
+ }
+
id_provider = ldb_msg_find_attr_as_string(doms->msgs[i],
CONFDB_DOMAIN_ID_PROVIDER,
NULL);
@@ -1748,7 +1779,8 @@ static int confdb_has_files_domain(struct confdb_ctx *cdb)
TALLOC_CTX *tmp_ctx = NULL;
struct ldb_dn *dn = NULL;
struct ldb_result *res = NULL;
- static const char *attrs[] = { CONFDB_DOMAIN_ID_PROVIDER, NULL };
+ static const char *attrs[] = { CONFDB_DOMAIN_ID_PROVIDER,
+ CONFDB_DOMAIN_ATTR, NULL };
int ret;
bool need_files_dom;
@@ -1770,7 +1802,7 @@ static int confdb_has_files_domain(struct confdb_ctx *cdb)
goto done;
}
- need_files_dom = need_implicit_files_domain(tmp_ctx, res);
+ need_files_dom = need_implicit_files_domain(tmp_ctx, cdb, res);
ret = need_files_dom ? ENOENT : EOK;
done:
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
index e507ea10d78b9b35ee57178e78f4621372d0c2e5..169da713767b6495e117d805b29d8d6346237ebc 100644
--- a/src/tests/intg/test_files_provider.py
+++ b/src/tests/intg/test_files_provider.py
@@ -167,6 +167,9 @@ def no_files_domain(request):
[domain/local]
id_provider = local
+
+ [domain/disabled.files]
+ id_provider = files
""").format(**locals())
create_conf_fixture(request, conf)
create_sssd_fixture(request)
--
2.15.1