68ef824a5f
And also ... - Related: upstream#941 - return multiple server addresses to the Kerberos locator plugin - Related: upstream#3652 - kdcinfo doesn't get populated for other domains - Resolves: upstream#3747 - sss_ssh_authorizedkeys exits abruptly if SSHD closes its end of the pipe before reading all the SSH keys - Resolves: upstream#3607 - Handle conflicting e-mail addresses more gracefully - Resolves: upstream#3754 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Related: upstream#3219 - [RFE] Regular expression used in sssd.conf not being able to consume an @-sign in the user/group name. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
142 lines
4.9 KiB
Diff
142 lines
4.9 KiB
Diff
From 9efaade255e59b4a2f5cff2ab78c1db61132a40a Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Thu, 21 Jun 2018 12:27:32 +0200
|
|
Subject: [PATCH] Revert "LDAP/IPA: add local email address to aliases"
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
This reverts commit 9a310913d696d190db14c625080678db853a33fd.
|
|
|
|
Storing the e-mail address as a nameAlias was a performance optimization
|
|
to avoid having to fall back to the UPN lookup, but had the disadvantage
|
|
of returning multiple results for cases where an e-mail address is the
|
|
same as a user's fully qualified name.
|
|
|
|
Since the e-mail lookups would still work without this optimization,
|
|
just after one more lookup, let's revert the patch.
|
|
|
|
Resolves:
|
|
https://pagure.io/SSSD/sssd/issue/3607
|
|
|
|
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
(cherry picked from commit b0ec3875da281a9c29eda2cb19c1026510866d5b)
|
|
|
|
DOWNSTREAM:
|
|
Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully
|
|
---
|
|
src/providers/ipa/ipa_s2n_exop.c | 49 --------------------------------
|
|
src/providers/ldap/sdap_utils.c | 22 --------------
|
|
2 files changed, 71 deletions(-)
|
|
|
|
diff --git a/src/providers/ipa/ipa_s2n_exop.c b/src/providers/ipa/ipa_s2n_exop.c
|
|
index 9cb735526293ff5a209d732366b86fdb95dc8679..6f3974637a08b9d70e32fb6d79724be4f6e8dbde 100644
|
|
--- a/src/providers/ipa/ipa_s2n_exop.c
|
|
+++ b/src/providers/ipa/ipa_s2n_exop.c
|
|
@@ -2118,49 +2118,6 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
-static errno_t add_emails_to_aliases(struct sysdb_attrs *attrs,
|
|
- struct sss_domain_info *dom)
|
|
-{
|
|
- int ret;
|
|
- const char **emails;
|
|
- size_t c;
|
|
- TALLOC_CTX *tmp_ctx;
|
|
-
|
|
- tmp_ctx = talloc_new(NULL);
|
|
- if (tmp_ctx == NULL) {
|
|
- DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
|
|
- return ENOMEM;
|
|
- }
|
|
-
|
|
- ret = sysdb_attrs_get_string_array(attrs, SYSDB_USER_EMAIL, tmp_ctx,
|
|
- &emails);
|
|
- if (ret == EOK) {
|
|
- for (c = 0; emails[c] != NULL; c++) {
|
|
- if (is_email_from_domain(emails[c], dom)) {
|
|
- ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[c]);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_OP_FAILURE,
|
|
- "Failed to add lower-cased version of email [%s] "
|
|
- "into the alias list\n", emails[c]);
|
|
- goto done;
|
|
- }
|
|
- }
|
|
- }
|
|
- } else if (ret == ENOENT) {
|
|
- DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n");
|
|
- } else {
|
|
- DEBUG(SSSDBG_OP_FAILURE,
|
|
- "sysdb_attrs_get_string_array failed, skipping ...\n");
|
|
- }
|
|
-
|
|
- ret = EOK;
|
|
-
|
|
-done:
|
|
- talloc_free(tmp_ctx);
|
|
-
|
|
- return ret;
|
|
-}
|
|
-
|
|
static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
|
|
struct req_input *req_input,
|
|
struct resp_attrs *attrs,
|
|
@@ -2314,12 +2271,6 @@ static errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
|
|
goto done;
|
|
}
|
|
|
|
- ret = add_emails_to_aliases(attrs->sysdb_attrs, dom);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_OP_FAILURE,
|
|
- "add_emails_to_aliases failed, skipping ...\n");
|
|
- }
|
|
-
|
|
if (upn == NULL) {
|
|
/* We also have to store a fake UPN here, because otherwise the
|
|
* krb5 child later won't be able to properly construct one as
|
|
diff --git a/src/providers/ldap/sdap_utils.c b/src/providers/ldap/sdap_utils.c
|
|
index 0ac3ab2e416d887d00480b5123859c611f514274..6d543101f06ce3cd3925a675af6cabdacb8ebcaa 100644
|
|
--- a/src/providers/ldap/sdap_utils.c
|
|
+++ b/src/providers/ldap/sdap_utils.c
|
|
@@ -87,7 +87,6 @@ sdap_save_all_names(const char *name,
|
|
int i;
|
|
bool lowercase = !dom->case_sensitive;
|
|
bool store_as_fqdn;
|
|
- const char **emails;
|
|
|
|
switch (entry_type) {
|
|
case SYSDB_MEMBER_USER:
|
|
@@ -144,27 +143,6 @@ sdap_save_all_names(const char *name,
|
|
|
|
}
|
|
|
|
- ret = sysdb_attrs_get_string_array(ldap_attrs, SYSDB_USER_EMAIL, tmp_ctx,
|
|
- &emails);
|
|
- if (ret == EOK) {
|
|
- for (i = 0; emails[i] != NULL; i++) {
|
|
- if (is_email_from_domain(emails[i], dom)) {
|
|
- ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[i]);
|
|
- if (ret) {
|
|
- DEBUG(SSSDBG_OP_FAILURE,
|
|
- "Failed to add lower-cased version of email [%s] "
|
|
- "into the alias list\n", emails[i]);
|
|
- goto done;
|
|
- }
|
|
- }
|
|
- }
|
|
- } else if (ret == ENOENT) {
|
|
- DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n");
|
|
- } else {
|
|
- DEBUG(SSSDBG_OP_FAILURE,
|
|
- "sysdb_attrs_get_string_array failed, skipping ...\n");
|
|
- }
|
|
-
|
|
ret = EOK;
|
|
done:
|
|
talloc_free(tmp_ctx);
|
|
--
|
|
2.17.1
|
|
|