sssd/0078-confdb-Do-not-start-implicit_files-with-proxy-domain.patch

From 8cf5e390b38f0be4f88b0ebbbd1b14f52d35cd02 Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Thu, 30 Nov 2017 07:59:33 +0100
Subject: [PATCH 78/79] confdb: Do not start implicit_files with proxy domain

id_provider = proxy + proxy_lib_name = files is equivalent
to id_provider = files. But requests to user hit implicit_files
domain instead of proxy domain and therefore it broke usage
of proxy domain with auth_provider = krb5.

Resolves:
https://pagure.io/SSSD/sssd/issue/3590
---
 src/confdb/confdb.c | 22 +++++++++++++++++++++-
 1 file changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index ef1be4a6e6daee2644d535e561fac7735eb6a0b2..0a4be57e08791f8a9eb5fc143a56352cd4ef4b5e 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -1769,6 +1769,25 @@ static bool need_implicit_files_domain(TALLOC_CTX *tmp_ctx,
         if (strcasecmp(id_provider, "files") == 0) {
             return false;
         }
+
+        if (strcasecmp(id_provider, "proxy") == 0) {
+            val = ldb_msg_find_attr_as_string(doms->msgs[i],
+                                              CONFDB_PROXY_LIBNAME, NULL);
+            if (val == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE,
+                      "The object [%s] doesn't have proxy_lib_name with "
+                      "id_provider proxy\n",
+                      ldb_dn_get_linearized(doms->msgs[i]->dn));
+                continue;
+            }
+
+            /* id_provider = proxy + proxy_lib_name = files is equivalent
+             * to id_provider = files
+             */
+            if (strcmp(val, "files") == 0) {
+                return false;
+            }
+        }
     }
 
     return true;
@@ -1780,7 +1799,8 @@ static int confdb_has_files_domain(struct confdb_ctx *cdb)
     struct ldb_dn *dn = NULL;
     struct ldb_result *res = NULL;
     static const char *attrs[] = { CONFDB_DOMAIN_ID_PROVIDER,
-                                   CONFDB_DOMAIN_ATTR, NULL };
+                                   CONFDB_DOMAIN_ATTR,
+                                   CONFDB_PROXY_LIBNAME, NULL };
     int ret;
     bool need_files_dom;
 
-- 
2.15.1