rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
e15fc49cbf
sssd/0110-ipa-make-sure-view-name-is-initialized-at-startup.patch
Lukas Slebodnik e15fc49cbf Fix few bugs/regressions 
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access
                         on the sock_file system_bus_socket
Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and
                         fails to download desktop profile data
Resolves: upstream#3485 - getsidbyid does not work with 1.15.3
Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after
                          applying ID Views for them in IPA server
Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping
                          is applied
(cherry picked from commit 8eda442b2e)
2017-09-12 09:28:42 +02:00

60 lines
2.3 KiB
Diff
Raw Blame History

From f00591a4615720640cf01b1c408315b57dd397dc Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose@redhat.com>
Date: Thu, 31 Aug 2017 22:30:25 +0200
Subject: [PATCH 110/115] ipa: make sure view name is initialized at startup
sysdb_master_domain_update() can only set the view name properly if it was not
set before but it might be called multiple times before the view name is
available if the cache is empty. Since ipa_apply_view() keeps track if
the view name was already set at startup or not the name can safely be
cleaned here before sysdb_master_domain_update() is called.
Resolves:
https://pagure.io/SSSD/sssd/issue/3501
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
src/providers/ipa/ipa_subdomains.c | 19 ++++++++++++++++++-
1 file changed, 18 insertions(+), 1 deletion(-)
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
index 7f8bcdbad3e8375c8d56a51a7ac615b29ee0457d..8a4657bc0f0d3fdc1ef3acece532942ea94daa66 100644
--- a/src/providers/ipa/ipa_subdomains.c
+++ b/src/providers/ipa/ipa_subdomains.c
@@ -780,6 +780,18 @@ done:
return ret;
}
+static void clean_view_name(struct sss_domain_info *domain)
+{
+ struct sss_domain_info *dom = domain;
+
+ while (dom) {
+ dom->has_views = false;
+ talloc_free(discard_const(dom->view_name));
+ dom->view_name = NULL;
+ dom = get_next_domain(dom, SSS_GND_DESCEND);
+ }
+}
+
static errno_t ipa_apply_view(struct sss_domain_info *domain,
struct ipa_id_ctx *ipa_id_ctx,
const char *view_name,
@@ -872,7 +884,12 @@ static errno_t ipa_apply_view(struct sss_domain_info *domain,
}
if (!read_at_init) {
- /* refresh view data of all domains at startup */
+ /* refresh view data of all domains at startup, since
+ * sysdb_master_domain_update and sysdb_update_subdomains might have
+ * been called earlier without the proper view name the name is
+ * cleaned here before the calls. This is acceptable because this is
+ * the initial setup (!read_at_init). */
+ clean_view_name(domain);
ret = sysdb_master_domain_update(domain);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_master_domain_update failed "
--
2.14.1
Reference in New Issue View Git Blame Copy Permalink