e37379577b
prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available
53 lines
2.5 KiB
Diff
53 lines
2.5 KiB
Diff
From 55fa5564a9835e9697555d1bfeb9336bcce2415f Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Mon, 22 Feb 2016 16:08:13 +0100
|
|
Subject: [PATCH 083/108] IPA: invalidate override data if original view is
|
|
missing
|
|
|
|
If the idview name cannot be read from cache this either means that the
|
|
cache was empty or the name wasn't written because of an error. In the
|
|
case of an error SSSD would assume that the default view was used. If
|
|
the new view is different from the default view the override data must be
|
|
invalidated. Since the sysdb call to invalidate the override data would
|
|
work with an empty cache as well and do nothing it is safe to call it on
|
|
both cases.
|
|
|
|
Related to https://fedorahosted.org/sssd/ticket/2960
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
(cherry picked from commit b5d48539966aefbea703377ba2ebcb67f9cf88b8)
|
|
(cherry picked from commit 1d4d3f15b5cb9b9ffad521ddea0b1e3660587816)
|
|
---
|
|
src/providers/ipa/ipa_subdomains.c | 14 ++++++++++++--
|
|
1 file changed, 12 insertions(+), 2 deletions(-)
|
|
|
|
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
|
index c888279229c891f1d5b8763aa851617a5daedd51..cb5a23bfb8043e620061e11d5e567d3e39eab6e3 100644
|
|
--- a/src/providers/ipa/ipa_subdomains.c
|
|
+++ b/src/providers/ipa/ipa_subdomains.c
|
|
@@ -898,9 +898,19 @@ static void ipa_get_view_name_done(struct tevent_req *req)
|
|
} else {
|
|
if (ctx->sd_ctx->id_ctx->view_name == NULL
|
|
|| strcmp(ctx->sd_ctx->id_ctx->view_name, view_name) != 0) {
|
|
- /* View name changed */
|
|
+ /* View name changed. If there was a non-default non-local view
|
|
+ * was used the tree in cache containing the override values is
|
|
+ * removed. In all cases sysdb_invalidate_overrides() is called to
|
|
+ * remove the override attribute from the cached user objects.
|
|
+ *
|
|
+ * Typically ctx->sd_ctx->id_ctx->view_name == NULL means that the
|
|
+ * cache was empty but there was a bug in with caused that the
|
|
+ * view name was not written to the cache at all. In this case the
|
|
+ * cache must be invalidated if the new view is not the
|
|
+ * default-view as well. */
|
|
|
|
- if (ctx->sd_ctx->id_ctx->view_name != NULL) {
|
|
+ if (ctx->sd_ctx->id_ctx->view_name != NULL
|
|
+ || !is_default_view(view_name)) {
|
|
ret = sysdb_transaction_start(
|
|
ctx->sd_ctx->be_ctx->domain->sysdb);
|
|
if (ret != EOK) {
|
|
--
|
|
2.7.3
|
|
|