8eda442b2e
Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied
60 lines
2.3 KiB
Diff
60 lines
2.3 KiB
Diff
From f00591a4615720640cf01b1c408315b57dd397dc Mon Sep 17 00:00:00 2001
|
|
From: Sumit Bose <sbose@redhat.com>
|
|
Date: Thu, 31 Aug 2017 22:30:25 +0200
|
|
Subject: [PATCH 110/115] ipa: make sure view name is initialized at startup
|
|
|
|
sysdb_master_domain_update() can only set the view name properly if it was not
|
|
set before but it might be called multiple times before the view name is
|
|
available if the cache is empty. Since ipa_apply_view() keeps track if
|
|
the view name was already set at startup or not the name can safely be
|
|
cleaned here before sysdb_master_domain_update() is called.
|
|
|
|
Resolves:
|
|
https://pagure.io/SSSD/sssd/issue/3501
|
|
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
---
|
|
src/providers/ipa/ipa_subdomains.c | 19 ++++++++++++++++++-
|
|
1 file changed, 18 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
|
index 7f8bcdbad3e8375c8d56a51a7ac615b29ee0457d..8a4657bc0f0d3fdc1ef3acece532942ea94daa66 100644
|
|
--- a/src/providers/ipa/ipa_subdomains.c
|
|
+++ b/src/providers/ipa/ipa_subdomains.c
|
|
@@ -780,6 +780,18 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
+static void clean_view_name(struct sss_domain_info *domain)
|
|
+{
|
|
+ struct sss_domain_info *dom = domain;
|
|
+
|
|
+ while (dom) {
|
|
+ dom->has_views = false;
|
|
+ talloc_free(discard_const(dom->view_name));
|
|
+ dom->view_name = NULL;
|
|
+ dom = get_next_domain(dom, SSS_GND_DESCEND);
|
|
+ }
|
|
+}
|
|
+
|
|
static errno_t ipa_apply_view(struct sss_domain_info *domain,
|
|
struct ipa_id_ctx *ipa_id_ctx,
|
|
const char *view_name,
|
|
@@ -872,7 +884,12 @@ static errno_t ipa_apply_view(struct sss_domain_info *domain,
|
|
}
|
|
|
|
if (!read_at_init) {
|
|
- /* refresh view data of all domains at startup */
|
|
+ /* refresh view data of all domains at startup, since
|
|
+ * sysdb_master_domain_update and sysdb_update_subdomains might have
|
|
+ * been called earlier without the proper view name the name is
|
|
+ * cleaned here before the calls. This is acceptable because this is
|
|
+ * the initial setup (!read_at_init). */
|
|
+ clean_view_name(domain);
|
|
ret = sysdb_master_domain_update(domain);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_OP_FAILURE, "sysdb_master_domain_update failed "
|
|
--
|
|
2.14.1
|
|
|