7bddea6c90
Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4
128 lines
4.2 KiB
Diff
128 lines
4.2 KiB
Diff
From 734e73257fff1c1884b72b8cf988f6d75c3a7567 Mon Sep 17 00:00:00 2001
|
|
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
Date: Fri, 31 Mar 2017 17:12:56 +0200
|
|
Subject: [PATCH 126/135] CONFDB: Fix standalone application domains
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
When a standalone application domain was configured, for example:
|
|
|
|
-------------------------------------------------
|
|
[sssd]
|
|
domains = appdomain
|
|
|
|
[application/appdomain]
|
|
id_provider=ldap
|
|
ldap_uri = ldap://dc.ipa.test
|
|
ldap_search_base = cn=accounts,dc=ipa,dc=test
|
|
ldap_schema = rfc2307bis
|
|
sudo_provider = none
|
|
|
|
ldap_sasl_mech = gssapi
|
|
krb5_realm = IPA.TEST
|
|
krb5_server = dc.ipa.test
|
|
|
|
ldap_user_uid_number = telephonenumber
|
|
ldap_user_gid_number = mobile
|
|
ldap_user_extra_attrs = location:l
|
|
-------------------------------------------------
|
|
|
|
We would, when unrolling the application section into a domain section,
|
|
first add a domain stub, equivalent to:
|
|
-----------------------------
|
|
[domain/appdomain]
|
|
domain_type = application
|
|
-----------------------------
|
|
|
|
Which in config.ldb also contains cn. Then, whem we would add the parameters
|
|
from the [application] section, but try to add the cn again.
|
|
|
|
This didn't happen when inheriting from a POSIX domain, because there we
|
|
would set LDB_FLAG_REPLACE for any attributes that exist in the inherited
|
|
domain.
|
|
|
|
This patch skips the cn attribute both when replacing an inherited
|
|
domain's attributes and when writing a standalone application domain.
|
|
|
|
Resolves:
|
|
https://pagure.io/SSSD/sssd/issue/3355
|
|
|
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
---
|
|
src/confdb/confdb.c | 26 ++++++++++++++++++++++----
|
|
1 file changed, 22 insertions(+), 4 deletions(-)
|
|
|
|
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
|
|
index 68693e8382c0fbf1015ee47f14fa7c6f64ae98b2..286dbb24377c6d0fdf2c2d070da04918c591ce05 100644
|
|
--- a/src/confdb/confdb.c
|
|
+++ b/src/confdb/confdb.c
|
|
@@ -1909,7 +1909,7 @@ static int confdb_add_app_domain(TALLOC_CTX *mem_ctx,
|
|
|
|
cdb_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, name);
|
|
if (cdb_path == NULL) {
|
|
- return ENOMEM;
|
|
+ return ENOMEM;
|
|
}
|
|
|
|
val[0] = CONFDB_DOMAIN_TYPE_APP;
|
|
@@ -1933,6 +1933,7 @@ static int confdb_merge_parent_domain(const char *name,
|
|
struct ldb_message *replace_msg = NULL;
|
|
struct ldb_message *app_msg = NULL;
|
|
struct ldb_dn *domain_dn;
|
|
+ struct ldb_message_element *el = NULL;
|
|
TALLOC_CTX *tmp_ctx = NULL;
|
|
|
|
tmp_ctx = talloc_new(NULL);
|
|
@@ -1974,6 +1975,12 @@ static int confdb_merge_parent_domain(const char *name,
|
|
replace_msg->elements[i].flags = LDB_FLAG_MOD_ADD;
|
|
}
|
|
|
|
+ el = ldb_msg_find_element(replace_msg, "cn");
|
|
+ if (el != NULL) {
|
|
+ /* Don't add second cn */
|
|
+ ldb_msg_remove_element(replace_msg, el);
|
|
+ }
|
|
+
|
|
ret = ldb_modify(cdb->ldb, replace_msg);
|
|
if (ret != LDB_SUCCESS) {
|
|
ret = sysdb_error_to_errno(ret);
|
|
@@ -1993,7 +2000,14 @@ static int confdb_merge_parent_domain(const char *name,
|
|
app_msg->dn = domain_dn;
|
|
|
|
for (unsigned i = 0; i < app_section->msgs[0]->num_elements; i++) {
|
|
- struct ldb_message_element *el = NULL;
|
|
+ struct ldb_message_element *app_el = &app_section->msgs[0]->elements[i];
|
|
+
|
|
+ /* These elements will be skipped when replacing attributes in
|
|
+ * a domain to avoid EEXIST errors
|
|
+ */
|
|
+ if (strcasecmp(app_el->name, "cn") == 0) {
|
|
+ continue;
|
|
+ }
|
|
|
|
if (replace_msg != NULL) {
|
|
el = ldb_msg_find_element(replace_msg,
|
|
@@ -2013,12 +2027,16 @@ static int confdb_merge_parent_domain(const char *name,
|
|
ret = ldb_msg_add(app_msg,
|
|
&app_section->msgs[0]->elements[i],
|
|
ldb_flag);
|
|
- if (ret != EOK) {
|
|
+ if (ret != LDB_SUCCESS) {
|
|
continue;
|
|
}
|
|
}
|
|
|
|
- ret = ldb_modify(cdb->ldb, app_msg);
|
|
+ /* We use permissive modification here because adding cn or
|
|
+ * distinguishedName from the app_section to the application
|
|
+ * message would throw EEXIST
|
|
+ */
|
|
+ ret = sss_ldb_modify_permissive(cdb->ldb, app_msg);
|
|
if (ret != LDB_SUCCESS) {
|
|
ret = sysdb_error_to_errno(ret);
|
|
DEBUG(SSSDBG_OP_FAILURE,
|
|
--
|
|
2.12.2
|
|
|