|
 |
8ed14c |
From 9e47bb98ce8904300e8e8ec38a5c988c3d280969 Mon Sep 17 00:00:00 2001
|
|
|
8ed14c |
From: Justin Stephenson <jstephen@redhat.com>
|
|
|
8ed14c |
Date: Thu, 10 Jun 2021 09:37:52 -0400
|
|
|
8ed14c |
Subject: [PATCH] KCM: Unset _SSS_LOOPS
|
|
|
8ed14c |
|
|
|
8ed14c |
Since sssd_kcm is working independently of other SSSD components,
|
|
|
8ed14c |
especially the nss responder, and the kcm client side in libkrb5 of
|
|
|
8ed14c |
course does not check for _SSS_LOOPS to protect sssd_kcm from calling
|
|
|
8ed14c |
into itself the variable is not needed.
|
|
|
8ed14c |
|
|
|
8ed14c |
This allows repeated getpwuid() calls in KCM renewals code to succeed.
|
|
|
8ed14c |
|
|
|
8ed14c |
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
|
|
8ed14c |
---
|
|
|
8ed14c |
src/responder/kcm/kcm.c | 6 ++++++
|
|
|
8ed14c |
1 file changed, 6 insertions(+)
|
|
|
8ed14c |
|
|
|
8ed14c |
diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
|
|
|
8ed14c |
index 9be56b0b8..09578c0cb 100644
|
|
|
8ed14c |
--- a/src/responder/kcm/kcm.c
|
|
|
8ed14c |
+++ b/src/responder/kcm/kcm.c
|
|
|
8ed14c |
@@ -268,6 +268,12 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx,
|
|
|
8ed14c |
kctx->rctx = rctx;
|
|
|
8ed14c |
kctx->rctx->pvt_ctx = kctx;
|
|
|
8ed14c |
|
|
|
8ed14c |
+ /* KCM operates independently, getpw* recursion is not a concern */
|
|
|
8ed14c |
+ ret = unsetenv("_SSS_LOOPS");
|
|
|
8ed14c |
+ if (ret != EOK) {
|
|
|
8ed14c |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS");
|
|
|
8ed14c |
+ }
|
|
|
8ed14c |
+
|
|
|
8ed14c |
ret = kcm_get_config(kctx);
|
|
|
8ed14c |
if (ret != EOK) {
|
|
|
8ed14c |
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting KCM config\n");
|
|
|
8ed14c |
--
|
|
|
8ed14c |
2.26.3
|
|
|
8ed14c |
|