Tree - rpms/sssd - CentOS Git server

rpms / sssd

Blame SOURCES/0064-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch

Blob History Raw

		5fca41	`From e20452153abfc6bd6e941ba10d2e2cd2bc811139 Mon Sep 17 00:00:00 2001`
		5fca41	`From: Jakub Hrozek <jhrozek@redhat.com>`
		5fca41	`Date: Mon, 1 Jul 2019 14:26:38 +0200`
		5fca41	`Subject: [PATCH 64/64] IPA/AD/LDAP: Increase the initgrExpireTimestamp after`
		5fca41	`finishing refresh request`
		5fca41
		5fca41	`Related: https://pagure.io/SSSD/sssd/issue/4012`
		5fca41
		5fca41	`Calls sysdb_set_initgr_expire_timestamp() after each successfull refresh`
		5fca41	`of initgroups data to make sure the initgrExpireTimestamp attribute is`
		5fca41	`increased.`
		5fca41
		5fca41	`If you're wondering why the timestamp is not set by the initgroups operation`
		5fca41	`itself, see tickets #3744 or #2634 for examples of bugs caused by setting`
		5fca41	`the initgrExpireTimestamp too soon.`
		5fca41
		5fca41	`Reviewed-by: Sumit Bose <sbose@redhat.com>`
		5fca41	`(cherry picked from commit cdc44a05d11ae614eb55f219f70150d241cd850f)`
		5fca41
		5fca41	`Reviewed-by: Sumit Bose <sbose@redhat.com>`
		5fca41	`---`
		5fca41	`src/providers/ad/ad_refresh.c \| 12 ++++++++++++`
		5fca41	`src/providers/ipa/ipa_refresh.c \| 12 ++++++++++++`
		5fca41	`src/providers/ldap/sdap_refresh.c \| 12 ++++++++++++`
		5fca41	`3 files changed, 36 insertions(+)`
		5fca41
		5fca41	`diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c`
		5fca41	`index 0c2ebce5e..7aa56f33e 100644`
		5fca41	`--- a/src/providers/ad/ad_refresh.c`
		5fca41	`+++ b/src/providers/ad/ad_refresh.c`
		5fca41	`@@ -26,6 +26,7 @@ struct ad_refresh_state {`
		5fca41	`struct be_ctx *be_ctx;`
		5fca41	`struct dp_id_data *account_req;`
		5fca41	`struct ad_id_ctx *id_ctx;`
		5fca41	`+ struct sss_domain_info *domain;`
		5fca41	`char **names;`
		5fca41	`size_t index;`
		5fca41	`};`
		5fca41	`@@ -60,6 +61,7 @@ static struct tevent_req ad_refresh_send(TALLOC_CTX mem_ctx,`
		5fca41
		5fca41	`state->ev = ev;`
		5fca41	`state->be_ctx = be_ctx;`
		5fca41	`+ state->domain = domain;`
		5fca41	`state->id_ctx = talloc_get_type(pvt, struct ad_id_ctx);`
		5fca41	`state->names = names;`
		5fca41	`state->index = 0;`
		5fca41	`@@ -167,6 +169,16 @@ static void ad_refresh_done(struct tevent_req *subreq)`
		5fca41	`goto done;`
		5fca41	`}`
		5fca41
		5fca41	`+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) {`
		5fca41	`+ ret = sysdb_set_initgr_expire_timestamp(state->domain,`
		5fca41	`+ state->account_req->filter_value);`
		5fca41	`+ if (ret != EOK) {`
		5fca41	`+ DEBUG(SSSDBG_MINOR_FAILURE,`
		5fca41	`+ "Failed to set initgroups expiration for [%s]\n",`
		5fca41	`+ state->account_req->filter_value);`
		5fca41	`+ }`
		5fca41	`+ }`
		5fca41	`+`
		5fca41	`ret = ad_refresh_step(req);`
		5fca41	`if (ret == EAGAIN) {`
		5fca41	`return;`
		5fca41	`diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c`
		5fca41	`index 13c38dff9..64f8db812 100644`
		5fca41	`--- a/src/providers/ipa/ipa_refresh.c`
		5fca41	`+++ b/src/providers/ipa/ipa_refresh.c`
		5fca41	`@@ -26,6 +26,7 @@ struct ipa_refresh_state {`
		5fca41	`struct be_ctx *be_ctx;`
		5fca41	`struct dp_id_data *account_req;`
		5fca41	`struct ipa_id_ctx *id_ctx;`
		5fca41	`+ struct sss_domain_info *domain;`
		5fca41	`char **names;`
		5fca41	`size_t index;`
		5fca41	`};`
		5fca41	`@@ -59,6 +60,7 @@ static struct tevent_req ipa_refresh_send(TALLOC_CTX mem_ctx,`
		5fca41
		5fca41	`state->ev = ev;`
		5fca41	`state->be_ctx = be_ctx;`
		5fca41	`+ state->domain = domain;`
		5fca41	`state->id_ctx = talloc_get_type(pvt, struct ipa_id_ctx);`
		5fca41	`state->names = names;`
		5fca41	`state->index = 0;`
		5fca41	`@@ -147,6 +149,16 @@ static void ipa_refresh_done(struct tevent_req *subreq)`
		5fca41	`goto done;`
		5fca41	`}`
		5fca41
		5fca41	`+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) {`
		5fca41	`+ ret = sysdb_set_initgr_expire_timestamp(state->domain,`
		5fca41	`+ state->account_req->filter_value);`
		5fca41	`+ if (ret != EOK) {`
		5fca41	`+ DEBUG(SSSDBG_MINOR_FAILURE,`
		5fca41	`+ "Failed to set initgroups expiration for [%s]\n",`
		5fca41	`+ state->account_req->filter_value);`
		5fca41	`+ }`
		5fca41	`+ }`
		5fca41	`+`
		5fca41	`ret = ipa_refresh_step(req);`
		5fca41	`if (ret == EAGAIN) {`
		5fca41	`return;`
		5fca41	`diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c`
		5fca41	`index 4e464b2f6..402db53a9 100644`
		5fca41	`--- a/src/providers/ldap/sdap_refresh.c`
		5fca41	`+++ b/src/providers/ldap/sdap_refresh.c`
		5fca41	`@@ -29,6 +29,7 @@ struct sdap_refresh_state {`
		5fca41	`struct be_ctx *be_ctx;`
		5fca41	`struct dp_id_data *account_req;`
		5fca41	`struct sdap_id_ctx *id_ctx;`
		5fca41	`+ struct sss_domain_info *domain;`
		5fca41	`struct sdap_domain *sdom;`
		5fca41	`char **names;`
		5fca41	`size_t index;`
		5fca41	`@@ -63,6 +64,7 @@ static struct tevent_req sdap_refresh_send(TALLOC_CTX mem_ctx,`
		5fca41
		5fca41	`state->ev = ev;`
		5fca41	`state->be_ctx = be_ctx;`
		5fca41	`+ state->domain = domain;`
		5fca41	`state->id_ctx = talloc_get_type(pvt, struct sdap_id_ctx);`
		5fca41	`state->names = names;`
		5fca41	`state->index = 0;`
		5fca41	`@@ -165,6 +167,16 @@ static void sdap_refresh_done(struct tevent_req *subreq)`
		5fca41	`goto done;`
		5fca41	`}`
		5fca41
		5fca41	`+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) {`
		5fca41	`+ ret = sysdb_set_initgr_expire_timestamp(state->domain,`
		5fca41	`+ state->account_req->filter_value);`
		5fca41	`+ if (ret != EOK) {`
		5fca41	`+ DEBUG(SSSDBG_MINOR_FAILURE,`
		5fca41	`+ "Failed to set initgroups expiration for [%s]\n",`
		5fca41	`+ state->account_req->filter_value);`
		5fca41	`+ }`
		5fca41	`+ }`
		5fca41	`+`
		5fca41	`ret = sdap_refresh_step(req);`
		5fca41	`if (ret == EAGAIN) {`
		5fca41	`return;`
		5fca41	`--`
		5fca41	`2.20.1`
		5fca41

rpms / sssd

Source Code

Blame SOURCES/0064-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch