Tree - rpms/sssd - CentOS Git server

rpms / sssd

Blame SOURCES/0064-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch

Blob History Raw

		8d3578	`From e20452153abfc6bd6e941ba10d2e2cd2bc811139 Mon Sep 17 00:00:00 2001`
		8d3578	`From: Jakub Hrozek <jhrozek@redhat.com>`
		8d3578	`Date: Mon, 1 Jul 2019 14:26:38 +0200`
		8d3578	`Subject: [PATCH 64/64] IPA/AD/LDAP: Increase the initgrExpireTimestamp after`
		8d3578	`finishing refresh request`
		8d3578
		8d3578	`Related: https://pagure.io/SSSD/sssd/issue/4012`
		8d3578
		8d3578	`Calls sysdb_set_initgr_expire_timestamp() after each successfull refresh`
		8d3578	`of initgroups data to make sure the initgrExpireTimestamp attribute is`
		8d3578	`increased.`
		8d3578
		8d3578	`If you're wondering why the timestamp is not set by the initgroups operation`
		8d3578	`itself, see tickets #3744 or #2634 for examples of bugs caused by setting`
		8d3578	`the initgrExpireTimestamp too soon.`
		8d3578
		8d3578	`Reviewed-by: Sumit Bose <sbose@redhat.com>`
		8d3578	`(cherry picked from commit cdc44a05d11ae614eb55f219f70150d241cd850f)`
		8d3578
		8d3578	`Reviewed-by: Sumit Bose <sbose@redhat.com>`
		8d3578	`---`
		8d3578	`src/providers/ad/ad_refresh.c \| 12 ++++++++++++`
		8d3578	`src/providers/ipa/ipa_refresh.c \| 12 ++++++++++++`
		8d3578	`src/providers/ldap/sdap_refresh.c \| 12 ++++++++++++`
		8d3578	`3 files changed, 36 insertions(+)`
		8d3578
		8d3578	`diff --git a/src/providers/ad/ad_refresh.c b/src/providers/ad/ad_refresh.c`
		8d3578	`index 0c2ebce5e..7aa56f33e 100644`
		8d3578	`--- a/src/providers/ad/ad_refresh.c`
		8d3578	`+++ b/src/providers/ad/ad_refresh.c`
		8d3578	`@@ -26,6 +26,7 @@ struct ad_refresh_state {`
		8d3578	`struct be_ctx *be_ctx;`
		8d3578	`struct dp_id_data *account_req;`
		8d3578	`struct ad_id_ctx *id_ctx;`
		8d3578	`+ struct sss_domain_info *domain;`
		8d3578	`char **names;`
		8d3578	`size_t index;`
		8d3578	`};`
		8d3578	`@@ -60,6 +61,7 @@ static struct tevent_req ad_refresh_send(TALLOC_CTX mem_ctx,`
		8d3578
		8d3578	`state->ev = ev;`
		8d3578	`state->be_ctx = be_ctx;`
		8d3578	`+ state->domain = domain;`
		8d3578	`state->id_ctx = talloc_get_type(pvt, struct ad_id_ctx);`
		8d3578	`state->names = names;`
		8d3578	`state->index = 0;`
		8d3578	`@@ -167,6 +169,16 @@ static void ad_refresh_done(struct tevent_req *subreq)`
		8d3578	`goto done;`
		8d3578	`}`
		8d3578
		8d3578	`+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) {`
		8d3578	`+ ret = sysdb_set_initgr_expire_timestamp(state->domain,`
		8d3578	`+ state->account_req->filter_value);`
		8d3578	`+ if (ret != EOK) {`
		8d3578	`+ DEBUG(SSSDBG_MINOR_FAILURE,`
		8d3578	`+ "Failed to set initgroups expiration for [%s]\n",`
		8d3578	`+ state->account_req->filter_value);`
		8d3578	`+ }`
		8d3578	`+ }`
		8d3578	`+`
		8d3578	`ret = ad_refresh_step(req);`
		8d3578	`if (ret == EAGAIN) {`
		8d3578	`return;`
		8d3578	`diff --git a/src/providers/ipa/ipa_refresh.c b/src/providers/ipa/ipa_refresh.c`
		8d3578	`index 13c38dff9..64f8db812 100644`
		8d3578	`--- a/src/providers/ipa/ipa_refresh.c`
		8d3578	`+++ b/src/providers/ipa/ipa_refresh.c`
		8d3578	`@@ -26,6 +26,7 @@ struct ipa_refresh_state {`
		8d3578	`struct be_ctx *be_ctx;`
		8d3578	`struct dp_id_data *account_req;`
		8d3578	`struct ipa_id_ctx *id_ctx;`
		8d3578	`+ struct sss_domain_info *domain;`
		8d3578	`char **names;`
		8d3578	`size_t index;`
		8d3578	`};`
		8d3578	`@@ -59,6 +60,7 @@ static struct tevent_req ipa_refresh_send(TALLOC_CTX mem_ctx,`
		8d3578
		8d3578	`state->ev = ev;`
		8d3578	`state->be_ctx = be_ctx;`
		8d3578	`+ state->domain = domain;`
		8d3578	`state->id_ctx = talloc_get_type(pvt, struct ipa_id_ctx);`
		8d3578	`state->names = names;`
		8d3578	`state->index = 0;`
		8d3578	`@@ -147,6 +149,16 @@ static void ipa_refresh_done(struct tevent_req *subreq)`
		8d3578	`goto done;`
		8d3578	`}`
		8d3578
		8d3578	`+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) {`
		8d3578	`+ ret = sysdb_set_initgr_expire_timestamp(state->domain,`
		8d3578	`+ state->account_req->filter_value);`
		8d3578	`+ if (ret != EOK) {`
		8d3578	`+ DEBUG(SSSDBG_MINOR_FAILURE,`
		8d3578	`+ "Failed to set initgroups expiration for [%s]\n",`
		8d3578	`+ state->account_req->filter_value);`
		8d3578	`+ }`
		8d3578	`+ }`
		8d3578	`+`
		8d3578	`ret = ipa_refresh_step(req);`
		8d3578	`if (ret == EAGAIN) {`
		8d3578	`return;`
		8d3578	`diff --git a/src/providers/ldap/sdap_refresh.c b/src/providers/ldap/sdap_refresh.c`
		8d3578	`index 4e464b2f6..402db53a9 100644`
		8d3578	`--- a/src/providers/ldap/sdap_refresh.c`
		8d3578	`+++ b/src/providers/ldap/sdap_refresh.c`
		8d3578	`@@ -29,6 +29,7 @@ struct sdap_refresh_state {`
		8d3578	`struct be_ctx *be_ctx;`
		8d3578	`struct dp_id_data *account_req;`
		8d3578	`struct sdap_id_ctx *id_ctx;`
		8d3578	`+ struct sss_domain_info *domain;`
		8d3578	`struct sdap_domain *sdom;`
		8d3578	`char **names;`
		8d3578	`size_t index;`
		8d3578	`@@ -63,6 +64,7 @@ static struct tevent_req sdap_refresh_send(TALLOC_CTX mem_ctx,`
		8d3578
		8d3578	`state->ev = ev;`
		8d3578	`state->be_ctx = be_ctx;`
		8d3578	`+ state->domain = domain;`
		8d3578	`state->id_ctx = talloc_get_type(pvt, struct sdap_id_ctx);`
		8d3578	`state->names = names;`
		8d3578	`state->index = 0;`
		8d3578	`@@ -165,6 +167,16 @@ static void sdap_refresh_done(struct tevent_req *subreq)`
		8d3578	`goto done;`
		8d3578	`}`
		8d3578
		8d3578	`+ if (state->account_req->entry_type == BE_REQ_INITGROUPS) {`
		8d3578	`+ ret = sysdb_set_initgr_expire_timestamp(state->domain,`
		8d3578	`+ state->account_req->filter_value);`
		8d3578	`+ if (ret != EOK) {`
		8d3578	`+ DEBUG(SSSDBG_MINOR_FAILURE,`
		8d3578	`+ "Failed to set initgroups expiration for [%s]\n",`
		8d3578	`+ state->account_req->filter_value);`
		8d3578	`+ }`
		8d3578	`+ }`
		8d3578	`+`
		8d3578	`ret = sdap_refresh_step(req);`
		8d3578	`if (ret == EAGAIN) {`
		8d3578	`return;`
		8d3578	`--`
		8d3578	`2.20.1`
		8d3578

rpms / sssd

Source Code

Blame SOURCES/0064-IPA-AD-LDAP-Increase-the-initgrExpireTimestamp-after.patch