From d2e17974c6bcb3ae2fc8a2cde696d387385c7d61 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Tue, 3 Apr 2018 21:48:37 +0200
Subject: [PATCH] Do not keep allocating external groups on a long-lived
 context
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

The hash table with the external groups was never freed, so the
server_mode->ext_groups context was growing over time.

This patch keeps the new hash on the state if something failed, then
frees the previous hash and finally steals the new hash onto the server
mode.

Resolves:
https://pagure.io/SSSD/sssd/issue/3719

Signed-off-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 10213efaf1f9f587b47a82778a252d79863f665e)

DOWNSTREAM:
Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z]
---
 src/providers/ipa/ipa_subdomains_ext_groups.c | 11 ++++++++---
 1 file changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/providers/ipa/ipa_subdomains_ext_groups.c b/src/providers/ipa/ipa_subdomains_ext_groups.c
index 9e1d6c3a9bdeda56b421a2dc9198dff0b84c54ce..63ff7c7d7373a4e6a18fc914eff7ca00d477bca6 100644
--- a/src/providers/ipa/ipa_subdomains_ext_groups.c
+++ b/src/providers/ipa/ipa_subdomains_ext_groups.c
@@ -583,14 +583,19 @@ static void ipa_get_ext_groups_done(struct tevent_req *subreq)
     DEBUG(SSSDBG_TRACE_FUNC, "[%zu] external groups found.\n",
                               state->reply_count);
 
-    ret = process_ext_groups(state->server_mode->ext_groups,
-                             state->reply_count, state->reply, &ext_group_hash);
+    ret = process_ext_groups(state,
+                             state->reply_count,
+                             state->reply,
+                             &ext_group_hash);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, "process_ext_groups failed.\n");
         goto fail;
     }
 
-    state->server_mode->ext_groups->ext_groups = ext_group_hash;
+    talloc_free(state->server_mode->ext_groups->ext_groups);
+    state->server_mode->ext_groups->ext_groups = talloc_steal(
+            state->server_mode->ext_groups,
+            ext_group_hash);
     /* Do we have to make the update timeout configurable? */
     state->server_mode->ext_groups->next_update = time(NULL) + 10;
 
-- 
2.17.0