Blob Blame History Raw
From c26e713307339699dd26b17f11a2f3136d334ba8 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 15 Oct 2018 22:26:07 +0200
Subject: [PATCH 50/57] FILES: The files provider should not enumerate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Resolves:
https://pagure.io/SSSD/sssd/issue/3849

For reason I cannot explain now, the files provider always enumerates.
There is commit a60e6ec which implements this, but it's clearly wrong,
because then the plain getent passwd output contains duplicates from
nss_files and nss_sss:

$ getent passwd | sort
adm:x:3:4:adm:/var/adm:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
bin:x:1:1:bin:/bin:/sbin/nologin
bin:x:1:1:bin:/bin:/sbin/nologin
certuser:x:10329:10330::/home/certuser:/bin/bash
certuser:x:10329:10330::/home/certuser:/bin/bash
chrony:x:997:994::/var/lib/chrony:/sbin/nologin
chrony:x:997:994::/var/lib/chrony:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin

Reviewed-by: Michal Židek <mzidek@redhat.com>
---
 src/confdb/confdb.c                   |  5 +----
 src/tests/intg/test_files_provider.py | 22 ----------------------
 2 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 2f3d90087e640f77835400b11184b684852d7fda..fdc61226fd7d8e078dd7eb7eb532c11be3cc05ec 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -875,7 +875,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
     char *default_domain;
     bool fqnames_default = false;
     int memcache_timeout;
-    bool enum_default;
 
     tmp_ctx = talloc_new(mem_ctx);
     if (!tmp_ctx) return ENOMEM;
@@ -1009,10 +1008,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
                   "Interpreting as true\n", domain->name);
         domain->enumerate = true;
     } else { /* assume the new format */
-        enum_default = is_files_provider(domain);
-
         ret = get_entry_as_bool(res->msgs[0], &domain->enumerate,
-                                CONFDB_DOMAIN_ENUMERATE, enum_default);
+                                CONFDB_DOMAIN_ENUMERATE, 0);
         if(ret != EOK) {
             DEBUG(SSSDBG_FATAL_FAILURE,
                   "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE);
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
index ead1cc4c34a8027f74f2a9564863159defce02ef..f0155a2f7e26f17e84e93eab2b99ab72f31d297d 100644
--- a/src/tests/intg/test_files_provider.py
+++ b/src/tests/intg/test_files_provider.py
@@ -32,7 +32,6 @@ import ent
 import sssd_id
 from sssd_nss import NssReturnCode
 from sssd_passwd import (call_sssd_getpwnam,
-                         call_sssd_enumeration,
                          call_sssd_getpwuid)
 from sssd_group import call_sssd_getgrnam, call_sssd_getgrgid
 from files_ops import passwd_ops_setup, group_ops_setup, PasswdOps, GroupOps
@@ -633,27 +632,6 @@ def test_mod_user_shell(add_user_with_canary, files_domain_only):
     check_user(moduser)
 
 
-def test_enum_users(setup_pw_with_canary, files_domain_only):
-    """
-    Test that enumerating all users works with the default configuration. Also
-    test that removing all entries and then enumerating again returns an empty
-    set
-    """
-    num_users = 10
-    for i in range(1, num_users+1):
-        user = user_generator(i)
-        setup_pw_with_canary.useradd(**user)
-
-    # syncing with the help of the canary is not reliable after adding
-    # multiple users because the canary might still be in some caches so that
-    # the data is not refreshed properly.
-    subprocess.call(["sss_cache", "-E"])
-    sssd_getpwnam_sync(CANARY["name"])
-    user_list = call_sssd_enumeration()
-    # +1 because the canary is added
-    assert len(user_list) == num_users+1
-
-
 def incomplete_user_setup(pwd_ops, del_field, exp_field):
     adduser = dict(USER1)
     del adduser[del_field]
-- 
2.14.4