From 9e47bb98ce8904300e8e8ec38a5c988c3d280969 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <jstephen@redhat.com>
Date: Thu, 10 Jun 2021 09:37:52 -0400
Subject: [PATCH] KCM: Unset _SSS_LOOPS

Since sssd_kcm is working independently of other SSSD components,
especially the nss responder, and the kcm client side in libkrb5 of
course does not check for _SSS_LOOPS to protect sssd_kcm from calling
into itself the variable is not needed.

This allows repeated getpwuid() calls in KCM renewals code to succeed.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
---
 src/responder/kcm/kcm.c | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/src/responder/kcm/kcm.c b/src/responder/kcm/kcm.c
index 9be56b0b8..09578c0cb 100644
--- a/src/responder/kcm/kcm.c
+++ b/src/responder/kcm/kcm.c
@@ -268,6 +268,12 @@ static int kcm_process_init(TALLOC_CTX *mem_ctx,
     kctx->rctx = rctx;
     kctx->rctx->pvt_ctx = kctx;
 
+    /* KCM operates independently, getpw* recursion is not a concern */
+    ret = unsetenv("_SSS_LOOPS");
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS");
+    }
+
     ret = kcm_get_config(kctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting KCM config\n");
-- 
2.26.3