From 8cf5e390b38f0be4f88b0ebbbd1b14f52d35cd02 Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Thu, 30 Nov 2017 07:59:33 +0100 Subject: [PATCH 78/79] confdb: Do not start implicit_files with proxy domain id_provider = proxy + proxy_lib_name = files is equivalent to id_provider = files. But requests to user hit implicit_files domain instead of proxy domain and therefore it broke usage of proxy domain with auth_provider = krb5. Resolves: https://pagure.io/SSSD/sssd/issue/3590 --- src/confdb/confdb.c | 22 +++++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index ef1be4a6e6daee2644d535e561fac7735eb6a0b2..0a4be57e08791f8a9eb5fc143a56352cd4ef4b5e 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -1769,6 +1769,25 @@ static bool need_implicit_files_domain(TALLOC_CTX *tmp_ctx, if (strcasecmp(id_provider, "files") == 0) { return false; } + + if (strcasecmp(id_provider, "proxy") == 0) { + val = ldb_msg_find_attr_as_string(doms->msgs[i], + CONFDB_PROXY_LIBNAME, NULL); + if (val == NULL) { + DEBUG(SSSDBG_OP_FAILURE, + "The object [%s] doesn't have proxy_lib_name with " + "id_provider proxy\n", + ldb_dn_get_linearized(doms->msgs[i]->dn)); + continue; + } + + /* id_provider = proxy + proxy_lib_name = files is equivalent + * to id_provider = files + */ + if (strcmp(val, "files") == 0) { + return false; + } + } } return true; @@ -1780,7 +1799,8 @@ static int confdb_has_files_domain(struct confdb_ctx *cdb) struct ldb_dn *dn = NULL; struct ldb_result *res = NULL; static const char *attrs[] = { CONFDB_DOMAIN_ID_PROVIDER, - CONFDB_DOMAIN_ATTR, NULL }; + CONFDB_DOMAIN_ATTR, + CONFDB_PROXY_LIBNAME, NULL }; int ret; bool need_files_dom; -- 2.15.1