From c26e713307339699dd26b17f11a2f3136d334ba8 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 15 Oct 2018 22:26:07 +0200
Subject: [PATCH 50/57] FILES: The files provider should not enumerate
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Resolves:
https://pagure.io/SSSD/sssd/issue/3849
For reason I cannot explain now, the files provider always enumerates.
There is commit a60e6ec which implements this, but it's clearly wrong,
because then the plain getent passwd output contains duplicates from
nss_files and nss_sss:
$ getent passwd | sort
adm:x:3:4:adm:/var/adm:/sbin/nologin
adm:x:3:4:adm:/var/adm:/sbin/nologin
bin:x:1:1:bin:/bin:/sbin/nologin
bin:x:1:1:bin:/bin:/sbin/nologin
certuser:x:10329:10330::/home/certuser:/bin/bash
certuser:x:10329:10330::/home/certuser:/bin/bash
chrony:x:997:994::/var/lib/chrony:/sbin/nologin
chrony:x:997:994::/var/lib/chrony:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
Reviewed-by: Michal Židek <mzidek@redhat.com>
---
src/confdb/confdb.c | 5 +----
src/tests/intg/test_files_provider.py | 22 ----------------------
2 files changed, 1 insertion(+), 26 deletions(-)
diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c
index 2f3d90087e640f77835400b11184b684852d7fda..fdc61226fd7d8e078dd7eb7eb532c11be3cc05ec 100644
--- a/src/confdb/confdb.c
+++ b/src/confdb/confdb.c
@@ -875,7 +875,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
char *default_domain;
bool fqnames_default = false;
int memcache_timeout;
- bool enum_default;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
@@ -1009,10 +1008,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,
"Interpreting as true\n", domain->name);
domain->enumerate = true;
} else { /* assume the new format */
- enum_default = is_files_provider(domain);
-
ret = get_entry_as_bool(res->msgs[0], &domain->enumerate,
- CONFDB_DOMAIN_ENUMERATE, enum_default);
+ CONFDB_DOMAIN_ENUMERATE, 0);
if(ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE);
diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py
index ead1cc4c34a8027f74f2a9564863159defce02ef..f0155a2f7e26f17e84e93eab2b99ab72f31d297d 100644
--- a/src/tests/intg/test_files_provider.py
+++ b/src/tests/intg/test_files_provider.py
@@ -32,7 +32,6 @@ import ent
import sssd_id
from sssd_nss import NssReturnCode
from sssd_passwd import (call_sssd_getpwnam,
- call_sssd_enumeration,
call_sssd_getpwuid)
from sssd_group import call_sssd_getgrnam, call_sssd_getgrgid
from files_ops import passwd_ops_setup, group_ops_setup, PasswdOps, GroupOps
@@ -633,27 +632,6 @@ def test_mod_user_shell(add_user_with_canary, files_domain_only):
check_user(moduser)
-def test_enum_users(setup_pw_with_canary, files_domain_only):
- """
- Test that enumerating all users works with the default configuration. Also
- test that removing all entries and then enumerating again returns an empty
- set
- """
- num_users = 10
- for i in range(1, num_users+1):
- user = user_generator(i)
- setup_pw_with_canary.useradd(**user)
-
- # syncing with the help of the canary is not reliable after adding
- # multiple users because the canary might still be in some caches so that
- # the data is not refreshed properly.
- subprocess.call(["sss_cache", "-E"])
- sssd_getpwnam_sync(CANARY["name"])
- user_list = call_sssd_enumeration()
- # +1 because the canary is added
- assert len(user_list) == num_users+1
-
-
def incomplete_user_setup(pwd_ops, del_field, exp_field):
adduser = dict(USER1)
del adduser[del_field]
--
2.14.4