From c26e713307339699dd26b17f11a2f3136d334ba8 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 15 Oct 2018 22:26:07 +0200 Subject: [PATCH 50/57] FILES: The files provider should not enumerate MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Resolves: https://pagure.io/SSSD/sssd/issue/3849 For reason I cannot explain now, the files provider always enumerates. There is commit a60e6ec which implements this, but it's clearly wrong, because then the plain getent passwd output contains duplicates from nss_files and nss_sss: $ getent passwd | sort adm:x:3:4:adm:/var/adm:/sbin/nologin adm:x:3:4:adm:/var/adm:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin bin:x:1:1:bin:/bin:/sbin/nologin certuser:x:10329:10330::/home/certuser:/bin/bash certuser:x:10329:10330::/home/certuser:/bin/bash chrony:x:997:994::/var/lib/chrony:/sbin/nologin chrony:x:997:994::/var/lib/chrony:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin daemon:x:2:2:daemon:/sbin:/sbin/nologin Reviewed-by: Michal Židek --- src/confdb/confdb.c | 5 +---- src/tests/intg/test_files_provider.py | 22 ---------------------- 2 files changed, 1 insertion(+), 26 deletions(-) diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c index 2f3d90087e640f77835400b11184b684852d7fda..fdc61226fd7d8e078dd7eb7eb532c11be3cc05ec 100644 --- a/src/confdb/confdb.c +++ b/src/confdb/confdb.c @@ -875,7 +875,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, char *default_domain; bool fqnames_default = false; int memcache_timeout; - bool enum_default; tmp_ctx = talloc_new(mem_ctx); if (!tmp_ctx) return ENOMEM; @@ -1009,10 +1008,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb, "Interpreting as true\n", domain->name); domain->enumerate = true; } else { /* assume the new format */ - enum_default = is_files_provider(domain); - ret = get_entry_as_bool(res->msgs[0], &domain->enumerate, - CONFDB_DOMAIN_ENUMERATE, enum_default); + CONFDB_DOMAIN_ENUMERATE, 0); if(ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE); diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py index ead1cc4c34a8027f74f2a9564863159defce02ef..f0155a2f7e26f17e84e93eab2b99ab72f31d297d 100644 --- a/src/tests/intg/test_files_provider.py +++ b/src/tests/intg/test_files_provider.py @@ -32,7 +32,6 @@ import ent import sssd_id from sssd_nss import NssReturnCode from sssd_passwd import (call_sssd_getpwnam, - call_sssd_enumeration, call_sssd_getpwuid) from sssd_group import call_sssd_getgrnam, call_sssd_getgrgid from files_ops import passwd_ops_setup, group_ops_setup, PasswdOps, GroupOps @@ -633,27 +632,6 @@ def test_mod_user_shell(add_user_with_canary, files_domain_only): check_user(moduser) -def test_enum_users(setup_pw_with_canary, files_domain_only): - """ - Test that enumerating all users works with the default configuration. Also - test that removing all entries and then enumerating again returns an empty - set - """ - num_users = 10 - for i in range(1, num_users+1): - user = user_generator(i) - setup_pw_with_canary.useradd(**user) - - # syncing with the help of the canary is not reliable after adding - # multiple users because the canary might still be in some caches so that - # the data is not refreshed properly. - subprocess.call(["sss_cache", "-E"]) - sssd_getpwnam_sync(CANARY["name"]) - user_list = call_sssd_enumeration() - # +1 because the canary is added - assert len(user_list) == num_users+1 - - def incomplete_user_setup(pwd_ops, del_field, exp_field): adduser = dict(USER1) del adduser[del_field] -- 2.14.4