|
 |
71e593 |
From a53590ef89d78d3e065e0f1eb28b641c391b5a18 Mon Sep 17 00:00:00 2001
|
|
|
71e593 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
71e593 |
Date: Tue, 28 Aug 2018 14:47:44 +0200
|
|
|
71e593 |
Subject: [PATCH] KCM: Don't error out if creating a new ID as the first step
|
|
|
71e593 |
MIME-Version: 1.0
|
|
|
71e593 |
Content-Type: text/plain; charset=UTF-8
|
|
|
71e593 |
Content-Transfer-Encoding: 8bit
|
|
|
71e593 |
|
|
|
71e593 |
We need to handle the case where the nextID operation is ran, but the
|
|
|
71e593 |
secdb is totally empty, otherwise logins with sssd's krb5_child would
|
|
|
71e593 |
fail.
|
|
|
71e593 |
|
|
|
71e593 |
Resolves:
|
|
|
71e593 |
https://pagure.io/SSSD/sssd/issue/3815
|
|
|
71e593 |
|
|
|
71e593 |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
71e593 |
|
|
|
71e593 |
DOWNSTREAM: Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache
|
|
|
71e593 |
---
|
|
|
71e593 |
src/responder/kcm/kcmsrv_ccache_secdb.c | 5 ++++-
|
|
|
71e593 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
71e593 |
|
|
|
71e593 |
diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c
|
|
|
71e593 |
index 0f1c037caf8c3bda6f3dca7136ed9236862ccdd7..a61d7b15be433e8308acc3dfa35d730247e2e615 100644
|
|
|
71e593 |
--- a/src/responder/kcm/kcmsrv_ccache_secdb.c
|
|
|
71e593 |
+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c
|
|
|
71e593 |
@@ -595,7 +595,10 @@ static struct tevent_req *ccdb_secdb_nextid_send(TALLOC_CTX *mem_ctx,
|
|
|
71e593 |
}
|
|
|
71e593 |
|
|
|
71e593 |
ret = sss_sec_list(state, sreq, &keys, &nkeys);
|
|
|
71e593 |
- if (ret != EOK) {
|
|
|
71e593 |
+ if (ret == ENOENT) {
|
|
|
71e593 |
+ keys = NULL;
|
|
|
71e593 |
+ nkeys = 0;
|
|
|
71e593 |
+ } else if (ret != EOK) {
|
|
|
71e593 |
DEBUG(SSSDBG_OP_FAILURE,
|
|
|
71e593 |
"Cannot list keys [%d]: %s\n",
|
|
|
71e593 |
ret, sss_strerror(ret));
|
|
|
71e593 |
--
|
|
|
71e593 |
2.14.4
|
|
|
71e593 |
|