From c26e713307339699dd26b17f11a2f3136d334ba8 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Mon, 15 Oct 2018 22:26:07 +0200

Subject: [PATCH 50/57] FILES: The files provider should not enumerate

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

Resolves:

https://pagure.io/SSSD/sssd/issue/3849

For reason I cannot explain now, the files provider always enumerates.

There is commit a60e6ec which implements this, but it's clearly wrong,

because then the plain getent passwd output contains duplicates from

nss_files and nss_sss:

$ getent passwd | sort

adm:x:3:4:adm:/var/adm:/sbin/nologin

adm:x:3:4:adm:/var/adm:/sbin/nologin

bin:x:1:1:bin:/bin:/sbin/nologin

bin:x:1:1:bin:/bin:/sbin/nologin

certuser:x:10329:10330::/home/certuser:/bin/bash

certuser:x:10329:10330::/home/certuser:/bin/bash

chrony:x:997:994::/var/lib/chrony:/sbin/nologin

chrony:x:997:994::/var/lib/chrony:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

daemon:x:2:2:daemon:/sbin:/sbin/nologin

Reviewed-by: Michal Židek <mzidek@redhat.com>

---

 src/confdb/confdb.c                   |  5 +----

 src/tests/intg/test_files_provider.py | 22 ----------------------

 2 files changed, 1 insertion(+), 26 deletions(-)

diff --git a/src/confdb/confdb.c b/src/confdb/confdb.c

index 2f3d90087e640f77835400b11184b684852d7fda..fdc61226fd7d8e078dd7eb7eb532c11be3cc05ec 100644

--- a/src/confdb/confdb.c

+++ b/src/confdb/confdb.c

@@ -875,7 +875,6 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,

     char *default_domain;

     bool fqnames_default = false;

     int memcache_timeout;

-    bool enum_default;

     tmp_ctx = talloc_new(mem_ctx);

     if (!tmp_ctx) return ENOMEM;

@@ -1009,10 +1008,8 @@ static int confdb_get_domain_internal(struct confdb_ctx *cdb,

                   "Interpreting as true\n", domain->name);

         domain->enumerate = true;

     } else { /* assume the new format */

-        enum_default = is_files_provider(domain);

-

         ret = get_entry_as_bool(res->msgs[0], &domain->enumerate,

-                                CONFDB_DOMAIN_ENUMERATE, enum_default);

+                                CONFDB_DOMAIN_ENUMERATE, 0);

         if(ret != EOK) {

             DEBUG(SSSDBG_FATAL_FAILURE,

                   "Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE);

diff --git a/src/tests/intg/test_files_provider.py b/src/tests/intg/test_files_provider.py

index ead1cc4c34a8027f74f2a9564863159defce02ef..f0155a2f7e26f17e84e93eab2b99ab72f31d297d 100644

--- a/src/tests/intg/test_files_provider.py

+++ b/src/tests/intg/test_files_provider.py

@@ -32,7 +32,6 @@ import ent

 import sssd_id

 from sssd_nss import NssReturnCode

 from sssd_passwd import (call_sssd_getpwnam,

-                         call_sssd_enumeration,

                          call_sssd_getpwuid)

 from sssd_group import call_sssd_getgrnam, call_sssd_getgrgid

 from files_ops import passwd_ops_setup, group_ops_setup, PasswdOps, GroupOps

@@ -633,27 +632,6 @@ def test_mod_user_shell(add_user_with_canary, files_domain_only):

     check_user(moduser)

-def test_enum_users(setup_pw_with_canary, files_domain_only):

-    """

-    Test that enumerating all users works with the default configuration. Also

-    test that removing all entries and then enumerating again returns an empty

-    set

-    """

-    num_users = 10

-    for i in range(1, num_users+1):

-        user = user_generator(i)

-        setup_pw_with_canary.useradd(**user)

-

-    # syncing with the help of the canary is not reliable after adding

-    # multiple users because the canary might still be in some caches so that

-    # the data is not refreshed properly.

-    subprocess.call(["sss_cache", "-E"])

-    sssd_getpwnam_sync(CANARY["name"])

-    user_list = call_sssd_enumeration()

-    # +1 because the canary is added

-    assert len(user_list) == num_users+1

-

-

 def incomplete_user_setup(pwd_ops, del_field, exp_field):

     adduser = dict(USER1)

     del adduser[del_field]

-- 

2.14.4