[SSSD] [sssd PR#5675][synchronized] KCM: Unset _SSS_LOOPS

Wed, 09 Jun 2021 10:55:01 -0700 

   URL: https://github.com/SSSD/sssd/pull/5675
Author: justin-stephenson
 Title: #5675: KCM: Unset _SSS_LOOPS
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/5675/head:pr5675
git checkout pr5675

From 4826a00ba62431fdf51156d4ae1906a0c66288c5 Mon Sep 17 00:00:00 2001
From: Justin Stephenson <[email protected]>
Date: Wed, 9 Jun 2021 13:40:43 -0400
Subject: [PATCH] KCM: Unset _SSS_LOOPS

When a short renew interval is set, KCM renewal code requires multiple
calls to getpwuid(). This fails when _SSS_LOOPS is set inside the
KCM Responder.
---
 src/responder/kcm/kcmsrv_ccache_secdb.c | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/src/responder/kcm/kcmsrv_ccache_secdb.c b/src/responder/kcm/kcmsrv_ccache_secdb.c
index 6c8c35b865..38a4be2b0c 100644
--- a/src/responder/kcm/kcmsrv_ccache_secdb.c
+++ b/src/responder/kcm/kcmsrv_ccache_secdb.c
@@ -883,6 +883,12 @@ static errno_t ccdb_secdb_get_cc_for_uuid(TALLOC_CTX *mem_ctx,
             DEBUG(SSSDBG_CRIT_FAILURE, "Invalid UID [%s] conversion to uint32 "
                                        "[%d]: %s\n", uid_list[i], ret,
                                        sss_strerror(ret));
+        }
+
+        ret = unsetenv("_SSS_LOOPS");
+        if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unset _SSS_LOOPS, getpwuid() "
+                                       "might fail to lookup ccache UIDs");
             goto done;
         }
 
@@ -937,8 +943,11 @@ static errno_t ccdb_secdb_get_cc_for_uuid(TALLOC_CTX *mem_ctx,
     cc_list[real_count] = NULL;
     *_cc_list = talloc_steal(mem_ctx, cc_list);
 
-    return EOK;
+    ret = EOK;
 done:
+    if (setenv("_SSS_LOOPS", "NO", 0) != 0) {
+        DEBUG(SSSDBG_OP_FAILURE, "Failed to set _SSS_LOOPS.\n");
+    }
     talloc_free(tmp_ctx);
     return ret;
 }

_______________________________________________
sssd-devel mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam on the list, report it: 
https://pagure.io/fedora-infrastructure

Reply via email to