#4110 Propagate error when multiple entries with same certificate have been found
Closed a year ago by pedrosam. Opened a year ago by pedrosam.
SSSD/ pedrosam/sssd master  into  master

file modified
-2
@@ -116,8 +116,6 @@ 

          libnfsidmap-dev

          libnl-3-dev

          libnl-route-3-dev

-         libnspr4-dev

-         libnss3-dev

          libpam0g-dev

          libpcre3-dev

          libpopt-dev

@@ -1547,6 +1547,10 @@ 

          *_result = talloc_steal(mem_ctx, state->results[0]);

      }

  

+     if(state->num_results > 1) {

+     	return ERR_MULTIPLE_ENTRIES;

+     }

+ 

      return EOK;

  }

  

@@ -73,7 +73,7 @@ 

  

      ret = clock_gettime(CLOCK_REALTIME, &starttime);

      if (ret != 0) {

-         return ret;

+         return errno;

      }

      endtime.tv_sec = starttime.tv_sec + SEC_FROM_MSEC(timeout_ms);

      endtime.tv_nsec = starttime.tv_nsec + NSEC_FROM_MSEC(timeout_ms);
@@ -83,6 +83,7 @@ 

      if (ret == 0) {

          ret = clock_gettime(CLOCK_REALTIME, &endtime);

          if (ret != 0) {

+             ret = errno;

              sss_nss_unlock();

              return ret;

          }

@@ -150,9 +150,11 @@ 

  if HAVE_NSS

  PAM_CERT_DB_PATH="sql:$(DESTDIR)$(sysconfdir)/pki/nssdb"

  SOFTHSM2_CONF=""

+ USE_NSS=1

  else

  PAM_CERT_DB_PATH="$(abs_builddir)/../test_CA/SSSD_test_CA.pem"

  SOFTHSM2_CONF="$(abs_builddir)/../test_CA/softhsm2_one.conf"

+ USE_NSS=0

  endif

  

  intgcheck-installed: config.py passwd group pam_sss_service pam_sss_alt_service pam_sss_sc_required pam_sss_try_sc pam_sss_allow_missing_name
@@ -187,6 +189,7 @@ 

  	PAM_WRAPPER_PATH=$$(pkg-config --libs pam_wrapper) \

  	PAM_CERT_DB_PATH=$(PAM_CERT_DB_PATH) \

  	SOFTHSM2_CONF=$(SOFTHSM2_CONF) \

+ 	USE_NSS=$(USE_NSS) \

  	DBUS_SOCK_DIR="$(DESTDIR)$(runstatedir)/dbus/" \

  	DBUS_SESSION_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/fake_socket" \

  	DBUS_SYSTEM_BUS_ADDRESS="unix:path=$$DBUS_SOCK_DIR/system_bus_socket" \

@@ -272,13 +272,15 @@ 

  

  

  def create_nssdb_fixture(request):

-     create_nssdb()

-     request.addfinalizer(cleanup_nssdb)

+     if 'USE_NSS' in os.environ and os.environ['USE_NSS'] == '1':

+         create_nssdb()

+         request.addfinalizer(cleanup_nssdb)

  

  

  def create_nssdb_no_cert_fixture(request):

-     create_nssdb_no_cert()

-     request.addfinalizer(cleanup_nssdb)

+     if 'USE_NSS' in os.environ and os.environ['USE_NSS'] == '1':

+         create_nssdb_no_cert()

+         request.addfinalizer(cleanup_nssdb)

  

  

  @pytest.fixture

@@ -209,6 +209,12 @@ 

          goto done;

      }

  

+     if (services == NULL) {

+         PRINT("This domain has no active servers.\n");

+         ret = EOK;

+         goto done;

+     }

+ 

      PRINT("Active servers:\n");

      for (i = 0; services[i] != NULL; i++) {

          ret = sbus_call_ifp_domain_ActiveServer(tmp_ctx, conn, IFP_BUS,
@@ -220,6 +226,7 @@ 

              goto done;

          }

  

+         /* SBUS_REQ_STRING_DEFAULT handles (server == NULL) case gracefully */

          server = SBUS_REQ_STRING_DEFAULT(server, _("not connected"));

          printf("%s: %s\n", proper_service_name(services[i]), server);

      }
@@ -256,6 +263,12 @@ 

          goto done;

      }

  

+     if (services == NULL) {

+         PRINT("No servers discovered.\n");

+         ret = EOK;

+         goto done;

+     }

+ 

      for (i = 0; services[i] != NULL; i++) {

          PRINT("Discovered %s servers:\n", proper_service_name(services[i]));

  

file modified
+1
@@ -123,6 +123,7 @@ 

      { "The last GetAccountDomain() result is still valid" }, /* ERR_GET_ACCT_DOM_CACHED */

      { "ID is outside the allowed range" }, /* ERR_ID_OUTSIDE_RANGE */

      { "Group ID is duplicated" }, /* ERR_GID_DUPLICATED */

+ 	{ "Certificate matches multiple user entries" }, /* ERR_MULTIPLE_ENTRIES */

  

      /* DBUS Errors */

      { "Connection was killed on demand" }, /* ERR_SBUS_KILL_CONNECTION */

file modified
+1
@@ -144,6 +144,7 @@ 

      ERR_GET_ACCT_DOM_CACHED,

      ERR_ID_OUTSIDE_RANGE,

      ERR_GID_DUPLICATED,

+ 	ERR_MULTIPLE_ENTRIES,

  

      /* DBUS Errors */

      ERR_SBUS_KILL_CONNECTION,

Thank you. Would you mind resubmitting the PR to https://github.com/SSSD/sssd/pulls since that were we develop and were our automatic tests are run? Also can you amend the first commit message so we no what is the purpose there?

Ah, I see the first commit 'merge ...' is just something from improper rebase.

Hi Pavel,

I will take your feedback into account and come back with the improvements.

Pull-Request has been closed by pedrosam

a year ago