Resolves: RHEL-73400 - Use the DN from existing entry when updating a cached group [rhel-9]
This commit is contained in:
Alexey Tikhonov
parent
cdca4870e1
commit
a6d0f2673d
@ -0,0 +1,83 @@
|
|||||||
|
From 4f9fb5fd301d635ad54bf6d0ef93d6811445c7f9 Mon Sep 17 00:00:00 2001
|
||||||
|
From: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
Date: Wed, 22 May 2024 13:31:06 +0200
|
||||||
|
Subject: [PATCH] SYSDB: Use SYSDB_NAME from cached entry when updating users
|
||||||
|
and groups
|
||||||
|
MIME-Version: 1.0
|
||||||
|
Content-Type: text/plain; charset=UTF-8
|
||||||
|
Content-Transfer-Encoding: 8bit
|
||||||
|
|
||||||
|
The sysdb_store_user() and sysdb_store_group() functinos search for the
|
||||||
|
entry by name to check if it is already cached. This search considers
|
||||||
|
SYSDB_ALIAS, added when the domain is case insensitive. If a matching
|
||||||
|
entry is found use its SYSDB_NAME instead of the passed name.
|
||||||
|
|
||||||
|
It may happen the group is stored in uppercase, but later some server
|
||||||
|
returns a memberOf attribute in lowercase. When updating the group to
|
||||||
|
add the memberships the first search will find the entry, but the modify
|
||||||
|
operation will fail as the group name in the built DN will differ in case.
|
||||||
|
|
||||||
|
Signed-off-by: Samuel Cabrero <scabrero@suse.de>
|
||||||
|
|
||||||
|
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
|
||||||
|
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
||||||
|
(cherry picked from commit d2b734b926e1f23370c9cabd8ba6f07bf6b29a86)
|
||||||
|
|
||||||
|
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
||||||
|
---
|
||||||
|
src/db/sysdb_ops.c | 32 ++++++++++++++++++++++++++++++++
|
||||||
|
1 file changed, 32 insertions(+)
|
||||||
|
|
||||||
|
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
|
||||||
|
index 76f4580aa..32e49d759 100644
|
||||||
|
--- a/src/db/sysdb_ops.c
|
||||||
|
+++ b/src/db/sysdb_ops.c
|
||||||
|
@@ -2615,6 +2615,22 @@ int sysdb_store_user(struct sss_domain_info *domain,
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
/* the user exists, let's just replace attributes when set */
|
||||||
|
+ /*
|
||||||
|
+ * The sysdb_search_user_by_name() function also matches lowercased
|
||||||
|
+ * aliases, saved when the domain is case-insensitive. This means that
|
||||||
|
+ * the stored entry name can differ in capitalization from the search
|
||||||
|
+ * name. Use the cached entry name to perform the modification because
|
||||||
|
+ * if name capitalization in entry's DN differs the modify operation
|
||||||
|
+ * will fail.
|
||||||
|
+ */
|
||||||
|
+ const char *entry_name =
|
||||||
|
+ ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
|
||||||
|
+ if (entry_name != NULL) {
|
||||||
|
+ name = entry_name;
|
||||||
|
+ } else {
|
||||||
|
+ DEBUG(SSSDBG_MINOR_FAILURE, "User '%s' without a name?\n", name);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret = sysdb_store_user_attrs(domain, name, uid, gid, gecos, homedir,
|
||||||
|
shell, orig_dn, attrs, remove_attrs,
|
||||||
|
cache_timeout, now);
|
||||||
|
@@ -2849,6 +2865,22 @@ int sysdb_store_group(struct sss_domain_info *domain,
|
||||||
|
ret = sysdb_store_new_group(domain, name, gid, attrs,
|
||||||
|
cache_timeout, now);
|
||||||
|
} else {
|
||||||
|
+ /*
|
||||||
|
+ * The sysdb_search_group_by_name() function also matches lowercased
|
||||||
|
+ * aliases, saved when the domain is case-insensitive. This means that
|
||||||
|
+ * the stored entry name can differ in capitalization from the search
|
||||||
|
+ * name. Use the cached entry name to perform the modification because
|
||||||
|
+ * if name capitalization in entry's DN differs the modify operation
|
||||||
|
+ * will fail.
|
||||||
|
+ */
|
||||||
|
+ const char *entry_name =
|
||||||
|
+ ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
|
||||||
|
+ if (entry_name != NULL) {
|
||||||
|
+ name = entry_name;
|
||||||
|
+ } else {
|
||||||
|
+ DEBUG(SSSDBG_MINOR_FAILURE, "Group '%s' without a name?\n", name);
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
ret = sysdb_store_group_attrs(domain, name, gid, attrs,
|
||||||
|
cache_timeout, now);
|
||||||
|
}
|
||||||
|
--
|
||||||
|
2.47.0
|
||||||
|
|
||||||
@ -27,14 +27,14 @@
|
|||||||
|
|
||||||
Name: sssd
|
Name: sssd
|
||||||
Version: 2.9.6
|
Version: 2.9.6
|
||||||
Release: 1%{?dist}
|
Release: 2%{?dist}
|
||||||
Summary: System Security Services Daemon
|
Summary: System Security Services Daemon
|
||||||
License: GPLv3+
|
License: GPLv3+
|
||||||
URL: https://github.com/SSSD/sssd/
|
URL: https://github.com/SSSD/sssd/
|
||||||
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
|
Source0: https://github.com/SSSD/sssd/releases/download/%{version}/sssd-%{version}.tar.gz
|
||||||
|
|
||||||
### Patches ###
|
### Patches ###
|
||||||
# Patch0001:
|
Patch0001: 0001-SYSDB-Use-SYSDB_NAME-from-cached-entry-when-updating.patch
|
||||||
|
|
||||||
### Dependencies ###
|
### Dependencies ###
|
||||||
|
|
||||||
@ -1084,6 +1084,9 @@ fi
|
|||||||
%systemd_postun_with_restart sssd.service
|
%systemd_postun_with_restart sssd.service
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jan 14 2025 Alexey Tikhonov <atikhono@redhat.com> - 2.9.6-2
|
||||||
|
- Resolves: RHEL-73400 - Use the DN from existing entry when updating a cached group [rhel-9]
|
||||||
|
|
||||||
* Thu Dec 5 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.6-1
|
* Thu Dec 5 2024 Alexey Tikhonov <atikhono@redhat.com> - 2.9.6-1
|
||||||
- Resolves: RHEL-70189 - Rebase SSSD for RHEL 9.6
|
- Resolves: RHEL-70189 - Rebase SSSD for RHEL 9.6
|
||||||
- Resolves: RHEL-67670 - Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option [rhel-9]
|
- Resolves: RHEL-67670 - Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option [rhel-9]
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user