sssd/0041-SDAP-Add-sdap_handle_id_collision_for_incomplete_gro.patch
Fabiano Fidêncio 2dd8451396 Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:12 +02:00

96 lines
3.7 KiB
Diff

From 87a0027c7dbc54422ac519ef8eef0323baff4b60 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Mon, 19 Feb 2018 12:43:06 +0100
Subject: [PATCH] SDAP: Add sdap_handle_id_collision_for_incomplete_groups()
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This newly added function is a helper to properly hadle group
id-collisions when renaming incomplete groups and it does:
- Deletes the group from sysdb
- Adds the new incomplete group
- Notifies the NSS responder that the entry also has to be deleted from
the memory cache
This function will be called from
sdap_ad_save_group_membership_with_idmapping() and from
sdap_add_incomplete_groups().
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a537df2ea99acb0181dc360ddf9a60b69c16faf0)
---
src/providers/ldap/sdap_async.h | 11 ++++++++++
src/providers/ldap/sdap_async_initgroups.c | 34 ++++++++++++++++++++++++++++++
2 files changed, 45 insertions(+)
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
index 40da81fb9..6ca3ed8d8 100644
--- a/src/providers/ldap/sdap_async.h
+++ b/src/providers/ldap/sdap_async.h
@@ -412,4 +412,15 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx,
errno_t
sdap_ad_tokengroups_initgroups_recv(struct tevent_req *req);
+errno_t
+sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp,
+ struct sss_domain_info *domain,
+ const char *name,
+ gid_t gid,
+ const char *original_dn,
+ const char *sid_str,
+ const char *uuid,
+ bool posix,
+ time_t now);
+
#endif /* _SDAP_ASYNC_H_ */
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
index 326294a1c..34747be59 100644
--- a/src/providers/ldap/sdap_async_initgroups.c
+++ b/src/providers/ldap/sdap_async_initgroups.c
@@ -3543,3 +3543,37 @@ errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx,
return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain,
name, grouplist, true);
}
+
+errno_t
+sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp,
+ struct sss_domain_info *domain,
+ const char *name,
+ gid_t gid,
+ const char *original_dn,
+ const char *sid_str,
+ const char *uuid,
+ bool posix,
+ time_t now)
+{
+ errno_t ret;
+
+ ret = sysdb_delete_group(domain, NULL, gid);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ "Due to an id collision, the new group with gid [\"%"PRIu32"\"] "
+ "will not be added as the old group (with the same gid) could "
+ "not be removed from the sysdb!",
+ gid);
+ return ret;
+ }
+
+ ret = sysdb_add_incomplete_group(domain, name, gid, original_dn, sid_str,
+ uuid, posix, now);
+ if (ret != EOK) {
+ return ret;
+ }
+
+ dp_sbus_invalidate_group_memcache(dp, gid);
+
+ return EOK;
+}
--
2.14.3