sssd/0043-SYSDB_OPS-Error-out-on-id-collision-when-adding-an-i.patch
Fabiano Fidêncio 2dd8451396 Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
2018-04-27 22:12:12 +02:00

65 lines
2.1 KiB
Diff

From 5da97dcfb8499348080b5c7a3980c704294f22fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Mon, 19 Feb 2018 08:53:56 +0100
Subject: [PATCH] SYSDB_OPS: Error out on id-collision when adding an
incomplete group
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. For now, let's just
error this out so the caller can handle it properly on its own layer.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 514b2be089bfd0e2702d7e9ab883ab071a61b719)
---
src/db/sysdb_ops.c | 22 ++++++++++++++++++++++
1 file changed, 22 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 5d3cf643d..de4fdb592 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2377,12 +2377,34 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
TALLOC_CTX *tmp_ctx;
int ret;
struct sysdb_attrs *attrs;
+ struct ldb_message *msg;
+ const char *previous = NULL;
+ const char *group_attrs[] = { SYSDB_SID_STR, SYSDB_UUID, SYSDB_ORIG_DN, NULL };
+ const char *values[] = { sid_str, uuid, original_dn, NULL };
+ bool same = false;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
+ ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, group_attrs, &msg);
+ if (ret == EOK) {
+ for (int i = 0; !same && group_attrs[i] != NULL; i++) {
+ previous = ldb_msg_find_attr_as_string(msg,
+ group_attrs[i],
+ NULL);
+ if (previous != NULL && values[i] != NULL) {
+ same = strcmp(previous, values[i]) == 0;
+ }
+ }
+ }
+
+ if (same) {
+ ret = ERR_GID_DUPLICATED;
+ goto done;
+ }
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
--
2.14.3