[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-04-03 Thread jhrozek 
   URL: https://github.com/SSSD/sssd/pull/543
Author: jhrozek
 Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/543/head:pr543
git checkout pr543
From a02a2b877901961bfa2727e27b56641767aaf8b3 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Fri, 23 Mar 2018 13:40:34 +0100
Subject: [PATCH] SYSDB: When marking an entry as expired, also set the
 originalModifyTimestamp to 1

Resolves:
https://pagure.io/SSSD/sssd/issue/3684

If the cleanup task removes a user who was a fully resolved member (not a
ghost), but then the group the user was a member of is requested, unless
the group had changed, the user doesn't appear as a member of the group
again. This is because the modify timestamp would prevent the group from
updating and therefore the ghost attribute is not readded.

To mitigate this, let's also set the originalModifyTimestamp attribute
to 1, so that we never take the optimized path while updating the group.
---
 src/db/sysdb_ops.c  | 13 +++
 src/tests/intg/test_ldap.py | 54 +
 2 files changed, 67 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index cc86a114e..09aa04a29 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom,
 goto done;
 }
 
+ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP,
+LDB_FLAG_MOD_REPLACE, NULL);
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
+ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1");
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
 ret = ldb_modify(dom->sysdb->ldb, msg);
 if (ret != LDB_SUCCESS) {
 ret = sysdb_error_to_errno(ret);
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 2d95d2549..08e30f24e 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -434,6 +434,60 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
 dict(mem=ent.contains_only("user1")))
 
 
+@pytest.fixture
+def update_ts_after_cleanup_task(request, ldap_conn):
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_user("user2", 1002, 2001)
+
+ent_list.add_group_bis("group1", 2001, ["user1", "user2"])
+
+create_ldap_fixture(request, ldap_conn, ent_list)
+
+conf = \
+format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
+unindent("""
+[domain/LDAP]
+ldap_purge_cache_timeout = 3
+""").format(**locals())
+create_conf_fixture(request, conf)
+create_sssd_fixture(request)
+return None
+
+
+def test_update_ts_cache_after_cleanup_task(ldap_conn,
+update_ts_after_cleanup_task):
+"""
+Regression test for ticket:
+https://fedorahosted.org/sssd/ticket/2676
+"""
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+ent.assert_passwd_by_name(
+'user1',
+dict(name='user1', passwd='*', uid=1001, gid=2001,
+ gecos='1001', shell='/bin/bash'))
+
+ent.assert_passwd_by_name(
+'user2',
+dict(name='user2', passwd='*', uid=1002, gid=2001,
+ gecos='1002', shell='/bin/bash'))
+
+if subprocess.call(["sss_cache", "-u", "user1"]) != 0:
+raise Exception("sssd_cache failed")
+
+# The cleanup task runs every 3 seconds, so sleep for 6
+# so that we know the cleanup task ran at least once
+# even if we start sleeping during the first one
+time.sleep(6)
+
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+
 @pytest.fixture
 def blank_rfc2307(request, ldap_conn):
 """Create blank RFC2307 directory fixture with interactive SSSD conf"""
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-04-03 Thread jhrozek 
   URL: https://github.com/SSSD/sssd/pull/543
Author: jhrozek
 Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/543/head:pr543
git checkout pr543
From efc548b4e45f60c1044bfc523853537a2e629616 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Fri, 23 Mar 2018 13:40:34 +0100
Subject: [PATCH] SYSDB: When marking an entry as expired, also set the
 originalModifyTimestamp to 1

Resolves:
https://pagure.io/SSSD/sssd/issue/3684

If the cleanup task removes a user who was a fully resolved member (not a
ghost), but then the group the user was a member of is requested, unless
the group had changed, the user doesn't appear as a member of the group
again. This is because the modify timestamp would prevent the group from
updating and therefore the ghost attribute is not readded.

To mitigate this, let's also set the originalModifyTimestamp attribute
to 1, so that we never take the optimized path while updating the group.
---
 src/db/sysdb_ops.c  | 13 
 src/tests/intg/test_ldap.py | 51 +
 2 files changed, 64 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index cc86a114e..09aa04a29 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom,
 goto done;
 }
 
+ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP,
+LDB_FLAG_MOD_REPLACE, NULL);
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
+ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1");
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
 ret = ldb_modify(dom->sysdb->ldb, msg);
 if (ret != LDB_SUCCESS) {
 ret = sysdb_error_to_errno(ret);
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 2d95d2549..671bf2fb9 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -434,6 +434,57 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
 dict(mem=ent.contains_only("user1")))
 
 
+@pytest.fixture
+def update_ts_after_cleanup_task(request, ldap_conn):
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_user("user2", 1002, 2001)
+
+ent_list.add_group_bis("group1", 2001, ["user1", "user2"])
+
+create_ldap_fixture(request, ldap_conn, ent_list)
+
+conf = \
+format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
+unindent("""
+[domain/LDAP]
+ldap_purge_cache_timeout = 3
+""").format(**locals())
+create_conf_fixture(request, conf)
+create_sssd_fixture(request)
+return None
+
+
+def test_update_ts_cache_after_cleanup_task(ldap_conn,
+update_ts_after_cleanup_task):
+"""
+Regression test for ticket:
+https://fedorahosted.org/sssd/ticket/2676
+"""
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+ent.assert_passwd_by_name(
+'user1',
+dict(name='user1', passwd='*', uid=1001, gid=2001,
+ gecos='1001', shell='/bin/bash'))
+
+ent.assert_passwd_by_name(
+'user2',
+dict(name='user2', passwd='*', uid=1002, gid=2001,
+ gecos='1002', shell='/bin/bash'))
+
+if subprocess.call(["sss_cache", "-u", "user1"]) != 0:
+raise Exception("sssd_cache failed")
+
+time.sleep(6)
+
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+
 @pytest.fixture
 def blank_rfc2307(request, ldap_conn):
 """Create blank RFC2307 directory fixture with interactive SSSD conf"""
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org

[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1

2018-03-29 Thread fidencio 
   URL: https://github.com/SSSD/sssd/pull/543
Author: jhrozek
 Title: #543: SYSDB: When marking an entry as expired, also set the 
originalModifyTimestamp to 1
Action: synchronized

To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/543/head:pr543
git checkout pr543
From 1c11bb393037c37fb380ce687b48f618ab85c64a Mon Sep 17 00:00:00 2001
From: Jakub Hrozek 
Date: Fri, 23 Mar 2018 13:40:34 +0100
Subject: [PATCH] SYSDB: When marking an entry as expired, also set the
 originalModifyTimestamp to 1

Resolves:
https://pagure.io/SSSD/sssd/issue/3684

If the cleanup task removes a user who was a fully resolved member (not a
ghost), but then the group the user was a member of is requested, unless
the group had changed, the user doesn't appear as a member of the group
again. This is because the modify timestamp would prevent the group from
updating and therefore the ghost attribute is not readded.

To mitigate this, let's also set the originalModifyTimestamp attribute
to 1, so that we never take the optimized path while updating the group.
---
 src/db/sysdb_ops.c  | 13 
 src/tests/intg/test_ldap.py | 51 +
 2 files changed, 64 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index cc86a114e..09aa04a29 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom,
 goto done;
 }
 
+ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP,
+LDB_FLAG_MOD_REPLACE, NULL);
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
+ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1");
+if (ret != LDB_SUCCESS) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
 ret = ldb_modify(dom->sysdb->ldb, msg);
 if (ret != LDB_SUCCESS) {
 ret = sysdb_error_to_errno(ret);
diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py
index 2d95d2549..a5761cbe1 100644
--- a/src/tests/intg/test_ldap.py
+++ b/src/tests/intg/test_ldap.py
@@ -434,6 +434,57 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task):
 dict(mem=ent.contains_only("user1")))
 
 
+@pytest.fixture
+def update_ts_after_cleanup_task(request, ldap_conn):
+ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn)
+ent_list.add_user("user1", 1001, 2001)
+ent_list.add_user("user2", 1002, 2001)
+
+ent_list.add_group_bis("group1", 2001, ["user1", "user2"])
+
+create_ldap_fixture(request, ldap_conn, ent_list)
+
+conf = \
+format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \
+unindent("""
+[domain/LDAP]
+ldap_purge_cache_timeout = 3
+""").format(**locals())
+create_conf_fixture(request, conf)
+create_sssd_fixture(request)
+return None
+
+
+def test_update_ts_cache_after_cleanup_task(ldap_conn,
+update_ts_after_cleanup_task):
+"""
+Regression test for ticket:
+https://fedorahosted.org/sssd/ticket/2676
+"""
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+ent.assert_passwd_by_name(
+'user1',
+dict(name='user1', passwd='*', uid=1001, gid=2001,
+ gecos='1001', shell='/bin/bash'))
+
+ent.assert_passwd_by_name(
+'user2',
+dict(name='user2', passwd='*', uid=1002, gid=2001,
+ gecos='1002', shell='/bin/bash'))
+
+if subprocess.call(["sss_cache", "-u", "user1"]) != 0:
+raise Exception("sssd_cache failed")
+
+time.sleep(15)
+
+ent.assert_group_by_name(
+"group1",
+dict(mem=ent.contains_only("user1", "user2")))
+
+
 @pytest.fixture
 def blank_rfc2307(request, ldap_conn):
 """Create blank RFC2307 directory fixture with interactive SSSD conf"""
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org