[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Author: jhrozek Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/543/head:pr543 git checkout pr543 From a02a2b877901961bfa2727e27b56641767aaf8b3 Mon Sep 17 00:00:00 2001 From: Jakub HrozekDate: Fri, 23 Mar 2018 13:40:34 +0100 Subject: [PATCH] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Resolves: https://pagure.io/SSSD/sssd/issue/3684 If the cleanup task removes a user who was a fully resolved member (not a ghost), but then the group the user was a member of is requested, unless the group had changed, the user doesn't appear as a member of the group again. This is because the modify timestamp would prevent the group from updating and therefore the ghost attribute is not readded. To mitigate this, let's also set the originalModifyTimestamp attribute to 1, so that we never take the optimized path while updating the group. --- src/db/sysdb_ops.c | 13 +++ src/tests/intg/test_ldap.py | 54 + 2 files changed, 67 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index cc86a114e..09aa04a29 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom, goto done; } +ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP, +LDB_FLAG_MOD_REPLACE, NULL); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + +ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1"); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + ret = ldb_modify(dom->sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index 2d95d2549..08e30f24e 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -434,6 +434,60 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task): dict(mem=ent.contains_only("user1"))) +@pytest.fixture +def update_ts_after_cleanup_task(request, ldap_conn): +ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) +ent_list.add_user("user1", 1001, 2001) +ent_list.add_user("user2", 1002, 2001) + +ent_list.add_group_bis("group1", 2001, ["user1", "user2"]) + +create_ldap_fixture(request, ldap_conn, ent_list) + +conf = \ +format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ +unindent(""" +[domain/LDAP] +ldap_purge_cache_timeout = 3 +""").format(**locals()) +create_conf_fixture(request, conf) +create_sssd_fixture(request) +return None + + +def test_update_ts_cache_after_cleanup_task(ldap_conn, +update_ts_after_cleanup_task): +""" +Regression test for ticket: +https://fedorahosted.org/sssd/ticket/2676 +""" +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + +ent.assert_passwd_by_name( +'user1', +dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + +ent.assert_passwd_by_name( +'user2', +dict(name='user2', passwd='*', uid=1002, gid=2001, + gecos='1002', shell='/bin/bash')) + +if subprocess.call(["sss_cache", "-u", "user1"]) != 0: +raise Exception("sssd_cache failed") + +# The cleanup task runs every 3 seconds, so sleep for 6 +# so that we know the cleanup task ran at least once +# even if we start sleeping during the first one +time.sleep(6) + +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + + @pytest.fixture def blank_rfc2307(request, ldap_conn): """Create blank RFC2307 directory fixture with interactive SSSD conf""" ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Author: jhrozek Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/543/head:pr543 git checkout pr543 From efc548b4e45f60c1044bfc523853537a2e629616 Mon Sep 17 00:00:00 2001 From: Jakub HrozekDate: Fri, 23 Mar 2018 13:40:34 +0100 Subject: [PATCH] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Resolves: https://pagure.io/SSSD/sssd/issue/3684 If the cleanup task removes a user who was a fully resolved member (not a ghost), but then the group the user was a member of is requested, unless the group had changed, the user doesn't appear as a member of the group again. This is because the modify timestamp would prevent the group from updating and therefore the ghost attribute is not readded. To mitigate this, let's also set the originalModifyTimestamp attribute to 1, so that we never take the optimized path while updating the group. --- src/db/sysdb_ops.c | 13 src/tests/intg/test_ldap.py | 51 + 2 files changed, 64 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index cc86a114e..09aa04a29 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom, goto done; } +ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP, +LDB_FLAG_MOD_REPLACE, NULL); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + +ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1"); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + ret = ldb_modify(dom->sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index 2d95d2549..671bf2fb9 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -434,6 +434,57 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task): dict(mem=ent.contains_only("user1"))) +@pytest.fixture +def update_ts_after_cleanup_task(request, ldap_conn): +ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) +ent_list.add_user("user1", 1001, 2001) +ent_list.add_user("user2", 1002, 2001) + +ent_list.add_group_bis("group1", 2001, ["user1", "user2"]) + +create_ldap_fixture(request, ldap_conn, ent_list) + +conf = \ +format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ +unindent(""" +[domain/LDAP] +ldap_purge_cache_timeout = 3 +""").format(**locals()) +create_conf_fixture(request, conf) +create_sssd_fixture(request) +return None + + +def test_update_ts_cache_after_cleanup_task(ldap_conn, +update_ts_after_cleanup_task): +""" +Regression test for ticket: +https://fedorahosted.org/sssd/ticket/2676 +""" +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + +ent.assert_passwd_by_name( +'user1', +dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + +ent.assert_passwd_by_name( +'user2', +dict(name='user2', passwd='*', uid=1002, gid=2001, + gecos='1002', shell='/bin/bash')) + +if subprocess.call(["sss_cache", "-u", "user1"]) != 0: +raise Exception("sssd_cache failed") + +time.sleep(6) + +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + + @pytest.fixture def blank_rfc2307(request, ldap_conn): """Create blank RFC2307 directory fixture with interactive SSSD conf""" ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
[SSSD] [sssd PR#543][synchronized] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1
URL: https://github.com/SSSD/sssd/pull/543 Author: jhrozek Title: #543: SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Action: synchronized To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/543/head:pr543 git checkout pr543 From 1c11bb393037c37fb380ce687b48f618ab85c64a Mon Sep 17 00:00:00 2001 From: Jakub HrozekDate: Fri, 23 Mar 2018 13:40:34 +0100 Subject: [PATCH] SYSDB: When marking an entry as expired, also set the originalModifyTimestamp to 1 Resolves: https://pagure.io/SSSD/sssd/issue/3684 If the cleanup task removes a user who was a fully resolved member (not a ghost), but then the group the user was a member of is requested, unless the group had changed, the user doesn't appear as a member of the group again. This is because the modify timestamp would prevent the group from updating and therefore the ghost attribute is not readded. To mitigate this, let's also set the originalModifyTimestamp attribute to 1, so that we never take the optimized path while updating the group. --- src/db/sysdb_ops.c | 13 src/tests/intg/test_ldap.py | 51 + 2 files changed, 64 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index cc86a114e..09aa04a29 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -5410,6 +5410,19 @@ errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom, goto done; } +ret = ldb_msg_add_empty(msg, SYSDB_ORIG_MODSTAMP, +LDB_FLAG_MOD_REPLACE, NULL); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + +ret = ldb_msg_add_string(msg, SYSDB_ORIG_MODSTAMP, "1"); +if (ret != LDB_SUCCESS) { +ret = sysdb_error_to_errno(ret); +goto done; +} + ret = ldb_modify(dom->sysdb->ldb, msg); if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); diff --git a/src/tests/intg/test_ldap.py b/src/tests/intg/test_ldap.py index 2d95d2549..a5761cbe1 100644 --- a/src/tests/intg/test_ldap.py +++ b/src/tests/intg/test_ldap.py @@ -434,6 +434,57 @@ def test_refresh_after_cleanup_task(ldap_conn, refresh_after_cleanup_task): dict(mem=ent.contains_only("user1"))) +@pytest.fixture +def update_ts_after_cleanup_task(request, ldap_conn): +ent_list = ldap_ent.List(ldap_conn.ds_inst.base_dn) +ent_list.add_user("user1", 1001, 2001) +ent_list.add_user("user2", 1002, 2001) + +ent_list.add_group_bis("group1", 2001, ["user1", "user2"]) + +create_ldap_fixture(request, ldap_conn, ent_list) + +conf = \ +format_basic_conf(ldap_conn, SCHEMA_RFC2307_BIS) + \ +unindent(""" +[domain/LDAP] +ldap_purge_cache_timeout = 3 +""").format(**locals()) +create_conf_fixture(request, conf) +create_sssd_fixture(request) +return None + + +def test_update_ts_cache_after_cleanup_task(ldap_conn, +update_ts_after_cleanup_task): +""" +Regression test for ticket: +https://fedorahosted.org/sssd/ticket/2676 +""" +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + +ent.assert_passwd_by_name( +'user1', +dict(name='user1', passwd='*', uid=1001, gid=2001, + gecos='1001', shell='/bin/bash')) + +ent.assert_passwd_by_name( +'user2', +dict(name='user2', passwd='*', uid=1002, gid=2001, + gecos='1002', shell='/bin/bash')) + +if subprocess.call(["sss_cache", "-u", "user1"]) != 0: +raise Exception("sssd_cache failed") + +time.sleep(15) + +ent.assert_group_by_name( +"group1", +dict(mem=ent.contains_only("user1", "user2"))) + + @pytest.fixture def blank_rfc2307(request, ldap_conn): """Create blank RFC2307 directory fixture with interactive SSSD conf""" ___ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org