[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 9828510f1da4f549173fb8451f5778a8f778996f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Fri, 16 Feb 2018 13:55:53 +0100
Subject: [PATCH 1/9] NSS: Add InvalidateGroupById handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are some situations where, from the backend, the NSS responder
will have to be notified to invalidate a group.
In order to achieve this in a clean way, let's add the
InvalidateGroupById handler and make use of it later in this very same
series.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/responder/nss/nss_iface.c | 16 ++
src/responder/nss/nss_iface.xml | 3 +++
src/responder/nss/nss_iface_generated.c | 38 +
src/responder/nss/nss_iface_generated.h | 5 +
4 files changed, 62 insertions(+)
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
index 415af9550..805e4fcdf 100644
--- a/src/responder/nss/nss_iface.c
+++ b/src/responder/nss/nss_iface.c
@@ -199,12 +199,28 @@ int nss_memorycache_update_initgroups(struct sbus_request *sbus_req,
return iface_nss_memorycache_UpdateInitgroups_finish(sbus_req);
}
+int nss_memorycache_invalidate_group_by_id(struct sbus_request *sbus_req,
+ void *data,
+ gid_t gid)
+{
+struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
+struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
+
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Invalidating group %"PRIu32" from memory cache\n", gid);
+
+sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid);
+
+return iface_nss_memorycache_InvalidateGroupById_finish(sbus_req);
+}
+
struct iface_nss_memorycache iface_nss_memorycache = {
{ &iface_nss_memorycache_meta, 0 },
.UpdateInitgroups = nss_memorycache_update_initgroups,
.InvalidateAllUsers = nss_memorycache_invalidate_users,
.InvalidateAllGroups = nss_memorycache_invalidate_groups,
.InvalidateAllInitgroups = nss_memorycache_invalidate_initgroups,
+.InvalidateGroupById = nss_memorycache_invalidate_group_by_id,
};
static struct sbus_iface_map iface_map[] = {
diff --git a/src/responder/nss/nss_iface.xml b/src/responder/nss/nss_iface.xml
index 27aae0197..4d8cf14f9 100644
--- a/src/responder/nss/nss_iface.xml
+++ b/src/responder/nss/nss_iface.xml
@@ -14,5 +14,8 @@
+
+
+
diff --git a/src/responder/nss/nss_iface_generated.c b/src/responder/nss/nss_iface_generated.c
index 4a8b704da..8d5a4584b 100644
--- a/src/responder/nss/nss_iface_generated.c
+++ b/src/responder/nss/nss_iface_generated.c
@@ -12,6 +12,9 @@
/* invokes a handler with a 'ssau' DBus signature */
static int invoke_ssau_method(struct sbus_request *dbus_req, void *function_ptr);
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr);
+
/* arguments for org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups */
const struct sbus_arg_meta iface_nss_memorycache_UpdateInitgroups__in[] = {
{ "user", "s" },
@@ -44,6 +47,18 @@ int iface_nss_memorycache_InvalidateAllInitgroups_finish(struct sbus_request *re
DBUS_TYPE_INVALID);
}
+/* arguments for org.freedesktop.sssd.nss.MemoryCache.InvalidateGroupById */
+const struct sbus_arg_meta iface_nss_memorycache_InvalidateGroupById__in[] = {
+{ "gid", "u" },
+{ NULL, }
+};
+
+int iface_nss_memorycache_InvalidateGroupById_finish(struct sbus_request *req)
+{
+ return sbus_request_return_and_finish(req,
+ DBUS_TYPE_INVALID);
+}
+
/* methods for org.freedesktop.sssd.nss.MemoryCache */
const struct sbus_method_meta iface_nss_memorycache__methods[] = {
{
@@ -74,6 +89,13 @@ const struct sbus_method_meta iface_nss_memorycache__methods[] = {
offsetof(struct iface_nss_memorycache, InvalidateAllInitgroups),
NULL, /* no invoker */
},
+{
+"InvalidateGroupById", /* name */
+iface_nss_memorycache_InvalidateGroupById__in,
+NULL, /* no out_args */
+offsetof(struct iface_nss_memorycache, InvalidateGroupById),
+invoke_u_method,
+},
{ NULL, }
};
@@ -86,6 +108,22 @@ const struct sbus_interface_meta iface_nss_memorycache_meta = {
sbus_invoke_get_all, /* GetAll invoker */
};
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr)
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 7bc29db7b20724f1b63bdd2c225880db35e2df7e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Fri, 16 Feb 2018 13:55:53 +0100
Subject: [PATCH 1/8] NSS: Add InvalidateGroupById handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are some situations where, from the backend, the NSS responder
will have to be notified to invalidate a group.
In order to achieve this in a clean way, let's add the
InvalidateGroupById handler and make use of it later in this very same
series.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/responder/nss/nss_iface.c | 16 ++
src/responder/nss/nss_iface.xml | 3 +++
src/responder/nss/nss_iface_generated.c | 38 +
src/responder/nss/nss_iface_generated.h | 5 +
4 files changed, 62 insertions(+)
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
index 415af9550..805e4fcdf 100644
--- a/src/responder/nss/nss_iface.c
+++ b/src/responder/nss/nss_iface.c
@@ -199,12 +199,28 @@ int nss_memorycache_update_initgroups(struct sbus_request *sbus_req,
return iface_nss_memorycache_UpdateInitgroups_finish(sbus_req);
}
+int nss_memorycache_invalidate_group_by_id(struct sbus_request *sbus_req,
+ void *data,
+ gid_t gid)
+{
+struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
+struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
+
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Invalidating group %"PRIu32" from memory cache\n", gid);
+
+sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid);
+
+return iface_nss_memorycache_InvalidateGroupById_finish(sbus_req);
+}
+
struct iface_nss_memorycache iface_nss_memorycache = {
{ &iface_nss_memorycache_meta, 0 },
.UpdateInitgroups = nss_memorycache_update_initgroups,
.InvalidateAllUsers = nss_memorycache_invalidate_users,
.InvalidateAllGroups = nss_memorycache_invalidate_groups,
.InvalidateAllInitgroups = nss_memorycache_invalidate_initgroups,
+.InvalidateGroupById = nss_memorycache_invalidate_group_by_id,
};
static struct sbus_iface_map iface_map[] = {
diff --git a/src/responder/nss/nss_iface.xml b/src/responder/nss/nss_iface.xml
index 27aae0197..4d8cf14f9 100644
--- a/src/responder/nss/nss_iface.xml
+++ b/src/responder/nss/nss_iface.xml
@@ -14,5 +14,8 @@
+
+
+
diff --git a/src/responder/nss/nss_iface_generated.c b/src/responder/nss/nss_iface_generated.c
index 4a8b704da..8d5a4584b 100644
--- a/src/responder/nss/nss_iface_generated.c
+++ b/src/responder/nss/nss_iface_generated.c
@@ -12,6 +12,9 @@
/* invokes a handler with a 'ssau' DBus signature */
static int invoke_ssau_method(struct sbus_request *dbus_req, void *function_ptr);
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr);
+
/* arguments for org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups */
const struct sbus_arg_meta iface_nss_memorycache_UpdateInitgroups__in[] = {
{ "user", "s" },
@@ -44,6 +47,18 @@ int iface_nss_memorycache_InvalidateAllInitgroups_finish(struct sbus_request *re
DBUS_TYPE_INVALID);
}
+/* arguments for org.freedesktop.sssd.nss.MemoryCache.InvalidateGroupById */
+const struct sbus_arg_meta iface_nss_memorycache_InvalidateGroupById__in[] = {
+{ "gid", "u" },
+{ NULL, }
+};
+
+int iface_nss_memorycache_InvalidateGroupById_finish(struct sbus_request *req)
+{
+ return sbus_request_return_and_finish(req,
+ DBUS_TYPE_INVALID);
+}
+
/* methods for org.freedesktop.sssd.nss.MemoryCache */
const struct sbus_method_meta iface_nss_memorycache__methods[] = {
{
@@ -74,6 +89,13 @@ const struct sbus_method_meta iface_nss_memorycache__methods[] = {
offsetof(struct iface_nss_memorycache, InvalidateAllInitgroups),
NULL, /* no invoker */
},
+{
+"InvalidateGroupById", /* name */
+iface_nss_memorycache_InvalidateGroupById__in,
+NULL, /* no out_args */
+offsetof(struct iface_nss_memorycache, InvalidateGroupById),
+invoke_u_method,
+},
{ NULL, }
};
@@ -86,6 +108,22 @@ const struct sbus_interface_meta iface_nss_memorycache_meta = {
sbus_invoke_get_all, /* GetAll invoker */
};
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr)
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From cbccc1a1b89e996e375d59be445a09d1eb1a36ed Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Fri, 16 Feb 2018 13:55:53 +0100
Subject: [PATCH 01/15] NSS: Add InvalidateGroupById handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are some situations where, from the backend, the NSS responder
will have to be notified to invalidate a group.
In order to achieve this in a clean way, let's add the
InvalidateGroupById handler and make use of it later in this very same
series.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/responder/nss/nss_iface.c | 16 ++
src/responder/nss/nss_iface.xml | 3 +++
src/responder/nss/nss_iface_generated.c | 38 +
src/responder/nss/nss_iface_generated.h | 5 +
4 files changed, 62 insertions(+)
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
index 415af9550..805e4fcdf 100644
--- a/src/responder/nss/nss_iface.c
+++ b/src/responder/nss/nss_iface.c
@@ -199,12 +199,28 @@ int nss_memorycache_update_initgroups(struct sbus_request *sbus_req,
return iface_nss_memorycache_UpdateInitgroups_finish(sbus_req);
}
+int nss_memorycache_invalidate_group_by_id(struct sbus_request *sbus_req,
+ void *data,
+ gid_t gid)
+{
+struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
+struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
+
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Invalidating group %"PRIu32" from memory cache\n", gid);
+
+sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid);
+
+return iface_nss_memorycache_InvalidateGroupById_finish(sbus_req);
+}
+
struct iface_nss_memorycache iface_nss_memorycache = {
{ &iface_nss_memorycache_meta, 0 },
.UpdateInitgroups = nss_memorycache_update_initgroups,
.InvalidateAllUsers = nss_memorycache_invalidate_users,
.InvalidateAllGroups = nss_memorycache_invalidate_groups,
.InvalidateAllInitgroups = nss_memorycache_invalidate_initgroups,
+.InvalidateGroupById = nss_memorycache_invalidate_group_by_id,
};
static struct sbus_iface_map iface_map[] = {
diff --git a/src/responder/nss/nss_iface.xml b/src/responder/nss/nss_iface.xml
index 27aae0197..4d8cf14f9 100644
--- a/src/responder/nss/nss_iface.xml
+++ b/src/responder/nss/nss_iface.xml
@@ -14,5 +14,8 @@
+
+
+
diff --git a/src/responder/nss/nss_iface_generated.c b/src/responder/nss/nss_iface_generated.c
index 4a8b704da..8d5a4584b 100644
--- a/src/responder/nss/nss_iface_generated.c
+++ b/src/responder/nss/nss_iface_generated.c
@@ -12,6 +12,9 @@
/* invokes a handler with a 'ssau' DBus signature */
static int invoke_ssau_method(struct sbus_request *dbus_req, void *function_ptr);
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr);
+
/* arguments for org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups */
const struct sbus_arg_meta iface_nss_memorycache_UpdateInitgroups__in[] = {
{ "user", "s" },
@@ -44,6 +47,18 @@ int iface_nss_memorycache_InvalidateAllInitgroups_finish(struct sbus_request *re
DBUS_TYPE_INVALID);
}
+/* arguments for org.freedesktop.sssd.nss.MemoryCache.InvalidateGroupById */
+const struct sbus_arg_meta iface_nss_memorycache_InvalidateGroupById__in[] = {
+{ "gid", "u" },
+{ NULL, }
+};
+
+int iface_nss_memorycache_InvalidateGroupById_finish(struct sbus_request *req)
+{
+ return sbus_request_return_and_finish(req,
+ DBUS_TYPE_INVALID);
+}
+
/* methods for org.freedesktop.sssd.nss.MemoryCache */
const struct sbus_method_meta iface_nss_memorycache__methods[] = {
{
@@ -74,6 +89,13 @@ const struct sbus_method_meta iface_nss_memorycache__methods[] = {
offsetof(struct iface_nss_memorycache, InvalidateAllInitgroups),
NULL, /* no invoker */
},
+{
+"InvalidateGroupById", /* name */
+iface_nss_memorycache_InvalidateGroupById__in,
+NULL, /* no out_args */
+offsetof(struct iface_nss_memorycache, InvalidateGroupById),
+invoke_u_method,
+},
{ NULL, }
};
@@ -86,6 +108,22 @@ const struct sbus_interface_meta iface_nss_memorycache_meta = {
sbus_invoke_get_all, /* GetAll invoker */
};
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 36b52887d4b9028a7315790addf7a4432aa56c1d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Fri, 16 Feb 2018 13:55:53 +0100
Subject: [PATCH 01/15] NSS: Add InvalidateGroupById handler
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
There are some situations where, from the backend, the NSS responder
will have to be notified to invalidate a group.
In order to achieve this in a clean way, let's add the
InvalidateGroupById handler and make use of it later in this very same
series.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/responder/nss/nss_iface.c | 16 ++
src/responder/nss/nss_iface.xml | 3 +++
src/responder/nss/nss_iface_generated.c | 38 +
src/responder/nss/nss_iface_generated.h | 5 +
4 files changed, 62 insertions(+)
diff --git a/src/responder/nss/nss_iface.c b/src/responder/nss/nss_iface.c
index 415af9550..805e4fcdf 100644
--- a/src/responder/nss/nss_iface.c
+++ b/src/responder/nss/nss_iface.c
@@ -199,12 +199,28 @@ int nss_memorycache_update_initgroups(struct sbus_request *sbus_req,
return iface_nss_memorycache_UpdateInitgroups_finish(sbus_req);
}
+int nss_memorycache_invalidate_group_by_id(struct sbus_request *sbus_req,
+ void *data,
+ gid_t gid)
+{
+struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
+struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
+
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Invalidating group %"PRIu32" from memory cache\n", gid);
+
+sss_mmap_cache_gr_invalidate_gid(nctx->grp_mc_ctx, gid);
+
+return iface_nss_memorycache_InvalidateGroupById_finish(sbus_req);
+}
+
struct iface_nss_memorycache iface_nss_memorycache = {
{ &iface_nss_memorycache_meta, 0 },
.UpdateInitgroups = nss_memorycache_update_initgroups,
.InvalidateAllUsers = nss_memorycache_invalidate_users,
.InvalidateAllGroups = nss_memorycache_invalidate_groups,
.InvalidateAllInitgroups = nss_memorycache_invalidate_initgroups,
+.InvalidateGroupById = nss_memorycache_invalidate_group_by_id,
};
static struct sbus_iface_map iface_map[] = {
diff --git a/src/responder/nss/nss_iface.xml b/src/responder/nss/nss_iface.xml
index 27aae0197..4d8cf14f9 100644
--- a/src/responder/nss/nss_iface.xml
+++ b/src/responder/nss/nss_iface.xml
@@ -14,5 +14,8 @@
+
+
+
diff --git a/src/responder/nss/nss_iface_generated.c b/src/responder/nss/nss_iface_generated.c
index 4a8b704da..8d5a4584b 100644
--- a/src/responder/nss/nss_iface_generated.c
+++ b/src/responder/nss/nss_iface_generated.c
@@ -12,6 +12,9 @@
/* invokes a handler with a 'ssau' DBus signature */
static int invoke_ssau_method(struct sbus_request *dbus_req, void *function_ptr);
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr);
+
/* arguments for org.freedesktop.sssd.nss.MemoryCache.UpdateInitgroups */
const struct sbus_arg_meta iface_nss_memorycache_UpdateInitgroups__in[] = {
{ "user", "s" },
@@ -44,6 +47,18 @@ int iface_nss_memorycache_InvalidateAllInitgroups_finish(struct sbus_request *re
DBUS_TYPE_INVALID);
}
+/* arguments for org.freedesktop.sssd.nss.MemoryCache.InvalidateGroupById */
+const struct sbus_arg_meta iface_nss_memorycache_InvalidateGroupById__in[] = {
+{ "gid", "u" },
+{ NULL, }
+};
+
+int iface_nss_memorycache_InvalidateGroupById_finish(struct sbus_request *req)
+{
+ return sbus_request_return_and_finish(req,
+ DBUS_TYPE_INVALID);
+}
+
/* methods for org.freedesktop.sssd.nss.MemoryCache */
const struct sbus_method_meta iface_nss_memorycache__methods[] = {
{
@@ -74,6 +89,13 @@ const struct sbus_method_meta iface_nss_memorycache__methods[] = {
offsetof(struct iface_nss_memorycache, InvalidateAllInitgroups),
NULL, /* no invoker */
},
+{
+"InvalidateGroupById", /* name */
+iface_nss_memorycache_InvalidateGroupById__in,
+NULL, /* no out_args */
+offsetof(struct iface_nss_memorycache, InvalidateGroupById),
+invoke_u_method,
+},
{ NULL, }
};
@@ -86,6 +108,22 @@ const struct sbus_interface_meta iface_nss_memorycache_meta = {
sbus_invoke_get_all, /* GetAll invoker */
};
+/* invokes a handler with a 'u' DBus signature */
+static int invoke_u_method(struct sbus_request *dbus_req, void *function_ptr
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 177ee2072ad328011f0bc7ff5903e89cf62deeac Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 1/2] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_group(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
It's important to note that the new approach only happens in case the new
added group has the same sid, uuid or original dn than the group already
added to the cache. In case it doesn't happen, the previous behavior is
preserved.
Resolves:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 4cfef6823..765dc389e 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2289,12 +2289,42 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
TALLOC_CTX *tmp_ctx;
int ret;
struct sysdb_attrs *attrs;
+struct ldb_message *msg;
+const char *previous = NULL;
+const char *group_attrs[] = { SYSDB_SID_STR, SYSDB_UUID, SYSDB_ORIG_DN, NULL };
+const char *values[] = { sid_str, uuid, original_dn, NULL };
+bool same = false;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, group_attrs, &msg);
+if (ret != ENOENT) {
+for (int i = 0; !same && group_attrs[i] != NULL; i++) {
+previous = ldb_msg_find_attr_as_string(msg,
+ group_attrs[i],
+ NULL);
+if (previous != NULL && values[i] != NULL) {
+same = strcmp(previous, values[i]) == 0;
+} else if (previous == NULL && values[i] == NULL) {
+same = true;
+} else {
+same = false;
+}
+}
+}
+
+if (same) {
+ret = sysdb_delete_group(domain, NULL, gid);
+if (ret != EOK) {
+DEBUG(SSSDBG_MINOR_FAILURE,
+"sysdb_delete_group() failed [%d]: %s\n",
+ret, sss_strerror(ret));
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From d540d7ad1a15a876a1a2336868f1d93ded56018e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 2/2] TESTS: Add sysdb test for renaming incomplete groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The test added also test the negative case, when a group has been added
but it has a different sid, uuid and original dn, which results in an
EEXIST return.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/tests/sysdb-tests.c | 68 +
1 file changed, 68 insertions(+)
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 63572e067..0130a428d 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -989,6 +989,71 @@ START_TEST (test_sysdb_add_incomplete_group)
}
END_TEST
+START_TEST (test_sysdb_rename_incomplete_group)
+{
+struct sysdb_test_ctx *test_ctx;
+struct test_data *data;
+int ret;
+struct ldb_message *msg = NULL;
+const char *old_fqdn_groupname;
+const char *stored_fqdn_groupname;
+char *new_groupname;
+
+/* Setup */
+ret = setup_sysdb_tests(&test_ctx);
+if (ret != EOK) {
+fail("Could not set up the test");
+return;
+}
+
+data = test_data_new_group(test_ctx, _i);
+fail_if(data == NULL);
+
+/* "Rename" the already added incomplete group by adding
+ * the very same group with a different name. */
+old_fqdn_groupname = data->groupname;
+new_groupname = talloc_asprintf(data, "foo%d", _i);
+fail_if(new_groupname == NULL, "talloc_asprintf() failed\n");
+data->groupname = sss_create_internal_fqname(test_ctx,
+ new_groupname,
+ test_ctx->domain->name);
+
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From acb48b4869328dcb99d59eec5cdcf2832e25c5f9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 1/2] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_group(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
It's important to note that the new approach only happens in case the new
added group has the same sid, uuid or original dn than the group already
added to the cache. In case it doesn't happen, the previous behavior is
preserved.
Resolves:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 7ca6575ce..891e9ec24 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2289,12 +2289,42 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
TALLOC_CTX *tmp_ctx;
int ret;
struct sysdb_attrs *attrs;
+struct ldb_message *msg;
+const char *previous = NULL;
+const char *group_attrs[] = { SYSDB_SID_STR, SYSDB_UUID, SYSDB_ORIG_DN, NULL };
+const char *values[] = { sid_str, uuid, original_dn, NULL };
+bool same = false;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+for (int i = 0; !same && group_attrs[i] != NULL; i++) {
+previous = ldb_msg_find_attr_as_string(msg,
+ group_attrs[i],
+ NULL);
+if (previous != NULL && values[i] != NULL) {
+same = strcmp(previous, values[i]) == 0;
+} else if (previous == NULL && values[i] == NULL) {
+same = true;
+} else {
+same = false;
+}
+}
+}
+
+if (same) {
+ret = sysdb_delete_group(domain, NULL, gid);
+if (ret != EOK) {
+DEBUG(SSSDBG_MINOR_FAILURE,
+"sysdb_delete_group() failed [%d]: %s\n",
+ret, sss_strerror(ret));
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From 9d7b70edc534ad96a06c0156b853f412d9aa8924 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 2/2] TESTS: Add sysdb test for renaming incomplete groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The test added also test the negative case, when a group has been added
but it has a different sid, uuid and original dn, which results in an
EEXIST return.
Related:
https://pagure.io/SSSD/sssd/issue/2653
Signed-off-by: Fabiano Fidêncio
---
src/tests/sysdb-tests.c | 68 +
1 file changed, 68 insertions(+)
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index c186ed2fb..3b30b6788 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -989,6 +989,71 @@ START_TEST (test_sysdb_add_incomplete_group)
}
END_TEST
+START_TEST (test_sysdb_rename_incomplete_group)
+{
+struct sysdb_test_ctx *test_ctx;
+struct test_data *data;
+int ret;
+struct ldb_message *msg = NULL;
+const char *old_fqdn_groupname;
+const char *stored_fqdn_groupname;
+char *new_groupname;
+
+/* Setup */
+ret = setup_sysdb_tests(&test_ctx);
+if (ret != EOK) {
+fail("Could not set up the test");
+return;
+}
+
+data = test_data_new_group(test_ctx, _i);
+fail_if(data == NULL);
+
+/* "Rename" the already added incomplete group by adding
+ * the very same group with a different name. */
+old_fqdn_groupname = data->groupname;
+new_groupname = talloc_asprintf(data, "foo%d", _i);
+fail_if(new_groupname == NULL, "talloc_asprintf() failed\n");
+data->groupname = sss_create_internal_fqname(test_ctx,
+ new_groupname,
+ test_ctx->domain->name);
+fail_i
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From e482e958e501feea9cbb68953dec1a60759bd05d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 1/2] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_group(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
It's important to note that the new approach only happens in case the new
added group has the same sid, uuid or original dn than the group already
added to the cache. In case it doesn't happen, the previous behavior is
preserved.
Resolves:
https://pagure.io/SSSD/sssd/issue/3202
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 30 ++
1 file changed, 30 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 7ca6575ce..891e9ec24 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2289,12 +2289,42 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
TALLOC_CTX *tmp_ctx;
int ret;
struct sysdb_attrs *attrs;
+struct ldb_message *msg;
+const char *previous = NULL;
+const char *group_attrs[] = { SYSDB_SID_STR, SYSDB_UUID, SYSDB_ORIG_DN, NULL };
+const char *values[] = { sid_str, uuid, original_dn, NULL };
+bool same = false;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+for (int i = 0; !same && group_attrs[i] != NULL; i++) {
+previous = ldb_msg_find_attr_as_string(msg,
+ group_attrs[i],
+ NULL);
+if (previous != NULL && values[i] != NULL) {
+same = strcmp(previous, values[i]) == 0;
+} else if (previous == NULL && values[i] == NULL) {
+same = true;
+} else {
+same = false;
+}
+}
+}
+
+if (same) {
+ret = sysdb_delete_group(domain, NULL, gid);
+if (ret != EOK) {
+DEBUG(SSSDBG_MINOR_FAILURE,
+"sysdb_delete_group() failed [%d]: %s\n",
+ret, sss_strerror(ret));
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From 38532d4fa9c336a851ef7f75516aa8b13f80d83b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 2/2] TESTS: Add sysdb test for renaming incomplete groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The test added also test the negative case, when a group has been added
but it has a different sid, uuid and original dn, which results in an
EEXIST return.
Related:
https://pagure.io/SSSD/sssd/issue/3202
Signed-off-by: Fabiano Fidêncio
---
src/tests/sysdb-tests.c | 68 +
1 file changed, 68 insertions(+)
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index c186ed2fb..3b30b6788 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -989,6 +989,71 @@ START_TEST (test_sysdb_add_incomplete_group)
}
END_TEST
+START_TEST (test_sysdb_rename_incomplete_group)
+{
+struct sysdb_test_ctx *test_ctx;
+struct test_data *data;
+int ret;
+struct ldb_message *msg = NULL;
+const char *old_fqdn_groupname;
+const char *stored_fqdn_groupname;
+char *new_groupname;
+
+/* Setup */
+ret = setup_sysdb_tests(&test_ctx);
+if (ret != EOK) {
+fail("Could not set up the test");
+return;
+}
+
+data = test_data_new_group(test_ctx, _i);
+fail_if(data == NULL);
+
+/* "Rename" the already added incomplete group by adding
+ * the very same group with a different name. */
+old_fqdn_groupname = data->groupname;
+new_groupname = talloc_asprintf(data, "foo%d", _i);
+fail_if(new_groupname == NULL, "talloc_asprintf() failed\n");
+data->groupname = sss_create_internal_fqname(test_ctx,
+ new_groupname,
+ test_ctx->domain->name);
+fail_i
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 138ac13459da69f6c48d17d9f7c639998a7f9c99 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 1/2] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_group(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
It's important to note that the new approach only happens in case the new
added group has the same sid, uuid or original dn than the group already
added to the cache. In case it doesn't happen, the previous behavior is
preserved.
Resolves:
https://pagure.io/SSSD/sssd/issue/3202
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 50 ++
1 file changed, 50 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 7ca6575ce..f56347387 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2289,12 +2289,62 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
TALLOC_CTX *tmp_ctx;
int ret;
struct sysdb_attrs *attrs;
+struct ldb_message *msg;
+const char *previous_sid_str = NULL;
+const char *previous_uuid = NULL;
+const char *previous_original_dn = NULL;
+bool same_sid_str = false;
+bool same_uuid = false;
+bool same_original_dn = false;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+previous_sid_str = ldb_msg_find_attr_as_string(msg,
+ SYSDB_SID_STR,
+ NULL);
+if (previous_sid_str != NULL && sid_str != NULL) {
+same_sid_str = strcmp(previous_sid_str, sid_str) == 0;
+} else if (previous_sid_str == NULL && sid_str == NULL) {
+same_sid_str = true;
+} else {
+same_sid_str = false;
+}
+
+previous_uuid = ldb_msg_find_attr_as_string(msg, SYSDB_UUID, NULL);
+if (previous_uuid != NULL && uuid != NULL) {
+same_uuid = strcmp(previous_uuid, uuid) == 0;
+} else if (previous_uuid == NULL && uuid == NULL) {
+same_uuid = true;
+} else {
+same_uuid = false;
+}
+
+previous_original_dn = ldb_msg_find_attr_as_string(msg,
+ SYSDB_ORIG_DN,
+ NULL);
+if (previous_original_dn != NULL && original_dn != NULL) {
+same_original_dn = strcmp(previous_original_dn, original_dn) == 0;
+} else if (previous_original_dn == NULL && original_dn == NULL) {
+same_original_dn = true;
+} else {
+same_original_dn = false;
+}
+
+if (same_sid_str || same_uuid || same_original_dn) {
+ret = sysdb_delete_group(domain, NULL, gid);
+if (ret != EOK) {
+DEBUG(SSSDBG_MINOR_FAILURE,
+ "sysdb_delete_group() failed [%d]: %s\n",
+ ret, sss_strerror(ret));
+}
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From 24e5381cd56f32afc556f881f45832b76f3bd1a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 2/2] TESTS: Add sysdb test for renaming incomplete groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The test added also test the negative case, when a group has been added
but it has a different sid, uuid and original dn, which results in an
EEXIST return.
Related:
https://pagure.io/SSSD/sssd/issue/3202
Signed-off-by: Fabiano Fidêncio
---
src/tests/sysdb-tests.c | 68 +
1 file changed, 68 insertions(+)
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index c186ed2fb..3b30b6788 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -989,6 +989,71 @@ START_TEST (test_sysdb_add_incomplete_group)
}
END_TEST
+START_TEST (test_sysdb_rename_incomplete_group)
+{
+stru
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 8417fd90b386f167ed4075b9b1ffce4eaea2ac6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:39:22 +0100
Subject: [PATCH 1/5] SYSDB_OPS: Add a function to check if a group gid is
unique
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code has already been utilized sysdb_add_group() and now got split
into a new function in order to be re-utilized wherever is needed.
Related:
https://pagure.io/SSSD/sssd/issue/3202
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 53 ++---
1 file changed, 38 insertions(+), 15 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 47f878f..2184749 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2048,6 +2048,41 @@ int sysdb_add_basic_group(struct sss_domain_info *domain,
/* =Add-Group-Function */
+static int check_group_gid_is_unique(struct sss_domain_info *domain,
+ gid_t gid)
+{
+TALLOC_CTX *tmp_ctx;
+struct ldb_message *msg = NULL;
+int ret;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+/* check no other groups with the same gid exist */
+if (gid != 0) {
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+if (ret == EOK) {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Group with the same gid exists: [%"SPRIgid"].\n", gid);
+ret = EEXIST;
+} else {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "sysdb_search_group_by_gid failed for gid: "
+ "[%"SPRIgid"].\n", gid);
+}
+goto done;
+}
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
int sysdb_add_group(struct sss_domain_info *domain,
const char *name, gid_t gid,
struct sysdb_attrs *attrs,
@@ -2100,21 +2135,9 @@ int sysdb_add_group(struct sss_domain_info *domain,
}
}
-/* check no other groups with the same gid exist */
-if (gid != 0) {
-ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
-if (ret != ENOENT) {
-if (ret == EOK) {
-DEBUG(SSSDBG_TRACE_LIBS,
- "Group with the same gid exists: [%"SPRIgid"].\n", gid);
-ret = EEXIST;
-} else {
-DEBUG(SSSDBG_TRACE_LIBS,
- "sysdb_search_group_by_gid failed for gid: "
- "[%"SPRIgid"].\n", gid);
-}
-goto done;
-}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+goto done;
}
/* try to add the group */
From 25e5d4df8e74a9fbf91b344872cfdd9e23a1f387 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 2/5] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_groupp(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
Resolves:
https://pagure.io/SSSD/sssd/issue/3202
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 2184749..4d36507 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2246,6 +2246,15 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
return ENOMEM;
}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+if (ret == EEXIST) {
+sysdb_delete_group(domain, NULL, gid);
+} else {
+goto done;
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From 786dea05f5bd6822a1e26f405f8adbd25c710694 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 3/5] TESTS: Add sysdb test for renaming incomplete groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Related:
https:
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 57527466853506d80e688acaf9f8815c7ef7add6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:39:22 +0100
Subject: [PATCH 1/5] SYSDB_OPS: Add a function to check if a group gid is
unique
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code has already been utilized sysdb_add_group() and now got split
into a new function in order to be re-utilized wherever is needed.
Related:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 53 ++---
1 file changed, 38 insertions(+), 15 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 7f6c127..fb200c6 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2042,6 +2042,41 @@ int sysdb_add_basic_group(struct sss_domain_info *domain,
/* =Add-Group-Function */
+static int check_group_gid_is_unique(struct sss_domain_info *domain,
+ gid_t gid)
+{
+TALLOC_CTX *tmp_ctx;
+struct ldb_message *msg = NULL;
+int ret;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+/* check no other groups with the same gid exist */
+if (gid != 0) {
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+if (ret == EOK) {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Group with the same gid exists: [%"SPRIgid"].\n", gid);
+ret = EEXIST;
+} else {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "sysdb_search_group_by_gid failed for gid: "
+ "[%"SPRIgid"].\n", gid);
+}
+goto done;
+}
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
int sysdb_add_group(struct sss_domain_info *domain,
const char *name, gid_t gid,
struct sysdb_attrs *attrs,
@@ -2094,21 +2129,9 @@ int sysdb_add_group(struct sss_domain_info *domain,
}
}
-/* check no other groups with the same gid exist */
-if (gid != 0) {
-ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
-if (ret != ENOENT) {
-if (ret == EOK) {
-DEBUG(SSSDBG_TRACE_LIBS,
- "Group with the same gid exists: [%"SPRIgid"].\n", gid);
-ret = EEXIST;
-} else {
-DEBUG(SSSDBG_TRACE_LIBS,
- "sysdb_search_group_by_gid failed for gid: "
- "[%"SPRIgid"].\n", gid);
-}
-goto done;
-}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+goto done;
}
/* try to add the group */
From ab60093477290d134d8a1f35e59db763280456e7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 2/5] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_groupp(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
Resolves:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index fb200c6..8ee5b79 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2240,6 +2240,15 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
return ENOMEM;
}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+if (ret == EEXIST) {
+sysdb_delete_group(domain, NULL, gid);
+} else {
+goto done;
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From e4ced22cb0f1bbe9e9b7da13a7c3107444e4c206 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 3/5] TESTS: Add sysdb test for renaming incomplete groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Related:
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 2589ad216464e10cf63fed5b41e4d1823e3f7f81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:39:22 +0100
Subject: [PATCH 1/3] SYSDB_OPS: Add a function to check if a group gid is
unique
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code has already been utilized sysdb_add_group() and now got split
into a new function in order to be re-utilized wherever is needed.
Related:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 53 ++---
1 file changed, 38 insertions(+), 15 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 77e4c1a..214441c 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2041,6 +2041,41 @@ int sysdb_add_basic_group(struct sss_domain_info *domain,
/* =Add-Group-Function */
+static int check_group_gid_is_unique(struct sss_domain_info *domain,
+ gid_t gid)
+{
+TALLOC_CTX *tmp_ctx;
+struct ldb_message *msg = NULL;
+int ret;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+/* check no other groups with the same gid exist */
+if (gid != 0) {
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+if (ret == EOK) {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Group with the same gid exists: [%"SPRIgid"].\n", gid);
+ret = EEXIST;
+} else {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "sysdb_search_group_by_gid failed for gid: "
+ "[%"SPRIgid"].\n", gid);
+}
+goto done;
+}
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
int sysdb_add_group(struct sss_domain_info *domain,
const char *name, gid_t gid,
struct sysdb_attrs *attrs,
@@ -2093,21 +2128,9 @@ int sysdb_add_group(struct sss_domain_info *domain,
}
}
-/* check no other groups with the same gid exist */
-if (gid != 0) {
-ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
-if (ret != ENOENT) {
-if (ret == EOK) {
-DEBUG(SSSDBG_TRACE_LIBS,
- "Group with the same gid exists: [%"SPRIgid"].\n", gid);
-ret = EEXIST;
-} else {
-DEBUG(SSSDBG_TRACE_LIBS,
- "sysdb_search_group_by_gid failed for gid: "
- "[%"SPRIgid"].\n", gid);
-}
-goto done;
-}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+goto done;
}
/* try to add the group */
From 91bcaecd76e367f20e8da1480f483848236830c7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 2/3] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_groupp(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
Resolves:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 214441c..e985217 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2239,6 +2239,15 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
return ENOMEM;
}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+if (ret == EEXIST) {
+sysdb_delete_group(domain, NULL, gid);
+} else {
+goto done;
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From 984cf33775f551cba1faf1ffb4ab2581978f6314 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 3/3] TESTS: Add sysdb test for renaming incomplete groups
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Related:
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From 790d5d9c26c7453234f5a98f3df90648dc23bcd0 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:39:22 +0100
Subject: [PATCH 1/3] SYSDB_OPS: Add a function to check if a group gid is
unique
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code has already been utilized sysdb_add_group() and now got split
into a new function in order to be re-utilized wherever is needed.
Related:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 53 ++---
1 file changed, 38 insertions(+), 15 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index cfa1586..b06ed4d 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2041,6 +2041,41 @@ int sysdb_add_basic_group(struct sss_domain_info *domain,
/* =Add-Group-Function */
+static int check_group_gid_is_unique(struct sss_domain_info *domain,
+ gid_t gid)
+{
+TALLOC_CTX *tmp_ctx;
+struct ldb_message *msg = NULL;
+int ret;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+/* check no other groups with the same gid exist */
+if (gid != 0) {
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+if (ret == EOK) {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Group with the same gid exists: [%"SPRIgid"].\n", gid);
+ret = EEXIST;
+} else {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "sysdb_search_group_by_gid failed for gid: "
+ "[%"SPRIgid"].\n", gid);
+}
+goto done;
+}
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
int sysdb_add_group(struct sss_domain_info *domain,
const char *name, gid_t gid,
struct sysdb_attrs *attrs,
@@ -2093,21 +2128,9 @@ int sysdb_add_group(struct sss_domain_info *domain,
}
}
-/* check no other groups with the same gid exist */
-if (gid != 0) {
-ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
-if (ret != ENOENT) {
-if (ret == EOK) {
-DEBUG(SSSDBG_TRACE_LIBS,
- "Group with the same gid exists: [%"SPRIgid"].\n", gid);
-ret = EEXIST;
-} else {
-DEBUG(SSSDBG_TRACE_LIBS,
- "sysdb_search_group_by_gid failed for gid: "
- "[%"SPRIgid"].\n", gid);
-}
-goto done;
-}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+goto done;
}
/* try to add the group */
From f9e76d2e5744dda844bef40ba5f1320cf87a5399 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 2/3] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_groupp(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
Resolves:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index b06ed4d..4b4b748 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2239,6 +2239,15 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
return ENOMEM;
}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+if (ret == EEXIST) {
+sysdb_delete_group(domain, NULL, gid);
+} else {
+goto done;
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
From 990b813358bad4549ec170115c157f69a69dd06d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Mon, 23 Jan 2017 17:49:20 +0100
Subject: [PATCH 3/3] TESTS: Add sysdb test for renaming incomplete groups
Related:
https://fedorahosted.org/sssd/ticket/3282
---
src/tests/sysdb-tests.c | 50 ++
[SSSD] [sssd PR#128][synchronized] Fix group renaming issue when "id_provider = ldap" is set
URL: https://github.com/SSSD/sssd/pull/128
Author: fidencio
Title: #128: Fix group renaming issue when "id_provider = ldap" is set
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/128/head:pr128
git checkout pr128
From f57ca4cc6201ff997ad42e80fc033b07bff32fc4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:39:22 +0100
Subject: [PATCH 1/2] SYSDB_OPS: Add a function to check if a group gid is
unique
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The code has already been utilized sysdb_add_group() and now got split
into a new function in order to be re-utilized wherever is needed.
Related:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 53 ++---
1 file changed, 38 insertions(+), 15 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index cfa1586..b06ed4d 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2041,6 +2041,41 @@ int sysdb_add_basic_group(struct sss_domain_info *domain,
/* =Add-Group-Function */
+static int check_group_gid_is_unique(struct sss_domain_info *domain,
+ gid_t gid)
+{
+TALLOC_CTX *tmp_ctx;
+struct ldb_message *msg = NULL;
+int ret;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+/* check no other groups with the same gid exist */
+if (gid != 0) {
+ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
+if (ret != ENOENT) {
+if (ret == EOK) {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "Group with the same gid exists: [%"SPRIgid"].\n", gid);
+ret = EEXIST;
+} else {
+DEBUG(SSSDBG_TRACE_LIBS,
+ "sysdb_search_group_by_gid failed for gid: "
+ "[%"SPRIgid"].\n", gid);
+}
+goto done;
+}
+}
+
+ret = EOK;
+
+done:
+return ret;
+}
+
int sysdb_add_group(struct sss_domain_info *domain,
const char *name, gid_t gid,
struct sysdb_attrs *attrs,
@@ -2093,21 +2128,9 @@ int sysdb_add_group(struct sss_domain_info *domain,
}
}
-/* check no other groups with the same gid exist */
-if (gid != 0) {
-ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
-if (ret != ENOENT) {
-if (ret == EOK) {
-DEBUG(SSSDBG_TRACE_LIBS,
- "Group with the same gid exists: [%"SPRIgid"].\n", gid);
-ret = EEXIST;
-} else {
-DEBUG(SSSDBG_TRACE_LIBS,
- "sysdb_search_group_by_gid failed for gid: "
- "[%"SPRIgid"].\n", gid);
-}
-goto done;
-}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+goto done;
}
/* try to add the group */
From bec65863b82697982e0c435b2c7a230a69971d7d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?=
Date: Wed, 18 Jan 2017 16:43:52 +0100
Subject: [PATCH 2/2] SYSDB_OPS: Avoid adding incomplete groups with duplicated
GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
This situation can be hit when renaming a group. Without this patch, the
renamed group would be added to the cache while the old entry would be
there as well, causing some issues like not showing the groupname when
calling `groups user`.
Now, we take the a similar approach taken by sysdb_add_groupp(), checking
whether the group gid already exists and then deleting the old entry
before adding the new one.
Resolves:
https://fedorahosted.org/sssd/ticket/3282
Signed-off-by: Fabiano Fidêncio
---
src/db/sysdb_ops.c | 9 +
1 file changed, 9 insertions(+)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index b06ed4d..4b4b748 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2239,6 +2239,15 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
return ENOMEM;
}
+ret = check_group_gid_is_unique(domain, gid);
+if (ret != EOK) {
+if (ret == EEXIST) {
+sysdb_delete_group(domain, NULL, gid);
+} else {
+goto done;
+}
+}
+
/* try to add the group */
ret = sysdb_add_basic_group(domain, name, gid);
if (ret) goto done;
___
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
