[SSSD] [sssd PR#943][synchronized] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943
Author: elkoniu
Title: #943: files_ops: Fix cached password remove
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/943/head:pr943
git checkout pr943
From 383fdbea326a887450de537d2ea05dd603b2ed68 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?=
Date: Thu, 14 Nov 2019 01:46:27 +
Subject: [PATCH 1/2] files_ops: Fix cached password remove
When SSSD daemon will detect refresh of password (group) file
it will delete all cached users (groups) data.
With this change cached data will be deleted only for non
existing users (groups).
Resolves:
https://pagure.io/SSSD/sssd/issue/3591
---
src/db/sysdb.h | 5 +
src/db/sysdb_ops.c | 108 -
src/providers/files/files_ops.c | 160 +++-
3 files changed, 267 insertions(+), 6 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 5660437772..faaa1fdc67 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -899,6 +899,11 @@ int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found);
+int sysdb_delete_recursive_with_whitelist(struct sysdb_ctx *sysdb,
+ struct ldb_dn *dn,
+ bool ignore_not_found,
+ const char **whitelist);
+
int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 1ba40b44f7..3c07acef81 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -233,13 +233,13 @@ int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
goto done;
}
-DEBUG(SSSDBG_TRACE_ALL, "Found [%zu] items to delete.\n", msgs_count);
+DEBUG(SSSDBG_TRACE_FUNC, "Found [%zu] items to delete.\n", msgs_count);
qsort(msgs, msgs_count,
sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
for (i = 0; i < msgs_count; i++) {
-DEBUG(SSSDBG_TRACE_ALL, "Trying to delete [%s].\n",
+DEBUG(SSSDBG_TRACE_FUNC, "Trying to delete [%s].\n",
ldb_dn_get_linearized(msgs[i]->dn));
ret = sysdb_delete_entry(sysdb, msgs[i]->dn, false);
@@ -259,6 +259,110 @@ int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
return ret;
}
+int sysdb_delete_recursive_with_whitelist(struct sysdb_ctx *sysdb,
+ struct ldb_dn *dn,
+ bool ignore_not_found,
+ const char **whitelist)
+{
+const char *no_attrs[] = { NULL };
+struct ldb_message **msgs;
+size_t msgs_count;
+int ret;
+bool name_on_whitelist = false;
+const char *linearized_record = NULL;
+char *name_start = NULL;
+const int NAME_MAX_LEN = 32 + 1;
+char name[NAME_MAX_LEN];
+TALLOC_CTX *tmp_ctx;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+ret = ldb_transaction_start(sysdb->ldb);
+if (ret) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
+/* Get all records using wildcard */
+ret = sysdb_search_entry(tmp_ctx, sysdb, dn,
+ LDB_SCOPE_SUBTREE, "(distinguishedName=*)",
+ no_attrs, &msgs_count, &msgs);
+if (ret) {
+if (ignore_not_found && ret == ENOENT) {
+ret = EOK;
+}
+if (ret) {
+DEBUG(SSSDBG_TRACE_FUNC, "Search error: %d (%s)\n",
+ ret, strerror(ret));
+}
+goto done;
+}
+
+DEBUG(SSSDBG_TRACE_FUNC, "Found [%zu] items to delete.\n", msgs_count);
+
+qsort(msgs, msgs_count,
+ sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
+
+/* Iterate over records found */
+for (int i = 0; i < msgs_count; i++) {
+linearized_record = ldb_dn_get_linearized(msgs[i]->dn);
+
+DEBUG(SSSDBG_TRACE_FUNC,
+ "Evaluating record [%s]\n",
+ linearized_record);
+
+name_on_whitelist = false;
+bzero(name, NAME_MAX_LEN);
+
+/* Extract name value from linearized dn record */
+name_start = strchr(linearized_record, '=') + sizeof(char);
+
+for (size_t k = 0; name_start[k] != '@' && k < NAME_MAX_LEN - 1; k++) {
+name[k] = name_start[k];
+}
+
+DEBUG(SSSDBG_TRACE_FUNC,
+ "Decoded name field: [%s]\n",
+ name);
+
+for (size_t k = 0; whitelist[k]; k++) {
+if (0 == strcmp(name, whitelist[k])) {
+name_on_whitelist = true;
+break;
+}
+}
+
[SSSD] [sssd PR#943][synchronized] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943
Author: elkoniu
Title: #943: files_ops: Fix cached password remove
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/943/head:pr943
git checkout pr943
From c08742bb662c777dbc5508b7c87ce75a126a9616 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?=
Date: Thu, 14 Nov 2019 01:46:27 +
Subject: [PATCH 1/2] files_ops: Fix cached password remove
When SSSD daemon will detect refresh of password (group) file
it will delete all cached users (groups) data.
With this change cached data will be deleted only for non
existing users (groups).
Resolves:
https://pagure.io/SSSD/sssd/issue/3591
---
src/db/sysdb.h | 5 +
src/db/sysdb_ops.c | 107 ++-
src/providers/files/files_ops.c | 176 +++-
3 files changed, 282 insertions(+), 6 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index e03c32d41d..45fff96914 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -898,6 +898,11 @@ int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found);
+int sysdb_delete_recursive_with_whitelist(struct sysdb_ctx *sysdb,
+ struct ldb_dn *dn,
+ bool ignore_not_found,
+ const char **whitelist);
+
int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index a108a7e60e..cb6cb6d2c3 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -233,13 +233,116 @@ int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
goto done;
}
-DEBUG(SSSDBG_TRACE_ALL, "Found [%zu] items to delete.\n", msgs_count);
+DEBUG(SSSDBG_TRACE_FUNC, "Found [%zu] items to delete.\n", msgs_count);
qsort(msgs, msgs_count,
sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
for (i = 0; i < msgs_count; i++) {
-DEBUG(SSSDBG_TRACE_ALL, "Trying to delete [%s].\n",
+DEBUG(SSSDBG_TRACE_FUNC, "Trying to delete [%s].\n",
+ ldb_dn_get_linearized(msgs[i]->dn));
+
+ret = sysdb_delete_entry(sysdb, msgs[i]->dn, false);
+if (ret) {
+goto done;
+}
+}
+
+done:
+if (ret == EOK) {
+ret = ldb_transaction_commit(sysdb->ldb);
+ret = sysdb_error_to_errno(ret);
+} else {
+ldb_transaction_cancel(sysdb->ldb);
+}
+talloc_free(tmp_ctx);
+return ret;
+}
+
+int sysdb_delete_recursive_with_whitelist(struct sysdb_ctx *sysdb,
+ struct ldb_dn *dn,
+ bool ignore_not_found,
+ const char **whitelist)
+{
+const char *no_attrs[] = { NULL };
+struct ldb_message **msgs;
+size_t msgs_count;
+int ret;
+bool name_on_whitelist = false;
+const char *linearized = NULL;
+char *name_start = NULL;
+const int NAME_MAX_LEN = 100;
+char name[NAME_MAX_LEN];
+TALLOC_CTX *tmp_ctx;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+ret = ldb_transaction_start(sysdb->ldb);
+if (ret) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
+/* Get all records using wildcard */
+ret = sysdb_search_entry(tmp_ctx, sysdb, dn,
+ LDB_SCOPE_SUBTREE, "(distinguishedName=*)",
+ no_attrs, &msgs_count, &msgs);
+if (ret) {
+if (ignore_not_found && ret == ENOENT) {
+ret = EOK;
+}
+if (ret) {
+DEBUG(SSSDBG_TRACE_FUNC, "Search error: %d (%s)\n",
+ ret, strerror(ret));
+}
+goto done;
+}
+
+DEBUG(SSSDBG_TRACE_LIBS, "Found [%zu] items to delete.\n", msgs_count);
+
+qsort(msgs, msgs_count,
+ sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
+
+/* Iterate over records found */
+for (int i = 0; i < msgs_count; i++) {
+DEBUG(SSSDBG_TRACE_FUNC,
+ "Evaluating record [%s]\n",
+ ldb_dn_get_linearized(msgs[i]->dn));
+
+name_on_whitelist = false;
+bzero(name, NAME_MAX_LEN);
+
+/* Extract name value from linearized dn record */
+linearized = ldb_dn_get_linearized(msgs[i]->dn);
+name_start = strchr(linearized, '=') + sizeof(char);
+
+for (size_t k = 0; name_start[k] != '@' && k < NAME_MAX_LEN - 1; k++) {
+name[k] = name_start[k];
+}
+
+DEBUG(SSSDBG_TRACE_FUNC,
+ "Decoded name field: [%s]\n",
+ name);
+
+for
[SSSD] [sssd PR#943][synchronized] files_ops: Fix cached password remove
URL: https://github.com/SSSD/sssd/pull/943
Author: elkoniu
Title: #943: files_ops: Fix cached password remove
Action: synchronized
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/943/head:pr943
git checkout pr943
From c08742bb662c777dbc5508b7c87ce75a126a9616 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pawe=C5=82=20Po=C5=82awski?=
Date: Thu, 14 Nov 2019 01:46:27 +
Subject: [PATCH] files_ops: Fix cached password remove
When SSSD daemon will detect refresh of password (group) file
it will delete all cached users (groups) data.
With this change cached data will be deleted only for non
existing users (groups).
Resolves:
https://pagure.io/SSSD/sssd/issue/3591
---
src/db/sysdb.h | 5 +
src/db/sysdb_ops.c | 107 ++-
src/providers/files/files_ops.c | 176 +++-
3 files changed, 282 insertions(+), 6 deletions(-)
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index e03c32d41d..45fff96914 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -898,6 +898,11 @@ int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found);
+int sysdb_delete_recursive_with_whitelist(struct sysdb_ctx *sysdb,
+ struct ldb_dn *dn,
+ bool ignore_not_found,
+ const char **whitelist);
+
int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index a108a7e60e..cb6cb6d2c3 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -233,13 +233,116 @@ int sysdb_delete_recursive_with_filter(struct sysdb_ctx *sysdb,
goto done;
}
-DEBUG(SSSDBG_TRACE_ALL, "Found [%zu] items to delete.\n", msgs_count);
+DEBUG(SSSDBG_TRACE_FUNC, "Found [%zu] items to delete.\n", msgs_count);
qsort(msgs, msgs_count,
sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
for (i = 0; i < msgs_count; i++) {
-DEBUG(SSSDBG_TRACE_ALL, "Trying to delete [%s].\n",
+DEBUG(SSSDBG_TRACE_FUNC, "Trying to delete [%s].\n",
+ ldb_dn_get_linearized(msgs[i]->dn));
+
+ret = sysdb_delete_entry(sysdb, msgs[i]->dn, false);
+if (ret) {
+goto done;
+}
+}
+
+done:
+if (ret == EOK) {
+ret = ldb_transaction_commit(sysdb->ldb);
+ret = sysdb_error_to_errno(ret);
+} else {
+ldb_transaction_cancel(sysdb->ldb);
+}
+talloc_free(tmp_ctx);
+return ret;
+}
+
+int sysdb_delete_recursive_with_whitelist(struct sysdb_ctx *sysdb,
+ struct ldb_dn *dn,
+ bool ignore_not_found,
+ const char **whitelist)
+{
+const char *no_attrs[] = { NULL };
+struct ldb_message **msgs;
+size_t msgs_count;
+int ret;
+bool name_on_whitelist = false;
+const char *linearized = NULL;
+char *name_start = NULL;
+const int NAME_MAX_LEN = 100;
+char name[NAME_MAX_LEN];
+TALLOC_CTX *tmp_ctx;
+
+tmp_ctx = talloc_new(NULL);
+if (!tmp_ctx) {
+return ENOMEM;
+}
+
+ret = ldb_transaction_start(sysdb->ldb);
+if (ret) {
+ret = sysdb_error_to_errno(ret);
+goto done;
+}
+
+/* Get all records using wildcard */
+ret = sysdb_search_entry(tmp_ctx, sysdb, dn,
+ LDB_SCOPE_SUBTREE, "(distinguishedName=*)",
+ no_attrs, &msgs_count, &msgs);
+if (ret) {
+if (ignore_not_found && ret == ENOENT) {
+ret = EOK;
+}
+if (ret) {
+DEBUG(SSSDBG_TRACE_FUNC, "Search error: %d (%s)\n",
+ ret, strerror(ret));
+}
+goto done;
+}
+
+DEBUG(SSSDBG_TRACE_LIBS, "Found [%zu] items to delete.\n", msgs_count);
+
+qsort(msgs, msgs_count,
+ sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
+
+/* Iterate over records found */
+for (int i = 0; i < msgs_count; i++) {
+DEBUG(SSSDBG_TRACE_FUNC,
+ "Evaluating record [%s]\n",
+ ldb_dn_get_linearized(msgs[i]->dn));
+
+name_on_whitelist = false;
+bzero(name, NAME_MAX_LEN);
+
+/* Extract name value from linearized dn record */
+linearized = ldb_dn_get_linearized(msgs[i]->dn);
+name_start = strchr(linearized, '=') + sizeof(char);
+
+for (size_t k = 0; name_start[k] != '@' && k < NAME_MAX_LEN - 1; k++) {
+name[k] = name_start[k];
+}
+
+DEBUG(SSSDBG_TRACE_FUNC,
+ "Decoded name field: [%s]\n",
+ name);
+
+for (si
