If all triplets of a netgroup are removed from LDAP server record, this change won't be projected to the sysdb and all triplets will remain there. The same situation will happen when removing all netgroup members.
This patch fixes these bugs and provides the possibility to fix similar issues elsewhere. https://fedorahosted.org/sssd/ticket/1136 Thanks Jan
From 270cc7b34d3efa0bf37ab95b647efd7a42483363 Mon Sep 17 00:00:00 2001 From: Jan Zeleny <jzel...@redhat.com> Date: Tue, 7 Feb 2012 09:50:40 -0500 Subject: [PATCH] Fixed updating netgroups in cache If all triplets of a netgroup are removed from LDAP server record, this change won't be projected to the sysdb and all triplets will remain there. The same situation will happen when removing all netgroup members. This patch fixes these bugs and provides the possibility to fix similar issues elsewhere. https://fedorahosted.org/sssd/ticket/1136 --- src/providers/ldap/sdap_async.c | 7 +++++++ src/providers/ldap/sdap_async.h | 9 +++++---- src/providers/ldap/sdap_async_groups.c | 4 ++-- src/providers/ldap/sdap_async_netgroups.c | 8 ++++---- src/providers/ldap/sdap_async_users.c | 6 +++--- 5 files changed, 21 insertions(+), 13 deletions(-) diff --git a/src/providers/ldap/sdap_async.c b/src/providers/ldap/sdap_async.c index 996a6716c27d8ee48820eb3eabd2aec2d5c16524..5e466d9d579fd31b6e4feea634852e493a1d1a7c 100644 --- a/src/providers/ldap/sdap_async.c +++ b/src/providers/ldap/sdap_async.c @@ -2125,6 +2125,7 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, const char *attr_desc, bool multivalued, + bool delete_if_empty, const char *name, struct sysdb_attrs *attrs) { @@ -2144,6 +2145,12 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, if (el->num_values == 0) { DEBUG(SSSDBG_TRACE_INTERNAL, ("%s is not available " "for [%s].\n", desc, objname)); + if (delete_if_empty) { + ret = sysdb_attrs_get_el(attrs, attr_name, &el); + if (ret != EOK) { + return ret; + } + } } else { num_values = multivalued ? el->num_values : 1; for (i = 0; i < num_values; i++) { diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 47d1014925932ae93c5c9d4c45b78d3babe394dd..ee075643ff49d4baad4b246273c02c5df87094dd 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -205,16 +205,17 @@ sdap_attrs_add_ldap_attr(struct sysdb_attrs *ldap_attrs, const char *attr_name, const char *attr_desc, bool multivalued, + bool delete_if_empty, const char *name, struct sysdb_attrs *attrs); -#define sdap_attrs_add_string(ldap_attrs, attr_name, attr_desc, name, attrs) \ +#define sdap_attrs_add_string(ldap_attrs, attr_name, attr_desc, del, name, attrs) \ sdap_attrs_add_ldap_attr(ldap_attrs, attr_name, attr_desc, \ - false, name, attrs) + false, del, name, attrs) -#define sdap_attrs_add_list(ldap_attrs, attr_name, attr_desc, name, attrs) \ +#define sdap_attrs_add_list(ldap_attrs, attr_name, attr_desc, del, name, attrs) \ sdap_attrs_add_ldap_attr(ldap_attrs, attr_name, attr_desc, \ - true, name, attrs) + true, del, name, attrs) errno_t sdap_save_all_names(const char *name, struct sysdb_attrs *ldap_attrs, diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index feb13db98bceb11098d3827e674dba8f94258f76..e6625e5ec48a7d2d8ad3a02817bba500018335f6 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -281,14 +281,14 @@ static int sdap_save_group(TALLOC_CTX *memctx, } ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN, "original DN", - name, group_attrs); + false, name, group_attrs); if (ret != EOK) { goto fail; } ret = sdap_attrs_add_string(attrs, opts->group_map[SDAP_AT_GROUP_MODSTAMP].sys_name, - "original mod-Timestamp", + "original mod-Timestamp", false, name, group_attrs); if (ret != EOK) { goto fail; diff --git a/src/providers/ldap/sdap_async_netgroups.c b/src/providers/ldap/sdap_async_netgroups.c index 37aa2f112d88834162135c29b8294af90898f922..6fe9127987dbe7e2d749beae5795cd835b4d7e94 100644 --- a/src/providers/ldap/sdap_async_netgroups.c +++ b/src/providers/ldap/sdap_async_netgroups.c @@ -67,7 +67,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, } ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN, - "original DN", + "original DN", false, name, netgroup_attrs); if (ret != EOK) { goto fail; @@ -98,7 +98,7 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, ret = sdap_attrs_add_list(attrs, opts->netgroup_map[SDAP_AT_NETGROUP_TRIPLE].sys_name, - "netgroup triple", + "netgroup triple", true, name, netgroup_attrs); if (ret != EOK) { goto fail; @@ -106,14 +106,14 @@ static errno_t sdap_save_netgroup(TALLOC_CTX *memctx, ret = sdap_attrs_add_list(attrs, opts->netgroup_map[SDAP_AT_NETGROUP_MEMBER].sys_name, - "original members", + "original members", true, name, netgroup_attrs); if (ret != EOK) { goto fail; } ret = sdap_attrs_add_list(attrs, SYSDB_NETGROUP_MEMBER, - "members", name, netgroup_attrs); + "members", true, name, netgroup_attrs); if (ret != EOK) { goto fail; } diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c index fa9c0a799d363a32f95c1a6ef5ef94afe3033b83..f6cd0d5f4e03dd92bdf5b96c417f5fb30bf1d298 100644 --- a/src/providers/ldap/sdap_async_users.c +++ b/src/providers/ldap/sdap_async_users.c @@ -148,7 +148,7 @@ int sdap_save_user(TALLOC_CTX *memctx, } ret = sdap_attrs_add_string(attrs, SYSDB_ORIG_DN, - "original DN", + "original DN", false, name, user_attrs); if (ret != EOK) { goto fail; @@ -175,7 +175,7 @@ int sdap_save_user(TALLOC_CTX *memctx, ret = sdap_attrs_add_string(attrs, opts->user_map[SDAP_AT_USER_MODSTAMP].sys_name, - "original mod-Timestamp", + "original mod-Timestamp", false, name, user_attrs); if (ret != EOK) { goto fail; @@ -229,7 +229,7 @@ int sdap_save_user(TALLOC_CTX *memctx, for (i = SDAP_FIRST_EXTRA_USER_AT; i < SDAP_OPTS_USER; i++) { ret = sdap_attrs_add_list(attrs, opts->user_map[i].sys_name, - NULL, name, user_attrs); + NULL, false, name, user_attrs); if (ret) { goto fail; } -- 1.7.6.4
signature.asc
Description: This is a digitally signed message part.
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://fedorahosted.org/mailman/listinfo/sssd-devel
