On 01/08/2013 05:13 AM, Simo Sorce wrote:
On Sun, 2013-01-06 at 00:37 -0500, Simo Sorce wrote:
While looking at some code my eye fell on the fact that sdap_reinit.c
was including sysdb_private.h
That's a no-no on its own, you don't get to use private headers
liberally, or I wouldn't have marked them "private" in the first place!
However besides the abuse of the private headers I found also that the
function was broken because it wasn't doing what it was trying to do
(limit cleanups to users, groups and services).
Instead it would search the whole tree (3 times) and later remove all
entries w/o a USN.
I think this could cause the code to remove *everything* not directly
downloaded from the IPA tree (for example subdomain users) that lacks
the SYSDB_USN attribute for example.
I haven't tested the patch yet tbh, but I do not have the setup right
now, if someone has a 2 servers setup ready and can force sssd to
reconnect to the second and step through the cleanup to make sure it
runs as it should I would be grateful.
I am not sure how this function ever worked at all now, I found another
bug, state->sysdb where never assinged, so sysdb was NULl in some
calls ...
You are right.
It looks that I accidentally removed initialization of base_dn and
state->sysdb in the last iteration of the review. It was present in
previous patch. I blame myself for not having test it again.
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
