53 lines
2.5 KiB
Diff
53 lines
2.5 KiB
Diff
|
From 55fa5564a9835e9697555d1bfeb9336bcce2415f Mon Sep 17 00:00:00 2001
|
||
|
From: Sumit Bose <sbose@redhat.com>
|
||
|
Date: Mon, 22 Feb 2016 16:08:13 +0100
|
||
|
Subject: [PATCH 083/108] IPA: invalidate override data if original view is
|
||
|
missing
|
||
|
|
||
|
If the idview name cannot be read from cache this either means that the
|
||
|
cache was empty or the name wasn't written because of an error. In the
|
||
|
case of an error SSSD would assume that the default view was used. If
|
||
|
the new view is different from the default view the override data must be
|
||
|
invalidated. Since the sysdb call to invalidate the override data would
|
||
|
work with an empty cache as well and do nothing it is safe to call it on
|
||
|
both cases.
|
||
|
|
||
|
Related to https://fedorahosted.org/sssd/ticket/2960
|
||
|
|
||
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
||
|
(cherry picked from commit b5d48539966aefbea703377ba2ebcb67f9cf88b8)
|
||
|
(cherry picked from commit 1d4d3f15b5cb9b9ffad521ddea0b1e3660587816)
|
||
|
---
|
||
|
src/providers/ipa/ipa_subdomains.c | 14 ++++++++++++--
|
||
|
1 file changed, 12 insertions(+), 2 deletions(-)
|
||
|
|
||
|
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
|
||
|
index c888279229c891f1d5b8763aa851617a5daedd51..cb5a23bfb8043e620061e11d5e567d3e39eab6e3 100644
|
||
|
--- a/src/providers/ipa/ipa_subdomains.c
|
||
|
+++ b/src/providers/ipa/ipa_subdomains.c
|
||
|
@@ -898,9 +898,19 @@ static void ipa_get_view_name_done(struct tevent_req *req)
|
||
|
} else {
|
||
|
if (ctx->sd_ctx->id_ctx->view_name == NULL
|
||
|
|| strcmp(ctx->sd_ctx->id_ctx->view_name, view_name) != 0) {
|
||
|
- /* View name changed */
|
||
|
+ /* View name changed. If there was a non-default non-local view
|
||
|
+ * was used the tree in cache containing the override values is
|
||
|
+ * removed. In all cases sysdb_invalidate_overrides() is called to
|
||
|
+ * remove the override attribute from the cached user objects.
|
||
|
+ *
|
||
|
+ * Typically ctx->sd_ctx->id_ctx->view_name == NULL means that the
|
||
|
+ * cache was empty but there was a bug in with caused that the
|
||
|
+ * view name was not written to the cache at all. In this case the
|
||
|
+ * cache must be invalidated if the new view is not the
|
||
|
+ * default-view as well. */
|
||
|
|
||
|
- if (ctx->sd_ctx->id_ctx->view_name != NULL) {
|
||
|
+ if (ctx->sd_ctx->id_ctx->view_name != NULL
|
||
|
+ || !is_default_view(view_name)) {
|
||
|
ret = sysdb_transaction_start(
|
||
|
ctx->sd_ctx->be_ctx->domain->sysdb);
|
||
|
if (ret != EOK) {
|
||
|
--
|
||
|
2.7.3
|
||
|
|