sssd/0043-SYSDB_OPS-Error-out-on-id-collision-when-adding-an-i.patch

From 5da97dcfb8499348080b5c7a3980c704294f22fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Mon, 19 Feb 2018 08:53:56 +0100
Subject: [PATCH] SYSDB_OPS: Error out on id-collision when adding an
 incomplete group
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

This situation can be hit when renaming a group. For now, let's just
error this out so the caller can handle it properly on its own layer.

Related:
https://pagure.io/SSSD/sssd/issue/2653

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 514b2be089bfd0e2702d7e9ab883ab071a61b719)
---
 src/db/sysdb_ops.c | 22 ++++++++++++++++++++++
 1 file changed, 22 insertions(+)

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index 5d3cf643d..de4fdb592 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2377,12 +2377,34 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
     TALLOC_CTX *tmp_ctx;
     int ret;
     struct sysdb_attrs *attrs;
+    struct ldb_message *msg;
+    const char *previous = NULL;
+    const char *group_attrs[] = { SYSDB_SID_STR, SYSDB_UUID, SYSDB_ORIG_DN, NULL };
+    const char *values[] = { sid_str, uuid, original_dn, NULL };
+    bool same = false;
 
     tmp_ctx = talloc_new(NULL);
     if (!tmp_ctx) {
         return ENOMEM;
     }
 
+    ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, group_attrs, &msg);
+    if (ret == EOK) {
+        for (int i = 0; !same && group_attrs[i] != NULL; i++) {
+            previous = ldb_msg_find_attr_as_string(msg,
+                                                   group_attrs[i],
+                                                   NULL);
+            if (previous != NULL && values[i] != NULL) {
+                same = strcmp(previous, values[i]) == 0;
+            }
+        }
+    }
+
+    if (same) {
+        ret = ERR_GID_DUPLICATED;
+        goto done;
+    }
+
     /* try to add the group */
     ret = sysdb_add_basic_group(domain, name, gid);
     if (ret) goto done;
-- 
2.14.3
Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> 2018-04-27 19:58:17 +00:00			`From 5da97dcfb8499348080b5c7a3980c704294f22fa Mon Sep 17 00:00:00 2001`
			`From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>`
			`Date: Mon, 19 Feb 2018 08:53:56 +0100`
			`Subject: [PATCH] SYSDB_OPS: Error out on id-collision when adding an`
			`incomplete group`
			`MIME-Version: 1.0`
			`Content-Type: text/plain; charset=UTF-8`
			`Content-Transfer-Encoding: 8bit`

			`This situation can be hit when renaming a group. For now, let's just`
			`error this out so the caller can handle it properly on its own layer.`

			`Related:`
			`https://pagure.io/SSSD/sssd/issue/2653`

			`Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>`
			`Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>`
			`(cherry picked from commit 514b2be089bfd0e2702d7e9ab883ab071a61b719)`
			`---`
			`src/db/sysdb_ops.c \| 22 ++++++++++++++++++++++`
			`1 file changed, 22 insertions(+)`

			`diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c`
			`index 5d3cf643d..de4fdb592 100644`
			`--- a/src/db/sysdb_ops.c`
			`+++ b/src/db/sysdb_ops.c`
			`@@ -2377,12 +2377,34 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,`
			`TALLOC_CTX *tmp_ctx;`
			`int ret;`
			`struct sysdb_attrs *attrs;`
			`+ struct ldb_message *msg;`
			`+ const char *previous = NULL;`
			`+ const char *group_attrs[] = { SYSDB_SID_STR, SYSDB_UUID, SYSDB_ORIG_DN, NULL };`
			`+ const char *values[] = { sid_str, uuid, original_dn, NULL };`
			`+ bool same = false;`

			`tmp_ctx = talloc_new(NULL);`
			`if (!tmp_ctx) {`
			`return ENOMEM;`
			`}`

			`+ ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, group_attrs, &msg);`
			`+ if (ret == EOK) {`
			`+ for (int i = 0; !same && group_attrs[i] != NULL; i++) {`
			`+ previous = ldb_msg_find_attr_as_string(msg,`
			`+ group_attrs[i],`
			`+ NULL);`
			`+ if (previous != NULL && values[i] != NULL) {`
			`+ same = strcmp(previous, values[i]) == 0;`
			`+ }`
			`+ }`
			`+ }`
			`+`
			`+ if (same) {`
			`+ ret = ERR_GID_DUPLICATED;`
			`+ goto done;`
			`+ }`
			`+`
			`/* try to add the group */`
			`ret = sysdb_add_basic_group(domain, name, gid);`
			`if (ret) goto done;`
			`--`
			`2.14.3`