From 87a0027c7dbc54422ac519ef8eef0323baff4b60 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 19 Feb 2018 12:43:06 +0100 Subject: [PATCH] SDAP: Add sdap_handle_id_collision_for_incomplete_groups() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This newly added function is a helper to properly hadle group id-collisions when renaming incomplete groups and it does: - Deletes the group from sysdb - Adds the new incomplete group - Notifies the NSS responder that the entry also has to be deleted from the memory cache This function will be called from sdap_ad_save_group_membership_with_idmapping() and from sdap_add_incomplete_groups(). Related: https://pagure.io/SSSD/sssd/issue/2653 Signed-off-by: Fabiano FidĂȘncio Reviewed-by: Jakub Hrozek (cherry picked from commit a537df2ea99acb0181dc360ddf9a60b69c16faf0) --- src/providers/ldap/sdap_async.h | 11 ++++++++++ src/providers/ldap/sdap_async_initgroups.c | 34 ++++++++++++++++++++++++++++++ 2 files changed, 45 insertions(+) diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 40da81fb9..6ca3ed8d8 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -412,4 +412,15 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx, errno_t sdap_ad_tokengroups_initgroups_recv(struct tevent_req *req); +errno_t +sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp, + struct sss_domain_info *domain, + const char *name, + gid_t gid, + const char *original_dn, + const char *sid_str, + const char *uuid, + bool posix, + time_t now); + #endif /* _SDAP_ASYNC_H_ */ diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 326294a1c..34747be59 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -3543,3 +3543,37 @@ errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx, return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain, name, grouplist, true); } + +errno_t +sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp, + struct sss_domain_info *domain, + const char *name, + gid_t gid, + const char *original_dn, + const char *sid_str, + const char *uuid, + bool posix, + time_t now) +{ + errno_t ret; + + ret = sysdb_delete_group(domain, NULL, gid); + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, + "Due to an id collision, the new group with gid [\"%"PRIu32"\"] " + "will not be added as the old group (with the same gid) could " + "not be removed from the sysdb!", + gid); + return ret; + } + + ret = sysdb_add_incomplete_group(domain, name, gid, original_dn, sid_str, + uuid, posix, now); + if (ret != EOK) { + return ret; + } + + dp_sbus_invalidate_group_memcache(dp, gid); + + return EOK; +} -- 2.14.3