96 lines
3.7 KiB
Diff
96 lines
3.7 KiB
Diff
From 87a0027c7dbc54422ac519ef8eef0323baff4b60 Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
|
|
Date: Mon, 19 Feb 2018 12:43:06 +0100
|
|
Subject: [PATCH] SDAP: Add sdap_handle_id_collision_for_incomplete_groups()
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
This newly added function is a helper to properly hadle group
|
|
id-collisions when renaming incomplete groups and it does:
|
|
- Deletes the group from sysdb
|
|
- Adds the new incomplete group
|
|
- Notifies the NSS responder that the entry also has to be deleted from
|
|
the memory cache
|
|
|
|
This function will be called from
|
|
sdap_ad_save_group_membership_with_idmapping() and from
|
|
sdap_add_incomplete_groups().
|
|
|
|
Related:
|
|
https://pagure.io/SSSD/sssd/issue/2653
|
|
|
|
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
(cherry picked from commit a537df2ea99acb0181dc360ddf9a60b69c16faf0)
|
|
---
|
|
src/providers/ldap/sdap_async.h | 11 ++++++++++
|
|
src/providers/ldap/sdap_async_initgroups.c | 34 ++++++++++++++++++++++++++++++
|
|
2 files changed, 45 insertions(+)
|
|
|
|
diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h
|
|
index 40da81fb9..6ca3ed8d8 100644
|
|
--- a/src/providers/ldap/sdap_async.h
|
|
+++ b/src/providers/ldap/sdap_async.h
|
|
@@ -412,4 +412,15 @@ sdap_ad_tokengroups_initgroups_send(TALLOC_CTX *mem_ctx,
|
|
errno_t
|
|
sdap_ad_tokengroups_initgroups_recv(struct tevent_req *req);
|
|
|
|
+errno_t
|
|
+sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp,
|
|
+ struct sss_domain_info *domain,
|
|
+ const char *name,
|
|
+ gid_t gid,
|
|
+ const char *original_dn,
|
|
+ const char *sid_str,
|
|
+ const char *uuid,
|
|
+ bool posix,
|
|
+ time_t now);
|
|
+
|
|
#endif /* _SDAP_ASYNC_H_ */
|
|
diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c
|
|
index 326294a1c..34747be59 100644
|
|
--- a/src/providers/ldap/sdap_async_initgroups.c
|
|
+++ b/src/providers/ldap/sdap_async_initgroups.c
|
|
@@ -3543,3 +3543,37 @@ errno_t get_sysdb_grouplist_dn(TALLOC_CTX *mem_ctx,
|
|
return get_sysdb_grouplist_ex(mem_ctx, sysdb, domain,
|
|
name, grouplist, true);
|
|
}
|
|
+
|
|
+errno_t
|
|
+sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp,
|
|
+ struct sss_domain_info *domain,
|
|
+ const char *name,
|
|
+ gid_t gid,
|
|
+ const char *original_dn,
|
|
+ const char *sid_str,
|
|
+ const char *uuid,
|
|
+ bool posix,
|
|
+ time_t now)
|
|
+{
|
|
+ errno_t ret;
|
|
+
|
|
+ ret = sysdb_delete_group(domain, NULL, gid);
|
|
+ if (ret != EOK) {
|
|
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
+ "Due to an id collision, the new group with gid [\"%"PRIu32"\"] "
|
|
+ "will not be added as the old group (with the same gid) could "
|
|
+ "not be removed from the sysdb!",
|
|
+ gid);
|
|
+ return ret;
|
|
+ }
|
|
+
|
|
+ ret = sysdb_add_incomplete_group(domain, name, gid, original_dn, sid_str,
|
|
+ uuid, posix, now);
|
|
+ if (ret != EOK) {
|
|
+ return ret;
|
|
+ }
|
|
+
|
|
+ dp_sbus_invalidate_group_memcache(dp, gid);
|
|
+
|
|
+ return EOK;
|
|
+}
|
|
--
|
|
2.14.3
|
|
|