From 0a367914b87ef56dd4d5d56778e5770d1201f255 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Mon, 16 Apr 2018 20:29:28 +0200
Subject: [PATCH] SYSDB: sysdb_add_incomplete_group now returns EEXIST with a
duplicate GID
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Related:
https://pagure.io/SSSD/sssd/issue/2653
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
(cherry picked from commit ba2d5f7a0adefb017d3f85203d715b725ca8810f)
---
src/db/sysdb_ops.c | 13 ++++++++++---
src/tests/sysdb-tests.c | 47 ++++++++++++++++++++++++++++++++++++++++++++++-
2 files changed, 56 insertions(+), 4 deletions(-)
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index de4fdb592..93b967e75 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2398,10 +2398,17 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain,
same = strcmp(previous, values[i]) == 0;
}
}
- }
- if (same) {
- ret = ERR_GID_DUPLICATED;
+ if (same == true) {
+ DEBUG(SSSDBG_TRACE_LIBS,
+ "The group with GID [%"SPRIgid"] was renamed\n", gid);
+ ret = ERR_GID_DUPLICATED;
+ goto done;
+ }
+
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Another group with GID [%"SPRIgid"] already exists\n", gid);
+ ret = EEXIST;
goto done;
}
diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c
index 32b8ca856..416dedb5e 100644
--- a/src/tests/sysdb-tests.c
+++ b/src/tests/sysdb-tests.c
@@ -989,6 +989,50 @@ START_TEST (test_sysdb_add_incomplete_group)
}
END_TEST
+START_TEST (test_sysdb_incomplete_group_rename)
+{
+ struct sysdb_test_ctx *test_ctx;
+ int ret;
+
+ ret = setup_sysdb_tests(&test_ctx);
+ if (ret != EOK) {
+ fail("Could not set up the test");
+ return;
+ }
+
+ ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group",
+ 20000, NULL,
+ "S-1-5-21-123-456-789-111",
+ NULL, true, 0);
+ fail_unless(ret == EOK,
+ "sysdb_add_incomplete_group error [%d][%s]",
+ ret, strerror(ret));
+
+ /* Adding a group with the same GID and all the other characteristics uknown should fail */
+ ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group_new",
+ 20000, NULL, NULL, NULL, true, 0);
+ fail_unless(ret == EEXIST, "Did not caught a duplicate\n");
+
+ /* A different SID should also trigger a failure */
+ ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group_new",
+ 20000, NULL,
+ "S-1-5-21-123-456-789-222",
+ NULL, true, 0);
+ fail_unless(ret == EEXIST, "Did not caught a duplicate\n");
+
+ /* But if we know based on a SID that the group is in fact the same,
+ * let's just change its name
+ */
+ ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group_new",
+ 20000, NULL,
+ "S-1-5-21-123-456-789-111",
+ NULL, true, 0);
+ fail_unless(ret == ERR_GID_DUPLICATED,
+ "Did not catch a legitimate rename",
+ ret, strerror(ret));
+}
+END_TEST
+
START_TEST (test_sysdb_getpwnam)
{
struct sysdb_test_ctx *test_ctx;
@@ -5526,7 +5570,7 @@ START_TEST(test_sysdb_search_sid_str)
ret = setup_sysdb_tests(&test_ctx);
fail_if(ret != EOK, "Could not set up the test");
- data = test_data_new_group(test_ctx, 2900);
+ data = test_data_new_group(test_ctx, 2902);
fail_if(data == NULL);
data->sid_str = "S-1-2-3-4";
@@ -7166,6 +7210,7 @@ Suite *create_sysdb_suite(void)
tcase_add_loop_test(tc_sysdb,
test_sysdb_remove_local_group_by_gid,
28000, 28010);
+ tcase_add_test(tc_sysdb, test_sysdb_incomplete_group_rename);
/* test custom operations */
tcase_add_loop_test(tc_sysdb, test_sysdb_store_custom, 29010, 29020);
--
2.14.3