rpms / sssd

Clone
Source Code
GIT

Files

el5 f11 f12 f13 f14 f15 f16 f17 f18 f19 f20 f21 f22 f23 f24 f25 f26 f27 f28 f29 f30 f31 f32 f33 f34 f35 f36 f37 f38 f39 f40 main rawhide
  1.   f20
  2.   0039-SDAP-Remove-user-from-cache-for-missing-user-in-LDAP.patch
Blob Blame History Raw 
From 441e18a80a7c9f49fd9fe95ca5fbce43d4bb58ff Mon Sep 17 00:00:00 2001
From: Lukas Slebodnik <lslebodn@redhat.com>
Date: Wed, 17 Jun 2015 21:35:22 +0200
Subject: [PATCH 39/45] SDAP: Remove user from cache for missing user in LDAP
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Function sysdb_get_real_name overrode reurned code LDAP
and thus user was not removed from cache after removing it from LDAP.
This patch also do not try to set initgroups flag if user
does not exist. It reduce some error message.

Resolves:
https://fedorahosted.org/sssd/ticket/2681

Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 9fc96a4a2b07b92585b02dba161ab1eb2dbdad98)
(cherry picked from commit d0d6956c3748ba670448edd548b8edd37c5f5c1a)
---
 src/providers/ldap/ldap_id.c | 50 +++++++++++++++++++++++++-------------------
 1 file changed, 28 insertions(+), 22 deletions(-)

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index ab981faf6374bde4b0191317a33e9175951dc14c..85190506f7b819017b774d10a56085f30c408ee0 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -1103,33 +1103,39 @@ static void groups_by_user_done(struct tevent_req *subreq)
     }
     state->sdap_ret = ret;
 
-    if (ret && ret != ENOENT) {
-        state->dp_error = dp_error;
-        tevent_req_error(req, ret);
-        return;
+    if (ret == EOK || ret == ENOENT) {
+        /* state->name is still the name used for the original req. The cached
+         * object might have a different name, e.g. a fully-qualified name. */
+        ret = sysdb_get_real_name(state, state->domain->sysdb, state->domain,
+                                  state->name, &cname);
+        if (ret != EOK) {
+            cname = state->name;
+            DEBUG(SSSDBG_OP_FAILURE,
+                  "Failed to canonicalize name, using [%s].\n", cname);
+        }
     }
 
-    /* state->name is still the name used for the original request. The cached
-     * object might have a different name, e.g. a fully-qualified name. */
-    ret = sysdb_get_real_name(state, state->domain->sysdb, state->domain,
-                              state->name, &cname);
-    if (ret != EOK) {
-        cname = state->name;
-        DEBUG(SSSDBG_OP_FAILURE, "Failed to canonicalize name, using [%s].\n",
-                                 cname);
-    }
-
-    if (ret == ENOENT && state->noexist_delete == true) {
-        ret = sysdb_delete_user(state->domain->sysdb, state->domain, cname, 0);
-        if (ret != EOK && ret != ENOENT) {
+    switch (state->sdap_ret) {
+    case ENOENT:
+        if (state->noexist_delete == true) {
+            ret = sysdb_delete_user(state->domain->sysdb, state->domain,
+                                    cname, 0);
+            if (ret != EOK && ret != ENOENT) {
+                tevent_req_error(req, ret);
+                return;
+            }
+        }
+        break;
+    case EOK:
+        ret = set_initgroups_expire_attribute(state->domain, cname);
+        if (ret != EOK) {
+            state->dp_error = DP_ERR_FATAL;
             tevent_req_error(req, ret);
             return;
         }
-    }
-
-    ret = set_initgroups_expire_attribute(state->domain, cname);
-    if (ret != EOK) {
-        state->dp_error = DP_ERR_FATAL;
+        break;
+    default:
+        state->dp_error = dp_error;
         tevent_req_error(req, ret);
         return;
     }
-- 
2.4.3
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.