Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
sssd
0018-SYSDB-Delete-linked-local-user-overrides-w...
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0018-SYSDB-Delete-linked-local-user-overrides-when-deleti.patch of Package sssd
From 1c8bbc30a7e209b979f65c85598f8622db6346a3 Mon Sep 17 00:00:00 2001 From: Samuel Cabrero <scabrero@suse.de> Date: Mon, 24 Jun 2019 14:51:01 +0200 Subject: [PATCH 18/18] SYSDB: Delete linked local user overrides when deleting a user If a cached user having a linked userOverride is deleted from the LDAP server, at some point it will be deleted from cache too but its linked userOverride object will not. This causes the command sss_override to fail: [sssd] [append_name] (0x0020): sysdb_search_entry() failed [2]: No such file or directory [sssd] [list_overrides] (0x0020): Unable to append name [2]: No such file or directory [sssd] [user_export] (0x0020): Unable to get override objects [sssd] [override_user_find] (0x0020): Unable to export users Signed-off-by: Samuel Cabrero <scabrero@suse.de> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit f67109c46cec6eacbfa94aa20bfe6f8a930ba9b9) --- src/db/sysdb_ops.c | 83 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 83 insertions(+) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 15915101e..1537abf02 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -3767,6 +3767,41 @@ int sysdb_search_ts_users(TALLOC_CTX *mem_ctx, /* =Delete-User-by-Name-OR-uid============================================ */ +static errno_t sysdb_user_local_override_dn(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + struct ldb_dn *obj_dn, + struct ldb_dn **out_dn) +{ + struct ldb_context *ldb = sysdb_ctx_get_ldb(domain->sysdb); + struct ldb_dn *override_dn; + char *anchor; + char *dn; + errno_t ret; + + ret = sysdb_dn_sanitize(mem_ctx, ldb_dn_get_linearized(obj_dn), &dn); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_dn_sanitize() failed\n"); + return ret; + } + + anchor = talloc_asprintf(mem_ctx, ":%s:%s", SYSDB_LOCAL_VIEW_NAME, dn); + talloc_free(dn); + if (anchor == NULL) { + return ENOMEM; + } + + override_dn = ldb_dn_new_fmt(mem_ctx, ldb, SYSDB_TMPL_OVERRIDE, + anchor, SYSDB_LOCAL_VIEW_NAME); + talloc_free(anchor); + if (override_dn == NULL) { + return ENOMEM; + } + + *out_dn = override_dn; + + return EOK; +} + int sysdb_delete_user(struct sss_domain_info *domain, const char *name, uid_t uid) { @@ -3779,6 +3814,9 @@ int sysdb_delete_user(struct sss_domain_info *domain, int ret; int i; char *sanitized_name; + struct ldb_dn *override_dn = NULL; + bool in_transaction = false; + errno_t sret; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { @@ -3811,10 +3849,46 @@ int sysdb_delete_user(struct sss_domain_info *domain, } } + /* If user has a linked userOverride delete it */ + ret = sysdb_user_local_override_dn(tmp_ctx, domain, msg->dn, + &override_dn); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Failed to build local override DN: %s\n", + strerror(ret)); + goto fail; + } + + ret = sysdb_transaction_start(domain->sysdb); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + goto fail; + } + in_transaction = true; + + ret = sysdb_delete_entry(domain->sysdb, override_dn, true); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "Error deleting linked override DN: %s\n", + strerror(ret)); + goto fail; + } + ret = sysdb_delete_entry(domain->sysdb, msg->dn, false); if (ret) { goto fail; } + + ret = sysdb_transaction_commit(domain->sysdb); + if (ret != LDB_SUCCESS) { + ret = sysdb_error_to_errno(ret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to commit ldb transaction [%d]: %s\n", + ret, sss_strerror(ret)); + goto fail; + } + in_transaction = false; + } else if (ret == ENOENT && name != NULL) { /* Perhaps a ghost user? */ ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name); @@ -3869,6 +3943,15 @@ int sysdb_delete_user(struct sss_domain_info *domain, return EOK; fail: + if (in_transaction) { + sret = sysdb_transaction_cancel(domain->sysdb); + if (sret != LDB_SUCCESS) { + sret = sysdb_error_to_errno(sret); + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to cancel ldb transaction [%d]: %s\n", + sret, sss_strerror(sret)); + } + } DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret)); talloc_zfree(tmp_ctx); return ret; -- 2.23.0
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor