[SSSD] [PATCH] idmap: Silence DEBUG messages when dealing with built-in, SIDs.

Thu, 15 Nov 2012 12:11:52 -0800 

https://fedorahosted.org/sssd/ticket/1593

With this patch we get:
[sssd[be[AD]]] [sdap_save_group] (0x1000): Mapping group [Administrators] objectSID to unix ID [sssd[be[AD]]] [sdap_idmap_sid_to_unix] (0x0400): Object SID [S-1-5-32-544] is a built-in one. 
[sssd[be[AD]]] [sdap_save_group] (0x0400): Skipping built-in object.

Instead of the old messages, that looked like this:
[sssd[be[AD]]] [sdap_save_group] (0x1000): Mapping group [Administrators] objectSID to unix ID [sssd[be[AD]]] [sdap_idmap_sid_to_unix] (0x0080): Could not parse domain SID from [S-1-5-32-544] [sssd[be[AD]]] [sdap_save_group] (0x0080): Could not convert SID string: [Invalid argument] [sssd[be[AD]]] [sdap_save_group] (0x0080): Failed to save group [Administrators]: [Invalid argument] [sssd[be[AD]]] [sdap_save_groups] (0x0040): Failed to store group 0. Ignoring. 


The patch is attached.
NOTE: To reproduce, set enumerate = true for the AD domain, delete the cache files and start SSSD. 

Thanks
Michal

>From 566e870af26fec77fc19d3d1d405ae7b74001d7c Mon Sep 17 00:00:00 2001
From: Michal Zidek <mzi...@redhat.com>
Date: Wed, 14 Nov 2012 15:36:22 +0100
Subject: [PATCH] idmap: Silence DEBUG messages when dealing with built-in
 SIDs.

When converting built-in SID to unix GID/UID a confusing debug
message about the failed conversion was printed. This patch special
cases these built-in objects.

https://fedorahosted.org/sssd/ticket/1593
---
 src/lib/idmap/sss_idmap.c                     | 13 +++++++++++++
 src/lib/idmap/sss_idmap.h                     |  5 ++++-
 src/providers/ldap/sdap_async_groups.c        | 15 +++++++++++----
 src/providers/ldap/sdap_async_initgroups_ad.c |  3 +++
 src/providers/ldap/sdap_async_users.c         | 13 ++++++++++---
 src/providers/ldap/sdap_idmap.c               |  7 ++++++-
 6 files changed, 47 insertions(+), 9 deletions(-)

diff --git a/src/lib/idmap/sss_idmap.c b/src/lib/idmap/sss_idmap.c
index c589bd4..9364018 100644
--- a/src/lib/idmap/sss_idmap.c
+++ b/src/lib/idmap/sss_idmap.c
@@ -280,6 +280,15 @@ fail:
     return IDMAP_OUT_OF_MEMORY;
 }
 
+static bool sss_idmap_sid_is_builtin(const char *sid)
+{
+    if (strncmp(sid, "S-1-5-32-", 9)) {
+        return false;
+    } else {
+        return true;
+    }
+}
+
 enum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx,
                                             const char *sid,
                                             uint32_t *id)
@@ -293,6 +302,10 @@ enum idmap_error_code sss_idmap_sid_to_unix(struct sss_idmap_ctx *ctx,
 
     idmap_domain_info = ctx->idmap_domain_info;
 
+    if (sid && sss_idmap_sid_is_builtin(sid)) {
+        return IDMAP_BUILTIN_SID;
+    }
+
     while (idmap_domain_info != NULL) {
         dom_len = strlen(idmap_domain_info->sid);
         if (strlen(sid) > dom_len && sid[dom_len] == '-' &&
diff --git a/src/lib/idmap/sss_idmap.h b/src/lib/idmap/sss_idmap.h
index 6b7cbe5..22a4d54 100644
--- a/src/lib/idmap/sss_idmap.h
+++ b/src/lib/idmap/sss_idmap.h
@@ -68,7 +68,10 @@ enum idmap_error_code {
     IDMAP_SID_UNKNOWN,
 
     /** The provided UID or GID could not be mapped */
-    IDMAP_NO_RANGE
+    IDMAP_NO_RANGE,
+
+    /** The provided SID is a built-in one */
+    IDMAP_BUILTIN_SID
 };
 
 /**
diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c
index f0185e4..e79c3a3 100644
--- a/src/providers/ldap/sdap_async_groups.c
+++ b/src/providers/ldap/sdap_async_groups.c
@@ -281,6 +281,11 @@ static int sdap_save_group(TALLOC_CTX *memctx,
                   ("Could not convert SID string: [%s]\n",
                    strerror(ret)));
             goto fail;
+        } else if (gid == 0) {
+            /* GID of 0 is returned if built-in SID was provided
+             * => fail to store the group, but return EOK */
+            DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n"));
+            goto fail;
         }
 
         /* Store the GID in the ldap_attrs so it doesn't get
@@ -496,10 +501,12 @@ static int sdap_save_group(TALLOC_CTX *memctx,
     return EOK;
 
 fail:
-    DEBUG(SSSDBG_MINOR_FAILURE,
-          ("Failed to save group [%s]: [%s]\n",
-           name ? name : "Unknown",
-           strerror(ret)));
+    if (ret) {
+        DEBUG(SSSDBG_MINOR_FAILURE,
+              ("Failed to save group [%s]: [%s]\n",
+               name ? name : "Unknown",
+               strerror(ret)));
+    }
     talloc_free(tmpctx);
     return ret;
 }
diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c
index 7da3f50..b7028b6 100644
--- a/src/providers/ldap/sdap_async_initgroups_ad.c
+++ b/src/providers/ldap/sdap_async_initgroups_ad.c
@@ -457,6 +457,9 @@ sdap_get_ad_tokengroups_initgroups_lookup_done(struct tevent_req *subreq)
                   ("Could not convert SID to GID: [%s]. Skipping\n",
                    strerror(ret)));
             continue;
+        } else if (gid == 0) {
+            DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n"));
+            continue;
         }
 
         DEBUG(SSSDBG_TRACE_LIBS,
diff --git a/src/providers/ldap/sdap_async_users.c b/src/providers/ldap/sdap_async_users.c
index e2e7b72..e168807 100644
--- a/src/providers/ldap/sdap_async_users.c
+++ b/src/providers/ldap/sdap_async_users.c
@@ -148,7 +148,12 @@ int sdap_save_user(TALLOC_CTX *memctx,
 
         /* Convert the SID into a UNIX user ID */
         ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid);
-        if (ret != EOK) goto fail;
+        if (ret != EOK) {
+            goto fail;
+        } else if (uid == 0) {
+            DEBUG(SSSDBG_TRACE_FUNC, ("Skipping built-in object.\n"));
+            goto fail;
+        }
 
         /* Store the UID in the ldap_attrs so it doesn't get
          * treated as a missing attribute from LDAP and removed.
@@ -370,8 +375,10 @@ int sdap_save_user(TALLOC_CTX *memctx,
     return EOK;
 
 fail:
-    DEBUG(2, ("Failed to save user [%s]\n",
-              name ? name : "Unknown"));
+    if (ret) {
+        DEBUG(2, ("Failed to save user [%s]\n",
+                  name ? name : "Unknown"));
+    }
     talloc_free(tmpctx);
     return ret;
 }
diff --git a/src/providers/ldap/sdap_idmap.c b/src/providers/ldap/sdap_idmap.c
index 9ace11b..9faf342 100644
--- a/src/providers/ldap/sdap_idmap.c
+++ b/src/providers/ldap/sdap_idmap.c
@@ -380,7 +380,8 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
     err = sss_idmap_sid_to_unix(idmap_ctx->map,
                                 sid_str,
                                 (uint32_t *)id);
-    if (err != IDMAP_SUCCESS && err != IDMAP_NO_DOMAIN) {
+    if (err != IDMAP_SUCCESS && err != IDMAP_NO_DOMAIN &&
+        err != IDMAP_BUILTIN_SID) {
         DEBUG(SSSDBG_MINOR_FAILURE,
               ("Could not convert objectSID [%s] to a UNIX ID\n",
                sid_str));
@@ -420,6 +421,10 @@ sdap_idmap_sid_to_unix(struct sdap_idmap_ctx *idmap_ctx,
             ret = EIO;
             goto done;
         }
+    } else if (err == IDMAP_BUILTIN_SID) {
+        DEBUG(SSSDBG_TRACE_FUNC,
+              ("Object SID [%s] is a built-in one.\n", sid_str));
+        *id = 0; /* O indicates, that this ID should be ignored */
     }
 
     ret = EOK;
-- 
1.7.11.2


_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

Reply via email to