[SSSD] [PATCH] LDAP: Delete entry by SID if not found

Jakub Hrozek Thu, 10 Oct 2013 11:13:51 -0700

Hi,

if an entry is removed from LDAP and searched by SID, the SID lookup
code doesn't handle ENOENT and doesn't remove the stray entry from
cache. The attached patch fixes that.

>From 9d8f852f83c3189b94323bf359a78df8866f2fbf Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhro...@redhat.com>
Date: Thu, 10 Oct 2013 19:21:07 +0200
Subject: [PATCH] LDAP: Delete entry by SID if not found


In case the entry was deleted from the server, the search didn't notice
and kept returning the cached data.
---
 src/providers/ldap/ldap_id.c | 45 +++++++++++++++++++++++++++++++++++++++++---
 1 file changed, 42 insertions(+), 3 deletions(-)

diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
index 
59dfd0a5d41fa9adc14ab1297563cfe499a4b675..b863329c28c30701f28b41cfb8a882a150595df6
 100644
--- a/src/providers/ldap/ldap_id.c
+++ b/src/providers/ldap/ldap_id.c
@@ -1547,16 +1547,55 @@ static void get_user_and_group_users_done(struct 
tevent_req *subreq)
     struct get_user_and_group_state *state = tevent_req_data(req,
                                                struct 
get_user_and_group_state);
     int ret;
+    struct ldb_result *res;
 
     ret = users_get_recv(subreq, &state->dp_error, &state->sdap_ret);
     talloc_zfree(subreq);
 
-    if (ret == EOK) { /* Matching user found */
-        tevent_req_done(req);
-    } else {
+    if (ret != EOK) {
         tevent_req_error(req, ret);
+        return;
     }
 
+    if (state->sdap_ret == ENOENT) {
+        /* The search ran to completion, but nothing was found.
+         * Delete the existing entry, if any. */
+        ret = sysdb_search_object_by_sid(state, state->sysdb,
+                                         state->domain,
+                                         state->filter_val,
+                                         NULL, &res);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("Cache request failed\n"));
+            tevent_req_error(req, ret);
+            return;
+        }
+
+        if (res->count > 1) {
+            DEBUG(SSSDBG_FATAL_FAILURE, ("getbysid call returned more than one 
" \
+                                         "result !?!\n"));
+            tevent_req_error(req, EIO);
+            return;
+        }
+
+        if (res->count == 0) {
+            /* No existing entry. Just quit. */
+            tevent_req_done(req);
+            return;
+        }
+
+        ret = sysdb_delete_entry(state->sysdb, res->msgs[0]->dn, true);
+        if (ret != EOK) {
+            DEBUG(SSSDBG_OP_FAILURE, ("Could not delete existing entry!\n"));
+            tevent_req_error(req, ret);
+            return;
+        }
+    } else if (state->sdap_ret != EOK) {
+        tevent_req_error(req, EIO);
+        return;
+    }
+
+    /* Both ret and sdap->ret are EOK. Matching user found */
+    tevent_req_done(req);
     return;
 }
 
-- 
1.8.3.1

_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/mailman/listinfo/sssd-devel

[SSSD] [PATCH] LDAP: Delete entry by SID if not found

Reply via email to