fidencio's pull request #11: "SECRETS: Don't remove a container when it has
children" was synchronize
See the full pull-request at https://github.com/SSSD/sssd/pull/11
... or pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/11/head:pr11
git checkout pr11
From 5ddbfae8b584df5075b8a56dd2c62ccce20f23cf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Tue, 30 Aug 2016 10:42:58 +0200
Subject: [PATCH 1/2] SECRETS: Search by the right type when checking
containers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We've been searching for the wrong type ("simple") in
local_db_check_containers(), which always gives us a NULL result.
Let's introduce the new LOCAL_CONTAINER_FILTER and do the search for the
right type ("container") from now on.
Resolves:
https://fedorahosted.org/sssd/ticket/3137
Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
---
src/responder/secrets/local.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
index ac3049b..5b5745d 100644
--- a/src/responder/secrets/local.c
+++ b/src/responder/secrets/local.c
@@ -168,6 +168,7 @@ char *local_dn_to_path(TALLOC_CTX *mem_ctx,
}
#define LOCAL_SIMPLE_FILTER "(type=simple)"
+#define LOCAL_CONTAINER_FILTER "(type=container)"
int local_db_get_simple(TALLOC_CTX *mem_ctx,
struct local_context *lctx,
@@ -306,7 +307,7 @@ int local_db_check_containers(TALLOC_CTX *mem_ctx,
/* and check the parent container exists */
ret = ldb_search(lctx->ldb, mem_ctx, &res, dn, LDB_SCOPE_BASE,
- attrs, LOCAL_SIMPLE_FILTER);
+ attrs, LOCAL_CONTAINER_FILTER);
if (ret != LDB_SUCCESS) return ENOENT;
if (res->count != 1) return ENOENT;
talloc_free(res);
From 616695e64969ee7e8b3aa3f5cfd9a656617d0757 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Thu, 1 Sep 2016 12:04:30 +0200
Subject: [PATCH 2/2] SECRETS: Don't remove a container when it has children
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Let's return and log an error in case the container to be removed has
children.
The approach taken introduced at least one new search in every delete
operation. As far as I understand searching in the BASE scope is quite
cheap and that's the reason I decided to just do the search in the
SUBTREE scope, as we may have containers inside containers, when the
deleted dn is for sure a container.
Resolves:
https://fedorahosted.org/sssd/ticket/3167
Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
---
src/responder/secrets/local.c | 32 ++++++++++++++++++++++++++++++--
1 file changed, 30 insertions(+), 2 deletions(-)
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
index 5b5745d..1c52a3b 100644
--- a/src/responder/secrets/local.c
+++ b/src/responder/secrets/local.c
@@ -373,13 +373,41 @@ int local_db_delete(TALLOC_CTX *mem_ctx,
const char *req_path)
{
struct ldb_dn *dn;
+ static const char *attrs[] = { NULL };
+ struct ldb_result *res = NULL;
int ret;
ret = local_db_dn(mem_ctx, lctx->ldb, req_path, &dn);
if (ret != EOK) return ret;
- ret = ldb_delete(lctx->ldb, dn);
- return sysdb_error_to_errno(ret);
+ ret = ldb_search(lctx->ldb, mem_ctx, &res, dn, LDB_SCOPE_BASE,
+ attrs, LOCAL_CONTAINER_FILTER);
+ if (ret != EOK) return ret;
+
+ if (res->count == 1) {
+ talloc_free(res);
+ res = NULL;
+
+ ret = ldb_search(lctx->ldb, mem_ctx, &res, dn, LDB_SCOPE_SUBTREE,
+ attrs, NULL);
+ if (ret != EOK) return ret;
+
+ if (res->count > 1) {
+ ret = EINVAL;
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to remove '%s': Container is not empty\n",
+ ldb_dn_get_linearized(dn));
+
+ goto done;
+ }
+ }
+
+ ret = sysdb_error_to_errno(ldb_delete(lctx->ldb, dn));
+
+done:
+ talloc_free(res);
+
+ return ret;
}
int local_db_create(TALLOC_CTX *mem_ctx,
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
