fidencio's pull request #11: "SECRETS: Don't remove a container when it has
children" was synchronize
See the full pull-request at https://github.com/SSSD/sssd/pull/11
... or pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/11/head:pr11
git checkout pr11
From 73c878007bb44cb3bd234367d50b6ea9fb8edf3d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Tue, 30 Aug 2016 10:42:58 +0200
Subject: [PATCH 1/2] SECRETS: Search by the right type when checking
containers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
We've been searching for the wrong type ("simple") in
local_db_check_containers(), which always gives us a NULL result.
Let's introduce the new LOCAL_CONTAINER_FILTER and do the search for the
right type ("container") from now on.
Resolves:
https://fedorahosted.org/sssd/ticket/3137
Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
---
src/responder/secrets/local.c | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
index ac3049b..5b5745d 100644
--- a/src/responder/secrets/local.c
+++ b/src/responder/secrets/local.c
@@ -168,6 +168,7 @@ char *local_dn_to_path(TALLOC_CTX *mem_ctx,
}
#define LOCAL_SIMPLE_FILTER "(type=simple)"
+#define LOCAL_CONTAINER_FILTER "(type=container)"
int local_db_get_simple(TALLOC_CTX *mem_ctx,
struct local_context *lctx,
@@ -306,7 +307,7 @@ int local_db_check_containers(TALLOC_CTX *mem_ctx,
/* and check the parent container exists */
ret = ldb_search(lctx->ldb, mem_ctx, &res, dn, LDB_SCOPE_BASE,
- attrs, LOCAL_SIMPLE_FILTER);
+ attrs, LOCAL_CONTAINER_FILTER);
if (ret != LDB_SUCCESS) return ENOENT;
if (res->count != 1) return ENOENT;
talloc_free(res);
From 9ab6cc5eb3fd6b605f4324938f60cdf1ad0a3c7f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Thu, 1 Sep 2016 12:04:30 +0200
Subject: [PATCH 2/2] SECRETS: Don't remove a container when it has children
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Let's return and log an error in case the container to be removed has
children.
The approach taken introduced at least one new search in every delete
operation. As far as I understand searching in the BASE scope is quite
cheap and that's the reason I decided to just do the search in the
ONELEVEL scope when the requested to be deleted dn is for sure a
container.
Resolves:
https://fedorahosted.org/sssd/ticket/3167
Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
---
src/responder/secrets/local.c | 33 +++++++++++++++++++++++++++++++--
1 file changed, 31 insertions(+), 2 deletions(-)
diff --git a/src/responder/secrets/local.c b/src/responder/secrets/local.c
index 5b5745d..b13e77f 100644
--- a/src/responder/secrets/local.c
+++ b/src/responder/secrets/local.c
@@ -372,14 +372,43 @@ int local_db_delete(TALLOC_CTX *mem_ctx,
struct local_context *lctx,
const char *req_path)
{
+ TALLOC_CTX *tmp_ctx;
struct ldb_dn *dn;
+ static const char *attrs[] = { NULL };
+ struct ldb_result *res;
int ret;
+ tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx) return ENOMEM;
+
ret = local_db_dn(mem_ctx, lctx->ldb, req_path, &dn);
- if (ret != EOK) return ret;
+ if (ret != EOK) goto done;
+
+ ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
+ attrs, LOCAL_CONTAINER_FILTER);
+ if (ret != EOK) goto done;
+
+ if (res->count == 1) {
+ ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_ONELEVEL,
+ attrs, NULL);
+ if (ret != EOK) goto done;
+
+ if (res->count > 0) {
+ ret = EEXIST;
+ DEBUG(SSSDBG_OP_FAILURE,
+ "Failed to remove '%s': Container is not empty\n",
+ ldb_dn_get_linearized(dn));
+
+ goto done;
+ }
+ }
ret = ldb_delete(lctx->ldb, dn);
- return sysdb_error_to_errno(ret);
+ ret = sysdb_error_to_errno(ret);
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
}
int local_db_create(TALLOC_CTX *mem_ctx,
_______________________________________________
sssd-devel mailing list
sssd-devel@lists.fedorahosted.org
https://lists.fedorahosted.org/admin/lists/sssd-devel@lists.fedorahosted.org
