|
 |
2fc102 |
From 2ea997d55fb7b18bbf153d5fa625b688285dfdb9 Mon Sep 17 00:00:00 2001
|
|
|
2fc102 |
From: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
2fc102 |
Date: Fri, 24 Jan 2014 10:02:23 +0100
|
|
|
2fc102 |
Subject: [PATCH 62/62] LDAP: Don't abort request if no id mapping domain
|
|
|
2fc102 |
matches
|
|
|
2fc102 |
|
|
|
2fc102 |
If an ID was requested from the back end, but no ID mapping domain
|
|
|
2fc102 |
matched, the request ended with a scary error message. It's better to
|
|
|
2fc102 |
treat the request as if no such ID was found in the domain
|
|
|
2fc102 |
|
|
|
2fc102 |
Related:
|
|
|
2fc102 |
https://fedorahosted.org/sssd/ticket/2200
|
|
|
2fc102 |
---
|
|
|
2fc102 |
src/providers/ad/ad_id.c | 2 +-
|
|
|
2fc102 |
src/providers/ldap/ldap_id.c | 44 +++++++++++++++++++++++++++++++++++++++-----
|
|
|
2fc102 |
2 files changed, 40 insertions(+), 6 deletions(-)
|
|
|
2fc102 |
|
|
|
2fc102 |
diff --git a/src/providers/ad/ad_id.c b/src/providers/ad/ad_id.c
|
|
|
2fc102 |
index ada47753fb337641df582a5a59affe8124fc2035..e74653b734010712ff0562ce1bcbad2b03aba27e 100644
|
|
|
2fc102 |
--- a/src/providers/ad/ad_id.c
|
|
|
2fc102 |
+++ b/src/providers/ad/ad_id.c
|
|
|
2fc102 |
@@ -386,7 +386,7 @@ ad_account_info_complete(struct tevent_req *req)
|
|
|
2fc102 |
error_text = NULL;
|
|
|
2fc102 |
} else {
|
|
|
2fc102 |
DEBUG(SSSDBG_FATAL_FAILURE,
|
|
|
2fc102 |
- ("Bug: dp_error is OK on failed request"));
|
|
|
2fc102 |
+ ("Bug: dp_error is OK on failed request\n"));
|
|
|
2fc102 |
dp_error = DP_ERR_FATAL;
|
|
|
2fc102 |
error_text = req_error_text;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
diff --git a/src/providers/ldap/ldap_id.c b/src/providers/ldap/ldap_id.c
|
|
|
2fc102 |
index 793bc99ebcec883be7db3fc9dd56fa511d8ba3bb..e36c1f697c18e865a47d991dad103fc440456118 100644
|
|
|
2fc102 |
--- a/src/providers/ldap/ldap_id.c
|
|
|
2fc102 |
+++ b/src/providers/ldap/ldap_id.c
|
|
|
2fc102 |
@@ -129,7 +129,20 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
|
|
|
2fc102 |
/* Convert the UID to its objectSID */
|
|
|
2fc102 |
err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map,
|
|
|
2fc102 |
uid, &sid;;
|
|
|
2fc102 |
- if (err != IDMAP_SUCCESS) {
|
|
|
2fc102 |
+ if (err == IDMAP_NO_DOMAIN) {
|
|
|
2fc102 |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
+ ("[%s] did not match any configured ID mapping domain\n",
|
|
|
2fc102 |
+ name));
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ ret = sysdb_delete_user(state->sysdb,
|
|
|
2fc102 |
+ state->domain, NULL, uid);
|
|
|
2fc102 |
+ if (ret == ENOENT) {
|
|
|
2fc102 |
+ /* Ignore errors to remove users that were not cached previously */
|
|
|
2fc102 |
+ ret = EOK;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ goto fail;
|
|
|
2fc102 |
+ } else if (err != IDMAP_SUCCESS) {
|
|
|
2fc102 |
DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
("Mapping ID [%s] to SID failed: [%s]\n",
|
|
|
2fc102 |
name, idmap_error_string(err)));
|
|
|
2fc102 |
@@ -213,7 +226,11 @@ struct tevent_req *users_get_send(TALLOC_CTX *memctx,
|
|
|
2fc102 |
return req;
|
|
|
2fc102 |
|
|
|
2fc102 |
fail:
|
|
|
2fc102 |
- tevent_req_error(req, ret);
|
|
|
2fc102 |
+ if (ret != EOK) {
|
|
|
2fc102 |
+ tevent_req_error(req, ret);
|
|
|
2fc102 |
+ } else {
|
|
|
2fc102 |
+ tevent_req_done(req);
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
tevent_req_post(req, ev);
|
|
|
2fc102 |
return req;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
@@ -496,10 +513,23 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
|
|
|
2fc102 |
goto fail;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
|
|
|
2fc102 |
- /* Convert the UID to its objectSID */
|
|
|
2fc102 |
+ /* Convert the GID to its objectSID */
|
|
|
2fc102 |
err = sss_idmap_unix_to_sid(ctx->opts->idmap_ctx->map,
|
|
|
2fc102 |
gid, &sid;;
|
|
|
2fc102 |
- if (err != IDMAP_SUCCESS) {
|
|
|
2fc102 |
+ if (err == IDMAP_NO_DOMAIN) {
|
|
|
2fc102 |
+ DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
+ ("[%s] did not match any configured ID mapping domain\n",
|
|
|
2fc102 |
+ name));
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ ret = sysdb_delete_group(state->sysdb,
|
|
|
2fc102 |
+ state->domain, NULL, gid);
|
|
|
2fc102 |
+ if (ret == ENOENT) {
|
|
|
2fc102 |
+ /* Ignore errors to remove users that were not cached previously */
|
|
|
2fc102 |
+ ret = EOK;
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
+
|
|
|
2fc102 |
+ goto fail;
|
|
|
2fc102 |
+ } else if (err != IDMAP_SUCCESS) {
|
|
|
2fc102 |
DEBUG(SSSDBG_MINOR_FAILURE,
|
|
|
2fc102 |
("Mapping ID [%s] to SID failed: [%s]\n",
|
|
|
2fc102 |
name, idmap_error_string(err)));
|
|
|
2fc102 |
@@ -587,7 +617,11 @@ struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
|
|
|
2fc102 |
return req;
|
|
|
2fc102 |
|
|
|
2fc102 |
fail:
|
|
|
2fc102 |
- tevent_req_error(req, ret);
|
|
|
2fc102 |
+ if (ret != EOK) {
|
|
|
2fc102 |
+ tevent_req_error(req, ret);
|
|
|
2fc102 |
+ } else {
|
|
|
2fc102 |
+ tevent_req_done(req);
|
|
|
2fc102 |
+ }
|
|
|
2fc102 |
tevent_req_post(req, ev);
|
|
|
2fc102 |
return req;
|
|
|
2fc102 |
}
|
|
|
2fc102 |
--
|
|
|
2fc102 |
1.8.4.2
|
|
|
2fc102 |
|