summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2013-01-23 17:17:55 +0100
committerJakub Hrozek <jhrozek@redhat.com>2013-01-23 17:35:05 +0100
commit94b6d396c55da8181cbc3b515dc8945e64b2bc9b (patch)
tree145ce7e33de209cfed7d0729a24853120f025f04
parent3742539567c648584befb22cc9c0f8f64e2eab43 (diff)
downloadsssd-94b6d396c55da8181cbc3b515dc8945e64b2bc9b.tar.gz
sssd-94b6d396c55da8181cbc3b515dc8945e64b2bc9b.tar.xz
sssd-94b6d396c55da8181cbc3b515dc8945e64b2bc9b.zip
SYSDB: Expire group if adding ghost users fails with EEXIST
-rw-r--r--src/db/sysdb_upgrade.c38
1 files changed, 36 insertions, 2 deletions
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
index fc9b2c964..0f0bc554f 100644
--- a/src/db/sysdb_upgrade.c
+++ b/src/db/sysdb_upgrade.c
@@ -1097,9 +1097,43 @@ int sysdb_upgrade_10(struct sysdb_ctx *sysdb, const char **ver)
DEBUG(SSSDBG_TRACE_FUNC, ("Adding ghost [%s] to entry [%s]\n",
name, ldb_dn_get_linearized(msg->dn)));
- ret = ldb_modify(sysdb->ldb, msg);
+ ret = sss_ldb_modify_permissive(sysdb->ldb, msg);
talloc_zfree(msg);
- if (ret != LDB_SUCCESS) {
+ if (ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
+ /* If we failed adding the ghost user(s) because the values already
+ * exist, they were probably propagated from a parent that was
+ * upgraded before us. Mark the group as expired so that it is
+ * refreshed on next request.
+ */
+ msg = ldb_msg_new(tmp_ctx);
+ if (msg == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]);
+ if (msg->dn == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = ldb_msg_add_empty(msg, SYSDB_CACHE_EXPIRE,
+ LDB_FLAG_MOD_REPLACE, NULL);
+ if (ret != LDB_SUCCESS) {
+ goto done;
+ }
+
+ ret = ldb_msg_add_string(msg, SYSDB_CACHE_EXPIRE, "1");
+ if (ret != LDB_SUCCESS) {
+ goto done;
+ }
+
+ ret = sss_ldb_modify_permissive(sysdb->ldb, msg);
+ talloc_zfree(msg);
+ if (ret != LDB_SUCCESS) {
+ goto done;
+ }
+ } else if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}