PAC responder: check if existing user differs

If some of the Posix attributes of an user existing in the cache differ from the data given in the current PAC the old user entry is drop and a new one is created with the data from the PAC.
author: Sumit Bose <sbose@redhat.com> 2012-12-18 14:09:05 +0100
committer: Jakub Hrozek <jhrozek@redhat.com> 2013-01-08 14:57:29 +0100
commit: a603316d3c07819860efc349a5d8ce38a07c3378 (patch)
tree: 831edc89788c165ed8899b9224acd64d38489a18
parent: 4044e7de63f6904a9a0f8a8f7d330b58c25fff42 (diff)
download: sssd-a603316d3c07819860efc349a5d8ce38a07c3378.tar.gz
sssd-a603316d3c07819860efc349a5d8ce38a07c3378.tar.xz
sssd-a603316d3c07819860efc349a5d8ce38a07c3378.zip
3 files changed, 64 insertions, 13 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 71fcf8e41..0bf2a07f5 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -129,4 +129,6 @@ errno_t diff_gid_lists(TALLOC_CTX *mem_ctx,
 
 struct sss_domain_info *find_domain_by_id(struct sss_domain_info *domains,
                                           const char *id_str);
+
+bool new_and_cached_user_differs(struct passwd *pwd, struct ldb_message *msg);
 #endif /* __PACSRV_H__ */
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 49164ab3a..375285f6b 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -382,26 +382,33 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx)
         goto done;
     }
 
-    ret = sysdb_search_user_by_name(tmp_ctx, sysdb, pr_ctx->fq_name, attrs,
-                                    &msg);
+    ret = sysdb_search_user_by_uid(tmp_ctx, sysdb, pwd->pw_uid, attrs, &msg);
     if (ret == EOK) {
-        /* TODO: check id uid and gid are equal. */
-    } else if (ret == ENOENT) {
-        ret = sysdb_store_user(sysdb, pwd->pw_name, NULL,
-                               pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
-                               pwd->pw_dir,
-                               pwd->pw_shell, NULL, user_attrs, NULL,
-                               pr_ctx->dom->user_timeout, 0);
-        if (ret != EOK) {
-            DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_user failed [%d][%s].\n",
-                                      ret, strerror(ret)));
+        if (new_and_cached_user_differs(pwd, msg)) {
+            ret = sysdb_delete_user(sysdb, NULL, pwd->pw_uid);
+            if (ret != EOK) {
+                DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_user failed.\n"));
+                goto done;
+            }
+        } else {
             goto done;
         }
-    } else {
+    } else if (ret != EOK && ret != ENOENT) {
         DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n"));
         goto done;
     }
 
+    ret = sysdb_store_user(sysdb, pwd->pw_name, NULL,
+                           pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
+                           pwd->pw_dir,
+                           pwd->pw_shell, NULL, user_attrs, NULL,
+                           pr_ctx->dom->user_timeout, 0);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_user failed [%d][%s].\n",
+                                  ret, strerror(ret)));
+        goto done;
+    }
+
     ret = EOK;
 
 done:
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index 4c3ecb2ac..8328d6fbc 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -963,3 +963,45 @@ done:
 
     return ret;
 }
+
+static bool compare_string_with_attr(const char *val, struct ldb_message *msg,
+                                     const char *attr)
+{
+    const char *str;
+
+    str = ldb_msg_find_attr_as_string(msg, attr, NULL);
+    if ((str == NULL && val == NULL) ||
+        (str != NULL && val != NULL && strcmp(str, val) == 0)) {
+        return true;
+    }
+
+    return false;
+}
+
+bool new_and_cached_user_differs(struct passwd *pwd, struct ldb_message *msg)
+{
+    if (pwd == NULL || msg == NULL) {
+        return true;
+    }
+
+    if (!compare_string_with_attr(pwd->pw_name, msg, SYSDB_NAME)) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("Names differ."));
+        return true;
+    }
+    if (!compare_string_with_attr(pwd->pw_gecos, msg, SYSDB_GECOS)) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("Gecos fields differ."));
+        return true;
+    }
+
+    if (!compare_string_with_attr(pwd->pw_dir, msg, SYSDB_HOMEDIR)) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("Home directories differ."));
+        return true;
+    }
+
+    if (!compare_string_with_attr(pwd->pw_shell, msg, SYSDB_SHELL)) {
+        DEBUG(SSSDBG_TRACE_FUNC, ("Shells differ."));
+        return true;
+    }
+
+    return false;
+}
author	Sumit Bose <sbose@redhat.com>	2012-12-18 14:09:05 +0100
committer	Jakub Hrozek <jhrozek@redhat.com>	2013-01-08 14:57:29 +0100
commit	a603316d3c07819860efc349a5d8ce38a07c3378 (patch)
tree	831edc89788c165ed8899b9224acd64d38489a18
parent	4044e7de63f6904a9a0f8a8f7d330b58c25fff42 (diff)
download	sssd-a603316d3c07819860efc349a5d8ce38a07c3378.tar.gz sssd-a603316d3c07819860efc349a5d8ce38a07c3378.tar.xz sssd-a603316d3c07819860efc349a5d8ce38a07c3378.zip