diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-23 17:17:55 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-23 17:34:06 +0100 |
commit | cb1ab8ffc78f4eaf535ae0ad7f64e6f51596eac5 (patch) | |
tree | 512cb9956a9a212ad3d5adf0571eeee9ad4a5ad0 /src | |
parent | 9e48d08b30e6b273fe4437e11851fdc634ce5cc3 (diff) | |
download | sssd-cb1ab8ffc78f4eaf535ae0ad7f64e6f51596eac5.tar.gz sssd-cb1ab8ffc78f4eaf535ae0ad7f64e6f51596eac5.tar.xz sssd-cb1ab8ffc78f4eaf535ae0ad7f64e6f51596eac5.zip |
SYSDB: Expire group if adding ghost users fails with EEXIST
Diffstat (limited to 'src')
-rw-r--r-- | src/db/sysdb_upgrade.c | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c index fc9b2c964..0f0bc554f 100644 --- a/src/db/sysdb_upgrade.c +++ b/src/db/sysdb_upgrade.c @@ -1097,9 +1097,43 @@ int sysdb_upgrade_10(struct sysdb_ctx *sysdb, const char **ver) DEBUG(SSSDBG_TRACE_FUNC, ("Adding ghost [%s] to entry [%s]\n", name, ldb_dn_get_linearized(msg->dn))); - ret = ldb_modify(sysdb->ldb, msg); + ret = sss_ldb_modify_permissive(sysdb->ldb, msg); talloc_zfree(msg); - if (ret != LDB_SUCCESS) { + if (ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) { + /* If we failed adding the ghost user(s) because the values already + * exist, they were probably propagated from a parent that was + * upgraded before us. Mark the group as expired so that it is + * refreshed on next request. + */ + msg = ldb_msg_new(tmp_ctx); + if (msg == NULL) { + ret = ENOMEM; + goto done; + } + + msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]); + if (msg->dn == NULL) { + ret = ENOMEM; + goto done; + } + + ret = ldb_msg_add_empty(msg, SYSDB_CACHE_EXPIRE, + LDB_FLAG_MOD_REPLACE, NULL); + if (ret != LDB_SUCCESS) { + goto done; + } + + ret = ldb_msg_add_string(msg, SYSDB_CACHE_EXPIRE, "1"); + if (ret != LDB_SUCCESS) { + goto done; + } + + ret = sss_ldb_modify_permissive(sysdb->ldb, msg); + talloc_zfree(msg); + if (ret != LDB_SUCCESS) { + goto done; + } + } else if (ret != LDB_SUCCESS) { ret = sysdb_error_to_errno(ret); goto done; } |