diff options
| author | Sumit Bose <sbose@redhat.com> | 2016-02-22 16:08:13 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-02-26 12:00:09 +0100 |
| commit | b5d48539966aefbea703377ba2ebcb67f9cf88b8 (patch) | |
| tree | aa29f11c40cd2b3c306fb3093eaba0e6db5ee726 | |
| parent | b25d33b0a775e2337014a334699156ac56b08f9b (diff) | |
| download | sssd-b5d48539966aefbea703377ba2ebcb67f9cf88b8.tar.gz sssd-b5d48539966aefbea703377ba2ebcb67f9cf88b8.tar.xz sssd-b5d48539966aefbea703377ba2ebcb67f9cf88b8.zip | |
IPA: invalidate override data if original view is missing
If the idview name cannot be read from cache this either means that the
cache was empty or the name wasn't written because of an error. In the
case of an error SSSD would assume that the default view was used. If
the new view is different from the default view the override data must be
invalidated. Since the sysdb call to invalidate the override data would
work with an empty cache as well and do nothing it is safe to call it on
both cases.
Related to https://fedorahosted.org/sssd/ticket/2960
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/providers/ipa/ipa_subdomains.c | 16 |
1 files changed, 13 insertions, 3 deletions
diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c index 20b1c9cbf..bcc6347fa 100644 --- a/src/providers/ipa/ipa_subdomains.c +++ b/src/providers/ipa/ipa_subdomains.c @@ -898,9 +898,19 @@ static void ipa_get_view_name_done(struct tevent_req *req) } else { if (ctx->sd_ctx->id_ctx->view_name == NULL || strcmp(ctx->sd_ctx->id_ctx->view_name, view_name) != 0) { - /* View name changed */ - - if (ctx->sd_ctx->id_ctx->view_name != NULL) { + /* View name changed. If there was a non-default non-local view + * was used the tree in cache containing the override values is + * removed. In all cases sysdb_invalidate_overrides() is called to + * remove the override attribute from the cached user objects. + * + * Typically ctx->sd_ctx->id_ctx->view_name == NULL means that the + * cache was empty but there was a bug in with caused that the + * view name was not written to the cache at all. In this case the + * cache must be invalidated if the new view is not the + * default-view as well. */ + + if (ctx->sd_ctx->id_ctx->view_name != NULL + || !is_default_view(view_name)) { ret = sysdb_transaction_start( ctx->sd_ctx->be_ctx->domain->sysdb); if (ret != EOK) { |