summaryrefslogtreecommitdiff
path: root/src/responder
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-08 16:56:06 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-26 11:44:42 +0200
commit76916fe11832bcd84e033c0cc2329def278d642d (patch)
tree954fd98dd359a6b162259c90937fa90775ba8af0 /src/responder
parent5aab4d1092681508cdf32777efdb2a7e5e6e3f0a (diff)
downloadsssd-76916fe11832bcd84e033c0cc2329def278d642d.tar.gz
sssd-76916fe11832bcd84e033c0cc2329def278d642d.tar.bz2
sssd-76916fe11832bcd84e033c0cc2329def278d642d.zip
PAC: do not fail if a single group cannot be added/removed
When processing a list of groups we try to process as much as possible only not stop on the first error.
Diffstat (limited to 'src/responder')
-rw-r--r--src/responder/pac/pacsrv_cmd.c49
1 files changed, 31 insertions, 18 deletions
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index bf3ea753..620b3c04 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -704,13 +704,6 @@ pac_save_memberships_delete(struct pac_save_memberships_state *state)
return ENOMEM;
}
- user_attrs = sysdb_new_attrs(tmp_ctx);
- if (user_attrs == NULL) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n"));
- ret = ENOMEM;
- goto done;
- }
-
ret = sysdb_transaction_start(pr_ctx->dom->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_start failed.\n"));
@@ -719,6 +712,8 @@ pac_save_memberships_delete(struct pac_save_memberships_state *state)
in_transaction = true;
for (c = 0; c < pr_ctx->del_grp_count; c++) {
+ /* If there is a failure for one group we still try to remove the
+ * remaining groups. */
ret = sysdb_mod_group_member(pr_ctx->dom->sysdb, state->user_dn,
pr_ctx->del_grp_list[c].dn,
LDB_FLAG_MOD_DELETE);
@@ -728,24 +723,31 @@ pac_save_memberships_delete(struct pac_save_memberships_state *state)
ldb_dn_get_linearized(state->user_dn),
ldb_dn_get_linearized(
pr_ctx->del_grp_list[c].dn)));
- goto done;
+ continue;
}
if (pr_ctx->del_grp_list[c].orig_dn != NULL) {
+ user_attrs = sysdb_new_attrs(tmp_ctx);
+ if (user_attrs == NULL) {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_new_attrs failed.\n"));
+ continue;
+ }
+
ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF,
pr_ctx->del_grp_list[c].orig_dn);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_add_string failed.\n"));
- goto done;
+ continue;
}
- }
- }
- ret = sysdb_set_entry_attr(pr_ctx->dom->sysdb, state->user_dn, user_attrs,
- LDB_FLAG_MOD_DELETE);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n"));
- goto done;
+ ret = sysdb_set_entry_attr(pr_ctx->dom->sysdb, state->user_dn, user_attrs,
+ LDB_FLAG_MOD_DELETE);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n"));
+ continue;
+ }
+ talloc_free(user_attrs);
+ }
}
ret = sysdb_transaction_commit(pr_ctx->dom->sysdb);
@@ -827,7 +829,10 @@ static errno_t pac_save_memberships_next(struct tevent_req *req)
return EAGAIN;
} else {
- goto done;
+ DEBUG(SSSDBG_OP_FAILURE, ("pac_store_membership failed, "
+ "trying next group.\n"));
+ state->sid_iter++;
+ continue;
}
}
@@ -884,7 +889,8 @@ static void pac_get_group_done(struct tevent_req *subreq)
ret = pac_store_membership(state->pr_ctx, state->user_dn, gid, grp_dom);
if (ret != EOK) {
- goto error;
+ DEBUG(SSSDBG_OP_FAILURE, ("pac_store_membership failed, "
+ "trying next group.\n"));
}
state->sid_iter++;
@@ -927,6 +933,9 @@ pac_store_membership(struct pac_req_ctx *pr_ctx,
goto done;
}
+ DEBUG(SSSDBG_TRACE_ALL, ("Adding user [%s] to group [%d][%s].\n",
+ ldb_dn_get_linearized(user_dn), gid,
+ ldb_dn_get_linearized(group->dn)));
ret = sysdb_mod_group_member(grp_dom->sysdb, user_dn, group->dn,
LDB_FLAG_MOD_ADD);
if (ret != EOK) {
@@ -959,6 +968,10 @@ pac_store_membership(struct pac_req_ctx *pr_ctx,
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_set_entry_attr failed.\n"));
goto done;
}
+ } else {
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Original DN not available for group " \
+ "[%d][%s].\n", gid,
+ ldb_dn_get_linearized(group->dn)));
}
done: