summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2013-08-01 12:40:24 +0200
committerJakub Hrozek <jhrozek@redhat.com>2013-08-26 11:44:42 +0200
commit1e9930690691360d8963eecea4918b36b6d51013 (patch)
tree8a36695aca78ac55d8c587fb6c7ef57e3be6e7ab /src
parentf88f09876e2018bd08e19d84ad1ab66f72cac8fd (diff)
downloadsssd-1e9930690691360d8963eecea4918b36b6d51013.tar.gz
sssd-1e9930690691360d8963eecea4918b36b6d51013.tar.bz2
sssd-1e9930690691360d8963eecea4918b36b6d51013.zip
PAC: if user entry already exists keep it
Currently the PAC responder deletes a user entry and recreates it if some attributes seems to be different. Two of the attributes where the home directory and the shell of the user. Those two attributes are not available from the PAC but where generates by the PAC responder. The corresponding ID provider might have better means to determine those attributes, e.g. read them from LDAP, so we shouldn't change them here. The third attribute is the user name. Since the PAC responder does lookups only based on the UID we can wait until the ID provider updates the entry. Fixes https://fedorahosted.org/sssd/ticket/1996
Diffstat (limited to 'src')
-rw-r--r--src/responder/pac/pacsrv.h2
-rw-r--r--src/responder/pac/pacsrv_cmd.c55
-rw-r--r--src/responder/pac/pacsrv_utils.c39
3 files changed, 10 insertions, 86 deletions
diff --git a/src/responder/pac/pacsrv.h b/src/responder/pac/pacsrv.h
index 6477e449..126ec7de 100644
--- a/src/responder/pac/pacsrv.h
+++ b/src/responder/pac/pacsrv.h
@@ -81,6 +81,4 @@ errno_t get_pwd_from_pac(TALLOC_CTX *mem_ctx,
struct PAC_LOGON_INFO *logon_info,
struct passwd **_pwd,
struct sysdb_attrs **_attrs);
-
-bool new_and_cached_user_differs(struct passwd *pwd, struct ldb_message *msg);
#endif /* __PACSRV_H__ */
diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c
index 2b11acad..e5152006 100644
--- a/src/responder/pac/pacsrv_cmd.c
+++ b/src/responder/pac/pacsrv_cmd.c
@@ -549,7 +549,6 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx)
struct passwd *pwd = NULL;
TALLOC_CTX *tmp_ctx = NULL;
struct sysdb_attrs *user_attrs = NULL;
- const char *tmp_str;
sysdb = pr_ctx->dom->sysdb;
if (sysdb == NULL) {
@@ -575,53 +574,19 @@ static errno_t save_pac_user(struct pac_req_ctx *pr_ctx)
ret = sysdb_search_user_by_uid(tmp_ctx, sysdb, pr_ctx->dom,
pwd->pw_uid, attrs, &msg);
- if (ret == EOK) {
- if (new_and_cached_user_differs(pwd, msg)) {
- ret = sysdb_delete_user(sysdb, pr_ctx->dom, NULL, pwd->pw_uid);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_user failed.\n"));
- goto done;
- }
-
- /* If the entry is delete we might loose the information about the
- * original DN of e.g. an IPA user or a chache password. */
- tmp_str = ldb_msg_find_attr_as_string(msg, SYSDB_ORIG_DN, NULL);
- if (tmp_str != NULL) {
- ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN,
- tmp_str);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
- ("sysdb_attrs_add_string failed.\n"));
- goto done;
- }
- }
-
- tmp_str = ldb_msg_find_attr_as_string(msg, SYSDB_CACHEDPWD, NULL);
- if (tmp_str != NULL) {
- ret = sysdb_attrs_add_string(user_attrs, SYSDB_CACHEDPWD,
- tmp_str);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE,
- ("sysdb_attrs_add_string failed.\n"));
- goto done;
- }
- }
- } else {
+ if (ret == ENOENT) {
+ ret = sysdb_store_user(sysdb, pr_ctx->dom, pwd->pw_name, NULL,
+ pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
+ pwd->pw_dir,
+ pwd->pw_shell, NULL, user_attrs, NULL,
+ pr_ctx->dom->user_timeout, 0);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_user failed [%d][%s].\n",
+ ret, strerror(ret)));
goto done;
}
} else if (ret != EOK && ret != ENOENT) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_name failed.\n"));
- goto done;
- }
-
- ret = sysdb_store_user(sysdb, pr_ctx->dom, pwd->pw_name, NULL,
- pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
- pwd->pw_dir,
- pwd->pw_shell, NULL, user_attrs, NULL,
- pr_ctx->dom->user_timeout, 0);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_user failed [%d][%s].\n",
- ret, strerror(ret)));
+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_search_user_by_id failed.\n"));
goto done;
}
diff --git a/src/responder/pac/pacsrv_utils.c b/src/responder/pac/pacsrv_utils.c
index f70438b6..a52282c7 100644
--- a/src/responder/pac/pacsrv_utils.c
+++ b/src/responder/pac/pacsrv_utils.c
@@ -506,42 +506,3 @@ done:
return ret;
}
-
-static bool compare_string_with_attr(const char *val, struct ldb_message *msg,
- const char *attr)
-{
- const char *str;
-
- str = ldb_msg_find_attr_as_string(msg, attr, NULL);
- if ((str == NULL && val == NULL) ||
- (str != NULL && val != NULL && strcmp(str, val) == 0)) {
- return true;
- }
-
- return false;
-}
-
-bool new_and_cached_user_differs(struct passwd *pwd, struct ldb_message *msg)
-{
- if (pwd == NULL || msg == NULL) {
- return true;
- }
-
- if (!compare_string_with_attr(pwd->pw_name, msg, SYSDB_NAME) &&
- !compare_string_with_attr(pwd->pw_name, msg, SYSDB_NAME_ALIAS)) {
- DEBUG(SSSDBG_TRACE_FUNC, ("Names differ."));
- return true;
- }
-
- if (!compare_string_with_attr(pwd->pw_dir, msg, SYSDB_HOMEDIR)) {
- DEBUG(SSSDBG_TRACE_FUNC, ("Home directories differ."));
- return true;
- }
-
- if (!compare_string_with_attr(pwd->pw_shell, msg, SYSDB_SHELL)) {
- DEBUG(SSSDBG_TRACE_FUNC, ("Shells differ."));
- return true;
- }
-
- return false;
-}