diff options
Diffstat (limited to 'src/providers/ldap/sdap_async_accounts.c')
-rw-r--r-- | src/providers/ldap/sdap_async_accounts.c | 41 |
1 files changed, 33 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_accounts.c b/src/providers/ldap/sdap_async_accounts.c index 7abe3571..648f9a73 100644 --- a/src/providers/ldap/sdap_async_accounts.c +++ b/src/providers/ldap/sdap_async_accounts.c @@ -34,6 +34,7 @@ static int sdap_save_user(TALLOC_CTX *memctx, struct sdap_options *opts, struct sss_domain_info *dom, struct sysdb_attrs *attrs, + const char **ldap_attrs, bool is_initgr, char **_usn_value) { @@ -53,6 +54,7 @@ static int sdap_save_user(TALLOC_CTX *memctx, int cache_timeout; char *usn_value = NULL; size_t c; + char **missing = NULL; DEBUG(9, ("Save user\n")); @@ -266,12 +268,28 @@ static int sdap_save_user(TALLOC_CTX *memctx, } } + /* Make sure that any attributes we requested from LDAP that we + * did not receive are also removed from the sysdb + */ + ret = list_missing_attrs(NULL, opts->user_map, SDAP_OPTS_USER, + ldap_attrs, attrs, &missing); + if (ret != EOK) { + goto fail; + } + + /* Remove missing attributes */ + if (missing && !missing[0]) { + /* Nothing to remove */ + talloc_zfree(missing); + } + DEBUG(6, ("Storing info for user %s\n", name)); ret = sysdb_store_user(memctx, ctx, dom, name, pwd, uid, gid, gecos, homedir, shell, - user_attrs, cache_timeout); + user_attrs, missing, cache_timeout); if (ret) goto fail; + talloc_zfree(missing); if (_usn_value) { *_usn_value = usn_value; @@ -281,6 +299,7 @@ static int sdap_save_user(TALLOC_CTX *memctx, fail: DEBUG(2, ("Failed to save user %s\n", name)); + talloc_free(missing); return ret; } @@ -289,6 +308,7 @@ fail: static int sdap_save_users(TALLOC_CTX *memctx, struct sysdb_ctx *sysdb, + const char **attrs, struct sss_domain_info *dom, struct sdap_options *opts, struct sysdb_attrs **users, @@ -320,7 +340,8 @@ static int sdap_save_users(TALLOC_CTX *memctx, usn_value = NULL; ret = sdap_save_user(tmpctx, sysdb, opts, dom, - users[i], false, &usn_value); + users[i], attrs, false, + &usn_value); /* Do not fail completely on errors. * Just report the failure to save and go on */ @@ -446,6 +467,7 @@ static void sdap_get_users_process(struct tevent_req *subreq) } ret = sdap_save_users(state, state->sysdb, + state->attrs, state->dom, state->opts, state->users, state->count, &state->higher_usn); @@ -1449,7 +1471,8 @@ next: } if (state->check_count == 0) { - ret = sdap_save_users(state, state->sysdb, state->dom, state->opts, + ret = sdap_save_users(state, state->sysdb, state->attrs, + state->dom, state->opts, state->new_members, state->count, NULL); if (ret) { DEBUG(2, ("Failed to store users.\n")); @@ -1770,7 +1793,8 @@ static void sdap_nested_done(struct tevent_req *subreq) /* Save all of the users first so that they are in * place for the groups to add them. */ - ret = sdap_save_users(state, state->sysdb, state->dom, state->opts, + ret = sdap_save_users(state, state->sysdb, state->attrs, + state->dom, state->opts, users, count, &state->higher_usn); if (ret != EOK) { tevent_req_error(req, ret); @@ -2320,6 +2344,7 @@ struct sdap_get_initgr_state { struct sdap_id_ctx *id_ctx; const char *name; const char **grp_attrs; + const char **ldap_attrs; struct sysdb_attrs *orig_user; }; @@ -2338,7 +2363,6 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, struct sdap_get_initgr_state *state; const char *base_dn; char *filter; - const char **attrs; int ret; DEBUG(9, ("Retrieving info for initgroups call\n")); @@ -2373,7 +2397,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, } ret = build_attrs_from_map(state, state->opts->user_map, - SDAP_OPTS_USER, &attrs); + SDAP_OPTS_USER, &state->ldap_attrs); if (ret) { talloc_zfree(req); return NULL; @@ -2382,7 +2406,7 @@ struct tevent_req *sdap_get_initgr_send(TALLOC_CTX *memctx, subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base_dn, LDAP_SCOPE_SUBTREE, - filter, attrs, + filter, state->ldap_attrs, state->opts->user_map, SDAP_OPTS_USER, dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT)); @@ -2443,7 +2467,8 @@ static void sdap_get_initgr_user(struct tevent_req *subreq) ret = sdap_save_user(state, state->sysdb, state->opts, state->dom, - state->orig_user, true, NULL); + state->orig_user, state->ldap_attrs, + true, NULL); if (ret) { sysdb_transaction_cancel(state->sysdb); tevent_req_error(req, ret); |