From f1c5ded4457717cd516b676dfe7a6d315a7ce70b Mon Sep 17 00:00:00 2001 From: Lukas Slebodnik Date: Wed, 27 Jul 2016 10:30:21 +0200 Subject: [PATCH] SYSDB: Check changed virtual attributes before modified timestamp Virtual attributes are computed and not stored therefore "modifyTimestamp" is not changed for the user. As a result of this, sssd assumes that entry was not changed and update just entries in timestamp cache. Enabling and disabling user in 389ds changes the virtual attribute nsAccountLock. Resolves: https://fedorahosted.org/sssd/ticket/3110 --- src/db/sysdb_ops.c | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 19d6be03ede1bcec3bc7a4ed777e326460d80591..6a61e84d60ce174f0f65ed8472b123853baf8499 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -1101,12 +1101,46 @@ done: return ret; } +static bool changed_virtual_attribute(struct sysdb_attrs *attrs, + char **remove_attrs) +{ + errno_t ret; + const char *value; + const char *virtual_attributes[] = { "nsAccountLock", NULL }; + + /* check removed virtual attributes */ + if (remove_attrs != NULL) { + for (size_t i = 0; virtual_attributes[i] != NULL; ++i) { + if (string_in_list(virtual_attributes[i], remove_attrs, false)) { + return true; + } + } + } + + /* check added virtual attributes */ + if (attrs != NULL) { + for (size_t i = 0; virtual_attributes[i] != NULL; ++i) { + ret = sysdb_attrs_get_string(attrs, virtual_attributes[i], &value); + if (ret == EOK) { + return true; + } + } + } + + return false; +} + static errno_t sysdb_check_and_update_ts_usr(struct sss_domain_info *domain, const char *grp_name, struct sysdb_attrs *attrs, + char **remove_attrs, uint64_t cache_timeout, time_t now) { + if (changed_virtual_attribute(attrs, remove_attrs)) { + return EEXIST; + } + return sysdb_check_and_update_ts_obj(domain, SYSDB_USER, grp_name, attrs, cache_timeout, now); } @@ -2465,7 +2499,7 @@ int sysdb_store_user(struct sss_domain_info *domain, errno_t sret = EOK; bool in_transaction = false; - ret = sysdb_check_and_update_ts_usr(domain, name, attrs, + ret = sysdb_check_and_update_ts_usr(domain, name, attrs, remove_attrs, cache_timeout, now); if (ret == EOK) { DEBUG(SSSDBG_TRACE_LIBS, -- 2.7.4