andykimpe / rpms / 389-ds-base

Forked from rpms/389-ds-base 5 months ago
Clone
Source Code
GIT

Blame 0217-Ticket-47770-481-breaks-possibility-to-reassemble-me.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-armhfp c7-beta c8-beta-stream-1.4 c8-stream-1.4 c8s-stream-1.4 c8s-stream-ds c9 c9-beta
  1.   c6
  2.   0217-Ticket-47770-481-breaks-possibility-to-reassemble-me.patch
Blob History Raw
dc8c34 
From 39ccde6067bd72202cf11e956afe71ca5c92446c Mon Sep 17 00:00:00 2001
dc8c34 
From: Noriko Hosoi <nhosoi@redhat.com>
dc8c34 
Date: Mon, 2 Jun 2014 17:32:40 -0700
dc8c34 
Subject: [PATCH 217/225] Ticket #47770 - #481 breaks possibility to reassemble
dc8c34 
 memberuid list
dc8c34
dc8c34 
Description: Patch to implement #481 "expand nested posix groups"
dc8c34 
wiped out the code in posix_group_fix_memberuid_callback (posix-
dc8c34 
group-task.c) to add memberuid if the entry is a posix group.
dc8c34 
This patch adds the code back.
dc8c34
dc8c34 
Plus fixed a couple of memory leaks and renamed a posix winsync
dc8c34 
local function plugin_op_all_finished to posix_winsync_plugin_op_
dc8c34 
all_finished not to confuse valgrind.
dc8c34
dc8c34 
https://fedorahosted.org/389/ticket/47770
dc8c34
dc8c34 
Reviewed by rmeggins@redhat.com (Thank you, Rich!!)
dc8c34
dc8c34 
(cherry picked from commit 8d5410e2e08f2e6fdabe9ab1dc3e97b20842a34d)
dc8c34 
(cherry picked from commit 945d113b968ef878f13848d1d7d83b70c9bc2e85)
dc8c34 
(cherry picked from commit 2574dffa82490b2258226edf5b420abaf19a9c09)
dc8c34 
(cherry picked from commit bdb5e35f608953ca1533365788ab12f56944156c)
dc8c34 
---
dc8c34 
 .../plugins/posix-winsync/posix-group-func.c       |  4 +-
dc8c34 
 .../plugins/posix-winsync/posix-group-func.h       |  1 +
dc8c34 
 .../plugins/posix-winsync/posix-group-task.c       | 72 ++++++++++++++++++----
dc8c34 
 .../plugins/posix-winsync/posix-winsync-config.c   |  3 +-
dc8c34 
 4 files changed, 66 insertions(+), 14 deletions(-)
dc8c34
dc8c34 
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.c b/ldap/servers/plugins/posix-winsync/posix-group-func.c
dc8c34 
index 6a7aa84..1f6be93 100644
dc8c34 
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.c
dc8c34 
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.c
dc8c34 
@@ -23,12 +23,12 @@
dc8c34 
 #include <string.h>
dc8c34 
 #include <nspr.h>
dc8c34 
 #include "posix-wsp-ident.h"
dc8c34 
+#include "posix-group-func.h"
dc8c34
dc8c34 
 #define MAX_RECURSION_DEPTH (5)
dc8c34
dc8c34 
 Slapi_Value **
dc8c34 
 valueset_get_valuearray(const Slapi_ValueSet *vs); /* stolen from proto-slap.h */
dc8c34 
-static int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
dc8c34
dc8c34 
 static PRMonitor *memberuid_operation_lock = 0;
dc8c34
dc8c34 
@@ -262,7 +262,7 @@ smods_has_mod(Slapi_Mods *smods, int modtype, const char *type, const char *val)
dc8c34 
     return rc;
dc8c34 
 }
dc8c34
dc8c34 
-static int
dc8c34 
+int
dc8c34 
 hasObjectClass(Slapi_Entry *entry, const char *objectClass)
dc8c34 
 {
dc8c34 
     int rc = 0;
dc8c34 
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-func.h b/ldap/servers/plugins/posix-winsync/posix-group-func.h
dc8c34 
index 0f0ae37..f6d53bf 100644
dc8c34 
--- a/ldap/servers/plugins/posix-winsync/posix-group-func.h
dc8c34 
+++ b/ldap/servers/plugins/posix-winsync/posix-group-func.h
dc8c34 
@@ -19,5 +19,6 @@ void memberUidUnlock();
dc8c34 
 int memberUidLockInit();
dc8c34 
 int addUserToGroupMembership(Slapi_Entry *entry);
dc8c34 
 void propogateDeletionsUpward(Slapi_Entry *, const Slapi_DN *, Slapi_ValueSet*, Slapi_ValueSet *, int);
dc8c34 
+int hasObjectClass(Slapi_Entry *entry, const char *objectClass);
dc8c34
dc8c34 
 #endif
dc8c34 
diff --git a/ldap/servers/plugins/posix-winsync/posix-group-task.c b/ldap/servers/plugins/posix-winsync/posix-group-task.c
dc8c34 
index 05c43af..4ddbe52 100644
dc8c34 
--- a/ldap/servers/plugins/posix-winsync/posix-group-task.c
dc8c34 
+++ b/ldap/servers/plugins/posix-winsync/posix-group-task.c
dc8c34 
@@ -89,7 +89,7 @@ posix_group_task_add(Slapi_PBlock *pb, Slapi_Entry *e, Slapi_Entry *eAfter, int
dc8c34 
     slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
                     "posix_group_task_add: retrieved basedn: %s\n", dn);
dc8c34
dc8c34 
-    if ((filter = fetch_attr(e, "filter", "(objectclass=ntGroup)")) == NULL) {
dc8c34 
+    if ((filter = fetch_attr(e, "filter", "(&(objectclass=ntGroup)(|(uniquemember=*)(memberuid=*)))")) == NULL) {
dc8c34 
         *returncode = LDAP_OBJECT_CLASS_VIOLATION;
dc8c34 
         rv = SLAPI_DSE_CALLBACK_ERROR;
dc8c34 
         goto out;
dc8c34 
@@ -240,6 +240,7 @@ posix_group_fix_memberuid(char *dn, char *filter_str, void *txn)
dc8c34 
 static int
dc8c34 
 posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34 
 {
dc8c34 
+    int i;
dc8c34 
     slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
                     "_fix_memberuid ==>\n");
dc8c34 
     cb_data *the_cb_data = (cb_data *) callback_data;
dc8c34 
@@ -253,7 +254,11 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34 
     char *dn = slapi_entry_get_dn(e);
dc8c34 
     Slapi_DN *sdn = slapi_entry_get_sdn(e);
dc8c34 
     LDAPMod **mods = NULL;
dc8c34 
+    int is_posix_group = 0;
dc8c34
dc8c34 
+    if (hasObjectClass(e, "posixGroup")) {
dc8c34 
+        is_posix_group = 1;
dc8c34 
+    }
dc8c34 
 /* Clean out memberuids and dsonlymemberuids without a valid referant */
dc8c34 
     rc = slapi_entry_attr_find(e, "memberuid", &muid_attr);
dc8c34 
     if (rc == 0 && muid_attr) {
dc8c34 
@@ -272,7 +277,6 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34 
         slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
                         "_fix_memberuid scan for orphaned memberuids\n");
dc8c34
dc8c34 
-        int i;
dc8c34 
         for (i = slapi_attr_first_value(muid_attr, &v); i != -1;
dc8c34 
              i = slapi_attr_next_value(muid_attr, i, &v)) {
dc8c34 
             const char *muid = slapi_value_get_string(v);
dc8c34 
@@ -337,10 +341,8 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34 
     if (rc == 0 && obj_attr) {
dc8c34 
         int fixMembership = 0;
dc8c34 
         Slapi_ValueSet *bad_ums = NULL;
dc8c34 
-
dc8c34 
-        int i;
dc8c34 
-        Slapi_Value * uniqval = NULL;            /* uniquemeber Attribute values          */
dc8c34 
-
dc8c34 
+        Slapi_Value *uniqval = NULL;   /* uniquemeber Attribute values */
dc8c34 
+        Slapi_ValueSet *uids = NULL;
dc8c34 
         slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
                         "_fix_memberuid scan uniquemember, group %s\n", dn);
dc8c34 
         for (i = slapi_attr_first_value(obj_attr, &uniqval); i != -1;
dc8c34 
@@ -350,11 +352,14 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34 
             char *attrs[] = { "uid", "objectclass", NULL };
dc8c34 
             Slapi_Entry *child = getEntry(member, attrs);
dc8c34
dc8c34 
-            if (!child) {
dc8c34 
+            if (child) {
dc8c34 
+                slapi_entry_free(child);
dc8c34 
+            } else {
dc8c34 
                 slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
                                 "_fix_memberuid orphaned uniquemember found: %s\n", member);
dc8c34
dc8c34 
-                if (strncasecmp(member, "cn=", 3) == 0) {
dc8c34 
+                if ((strncasecmp(member, "cn=", 3) == 0) ||
dc8c34 
+                    (strncasecmp(member, "uid=", 4) == 0)) {
dc8c34 
                     fixMembership = 1;
dc8c34 
                 }
dc8c34 
                 if (!bad_ums) {
dc8c34 
@@ -362,12 +367,51 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34 
                 }
dc8c34 
                 slapi_valueset_add_value(bad_ums, uniqval);
dc8c34 
             }
dc8c34 
+
dc8c34 
+            if (is_posix_group) {
dc8c34 
+                char *uid = NULL;
dc8c34 
+                /* search uid for member (DN) */
dc8c34 
+                slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "search %s\n", member);
dc8c34 
+                if ((uid = searchUid(member)) != NULL) {
dc8c34 
+                    Slapi_Value *value = slapi_value_new();
dc8c34 
+                    /* Search an entry having "member" as DN and get uid value from it. */
dc8c34 
+                    slapi_value_set_string_passin(value, uid);
dc8c34 
+                    /* add uids ValueSet */
dc8c34 
+                    if (NULL == uids) {
dc8c34 
+                        uids = slapi_valueset_new();
dc8c34 
+                    }
dc8c34 
+                    slapi_valueset_add_value(uids, value);
dc8c34 
+                    slapi_value_free(&value);
dc8c34 
+                }
dc8c34 
+            }
dc8c34 
+        }
dc8c34 
+        /* If we found some posix members, replace the existing memberuid attribute
dc8c34 
+         * with the found values.  */
dc8c34 
+        if (uids && slapi_valueset_count(uids)) {
dc8c34 
+            Slapi_Value *val = 0;
dc8c34 
+            Slapi_Mod *smod = slapi_mod_new();
dc8c34 
+            int hint = 0;
dc8c34 
+
dc8c34 
+            slapi_mod_init(smod, 0);
dc8c34 
+            slapi_mod_set_operation(smod, LDAP_MOD_REPLACE | LDAP_MOD_BVALUES);
dc8c34 
+            slapi_mod_set_type(smod, "memberuid");
dc8c34 
+
dc8c34 
+            /* Loop through all of our values and add them to smod */
dc8c34 
+            hint = slapi_valueset_first_value(uids, &val;;
dc8c34 
+            while (val) {
dc8c34 
+                /* this makes a copy of the berval */
dc8c34 
+                slapi_mod_add_value(smod, slapi_value_get_berval(val));
dc8c34 
+                hint = slapi_valueset_next_value(uids, hint, &val;;
dc8c34 
+            }
dc8c34 
+            slapi_mods_add_ldapmod(smods, slapi_mod_get_ldapmod_passout(smod));
dc8c34 
+            slapi_mod_free(&smod);
dc8c34 
         }
dc8c34 
+        slapi_valueset_free(uids);
dc8c34
dc8c34 
         slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
                         "_fix_memberuid Finishing...\n");
dc8c34
dc8c34 
-        if (fixMembership  && posix_winsync_config_get_mapNestedGrouping()) {
dc8c34 
+        if (fixMembership && posix_winsync_config_get_mapNestedGrouping()) {
dc8c34 
             Slapi_ValueSet *del_nested_vs = slapi_valueset_new();
dc8c34
dc8c34 
             slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
@@ -383,7 +427,7 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34 
         }
dc8c34 
     }
dc8c34
dc8c34 
-    mods = slapi_mods_get_ldapmods_passout(smods);
dc8c34 
+    mods = slapi_mods_get_ldapmods_byref(smods);
dc8c34 
     if (mods) {
dc8c34 
         Slapi_PBlock *mod_pb = NULL;
dc8c34 
         mod_pb = slapi_pblock_new();
dc8c34 
@@ -400,7 +444,13 @@ posix_group_fix_memberuid_callback(Slapi_Entry *e, void *callback_data)
dc8c34
dc8c34 
     slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME,
dc8c34 
                     "_fix_memberuid <==\n");
dc8c34 
-    return rc;
dc8c34 
+    /*
dc8c34 
+     * Since Ticket #481 "expand nested posix groups",
dc8c34 
+     * there's a possibility the found entry does not contain
dc8c34 
+     * uniqueMember attribute.  But "not found" error shoud not
dc8c34 
+     * be returned, which stops the further fixup task.
dc8c34 
+     */
dc8c34 
+    return 0;
dc8c34 
 }
dc8c34
dc8c34 
 static void
dc8c34 
diff --git a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
dc8c34 
index a7fd6e9..7973137 100644
dc8c34 
--- a/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
dc8c34 
+++ b/ldap/servers/plugins/posix-winsync/posix-winsync-config.c
dc8c34 
@@ -72,7 +72,8 @@ posix_winsync_agmt_init(const Slapi_DN *ds_subtree, const Slapi_DN *ad_subtree)
dc8c34
dc8c34 
     sdn = slapi_get_first_suffix(&node, 0);
dc8c34 
     while (sdn) {
dc8c34 
-        if (slapi_sdn_isparent(sdn, ds_subtree) == 0) {
dc8c34 
+        /* if sdn is a parent of ds_subtree or sdn is the WinSync Subtree itself */
dc8c34 
+        if (slapi_sdn_isparent(sdn, ds_subtree) || !slapi_sdn_compare(sdn, ds_subtree)) {
dc8c34 
             theConfig.rep_suffix = sdn;
dc8c34 
             slapi_log_error(SLAPI_LOG_PLUGIN, POSIX_WINSYNC_PLUGIN_NAME, "Found suffix's '%s'\n",
dc8c34 
                             slapi_sdn_get_dn(sdn));
dc8c34 
--
dc8c34 
1.8.1.4
dc8c34

Powered by Pagure 5.14.1

SSH Hostkey/Fingerprint | Documentation