From 4bbcc2d6d3f16b015796818746a45134861c93a4 Mon Sep 17 00:00:00 2001

From: Pavel Reichl <preichl@redhat.com>

Date: Tue, 9 Dec 2014 11:01:13 +0000

Subject: [PATCH 4/7] SYSDB: sysdb_search_object_by_sid returns ENOENT

MIME-Version: 1.0

Content-Type: text/plain; charset=UTF-8

Content-Transfer-Encoding: 8bit

sysdb_search_object_by_sid returns ENOENT if no results are found.

Part od solution for:

https://fedorahosted.org/sssd/ticket/1991

Fixes:

https://fedorahosted.org/sssd/ticket/2520

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>

---

 src/db/sysdb.h                 |  2 +-

 src/db/sysdb_ops.c             | 68 ++++++------------------------------------

 src/responder/nss/nsssrv_cmd.c | 25 ++++++++--------

 src/responder/pac/pacsrv_cmd.c | 29 ++++++++++--------

 src/tests/sysdb-tests.c        |  5 +---

 5 files changed, 39 insertions(+), 90 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h

index 01900425ac5e8733eb57877bbadef0e8da00475f..b1e057107cc6e3d4ce7b7bb8e821a2414c3424a7 100644

--- a/src/db/sysdb.h

+++ b/src/db/sysdb.h

@@ -1035,7 +1035,7 @@ errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx,

                                    struct sss_domain_info *domain,

                                    const char *sid_str,

                                    const char **attrs,

-                                   struct ldb_result **msg);

+                                   struct ldb_result **res);

 errno_t sysdb_search_object_by_uuid(TALLOC_CTX *mem_ctx,

                                     struct sss_domain_info *domain,

diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c

index 768f9455329b136b3de9794ad127dd349f1eaa43..b12540b68d1c81c419455416294f3449dd84914e 100644

--- a/src/db/sysdb_ops.c

+++ b/src/db/sysdb_ops.c

@@ -2994,7 +2994,14 @@ int sysdb_delete_by_sid(struct sysdb_ctx *sysdb,

     }

     ret = sysdb_search_object_by_sid(tmp_ctx, domain, sid_str, NULL, &res;;

-    if (ret != EOK) {

+

+    if (ret == ENOENT) {

+        /* No existing entry. Just quit. */

+        DEBUG(SSSDBG_TRACE_FUNC,

+              "search by sid did not return any results.\n");

+        ret = EOK;

+        goto done;

+    } else if (ret != EOK) {

         DEBUG(SSSDBG_OP_FAILURE, "search by sid failed: %d (%s)\n",

               ret, strerror(ret));

         goto done;

@@ -3007,12 +3014,6 @@ int sysdb_delete_by_sid(struct sysdb_ctx *sysdb,

         goto done;

     }

-    if (res->count == 0) {

-        /* No existing entry. Just quit. */

-        ret = EOK;

-        goto done;

-    }

-

     ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, false);

     if (ret != EOK) {

         goto done;

@@ -3564,61 +3565,10 @@ errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx,

                                    struct sss_domain_info *domain,

                                    const char *sid_str,

                                    const char **attrs,

-                                   struct ldb_result **msg)

+                                   struct ldb_result **res)

 {

-/* TODO: use

     return sysdb_search_object_by_str_attr(mem_ctx, domain, SYSDB_SID_FILTER,

                                            sid_str, attrs, res);

-

-    when verified that all callers can handle ENOENT correctly. */

-

-    TALLOC_CTX *tmp_ctx;

-    const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_GIDNUM,

-                                ORIGINALAD_PREFIX SYSDB_NAME,

-                                SYSDB_OBJECTCLASS, NULL };

-    struct ldb_dn *basedn;

-    int ret;

-    struct ldb_result *res = NULL;

-

-    tmp_ctx = talloc_new(NULL);

-    if (!tmp_ctx) {

-        return ENOMEM;

-    }

-

-    basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_DOM_BASE, domain->name);

-    if (basedn == NULL) {

-        DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");

-        ret = ENOMEM;

-        goto done;

-    }

-

-    ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,

-                     basedn, LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs,

-                     SYSDB_SID_FILTER, sid_str);

-    if (ret != EOK) {

-        ret = sysdb_error_to_errno(ret);

-        DEBUG(SSSDBG_OP_FAILURE, "ldb_search failed.\n");

-        goto done;

-    }

-

-    if (res->count > 1) {

-        DEBUG(SSSDBG_CRIT_FAILURE, "Search for SID [%s] returned more than " \

-                                    "one object.\n", sid_str);

-        ret = EINVAL;

-        goto done;

-    }

-

-    *msg = talloc_steal(mem_ctx, res);

-

-done:

-    if (ret == ENOENT) {

-        DEBUG(SSSDBG_TRACE_FUNC, "No such entry.\n");

-    } else if (ret) {

-        DEBUG(SSSDBG_OP_FAILURE, "Error: %d (%s)\n", ret, strerror(ret));

-    }

-

-    talloc_zfree(tmp_ctx);

-    return ret;

 }

 errno_t sysdb_search_object_by_uuid(TALLOC_CTX *mem_ctx,

diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c

index 80ac221e288665741d8b1e2bd020ecca568106c1..3c5d450714fb3f7655cd32aeef900b4f5e9782c7 100644

--- a/src/responder/nss/nsssrv_cmd.c

+++ b/src/responder/nss/nsssrv_cmd.c

@@ -4491,20 +4491,10 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)

     ret = sysdb_search_object_by_sid(cmdctx, dom, cmdctx->secid, NULL,

                                      &dctx->res);

-    if (ret != EOK) {

-        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache!\n");

-        return EIO;

-    }

-

-    if (dctx->res->count > 1) {

-        DEBUG(SSSDBG_FATAL_FAILURE, "getbysid call returned more than one " \

-                                     "result !?!\n");

-        return ENOENT;

-    }

-

-    if (dctx->res->count == 0) {

-        DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n");

+    if (ret == ENOENT) {

         if (!dctx->check_provider) {

+            DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n");

+

             /* set negative cache only if not result of cache check */

             ret = sss_ncache_set_sid(nctx->ncache, false, cmdctx->secid);

             if (ret != EOK) {

@@ -4513,6 +4503,15 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx)

             }

         }

         return ENOENT;

+    } else if (ret != EOK) {

+        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache!\n");

+        return EIO;

+    }

+

+    if (dctx->res->count > 1) {

+        DEBUG(SSSDBG_FATAL_FAILURE, "getbysid call returned more than one " \

+                                     "result !?!\n");

+        return ENOENT;

     }

     /* if this is a caching provider (or if we haven't checked the cache

diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c

index cc92592893899b1fa269188facc1a8154f80991d..07d2f0cf79b70429dc7cf2784a8e31d651e5095f 100644

--- a/src/responder/pac/pacsrv_cmd.c

+++ b/src/responder/pac/pacsrv_cmd.c

@@ -297,17 +297,17 @@ static void pac_lookup_sids_done(struct tevent_req *req)

             msg = NULL;

             ret = sysdb_search_object_by_sid(pr_ctx, dom, entries[c].key.str,

                                              NULL, &msg;;

-            if (ret != EOK) {

-                DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_object_by_sid " \

-                                          "failed.\n");

-                continue;

-            }

-

-            if (msg->count == 0) {

+            if (ret == ENOENT) {

                 DEBUG(SSSDBG_OP_FAILURE, "No entry found for SID [%s].\n",

-                                          entries[c].key.str);

+                      entries[c].key.str);

                 continue;

-            } else if (msg->count > 1) {

+            } else if (ret != EOK) {

+                DEBUG(SSSDBG_OP_FAILURE,

+                      "sysdb_search_object_by_sid failed.\n");

+                continue;

+            }

+

+            if (msg->count > 1) {

                 DEBUG(SSSDBG_CRIT_FAILURE, "More then one result returned " \

                                             "for SID [%s].\n",

                                             entries[c].key.str);

@@ -911,10 +911,13 @@ pac_store_membership(struct pac_req_ctx *pr_ctx,

     ret = sysdb_search_object_by_sid(tmp_ctx, grp_dom, grp_sid_str,

                                      group_attrs, &group);

-    if (ret != EOK) {

-        DEBUG(SSSDBG_TRACE_INTERNAL, "sysdb_search_object_by_sid " \

-                                      "for SID [%s] failed [%d][%s].\n",

-                                      grp_sid_str, ret, strerror(ret));

+    if (ret == ENOENT) {

+        DEBUG(SSSDBG_OP_FAILURE, "Unexpected number of groups returned.\n");

+        goto done;

+    } else if (ret != EOK) {

+        DEBUG(SSSDBG_TRACE_INTERNAL,

+              "sysdb_search_object_by_sid for SID [%s] failed [%d][%s].\n",

+              grp_sid_str, ret, strerror(ret));

         goto done;

     }

diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c

index d303982647547eefdce7c37ac5b70e1ffbe869ce..92b41e90d08c2d50775289ba8c922f39350ce625 100644

--- a/src/tests/sysdb-tests.c

+++ b/src/tests/sysdb-tests.c

@@ -4861,13 +4861,10 @@ START_TEST (test_sysdb_search_return_ENOENT)

     talloc_zfree(res);

     /* Search object */

-    /* TODO: Should return ENOENT */

     ret = sysdb_search_object_by_sid(test_ctx, test_ctx->domain,

                                      "S-5-4-3-2-1", NULL, &res;;

-    fail_unless(ret == EOK, "sysdb_search_object_by_sid_str failed with "

+    fail_unless(ret == ENOENT, "sysdb_search_object_by_sid_str failed with "

                              "[%d][%s].", ret, strerror(ret));

-    fail_unless(res->count == 0, "sysdb_search_object_by_sid_str should not "

-                                 "return anything.");

     talloc_zfree(res);

     /* Search can return more results */

-- 

1.9.3