From 4bbcc2d6d3f16b015796818746a45134861c93a4 Mon Sep 17 00:00:00 2001 From: Pavel Reichl Date: Dec 17 2014 14:57:34 +0000 Subject: SYSDB: sysdb_search_object_by_sid returns ENOENT sysdb_search_object_by_sid returns ENOENT if no results are found. Part od solution for: https://fedorahosted.org/sssd/ticket/1991 Fixes: https://fedorahosted.org/sssd/ticket/2520 Reviewed-by: Lukáš Slebodník --- diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 0190042..b1e0571 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -1035,7 +1035,7 @@ errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sid_str, const char **attrs, - struct ldb_result **msg); + struct ldb_result **res); errno_t sysdb_search_object_by_uuid(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 768f945..b12540b 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2994,7 +2994,14 @@ int sysdb_delete_by_sid(struct sysdb_ctx *sysdb, } ret = sysdb_search_object_by_sid(tmp_ctx, domain, sid_str, NULL, &res); - if (ret != EOK) { + + if (ret == ENOENT) { + /* No existing entry. Just quit. */ + DEBUG(SSSDBG_TRACE_FUNC, + "search by sid did not return any results.\n"); + ret = EOK; + goto done; + } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "search by sid failed: %d (%s)\n", ret, strerror(ret)); goto done; @@ -3007,12 +3014,6 @@ int sysdb_delete_by_sid(struct sysdb_ctx *sysdb, goto done; } - if (res->count == 0) { - /* No existing entry. Just quit. */ - ret = EOK; - goto done; - } - ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, false); if (ret != EOK) { goto done; @@ -3564,61 +3565,10 @@ errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sid_str, const char **attrs, - struct ldb_result **msg) + struct ldb_result **res) { -/* TODO: use return sysdb_search_object_by_str_attr(mem_ctx, domain, SYSDB_SID_FILTER, sid_str, attrs, res); - - when verified that all callers can handle ENOENT correctly. */ - - TALLOC_CTX *tmp_ctx; - const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_GIDNUM, - ORIGINALAD_PREFIX SYSDB_NAME, - SYSDB_OBJECTCLASS, NULL }; - struct ldb_dn *basedn; - int ret; - struct ldb_result *res = NULL; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_DOM_BASE, domain->name); - if (basedn == NULL) { - DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n"); - ret = ENOMEM; - goto done; - } - - ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, - basedn, LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs, - SYSDB_SID_FILTER, sid_str); - if (ret != EOK) { - ret = sysdb_error_to_errno(ret); - DEBUG(SSSDBG_OP_FAILURE, "ldb_search failed.\n"); - goto done; - } - - if (res->count > 1) { - DEBUG(SSSDBG_CRIT_FAILURE, "Search for SID [%s] returned more than " \ - "one object.\n", sid_str); - ret = EINVAL; - goto done; - } - - *msg = talloc_steal(mem_ctx, res); - -done: - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_FUNC, "No such entry.\n"); - } else if (ret) { - DEBUG(SSSDBG_OP_FAILURE, "Error: %d (%s)\n", ret, strerror(ret)); - } - - talloc_zfree(tmp_ctx); - return ret; } errno_t sysdb_search_object_by_uuid(TALLOC_CTX *mem_ctx, diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index 80ac221..3c5d450 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -4491,20 +4491,10 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx) ret = sysdb_search_object_by_sid(cmdctx, dom, cmdctx->secid, NULL, &dctx->res); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache!\n"); - return EIO; - } - - if (dctx->res->count > 1) { - DEBUG(SSSDBG_FATAL_FAILURE, "getbysid call returned more than one " \ - "result !?!\n"); - return ENOENT; - } - - if (dctx->res->count == 0) { - DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n"); + if (ret == ENOENT) { if (!dctx->check_provider) { + DEBUG(SSSDBG_OP_FAILURE, "No results for getbysid call.\n"); + /* set negative cache only if not result of cache check */ ret = sss_ncache_set_sid(nctx->ncache, false, cmdctx->secid); if (ret != EOK) { @@ -4513,6 +4503,15 @@ static errno_t nss_cmd_getbysid_search(struct nss_dom_ctx *dctx) } } return ENOENT; + } else if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to make request to our cache!\n"); + return EIO; + } + + if (dctx->res->count > 1) { + DEBUG(SSSDBG_FATAL_FAILURE, "getbysid call returned more than one " \ + "result !?!\n"); + return ENOENT; } /* if this is a caching provider (or if we haven't checked the cache diff --git a/src/responder/pac/pacsrv_cmd.c b/src/responder/pac/pacsrv_cmd.c index cc92592..07d2f0c 100644 --- a/src/responder/pac/pacsrv_cmd.c +++ b/src/responder/pac/pacsrv_cmd.c @@ -297,17 +297,17 @@ static void pac_lookup_sids_done(struct tevent_req *req) msg = NULL; ret = sysdb_search_object_by_sid(pr_ctx, dom, entries[c].key.str, NULL, &msg); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_object_by_sid " \ - "failed.\n"); + if (ret == ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, "No entry found for SID [%s].\n", + entries[c].key.str); + continue; + } else if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + "sysdb_search_object_by_sid failed.\n"); continue; } - if (msg->count == 0) { - DEBUG(SSSDBG_OP_FAILURE, "No entry found for SID [%s].\n", - entries[c].key.str); - continue; - } else if (msg->count > 1) { + if (msg->count > 1) { DEBUG(SSSDBG_CRIT_FAILURE, "More then one result returned " \ "for SID [%s].\n", entries[c].key.str); @@ -911,10 +911,13 @@ pac_store_membership(struct pac_req_ctx *pr_ctx, ret = sysdb_search_object_by_sid(tmp_ctx, grp_dom, grp_sid_str, group_attrs, &group); - if (ret != EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, "sysdb_search_object_by_sid " \ - "for SID [%s] failed [%d][%s].\n", - grp_sid_str, ret, strerror(ret)); + if (ret == ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, "Unexpected number of groups returned.\n"); + goto done; + } else if (ret != EOK) { + DEBUG(SSSDBG_TRACE_INTERNAL, + "sysdb_search_object_by_sid for SID [%s] failed [%d][%s].\n", + grp_sid_str, ret, strerror(ret)); goto done; } diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index d303982..92b41e9 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -4861,13 +4861,10 @@ START_TEST (test_sysdb_search_return_ENOENT) talloc_zfree(res); /* Search object */ - /* TODO: Should return ENOENT */ ret = sysdb_search_object_by_sid(test_ctx, test_ctx->domain, "S-5-4-3-2-1", NULL, &res); - fail_unless(ret == EOK, "sysdb_search_object_by_sid_str failed with " + fail_unless(ret == ENOENT, "sysdb_search_object_by_sid_str failed with " "[%d][%s].", ret, strerror(ret)); - fail_unless(res->count == 0, "sysdb_search_object_by_sid_str should not " - "return anything."); talloc_zfree(res); /* Search can return more results */