Commit e5c74ab CONFDB: Start a ldb transaction from sss_ldb_modify_permissive()

1 file Authored by fidencio 2 months ago , Committed by jhrozek 2 months ago ,
CONFDB: Start a ldb transaction from sss_ldb_modify_permissive()

The reason why confdb_expand_app_domains() always fails is because we
try to do a ldb_request() without starting a ldb transaction.

When we're dealing with ldb_modify(), ldb_add(), ldb_delete() kind of
messages, those call ldb_autotransaction_request() which will start a
new transaction and treat it properly when doing the ldb_request(). In
our case that we're calling ldb_request() by our own, we must ensure
that the transaction is started and properly deal with it._

It's never been noticed because in the only place the function is used
its errors are ignored.

Resolves:
https://pagure.io/SSSD/sssd/issue/3660

Signed-off-by: Fabiano FidĂȘncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

    
 1 @@ -66,7 +66,9 @@
 2                                 struct ldb_message *msg)
 3   {
 4       struct ldb_request *req;
 5 -     int ret = EOK;
 6 +     int ret;
 7 +     int cancel_ret;
 8 +     bool in_transaction = false;
 9   
10       ret = ldb_build_mod_req(&req, ldb, ldb,
11                               msg,
12 @@ -84,9 +86,44 @@
13           return ret;
14       }
15   
16 +     ret = ldb_transaction_start(ldb);
17 +     if (ret != LDB_SUCCESS) {
18 +         DEBUG(SSSDBG_CRIT_FAILURE,
19 +               "Failed to start ldb transaction [%d]: %s\n",
20 +               ret, sss_strerror(ret));
21 +         goto done;
22 +     }
23 + 
24 +     in_transaction = true;
25 + 
26       ret = ldb_request(ldb, req);
27       if (ret == LDB_SUCCESS) {
28           ret = ldb_wait(req->handle, LDB_WAIT_ALL);
29 +         if (ret != LDB_SUCCESS) {
30 +             goto done;
31 +         }
32 +     }
33 + 
34 +     ret = ldb_transaction_commit(ldb);
35 +     if (ret != LDB_SUCCESS) {
36 +         DEBUG(SSSDBG_CRIT_FAILURE,
37 +               "Failed to commit ldb transaction [%d]: %s\n",
38 +               ret, sss_strerror(ret));
39 +         goto done;
40 +     }
41 + 
42 +     in_transaction = false;
43 + 
44 +     ret = LDB_SUCCESS;
45 + 
46 + done:
47 +     if (in_transaction) {
48 +         cancel_ret = ldb_transaction_cancel(ldb);
49 +         if (cancel_ret != LDB_SUCCESS) {
50 +             DEBUG(SSSDBG_CRIT_FAILURE,
51 +                   "Failed to cancel ldb transaction [%d]: %s\n",
52 +                   cancel_ret, sss_strerror(cancel_ret));
53 +         }
54       }
55   
56       talloc_free(req);