NSS: Fix sysdb_enumpwent_filter()

aplopez · alexey-tikhonov · commit cb11e00ce08f · 2026-04-14T17:18:26.000+02:00
The "name" attribute was not being added to the TS cache, even though that it is part of the DN (ldb doesn't enforce it). Adding this attribute requires that the DB version is incremented for the TS cache to be regenerated with the missing attribute. This made the if-block in sysdb_enumpwent_filter() rather useless. In addition, once this if-block is executed, the fuction leaves without further processing. Reviewed-by: Alexey Tikhonov <atikhono@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 11a15c2)
diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
@@ -37,6 +37,7 @@
 const char *sysdb_ts_cache_attrs[] = {
     SYSDB_OBJECTCLASS,
     SYSDB_OBJECTCATEGORY,
+    SYSDB_NAME,
     SYSDB_LAST_UPDATE,
     SYSDB_CACHE_EXPIRE,
     SYSDB_ORIG_MODSTAMP,
@@ -566,6 +567,12 @@ static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx,
         }
     }
 
+    if (strcmp(version, SYSDB_VERSION_0_25) == 0) {
+        ret = sysdb_upgrade_25(sysdb, &version);
+        if (ret != EOK) {
+            goto done;
+        }
+    }
     ret = EOK;
 done:
     sysdb->ldb = save_ldb;
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
@@ -1005,6 +1005,7 @@ static errno_t sysdb_create_ts_entry(struct sysdb_ctx *sysdb,
                                      struct sysdb_attrs *attrs)
 {
     struct ldb_message *msg;
+    const struct ldb_val *rdn_value;
     errno_t ret;
     int lret;
     TALLOC_CTX *tmp_ctx;
@@ -1013,16 +1014,26 @@ static errno_t sysdb_create_ts_entry(struct sysdb_ctx *sysdb,
         return EOK;
     }
 
+    if (entry_dn == NULL) {
+        return EINVAL;
+    }
+
     tmp_ctx = talloc_new(NULL);
     if (tmp_ctx == NULL) {
         return ENOMEM;
     }
 
-    if (entry_dn == NULL) {
+    rdn_value = ldb_dn_get_rdn_val(entry_dn);
+    if (rdn_value == NULL) {
         ret = EINVAL;
         goto done;
     }
 
+    ret = sysdb_attrs_add_val_safe(attrs, SYSDB_NAME, rdn_value);
+    if (ret != EOK) {
+        goto done;
+    }
+
     msg = sysdb_attrs2msg(tmp_ctx, entry_dn, attrs, 0);
     if (msg == NULL) {
         ret = ENOMEM;
@@ -1048,7 +1059,8 @@ static errno_t sysdb_create_ts_entry(struct sysdb_ctx *sysdb,
 }
 
 static struct sysdb_attrs *ts_obj_attrs(TALLOC_CTX *mem_ctx,
-                                        enum sysdb_obj_type obj_type)
+                                        enum sysdb_obj_type obj_type,
+                                        const char *obj_name)
 {
     struct sysdb_attrs *attrs;
     const char *oc;
@@ -1076,6 +1088,12 @@ static struct sysdb_attrs *ts_obj_attrs(TALLOC_CTX *mem_ctx,
         return NULL;
     }
 
+    ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, obj_name);
+    if (ret != EOK) {
+        talloc_free(attrs);
+        return NULL;
+    }
+
     return attrs;
 }
 
@@ -1273,7 +1291,7 @@ static errno_t sysdb_create_ts_obj(struct sss_domain_info *domain,
         goto done;
     }
 
-    ts_attrs = ts_obj_attrs(tmp_ctx, obj_type);
+    ts_attrs = ts_obj_attrs(tmp_ctx, obj_type, obj_name);
     if (ts_attrs == NULL) {
         ret = ENOMEM;
         goto done;
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
@@ -23,6 +23,7 @@
 #ifndef __INT_SYS_DB_H__
 #define __INT_SYS_DB_H__
 
+#define SYSDB_VERSION_0_26 "0.26"
 #define SYSDB_VERSION_0_25 "0.25"
 #define SYSDB_VERSION_0_24 "0.24"
 #define SYSDB_VERSION_0_23 "0.23"
@@ -49,7 +50,7 @@
 #define SYSDB_VERSION_0_2 "0.2"
 #define SYSDB_VERSION_0_1 "0.1"
 
-#define SYSDB_VERSION SYSDB_VERSION_0_25
+#define SYSDB_VERSION SYSDB_VERSION_0_26
 
 #define SYSDB_BASE_LDIF \
      "dn: @ATTRIBUTES\n" \
@@ -195,6 +196,7 @@ int sysdb_upgrade_21(struct sysdb_ctx *sysdb, const char **ver);
 int sysdb_upgrade_22(struct sysdb_ctx *sysdb, const char **ver);
 int sysdb_upgrade_23(struct sysdb_ctx *sysdb, const char **ver);
 int sysdb_upgrade_24(struct sysdb_ctx *sysdb, const char **ver);
+int sysdb_upgrade_25(struct sysdb_ctx *sysdb, const char **ver);
 
 int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver);
 
diff --git a/src/db/sysdb_search.c b/src/db/sysdb_search.c
@@ -913,7 +913,20 @@ int sysdb_enumpwent_filter(TALLOC_CTX *mem_ctx,
             if (ret != EOK && ret != ENOENT) {
                 goto done;
             }
+        } else {
+            /* If there are no results, EOK and res->count == 0 are expected */
+            ts_cache_res = talloc_zero(tmp_ctx, struct ldb_result);
+            if (ts_cache_res == NULL) {
+                DEBUG(SSSDBG_OP_FAILURE, "talloc_zero() failed.\n");
+                ret = ENOMEM;
+                goto done;
+            }
         }
+
+        ret = EOK;
+        DEBUG(SSSDBG_TRACE_LIBS, "Returning timestamp cache based results [%d].\n", ts_cache_res->count);
+        *_res = talloc_steal(mem_ctx, ts_cache_res);
+        goto done;
     }
 
     filter = enum_filter(tmp_ctx, SYSDB_PWENT_FILTER,
@@ -939,14 +952,6 @@ int sysdb_enumpwent_filter(TALLOC_CTX *mem_ctx,
         ret = EOK;
     }
 
-    if (ts_cache_res != NULL) {
-        res = sss_merge_ldb_results(res, ts_cache_res);
-        if (res == NULL) {
-            ret = ENOMEM;
-            goto done;
-        }
-    }
-
     *_res = talloc_steal(mem_ctx, res);
 
 done:
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
@@ -2801,6 +2801,28 @@ int sysdb_upgrade_24(struct sysdb_ctx *sysdb, const char **ver)
     return ret;
 }
 
+int sysdb_upgrade_25(struct sysdb_ctx *sysdb, const char **ver)
+{
+    struct upgrade_ctx *ctx;
+    errno_t ret;
+
+    ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_26, &ctx);
+    if (ret != EOK) {
+        return ret;
+    }
+
+    /* We do nothing because the only goal of this version change is to remove the TS cache. */
+
+    ret = update_version(ctx);
+    if (ret != EOK) {
+        goto done;
+    }
+
+done:
+    ret = finish_upgrade(ret, &ctx, ver);
+    return ret;
+}
+
 /*
  * Example template for future upgrades.
  * Copy and change version numbers as appropriate.
