ipa_sidgen: Allow sidgen_task to continue after finding issues

find_sid_for_ldap_entry could fail in several ways if a Posix ID can not
be converted to an unused SID. This could happen for example for ducplicate
IDs or user/group out of range.

This change enables ipa_sidgen_task to continue in the error case to try
to convert the entries without errors. The error messages have been
extended to additionally show the DN string for the bad entries.

Fixes: https://pagure.io/freeipa/issue/9618

Signed-off-by: Thomas Woerner <twoerner@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
This commit is contained in:
Thomas Woerner 2024-06-11 10:50:51 +02:00 committed by Florence Blanc-Renaud
parent d635d70110
commit a8e75bbb77
2 changed files with 14 additions and 8 deletions

View File

@ -491,7 +491,7 @@ int find_sid_for_ldap_entry(struct slapi_entry *entry,
} }
if (uid_number >= UINT32_MAX || gid_number >= UINT32_MAX) { if (uid_number >= UINT32_MAX || gid_number >= UINT32_MAX) {
LOG_FATAL("ID value too large.\n"); LOG_FATAL("ID value too large on entry [%s].\n", dn_str);
ret = LDAP_CONSTRAINT_VIOLATION; ret = LDAP_CONSTRAINT_VIOLATION;
goto done; goto done;
} }
@ -508,7 +508,7 @@ int find_sid_for_ldap_entry(struct slapi_entry *entry,
&has_posix_group, &has_posix_group,
&has_ipa_id_object); &has_ipa_id_object);
if (ret != 0) { if (ret != 0) {
LOG_FATAL("Cannot determine objectclasses.\n"); LOG_FATAL("Cannot determine objectclasses on entry [%s].\n", dn_str);
goto done; goto done;
} }
@ -522,15 +522,16 @@ int find_sid_for_ldap_entry(struct slapi_entry *entry,
id = (uid_number != 0) ? uid_number : gid_number; id = (uid_number != 0) ? uid_number : gid_number;
objectclass_to_add = NULL; objectclass_to_add = NULL;
} else { } else {
LOG_FATAL("Inconsistent objectclasses and attributes, nothing to do.\n"); LOG_FATAL("Inconsistent objectclasses and attributes on entry "
"[%s], nothing to do.\n", dn_str);
ret = 0; ret = 0;
goto done; goto done;
} }
ret = find_sid_for_id(id, plugin_id, base_dn, dom_sid, ranges, &sid); ret = find_sid_for_id(id, plugin_id, base_dn, dom_sid, ranges, &sid);
if (ret != 0) { if (ret != 0) {
LOG_FATAL("Cannot convert Posix ID [%lu] into an unused SID.\n", LOG_FATAL("Cannot convert Posix ID [%lu] into an unused SID on "
(unsigned long) id); "entry [%s].\n", (unsigned long) id, dn_str);
goto done; goto done;
} }

View File

@ -89,7 +89,7 @@ static void free_pblock(void *arg)
static int do_work(struct worker_ctx *worker_ctx) static int do_work(struct worker_ctx *worker_ctx)
{ {
Slapi_PBlock *pb; Slapi_PBlock *pb;
int ret; int ret, failures = 0;
size_t c; size_t c;
char *filter = NULL; char *filter = NULL;
char *attrs[] = { OBJECTCLASS, UID_NUMBER, GID_NUMBER, NULL }; char *attrs[] = { OBJECTCLASS, UID_NUMBER, GID_NUMBER, NULL };
@ -151,8 +151,7 @@ static int do_work(struct worker_ctx *worker_ctx)
worker_ctx->base_dn, worker_ctx->dom_sid, worker_ctx->base_dn, worker_ctx->dom_sid,
worker_ctx->ranges); worker_ctx->ranges);
if (ret != 0) { if (ret != 0) {
LOG_FATAL("Cannot add SID to existing entry.\n"); failures++;
goto done;
} }
if (worker_ctx->delay != 0) { if (worker_ctx->delay != 0) {
@ -162,6 +161,12 @@ static int do_work(struct worker_ctx *worker_ctx)
} }
}; };
ret = failures;
if (ret > 0) {
LOG_FATAL("Finished with %d failures, please check the log.\n",
failures);
}
done: done:
slapi_ch_free_string(&filter); slapi_ch_free_string(&filter);
pthread_cleanup_pop(1); pthread_cleanup_pop(1);