Skip to content

[autobackport: sssd-2-9] cache_req: use sysdb_search_user_by_upn_with_view_res() #8323

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
sssd-bot wants to merge 5 commits into
base: sssd-2-9
Choose a base branch
from
Draft

[autobackport: sssd-2-9] cache_req: use sysdb_search_user_by_upn_with_view_res() #8323

sssd-bot wants to merge 5 commits into from
+1,240 −49

Conversation

@sssd-bot
Copy link

@sssd-bot sssd-bot commented Jan 2, 2026

This is an automatic backport of PR#7998 cache_req: use sysdb_search_user_by_upn_with_view_res() to branch sssd-2-9, created by @sumit-bose.

Caution

@sumit-bose The patches did not apply cleanly. It is necessary to resolve conflicts before merging this pull request. Commits that introduced conflict are marked with CONFLICT!.

You can push changes to this pull request

git remote add sssd-bot git@github.com:sssd-bot/sssd.git
git fetch sssd-bot refs/heads/SSSD-sssd-backport-pr7998-to-sssd-2-9
git checkout SSSD-sssd-backport-pr7998-to-sssd-2-9
git push sssd-bot SSSD-sssd-backport-pr7998-to-sssd-2-9 --force

Original commits
794e80f - sysdb: add sysdb_search_user_by_upn_with_view_res()
43f22b9 - cache_req: use sysdb_search_user_by_upn_with_view_res()
fe61b85 - sysdb:: remove sysdb_getpwupn()
6d8f9d7 - tests: lookup user with overrides with email
6413f60 - tests: add IPA ID view test for user lookup by email

Backported commits

  • 0d63b8a - sysdb: add sysdb_search_user_by_upn_with_view_res()
  • 405598e - cache_req: use sysdb_search_user_by_upn_with_view_res()
  • 8671c69 - sysdb:: remove sysdb_getpwupn()
  • c008432 - tests: lookup user with overrides with email
  • 90bf13c - CONFLICT! tests: add IPA ID view test for user lookup by email

Conflicting Files Information (check for deleted and re-added files)

  • CONFLICT! tests: add IPA ID view test for user lookup by email
On branch SSSD-sssd-backport-pr7998-to-sssd-2-9
You are currently cherry-picking commit 6413f60b1.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	deleted by us:   src/tests/system/tests/test_ipa.py

no changes added to commit (use "git add" and/or "git commit -a")

Original Pull Request Body

To make sure any overrides are applied to the user even when searched by
UPN or email address sysdb_search_user_by_upn_with_view_res() is now used
in the cache request code.

sumit-bose and others added 5 commits January 2, 2026 11:47
@sumit-bose
sysdb: add sysdb_search_user_by_upn_with_view_res()
0d63b8a 
The new call will apply overrides to a user object which was searched by
UPN or email address before returning it.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 794e80f)
@sumit-bose
cache_req: use sysdb_search_user_by_upn_with_view_res()
405598e 
To make sure any overrides are applied to the user even when searched by
UPN or email address sysdb_search_user_by_upn_with_view_res() is now
used in the cache request code.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 43f22b9)
@sumit-bose
sysdb:: remove sysdb_getpwupn()
8671c69 
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit fe61b85)
@sumit-bose
tests: lookup user with overrides with email
c008432 
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 6d8f9d7)
@madhuriupadhye
CONFLICT! tests: add IPA ID view test for user lookup by email
90bf13c 
Add a system test to verify that IPA ID view overrides are correctly
applied when looking up a user by email address.

The test creates a user with an email, applies ID view overrides
(login, uid, gid, home), and verifies that the overridden values are
returned when looking up the user by:
- original name
- overridden name
- email address

Signed-off-by: Madhuri Upadhye <mupadhye@redhat.com>
Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 6413f60)
@alexey-tikhonov alexey-tikhonov added no-backport This should go to target branch only. Changes requested labels Jan 2, 2026
gemini-code-assist[bot]
gemini-code-assist bot reviewed Jan 2, 2026
View reviewed changes
Copy link

@gemini-code-assist gemini-code-assist bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code Review

This pull request backports the usage of sysdb_search_user_by_upn_with_view_res to ensure user overrides are applied when searching by UPN or email. The changes involve refactoring to use this new function and removing the old sysdb_getpwupn. The accompanying tests for both IPA ID views and local overrides are well-structured and correctly validate the new functionality. However, I've found a critical issue in the implementation of the new function sysdb_search_user_by_upn_with_view_res that could lead to incorrect lookup failures.

src/db/sysdb_ops.c
}

*out_res = orig_obj;
return ret;
Copy link

@gemini-code-assist gemini-code-assist bot Jan 2, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

critical

The function may incorrectly return ENOENT if sysdb_add_overrides_to_object returns it, which happens when no override is found for a user. This would signal to the caller that the user was not found, even though the original user object was successfully retrieved. The function should return EOK if the user is found, regardless of whether overrides exist.

    return EOK;

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@alexey-tikhonov alexey-tikhonov Awaiting requested review from alexey-tikhonov

@pbrezina pbrezina Awaiting requested review from pbrezina

1 more reviewer

@gemini-code-assist gemini-code-assist[bot] gemini-code-assist[bot] left review comments

Reviewers whose approvals may not affect merge requirements

At least 1 approving review is required to merge this pull request.

Assignees

@pbrezina pbrezina

@alexey-tikhonov alexey-tikhonov

Labels

Changes requested no-backport This should go to target branch only.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

5 participants

@sssd-bot @pbrezina @alexey-tikhonov @sumit-bose @madhuriupadhye