diff --git a/src/db/sysdb.h b/src/db/sysdb.h index a9ee43ce1b4..b00fba49615 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -1177,6 +1177,10 @@ int sysdb_add_group(struct sss_domain_info *domain, int cache_timeout, time_t now); +/* If user_member_dn is not NULL, the user will be added as a member of the + * group during creation, avoiding a separate sysdb_add_group_member() call. + * user_member_dn must be a pre-computed DN (e.g. from sysdb_user_strdn()). + */ int sysdb_add_incomplete_group(struct sss_domain_info *domain, const char *name, gid_t gid, @@ -1184,7 +1188,8 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain, const char *sid_str, const char *uuid, bool posix, - time_t now); + time_t now, + const char *user_member_dn); /* Add netgroup (only basic attrs and w/o checks) */ int sysdb_add_basic_netgroup(struct sss_domain_info *domain, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 5090ae52f2f..2a08a0f6260 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2278,7 +2278,8 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain, const char *sid_str, const char *uuid, bool posix, - time_t now) + time_t now, + const char *user_member_dn) { TALLOC_CTX *tmp_ctx; int ret; @@ -2365,6 +2366,11 @@ int sysdb_add_incomplete_group(struct sss_domain_info *domain, if (ret) goto done; } + if (user_member_dn != NULL) { + ret = sysdb_attrs_add_string(attrs, SYSDB_MEMBER, user_member_dn); + if (ret != EOK) goto done; + } + ret = sysdb_set_group_attr(domain, name, attrs, SYSDB_MOD_REP); done: diff --git a/src/providers/ldap/sdap_async.h b/src/providers/ldap/sdap_async.h index 1d02e5ce63e..72453ada24a 100644 --- a/src/providers/ldap/sdap_async.h +++ b/src/providers/ldap/sdap_async.h @@ -474,7 +474,8 @@ sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp, const char *sid_str, const char *uuid, bool posix, - time_t now); + time_t now, + const char *user_member_dn); struct sdap_id_conn_ctx *get_ldap_conn_from_sdom_pvt(struct sdap_options *opts, struct sdap_domain *sdom); diff --git a/src/providers/ldap/sdap_async_groups.c b/src/providers/ldap/sdap_async_groups.c index 9e0eaf8a4d6..e5b6cc03ab3 100644 --- a/src/providers/ldap/sdap_async_groups.c +++ b/src/providers/ldap/sdap_async_groups.c @@ -1906,7 +1906,7 @@ static void sdap_get_groups_process(struct tevent_req *subreq) bool next_base = false; size_t count; struct sysdb_attrs **groups; - char **sysdb_groupnamelist; + ret = sdap_get_and_parse_generic_recv(subreq, state, &count, &groups); @@ -1962,22 +1962,8 @@ static void sdap_get_groups_process(struct tevent_req *subreq) } if (state->no_members) { - ret = sdap_get_primary_fqdn_list(state->dom, state, - state->groups, state->count, - state->opts->group_map[SDAP_AT_GROUP_NAME].name, - state->opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, - state->opts->idmap_ctx, - &sysdb_groupnamelist); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "sysdb_attrs_primary_name_list failed.\n"); - tevent_req_error(req, ret); - return; - } - ret = sdap_add_incomplete_groups(state->sysdb, state->dom, state->opts, - sysdb_groupnamelist, state->groups, - state->count); + state->groups, state->count, NULL); if (ret == EOK) { DEBUG(SSSDBG_TRACE_LIBS, "Writing only group data without members was successful.\n"); diff --git a/src/providers/ldap/sdap_async_initgroups.c b/src/providers/ldap/sdap_async_initgroups.c index 0a2a774ebe9..9c6dcc88681 100644 --- a/src/providers/ldap/sdap_async_initgroups.c +++ b/src/providers/ldap/sdap_async_initgroups.c @@ -30,20 +30,22 @@ #include "providers/ldap/sdap_users.h" /* ==Save-fake-group-list=====================================*/ +/* If user_member is not NULL, the user will be added as a member of all + * groups (both newly created and already existing). + */ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, - char **sysdb_groupnames, struct sysdb_attrs **ldap_groups, - int ldap_groups_count) + int ldap_groups_count, + const char *user_member) { TALLOC_CTX *tmp_ctx; struct ldb_message *msg; - int i, mi, ai; - const char *groupname; - const char *original_dn; + int i; + const char *groupname = NULL; + const char *original_dn = NULL; const char *uuid = NULL; - char **missing; gid_t gid = 0; int ret; errno_t sret; @@ -54,6 +56,7 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, bool use_id_mapping; bool need_filter; struct sss_domain_info *subdomain; + char *user_member_dn = NULL; /* There are no groups in LDAP but we should add user to groups?? */ if (ldap_groups_count == 0) return EOK; @@ -61,42 +64,13 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, tmp_ctx = talloc_new(NULL); if (!tmp_ctx) return ENOMEM; - missing = talloc_array(tmp_ctx, char *, ldap_groups_count+1); - if (!missing) { - ret = ENOMEM; - goto done; - } - mi = 0; - - for (i=0; sysdb_groupnames[i]; i++) { - subdomain = find_domain_by_object_name(domain, sysdb_groupnames[i]); - if (subdomain == NULL) { - subdomain = domain; - } - ret = sysdb_search_group_by_name(tmp_ctx, subdomain, sysdb_groupnames[i], NULL, - &msg); - if (ret == EOK) { - continue; - } else if (ret == ENOENT) { - missing[mi] = talloc_strdup(missing, sysdb_groupnames[i]); - DEBUG(SSSDBG_TRACE_LIBS, "Group #%d [%s][%s] is not cached, " \ - "need to add a fake entry\n", - i, sysdb_groupnames[i], missing[mi]); - mi++; - continue; - } else if (ret != ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, "search for group failed [%d]: %s\n", - ret, strerror(ret)); + if (user_member != NULL) { + user_member_dn = sysdb_user_strdn(tmp_ctx, domain->name, user_member); + if (user_member_dn == NULL) { + ret = ENOMEM; goto done; } } - missing[mi] = NULL; - - /* All groups are cached, nothing to do */ - if (mi == 0) { - ret = EOK; - goto done; - } use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx, domain->name, @@ -111,150 +85,169 @@ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, } in_transaction = true; - now = time(NULL); - for (i=0; missing[i]; i++) { - /* The group is not in sysdb, need to add a fake entry */ - for (ai=0; ai < ldap_groups_count; ai++) { - ret = sdap_get_group_primary_name(tmp_ctx, opts, ldap_groups[ai], - domain, &groupname); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "The group has no name attribute\n"); - goto done; - } + for (i = 0; i < ldap_groups_count; i++) { + gid = 0; + talloc_zfree(sid_str); + talloc_zfree(groupname); + original_dn = NULL; /* don't free - this points to 'ldap_groups' internals */ + uuid = NULL; + ret = sdap_get_group_primary_name(tmp_ctx, opts, ldap_groups[i], + domain, &groupname); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "The group has no name attribute\n"); + goto done; + } - if (strcmp(groupname, missing[i]) == 0) { - posix = true; - - ret = sdap_attrs_get_sid_str( - tmp_ctx, opts->idmap_ctx, ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, - &sid_str); - if (ret != EOK && ret != ENOENT) goto done; - - if (use_id_mapping) { - if (sid_str == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, "No SID for group [%s] " \ - "while id-mapping.\n", - groupname); - ret = EINVAL; - goto done; - } - - DEBUG(SSSDBG_TRACE_LIBS, - "Mapping group [%s] objectSID to unix ID\n", groupname); - - DEBUG(SSSDBG_TRACE_INTERNAL, - "Group [%s] has objectSID [%s]\n", - groupname, sid_str); - - /* Convert the SID into a UNIX group ID */ - ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, - &gid); - if (ret == EOK) { - DEBUG(SSSDBG_TRACE_INTERNAL, - "Group [%s] has mapped gid [%lu]\n", - groupname, (unsigned long)gid); - } else { - posix = false; - - DEBUG(SSSDBG_TRACE_INTERNAL, - "Group [%s] cannot be mapped. " - "Treating as a non-POSIX group\n", - groupname); - } - - } else { - ret = sysdb_attrs_get_uint32_t(ldap_groups[ai], - SYSDB_GIDNUM, - &gid); - if (ret == ENOENT || (ret == EOK && gid == 0)) { - DEBUG(SSSDBG_TRACE_LIBS, "The group %s gid was %s\n", - groupname, ret == ENOENT ? "missing" : "zero"); - DEBUG(SSSDBG_TRACE_FUNC, - "Marking group %s as non-POSIX!\n", - groupname); - posix = false; - } else if (ret) { - DEBUG(SSSDBG_CRIT_FAILURE, - "The GID attribute is malformed\n"); - goto done; - } - } + subdomain = find_domain_by_object_name(domain, groupname); + if (subdomain == NULL) { + subdomain = domain; + } - ret = sysdb_attrs_get_string(ldap_groups[ai], - SYSDB_ORIG_DN, - &original_dn); - if (ret) { - DEBUG(SSSDBG_FUNC_DATA, - "The group has no original DN\n"); - original_dn = NULL; + ret = sysdb_search_group_by_name(tmp_ctx, subdomain, groupname, + NULL, &msg); + if (ret == EOK) { + if (user_member != NULL) { + ret = sysdb_add_group_member(subdomain, groupname, + user_member, SYSDB_MEMBER_USER, + false); + if (ret != EOK && ret != EEXIST) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add member [%s] to group [%s]: " + "[%d]: %s. Skipping.\n", + user_member, groupname, ret, sss_strerror(ret)); + /* Continue on, we should try to finish the rest */ } + } + continue; + } else if (ret != ENOENT) { + DEBUG(SSSDBG_CRIT_FAILURE, + "search for group failed [%d]: %s\n", + ret, strerror(ret)); + goto done; + } - ret = sysdb_handle_original_uuid( - opts->group_map[SDAP_AT_GROUP_UUID].def_name, - ldap_groups[ai], - opts->group_map[SDAP_AT_GROUP_UUID].sys_name, - ldap_groups[ai], "uniqueIDstr"); - if (ret != EOK) { - DEBUG((ret == ENOENT) ? SSSDBG_TRACE_ALL : SSSDBG_MINOR_FAILURE, - "Failed to retrieve UUID [%d][%s].\n", - ret, sss_strerror(ret)); - } + DEBUG(SSSDBG_TRACE_LIBS, "Group #%d [%s] is not cached, " + "need to add a fake entry\n", i, groupname); - ret = sysdb_attrs_get_string(ldap_groups[ai], - "uniqueIDstr", - &uuid); - if (ret) { - DEBUG(SSSDBG_FUNC_DATA, - "The group has no UUID\n"); - uuid = NULL; - } + posix = true; - ret = sdap_check_ad_group_type(domain, opts, ldap_groups[ai], - groupname, &need_filter); - if (ret != EOK) { - goto done; - } + ret = sdap_attrs_get_sid_str( + tmp_ctx, opts->idmap_ctx, ldap_groups[i], + opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name, + &sid_str); + if (ret != EOK && ret != ENOENT) goto done; + + if (use_id_mapping) { + if (sid_str == NULL) { + DEBUG(SSSDBG_MINOR_FAILURE, "No SID for group [%s] " + "while id-mapping.\n", + groupname); + ret = EINVAL; + goto done; + } - if (need_filter) { - posix = false; - } + DEBUG(SSSDBG_TRACE_LIBS, + "Mapping group [%s] objectSID to unix ID\n", groupname); + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Group [%s] has objectSID [%s]\n", + groupname, sid_str); + + /* Convert the SID into a UNIX group ID */ + ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, + &gid); + if (ret == EOK) { + DEBUG(SSSDBG_TRACE_INTERNAL, + "Group [%s] has mapped gid [%lu]\n", + groupname, (unsigned long)gid); + } else { + posix = false; DEBUG(SSSDBG_TRACE_INTERNAL, - "Adding fake group %s to sysdb\n", groupname); - subdomain = find_domain_by_object_name(domain, groupname); - if (subdomain == NULL) { - subdomain = domain; - } - ret = sysdb_add_incomplete_group(subdomain, groupname, gid, - original_dn, sid_str, - uuid, posix, now); - if (ret == ERR_GID_DUPLICATED) { - /* In case o group id-collision, do: - * - Delete the group from sysdb - * - Add the new incomplete group - * - Notify the NSS responder that the entry has also to be - * removed from the memory cache - */ - ret = sdap_handle_id_collision_for_incomplete_groups( - opts->dp, subdomain, groupname, gid, - original_dn, sid_str, uuid, posix, - now); - } + "Group [%s] cannot be mapped. " + "Treating as a non-POSIX group\n", + groupname); + } - if (ret != EOK) { - goto done; - } - break; + } else { + ret = sysdb_attrs_get_uint32_t(ldap_groups[i], + SYSDB_GIDNUM, + &gid); + if (ret == ENOENT || (ret == EOK && gid == 0)) { + DEBUG(SSSDBG_TRACE_LIBS, "The group %s gid was %s\n", + groupname, ret == ENOENT ? "missing" : "zero"); + DEBUG(SSSDBG_TRACE_FUNC, + "Marking group %s as non-POSIX!\n", + groupname); + posix = false; + } else if (ret) { + DEBUG(SSSDBG_CRIT_FAILURE, + "The GID attribute is malformed\n"); + goto done; } } - if (ai == ldap_groups_count) { - DEBUG(SSSDBG_OP_FAILURE, - "Group %s not present in LDAP\n", missing[i]); - ret = EINVAL; + ret = sysdb_attrs_get_string(ldap_groups[i], + SYSDB_ORIG_DN, + &original_dn); + if (ret) { + DEBUG(SSSDBG_FUNC_DATA, + "The group has no original DN\n"); + original_dn = NULL; + } + + ret = sysdb_handle_original_uuid( + opts->group_map[SDAP_AT_GROUP_UUID].def_name, + ldap_groups[i], + opts->group_map[SDAP_AT_GROUP_UUID].sys_name, + ldap_groups[i], "uniqueIDstr"); + if (ret != EOK) { + DEBUG((ret == ENOENT) ? SSSDBG_TRACE_ALL : SSSDBG_MINOR_FAILURE, + "Failed to retrieve UUID [%d][%s].\n", + ret, sss_strerror(ret)); + } + + ret = sysdb_attrs_get_string(ldap_groups[i], + "uniqueIDstr", + &uuid); + if (ret) { + DEBUG(SSSDBG_FUNC_DATA, + "The group has no UUID\n"); + uuid = NULL; + } + + ret = sdap_check_ad_group_type(domain, opts, ldap_groups[i], + groupname, &need_filter); + if (ret != EOK) { + goto done; + } + + if (need_filter) { + posix = false; + } + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Adding fake group %s to sysdb\n", groupname); + ret = sysdb_add_incomplete_group(subdomain, groupname, gid, + original_dn, sid_str, + uuid, posix, now, + user_member_dn); + if (ret == ERR_GID_DUPLICATED) { + /* In case of group id-collision, do: + * - Delete the group from sysdb + * - Add the new incomplete group + * - Notify the NSS responder that the entry has also to be + * removed from the memory cache + */ + ret = sdap_handle_id_collision_for_incomplete_groups( + opts->dp, subdomain, groupname, gid, + original_dn, sid_str, uuid, posix, + now, user_member_dn); + } + + if (ret != EOK) { goto done; } } @@ -343,12 +336,14 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, in_transaction = true; /* Add fake entries for any groups the user should be added as - * member of but that are not cached in sysdb + * member of but that are not cached in sysdb. + * If type is SYSDB_MEMBER_USER, also add membership during this step + * to avoid a separate sysdb_update_members() call for add_groups. */ if (add_groups && add_groups[0]) { ret = sdap_add_incomplete_groups(sysdb, domain, opts, - add_groups, ldap_groups, - ldap_groups_count); + ldap_groups, ldap_groups_count, + type == SYSDB_MEMBER_USER ? name : NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Adding incomplete groups failed\n"); goto done; @@ -357,7 +352,8 @@ int sdap_initgr_common_store(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n", name); ret = sysdb_update_members(domain, name, type, - (const char *const *) add_groups, + type == SYSDB_MEMBER_USER ? NULL + : (const char *const *) add_groups, (const char *const *) del_groups); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Membership update failed [%d]: %s\n", @@ -663,27 +659,8 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, unsigned long count) { errno_t ret, tret; - TALLOC_CTX *tmp_ctx; - char **groupnamelist = NULL; bool in_transaction = false; - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) return ENOMEM; - - if (count > 0) { - ret = sdap_get_primary_fqdn_list(domain, tmp_ctx, groups, count, - opts->group_map[SDAP_AT_GROUP_NAME].name, - opts->group_map[SDAP_AT_GROUP_OBJECTSID].name, - opts->idmap_ctx, - &groupnamelist); - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, - "sysdb_attrs_primary_name_list failed [%d]: %s\n", - ret, strerror(ret)); - goto done; - } - } - ret = sysdb_transaction_start(sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); @@ -691,8 +668,7 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, } in_transaction = true; - ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist, - groups, count); + ret = sdap_add_incomplete_groups(sysdb, domain, opts, groups, count, NULL); if (ret != EOK) { DEBUG(SSSDBG_TRACE_FUNC, "Could not add incomplete groups [%d]: %s\n", ret, strerror(ret)); @@ -714,8 +690,6 @@ sdap_nested_groups_store(struct sysdb_ctx *sysdb, DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n"); } } - - talloc_free(tmp_ctx); return ret; } @@ -3637,7 +3611,8 @@ sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp, const char *sid_str, const char *uuid, bool posix, - time_t now) + time_t now, + const char *user_member_dn) { errno_t ret; @@ -3652,7 +3627,7 @@ sdap_handle_id_collision_for_incomplete_groups(struct data_provider *dp, } ret = sysdb_add_incomplete_group(domain, name, gid, original_dn, sid_str, - uuid, posix, now); + uuid, posix, now, user_member_dn); if (ret != EOK) { return ret; } diff --git a/src/providers/ldap/sdap_async_initgroups_ad.c b/src/providers/ldap/sdap_async_initgroups_ad.c index c8f82d7ed5f..70671a1b7fd 100644 --- a/src/providers/ldap/sdap_async_initgroups_ad.c +++ b/src/providers/ldap/sdap_async_initgroups_ad.c @@ -640,7 +640,8 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username, } ret = sysdb_add_incomplete_group(domain, name, gid, - NULL, sid, NULL, gid != 0, now); + NULL, sid, NULL, gid != 0, now, + NULL); if (ret == ERR_GID_DUPLICATED) { /* In case o group id-collision, do: * - Delete the group from sysdb @@ -651,7 +652,7 @@ errno_t sdap_ad_save_group_membership_with_idmapping(const char *username, ret = sdap_handle_id_collision_for_incomplete_groups( idmap_ctx->id_ctx->be->provider, domain, name, gid, NULL, sid, NULL, - false, now); + false, now, NULL); } if (ret != EOK) { diff --git a/src/providers/ldap/sdap_async_private.h b/src/providers/ldap/sdap_async_private.h index 90ed3656735..6a59cf9ab12 100644 --- a/src/providers/ldap/sdap_async_private.h +++ b/src/providers/ldap/sdap_async_private.h @@ -154,12 +154,15 @@ sdap_nested_group_lookup_external_recv(TALLOC_CTX *mem_ctx, struct tevent_req *req); /* from sdap_async_initgroups.c */ +/* If user_member is not NULL, the user will be added as a member of all + * groups (both newly created and already existing). + */ errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sdap_options *opts, - char **sysdb_groupnames, struct sysdb_attrs **ldap_groups, - int ldap_groups_count); + int ldap_groups_count, + const char *user_member); /* from sdap_ad_groups.c */ errno_t sdap_check_ad_group_type(struct sss_domain_info *dom, diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index 27c25416233..97c0ff75763 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -394,7 +394,7 @@ static int test_add_incomplete_group(struct test_data *data) ret = sysdb_add_incomplete_group(data->ctx->domain, data->groupname, data->gid, data->orig_dn, - data->sid_str, NULL, true, 0); + data->sid_str, NULL, true, 0, NULL); return ret; } @@ -1060,14 +1060,14 @@ START_TEST (test_sysdb_incomplete_group_rename) ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group", 20000, NULL, "S-1-5-21-123-456-789-111", - NULL, true, 0); + NULL, true, 0, NULL); ck_assert_msg(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); /* Adding a group with the same GID and all the other characteristics unknown should succeed */ ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group_new", - 20000, NULL, NULL, NULL, true, 0); + 20000, NULL, NULL, NULL, true, 0, NULL); ck_assert_msg(ret == ERR_GID_DUPLICATED, "Did not catch a rename. ret: %d [%s]", ret, sss_strerror(ret)); @@ -1076,7 +1076,7 @@ START_TEST (test_sysdb_incomplete_group_rename) ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group_new", 20000, NULL, "S-1-5-21-123-456-789-222", - NULL, true, 0); + NULL, true, 0, NULL); ck_assert_msg(ret == ERR_GID_DUPLICATED, "Did not catch a rename. ret: %d [%s]", ret, sss_strerror(ret)); @@ -1087,7 +1087,7 @@ START_TEST (test_sysdb_incomplete_group_rename) ret = sysdb_add_incomplete_group(test_ctx->domain, "incomplete_group_new", 20000, NULL, "S-1-5-21-123-456-789-111", - NULL, true, 0); + NULL, true, 0, NULL); ck_assert_msg(ret == ERR_GID_DUPLICATED, "Did not catch a rename. ret: %d [%s]", ret, sss_strerror(ret)); @@ -1699,7 +1699,7 @@ static void add_nonposix_incomplete_group(struct sysdb_test_ctx *test_ctx, sss_ck_fail_if_msg(fq_name == NULL, "Failed to create fq name."); ret = sysdb_add_incomplete_group(test_ctx->domain, fq_name, 0, - NULL, NULL, NULL, false, 0); + NULL, NULL, NULL, false, 0, NULL); sss_ck_fail_if_msg(ret != EOK, "sysdb_add_group failed."); /* Test */ @@ -4635,7 +4635,7 @@ START_TEST(test_odd_characters) /* Add */ ret = sysdb_add_incomplete_group(test_ctx->domain, odd_groupname, - 20000, NULL, NULL, NULL, true, 0); + 20000, NULL, NULL, NULL, true, 0, NULL); ck_assert_msg(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret)); @@ -4804,7 +4804,7 @@ START_TEST(test_SSS_LDB_SEARCH) /* Add */ ret = sysdb_add_incomplete_group(test_ctx->domain, groupname, - 20000, NULL, NULL, NULL, true, 0); + 20000, NULL, NULL, NULL, true, 0, NULL); ck_assert_msg(ret == EOK, "sysdb_add_incomplete_group error [%d][%s]", ret, strerror(ret));