From cfffd6c1f2e22b11f09b0a45bad31ac09059a181 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Tue, 3 Sep 2024 19:58:47 +0200 Subject: [PATCH 1/3] SYSDB: drop the code that upgrades from v < 15 It's reasonable to expect that nobody will attempt an upgrade from DB version older than "0.16" (sssd-1.12) to "0.25"+ --- src/db/sysdb_init.c | 119 +--- src/db/sysdb_private.h | 18 - src/db/sysdb_upgrade.c | 1468 ---------------------------------------- 3 files changed, 20 insertions(+), 1585 deletions(-) diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c index bd1f240aff3..a078cd9a18a 100644 --- a/src/db/sysdb_init.c +++ b/src/db/sysdb_init.c @@ -361,6 +361,26 @@ static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx, const char *version; struct ldb_context *save_ldb; + if ((strcmp(cur_version, SYSDB_VERSION_0_1) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_2) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_3) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_4) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_5) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_6) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_7) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_8) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_9) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_10) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_11) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_12) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_13) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_14) == 0) || + (strcmp(cur_version, SYSDB_VERSION_0_15) == 0)) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Cache version is way too old and must be deleted manually\n"); + return EIO; + } + tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; @@ -384,97 +404,6 @@ static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx, "Upgrading DB [%s] from version: %s\n", domain->name, version); - if (strcmp(version, SYSDB_VERSION_0_3) == 0) { - ret = sysdb_upgrade_03(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_4) == 0) { - ret = sysdb_upgrade_04(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_5) == 0) { - ret = sysdb_upgrade_05(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_6) == 0) { - ret = sysdb_upgrade_06(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_7) == 0) { - ret = sysdb_upgrade_07(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_8) == 0) { - ret = sysdb_upgrade_08(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_9) == 0) { - ret = sysdb_upgrade_09(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_10) == 0) { - ret = sysdb_upgrade_10(sysdb, domain, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_11) == 0) { - ret = sysdb_upgrade_11(sysdb, domain, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_12) == 0) { - ret = sysdb_upgrade_12(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_13) == 0) { - ret = sysdb_upgrade_13(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_14) == 0) { - ret = sysdb_upgrade_14(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - - if (strcmp(version, SYSDB_VERSION_0_15) == 0) { - ret = sysdb_upgrade_15(sysdb, &version); - if (ret != EOK) { - goto done; - } - } - if (strcmp(version, SYSDB_VERSION_0_16) == 0) { ret = sysdb_upgrade_16(sysdb, &version); if (ret != EOK) { @@ -917,14 +846,6 @@ int sysdb_init_ext(TALLOC_CTX *mem_ctx, TALLOC_CTX *tmp_ctx; struct sysdb_dom_upgrade_ctx *dom_upgrade_ctx; - if (upgrade_ctx != NULL) { - /* check if we have an old sssd.ldb to upgrade */ - ret = sysdb_check_upgrade_02(domains, DB_PATH); - if (ret != EOK) { - return ret; - } - } - tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { return ENOMEM; diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h index 32d3f1c7ea1..ce3f40124ca 100644 --- a/src/db/sysdb_private.h +++ b/src/db/sysdb_private.h @@ -168,24 +168,6 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, struct sysdb_ctx **_ctx); /* Upgrade routines */ -int sysdb_upgrade_01(struct ldb_context *ldb, const char **ver); -int sysdb_check_upgrade_02(struct sss_domain_info *domains, - const char *db_path); -int sysdb_upgrade_03(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_04(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_05(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_06(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_07(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_08(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_09(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_10(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, - const char **ver); -int sysdb_upgrade_11(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, - const char **ver); -int sysdb_upgrade_12(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_14(struct sysdb_ctx *sysdb, const char **ver); -int sysdb_upgrade_15(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_16(struct sysdb_ctx *sysdb, const char **ver); int sysdb_upgrade_17(struct sysdb_ctx *sysdb, struct sysdb_dom_upgrade_ctx *upgrade_ctx, diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c index 1ddc1f1a329..0407d3d530d 100644 --- a/src/db/sysdb_upgrade.c +++ b/src/db/sysdb_upgrade.c @@ -136,1474 +136,6 @@ static int finish_upgrade(int ret, struct upgrade_ctx **ctx, const char **ver) return ret; } -/* serach all groups that have a memberUid attribute. - * change it into a member attribute for a user of same domain. - * remove the memberUid attribute - * add the new member attribute - * finally stop indexing memberUid - * upgrade version to 0.2 - */ -int sysdb_upgrade_01(struct ldb_context *ldb, const char **ver) -{ - struct ldb_message_element *el; - struct ldb_result *res; - struct ldb_dn *basedn; - struct ldb_dn *mem_dn; - struct ldb_message *msg; - const struct ldb_val *val; - /* No change needed because this version has objectclass group */ - const char *filter = "(&(memberUid=*)(objectclass=group))"; - const char *attrs[] = { "memberUid", NULL }; - const char *mdn; - char *domain; - int ret, i, j; - TALLOC_CTX *tmp_ctx; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(tmp_ctx, ldb, SYSDB_VERSION_0_2, &ctx); - if (ret) { - talloc_free(tmp_ctx); - return ret; - } - - basedn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); - if (!basedn) { - ret = EIO; - goto done; - } - - ret = ldb_search(ldb, tmp_ctx, &res, - basedn, LDB_SCOPE_SUBTREE, - attrs, "%s", filter); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - - for (i = 0; i < res->count; i++) { - el = ldb_msg_find_element(res->msgs[i], "memberUid"); - if (!el) { - DEBUG(SSSDBG_CRIT_FAILURE, - "memberUid is missing from message [%s], skipping\n", - ldb_dn_get_linearized(res->msgs[i]->dn)); - continue; - } - - /* create modification message */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = res->msgs[i]->dn; - - ret = ldb_msg_add_empty(msg, "memberUid", LDB_FLAG_MOD_DELETE, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - /* get domain name component value */ - val = ldb_dn_get_component_val(res->msgs[i]->dn, 2); - domain = talloc_strndup(tmp_ctx, (const char *)val->data, val->length); - if (!domain) { - ret = ENOMEM; - goto done; - } - - for (j = 0; j < el->num_values; j++) { - mem_dn = ldb_dn_new_fmt(tmp_ctx, ldb, SYSDB_TMPL_USER, - (const char *)el->values[j].data, domain); - if (!mem_dn) { - ret = ENOMEM; - goto done; - } - - mdn = talloc_strdup(msg, ldb_dn_get_linearized(mem_dn)); - if (!mdn) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, SYSDB_MEMBER, mdn); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - talloc_zfree(mem_dn); - } - - /* ok now we are ready to modify the entry */ - ret = ldb_modify(ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - talloc_zfree(msg); - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_check_upgrade_02(struct sss_domain_info *domains, - const char *db_path) -{ - TALLOC_CTX *tmp_ctx = NULL; - struct ldb_context *ldb; - char *ldb_file; - struct sysdb_ctx *sysdb; - struct sss_domain_info *dom; - struct ldb_message_element *el; - struct ldb_message *msg; - struct ldb_result *res; - struct ldb_dn *verdn; - const char *version = NULL; - bool do_02_upgrade = false; - bool ctx_trans = false; - int ret; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ldb_file = talloc_asprintf(tmp_ctx, "%s/"LOCAL_SYSDB_FILE, - db_path); - if (ldb_file == NULL) { - ret = ENOMEM; - goto exit; - } - - ret = sysdb_ldb_connect(tmp_ctx, ldb_file, 0, &ldb); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n"); - return ret; - } - - verdn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); - if (!verdn) { - ret = EIO; - goto exit; - } - - ret = ldb_search(ldb, tmp_ctx, &res, - verdn, LDB_SCOPE_BASE, - NULL, NULL); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto exit; - } - if (res->count > 1) { - ret = EIO; - goto exit; - } - - if (res->count == 1) { - el = ldb_msg_find_element(res->msgs[0], "version"); - if (el) { - if (el->num_values != 1) { - ret = EINVAL; - goto exit; - } - version = talloc_strndup(tmp_ctx, - (char *)(el->values[0].data), - el->values[0].length); - if (!version) { - ret = ENOMEM; - goto exit; - } - - if (strcmp(version, SYSDB_VERSION) == 0) { - /* all fine, return */ - ret = EOK; - goto exit; - } - - DEBUG(SSSDBG_CONF_SETTINGS, - "Upgrading DB from version: %s\n", version); - - if (strcmp(version, SYSDB_VERSION_0_1) == 0) { - /* convert database */ - ret = sysdb_upgrade_01(ldb, &version); - if (ret != EOK) goto exit; - } - - if (strcmp(version, SYSDB_VERSION_0_2) == 0) { - /* need to convert database to split files */ - do_02_upgrade = true; - } - - } - } - - if (!do_02_upgrade) { - /* not a v2 upgrade, return and let the normal code take over any - * further upgrade */ - ret = EOK; - goto exit; - } - - /* == V2->V3 UPGRADE == */ - - DEBUG(SSSDBG_IMPORTANT_INFO, - "UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3); - - /* ldb uses posix locks, - * posix is stupid and kills all locks when you close *any* file - * descriptor associated to the same file. - * Therefore we must close and reopen the ldb file here */ - - /* == Backup and reopen ldb == */ - - /* close */ - talloc_zfree(ldb); - - /* backup*/ - ret = backup_file(ldb_file, SSSDBG_FATAL_FAILURE); - if (ret != EOK) { - goto exit; - } - - /* reopen */ - ret = sysdb_ldb_connect(tmp_ctx, ldb_file, 0, &ldb); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n"); - return ret; - } - - /* open a transaction */ - ret = ldb_transaction_start(ldb); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to start ldb transaction! (%d)\n", ret); - ret = EIO; - goto exit; - } - - /* == Upgrade contents == */ - - for (dom = domains; dom; dom = dom->next) { - struct ldb_dn *domain_dn; - struct ldb_dn *users_dn; - struct ldb_dn *groups_dn; - int i; - - /* create new dom db */ - ret = sysdb_domain_init_internal(tmp_ctx, dom, - db_path, NULL, &sysdb); - if (ret != EOK) { - goto done; - } - - ret = ldb_transaction_start(sysdb->ldb); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to start ldb transaction! (%d)\n", ret); - ret = EIO; - goto done; - } - ctx_trans = true; - - /* search all entries for this domain in local, - * copy them all in the new database, - * then remove them from local */ - - domain_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_DOM_BASE, dom->name); - if (!domain_dn) { - ret = ENOMEM; - goto done; - } - - ret = ldb_search(ldb, tmp_ctx, &res, - domain_dn, LDB_SCOPE_SUBTREE, - NULL, NULL); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - - /* - * dom->sysdb->ldb is not initialized, - * so ldb_dn_new_fmt() shouldn't be changed to sysdb_*_base_dn() - */ - users_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_TMPL_USER_BASE, dom->name); - if (!users_dn) { - ret = ENOMEM; - goto done; - } - - /* - * dom->sysdb->ldb is not initialized, - * so ldb_dn_new_fmt() shouldn't be changed to sysdb_*_base_dn() - */ - groups_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_TMPL_GROUP_BASE, dom->name); - if (!groups_dn) { - ret = ENOMEM; - goto done; - } - - for (i = 0; i < res->count; i++) { - - struct ldb_dn *orig_dn; - - msg = res->msgs[i]; - - /* skip pre-created congtainers */ - if ((ldb_dn_compare(msg->dn, domain_dn) == 0) || - (ldb_dn_compare(msg->dn, users_dn) == 0) || - (ldb_dn_compare(msg->dn, groups_dn) == 0)) { - continue; - } - - /* regenerate the DN against the new ldb as it may have different - * casefolding rules (example: name changing from case insensitive - * to case sensitive) */ - orig_dn = msg->dn; - msg->dn = ldb_dn_new(msg, sysdb->ldb, - ldb_dn_get_linearized(orig_dn)); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - ret = ldb_add(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_FATAL_FAILURE, "WARNING: Could not add entry %s," - " to new ldb file! (%d [%s])\n", - ldb_dn_get_linearized(msg->dn), - ret, ldb_errstring(sysdb->ldb)); - } - - ret = ldb_delete(ldb, orig_dn); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_FATAL_FAILURE, - "WARNING: Could not remove entry %s," - " from old ldb file! (%d [%s])\n", - ldb_dn_get_linearized(orig_dn), - ret, ldb_errstring(ldb)); - } - } - - /* now remove the basic containers from local */ - /* these were optional so debug at level 9 in case - * of failure just for tracing */ - ret = ldb_delete(ldb, groups_dn); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s," - " from old ldb file! (%d [%s])\n", - ldb_dn_get_linearized(groups_dn), - ret, ldb_errstring(ldb)); - } - ret = ldb_delete(ldb, users_dn); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s," - " from old ldb file! (%d [%s])\n", - ldb_dn_get_linearized(users_dn), - ret, ldb_errstring(ldb)); - } - ret = ldb_delete(ldb, domain_dn); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s," - " from old ldb file! (%d [%s])\n", - ldb_dn_get_linearized(domain_dn), - ret, ldb_errstring(ldb)); - } - - ret = ldb_transaction_commit(sysdb->ldb); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to commit ldb transaction! (%d)\n", ret); - ret = EIO; - goto done; - } - ctx_trans = false; - - talloc_zfree(domain_dn); - talloc_zfree(groups_dn); - talloc_zfree(users_dn); - talloc_zfree(res); - } - - /* conversion done, upgrade version number */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_3); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - ret = ldb_transaction_commit(ldb); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to commit ldb transaction! (%d)\n", ret); - ret = EIO; - goto exit; - } - - ret = EOK; - -done: - if (ret != EOK) { - if (ctx_trans) { - ret = ldb_transaction_cancel(sysdb->ldb); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to cancel ldb transaction! (%d)\n", ret); - } - } - ret = ldb_transaction_cancel(ldb); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to cancel ldb transaction! (%d)\n", ret); - } - } - -exit: - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_03(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_4, &ctx); - if (ret) { - return ret; - } - - /* Make this database case-sensitive */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_DELETE, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_04(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_5, &ctx); - if (ret) { - return ret; - } - - /* Add new index */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "@IDXATTR", "originalDN"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* Rebuild memberuid and memberoif attributes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@MEMBEROF-REBUILD"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - ret = ldb_add(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_05(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_6, &ctx); - if (ret) { - return ret; - } - - /* Add new indexes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - /* Add Index for dataExpireTimestamp */ - ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "@IDXATTR", "dataExpireTimestamp"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - /* Add index to speed up ONELEVEL searches */ - ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "@IDXONE", "1"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_06(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_7, &ctx); - if (ret) { - return ret; - } - - /* Add new indexes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - /* Case insensitive search for originalDN */ - ret = ldb_msg_add_empty(msg, SYSDB_ORIG_DN, LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, SYSDB_ORIG_DN, "CASE_INSENSITIVE"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_07(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_8, &ctx); - if (ret) { - return ret; - } - - /* Add new indexes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - /* Add Index for nameAlias */ - ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "@IDXATTR", "nameAlias"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_08(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_9, &ctx); - if (ret) { - return ret; - } - - /* Add new indexes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - /* Add Index for servicePort and serviceProtocol */ - ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "@IDXATTR", "servicePort"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_string(msg, "@IDXATTR", "serviceProtocol"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_09(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_10, &ctx); - if (ret) { - return ret; - } - - /* Add new indexes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - /* Add Index for ipHostNumber and ipNetworkNumber */ - ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_string(msg, "@IDXATTR", "sudoUser"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_10(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, - const char **ver) -{ - - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_result *res; - struct ldb_message *msg; - struct ldb_message *user; - struct ldb_message_element *memberof_el; - const char *name; - struct ldb_dn *basedn; - /* No change needed because version 10 has objectclass user */ - const char *filter = "(&(objectClass=user)(!(uidNumber=*))(memberOf=*))"; - const char *attrs[] = { "name", "memberof", NULL }; - struct upgrade_ctx *ctx; - int i, j; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_11, &ctx); - if (ret) { - return ret; - } - - /* - * dom->sysdb->ldb is not initialized, - * so ldb_dn_new_fmt() shouldn't be changed to sysdb_*_base_dn() - */ - basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, - SYSDB_TMPL_USER_BASE, domain->name); - if (basedn == NULL) { - ret = EIO; - goto done; - } - - ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE, - attrs, "%s", filter); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - - for (i = 0; i < res->count; i++) { - user = res->msgs[i]; - memberof_el = ldb_msg_find_element(user, "memberof"); - if (memberof_el == NULL) { - ret = EINVAL; - goto done; - } - - name = ldb_msg_find_attr_as_string(user, "name", NULL); - if (name == NULL) { - ret = EIO; - goto done; - } - - DEBUG(SSSDBG_TRACE_LIBS, "User [%s] is a member of %d groups\n", - name, memberof_el->num_values); - - for (j = 0; j < memberof_el->num_values; j++) { - msg = ldb_msg_new(tmp_ctx); - if (msg == NULL) { - ret = ENOMEM; - goto done; - } - - msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]); - if (msg->dn == NULL) { - ret = ENOMEM; - goto done; - } - - if (!ldb_dn_validate(msg->dn)) { - DEBUG(SSSDBG_MINOR_FAILURE, "DN validation failed during " - "upgrade: [%s]\n", - memberof_el->values[j].data); - talloc_zfree(msg); - continue; - } - - ret = ldb_msg_add_empty(msg, "ghost", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "ghost", name); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - DEBUG(SSSDBG_TRACE_FUNC, "Adding ghost [%s] to entry [%s]\n", - name, ldb_dn_get_linearized(msg->dn)); - - ret = sss_ldb_modify_permissive(sysdb->ldb, msg); - talloc_zfree(msg); - if (ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) { - /* If we failed adding the ghost user(s) because the values already - * exist, they were probably propagated from a parent that was - * upgraded before us. Mark the group as expired so that it is - * refreshed on next request. - */ - msg = ldb_msg_new(tmp_ctx); - if (msg == NULL) { - ret = ENOMEM; - goto done; - } - - msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]); - if (msg->dn == NULL) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_empty(msg, SYSDB_CACHE_EXPIRE, - LDB_FLAG_MOD_REPLACE, NULL); - if (ret != LDB_SUCCESS) { - goto done; - } - - ret = ldb_msg_add_string(msg, SYSDB_CACHE_EXPIRE, "1"); - if (ret != LDB_SUCCESS) { - goto done; - } - - ret = sss_ldb_modify_permissive(sysdb->ldb, msg); - talloc_zfree(msg); - if (ret != LDB_SUCCESS) { - goto done; - } - } else if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - } - - DEBUG(SSSDBG_TRACE_FUNC, "Removing fake user [%s]\n", - ldb_dn_get_linearized(user->dn)); - - ret = ldb_delete(sysdb->ldb, user->dn); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_11(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, - const char **ver) -{ - TALLOC_CTX *tmp_ctx; - errno_t ret; - struct ldb_result *res; - struct ldb_message *entry; - const char *key; - const char *value; - struct ldb_message_element *memberof_el; - struct ldb_dn *memberof_dn; - struct ldb_dn *basedn; - const struct ldb_val *val; - const char *attrs[] = { SYSDB_AUTOFS_ENTRY_KEY, - SYSDB_AUTOFS_ENTRY_VALUE, - SYSDB_MEMBEROF, - NULL }; - struct upgrade_ctx *ctx; - size_t i, j; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_12, &ctx); - if (ret) { - return ret; - } - - basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, - AUTOFS_ENTRY_SUBDIR, domain->name); - if (basedn == NULL) { - ret = ENOMEM; - goto done; - } - - ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE, - attrs, "(objectClass=%s)", SYSDB_AUTOFS_ENTRY_OC); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - - DEBUG(SSSDBG_TRACE_LIBS, "Found %d autofs entries\n", res->count); - - for (i = 0; i < res->count; i++) { - entry = res->msgs[i]; - key = ldb_msg_find_attr_as_string(entry, - SYSDB_AUTOFS_ENTRY_KEY, NULL); - value = ldb_msg_find_attr_as_string(entry, - SYSDB_AUTOFS_ENTRY_VALUE, NULL); - memberof_el = ldb_msg_find_element(entry, SYSDB_MEMBEROF); - - if (key && value && memberof_el) { - for (j = 0; j < memberof_el->num_values; j++) { - memberof_dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, - &(memberof_el->values[j])); - if (!memberof_dn) { - DEBUG(SSSDBG_OP_FAILURE, "Cannot convert memberof into DN, skipping\n"); - continue; - } - - val = ldb_dn_get_rdn_val(memberof_dn); - if (!val) { - DEBUG(SSSDBG_OP_FAILURE, "Cannot get map name from map DN\n"); - continue; - } - - ret = sysdb_save_autofsentry(domain, - (const char *) val->data, - key, value, NULL, 0, 0); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, - "Cannot save autofs entry [%s]-[%s] into map %s\n", - key, value, val->data); - continue; - } - } - - } - - /* Delete the old entry if it was either processed or incomplete */ - DEBUG(SSSDBG_TRACE_LIBS, "Deleting [%s]\n", - ldb_dn_get_linearized(entry->dn)); - - ret = ldb_delete(sysdb->ldb, entry->dn); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Cannot delete old autofs entry %s\n", - ldb_dn_get_linearized(entry->dn)); - continue; - } - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_12(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_13, &ctx); - if (ret) { - return ret; - } - - /* add new indexes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - /* add index for sshKnownHostsExpire */ - ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_msg_add_string(msg, "@IDXATTR", "sshKnownHostsExpire"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - -int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver) -{ - struct upgrade_ctx *ctx; - struct ldb_result *dom_res; - struct ldb_result *res; - struct ldb_dn *basedn; - const char *attrs[] = { "cn", "name", NULL }; - const char *tmp_str; - errno_t ret; - int i, j, l, n; - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx); - if (ret) { - return ret; - } - - basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE); - if (!basedn) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n"); - ret = EIO; - goto done; - } - - ret = ldb_search(sysdb->ldb, ctx, &dom_res, - basedn, LDB_SCOPE_ONELEVEL, - attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to search subdomains\n"); - ret = EIO; - goto done; - } - - for (i = 0; i < dom_res->count; i++) { - - tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL); - if (tmp_str == NULL) { - DEBUG(SSSDBG_MINOR_FAILURE, - "The object [%s] doesn't have a name\n", - ldb_dn_get_linearized(dom_res->msgs[i]->dn)); - continue; - } - - basedn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_DOM_BASE, tmp_str); - if (!basedn) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to build base dn for subdomain %s\n", tmp_str); - continue; - } - - ret = ldb_search(sysdb->ldb, ctx, &res, - basedn, LDB_SCOPE_SUBTREE, attrs, NULL); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to search subdomain %s\n", tmp_str); - talloc_free(basedn); - continue; - } - - l = ldb_dn_get_comp_num(basedn); - for (j = 0; j < res->count; j++) { - n = ldb_dn_get_comp_num(res->msgs[j]->dn); - if (n <= l + 1) { - /* Do not remove subdomain containers, only their contents */ - continue; - } - ret = ldb_delete(sysdb->ldb, res->msgs[j]->dn); - if (ret) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to delete %s\n", - ldb_dn_get_linearized(res->msgs[j]->dn)); - continue; - } - } - - talloc_free(basedn); - talloc_free(res); - } - - talloc_free(dom_res); - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - return ret; -} - -int sysdb_upgrade_14(struct sysdb_ctx *sysdb, const char **ver) -{ - struct upgrade_ctx *ctx; - struct ldb_message *msg; - struct ldb_result *res; - struct ldb_dn *basedn; - struct ldb_dn *newdn; - const char *attrs[] = { SYSDB_NAME, NULL }; - const char *tmp_str; - errno_t ret; - int i; - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_15, &ctx); - if (ret) { - return ret; - } - - basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE); - if (!basedn) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n"); - ret = EIO; - goto done; - } - - /* create base ranges container */ - msg = ldb_msg_new(ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(msg, sysdb->ldb, SYSDB_TMPL_RANGE_BASE); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, "cn", "ranges"); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - /* do a synchronous add */ - ret = ldb_add(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_FATAL_FAILURE, - "Failed to upgrade DB (%d, [%s])!\n", - ret, ldb_errstring(sysdb->ldb)); - ret = EIO; - goto done; - } - talloc_zfree(msg); - - ret = ldb_search(sysdb->ldb, ctx, &res, - basedn, LDB_SCOPE_SUBTREE, attrs, - "objectclass=%s", SYSDB_ID_RANGE_CLASS); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_OP_FAILURE, "Failed to search range objects\n"); - ret = EIO; - goto done; - } - - /* Failure to convert any range is not fatal. As long as there are no - * left-over objects we can fail to move them around, as they will be - * recreated on the next online access */ - for (i = 0; i < res->count; i++) { - tmp_str = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL); - if (tmp_str == NULL) { - DEBUG(SSSDBG_OP_FAILURE, - "The object [%s] doesn't have a name\n", - ldb_dn_get_linearized(res->msgs[i]->dn)); - ret = ldb_delete(sysdb->ldb, res->msgs[i]->dn); - if (ret) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to delete %s\n", - ldb_dn_get_linearized(res->msgs[i]->dn)); - ret = EIO; - goto done; - } - continue; - } - - newdn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_TMPL_RANGE, tmp_str); - if (!newdn) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to create new DN to move [%s]\n", - ldb_dn_get_linearized(res->msgs[i]->dn)); - ret = ENOMEM; - goto done; - } - ret = ldb_rename(sysdb->ldb, res->msgs[i]->dn, newdn); - if (ret != LDB_SUCCESS) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Failed to move [%s] to [%s]\n", - ldb_dn_get_linearized(res->msgs[i]->dn), - ldb_dn_get_linearized(newdn)); - ret = ldb_delete(sysdb->ldb, res->msgs[i]->dn); - if (ret) { - DEBUG(SSSDBG_OP_FAILURE, - "Failed to delete %s\n", - ldb_dn_get_linearized(res->msgs[i]->dn)); - ret = EIO; - goto done; - } - } - talloc_zfree(newdn); - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - return ret; -} - -int sysdb_upgrade_15(struct sysdb_ctx *sysdb, const char **ver) -{ - TALLOC_CTX *tmp_ctx; - int ret; - struct ldb_message *msg; - struct upgrade_ctx *ctx; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_16, &ctx); - if (ret) { - return ret; - } - - /* Add new indexes */ - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES"); - if (!msg->dn) { - ret = ENOMEM; - goto done; - } - - /* Case insensitive search for canonicalUserPrincipalName */ - ret = ldb_msg_add_empty(msg, SYSDB_CANONICAL_UPN, LDB_FLAG_MOD_ADD, NULL); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - ret = ldb_msg_add_string(msg, SYSDB_CANONICAL_UPN, "CASE_INSENSITIVE"); - if (ret != LDB_SUCCESS) { - ret = ENOMEM; - goto done; - } - - ret = ldb_modify(sysdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(ret); - goto done; - } - - /* conversion done, update version number */ - ret = update_version(ctx); - -done: - ret = finish_upgrade(ret, &ctx, ver); - talloc_free(tmp_ctx); - return ret; -} - int sysdb_upgrade_16(struct sysdb_ctx *sysdb, const char **ver) { struct ldb_message *msg; From c40f7c431d8f8af6c359833e1ce9eecd5b92007b Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Wed, 4 Sep 2024 13:48:38 +0200 Subject: [PATCH 2/3] SYSDB: only monitor (and tests) should create cache files Everything else (providers, responders, tools) should only connect to. --- src/db/sysdb.h | 1 + src/db/sysdb_init.c | 14 ++++++++--- src/db/sysdb_private.h | 1 + src/monitor/monitor.c | 2 +- src/tests/auth-tests.c | 2 +- src/tests/cmocka/test_ldap_id_cleanup.c | 2 +- src/tests/cmocka/test_sysdb_views.c | 2 +- src/tests/common.h | 6 +++++ src/tests/common_dom.c | 32 +++++++++++++++++++++++-- src/tests/sysdb-tests.c | 2 +- src/tests/sysdb_ssh-tests.c | 2 +- 11 files changed, 55 insertions(+), 11 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 1c7c8f5e8c7..b9222ee80b3 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -804,6 +804,7 @@ struct sysdb_upgrade_ctx { int sysdb_init_ext(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, + bool create_missing_cache, struct sysdb_upgrade_ctx *upgrade_ctx); /* used to initialize only one domain database. diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c index a078cd9a18a..6a1716bb159 100644 --- a/src/db/sysdb_init.c +++ b/src/db/sysdb_init.c @@ -776,10 +776,12 @@ static int sysdb_timestamp_cache_connect(struct sysdb_ctx *sysdb, int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *db_path, + bool create_missing_cache, struct sysdb_dom_upgrade_ctx *upgrade_ctx, struct sysdb_ctx **_ctx) { TALLOC_CTX *tmp_ctx = NULL; + bool ldb_file_missing; struct sysdb_ctx *sysdb; int ret; @@ -799,6 +801,11 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, if (ret != EOK) { goto done; } + ldb_file_missing = (access(sysdb->ldb_file, F_OK) == -1 && errno == ENOENT); + if (ldb_file_missing && !create_missing_cache) { + ret = ENOENT; + goto done; + } DEBUG(SSSDBG_FUNC_DATA, "DB File for %s: %s\n", domain->name, sysdb->ldb_file); if (sysdb->ldb_ts_file) { @@ -833,11 +840,12 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, int sysdb_init(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains) { - return sysdb_init_ext(mem_ctx, domains, NULL); + return sysdb_init_ext(mem_ctx, domains, false, NULL); } int sysdb_init_ext(TALLOC_CTX *mem_ctx, struct sss_domain_info *domains, + bool create_missing_cache, struct sysdb_upgrade_ctx *upgrade_ctx) { struct sss_domain_info *dom; @@ -868,7 +876,7 @@ int sysdb_init_ext(TALLOC_CTX *mem_ctx, dom_upgrade_ctx = NULL; } - ret = sysdb_domain_init_internal(tmp_ctx, dom, DB_PATH, + ret = sysdb_domain_init_internal(tmp_ctx, dom, DB_PATH, create_missing_cache, dom_upgrade_ctx, &sysdb); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -892,5 +900,5 @@ int sysdb_domain_init(TALLOC_CTX *mem_ctx, struct sysdb_ctx **_ctx) { return sysdb_domain_init_internal(mem_ctx, domain, - db_path, NULL, _ctx); + db_path, false, NULL, _ctx); } diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h index ce3f40124ca..cd1d3ec9c8e 100644 --- a/src/db/sysdb_private.h +++ b/src/db/sysdb_private.h @@ -164,6 +164,7 @@ struct sysdb_dom_upgrade_ctx { int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *db_path, + bool create_missing_cache, struct sysdb_dom_upgrade_ctx *upgrade_ctx, struct sysdb_ctx **_ctx); diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index eebef40040e..6366c0dee12 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -1556,7 +1556,7 @@ static int monitor_process_init(struct mt_ctx *ctx) } db_up_ctx.cdb = ctx->cdb; - ret = sysdb_init_ext(tmp_ctx, ctx->domains, &db_up_ctx); + ret = sysdb_init_ext(tmp_ctx, ctx->domains, true, &db_up_ctx); if (ret != EOK) { DEBUG(SSSDBG_TRACE_FUNC, "sysdb_init_ext() failed: '%s'\n", sss_strerror(ret)); diff --git a/src/tests/auth-tests.c b/src/tests/auth-tests.c index c8f99b63aef..5062a3ed4a4 100644 --- a/src/tests/auth-tests.c +++ b/src/tests/auth-tests.c @@ -134,7 +134,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) return ret; } - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "FILES", + ret = test_domain_init(test_ctx, test_ctx->confdb, "FILES", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { ck_abort_msg("Could not initialize connection to the sysdb (%d)", ret); diff --git a/src/tests/cmocka/test_ldap_id_cleanup.c b/src/tests/cmocka/test_ldap_id_cleanup.c index ae5b0dd663b..e168aa301db 100644 --- a/src/tests/cmocka/test_ldap_id_cleanup.c +++ b/src/tests/cmocka/test_ldap_id_cleanup.c @@ -99,7 +99,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) "config/domain/FILES", "cache_credentials", val); assert_int_equal(ret, EOK); - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "FILES", + ret = test_domain_init(test_ctx, test_ctx->confdb, "FILES", TESTS_PATH, &test_ctx->domain); assert_int_equal(ret, EOK); diff --git a/src/tests/cmocka/test_sysdb_views.c b/src/tests/cmocka/test_sysdb_views.c index d3a6ed5707c..b7b06337ca4 100644 --- a/src/tests/cmocka/test_sysdb_views.c +++ b/src/tests/cmocka/test_sysdb_views.c @@ -107,7 +107,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) "config/domain/FILES", "cache_credentials", val); assert_int_equal(ret, EOK); - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "FILES", + ret = test_domain_init(test_ctx, test_ctx->confdb, "FILES", TESTS_PATH, &test_ctx->domain); assert_int_equal(ret, EOK); diff --git a/src/tests/common.h b/src/tests/common.h index 662db17ca08..323785dd2b7 100644 --- a/src/tests/common.h +++ b/src/tests/common.h @@ -92,6 +92,12 @@ struct sss_test_ctx *create_ev_test_ctx(TALLOC_CTX *mem_ctx); void reset_ldb_errstrings(struct sss_domain_info *dom); +errno_t test_domain_init(TALLOC_CTX *mem_ctx, + struct confdb_ctx *cdb, + const char *domain_name, + const char *db_path, + struct sss_domain_info **_domain); + struct sss_test_ctx * create_multidom_test_ctx(TALLOC_CTX *mem_ctx, const char *tests_path, diff --git a/src/tests/common_dom.c b/src/tests/common_dom.c index 267d5f50f9a..1fa1875fd7f 100644 --- a/src/tests/common_dom.c +++ b/src/tests/common_dom.c @@ -181,6 +181,34 @@ void reset_ldb_errstrings(struct sss_domain_info *dom) } } +errno_t test_domain_init(TALLOC_CTX *mem_ctx, + struct confdb_ctx *cdb, + const char *domain_name, + const char *db_path, + struct sss_domain_info **_domain) +{ + /* This is a replacement of `sssd_domain_init()` + * that uses `sysdb_domain_init_internal()` instead of `sysdb_domain_init()` + * under the hood to let tests create sysdb cache files + */ + int ret; + + ret = confdb_get_domain(cdb, domain_name, _domain); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Error retrieving domain configuration.\n"); + return ret; + } + + ret = sysdb_domain_init_internal(mem_ctx, *_domain, + db_path, true, NULL, &(*_domain)->sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Error opening cache database.\n"); + return ret; + } + + return EOK; +} + static errno_t mock_domain(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, @@ -192,9 +220,9 @@ mock_domain(TALLOC_CTX *mem_ctx, errno_t ret; /* initialize sysdb */ - ret = sssd_domain_init(mem_ctx, cdb, name, db_path, &domain); + ret = test_domain_init(mem_ctx, cdb, name, db_path, &domain); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sssd_domain_init() of %s failed " + DEBUG(SSSDBG_CRIT_FAILURE, "test_domain_init() of %s failed " "[%d]: %s\n", name, ret, sss_strerror(ret)); goto done; } diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index f9f347da7ab..8d055203985 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -151,7 +151,7 @@ static int _setup_sysdb_tests(struct sysdb_test_ctx **ctx, bool enumerate) return ret; } - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "FILES", + ret = test_domain_init(test_ctx, test_ctx->confdb, "FILES", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { ck_abort_msg("Could not initialize connection to the sysdb (%d)", ret); diff --git a/src/tests/sysdb_ssh-tests.c b/src/tests/sysdb_ssh-tests.c index f21e50c19ee..393049015d6 100644 --- a/src/tests/sysdb_ssh-tests.c +++ b/src/tests/sysdb_ssh-tests.c @@ -129,7 +129,7 @@ static int setup_sysdb_tests(struct sysdb_test_ctx **ctx) return ret; } - ret = sssd_domain_init(test_ctx, test_ctx->confdb, "FILES", + ret = test_domain_init(test_ctx, test_ctx->confdb, "FILES", TESTS_PATH, &test_ctx->domain); if (ret != EOK) { ck_abort_msg("Could not initialize connection to the sysdb (%d)", ret); From 083130e30fbea02ccfa6e5345e51d1c7f3ebfaf3 Mon Sep 17 00:00:00 2001 From: Alexey Tikhonov Date: Sat, 14 Sep 2024 18:44:13 +0200 Subject: [PATCH 3/3] SYSDB: removed unused define --- src/db/sysdb.h | 1 - 1 file changed, 1 deletion(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index b9222ee80b3..047a4877fed 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -30,7 +30,6 @@ #define CACHE_SYSDB_FILE "cache_%s.ldb" #define CACHE_TIMESTAMPS_FILE "timestamps_%s.ldb" -#define LOCAL_SYSDB_FILE "sssd.ldb" #define SYSDB_INDEXES "@INDEXLIST" #define SYSDB_IDXATTR "@IDXATTR"