Blame SOURCES/0057-sysdb-remove-IDXONE-and-objectClass-from-users-and-g.patch

ced1f5
From 0f907d8501387ec32dbb00e1c38d5da25e698f90 Mon Sep 17 00:00:00 2001
ced1f5
From: Sumit Bose <sbose@redhat.com>
ced1f5
Date: Tue, 14 Nov 2017 13:14:14 +0100
ced1f5
Subject: [PATCH 57/57] sysdb: remove IDXONE and objectClass from users and
ced1f5
 groups
ced1f5
MIME-Version: 1.0
ced1f5
Content-Type: text/plain; charset=UTF-8
ced1f5
Content-Transfer-Encoding: 8bit
ced1f5
ced1f5
This patch does the needed sysdb update for the previous to patches. It
ced1f5
removes the one-level search index IDXONE and replaces objectClass with
ced1f5
objectCategory in the user and group objects.
ced1f5
ced1f5
Related to https://pagure.io/SSSD/sssd/issue/3503
ced1f5
ced1f5
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
ced1f5
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ced1f5
(cherry picked from commit 2927da49dd8a16fff6312d89ad43cc355655800c)
ced1f5
---
ced1f5
 src/db/sysdb_init.c    |  52 +++++++++++-
ced1f5
 src/db/sysdb_private.h |  11 ++-
ced1f5
 src/db/sysdb_upgrade.c | 217 +++++++++++++++++++++++++++++++++++++++++++++++++
ced1f5
 3 files changed, 274 insertions(+), 6 deletions(-)
ced1f5
ced1f5
diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
ced1f5
index 44a7918f603fe1368b7d81738666de6bb47b83d0..74ad23f3050da0ae14fa495d2302f4a858fcd3c5 100644
ced1f5
--- a/src/db/sysdb_init.c
ced1f5
+++ b/src/db/sysdb_init.c
ced1f5
@@ -359,8 +359,48 @@ static errno_t sysdb_ts_cache_upgrade(TALLOC_CTX *mem_ctx,
ced1f5
                                       const char *cur_version,
ced1f5
                                       const char **_new_version)
ced1f5
 {
ced1f5
-    /* Currently the sysdb cache only has one version */
ced1f5
-    return EFAULT;
ced1f5
+    errno_t ret;
ced1f5
+    TALLOC_CTX *tmp_ctx;
ced1f5
+    const char *version;
ced1f5
+    struct ldb_context *save_ldb;
ced1f5
+
ced1f5
+    tmp_ctx = talloc_new(NULL);
ced1f5
+    if (tmp_ctx == NULL) {
ced1f5
+        return ENOMEM;
ced1f5
+    }
ced1f5
+
ced1f5
+    /* The upgrade process depends on having ldb around, yet the upgrade
ced1f5
+     * function shouldn't set the ldb pointer, only the connect function
ced1f5
+     * should after it's successful. To avoid hard refactoring, save the
ced1f5
+     * ldb pointer here and restore in the 'done' handler
ced1f5
+     */
ced1f5
+    save_ldb = sysdb->ldb;
ced1f5
+    sysdb->ldb = ldb;
ced1f5
+
ced1f5
+    version = talloc_strdup(tmp_ctx, cur_version);
ced1f5
+    if (version == NULL) {
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    DEBUG(SSSDBG_CONF_SETTINGS,
ced1f5
+          "Upgrading timstamp cache of DB [%s] from version: %s\n",
ced1f5
+          domain->name, version);
ced1f5
+
ced1f5
+    if (strcmp(version, SYSDB_TS_VERSION_0_1) == 0) {
ced1f5
+        ret = sysdb_ts_upgrade_01(sysdb, &version);
ced1f5
+        if (ret != EOK) {
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = EOK;
ced1f5
+
ced1f5
+done:
ced1f5
+    sysdb->ldb = save_ldb;
ced1f5
+    *_new_version = version;
ced1f5
+    talloc_free(tmp_ctx);
ced1f5
+    return ret;
ced1f5
 }
ced1f5
 
ced1f5
 static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx,
ced1f5
@@ -511,6 +551,14 @@ static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx,
ced1f5
         }
ced1f5
     }
ced1f5
 
ced1f5
+    if (strcmp(version, SYSDB_VERSION_0_19) == 0) {
ced1f5
+        ret = sysdb_upgrade_19(sysdb, &version);
ced1f5
+        if (ret != EOK) {
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+    }
ced1f5
+
ced1f5
+
ced1f5
     ret = EOK;
ced1f5
 done:
ced1f5
     sysdb->ldb = save_ldb;
ced1f5
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
ced1f5
index dbd75615bc212e73c4338a76dceaa68a5889ed1d..cac06ba46da23080d1ab661502d0792bd37b9291 100644
ced1f5
--- a/src/db/sysdb_private.h
ced1f5
+++ b/src/db/sysdb_private.h
ced1f5
@@ -23,6 +23,7 @@
ced1f5
 #ifndef __INT_SYS_DB_H__
ced1f5
 #define __INT_SYS_DB_H__
ced1f5
 
ced1f5
+#define SYSDB_VERSION_0_20 "0.20"
ced1f5
 #define SYSDB_VERSION_0_19 "0.19"
ced1f5
 #define SYSDB_VERSION_0_18 "0.18"
ced1f5
 #define SYSDB_VERSION_0_17 "0.17"
ced1f5
@@ -43,7 +44,7 @@
ced1f5
 #define SYSDB_VERSION_0_2 "0.2"
ced1f5
 #define SYSDB_VERSION_0_1 "0.1"
ced1f5
 
ced1f5
-#define SYSDB_VERSION SYSDB_VERSION_0_19
ced1f5
+#define SYSDB_VERSION SYSDB_VERSION_0_20
ced1f5
 
ced1f5
 #define SYSDB_BASE_LDIF \
ced1f5
      "dn: @ATTRIBUTES\n" \
ced1f5
@@ -72,7 +73,6 @@
ced1f5
      "@IDXATTR: sudoUser\n" \
ced1f5
      "@IDXATTR: sshKnownHostsExpire\n" \
ced1f5
      "@IDXATTR: objectSIDString\n" \
ced1f5
-     "@IDXONE: 1\n" \
ced1f5
      "@IDXATTR: ghost\n" \
ced1f5
      "@IDXATTR: userPrincipalName\n" \
ced1f5
      "@IDXATTR: canonicalUserPrincipalName\n" \
ced1f5
@@ -92,9 +92,10 @@
ced1f5
      "\n"
ced1f5
 
ced1f5
 /* The timestamp cache has its own versioning */
ced1f5
+#define SYSDB_TS_VERSION_0_2 "0.2"
ced1f5
 #define SYSDB_TS_VERSION_0_1 "0.1"
ced1f5
 
ced1f5
-#define SYSDB_TS_VERSION SYSDB_TS_VERSION_0_1
ced1f5
+#define SYSDB_TS_VERSION SYSDB_TS_VERSION_0_2
ced1f5
 
ced1f5
 #define SYSDB_TS_BASE_LDIF \
ced1f5
      "dn: @ATTRIBUTES\n" \
ced1f5
@@ -103,7 +104,6 @@
ced1f5
      "dn: @INDEXLIST\n" \
ced1f5
      "@IDXATTR: lastUpdate\n" \
ced1f5
      "@IDXATTR: dataExpireTimestamp\n" \
ced1f5
-     "@IDXONE: 1\n" \
ced1f5
      "\n" \
ced1f5
      "dn: cn=sysdb\n" \
ced1f5
      "cn: sysdb\n" \
ced1f5
@@ -169,6 +169,9 @@ int sysdb_upgrade_17(struct sysdb_ctx *sysdb,
ced1f5
                      struct sysdb_dom_upgrade_ctx *upgrade_ctx,
ced1f5
                      const char **ver);
ced1f5
 int sysdb_upgrade_18(struct sysdb_ctx *sysdb, const char **ver);
ced1f5
+int sysdb_upgrade_19(struct sysdb_ctx *sysdb, const char **ver);
ced1f5
+
ced1f5
+int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver);
ced1f5
 
ced1f5
 int sysdb_add_string(struct ldb_message *msg,
ced1f5
                      const char *attr, const char *value);
ced1f5
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
ced1f5
index 365d45f7ebd78523ca9ec4b9c2158cc09acb5489..bc157a24664239bc1255e49a1825243a07acc90f 100644
ced1f5
--- a/src/db/sysdb_upgrade.c
ced1f5
+++ b/src/db/sysdb_upgrade.c
ced1f5
@@ -2317,6 +2317,223 @@ done:
ced1f5
     return ret;
ced1f5
 }
ced1f5
 
ced1f5
+static errno_t add_object_category(struct ldb_context *ldb,
ced1f5
+                                   struct upgrade_ctx *ctx)
ced1f5
+{
ced1f5
+    errno_t ret;
ced1f5
+    struct ldb_result *objects = NULL;
ced1f5
+    const char *attrs[] = { SYSDB_OBJECTCLASS, NULL };
ced1f5
+    struct ldb_dn *base_dn;
ced1f5
+    size_t c;
ced1f5
+    const char *class_name;
ced1f5
+    struct ldb_message *msg = NULL;
ced1f5
+    struct ldb_message *del_msg = NULL;
ced1f5
+
ced1f5
+    base_dn = ldb_dn_new(ctx, ldb, SYSDB_BASE);
ced1f5
+    if (base_dn == NULL) {
ced1f5
+        DEBUG(SSSDBG_CRIT_FAILURE, "Failed create base dn.\n");
ced1f5
+        return ENOMEM;
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = ldb_search(ldb, ctx, &objects, base_dn,
ced1f5
+                     LDB_SCOPE_SUBTREE, attrs,
ced1f5
+                     "(|("SYSDB_OBJECTCLASS"="SYSDB_USER_CLASS")"
ced1f5
+                       "("SYSDB_OBJECTCLASS"="SYSDB_GROUP_CLASS"))");
ced1f5
+    talloc_free(base_dn);
ced1f5
+    if (ret != LDB_SUCCESS) {
ced1f5
+        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to search objects: %d\n", ret);
ced1f5
+        ret = sysdb_error_to_errno(ret);
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    if (objects == NULL || objects->count == 0) {
ced1f5
+        DEBUG(SSSDBG_TRACE_LIBS, "No objects found, nothing to do.");
ced1f5
+        ret = EOK;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    del_msg = ldb_msg_new(ctx);
ced1f5
+    if (del_msg == NULL) {
ced1f5
+        DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+    ret = ldb_msg_add_empty(del_msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_DELETE,
ced1f5
+                            NULL);
ced1f5
+    if (ret != LDB_SUCCESS) {
ced1f5
+        DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ced1f5
+        ret = sysdb_error_to_errno(ret);
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    DEBUG(SSSDBG_TRACE_ALL, "Found [%d] objects.\n", objects->count);
ced1f5
+    for (c = 0; c < objects->count; c++) {
ced1f5
+        DEBUG(SSSDBG_TRACE_ALL, "Updating [%s].\n",
ced1f5
+              ldb_dn_get_linearized(objects->msgs[c]->dn));
ced1f5
+
ced1f5
+        class_name = ldb_msg_find_attr_as_string(objects->msgs[c],
ced1f5
+                                                 SYSDB_OBJECTCLASS, NULL);
ced1f5
+        if (class_name == NULL) {
ced1f5
+            DEBUG(SSSDBG_OP_FAILURE, "Searched objects by objectClass, "
ced1f5
+                                     "but result does not have one.\n");
ced1f5
+            ret = EINVAL;
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+
ced1f5
+        talloc_free(msg);
ced1f5
+        msg = ldb_msg_new(ctx);
ced1f5
+        if (msg == NULL) {
ced1f5
+            DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
ced1f5
+            ret = ENOMEM;
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+
ced1f5
+        msg->dn = objects->msgs[c]->dn;
ced1f5
+        del_msg->dn = objects->msgs[c]->dn;
ced1f5
+
ced1f5
+        ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCATEGORY, LDB_FLAG_MOD_ADD,
ced1f5
+                                NULL);
ced1f5
+        if (ret != LDB_SUCCESS) {
ced1f5
+            DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ced1f5
+            ret = sysdb_error_to_errno(ret);
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+
ced1f5
+        ret = ldb_msg_add_string(msg, SYSDB_OBJECTCATEGORY, class_name);
ced1f5
+        if (ret != LDB_SUCCESS) {
ced1f5
+            DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
ced1f5
+            ret = sysdb_error_to_errno(ret);
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+
ced1f5
+        DEBUG(SSSDBG_TRACE_ALL, "Adding [%s] to [%s].\n", class_name,
ced1f5
+              ldb_dn_get_linearized(objects->msgs[c]->dn));
ced1f5
+        ret = ldb_modify(ldb, msg);
ced1f5
+        if (ret != LDB_SUCCESS) {
ced1f5
+            DEBUG(SSSDBG_OP_FAILURE,
ced1f5
+                  "Failed to add objectCategory to %s: %d.\n",
ced1f5
+                  ldb_dn_get_linearized(objects->msgs[c]->dn),
ced1f5
+                  sysdb_error_to_errno(ret));
ced1f5
+            ret = sysdb_error_to_errno(ret);
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+
ced1f5
+        ret = ldb_modify(ldb, del_msg);
ced1f5
+        if (ret != LDB_SUCCESS) {
ced1f5
+            DEBUG(SSSDBG_OP_FAILURE,
ced1f5
+                  "Failed to remove objectClass from %s: %d.\n",
ced1f5
+                  ldb_dn_get_linearized(objects->msgs[c]->dn),
ced1f5
+                  sysdb_error_to_errno(ret));
ced1f5
+            ret = sysdb_error_to_errno(ret);
ced1f5
+            goto done;
ced1f5
+        }
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = EOK;
ced1f5
+
ced1f5
+done:
ced1f5
+    talloc_free(msg);
ced1f5
+    talloc_free(del_msg);
ced1f5
+    talloc_free(objects);
ced1f5
+
ced1f5
+    return ret;
ced1f5
+}
ced1f5
+
ced1f5
+int sysdb_upgrade_19(struct sysdb_ctx *sysdb, const char **ver)
ced1f5
+{
ced1f5
+    struct upgrade_ctx *ctx;
ced1f5
+    errno_t ret;
ced1f5
+    struct ldb_message *msg = NULL;
ced1f5
+
ced1f5
+    ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_20, &ctx;;
ced1f5
+    if (ret) {
ced1f5
+        return ret;
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = add_object_category(sysdb->ldb, ctx);
ced1f5
+    if (ret != EOK) {
ced1f5
+        DEBUG(SSSDBG_CRIT_FAILURE, "add_object_category failed.\n");
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    /* Remove @IDXONE from index */
ced1f5
+    msg = ldb_msg_new(ctx);
ced1f5
+    if (msg == NULL) {
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
ced1f5
+    if (msg->dn == NULL) {
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_DELETE, NULL);
ced1f5
+    if (ret != LDB_SUCCESS) {
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = ldb_modify(sysdb->ldb, msg);
ced1f5
+    if (ret != LDB_SUCCESS) {
ced1f5
+        ret = sysdb_error_to_errno(ret);
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    /* conversion done, update version number */
ced1f5
+    ret = update_version(ctx);
ced1f5
+
ced1f5
+done:
ced1f5
+    ret = finish_upgrade(ret, &ctx, ver);
ced1f5
+    return ret;
ced1f5
+}
ced1f5
+
ced1f5
+int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver)
ced1f5
+{
ced1f5
+    struct upgrade_ctx *ctx;
ced1f5
+    errno_t ret;
ced1f5
+    struct ldb_message *msg = NULL;
ced1f5
+
ced1f5
+    ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_TS_VERSION_0_2, &ctx;;
ced1f5
+    if (ret) {
ced1f5
+        return ret;
ced1f5
+    }
ced1f5
+
ced1f5
+    /* Remove @IDXONE from index */
ced1f5
+    talloc_free(msg);
ced1f5
+    msg = ldb_msg_new(ctx);
ced1f5
+    if (msg == NULL) {
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
ced1f5
+    if (msg->dn == NULL) {
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_DELETE, NULL);
ced1f5
+    if (ret != LDB_SUCCESS) {
ced1f5
+        ret = ENOMEM;
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    ret = ldb_modify(sysdb->ldb, msg);
ced1f5
+    if (ret != LDB_SUCCESS) {
ced1f5
+        ret = sysdb_error_to_errno(ret);
ced1f5
+        goto done;
ced1f5
+    }
ced1f5
+
ced1f5
+    /* conversion done, update version number */
ced1f5
+    ret = update_version(ctx);
ced1f5
+
ced1f5
+done:
ced1f5
+    ret = finish_upgrade(ret, &ctx, ver);
ced1f5
+    return ret;
ced1f5
+}
ced1f5
+
ced1f5
 /*
ced1f5
  * Example template for future upgrades.
ced1f5
  * Copy and change version numbers as appropriate.
ced1f5
-- 
ced1f5
2.14.3
ced1f5