Handle conversion to fully qualified usernames

In subdomains we have to use fully qualified usernames. Unfortunately we have no other good option than simply removing caches for users of subdomains. This is because the memberof plugin does not support the rename operation.
author: Simo Sorce <simo@redhat.com> 2012-11-16 20:25:44 +0000
committer: Jakub Hrozek <jhrozek@redhat.com> 2012-11-19 15:31:04 +0100
commit: d993dc0a566dbf79f808d0ec35c8e61806f34e40 (patch)
tree: c29cf46da64f61d9e035bf9b6c9f88fa80e52007
parent: 6ee65c5580ef25c72b29fb73ea4d9ace6b7e85c5 (diff)
download: sssd-d993dc0a566dbf79f808d0ec35c8e61806f34e40.tar.gz
sssd-d993dc0a566dbf79f808d0ec35c8e61806f34e40.tar.xz
sssd-d993dc0a566dbf79f808d0ec35c8e61806f34e40.zip
3 files changed, 98 insertions, 1 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index dda288f76..e82c18495 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -1146,6 +1146,13 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
                 }
             }
 
+            if (strcmp(version, SYSDB_VERSION_0_13) == 0) {
+                ret = sysdb_upgrade_13(sysdb, &version);
+                if (ret != EOK) {
+                    goto done;
+                }
+            }
+
             /* The version should now match SYSDB_VERSION.
              * If not, it means we didn't match any of the
              * known older versions. The DB might be
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
index bde4c6038..a2af8b93f 100644
--- a/src/db/sysdb_private.h
+++ b/src/db/sysdb_private.h
@@ -23,6 +23,7 @@
 #ifndef __INT_SYS_DB_H__
 #define __INT_SYS_DB_H__
 
+#define SYSDB_VERSION_0_14 "0.14"
 #define SYSDB_VERSION_0_13 "0.13"
 #define SYSDB_VERSION_0_12 "0.12"
 #define SYSDB_VERSION_0_11 "0.11"
@@ -37,7 +38,7 @@
 #define SYSDB_VERSION_0_2 "0.2"
 #define SYSDB_VERSION_0_1 "0.1"
 
-#define SYSDB_VERSION SYSDB_VERSION_0_13
+#define SYSDB_VERSION SYSDB_VERSION_0_14
 
 #define SYSDB_BASE_LDIF \
      "dn: @ATTRIBUTES\n" \
@@ -111,6 +112,7 @@ int sysdb_upgrade_09(struct sysdb_ctx *sysdb, const char **ver);
 int sysdb_upgrade_10(struct sysdb_ctx *sysdb, const char **ver);
 int sysdb_upgrade_11(struct sysdb_ctx *sysdb, const char **ver);
 int sysdb_upgrade_12(struct sysdb_ctx *sysdb, const char **ver);
+int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver);
 
 int add_string(struct ldb_message *msg, int flags,
                const char *attr, const char *value);
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
index c4ca64a48..10c4e5775 100644
--- a/src/db/sysdb_upgrade.c
+++ b/src/db/sysdb_upgrade.c
@@ -1273,6 +1273,94 @@ done:
     return ret;
 }
 
+int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver)
+{
+    struct upgrade_ctx *ctx;
+    struct ldb_result *dom_res;
+    struct ldb_result *res;
+    struct ldb_dn *basedn;
+    const char *attrs[] = { "cn", "name", NULL };
+    const char *tmp_str;
+    errno_t ret;
+    int i, j, l, n;
+
+    ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx);
+    if (ret) {
+        return ret;
+    }
+
+    basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE);
+    if (!basedn) {
+        DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n"));
+        ret = EIO;
+        goto done;
+    }
+
+    ret = ldb_search(sysdb->ldb, ctx, &dom_res,
+                     basedn, LDB_SCOPE_ONELEVEL,
+                     attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS);
+    if (ret != LDB_SUCCESS) {
+        DEBUG(SSSDBG_OP_FAILURE, ("Failed to search subdomains\n"));
+        ret = EIO;
+        goto done;
+    }
+
+    for (i = 0; i < dom_res->count; i++) {
+
+        tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL);
+        if (tmp_str == NULL) {
+            DEBUG(SSSDBG_MINOR_FAILURE,
+                  ("The object [%s] doesn't have a name\n",
+                   ldb_dn_get_linearized(res->msgs[i]->dn)));
+            continue;
+        }
+
+        basedn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_DOM_BASE, tmp_str);
+        if (!basedn) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  ("Failed to build base dn for subdomain %s\n", tmp_str));
+            continue;
+        }
+
+        ret = ldb_search(sysdb->ldb, ctx, &res,
+                         basedn, LDB_SCOPE_SUBTREE, attrs, NULL);
+        if (ret != LDB_SUCCESS) {
+            DEBUG(SSSDBG_OP_FAILURE,
+                  ("Failed to search subdomain %s\n", tmp_str));
+            talloc_free(basedn);
+            continue;
+        }
+
+        l = ldb_dn_get_comp_num(basedn);
+        for (j = 0; j < res->count; j++) {
+            n = ldb_dn_get_comp_num(res->msgs[j]->dn);
+            if (n <= l + 1) {
+                /* Do not remove subdomain containers, only their contents */
+                continue;
+            }
+            ret = ldb_delete(sysdb->ldb, res->msgs[j]->dn);
+            if (ret) {
+                DEBUG(SSSDBG_OP_FAILURE,
+                      ("Failed to delete %s\n", res->msgs[j]->dn));
+                continue;
+            }
+        }
+
+        talloc_free(basedn);
+        talloc_free(res);
+    }
+
+    talloc_free(dom_res);
+
+    /* conversion done, update version number */
+    ret = update_version(ctx);
+
+done:
+    ret = finish_upgrade(ret, &ctx, ver);
+    return ret;
+}
+
+
 /*
  * Example template for future upgrades.
  * Copy and change version numbers as appropriate.
author	Simo Sorce <simo@redhat.com>	2012-11-16 20:25:44 +0000
committer	Jakub Hrozek <jhrozek@redhat.com>	2012-11-19 15:31:04 +0100
commit	d993dc0a566dbf79f808d0ec35c8e61806f34e40 (patch)
tree	c29cf46da64f61d9e035bf9b6c9f88fa80e52007
parent	6ee65c5580ef25c72b29fb73ea4d9ace6b7e85c5 (diff)
download	sssd-d993dc0a566dbf79f808d0ec35c8e61806f34e40.tar.gz sssd-d993dc0a566dbf79f808d0ec35c8e61806f34e40.tar.xz sssd-d993dc0a566dbf79f808d0ec35c8e61806f34e40.zip