sssd.git/src/db/sysdb_private.h, branch openssl Unnamed repository; edit this file 'description' to name the repository. SYSDB: Upgrade sysdb to use qualified names for users and groups, sudo rules and override objects 2016-07-07T08:30:12+00:00 Jakub Hrozek jhrozek@redhat.com 2016-07-05T10:44:09+00:00 8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4 Runs a sysdb upgrade that changes objects that represent users, groups, sudo rules and overrides to the new schema, which uses the fully qualified names. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Runs a sysdb upgrade that changes objects that represent users, groups,
sudo rules and overrides to the new schema, which uses the fully
qualified names.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Allow passing a context to sysdb upgrade functions 2016-07-07T08:29:52+00:00 Jakub Hrozek jhrozek@redhat.com 2016-06-29T14:30:39+00:00 6d66c2c465861ff2558f2574eddf8315628ccc6d We decide on whether to upgrade or not based on a pointer value, not a boolean. This pointer points to a structure that the upgrade invoker (typically the monitor) can use to fill auxilary data the sysdb upgrade has no means of instantiating. Reviewed-by: Sumit Bose <sbose@redhat.com> 
We decide on whether to upgrade or not based on a pointer value, not a
boolean. This pointer points to a structure that the upgrade invoker
(typically the monitor) can use to fill auxilary data the sysdb upgrade
has no means of instantiating.

Reviewed-by: Sumit Bose <sbose@redhat.com>
sysdb: Use ldb_result as output in sysdb_search_ts_{users,groups} 2016-07-06T15:27:30+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-07-01T20:27:24+00:00 5d0d0f8067fb53285a38fe978cfa36dbeb53be9b Passing address of unsigned to the output argument size_t causes access out of boundaries for type unsigned and and wrong data on big endian. It looks like functions sysdb_search_ts_{users,groups} need to store results in structure ldb_result anyway for further processing. Therefore it will be better to convert output arguments size_t* + ldb_message*** into structure ldb_result and avoid using additional helper variable with type size_t before each invocation of these functions. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Passing address of unsigned to the output argument size_t causes
access out of boundaries for type unsigned and and wrong data
on big endian. It looks like functions sysdb_search_ts_{users,groups}
need to store results in structure ldb_result anyway for further processing.
Therefore it will be better to convert output arguments
size_t* + ldb_message*** into structure ldb_result and avoid using
additional helper variable with type size_t before each invocation
of these functions.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Check if group attributes differ before saving a group 2016-06-23T11:47:16+00:00 Jakub Hrozek jhrozek@redhat.com 2016-04-29T15:51:49+00:00 40de79d69860ec7f04bf7795bd88b641ec42fd23 Adds a new function sysdb_entry_attrs_diff() used in group saving code. This function is used to check if the result of updating a group would result in actually changing the sysdb entry -- often, we would try to dump the same data to the cache during update. If that's the case, the update code now only updates the timestamp cache, avoiding costly writes. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Adds a new function sysdb_entry_attrs_diff() used in group saving code.
This function is used to check if the result of updating a group would
result in actually changing the sysdb entry -- often, we would try to
dump the same data to the cache during update. If that's the case, the
update code now only updates the timestamp cache, avoiding costly
writes.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: If modifyTimestamp is the same, only update the TS cache 2016-06-23T11:47:07+00:00 Jakub Hrozek jhrozek@redhat.com 2016-05-23T16:18:00+00:00 a257259b05d62ebe548b6c798a3aa03a97dbc0c2 Resolves: https://fedorahosted.org/sssd/ticket/2602 If the entry being saved contains the original modifyTimestamp attribute and the modifyTimestamp attribute is the same as the one we already saved to the timestamp cache, only the expire timestamps in the asynchronous timestamp cache will be bumped and the sysdb code will avoid writes to the main cache completely. If the modifyTimestamp is either missing or differs, we assume the entry had changed and do a full write to the main cache. Also amends the generic sysdb_set_attrs* and similar functions that their results is also reflected in the timestamps cache. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Resolves:
    https://fedorahosted.org/sssd/ticket/2602

If the entry being saved contains the original modifyTimestamp attribute
and the modifyTimestamp attribute is the same as the one we already
saved to the timestamp cache, only the expire timestamps in the
asynchronous timestamp cache will be bumped and the sysdb code will
avoid writes to the main cache completely. If the modifyTimestamp is
either missing or differs, we assume the entry had changed and do a full
write to the main cache.

Also amends the generic sysdb_set_attrs* and similar functions that
their results is also reflected in the timestamps cache.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Search the timestamp caches in addition to the sysdb cache 2016-06-23T11:40:11+00:00 Jakub Hrozek jhrozek@redhat.com 2016-05-18T12:30:28+00:00 dd285415d7a8d8376207960cfa3e977524c3b98c When a sysdb entry is searched, the sysdb cache is consulted first for users or groups. If an entry is found in the sysdb cache, the attributes from the timestamp cache are merged to return the full and up-to-date set of attributes. The merging is done with a single BASE search which is a direct lookup into the underlying key-value database, so it should be relatively fast. More complex merging is done only for enumeration by filter which is currently done only via the IFP back end and should be quite infrequent, so I hope we can justify a more complex merging there. Reviewed-by: Sumit Bose <sbose@redhat.com> 
When a sysdb entry is searched, the sysdb cache is consulted first
for users or groups. If an entry is found in the sysdb cache, the
attributes from the timestamp cache are merged to return the full and
up-to-date set of attributes.

The merging is done with a single BASE search which is a direct lookup
into the underlying key-value database, so it should be relatively fast.
More complex merging is done only for enumeration by filter which is
currently done only via the IFP back end and should be quite
infrequent, so I hope we can justify a more complex merging there.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Open a timestamps cache for caching domains 2016-06-23T11:40:11+00:00 Jakub Hrozek jhrozek@redhat.com 2016-04-21T11:48:04+00:00 f983b400bf4f6fb14a2174d6f58071e06e9ec832 For all domain types, except the local domain, open a connection to a new ldb file located at /var/lib/sss/db names timestamps_$domain.ldb. Constructs the ldb file path manually in sysdb_check_upgrade_02() but that should be acceptable because nobody should be running such an old cache these days anyway. Reviewed-by: Sumit Bose <sbose@redhat.com> 
For all domain types, except the local domain, open a connection to a
new ldb file located at /var/lib/sss/db names timestamps_$domain.ldb.

Constructs the ldb file path manually in sysdb_check_upgrade_02() but
that should be acceptable because nobody should be running such an old
cache these days anyway.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Add a second, timestamp-only ldb cache 2016-06-23T11:40:11+00:00 Jakub Hrozek jhrozek@redhat.com 2016-04-21T09:01:59+00:00 f21b3cce14055e77af8ccb98dd8e0fa1ec1f7944 Uses the generic functions in sysdb_init.c to open a new ldb database. The path to the database and the ldb context are stored in the sysdb_ctx. The database will be used to store ephemeral attributes such as timestamps. Because these attributes are not required for SSSD operation and the intent is for writes to this cache to be very fast, the database is opened with LDB_FLG_NOSYNC flag. At the same time, none of the attributes of the cache is required for sssd operation, so if we fail to open the database, we just start over. Adds a separate base LDIF with attributes that are supposed to be indexed in the timestamp database as well as a separate timestamp cache version. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Uses the generic functions in sysdb_init.c to open a new ldb database.
The path to the database and the ldb context are stored in the
sysdb_ctx. The database will be used to store ephemeral attributes such
as timestamps. Because these attributes are not required for SSSD
operation and the intent is for writes to this cache to be very fast,
the database is opened with LDB_FLG_NOSYNC flag. At the same time, none
of the attributes of the cache is required for sssd operation, so if we
fail to open the database, we just start over.

Adds a separate base LDIF with attributes that are supposed to be
indexed in the timestamp database as well as a separate timestamp cache
version.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Refactor database connection 2016-06-23T11:40:11+00:00 Jakub Hrozek jhrozek@redhat.com 2016-04-20T15:06:03+00:00 72dbcd0a3361f1c0f0c3e348aa2fbcabd926188b Changes the functions in sysdb_init.c so that the functions are usable to initialize a second cache to store timestamps. In particular, functions that operated on sysdb->ldb now operate on a generic ldb context so that a new ldb_ts context can be used later. Existing functions that initialize the sysdb cache call the generic functions with sysdb->ldb as a parameter. Splits out a function to initialize an empty ldb database with a generic LDIF. Splits out the sysdb upgrade function because the upgrade will only be used by the sysdb cache, the timestamp cache will start with a different version and might receive separate upgrade functions in the future. The ldb connection function accepts ldb flags parameter, currently unused. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Changes the functions in sysdb_init.c so that the functions are usable
to initialize a second cache to store timestamps. In particular,
functions that operated on sysdb->ldb now operate on a generic ldb
context so that a new ldb_ts context can be used later. Existing
functions that initialize the sysdb cache call the generic functions
with sysdb->ldb as a parameter.

Splits out a function to initialize an empty ldb database with a generic
LDIF.

Splits out the sysdb upgrade function because the upgrade will only be
used by the sysdb cache, the timestamp cache will start with a different
version and might receive separate upgrade functions in the future.

The ldb connection function accepts ldb flags parameter, currently
unused.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Track transaction nesting in sysdb_ctx 2016-06-10T16:15:27+00:00 Jakub Hrozek jhrozek@redhat.com 2016-02-29T12:22:18+00:00 bd93ef2db6d24946ebf98a23fa18d34d45f6b072 Adds an integer that tracks how deeply nested we are in sysdb transactions. This will become useful later, because generally we are only interested in level-0 transactions when probing, so we'll want to pass the transaction nesting to the systemtap probes. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Adds an integer that tracks how deeply nested we are in sysdb
transactions. This will become useful later, because generally we are
only interested in level-0 transactions when probing, so we'll want to
pass the transaction nesting to the systemtap probes.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>