SYSDB: Open a timestamps cache for caching domains

For all domain types, except the local domain, open a connection to a
new ldb file located at /var/lib/sss/db names timestamps_$domain.ldb.

Constructs the ldb file path manually in sysdb_check_upgrade_02() but
that should be acceptable because nobody should be running such an old
cache these days anyway.

Reviewed-by: Sumit Bose <sbose@redhat.com>

4 files changed, 82 insertions, 17 deletions

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 42f845033..e343de20c 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -28,6 +28,7 @@
 #include <tevent.h>
 
 #define CACHE_SYSDB_FILE "cache_%s.ldb"
+#define CACHE_TIMESTAMPS_FILE "timestamps_%s.ldb"
 #define LOCAL_SYSDB_FILE "sssd.ldb"
 
 #define SYSDB_BASE "cn=sysdb"
@@ -309,6 +310,8 @@ struct range_info {
     char *range_type;
 };
 
+/* These attributes are stored in the timestamp cache */
+extern const char *sysdb_ts_cache_attrs[];
 
 /* values are copied in the structure, allocated on "attrs" */
 int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
index b2b845317..c6e9c4ac1 100644
--- a/src/db/sysdb_init.c
+++ b/src/db/sysdb_init.c
@@ -30,6 +30,21 @@
 
 #define LDB_MODULES_PATH "LDB_MODULES_PATH"
 
+/* If an entry differs only in these attributes, they are written to
+ * the timestamp cache only. In addition, objectclass is added so that
+ * we can distinguish between users and groups.
+ */
+const char *sysdb_ts_cache_attrs[] = {
+    SYSDB_OBJECTCLASS,
+    SYSDB_LAST_UPDATE,
+    SYSDB_CACHE_EXPIRE,
+    SYSDB_ORIG_MODSTAMP,
+    SYSDB_INITGR_EXPIRE,
+    SYSDB_USN,
+
+    NULL,
+};
+
 errno_t sysdb_ldb_connect(TALLOC_CTX *mem_ctx,
                           const char *filename,
                           int flags,
@@ -85,11 +100,43 @@ static errno_t sysdb_ldb_reconnect(TALLOC_CTX *mem_ctx,
     return ret;
 }
 
+static errno_t sysdb_chown_db_files(struct sysdb_ctx *sysdb,
+                                    uid_t uid, gid_t gid)
+{
+    errno_t ret;
+
+    ret = chown(sysdb->ldb_file, uid, gid);
+    if (ret != 0) {
+        ret = errno;
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Cannot set sysdb ownership of %s to %"SPRIuid":%"SPRIgid"\n",
+              sysdb->ldb_file, uid, gid);
+        return ret;
+    }
+
+    if (sysdb->ldb_ts_file != NULL) {
+        ret = chown(sysdb->ldb_ts_file, uid, gid);
+        if (ret != 0) {
+            ret = errno;
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "Cannot set sysdb ownership of %s to %"SPRIuid":%"SPRIgid"\n",
+                  sysdb->ldb_ts_file, uid, gid);
+            return ret;
+        }
+    }
+
+    return EOK;
+}
+
 int sysdb_get_db_file(TALLOC_CTX *mem_ctx,
-                      const char *provider, const char *name,
-                      const char *base_path, char **_ldb_file)
+                      const char *provider,
+                      const char *name,
+                      const char *base_path,
+                      char **_ldb_file,
+                      char **_ts_file)
 {
     char *ldb_file;
+    char *ts_file = NULL;
 
     /* special case for the local domain */
     if (strcasecmp(provider, "local") == 0) {
@@ -98,12 +145,19 @@ int sysdb_get_db_file(TALLOC_CTX *mem_ctx,
     } else {
         ldb_file = talloc_asprintf(mem_ctx, "%s/"CACHE_SYSDB_FILE,
                                    base_path, name);
+        ts_file = talloc_asprintf(mem_ctx, "%s/"CACHE_TIMESTAMPS_FILE,
+                                  base_path, name);
+        if (ts_file == NULL) {
+            talloc_free(ldb_file);
+            return ENOMEM;
+        }
     }
     if (!ldb_file) {
         return ENOMEM;
     }
 
     *_ldb_file = ldb_file;
+    *_ts_file = ts_file;
     return EOK;
 }
 
@@ -749,14 +803,17 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
         goto done;
     }
 
-    ret = sysdb_get_db_file(sysdb, domain->provider,
-                            domain->name, db_path,
-                            &sysdb->ldb_file);
+    ret = sysdb_get_db_file(sysdb, domain->provider, domain->name, db_path,
+                            &sysdb->ldb_file, &sysdb->ldb_ts_file);
     if (ret != EOK) {
         goto done;
     }
     DEBUG(SSSDBG_FUNC_DATA,
           "DB File for %s: %s\n", domain->name, sysdb->ldb_file);
+    if (sysdb->ldb_ts_file) {
+        DEBUG(SSSDBG_FUNC_DATA,
+             "Timestamp file for %s: %s\n", domain->name, sysdb->ldb_ts_file);
+    }
 
     ret = sysdb_domain_cache_connect(sysdb, domain, allow_upgrade);
     if (ret != EOK) {
@@ -814,17 +871,19 @@ int sysdb_init_ext(TALLOC_CTX *mem_ctx,
         ret = sysdb_domain_init_internal(mem_ctx, dom, DB_PATH,
                                          allow_upgrade, &sysdb);
         if (ret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE,
+                  "Cannot connect to database for %s: [%d]: %s\n",
+                  dom->name, ret, sss_strerror(ret));
             return ret;
         }
 
         if (chown_dbfile) {
-            ret = chown(sysdb->ldb_file, uid, gid);
-            if (ret != 0) {
-                ret = errno;
+            ret = sysdb_chown_db_files(sysdb, uid, gid);
+            if (ret != EOK) {
                 DEBUG(SSSDBG_CRIT_FAILURE,
-                      "Cannot set sysdb ownership to %"SPRIuid":%"SPRIgid"\n",
-                      uid, gid);
-                return ret;
+                      "Cannot chown databases for %s: [%d]: %s\n",
+                      dom->name, ret, sss_strerror(ret));
+            return ret;
             }
         }
 
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
index 5f7a1ed6f..828863df7 100644
--- a/src/db/sysdb_private.h
+++ b/src/db/sysdb_private.h
@@ -118,8 +118,11 @@ struct sysdb_ctx {
 
 /* Internal utility functions */
 int sysdb_get_db_file(TALLOC_CTX *mem_ctx,
-                      const char *provider, const char *name,
-                      const char *base_path, char **_ldb_file);
+                      const char *provider,
+                      const char *name,
+                      const char *base_path,
+                      char **_ldb_file,
+                      char **_ts_file);
 errno_t sysdb_ldb_connect(TALLOC_CTX *mem_ctx,
                           const char *filename,
                           int flags,
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
index 873c8eede..1858111cd 100644
--- a/src/db/sysdb_upgrade.c
+++ b/src/db/sysdb_upgrade.c
@@ -282,10 +282,10 @@ int sysdb_check_upgrade_02(struct sss_domain_info *domains,
         return ENOMEM;
     }
 
-    ret = sysdb_get_db_file(tmp_ctx,
-                            "local", "UPGRADE",
-                            db_path, &ldb_file);
-    if (ret != EOK) {
+    ldb_file = talloc_asprintf(tmp_ctx, "%s/"LOCAL_SYSDB_FILE,
+                               db_path);
+    if (ldb_file == NULL) {
+        ret = ENOMEM;
         goto exit;
     }