| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Adds a utility function the LDAP provider can use. This is different
from sss_create_internal_fqname_list in the sense that the LDAP provider
passes in the attribute name that contains the name attribute value.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Adds a new function sysdb_entry_attrs_diff() used in group saving code.
This function is used to check if the result of updating a group would
result in actually changing the sysdb entry -- often, we would try to
dump the same data to the cache during update. If that's the case, the
update code now only updates the timestamp cache, avoiding costly
writes.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2602
If the entry being saved contains the original modifyTimestamp attribute
and the modifyTimestamp attribute is the same as the one we already
saved to the timestamp cache, only the expire timestamps in the
asynchronous timestamp cache will be bumped and the sysdb code will
avoid writes to the main cache completely. If the modifyTimestamp is
either missing or differs, we assume the entry had changed and do a full
write to the main cache.
Also amends the generic sysdb_set_attrs* and similar functions that
their results is also reflected in the timestamps cache.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When a sysdb entry is searched, the sysdb cache is consulted first
for users or groups. If an entry is found in the sysdb cache, the
attributes from the timestamp cache are merged to return the full and
up-to-date set of attributes.
The merging is done with a single BASE search which is a direct lookup
into the underlying key-value database, so it should be relatively fast.
More complex merging is done only for enumeration by filter which is
currently done only via the IFP back end and should be quite
infrequent, so I hope we can justify a more complex merging there.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The sysdb initialization was in the sysdb.c module. With adding
initialization of the timestamp cache, this module would become too big
with too many private functions meant only for initialization.
This patch only moves code around, there are no functional changes to
the initialization.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Actually adds marks for sysdb transactions that receive the transaction
nesting level as an argument. The nesting is passed on from probes to
marks along with a human-friendly description.
The transaction commit is decorated with two probes, before and after.
This would allow the caller to distinguish between the time we spend in
the transaction (which might be important, because if a transaction is
active on an ldb context, even the readers are blocked before the
transaction completes) and the time we spend commiting the transaction
(which is important because that's when the disk writes occur)
The probes would be installed into /usr/share/systemtap/tapset on RHEL
and Fedora. This is in line with systemtap's paths which are described
in detail in "man 7 stappaths".
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Adds an integer that tracks how deeply nested we are in sysdb
transactions. This will become useful later, because generally we are
only interested in level-0 transactions when probing, so we'll want to
pass the transaction nesting to the systemtap probes.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As the add_ulong() convenience can add, replace or remove a unsigned
long according to the operation received as its argument, some confusion
can easily happen due to its misleading name.
In order to improve the explicitness of our code, let's introduce
sysdb_add_ulong(), sysdb_replace_ulong() and sysdb_delete_ulong().
These new functions are basically wrappers of add_ulong() (now
sysdb_ldb_msg_ulong_helper()), calling it using the proper flag
according to each function.
Any code previously using add_ulong() is now adapted to use these brand
new functions.
Related: https://fedorahosted.org/sssd/ticket/1656
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Considering that sysdb.c is about utilities around our cache and that
sysdb_ops.c is about operations on objects, seems that add_ulong()
could fit better in sysdb.c.
This move is a suggestion from Jakub Hrozek.
Related: https://fedorahosted.org/sssd/ticket/1656
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
As the add_string() convenience can add, replace or delete a string
according to the operation received as its argument, some confusion can
easily happen due to its misleading name.
In order to improve the explicitness of our code, let's introduce
sysdb_add_string(), sysdb_replace_string() and sysdb_delete_string().
These new functions are basically wrappers of add_string() (now
sysdb_ldb_msg_string_helper()), calling it using the proper flag
according to each function.
Any code previously using add_string() is now adapted to use these brand
new functions.
Resolves: https://fedorahosted.org/sssd/ticket/1656
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Considering that sysdb.c is about utilities around our cache and that
sysdb_ops.c is about operations on objects, seems that add_string()
could fit better in sysdb.c.
This move is a suggestion from Jakub Hrozek.
Related: https://fedorahosted.org/sssd/ticket/1656
Signed-off-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the user name of a AD user is overridden with the name itself in an
IPA override object SSSD adds this name twice to the alias list causing
an ldb error when trying to write the user object to the cache. As a
result the user is not available.
This patch makes sure that there are no duplicated alias names.
Resolves https://fedorahosted.org/sssd/ticket/2874
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2346
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2346
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sysdb_get_bool() return ENOENT if no result is found.
Unit test for sysdb_get_bool() & sysdb_set_bool() was added.
This patch also fixes ldap_setup_enumeration() to handle ENOENT returned by
sysdb_has_enumerated().
Resolves:
https://fedorahosted.org/sssd/ticket/1991
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
Sysdb must be accessible for the nonroot sssd
processes.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
sysdb_attrs_add_val_safe() works like sysdb_attrs_add_val() but checks
if the attribute value to add already exists. In this case the value
list is not changed. This is useful if values are added from different
sources at different times to avoid LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS
errors from ldb_modify() later on.
sysdb_attrs_add_string_safe() does the same for string arguments
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
The sysdb.c should be reserved for utility and setup functions. Search
functions belong to sysdb_search.c Keeping functions in specialized
modules helps to maintain nice dependencies and in overall makes unit
testing easier.
Moreover, the function was not unit tested, which needed fixing.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| | |
|
| |
|
|
|
|
|
| |
There is a test for NULL after calling talloc_strndup
and variable version was used a few times in strcmp before debug message.
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2056
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
We use '_' as prefix for output parameters. In function
sysdb_get_rdn we wrongly used this prefix for input
parameter, which caused some confusion when reading
the code.
|
| | |
|
| | |
|
| |
|
|
|
|
| |
This parameter was never used.
https://fedorahosted.org/sssd/ticket/1765
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1818
I have here a LDAP user entry which has this attribute
loginAllowedTimeMap::
AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA
In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)
Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.
The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.
|
| |
|
|
| |
Finally remove this upside-down dependency.
|
| |
|
|
|
| |
A sysdb contains now multiple domains, but the mpg property is a
property of a specific domain not of the underlying database.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
