| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Functions sysdb_user_base_dn() and sysdb_group_base_dn() expect
that struct sss_domain_info contains pointer to struct sysdb_ctx.
This is not true in case of sysdb_upgrade functions.
This patch fixes the situation and revert code to the state before
12a000c8c7c07259e438fb1e992134bdd07d9a30 commit.
Resolves:
https://fedorahosted.org/sssd/ticket/3023
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
and override objects
Runs a sysdb upgrade that changes objects that represent users, groups,
sudo rules and overrides to the new schema, which uses the fully
qualified names.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
For all domain types, except the local domain, open a connection to a
new ldb file located at /var/lib/sss/db names timestamps_$domain.ldb.
Constructs the ldb file path manually in sysdb_check_upgrade_02() but
that should be acceptable because nobody should be running such an old
cache these days anyway.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Changes the functions in sysdb_init.c so that the functions are usable
to initialize a second cache to store timestamps. In particular,
functions that operated on sysdb->ldb now operate on a generic ldb
context so that a new ldb_ts context can be used later. Existing
functions that initialize the sysdb cache call the generic functions
with sysdb->ldb as a parameter.
Splits out a function to initialize an empty ldb database with a generic
LDIF.
Splits out the sysdb upgrade function because the upgrade will only be
used by the sysdb cache, the timestamp cache will start with a different
version and might receive separate upgrade functions in the future.
The ldb connection function accepts ldb flags parameter, currently
unused.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Update debug level passed to backup_file in sysdb_check_upgrade_02 to
prepare for removal of old debug level support.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
We've been hitting situations where the sysdb conversion failed.
Unfortunately, the current code doesn't include enough debugging info to
pinpoint the failing entries. This patch adds more DEBUG statements for
each processed entry.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1673
|
| |
|
|
|
|
|
| |
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
|
| |
|
|
|
|
| |
Add functions to automate setting versions numbers in the db, also
decrease chances of error in copying and pasting code, by setting
the version number only once when we commence the upgrade.
|
| |
|
|
|
|
|
|
|
| |
We attempted to delete the member attributes of groups that contained a
particular user during the sysdb upgrade, but obviously, this cannot
work for nested groups as the member attribute is present for direct
parents only. As a result, we were getting failures during the upgrade.
https://fedorahosted.org/sssd/ticket/1631
|
| | |
|
| | |
|
| |
|
|
|
| |
The block that upgraded the version was at a wrong indentation level, so
it never ran if there were no fake users to convert
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It is remotely possible to have sysdb in an inconsistent state that
might need upgrade. Consider scenario when user asks for group
information. Some fake users are added as a part of this operation.
Before users can be fully resolved and stored properly, SSSD is shut
down and upgrade is performed.
In this case we need to go over all fake user records (uidNumber=0) and
replace each of them with ghost record in all group objects that are stated in
its memberof attribute.
|
| |
|
|
|
|
| |
There was a bug in finish_upgrade() where it would return EOK if
it succeeded in canceling the transaction due to an error. We
should instead be returning the original error.
|
| |
|
|
|
| |
Most of the the searches in the Sudo responder include the sudoUser
attribute. Indexing it will make the responder faster.
|
| | |
|
| | |
|
| | |
|
| |
|
