SYSDB: Remove unused parameter from sysdb_cache_connect_helper Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sysdb: remove IDXONE and objectClass from users and groups This patch does the needed sysdb update for the previous to patches. It removes the one-level search index IDXONE and replaces objectClass with objectCategory in the user and group objects. Related to https://pagure.io/SSSD/sssd/issue/3503 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sysdb: do not use objectClass for users and groups The majority of the object in the SSSD cache are users and groups. If there are many user and groups in the cache the index objects of the objectclass attributes 'user' and 'group' become large because the must hold references to all objects of those object classes. As a result the management of these index objects becomes costly because they must be parsed and split apart quite often. Additionally they are mostly useless because user and groups are lookup up by more specific attributes in general. Only when enumerating all user or groups this kind of index might be useful. There are two way of removing this kind of index from the user and group objects. Either by removing objectClass from the list of indexes and add a new attribute to all other type of object we want and index for. Or by replacing objectClass with a different attribute for the user and group objects. After some testing I think the latter one is the more reliable one and implemented it in this patch. Related to https://pagure.io/SSSD/sssd/issue/3503 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

sysdb: add missing indices Resolves https://pagure.io/SSSD/sssd/issue/3472 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Suppress warning from clang static analyser scan-build wrongly assumes that output variable "version" is not initialized if function sysdb_cache_connect returns ERR_SYSDB_VERSION_TOO_OLD or ERR_SYSDB_VERSION_TOO_NEW The reality is that output variable "version" is initialized especially for these two case. Initialisation to NULL suppresses these false positive reports. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SYSDB: Fix uninitialized scalar variable The boolean variable newly_created could be used uninitialized in done section in case of failure. The variable was firstly initialized to true after succesfull execution of function sysdb_cache_create_empty. Uninitialized variable usually means true for boolean variable. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>

SYSDB: Remove the timestamp cache for a newly created cache As many users are used to remove the persistent cache without removing the timestamp cache, let's throw away the timestamp cache in this case. Resolves: https://fedorahosted.org/sssd/ticket/3128 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Rework sysdb_cache_connect() As sysdb_cache_connect() has two very specific use cases (connect to the cache and connect to the timestamp cache) and each of those calls have a predetermined/fixed sets of values for a few parameters, let's try to make the code a bit simpler to follow by having explicit functions for connecting to the cache and connecting to the timestamp cache. Macros could be used as well, but I have a slightly preference for having two new functions instead of macros accessing internal parameters of the macro's parameter. Related: https://fedorahosted.org/sssd/ticket/3128 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Upgrade sysdb to use qualified names for users and groups, sudo rules and override objects Runs a sysdb upgrade that changes objects that represent users, groups, sudo rules and overrides to the new schema, which uses the fully qualified names. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Remove the timestamps cache on update When the cache is upgraded, we want to avoid upgrading the timestamps cache, because it was only introduced recently in Beta, so it doesn't make senes to write complex code to change the format. This patch rather removes the cache during upgrade, it will be recreated with later lookups anyway. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Fix small issues during db upgrade This patch fixes several issues introduced during the recent sysdb upgrade: 1) The upgrade code often accesses sysdb->ldb, but at this point, the ldb pointer might not be initialized yet. As a kind of an ugly, yet functional workaround, we pass in the ldb pointer that we received from the caller as part of the sysdb structure. 2) the version that sysdb_domain_cache_upgrade() returns is not a talloc pointer, so the upgrade was crashing when we tried to steal it. 3) the ldb pointer sysdb_cache_connect() returns was kept allocated on the tmp_ctx. We need to steal it instead. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Allow passing a context to sysdb upgrade functions We decide on whether to upgrade or not based on a pointer value, not a boolean. This pointer points to a structure that the upgrade invoker (typically the monitor) can use to fill auxilary data the sysdb upgrade has no means of instantiating. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Remove useless parameter from sysdb_init() The function sysdb_init() is never used to allow upgrade, so the allow_upgrade parameter was pointless. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Open a timestamps cache for caching domains For all domain types, except the local domain, open a connection to a new ldb file located at /var/lib/sss/db names timestamps_$domain.ldb. Constructs the ldb file path manually in sysdb_check_upgrade_02() but that should be acceptable because nobody should be running such an old cache these days anyway. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Add a second, timestamp-only ldb cache Uses the generic functions in sysdb_init.c to open a new ldb database. The path to the database and the ldb context are stored in the sysdb_ctx. The database will be used to store ephemeral attributes such as timestamps. Because these attributes are not required for SSSD operation and the intent is for writes to this cache to be very fast, the database is opened with LDB_FLG_NOSYNC flag. At the same time, none of the attributes of the cache is required for sssd operation, so if we fail to open the database, we just start over. Adds a separate base LDIF with attributes that are supposed to be indexed in the timestamp database as well as a separate timestamp cache version. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Refactor database connection Changes the functions in sysdb_init.c so that the functions are usable to initialize a second cache to store timestamps. In particular, functions that operated on sysdb->ldb now operate on a generic ldb context so that a new ldb_ts context can be used later. Existing functions that initialize the sysdb cache call the generic functions with sysdb->ldb as a parameter. Splits out a function to initialize an empty ldb database with a generic LDIF. Splits out the sysdb upgrade function because the upgrade will only be used by the sysdb cache, the timestamp cache will start with a different version and might receive separate upgrade functions in the future. The ldb connection function accepts ldb flags parameter, currently unused. Reviewed-by: Sumit Bose <sbose@redhat.com>

UTIL: Add error codes for sysdb too old or too new We used really strange errno codes for detecting whether the database is too old or too new. We should use our sssd-specific error coded instead. Reviewed-by: Sumit Bose <sbose@redhat.com>

SYSDB: Move sysdb initialization into a new module sysdb_init.c The sysdb initialization was in the sysdb.c module. With adding initialization of the timestamp cache, this module would become too big with too many private functions meant only for initialization. This patch only moves code around, there are no functional changes to the initialization. Reviewed-by: Sumit Bose <sbose@redhat.com>