5b78fff78bb44d1af5420db23b02210f755f5f17 |
|
15-Jan-2018 |
Sumit Bose <sbose@redhat.com> |
sysdb: add userMappedCertificate to the index
Related to https://pagure.io/SSSD/sssd/issue/3503
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
2927da49dd8a16fff6312d89ad43cc355655800c |
|
27-Nov-2017 |
Sumit Bose <sbose@redhat.com> |
sysdb: remove IDXONE and objectClass from users and groups
This patch does the needed sysdb update for the previous to patches. It
removes the one-level search index IDXONE and replaces objectClass with
objectCategory in the user and group objects.
Related to https://pagure.io/SSSD/sssd/issue/3503
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
0e238c259c066cf997aaa940d33d6bda96c15925 |
|
27-Nov-2017 |
Sumit Bose <sbose@redhat.com> |
sysdb: do not use objectClass for users and groups
The majority of the object in the SSSD cache are users and groups. If
there are many user and groups in the cache the index objects of the
objectclass attributes 'user' and 'group' become large because the
must hold references to all objects of those object classes.
As a result the management of these index objects becomes costly because
they must be parsed and split apart quite often. Additionally they are
mostly useless because user and groups are lookup up by more specific
attributes in general.
Only when enumerating all user or groups this kind of index might be
useful.
There are two way of removing this kind of index from the user and group
objects. Either by removing objectClass from the list of indexes and add
a new attribute to all other type of object we want and index for. Or by
replacing objectClass with a different attribute for the user and group
objects. After some testing I think the latter one is the more reliable
one and implemented it in this patch.
Related to https://pagure.io/SSSD/sssd/issue/3503
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71 |
|
14-Sep-2017 |
Sumit Bose <sbose@redhat.com> |
sysdb: add missing indices
Resolves https://pagure.io/SSSD/sssd/issue/3472
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
311836214245600566f881ff6253594e0999008e |
|
11-Jul-2016 |
Petr Cech <pcech@redhat.com> |
SYSDB: Fixing DB update
Functions sysdb_user_base_dn() and sysdb_group_base_dn() expect
that struct sss_domain_info contains pointer to struct sysdb_ctx.
This is not true in case of sysdb_upgrade functions.
This patch fixes the situation and revert code to the state before
12a000c8c7c07259e438fb1e992134bdd07d9a30 commit.
Resolves:
https://fedorahosted.org/sssd/ticket/3023
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com> |
1ea5a9c1930f531b21f8bc67c9c071d8ce533786 |
|
07-Jul-2016 |
Sumit Bose <sbose@redhat.com> |
SYSDB: qualify_attr: create new attribute only once
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4 |
|
07-Jul-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: Upgrade sysdb to use qualified names for users and groups, sudo rules and override objects
Runs a sysdb upgrade that changes objects that represent users, groups,
sudo rules and overrides to the new schema, which uses the fully
qualified names.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
f983b400bf4f6fb14a2174d6f58071e06e9ec832 |
|
23-Jun-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: Open a timestamps cache for caching domains
For all domain types, except the local domain, open a connection to a
new ldb file located at /var/lib/sss/db names timestamps_$domain.ldb.
Constructs the ldb file path manually in sysdb_check_upgrade_02() but
that should be acceptable because nobody should be running such an old
cache these days anyway.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
72dbcd0a3361f1c0f0c3e348aa2fbcabd926188b |
|
23-Jun-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: Refactor database connection
Changes the functions in sysdb_init.c so that the functions are usable
to initialize a second cache to store timestamps. In particular,
functions that operated on sysdb->ldb now operate on a generic ldb
context so that a new ldb_ts context can be used later. Existing
functions that initialize the sysdb cache call the generic functions
with sysdb->ldb as a parameter.
Splits out a function to initialize an empty ldb database with a generic
LDIF.
Splits out the sysdb upgrade function because the upgrade will only be
used by the sysdb cache, the timestamp cache will start with a different
version and might receive separate upgrade functions in the future.
The ldb connection function accepts ldb flags parameter, currently
unused.
Reviewed-by: Sumit Bose <sbose@redhat.com> |
e61b0e41cb44004d2b260ad9d05802995f7bcb2e |
|
19-Aug-2015 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: Index the objectSIDString attribute
Reviewed-by: Michal Židek <mzidek@redhat.com> |
12a000c8c7c07259e438fb1e992134bdd07d9a30 |
|
09-Mar-2015 |
Pavel Březina <pbrezina@redhat.com> |
sysdb: use sysdb_user/group_dn
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
9ad2756fcf4df945f4cd09238e3f9fe707b0b70c |
|
20-Jun-2014 |
Sumit Bose <sbose@redhat.com> |
sysdb: make canonicalUserPrincipalName case-insensitive
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
dfdc99afd56b605632adc265bfb1f55cd52b3dbe |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Update debug level in sysdb_check_upgrade_02
Update debug level passed to backup_file in sysdb_check_upgrade_02 to
prepare for removal of old debug level support.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
83bf46f4066e3d5e838a32357c201de9bd6ecdfd |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Update DEBUG* invocations to use new levels
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
a3c8390d19593b1e5277d95bfb4ab206d4785150 |
|
12-Feb-2014 |
Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com> |
Make DEBUG macro invocations variadic
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com> |
e7d1cd14ce1a427007b1a7e9789dcb7e9619f84f |
|
15-Nov-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: Drop the sysdb_ctx parameter from the autofs API |
6b093561a0a7e2f1e434cb4caa4e772cbe49468e |
|
19-Jul-2013 |
Lukas Slebodnik <lslebodn@redhat.com> |
Use functionm ldb_dn_get_linearized to format struct ldb_dn |
541ee4f36c58dac103dfb766231cf8f26db93676 |
|
23-Jan-2013 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: Expire group if adding ghost users fails with EEXIST |
46675b5033169e1e954cd570413ce85b2c5e11fc |
|
15-Jan-2013 |
Simo Sorce <simo@redhat.com> |
Pass the domain to upgrade functions |
2913240aee51ce81195148a4d814e967f66839c4 |
|
15-Jan-2013 |
Simo Sorce <simo@redhat.com> |
Add domain argument to sysdb autofs functions |
73120327cc136229d56d08f7f8c5e8df4129c1e3 |
|
15-Jan-2013 |
Simo Sorce <simo@redhat.com> |
Upgrade DB and move ranges into top level object |
3cf417b8502f5af34e6680f12a3365bcdd9fa40d |
|
12-Dec-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: More debugging during the conversion to ghost users
We've been hitting situations where the sysdb conversion failed.
Unfortunately, the current code doesn't include enough debugging info to
pinpoint the failing entries. This patch adds more DEBUG statements for
each processed entry. |
82505163d22f0ce9cc63f22b2cac5d3ca3af0937 |
|
28-Nov-2012 |
Michal Zidek <mzidek@redhat.com> |
Uninitialized pointer read
https://fedorahosted.org/sssd/ticket/1673 |
d096233fe7610186ee12f41f97ca9602a3768405 |
|
19-Nov-2012 |
Simo Sorce <simo@redhat.com> |
Handle conversion to fully qualified usernames
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation. |
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3 |
|
19-Nov-2012 |
Simo Sorce <simo@redhat.com> |
Simplify writing db update functions
Add functions to automate setting versions numbers in the db, also
decrease chances of error in copying and pasting code, by setting
the version number only once when we commence the upgrade. |
5fe7390f295321f6a13afddf2023aae45a32aad2 |
|
13-Nov-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: Do not touch the member attribute during conversion to ghost users
We attempted to delete the member attributes of groups that contained a
particular user during the sysdb upgrade, but obviously, this cannot
work for nested groups as the member attribute is present for direct
parents only. As a result, we were getting failures during the upgrade.
https://fedorahosted.org/sssd/ticket/1631 |
3882325ff60f89d0c312e9519bdfd1351978fd73 |
|
05-Oct-2012 |
Jan Cholasta <jcholast@redhat.com> |
SSH: Expire hosts in known_hosts |
77f445dbaecc8e792e1ad42e3742800ad141bee0 |
|
24-Sep-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
AUTOFS: convert the existing autofs entries during a sysdb upgrade |
7733e4179f56fb0ca41788b5d8de2ee1130b1bad |
|
05-Jun-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
Fix the 0.11 sysdb upgrade
The block that upgraded the version was at a wrong indentation level, so
it never ran if there were no fake users to convert |
c193cdcb43bffc1eac1bde6dfb0311e033e0c12f |
|
31-May-2012 |
Jan Zeleny <jzeleny@redhat.com> |
Ghost members - sysdb upgrade routine
It is remotely possible to have sysdb in an inconsistent state that
might need upgrade. Consider scenario when user asks for group
information. Some fake users are added as a part of this operation.
Before users can be fully resolved and stored properly, SSSD is shut
down and upgrade is performed.
In this case we need to go over all fake user records (uidNumber=0) and
replace each of them with ghost record in all group objects that are stated in
its memberof attribute. |
cff916f5352fe7c3a679571130090efdb935618a |
|
03-May-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
SYSDB: Handle upgrade script failures better
There was a bug in finish_upgrade() where it would return EOK if
it succeeded in canceling the transaction due to an error. We
should instead be returning the original error. |
25a9a1768d2e3587cc68b76a0a5df1e42a2c89ab |
|
01-Feb-2012 |
Jakub Hrozek <jhrozek@redhat.com> |
SYSDB: index sudoUser
Most of the the searches in the Sudo responder include the sudoUser
attribute. Indexing it will make the responder faster. |
ff907ba7a9b5e429de086515642f97a0447e546a |
|
27-Jan-2012 |
Stephen Gallagher <sgallagh@redhat.com> |
SYSDB: Add indexes for servicePort and serviceProtocol |
87c9241da76f8a7c93095649b2c09a2a07190a36 |
|
21-Nov-2011 |
Krzysztof Klimonda <kklimonda@ubuntu.com> |
Fix FTBFS related to -Werror=format-security |
0387564f38698c5301b76b24eda000c448174171 |
|
02-Nov-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
SYSDB: add index for nameAlias |
c2352a73f52f600d95966ebe0b0819649ba923fa |
|
07-Oct-2011 |
Stephen Gallagher <sgallagh@redhat.com> |
SYSDB: New source file for sysdb upgrade routines |