c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher Simo Sorce <ssorce@redhat.com>
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher Stephen Gallagher <sgallagh@redhat.com>
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher Copyright (C) 2008-2011 Simo Sorce <ssorce@redhat.com>
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher Copyright (C) 2008-2011 Stephen Gallagher
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher This program is free software; you can redistribute it and/or modify
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher it under the terms of the GNU General Public License as published by
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher the Free Software Foundation; either version 3 of the License, or
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher (at your option) any later version.
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher This program is distributed in the hope that it will be useful,
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher GNU General Public License for more details.
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher You should have received a copy of the GNU General Public License
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorcestatic errno_t commence_upgrade(TALLOC_CTX *mem_ctx, struct ldb_context *ldb,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "UPGRADING DB TO VERSION %s\n", new_ver);
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorcestatic errno_t update_version(struct upgrade_ctx *ctx)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL);
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = ldb_msg_add_string(msg, "version", ctx->new_version);
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorcestatic int finish_upgrade(int ret, struct upgrade_ctx **ctx, const char **ver)
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Could not cancel transaction! [%s]\n",
cff916f5352fe7c3a679571130090efdb935618aStephen Gallagher /* Do not overwrite ret here, we want to return
cff916f5352fe7c3a679571130090efdb935618aStephen Gallagher * the original failure, not the failure of the
cff916f5352fe7c3a679571130090efdb935618aStephen Gallagher * transaction cancellation.
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher/* serach all groups that have a memberUid attribute.
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * change it into a member attribute for a user of same domain.
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * remove the memberUid attribute
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * add the new member attribute
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * finally stop indexing memberUid
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * upgrade version to 0.2
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagherint sysdb_upgrade_01(struct ldb_context *ldb, const char **ver)
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose /* No change needed because this version has objectclass group */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher const char *filter = "(&(memberUid=*)(objectclass=group))";
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher const char *attrs[] = { "memberUid", NULL };
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(tmp_ctx, ldb, SYSDB_VERSION_0_2, &ctx);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher basedn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher el = ldb_msg_find_element(res->msgs[i], "memberUid");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "memberUid is missing from message [%s], skipping\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[i]->dn));
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* create modification message */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, "memberUid", LDB_FLAG_MOD_DELETE, NULL);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, LDB_FLAG_MOD_ADD, NULL);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* get domain name component value */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher val = ldb_dn_get_component_val(res->msgs[i]->dn, 2);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher domain = talloc_strndup(tmp_ctx, (const char *)val->data, val->length);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher mem_dn = ldb_dn_new_fmt(tmp_ctx, ldb, SYSDB_TMPL_USER,
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher (const char *)el->values[j].data, domain);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher mdn = talloc_strdup(msg, ldb_dn_get_linearized(mem_dn));
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_string(msg, SYSDB_MEMBER, mdn);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* ok now we are ready to modify the entry */
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagherint sysdb_check_upgrade_02(struct sss_domain_info *domains,
f983b400bf4f6fb14a2174d6f58071e06e9ec832Jakub Hrozek ldb_file = talloc_asprintf(tmp_ctx, "%s/"LOCAL_SYSDB_FILE,
72dbcd0a3361f1c0f0c3e348aa2fbcabd926188bJakub Hrozek ret = sysdb_ldb_connect(tmp_ctx, ldb_file, 0, &ldb);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher verdn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher el = ldb_msg_find_element(res->msgs[0], "version");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher if (strcmp(version, SYSDB_VERSION) == 0) {
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* all fine, return */
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Upgrading DB from version: %s\n", version);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher if (strcmp(version, SYSDB_VERSION_0_1) == 0) {
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* convert database */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher if (strcmp(version, SYSDB_VERSION_0_2) == 0) {
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* need to convert database to split files */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* not a v2 upgrade, return and let the normal code take over any
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * further upgrade */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* == V2->V3 UPGRADE == */
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* ldb uses posix locks,
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * posix is stupid and kills all locks when you close *any* file
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * descriptor associated to the same file.
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * Therefore we must close and reopen the ldb file here */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* == Backup and reopen ldb == */
dfdc99afd56b605632adc265bfb1f55cd52b3dbeNikolai Kondrashov ret = backup_file(ldb_file, SSSDBG_FATAL_FAILURE);
72dbcd0a3361f1c0f0c3e348aa2fbcabd926188bJakub Hrozek ret = sysdb_ldb_connect(tmp_ctx, ldb_file, 0, &ldb);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_ldb_connect failed.\n");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* open a transaction */
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to start ldb transaction! (%d)\n", ret);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* == Upgrade contents == */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher for (dom = domains; dom; dom = dom->next) {
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* skip local */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher if (strcasecmp(dom->provider, "local") == 0) {
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* create new dom db */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = sysdb_domain_init_internal(tmp_ctx, dom,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to start ldb transaction! (%d)\n", ret);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* search all entries for this domain in local,
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * copy them all in the new database,
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * then remove them from local */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher domain_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
311836214245600566f881ff6253594e0999008ePetr Cech * dom->sysdb->ldb is not initialized,
311836214245600566f881ff6253594e0999008ePetr Cech * so ldb_dn_new_fmt() shouldn't be changed to sysdb_*_base_dn()
311836214245600566f881ff6253594e0999008ePetr Cech * dom->sysdb->ldb is not initialized,
311836214245600566f881ff6253594e0999008ePetr Cech * so ldb_dn_new_fmt() shouldn't be changed to sysdb_*_base_dn()
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* skip pre-created congtainers */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher if ((ldb_dn_compare(msg->dn, domain_dn) == 0) ||
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher (ldb_dn_compare(msg->dn, users_dn) == 0) ||
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher (ldb_dn_compare(msg->dn, groups_dn) == 0)) {
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* regenerate the DN against the new ldb as it may have different
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * casefolding rules (example: name changing from case insensitive
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * to case sensitive) */
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "WARNING: Could not add entry %s,"
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher " to new ldb file! (%d [%s])\n",
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "WARNING: Could not remove entry %s,"
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher " from old ldb file! (%d [%s])\n",
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* now remove the basic containers from local */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* these were optional so debug at level 9 in case
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher * of failure just for tracing */
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s,"
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher " from old ldb file! (%d [%s])\n",
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s,"
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher " from old ldb file! (%d [%s])\n",
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_TRACE_ALL, "WARNING: Could not remove entry %s,"
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher " from old ldb file! (%d [%s])\n",
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to commit ldb transaction! (%d)\n", ret);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* conversion done, upgrade version number */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, ldb, SYSDB_BASE);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_3);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to commit ldb transaction! (%d)\n", ret);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to cancel ldb transaction! (%d)\n", ret);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Failed to cancel ldb transaction! (%d)\n", ret);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagherint sysdb_upgrade_03(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_4, &ctx);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Make this database case-sensitive */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_DELETE, NULL);
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagherint sysdb_upgrade_04(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_5, &ctx);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Add new index */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_string(msg, "@IDXATTR", "originalDN");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Rebuild memberuid and memberoif attributes */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@MEMBEROF-REBUILD");
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagherint sysdb_upgrade_05(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_6, &ctx);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Add new indexes */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Add Index for dataExpireTimestamp */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_string(msg, "@IDXATTR", "dataExpireTimestamp");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Add index to speed up ONELEVEL searches */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_ADD, NULL);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_string(msg, "@IDXONE", "1");
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagherint sysdb_upgrade_06(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_7, &ctx);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Add new indexes */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES");
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher /* Case insensitive search for originalDN */
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_empty(msg, SYSDB_ORIG_DN, LDB_FLAG_MOD_ADD, NULL);
c2352a73f52f600d95966ebe0b0819649ba923faStephen Gallagher ret = ldb_msg_add_string(msg, SYSDB_ORIG_DN, "CASE_INSENSITIVE");
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
0387564f38698c5301b76b24eda000c448174171Stephen Gallagherint sysdb_upgrade_07(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_8, &ctx);
0387564f38698c5301b76b24eda000c448174171Stephen Gallagher /* Add new indexes */
0387564f38698c5301b76b24eda000c448174171Stephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST");
0387564f38698c5301b76b24eda000c448174171Stephen Gallagher /* Add Index for nameAlias */
0387564f38698c5301b76b24eda000c448174171Stephen Gallagher ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
0387564f38698c5301b76b24eda000c448174171Stephen Gallagher ret = ldb_msg_add_string(msg, "@IDXATTR", "nameAlias");
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
ff907ba7a9b5e429de086515642f97a0447e546aStephen Gallagherint sysdb_upgrade_08(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_9, &ctx);
ff907ba7a9b5e429de086515642f97a0447e546aStephen Gallagher /* Add new indexes */
ff907ba7a9b5e429de086515642f97a0447e546aStephen Gallagher msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST");
ff907ba7a9b5e429de086515642f97a0447e546aStephen Gallagher /* Add Index for servicePort and serviceProtocol */
ff907ba7a9b5e429de086515642f97a0447e546aStephen Gallagher ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
ff907ba7a9b5e429de086515642f97a0447e546aStephen Gallagher ret = ldb_msg_add_string(msg, "@IDXATTR", "servicePort");
ff907ba7a9b5e429de086515642f97a0447e546aStephen Gallagher ret = ldb_msg_add_string(msg, "@IDXATTR", "serviceProtocol");
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
25a9a1768d2e3587cc68b76a0a5df1e42a2c89abJakub Hrozekint sysdb_upgrade_09(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_10, &ctx);
25a9a1768d2e3587cc68b76a0a5df1e42a2c89abJakub Hrozek /* Add new indexes */
25a9a1768d2e3587cc68b76a0a5df1e42a2c89abJakub Hrozek msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST");
25a9a1768d2e3587cc68b76a0a5df1e42a2c89abJakub Hrozek /* Add Index for servicePort and serviceProtocol */
25a9a1768d2e3587cc68b76a0a5df1e42a2c89abJakub Hrozek ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
25a9a1768d2e3587cc68b76a0a5df1e42a2c89abJakub Hrozek ret = ldb_msg_add_string(msg, "@IDXATTR", "sudoUser");
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
46675b5033169e1e954cd570413ce85b2c5e11fcSimo Sorceint sysdb_upgrade_10(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
46675b5033169e1e954cd570413ce85b2c5e11fcSimo Sorce const char **ver)
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose /* No change needed because version 10 has objectclass user */
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny const char *filter = "(&(objectClass=user)(!(uidNumber=*))(memberOf=*))";
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny const char *attrs[] = { "name", "memberof", NULL };
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_11, &ctx);
311836214245600566f881ff6253594e0999008ePetr Cech * dom->sysdb->ldb is not initialized,
311836214245600566f881ff6253594e0999008ePetr Cech * so ldb_dn_new_fmt() shouldn't be changed to sysdb_*_base_dn()
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny memberof_el = ldb_msg_find_element(user, "memberof");
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny name = ldb_msg_find_attr_as_string(user, "name", NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "User [%s] is a member of %d groups\n",
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "DN validation failed during "
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny "upgrade: [%s]\n",
c193cdcb43bffc1eac1bde6dfb0311e033e0c12fJan Zeleny ret = ldb_msg_add_empty(msg, "ghost", LDB_FLAG_MOD_ADD, NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Adding ghost [%s] to entry [%s]\n",
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek ret = sss_ldb_modify_permissive(sysdb->ldb, msg);
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek if (ret == LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS) {
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek /* If we failed adding the ghost user(s) because the values already
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek * exist, they were probably propagated from a parent that was
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek * upgraded before us. Mark the group as expired so that it is
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek * refreshed on next request.
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek msg->dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb, &memberof_el->values[j]);
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek ret = ldb_msg_add_empty(msg, SYSDB_CACHE_EXPIRE,
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek ret = ldb_msg_add_string(msg, SYSDB_CACHE_EXPIRE, "1");
541ee4f36c58dac103dfb766231cf8f26db93676Jakub Hrozek ret = sss_ldb_modify_permissive(sysdb->ldb, msg);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Removing fake user [%s]\n",
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
46675b5033169e1e954cd570413ce85b2c5e11fcSimo Sorceint sysdb_upgrade_11(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
46675b5033169e1e954cd570413ce85b2c5e11fcSimo Sorce const char **ver)
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek const char *attrs[] = { SYSDB_AUTOFS_ENTRY_KEY,
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_12, &ctx);
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_SUBTREE,
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek attrs, "(objectClass=%s)", SYSDB_AUTOFS_ENTRY_OC);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Found %d autofs entries\n", res->count);
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek memberof_el = ldb_msg_find_element(entry, SYSDB_MEMBEROF);
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek for (j = 0; j < memberof_el->num_values; j++) {
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek memberof_dn = ldb_dn_from_ldb_val(tmp_ctx, sysdb->ldb,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Cannot convert memberof into DN, skipping\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Cannot get map name from map DN\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Cannot save autofs entry [%s]-[%s] into map %s\n",
77f445dbaecc8e792e1ad42e3742800ad141bee0Jakub Hrozek /* Delete the old entry if it was either processed or incomplete */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Deleting [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Cannot delete old autofs entry %s\n",
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
3882325ff60f89d0c312e9519bdfd1351978fd73Jan Cholastaint sysdb_upgrade_12(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_13, &ctx);
3882325ff60f89d0c312e9519bdfd1351978fd73Jan Cholasta /* add new indexes */
3882325ff60f89d0c312e9519bdfd1351978fd73Jan Cholasta msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@INDEXLIST");
3882325ff60f89d0c312e9519bdfd1351978fd73Jan Cholasta /* add index for sshKnownHostsExpire */
3882325ff60f89d0c312e9519bdfd1351978fd73Jan Cholasta ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
3882325ff60f89d0c312e9519bdfd1351978fd73Jan Cholasta ret = ldb_msg_add_string(msg, "@IDXATTR", "sshKnownHostsExpire");
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorceint sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver)
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce int i, j, l, n;
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx);
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to search subdomains\n");
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "The object [%s] doesn't have a name\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(dom_res->msgs[i]->dn));
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce basedn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_DOM_BASE, tmp_str);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to build base dn for subdomain %s\n", tmp_str);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to search subdomain %s\n", tmp_str);
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce if (n <= l + 1) {
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce /* Do not remove subdomain containers, only their contents */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to delete %s\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[j]->dn));
d096233fe7610186ee12f41f97ca9602a3768405Simo Sorce /* conversion done, update version number */
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorceint sysdb_upgrade_14(struct sysdb_ctx *sysdb, const char **ver)
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_15, &ctx);
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n");
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce /* create base ranges container */
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce msg->dn = ldb_dn_new(msg, sysdb->ldb, SYSDB_TMPL_RANGE_BASE);
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce /* do a synchronous add */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to upgrade DB (%d, [%s])!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to search range objects\n");
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce /* Failure to convert any range is not fatal. As long as there are no
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce * left-over objects we can fail to move them around, as they will be
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce * recreated on the next online access */
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[i], SYSDB_NAME, NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "The object [%s] doesn't have a name\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[i]->dn));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to delete %s\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[i]->dn));
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce newdn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_TMPL_RANGE, tmp_str);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to create new DN to move [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[i]->dn));
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce ret = ldb_rename(sysdb->ldb, res->msgs[i]->dn, newdn);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to move [%s] to [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Failed to delete %s\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[i]->dn));
73120327cc136229d56d08f7f8c5e8df4129c1e3Simo Sorce /* conversion done, update version number */
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Boseint sysdb_upgrade_15(struct sysdb_ctx *sysdb, const char **ver)
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Bose ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_16, &ctx);
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Bose /* Add new indexes */
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Bose msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, "@ATTRIBUTES");
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Bose /* Case insensitive search for canonicalUserPrincipalName */
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Bose ret = ldb_msg_add_empty(msg, SYSDB_CANONICAL_UPN, LDB_FLAG_MOD_ADD, NULL);
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Bose ret = ldb_msg_add_string(msg, SYSDB_CANONICAL_UPN, "CASE_INSENSITIVE");
9ad2756fcf4df945f4cd09238e3f9fe707b0b70cSumit Bose /* conversion done, update version number */
e61b0e41cb44004d2b260ad9d05802995f7bcb2eJakub Hrozekint sysdb_upgrade_16(struct sysdb_ctx *sysdb, const char **ver)
e61b0e41cb44004d2b260ad9d05802995f7bcb2eJakub Hrozek ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_17, &ctx);
e61b0e41cb44004d2b260ad9d05802995f7bcb2eJakub Hrozek msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
e61b0e41cb44004d2b260ad9d05802995f7bcb2eJakub Hrozek /* add index for objectSIDString */
e61b0e41cb44004d2b260ad9d05802995f7bcb2eJakub Hrozek ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
e61b0e41cb44004d2b260ad9d05802995f7bcb2eJakub Hrozek ret = ldb_msg_add_string(msg, "@IDXATTR", "objectSIDString");
e61b0e41cb44004d2b260ad9d05802995f7bcb2eJakub Hrozek /* conversion done, update version number */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic char *object_domain_from_dn(TALLOC_CTX *mem_ctx,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek val = ldb_dn_get_component_val(dn, domain_index);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return talloc_strdup(mem_ctx, (const char *) val->data);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek dom_dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, msg, domain_attr);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* If no specific attribute to take the domain from is specified,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek * use the DN */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return object_domain_from_dn(mem_ctx, dom_dn, domain_index);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek/* Used for attributes like sudoUser which contain group or user name or
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek * ID, depending on the value prefix */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozektypedef bool (*should_qualify_val_fn)(const char *val);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek/* Qualifies a string attribute using domain_name. Optionally, if qfn is
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek * given, only qualifies the name if qfn returns true */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic errno_t qualify_attr(struct ldb_message *msg,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* This entry does not have this element, fine */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = sss_parse_name(mod_msg, names, rawname, NULL, &shortname);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek fqval = sss_create_internal_fqname(el->values, shortname, domain_name);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Cannot qualify %s@%s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek mod_el = ldb_msg_find_element(mod_msg, attrname);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return true;
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, "Qualified %s:%s into %s\n",
1ea5a9c1930f531b21f8bc67c9c071d8ce533786Sumit Bose ret = ldb_msg_add_empty(mod_msg, attrname, LDB_FLAG_MOD_REPLACE, NULL);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = ldb_msg_add_steal_string(mod_msg, attrname, fqval);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek/* Returns a copy of old_dn_val with RDN qualified. The domain name
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek * is read from the DN itself
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic struct ldb_dn *qualify_rdn(TALLOC_CTX *mem_ctx,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* Only qualify DNs with name= rdn. This applies to overrideDNs mostly,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek * because those can contain either names or UUIDs
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek dn_domain = object_domain_from_dn(tmp_ctx, old_dn_val, 2);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot determine domain of %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = sss_parse_name(tmp_ctx, names, (const char *) val->data,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot parse raw RDN %s\n", (const char *) val->data);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek fqrdn = sss_create_internal_fqname(tmp_ctx, shortname, dn_domain);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Cannot qualify %s@%s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek parent_dn = ldb_dn_get_parent(tmp_ctx, old_dn_val);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot get parent of %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek new_dn = ldb_dn_new_fmt(mem_ctx, ldb, "%s=%s,%s",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic errno_t qualify_dn_attr(struct ldb_context *ldb,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek attr_dn = ldb_dn_new(tmp_ctx, ldb, (const char *) el->values[c].data);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Cannot create DN from %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "DN %s does not validate\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek fqdn = qualify_rdn(tmp_ctx, ldb, names, attr_dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Cannot qualify %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = ldb_msg_add_linearized_dn(mod_msg, attrname, fqdn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek mod_el = ldb_msg_find_element(mod_msg, attrname);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic errno_t expire_object(struct ldb_message *object,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = ldb_msg_add_empty(mod_msg, attrs[c], LDB_FLAG_MOD_REPLACE, NULL);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = ldb_msg_add_fmt(mod_msg, attrs[c], "%d", 1);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic errno_t qualify_object(TALLOC_CTX *mem_ctx,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *name_attrs[],
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *dn_attrs[],
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek dom_name = object_domain(mod_msg, ldb, object, domain_attr, domain_index);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot determine domain of %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot qualify %s of %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek name_attrs[c], ldb_dn_get_linearized(object->dn));
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot qualify %s of %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek dn_attrs[c], ldb_dn_get_linearized(object->dn));
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot expire %s\n", ldb_dn_get_linearized(object->dn));
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* Override objects can contain both qualified and non-qualified names.
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek * Need to use permissive modification here, otherwise we might attempt
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek * to store duplicate qualified names
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot modify %s\n", ldb_dn_get_linearized(object->dn));
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek new_object_dn = qualify_rdn(mod_msg, ldb, names, mod_msg->dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = ldb_rename(ldb, object->dn, new_object_dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot rename %s to %s\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic void qualify_objects(struct upgrade_ctx *ctx,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *name_attrs[],
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *dn_attrs[],
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, "Failed to search objects: %d\n", ret);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek DEBUG(SSSDBG_TRACE_LIBS, "No match for: %s\n", filter);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = qualify_object(ctx, ldb, names, objects->msgs[c],
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Could not qualify object %s: %d\n",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ldb_dn_get_linearized(objects->msgs[c]->dn), ret);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic void qualify_users(struct upgrade_ctx *ctx,
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose /* No change needed because this version has objectclass user */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *user_dn_attrs[] = { SYSDB_MEMBEROF,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return qualify_objects(ctx, ldb, names, base_dn,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek true, /* qualify dn */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic void qualify_groups(struct upgrade_ctx *ctx,
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose /* No change needed because this version has objectclass group */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *group_filter = "objectclass=group";
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return qualify_objects(ctx, ldb, names, base_dn, true,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic void qualify_user_overrides(struct upgrade_ctx *ctx,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *user_override_filter = "objectclass=userOverride";
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *user_ovr_name_attrs[] = { SYSDB_NAME,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *user_ovr_dn_attrs[] = { SYSDB_OVERRIDE_OBJECT_DN,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return qualify_objects(ctx, ldb, names, base_dn,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* Don't qualify RDN of override DN */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* Read domain from override DN */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic void qualify_group_overrides(struct upgrade_ctx *ctx,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *group_override_filter = "objectclass=groupOverride";
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *group_ovr_name_attrs[] = { SYSDB_NAME,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *group_ovr_dn_attrs[] = { SYSDB_OVERRIDE_OBJECT_DN,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return qualify_objects(ctx, ldb, names, base_dn,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozekstatic void qualify_sudo_rules(struct upgrade_ctx *ctx,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *group_override_filter = "objectclass=sudoRule";
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char *sudo_rule_name_attrs[] = { "sudoUser",
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek return qualify_objects(ctx, ldb, names, base_dn,
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek const char **ver)
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek struct sss_names_ctx *names = upgrade_ctx->names;
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_18, &ctx);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* Disable memberof plugin during this update */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek base_dn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_BASE);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek qualify_users(ctx, sysdb->ldb, names, base_dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek qualify_groups(ctx, sysdb->ldb, names, base_dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek qualify_user_overrides(ctx, sysdb->ldb, names, base_dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek qualify_group_overrides(ctx, sysdb->ldb, names, base_dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek qualify_sudo_rules(ctx, sysdb->ldb, names, base_dn);
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek /* conversion done, update version number */
8531bd4585f9135ffd4cbb9bb4c880dc77b5adc4Jakub Hrozek "Cannot unset SSSD_UPGRADE_DB, SSSD might not work correctly\n");
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Boseint sysdb_upgrade_18(struct sysdb_ctx *sysdb, const char **ver)
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_19, &ctx);
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose /* Add missing indices */
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose ret = ldb_msg_add_string(msg, "@IDXATTR", SYSDB_GHOST);
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose ret = ldb_msg_add_string(msg, "@IDXATTR", SYSDB_UPN);
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose ret = ldb_msg_add_string(msg, "@IDXATTR", SYSDB_CANONICAL_UPN);
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose ret = ldb_msg_add_string(msg, "@IDXATTR", SYSDB_UUID);
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose ret = ldb_msg_add_string(msg, "@IDXATTR", SYSDB_USER_EMAIL);
9acdf51bf32d7b4389f3faea0fc6b73c56b6da71Sumit Bose /* conversion done, update version number */
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bosestatic errno_t add_object_category(struct ldb_context *ldb,
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose const char *attrs[] = { SYSDB_OBJECTCLASS, NULL };
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed create base dn.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed to search objects: %d\n", ret);
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_TRACE_LIBS, "No objects found, nothing to do.");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose ret = ldb_msg_add_empty(del_msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_DELETE,
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_TRACE_ALL, "Found [%d] objects.\n", objects->count);
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose class_name = ldb_msg_find_attr_as_string(objects->msgs[c],
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "Searched objects by objectClass, "
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose "but result does not have one.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCATEGORY, LDB_FLAG_MOD_ADD,
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose ret = ldb_msg_add_string(msg, SYSDB_OBJECTCATEGORY, class_name);
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_TRACE_ALL, "Adding [%s] to [%s].\n", class_name,
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose "Failed to add objectCategory to %s: %d.\n",
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose "Failed to remove objectClass from %s: %d.\n",
2927da49dd8a16fff6312d89ad43cc355655800cSumit Boseint sysdb_upgrade_19(struct sysdb_ctx *sysdb, const char **ver)
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_20, &ctx);
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "add_object_category failed.\n");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose /* Remove @IDXONE from index */
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_DELETE, NULL);
5b78fff78bb44d1af5420db23b02210f755f5f17Sumit Bose ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
5b78fff78bb44d1af5420db23b02210f755f5f17Sumit Bose ret = ldb_msg_add_string(msg, "@IDXATTR", SYSDB_USER_MAPPED_CERT);
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose /* conversion done, update version number */
2927da49dd8a16fff6312d89ad43cc355655800cSumit Boseint sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver)
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_TS_VERSION_0_2, &ctx);
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose /* Remove @IDXONE from index */
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_DELETE, NULL);
2927da49dd8a16fff6312d89ad43cc355655800cSumit Bose /* conversion done, update version number */
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce * Example template for future upgrades.
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce * Copy and change version numbers as appropriate.
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorceint sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver)
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx);
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* DO STUFF HERE (use ctx, as the local temporary memory context) */
868ae511c9b0d610f83acf8f01975e1f5e3c1aa3Simo Sorce /* conversion done, update version number */