summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2012-11-16 20:25:44 +0000
committerJakub Hrozek <jhrozek@redhat.com>2012-11-19 15:11:12 +0100
commitd096233fe7610186ee12f41f97ca9602a3768405 (patch)
tree2b2c914e0afc7ce621c8c8c8d99b518203ec16f8
parent94a66f84bd3c28fcabffeb84c682dccf89d89c2b (diff)
downloadsssd-d096233fe7610186ee12f41f97ca9602a3768405.tar.gz
sssd-d096233fe7610186ee12f41f97ca9602a3768405.tar.bz2
sssd-d096233fe7610186ee12f41f97ca9602a3768405.zip
Handle conversion to fully qualified usernames
In subdomains we have to use fully qualified usernames. Unfortunately we have no other good option than simply removing caches for users of subdomains. This is because the memberof plugin does not support the rename operation.
-rw-r--r--src/db/sysdb.c7
-rw-r--r--src/db/sysdb_private.h4
-rw-r--r--src/db/sysdb_upgrade.c88
3 files changed, 98 insertions, 1 deletions
diff --git a/src/db/sysdb.c b/src/db/sysdb.c
index dda288f7..e82c1849 100644
--- a/src/db/sysdb.c
+++ b/src/db/sysdb.c
@@ -1146,6 +1146,13 @@ int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
}
}
+ if (strcmp(version, SYSDB_VERSION_0_13) == 0) {
+ ret = sysdb_upgrade_13(sysdb, &version);
+ if (ret != EOK) {
+ goto done;
+ }
+ }
+
/* The version should now match SYSDB_VERSION.
* If not, it means we didn't match any of the
* known older versions. The DB might be
diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h
index bde4c603..a2af8b93 100644
--- a/src/db/sysdb_private.h
+++ b/src/db/sysdb_private.h
@@ -23,6 +23,7 @@
#ifndef __INT_SYS_DB_H__
#define __INT_SYS_DB_H__
+#define SYSDB_VERSION_0_14 "0.14"
#define SYSDB_VERSION_0_13 "0.13"
#define SYSDB_VERSION_0_12 "0.12"
#define SYSDB_VERSION_0_11 "0.11"
@@ -37,7 +38,7 @@
#define SYSDB_VERSION_0_2 "0.2"
#define SYSDB_VERSION_0_1 "0.1"
-#define SYSDB_VERSION SYSDB_VERSION_0_13
+#define SYSDB_VERSION SYSDB_VERSION_0_14
#define SYSDB_BASE_LDIF \
"dn: @ATTRIBUTES\n" \
@@ -111,6 +112,7 @@ int sysdb_upgrade_09(struct sysdb_ctx *sysdb, const char **ver);
int sysdb_upgrade_10(struct sysdb_ctx *sysdb, const char **ver);
int sysdb_upgrade_11(struct sysdb_ctx *sysdb, const char **ver);
int sysdb_upgrade_12(struct sysdb_ctx *sysdb, const char **ver);
+int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver);
int add_string(struct ldb_message *msg, int flags,
const char *attr, const char *value);
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
index c4ca64a4..10c4e577 100644
--- a/src/db/sysdb_upgrade.c
+++ b/src/db/sysdb_upgrade.c
@@ -1273,6 +1273,94 @@ done:
return ret;
}
+int sysdb_upgrade_13(struct sysdb_ctx *sysdb, const char **ver)
+{
+ struct upgrade_ctx *ctx;
+ struct ldb_result *dom_res;
+ struct ldb_result *res;
+ struct ldb_dn *basedn;
+ const char *attrs[] = { "cn", "name", NULL };
+ const char *tmp_str;
+ errno_t ret;
+ int i, j, l, n;
+
+ ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_14, &ctx);
+ if (ret) {
+ return ret;
+ }
+
+ basedn = ldb_dn_new(ctx, sysdb->ldb, SYSDB_BASE);
+ if (!basedn) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Failed to build base dn\n"));
+ ret = EIO;
+ goto done;
+ }
+
+ ret = ldb_search(sysdb->ldb, ctx, &dom_res,
+ basedn, LDB_SCOPE_ONELEVEL,
+ attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Failed to search subdomains\n"));
+ ret = EIO;
+ goto done;
+ }
+
+ for (i = 0; i < dom_res->count; i++) {
+
+ tmp_str = ldb_msg_find_attr_as_string(dom_res->msgs[i], "cn", NULL);
+ if (tmp_str == NULL) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("The object [%s] doesn't have a name\n",
+ ldb_dn_get_linearized(res->msgs[i]->dn)));
+ continue;
+ }
+
+ basedn = ldb_dn_new_fmt(ctx, sysdb->ldb, SYSDB_DOM_BASE, tmp_str);
+ if (!basedn) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to build base dn for subdomain %s\n", tmp_str));
+ continue;
+ }
+
+ ret = ldb_search(sysdb->ldb, ctx, &res,
+ basedn, LDB_SCOPE_SUBTREE, attrs, NULL);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to search subdomain %s\n", tmp_str));
+ talloc_free(basedn);
+ continue;
+ }
+
+ l = ldb_dn_get_comp_num(basedn);
+ for (j = 0; j < res->count; j++) {
+ n = ldb_dn_get_comp_num(res->msgs[j]->dn);
+ if (n <= l + 1) {
+ /* Do not remove subdomain containers, only their contents */
+ continue;
+ }
+ ret = ldb_delete(sysdb->ldb, res->msgs[j]->dn);
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Failed to delete %s\n", res->msgs[j]->dn));
+ continue;
+ }
+ }
+
+ talloc_free(basedn);
+ talloc_free(res);
+ }
+
+ talloc_free(dom_res);
+
+ /* conversion done, update version number */
+ ret = update_version(ctx);
+
+done:
+ ret = finish_upgrade(ret, &ctx, ver);
+ return ret;
+}
+
+
/*
* Example template for future upgrades.
* Copy and change version numbers as appropriate.