Tree - rpms/sssd - CentOS Git server

dpward / rpms / sssd

Forked from rpms/sssd 3 years ago

Source
Stats

Blame SOURCES/0115-views-allow-view-name-change-at-startup.patch

Blob History Raw

		905b4d	`From af22737f9e8b31a6a0671d3e6b58df7863646380 Mon Sep 17 00:00:00 2001`
		905b4d	`From: Sumit Bose <sbose@redhat.com>`
		905b4d	`Date: Wed, 12 Nov 2014 16:30:57 +0100`
		905b4d	`Subject: [PATCH 115/115] views: allow view name change at startup`
		905b4d
		905b4d	`Currently some manual steps are needed on a FreeIPA to switch from one`
		905b4d	`view to another. With this patch the IPA provider checks at startup if`
		905b4d	`the view name changed and does the needed steps automatically. Besides`
		905b4d	`saving the new view name this includes removing the old view data and`
		905b4d	`marking the user and group entries as invalid.`
		905b4d	`---`
		905b4d	`src/db/sysdb_views.c \| 12 ++---`
		905b4d	`src/providers/ipa/ipa_subdomains.c \| 97 +++++++++++++++++++++++++++++++-------`
		905b4d	`2 files changed, 85 insertions(+), 24 deletions(-)`
		905b4d
		905b4d	`diff --git a/src/db/sysdb_views.c b/src/db/sysdb_views.c`
		905b4d	`index 970d83e657d4fdfb73ac0e1fcc124ec690e29d4b..3b3aac0dc1dea32cf3df5e29358f5dfefd8fde22 100644`
		905b4d	`--- a/src/db/sysdb_views.c`
		905b4d	`+++ b/src/db/sysdb_views.c`
		905b4d	`@@ -123,17 +123,13 @@ errno_t sysdb_update_view_name(struct sysdb_ctx *sysdb,`
		905b4d	`goto done;`
		905b4d	`} else {`
		905b4d	`/* view name changed */`
		905b4d	`- /* not supported atm */`
		905b4d	`- DEBUG(SSSDBG_CRIT_FAILURE,`
		905b4d	`- "View name changed from [%s] to [%s]. NOT SUPPORTED.\n",`
		905b4d	`- tmp_str, view_name);`
		905b4d	`- ret = ENOTSUP;`
		905b4d	`- goto done;`
		905b4d	`+ DEBUG(SSSDBG_CONF_SETTINGS,`
		905b4d	`+ "View name changed from [%s] to [%s].\n", tmp_str, view_name);`
		905b4d	`}`
		905b4d	`+ } else {`
		905b4d	`+ add_view_name = true;`
		905b4d	`}`
		905b4d
		905b4d	`- add_view_name = true;`
		905b4d	`-`
		905b4d	`msg = ldb_msg_new(tmp_ctx);`
		905b4d	`if (msg == NULL) {`
		905b4d	`DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");`
		905b4d	`diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c`
		905b4d	`index 883558c4d79d2da64ef6f010982ac89ccfae4e4f..6fdb0befa32f96d01c9b3666a3ef9c8331a83242 100644`
		905b4d	`--- a/src/providers/ipa/ipa_subdomains.c`
		905b4d	`+++ b/src/providers/ipa/ipa_subdomains.c`
		905b4d	`@@ -80,8 +80,17 @@ struct ipa_subdomains_ctx {`
		905b4d	`struct tevent_timer *timer_event;`
		905b4d	`bool configured_explicit;`
		905b4d	`time_t disabled_until;`
		905b4d	`+ bool view_read_at_init;`
		905b4d	`};`
		905b4d
		905b4d	`+static void ipa_subdomains_done(struct ipa_subdomains_ctx *sd_ctx,`
		905b4d	`+ struct be_req *req, int dp_err,`
		905b4d	`+ int error, const char *errstr)`
		905b4d	`+{`
		905b4d	`+ sd_ctx->view_read_at_init = true;`
		905b4d	`+ return be_req_terminate(req, dp_err, error, errstr);`
		905b4d	`+}`
		905b4d	`+`
		905b4d	`struct be_ctx ipa_get_subdomains_be_ctx(struct be_ctx be_ctx)`
		905b4d	`{`
		905b4d	`struct ipa_subdomains_ctx *subdom_ctx;`
		905b4d	`@@ -903,7 +912,7 @@ done:`
		905b4d	`if (ret == EOK) {`
		905b4d	`dp_error = DP_ERR_OK;`
		905b4d	`}`
		905b4d	`- be_req_terminate(be_req, dp_error, ret, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx, be_req, dp_error, ret, NULL);`
		905b4d	`}`
		905b4d
		905b4d	`static void ipa_subdomains_get_conn_done(struct tevent_req *req)`
		905b4d	`@@ -938,7 +947,7 @@ static void ipa_subdomains_get_conn_done(struct tevent_req *req)`
		905b4d	`return;`
		905b4d
		905b4d	`fail:`
		905b4d	`- be_req_terminate(ctx->be_req, dp_error, ret, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx->sd_ctx, ctx->be_req, dp_error, ret, NULL);`
		905b4d	`}`
		905b4d
		905b4d	`static errno_t`
		905b4d	`@@ -1030,6 +1039,7 @@ static errno_t ipa_get_view_name(struct ipa_subdomains_req_ctx *ctx)`
		905b4d	`static void ipa_get_view_name_done(struct tevent_req *req)`
		905b4d	`{`
		905b4d	`int ret;`
		905b4d	`+ int sret;`
		905b4d	`struct ipa_subdomains_req_ctx *ctx;`
		905b4d	`size_t reply_count;`
		905b4d	`struct sdap_deref_attrs **reply = NULL;`
		905b4d	`@@ -1089,24 +1099,79 @@ static void ipa_get_view_name_done(struct tevent_req *req)`
		905b4d	`view_name = SYSDB_DEFAULT_VIEW_NAME;`
		905b4d	`}`
		905b4d
		905b4d	`+ DEBUG(SSSDBG_TRACE_ALL, "read_at_init [%s] current view [%s].\n",`
		905b4d	`+ ctx->sd_ctx->view_read_at_init ? "true" : "false",`
		905b4d	`+ ctx->sd_ctx->id_ctx->view_name);`
		905b4d	`+`
		905b4d	`if (ctx->sd_ctx->id_ctx->view_name != NULL`
		905b4d	`- && strcmp(ctx->sd_ctx->id_ctx->view_name, view_name) != 0) {`
		905b4d	`+ && strcmp(ctx->sd_ctx->id_ctx->view_name, view_name) != 0`
		905b4d	`+ && ctx->sd_ctx->view_read_at_init) {`
		905b4d	`DEBUG(SSSDBG_CRIT_FAILURE,`
		905b4d	`- "View name changed, this is currently not supported!\n");`
		905b4d	`+ "View name changed, this is not supported at runtime. " \`
		905b4d	`+ "Please restart SSSD to get the new view applied.\n");`
		905b4d	`} else {`
		905b4d	`+ ctx->sd_ctx->view_read_at_init = true;`
		905b4d	`+ /* View name changed */`
		905b4d	`+ if (ctx->sd_ctx->id_ctx->view_name != NULL) {`
		905b4d	`+ ret = sysdb_transaction_start(ctx->sd_ctx->be_ctx->domain->sysdb);`
		905b4d	`+ if (ret != EOK) {`
		905b4d	`+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_transaction_start failed.\n");`
		905b4d	`+ goto done;`
		905b4d	`+ }`
		905b4d	`+`
		905b4d	`+ if (strcmp(ctx->sd_ctx->id_ctx->view_name,`
		905b4d	`+ SYSDB_DEFAULT_VIEW_NAME) != 0) {`
		905b4d	`+ /* Old view was not the default view, delete view tree */`
		905b4d	`+ ret = sysdb_delete_view_tree(ctx->sd_ctx->be_ctx->domain->sysdb,`
		905b4d	`+ ctx->sd_ctx->id_ctx->view_name);`
		905b4d	`+ if (ret != EOK) {`
		905b4d	`+ DEBUG(SSSDBG_OP_FAILURE,`
		905b4d	`+ "sysdb_delete_view_tree failed.\n");`
		905b4d	`+ sret = sysdb_transaction_cancel(`
		905b4d	`+ ctx->sd_ctx->be_ctx->domain->sysdb);`
		905b4d	`+ if (sret != EOK) {`
		905b4d	`+ DEBUG(SSSDBG_OP_FAILURE,`
		905b4d	`+ "sysdb_transaction_cancel failed.\n");`
		905b4d	`+ goto done;`
		905b4d	`+ }`
		905b4d	`+ goto done;`
		905b4d	`+ }`
		905b4d	`+ }`
		905b4d	`+`
		905b4d	`+ ret = sysdb_invalidate_overrides(`
		905b4d	`+ ctx->sd_ctx->be_ctx->domain->sysdb);`
		905b4d	`+ if (ret != EOK) {`
		905b4d	`+ DEBUG(SSSDBG_OP_FAILURE,`
		905b4d	`+ "sysdb_invalidate_overrides failed.\n");`
		905b4d	`+ sret = sysdb_transaction_cancel(`
		905b4d	`+ ctx->sd_ctx->be_ctx->domain->sysdb);`
		905b4d	`+ if (sret != EOK) {`
		905b4d	`+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_transaction_cancel failed.\n");`
		905b4d	`+ goto done;`
		905b4d	`+ }`
		905b4d	`+ goto done;`
		905b4d	`+ }`
		905b4d	`+`
		905b4d	`+ ret = sysdb_transaction_commit(ctx->sd_ctx->be_ctx->domain->sysdb);`
		905b4d	`+ if (ret != EOK) {`
		905b4d	`+ DEBUG(SSSDBG_OP_FAILURE, "sysdb_transaction_commit failed.\n");`
		905b4d	`+ goto done;`
		905b4d	`+ }`
		905b4d	`+`
		905b4d	`+ /* TODO: start referesh task */`
		905b4d	`+ }`
		905b4d	`+`
		905b4d	`ret = sysdb_update_view_name(ctx->sd_ctx->be_ctx->domain->sysdb,`
		905b4d	`view_name);`
		905b4d	`if (ret != EOK) {`
		905b4d	`DEBUG(SSSDBG_CRIT_FAILURE,`
		905b4d	`"Cannot add/update view name to sysdb.\n");`
		905b4d	`} else {`
		905b4d	`+ talloc_free(ctx->sd_ctx->id_ctx->view_name);`
		905b4d	`+ ctx->sd_ctx->id_ctx->view_name = talloc_strdup(ctx->sd_ctx->id_ctx,`
		905b4d	`+ view_name);`
		905b4d	`if (ctx->sd_ctx->id_ctx->view_name == NULL) {`
		905b4d	`- ctx->sd_ctx->id_ctx->view_name =`
		905b4d	`- talloc_strdup(ctx->sd_ctx->id_ctx,`
		905b4d	`- view_name);`
		905b4d	`- if (ctx->sd_ctx->id_ctx->view_name == NULL) {`
		905b4d	`- DEBUG(SSSDBG_CRIT_FAILURE, "Cannot copy view name.\n");`
		905b4d	`- }`
		905b4d	`+ DEBUG(SSSDBG_CRIT_FAILURE, "Cannot copy view name.\n");`
		905b4d	`}`
		905b4d	`}`
		905b4d	`}`
		905b4d	`@@ -1122,7 +1187,7 @@ done:`
		905b4d	`if (ret == EOK) {`
		905b4d	`dp_error = DP_ERR_OK;`
		905b4d	`}`
		905b4d	`- be_req_terminate(ctx->be_req, dp_error, ret, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx->sd_ctx, ctx->be_req, dp_error, ret, NULL);`
		905b4d	`}`
		905b4d
		905b4d	`static void ipa_subdomains_handler_done(struct tevent_req *req)`
		905b4d	`@@ -1222,7 +1287,7 @@ done:`
		905b4d	`if (ret == EOK) {`
		905b4d	`dp_error = DP_ERR_OK;`
		905b4d	`}`
		905b4d	`- be_req_terminate(ctx->be_req, dp_error, ret, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx->sd_ctx, ctx->be_req, dp_error, ret, NULL);`
		905b4d	`}`
		905b4d
		905b4d	`static errno_t ipa_check_master(struct ipa_subdomains_req_ctx *ctx)`
		905b4d	`@@ -1308,7 +1373,7 @@ done:`
		905b4d	`if (ret == EOK) {`
		905b4d	`dp_error = DP_ERR_OK;`
		905b4d	`}`
		905b4d	`- be_req_terminate(ctx->be_req, dp_error, ret, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx->sd_ctx, ctx->be_req, dp_error, ret, NULL);`
		905b4d	`}`
		905b4d
		905b4d	`static void ipa_subdomains_handler_master_done(struct tevent_req *req)`
		905b4d	`@@ -1370,7 +1435,7 @@ done:`
		905b4d	`if (ret == EOK) {`
		905b4d	`dp_error = DP_ERR_OK;`
		905b4d	`}`
		905b4d	`- be_req_terminate(ctx->be_req, dp_error, ret, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx->sd_ctx, ctx->be_req, dp_error, ret, NULL);`
		905b4d	`}`
		905b4d
		905b4d	`static void ipa_subdom_online_cb(void *pvt);`
		905b4d	`@@ -1505,12 +1570,12 @@ void ipa_subdomains_handler(struct be_req *be_req)`
		905b4d
		905b4d	`if (ctx->disabled_until > now) {`
		905b4d	`DEBUG(SSSDBG_TRACE_ALL, "Subdomain provider disabled.\n");`
		905b4d	`- be_req_terminate(be_req, DP_ERR_OK, EOK, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx, be_req, DP_ERR_OK, EOK, NULL);`
		905b4d	`return;`
		905b4d	`}`
		905b4d
		905b4d	`if (ctx->last_refreshed > now - IPA_SUBDOMAIN_REFRESH_LIMIT) {`
		905b4d	`- be_req_terminate(be_req, DP_ERR_OK, EOK, NULL);`
		905b4d	`+ ipa_subdomains_done(ctx, be_req, DP_ERR_OK, EOK, NULL);`
		905b4d	`return;`
		905b4d	`}`
		905b4d
		905b4d	`--`
		905b4d	`1.9.3`
		905b4d

dpward / rpms / sssd

Source Code

Blame SOURCES/0115-views-allow-view-name-change-at-startup.patch