From 11c34233ac7385c6f2a65c5cc57dfefb1cae48cd Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Wed, 7 Jun 2017 15:07:10 +0200 Subject: [PATCH 180/181] SYSDB: Introduce _search_{users,groups}_by_timestamp() MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit These new two sysdb methods are going to be used, at least for now, uniquely and exclusively in the cleanup task. The reason for adding those is that during the cleanup task a timestamp search is done in the persistent cache, which doesn't have the updated timestamps, returning then a wrong result that ends up in having all the users being removed from the cache. The persistent cache doesn't have its entries' timestamps updated because those are kept updated in the timestamp cache, therefore these new two methods end up doing: - if the timestamp cache is present: - search for the entries solely in the timestamp cache; - get the needed attributes from these entries from the persistent cache; - otherwise: - search for the entries in the persistent cache; - merge its results with timestamp cache's results; Related: https://pagure.io/SSSD/sssd/issue/3369 Signed-off-by: Fabiano FidĂȘncio Reviewed-by: Jakub Hrozek (cherry picked from commit 41708e1e500e7cada3d3e606aa2b8b9869a5c734) --- src/db/sysdb.h | 14 +++++ src/db/sysdb_ops.c | 178 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 192 insertions(+) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 62c561be9452a284a8ddf8ebb45720265852c8b0..21d6cf4fc90a050e203e1609be5ee267a618dda9 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -1142,6 +1142,13 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx, size_t *msgs_count, struct ldb_message ***msgs); +int sysdb_search_users_by_timestamp(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *_msgs_count, + struct ldb_message ***_msgs); + int sysdb_delete_user(struct sss_domain_info *domain, const char *name, uid_t uid); @@ -1152,6 +1159,13 @@ int sysdb_search_groups(TALLOC_CTX *mem_ctx, size_t *msgs_count, struct ldb_message ***msgs); +int sysdb_search_groups_by_timestamp(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *_msgs_count, + struct ldb_message ***_msgs); + int sysdb_delete_group(struct sss_domain_info *domain, const char *name, gid_t gid); diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index ed936f0cb1a37155aabef96db1d267eb03ec0ed9..7ca6575ce75dab7805236c9f48dbf28a2f3946d2 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -374,6 +374,58 @@ enum sysdb_obj_type { SYSDB_GROUP }; +static errno_t cleanup_dn_filter(TALLOC_CTX *mem_ctx, + struct ldb_result *ts_res, + const char *object_class, + const char *filter, + char **_dn_filter) +{ + TALLOC_CTX *tmp_ctx; + char *dn_filter; + errno_t ret; + + if (ts_res->count == 0) { + *_dn_filter = NULL; + return EOK; + } + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + dn_filter = talloc_asprintf(tmp_ctx, "(&(%s)%s(|", object_class, filter); + if (dn_filter == NULL) { + ret = ENOMEM; + goto done; + } + + for (size_t i = 0; i < ts_res->count; i++) { + dn_filter = talloc_asprintf_append( + dn_filter, + "(%s=%s)", + SYSDB_DN, + ldb_dn_get_linearized(ts_res->msgs[i]->dn)); + if (dn_filter == NULL) { + ret = ENOMEM; + goto done; + } + } + + dn_filter = talloc_asprintf_append(dn_filter, "))"); + if (dn_filter == NULL) { + ret = ENOMEM; + goto done; + } + + *_dn_filter = talloc_steal(mem_ctx, dn_filter); + ret = EOK; + +done: + talloc_zfree(tmp_ctx); + return ret; +} + static int sysdb_search_by_name(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *name, @@ -3503,6 +3555,69 @@ int sysdb_search_users(TALLOC_CTX *mem_ctx, attrs); } +int sysdb_search_users_by_timestamp(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *_msgs_count, + struct ldb_message ***_msgs) +{ + TALLOC_CTX *tmp_ctx; + struct ldb_result *res; + struct ldb_result ts_res; + struct ldb_message **msgs; + size_t msgs_count; + char *dn_filter = NULL; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + ret = sysdb_search_ts_users(tmp_ctx, domain, sub_filter, NULL, &ts_res); + if (ret == ERR_NO_TS) { + ret = sysdb_cache_search_users(tmp_ctx, domain, domain->sysdb->ldb, + sub_filter, attrs, &msgs_count, &msgs); + if (ret != EOK) { + goto done; + } + + ret = sysdb_merge_msg_list_ts_attrs(domain->sysdb, msgs_count, msgs, attrs); + if (ret != EOK) { + goto done; + } + + goto immediately; + } else if (ret != EOK) { + goto done; + } + + ret = cleanup_dn_filter(tmp_ctx, &ts_res, SYSDB_UC, sub_filter, &dn_filter); + if (ret != EOK) { + goto done; + } + + ret = sysdb_search_ts_matches(tmp_ctx, domain->sysdb, attrs, + &ts_res, dn_filter, &res); + if (ret != EOK) { + goto done; + } + + msgs_count = res->count; + msgs = res->msgs; + +immediately: + *_msgs_count = msgs_count; + *_msgs = talloc_steal(mem_ctx, msgs); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + int sysdb_search_ts_users(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sub_filter, @@ -3720,6 +3835,69 @@ int sysdb_search_groups(TALLOC_CTX *mem_ctx, attrs); } +int sysdb_search_groups_by_timestamp(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *_msgs_count, + struct ldb_message ***_msgs) +{ + TALLOC_CTX *tmp_ctx; + struct ldb_result *res; + struct ldb_result ts_res; + struct ldb_message **msgs; + size_t msgs_count; + char *dn_filter = NULL; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + ret = sysdb_search_ts_groups(tmp_ctx, domain, sub_filter, NULL, &ts_res); + if (ret == ERR_NO_TS) { + ret = sysdb_cache_search_groups(tmp_ctx, domain, domain->sysdb->ldb, + sub_filter, attrs, &msgs_count, &msgs); + if (ret != EOK) { + goto done; + } + + ret = sysdb_merge_msg_list_ts_attrs(domain->sysdb, msgs_count, msgs, attrs); + if (ret != EOK) { + goto done; + } + + goto immediately; + } else if (ret != EOK) { + goto done; + } + + ret = cleanup_dn_filter(tmp_ctx, &ts_res, SYSDB_GC, sub_filter, &dn_filter); + if (ret != EOK) { + goto done; + } + + ret = sysdb_search_ts_matches(tmp_ctx, domain->sysdb, attrs, + &ts_res, dn_filter, &res); + if (ret != EOK) { + goto done; + } + + msgs_count = res->count; + msgs = res->msgs; + +immediately: + *_msgs_count = msgs_count; + *_msgs = talloc_steal(mem_ctx, msgs); + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + int sysdb_search_ts_groups(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *sub_filter, -- 2.9.4