From 7d8b28ad691335ebb679c6230b5e4818a7434bc5 Mon Sep 17 00:00:00 2001

From: Jakub Hrozek <jhrozek@redhat.com>

Date: Sat, 23 Mar 2019 22:18:18 +0100

Subject: [PATCH] SYSDB: Index the ccacheFile attribute

Related:

https://pagure.io/SSSD/sssd/issue/3968

The Kerberos ticket renewal code searches for user entries which have

the ccacheFile attribute set. Since the search can potentially traverse

all the users, it might be a good idea to index the attribute.

Reviewed-by: Alexey Tikhonov <atikhono@redhat.com>

(cherry picked from commit 96013bbb7d937d1a9e4e5c678df3034520d98f32)

---

 src/db/sysdb_init.c    |  7 ++++++

 src/db/sysdb_private.h |  5 +++-

 src/db/sysdb_upgrade.c | 52 ++++++++++++++++++++++++++++++++++++++++++

 3 files changed, 63 insertions(+), 1 deletion(-)

diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c

index 89f8c6a5b..48e21baab 100644

--- a/src/db/sysdb_init.c

+++ b/src/db/sysdb_init.c

@@ -558,6 +558,13 @@ static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx,

         }

     }

+    if (strcmp(version, SYSDB_VERSION_0_20) == 0) {

+        ret = sysdb_upgrade_20(sysdb, &version);

+        if (ret != EOK) {

+            goto done;

+        }

+    }

+

     ret = EOK;

 done:

diff --git a/src/db/sysdb_private.h b/src/db/sysdb_private.h

index c297715cd..58544d826 100644

--- a/src/db/sysdb_private.h

+++ b/src/db/sysdb_private.h

@@ -23,6 +23,7 @@

 #ifndef __INT_SYS_DB_H__

 #define __INT_SYS_DB_H__

+#define SYSDB_VERSION_0_21 "0.21"

 #define SYSDB_VERSION_0_20 "0.20"

 #define SYSDB_VERSION_0_19 "0.19"

 #define SYSDB_VERSION_0_18 "0.18"

@@ -44,7 +45,7 @@

 #define SYSDB_VERSION_0_2 "0.2"

 #define SYSDB_VERSION_0_1 "0.1"

-#define SYSDB_VERSION SYSDB_VERSION_0_20

+#define SYSDB_VERSION SYSDB_VERSION_0_21

 #define SYSDB_BASE_LDIF \

      "dn: @ATTRIBUTES\n" \

@@ -79,6 +80,7 @@

      "@IDXATTR: uniqueID\n" \

      "@IDXATTR: mail\n" \

      "@IDXATTR: userMappedCertificate\n" \

+     "@IDXATTR: ccacheFile\n" \

      "\n" \

      "dn: @MODULES\n" \

      "@LIST: asq,memberof\n" \

@@ -171,6 +173,7 @@ int sysdb_upgrade_17(struct sysdb_ctx *sysdb,

                      const char **ver);

 int sysdb_upgrade_18(struct sysdb_ctx *sysdb, const char **ver);

 int sysdb_upgrade_19(struct sysdb_ctx *sysdb, const char **ver);

+int sysdb_upgrade_20(struct sysdb_ctx *sysdb, const char **ver);

 int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver);

diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c

index 46df971e9..f6a481147 100644

--- a/src/db/sysdb_upgrade.c

+++ b/src/db/sysdb_upgrade.c

@@ -2501,6 +2501,58 @@ done:

     return ret;

 }

+int sysdb_upgrade_20(struct sysdb_ctx *sysdb, const char **ver)

+{

+    struct upgrade_ctx *ctx;

+    errno_t ret;

+    struct ldb_message *msg = NULL;

+

+    ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_VERSION_0_21, &ctx;;

+    if (ret) {

+        return ret;

+    }

+

+    /* Add missing indices */

+    msg = ldb_msg_new(ctx);

+    if (msg == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");

+    if (msg->dn == NULL) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);

+    if (ret != LDB_SUCCESS) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    ret = ldb_msg_add_string(msg, "@IDXATTR", SYSDB_CCACHE_FILE);

+    if (ret != LDB_SUCCESS) {

+        ret = ENOMEM;

+        goto done;

+    }

+

+    ret = ldb_modify(sysdb->ldb, msg);

+    if (ret != LDB_SUCCESS) {

+        ret = sysdb_error_to_errno(ret);

+        goto done;

+    }

+

+    talloc_free(msg);

+

+    /* conversion done, update version number */

+    ret = update_version(ctx);

+

+done:

+    ret = finish_upgrade(ret, &ctx, ver);

+    return ret;

+}

+

 int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver)

 {

     struct upgrade_ctx *ctx;

-- 

2.19.1