9fd0c37b6b
Resolves: RHEL-49811 - 2FA is being enforced after upgrading 2.9.1->2.9.4
209 lines
6.6 KiB
Diff
209 lines
6.6 KiB
Diff
From 09b23e78806d8930c3f1b9e411dc8cf464c18998 Mon Sep 17 00:00:00 2001
|
|
From: Alexey Tikhonov <atikhono@redhat.com>
|
|
Date: Tue, 16 Jul 2024 13:08:02 +0200
|
|
Subject: [PATCH 4/5] TS_CACHE: never try to upgrade timestamps cache
|
|
MIME-Version: 1.0
|
|
Content-Type: text/plain; charset=UTF-8
|
|
Content-Transfer-Encoding: 8bit
|
|
|
|
It's easier and more consistent to recreate it instead.
|
|
|
|
This is a natural extension of 3b67fc6488ac10ca13561d9032f59951f82203e6
|
|
|
|
Reviewed-by: Alejandro López <allopez@redhat.com>
|
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
Reviewed-by: Tomáš Halman <thalman@redhat.com>
|
|
(cherry picked from commit fc2a26c306e51b66680aef85aa0d2c41d8049a7f)
|
|
---
|
|
src/db/sysdb_init.c | 103 +----------------------------------------
|
|
src/db/sysdb_upgrade.c | 45 ------------------
|
|
2 files changed, 1 insertion(+), 147 deletions(-)
|
|
|
|
diff --git a/src/db/sysdb_init.c b/src/db/sysdb_init.c
|
|
index 38a9cd64a..a1d02d49c 100644
|
|
--- a/src/db/sysdb_init.c
|
|
+++ b/src/db/sysdb_init.c
|
|
@@ -376,57 +376,6 @@ static errno_t sysdb_cache_create_empty(struct ldb_context *ldb,
|
|
return EOK;
|
|
}
|
|
|
|
-static errno_t sysdb_ts_cache_upgrade(TALLOC_CTX *mem_ctx,
|
|
- struct sysdb_ctx *sysdb,
|
|
- struct ldb_context *ldb,
|
|
- struct sss_domain_info *domain,
|
|
- const char *cur_version,
|
|
- const char **_new_version)
|
|
-{
|
|
- errno_t ret;
|
|
- TALLOC_CTX *tmp_ctx;
|
|
- const char *version;
|
|
- struct ldb_context *save_ldb;
|
|
-
|
|
- tmp_ctx = talloc_new(NULL);
|
|
- if (tmp_ctx == NULL) {
|
|
- return ENOMEM;
|
|
- }
|
|
-
|
|
- /* The upgrade process depends on having ldb around, yet the upgrade
|
|
- * function shouldn't set the ldb pointer, only the connect function
|
|
- * should after it's successful. To avoid hard refactoring, save the
|
|
- * ldb pointer here and restore in the 'done' handler
|
|
- */
|
|
- save_ldb = sysdb->ldb;
|
|
- sysdb->ldb = ldb;
|
|
-
|
|
- version = talloc_strdup(tmp_ctx, cur_version);
|
|
- if (version == NULL) {
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- DEBUG(SSSDBG_CONF_SETTINGS,
|
|
- "Upgrading timstamp cache of DB [%s] from version: %s\n",
|
|
- domain->name, version);
|
|
-
|
|
- if (strcmp(version, SYSDB_TS_VERSION_0_1) == 0) {
|
|
- ret = sysdb_ts_upgrade_01(sysdb, &version);
|
|
- if (ret != EOK) {
|
|
- goto done;
|
|
- }
|
|
- }
|
|
-
|
|
- ret = EOK;
|
|
-
|
|
-done:
|
|
- sysdb->ldb = save_ldb;
|
|
- *_new_version = version;
|
|
- talloc_free(tmp_ctx);
|
|
- return ret;
|
|
-}
|
|
-
|
|
static errno_t sysdb_domain_cache_upgrade(TALLOC_CTX *mem_ctx,
|
|
struct sysdb_ctx *sysdb,
|
|
struct sysdb_dom_upgrade_ctx *upgrade_ctx,
|
|
@@ -884,56 +833,6 @@ static int sysdb_timestamp_cache_connect(struct sysdb_ctx *sysdb,
|
|
}
|
|
|
|
ret = sysdb_ts_cache_connect(tmp_ctx, sysdb, domain, &ldb, &version);
|
|
- switch (ret) {
|
|
- case ERR_SYSDB_VERSION_TOO_OLD:
|
|
- if (upgrade_ctx == NULL) {
|
|
- DEBUG(SSSDBG_FATAL_FAILURE,
|
|
- "DB version too old [%s], expected [%s] for domain %s!\n",
|
|
- version, SYSDB_VERSION, domain->name);
|
|
- break;
|
|
- }
|
|
-
|
|
- ret = sysdb_ts_cache_upgrade(tmp_ctx, sysdb, ldb, domain, version,
|
|
- &version);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_MINOR_FAILURE,
|
|
- "Could not upgrade the timestamp ldb file (%d) (%s)\n",
|
|
- ret, sss_strerror(ret));
|
|
- break;
|
|
- }
|
|
-
|
|
- /* The version should now match SYSDB_VERSION.
|
|
- * If not, it means we didn't match any of the
|
|
- * known older versions. The DB might be
|
|
- * corrupt or generated by a newer version of
|
|
- * SSSD.
|
|
- */
|
|
- ret = sysdb_version_check(SYSDB_TS_VERSION, version);
|
|
- if (ret == EOK) {
|
|
- /* The cache has been upgraded.
|
|
- * We need to reopen the LDB to ensure that
|
|
- * any changes made above take effect.
|
|
- */
|
|
- ret = sysdb_ldb_reconnect(tmp_ctx,
|
|
- sysdb->ldb_ts_file,
|
|
- LDB_FLG_NOSYNC,
|
|
- &ldb);
|
|
- if (ret != EOK) {
|
|
- DEBUG(SSSDBG_MINOR_FAILURE,
|
|
- "Could not reopen the timestamp ldb file (%d) (%s)\n",
|
|
- ret, sss_strerror(ret));
|
|
- }
|
|
- }
|
|
- break;
|
|
- case ERR_SYSDB_VERSION_TOO_NEW:
|
|
- DEBUG(SSSDBG_MINOR_FAILURE,
|
|
- "DB version too new [%s], expected [%s] for domain %s!\n",
|
|
- version, SYSDB_TS_VERSION, domain->name);
|
|
- break;
|
|
- default:
|
|
- break;
|
|
- }
|
|
-
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_MINOR_FAILURE,
|
|
"The timestamps cache could not be opened. "
|
|
@@ -953,7 +852,7 @@ static int sysdb_timestamp_cache_connect(struct sysdb_ctx *sysdb,
|
|
ret = sysdb_ts_cache_connect(tmp_ctx, sysdb, domain, &ldb, &version);
|
|
if (ret != EOK) {
|
|
DEBUG(SSSDBG_MINOR_FAILURE,
|
|
- "Could not delete the timestamp ldb file (%d) (%s)\n",
|
|
+ "sysdb_ts_cache_connect() failed after cache deletion [%d]: %s\n",
|
|
ret, sss_strerror(ret));
|
|
}
|
|
}
|
|
diff --git a/src/db/sysdb_upgrade.c b/src/db/sysdb_upgrade.c
|
|
index 328bd2962..37c0007cb 100644
|
|
--- a/src/db/sysdb_upgrade.c
|
|
+++ b/src/db/sysdb_upgrade.c
|
|
@@ -2774,51 +2774,6 @@ done:
|
|
return ret;
|
|
}
|
|
|
|
-int sysdb_ts_upgrade_01(struct sysdb_ctx *sysdb, const char **ver)
|
|
-{
|
|
- struct upgrade_ctx *ctx;
|
|
- errno_t ret;
|
|
- struct ldb_message *msg = NULL;
|
|
-
|
|
- ret = commence_upgrade(sysdb, sysdb->ldb, SYSDB_TS_VERSION_0_2, &ctx);
|
|
- if (ret) {
|
|
- return ret;
|
|
- }
|
|
-
|
|
- /* Remove @IDXONE from index */
|
|
- talloc_free(msg);
|
|
- msg = ldb_msg_new(ctx);
|
|
- if (msg == NULL) {
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- msg->dn = ldb_dn_new(msg, sysdb->ldb, "@INDEXLIST");
|
|
- if (msg->dn == NULL) {
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- ret = ldb_msg_add_empty(msg, "@IDXONE", LDB_FLAG_MOD_DELETE, NULL);
|
|
- if (ret != LDB_SUCCESS) {
|
|
- ret = ENOMEM;
|
|
- goto done;
|
|
- }
|
|
-
|
|
- ret = ldb_modify(sysdb->ldb, msg);
|
|
- if (ret != LDB_SUCCESS) {
|
|
- ret = sysdb_error_to_errno(ret);
|
|
- goto done;
|
|
- }
|
|
-
|
|
- /* conversion done, update version number */
|
|
- ret = update_version(ctx);
|
|
-
|
|
-done:
|
|
- ret = finish_upgrade(ret, &ctx, ver);
|
|
- return ret;
|
|
-}
|
|
-
|
|
/*
|
|
* Example template for future upgrades.
|
|
* Copy and change version numbers as appropriate.
|
|
--
|
|
2.45.2
|
|
|