a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina/*
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SSSD
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina System Database Header
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina This program is free software; you can redistribute it and/or modify
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina it under the terms of the GNU General Public License as published by
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina the Free Software Foundation; either version 3 of the License, or
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina (at your option) any later version.
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina This program is distributed in the hope that it will be useful,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina GNU General Public License for more details.
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina You should have received a copy of the GNU General Public License
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina*/
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#ifndef __SYS_DB_H__
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define __SYS_DB_H__
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#include "util/util.h"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#include "confdb/confdb.h"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#include "sss_client/sss_cli.h"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#include <tevent.h>
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define CACHE_SYSDB_FILE "cache_%s.ldb"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define CACHE_TIMESTAMPS_FILE "timestamps_%s.ldb"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define LOCAL_SYSDB_FILE "sssd.ldb"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_BASE "cn=sysdb"
bd1fa0ec90be717c3b7796d74b6f243f40178d16Sumit Bose#define SYSDB_DOM_BASE "cn=%s,cn=sysdb"
bd1fa0ec90be717c3b7796d74b6f243f40178d16Sumit Bose#define SYSDB_USERS_CONTAINER "cn=users"
bd1fa0ec90be717c3b7796d74b6f243f40178d16Sumit Bose#define SYSDB_GROUPS_CONTAINER "cn=groups"
bd1fa0ec90be717c3b7796d74b6f243f40178d16Sumit Bose#define SYSDB_CUSTOM_CONTAINER "cn=custom"
bd1fa0ec90be717c3b7796d74b6f243f40178d16Sumit Bose#define SYSDB_NETGROUP_CONTAINER "cn=Netgroups"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_RANGE_CONTAINER "cn=ranges"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VIEW_CONTAINER "cn=views"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CERTMAP_CONTAINER "cn=certmap"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_USER_BASE SYSDB_USERS_CONTAINER","SYSDB_DOM_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_GROUP_BASE SYSDB_GROUPS_CONTAINER","SYSDB_DOM_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_CUSTOM_BASE SYSDB_CUSTOM_CONTAINER","SYSDB_DOM_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_NETGROUP_BASE SYSDB_NETGROUP_CONTAINER","SYSDB_DOM_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_RANGE_BASE SYSDB_RANGE_CONTAINER","SYSDB_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_VIEW_BASE SYSDB_VIEW_CONTAINER","SYSDB_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_VIEW_SEARCH_BASE "cn=%s,"SYSDB_TMPL_VIEW_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_CERTMAP_BASE SYSDB_CERTMAP_CONTAINER","SYSDB_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_CLASS "subdomain"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USER_CLASS "user"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GROUP_CLASS "group"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NETGROUP_CLASS "netgroup"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_HOST_CLASS "host"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_HOSTGROUP_CLASS "hostgroup"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SELINUX_USERMAP_CLASS "selinuxusermap"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SELINUX_CLASS "selinux"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ID_RANGE_CLASS "idRange"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DOMAIN_ID_RANGE_CLASS "domainIDRange"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TRUSTED_AD_DOMAIN_RANGE_CLASS "TrustedADDomainRange"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CERTMAP_CLASS "certificateMappingRule"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DN "dn"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NAME "name"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NAME_ALIAS "nameAlias"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OBJECTCLASS "objectClass"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NEXTID "nextID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_UIDNUM "uidNumber"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GIDNUM "gidNumber"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CREATE_TIME "createTimestamp"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PWD "userPassword"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_FULLNAME "fullName"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_HOMEDIR "homeDirectory"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SHELL "loginShell"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_MEMBEROF "memberOf"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DISABLED "disabled"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_MEMBER "member"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_MEMBERUID "memberUid"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GHOST "ghost"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_POSIX "isPosix"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USER_CATEGORY "userCategory"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_HOST_CATEGORY "hostCategory"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GROUP_TYPE "groupType"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_EXTERNAL_MEMBER "externalMember"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GECOS "gecos"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_LAST_LOGIN "lastLogin"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_LAST_ONLINE_AUTH "lastOnlineAuth"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_LAST_FAILED_LOGIN "lastFailedLogin"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_FAILED_LOGIN_ATTEMPTS "failedLoginAttempts"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_LAST_ONLINE_AUTH_WITH_CURR_TOKEN "lastOnlineAuthWithCurrentToken"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_LAST_UPDATE "lastUpdate"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CACHE_EXPIRE "dataExpireTimestamp"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_INITGR_EXPIRE "initgrExpireTimestamp"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_IFP_CACHED "ifpCached"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_AUTHORIZED_SERVICE "authorizedService"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_AUTHORIZED_HOST "authorizedHost"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_AUTHORIZED_RHOST "authorizedRHost"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NETGROUP_TRIPLE "netgroupTriple"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_NETGROUP_MEMBER "originalMemberNisNetgroup"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_NETGROUP_EXTERNAL_HOST "originalExternalHost"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NETGROUP_DOMAIN "nisDomain"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NETGROUP_MEMBER "memberNisNetgroup"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DESCRIPTION "description"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_FQDN "fqdn"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SERVERHOSTNAME "serverHostname"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CACHEDPWD "cachedPassword"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CACHEDPWD_TYPE "cachedPasswordType"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CACHEDPWD_FA2_LEN "cachedPasswordSecondFactorLen"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_UUID "uniqueID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SID "objectSID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PRIMARY_GROUP "ADPrimaryGroupID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PRIMARY_GROUP_GIDNUM "origPrimaryGroupGidNumber"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SID_STR "objectSIDString"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PAC_BLOB "pacBlob"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PAC_BLOB_EXPIRE "pacBlobExpireTimestamp"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_UPN "userPrincipalName"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CANONICAL_UPN "canonicalUserPrincipalName"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CCACHE_FILE "ccacheFile"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_DN "originalDN"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_MEMBEROF "originalMemberOf"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_MEMBER "orig_member"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_MEMBER_USER "originalMemberUser"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ORIG_MEMBER_HOST "originalMemberHost"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USN "entryUSN"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_HIGH_USN "highestUSN"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SSH_PUBKEY "sshPublicKey"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_AUTH_TYPE "authType"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USER_CERT "userCertificate"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USER_MAPPED_CERT "userMappedCertificate"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USER_EMAIL "mail"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_REALM "realmName"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_FLAT "flatName"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_ID "domainID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_MPG "mpg"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_ENUM "enumerate"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_FOREST "memberOfForest"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SUBDOMAIN_TRUST_DIRECTION "trustDirection"
bd1fa0ec90be717c3b7796d74b6f243f40178d16Sumit Bose#define SYSDB_UPN_SUFFIXES "upnSuffixes"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SITE "site"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_BASE_ID "baseID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ID_RANGE_SIZE "idRangeSize"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_BASE_RID "baseRID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SECONDARY_BASE_RID "secondaryBaseRID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DOMAIN_ID "domainID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ID_RANGE_TYPE "idRangeType"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CERTMAP_PRIORITY "priority"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CERTMAP_MATCHING_RULE "matchingRule"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CERTMAP_MAPPING_RULE "mappingRule"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CERTMAP_DOMAINS "domains"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_CERTMAP_USER_NAME_HINT "userNameHint"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define ORIGINALAD_PREFIX "originalAD"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define OVERRIDE_PREFIX "override"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DEFAULT_OVERRIDE_NAME "defaultOverrideName"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_AD_ACCOUNT_EXPIRES "adAccountExpires"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_AD_USER_ACCOUNT_CONTROL "adUserAccountControl"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DEFAULT_VIEW_NAME "default"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_LOCAL_VIEW_NAME "LOCAL" /* reserved for client-side overrides */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VIEW_CLASS "view"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VIEW_NAME "viewName"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OVERRIDE_CLASS "overrride"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OVERRIDE_ANCHOR_UUID "overrideAnchorUUID"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OVERRIDE_USER_CLASS "userOverride"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OVERRIDE_GROUP_CLASS "groupOverride"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OVERRIDE_DN "overrideDN"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OVERRIDE_OBJECT_DN "overrideObjectDN"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USE_DOMAIN_RESOLUTION_ORDER "useDomainResolutionOrder"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DOMAIN_RESOLUTION_ORDER "domainResolutionOrder"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SESSION_RECORDING "sessionRecording"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_OBJECTCATEGORY "objectCategory"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_UC SYSDB_OBJECTCATEGORY"="SYSDB_USER_CLASS
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GC SYSDB_OBJECTCATEGORY"="SYSDB_GROUP_CLASS
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NC SYSDB_OBJECTCLASS"="SYSDB_NETGROUP_CLASS
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_MPGC "|("SYSDB_UC")("SYSDB_GC")"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PWUPN_FILTER "(&("SYSDB_UC")(|("SYSDB_UPN"=%s)("SYSDB_CANONICAL_UPN"=%s)("SYSDB_USER_EMAIL"=%s)))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PWENT_FILTER "("SYSDB_UC")"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose#define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GRENT_FILTER "("SYSDB_GC")"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NETGR_FILTER "(&("SYSDB_NC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_SID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_SID_STR"=%s))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_UUID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_UUID"=%s))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_NAME_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_ID_FILTER "(|(&("SYSDB_UC")("SYSDB_UIDNUM"=%u))(&("SYSDB_GC")("SYSDB_GIDNUM"=%u)))"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_USER_CERT_FILTER "(&("SYSDB_UC")%s)"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_HAS_ENUMERATED "has_enumerated"
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_DEFAULT_ATTRS SYSDB_LAST_UPDATE, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_CACHE_EXPIRE, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_INITGR_EXPIRE, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_OBJECTCLASS, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_OBJECTCATEGORY
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_PW_ATTRS {SYSDB_NAME, SYSDB_UIDNUM, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_GIDNUM, SYSDB_GECOS, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_HOMEDIR, SYSDB_SHELL, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_DEFAULT_ATTRS, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_PRIMARY_GROUP_GIDNUM, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_SID_STR, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_UPN, \
bd1fa0ec90be717c3b7796d74b6f243f40178d16Sumit Bose SYSDB_USER_CERT, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_USER_EMAIL, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_OVERRIDE_DN, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_OVERRIDE_OBJECT_DN, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_DEFAULT_OVERRIDE_NAME, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_SESSION_RECORDING, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_UUID, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_ORIG_DN, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose NULL}
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose#define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_MEMBERUID, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_MEMBER, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_GHOST, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_DEFAULT_ATTRS, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_SID_STR, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_OVERRIDE_DN, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_OVERRIDE_OBJECT_DN, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_DEFAULT_OVERRIDE_NAME, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_UUID, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose NULL}
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose#define SYSDB_NETGR_ATTRS {SYSDB_NAME, SYSDB_NETGROUP_TRIPLE, \
1b5d6b1afc9c3dc696b7b45f2d73b2634f42800aSumit Bose SYSDB_NETGROUP_MEMBER, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_DEFAULT_ATTRS, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina NULL}
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_INITGR_ATTR SYSDB_MEMBEROF
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_INITGR_ATTRS {SYSDB_GIDNUM, SYSDB_POSIX, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_DEFAULT_ATTRS, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_ORIG_DN, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_SID_STR, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_NAME, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_OVERRIDE_DN, \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina NULL}
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_USER SYSDB_NAME"=%s,"SYSDB_TMPL_USER_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_GROUP SYSDB_NAME"=%s,"SYSDB_TMPL_GROUP_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_NETGROUP SYSDB_NAME"=%s,"SYSDB_TMPL_NETGROUP_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_CUSTOM_SUBTREE "cn=%s,"SYSDB_TMPL_CUSTOM_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_CUSTOM SYSDB_NAME"=%s,cn=%s,"SYSDB_TMPL_CUSTOM_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_RANGE SYSDB_NAME"=%s,"SYSDB_TMPL_RANGE_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_OVERRIDE SYSDB_OVERRIDE_ANCHOR_UUID"=%s,"SYSDB_TMPL_VIEW_SEARCH_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_TMPL_CERTMAP SYSDB_NAME"=%s,"SYSDB_TMPL_CERTMAP_BASE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_MOD_ADD LDB_FLAG_MOD_ADD
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_MOD_DEL LDB_FLAG_MOD_DELETE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_MOD_REP LDB_FLAG_MOD_REPLACE
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina/* sysdb version check macros */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VERSION_ERROR_HINT \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ERROR("Removing cache files in "DB_PATH" should fix the issue, " \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina "but note that removing cache files will also remove all of your " \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina "cached credentials.\n")
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VERSION_LOWER_ERROR(ret) do { \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina if (ret == ERR_SYSDB_VERSION_TOO_NEW) { \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ERROR("Lower version of database is expected!\n"); \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_VERSION_ERROR_HINT; \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina } \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina} while(0)
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VERSION_HIGHER_ERROR(ret) do { \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina if (ret == ERR_SYSDB_VERSION_TOO_OLD) { \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ERROR("Higher version of database is expected!\n"); \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina ERROR("In order to upgrade the database, you must run SSSD.\n"); \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_VERSION_ERROR_HINT; \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina } \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina} while(0)
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina/* use this in daemons */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VERSION_ERROR_DAEMON(ret) \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_VERSION_LOWER_ERROR(ret)
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina/* use this in tools */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina#define SYSDB_VERSION_ERROR(ret) \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_VERSION_LOWER_ERROR(ret); \
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_VERSION_HIGHER_ERROR(ret)
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinastruct confdb_ctx;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinastruct sysdb_ctx;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinastruct sysdb_attrs {
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina int num;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina struct ldb_message_element *a;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina};
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina/* sysdb_attrs helper functions */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinastruct sysdb_attrs *sysdb_new_attrs(TALLOC_CTX *mem_ctx);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinastruct range_info {
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina char *name;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina uint32_t base_id;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina uint32_t id_range_size;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina uint32_t base_rid;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina uint32_t secondary_base_rid;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina char *trusted_dom_sid;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina char *range_type;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina};
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinastruct certmap_info {
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina char *name;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina uint32_t priority;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina char *match_rule;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina char *map_rule;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina const char **domains;
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina};
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinaenum sysdb_member_type {
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_MEMBER_USER,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_MEMBER_GROUP,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_MEMBER_NETGROUP,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina SYSDB_MEMBER_SERVICE,
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina};
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina/* These attributes are stored in the timestamp cache */
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březinaextern const char *sysdb_ts_cache_attrs[];
/* values are copied in the structure, allocated on "attrs" */
int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
const char *name, const struct ldb_val *val);
int sysdb_attrs_add_val_safe(struct sysdb_attrs *attrs,
const char *name, const struct ldb_val *val);
int sysdb_attrs_add_string_safe(struct sysdb_attrs *attrs,
const char *name, const char *str);
int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
const char *name, const char *str);
int sysdb_attrs_add_lower_case_string(struct sysdb_attrs *attrs, bool safe,
const char *name, const char *str);
int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name,
const void *mem, size_t size);
int sysdb_attrs_add_base64_blob(struct sysdb_attrs *attrs, const char *name,
const char *base64_str);
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
const char *name, bool value);
int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
const char *name, long value);
int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs,
const char *name, uint32_t value);
int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs,
const char *name, time_t value);
int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs,
const char *value);
int sysdb_attrs_add_lc_name_alias_safe(struct sysdb_attrs *attrs,
const char *value);
int sysdb_attrs_copy_values(struct sysdb_attrs *src,
struct sysdb_attrs *dst,
const char *name);
errno_t sysdb_attrs_copy(struct sysdb_attrs *src, struct sysdb_attrs *dst);
int sysdb_attrs_get_el(struct sysdb_attrs *attrs, const char *name,
struct ldb_message_element **el);
int sysdb_attrs_get_el_ext(struct sysdb_attrs *attrs, const char *name,
bool alloc, struct ldb_message_element **el);
int sysdb_attrs_steal_string(struct sysdb_attrs *attrs,
const char *name, char *str);
int sysdb_attrs_get_string(struct sysdb_attrs *attrs, const char *name,
const char **string);
const char **sss_ldb_el_to_string_list(TALLOC_CTX *mem_ctx,
struct ldb_message_element *el);
int sysdb_attrs_get_string_array(struct sysdb_attrs *attrs, const char *name,
TALLOC_CTX *mem_ctx, const char ***string);
errno_t sysdb_attrs_get_bool(struct sysdb_attrs *attrs, const char *name,
bool *value);
int sysdb_attrs_get_uint16_t(struct sysdb_attrs *attrs, const char *name,
uint16_t *value);
int sysdb_attrs_get_int32_t(struct sysdb_attrs *attrs, const char *name,
int32_t *value);
int sysdb_attrs_get_uint32_t(struct sysdb_attrs *attrs, const char *name,
uint32_t *value);
int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname,
const char *newname);
int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs,
const char *attr_name,
const char *domain,
const char *const *list);
errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
struct sysdb_attrs *attrs,
const char *ldap_attr,
const char **_primary);
errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *attrs,
const char *primary,
bool lowercase,
const char ***_aliases);
errno_t sysdb_attrs_primary_name_list(struct sss_domain_info *domain,
TALLOC_CTX *mem_ctx,
struct sysdb_attrs **attr_list,
size_t attr_count,
const char *ldap_attr,
char ***name_list);
errno_t sysdb_attrs_primary_fqdn_list(struct sss_domain_info *domain,
TALLOC_CTX *mem_ctx,
struct sysdb_attrs **attr_list,
size_t attr_count,
const char *ldap_attr,
char ***name_list);
errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name_or_upn,
const char **_cname);
errno_t sysdb_msg2attrs(TALLOC_CTX *mem_ctx, size_t count,
struct ldb_message **msgs,
struct sysdb_attrs ***attrs);
int sysdb_compare_usn(const char *a, const char *b);
errno_t sysdb_get_highest_usn(TALLOC_CTX *mem_ctx,
struct sysdb_attrs **attrs,
size_t num_attrs,
char **_usn);
/* convert an ldb error into an errno error */
int sysdb_error_to_errno(int ldberr);
/* DNs related helper functions */
errno_t sysdb_get_rdn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx,
const char *dn, char **_name, char **_val);
struct ldb_dn *sysdb_user_dn(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
const char *name);
struct ldb_dn *sysdb_user_base_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom);
struct ldb_dn *sysdb_group_dn(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
const char *name);
struct ldb_dn *sysdb_group_base_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom);
struct ldb_dn *sysdb_netgroup_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom, const char *name);
struct ldb_dn *sysdb_netgroup_base_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom);
errno_t sysdb_group_dn_name(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx,
const char *dn_str, char **name);
struct ldb_dn *sysdb_domain_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom);
struct ldb_dn *sysdb_base_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx);
struct ldb_dn *sysdb_custom_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
const char *object_name,
const char *subtree_name);
struct ldb_dn *sysdb_custom_subtree_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
const char *subtree_name);
char *sysdb_user_strdn(TALLOC_CTX *mem_ctx,
const char *domain, const char *name);
char *sysdb_group_strdn(TALLOC_CTX *mem_ctx,
const char *domain, const char *name);
struct ldb_context *sysdb_ctx_get_ldb(struct sysdb_ctx *sysdb);
int compare_ldb_dn_comp_num(const void *m1, const void *m2);
/* functions to start and finish transactions */
int sysdb_transaction_start(struct sysdb_ctx *sysdb);
int sysdb_transaction_commit(struct sysdb_ctx *sysdb);
int sysdb_transaction_cancel(struct sysdb_ctx *sysdb);
/* functions related to subdomains */
errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name);
errno_t sysdb_domain_get_domain_resolution_order(
TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
const char *domain_name,
const char **_domain_resolution_order);
errno_t sysdb_domain_update_domain_resolution_order(
struct sysdb_ctx *sysdb,
const char *domain_name,
const char *domain_resolution_order);
errno_t
sysdb_get_site(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
const char **_site);
errno_t
sysdb_set_site(struct sss_domain_info *dom,
const char *site);
errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
const char *flat_name, const char *domain_id,
bool mpg, bool enumerate, const char *forest,
uint32_t trust_direction,
struct ldb_message_element *upn_suffixes);
errno_t sysdb_update_subdomains(struct sss_domain_info *domain,
struct confdb_ctx *confdb);
errno_t sysdb_master_domain_update(struct sss_domain_info *domain);
errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
const char *realm,
const char *flat,
const char *id,
const char *forest,
struct ldb_message_element *alt_dom_suf);
errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
size_t *range_count,
struct range_info ***range_list);
errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range);
errno_t sysdb_update_ranges(struct sysdb_ctx *sysdb,
struct range_info **ranges);
errno_t sysdb_update_view_name(struct sysdb_ctx *sysdb, const char *view_name);
errno_t sysdb_get_view_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
char **view_name);
errno_t sysdb_update_view_domain_resolution_order(
struct sysdb_ctx *sysdb,
const char *domain_resolution_order);
errno_t sysdb_get_view_domain_resolution_order(
TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
const char **_domain_resolution_order);
static inline bool is_default_view(const char *view_name)
{
/* NULL is treated as default */
if (view_name == NULL
|| strcmp(view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {
return true;
} else {
return false;
}
}
static inline bool is_local_view(const char *view_name)
{
/* NULL is treated as default */
if (view_name != NULL
&& strcmp(view_name, SYSDB_LOCAL_VIEW_NAME) == 0) {
return true;
} else {
return false;
}
}
errno_t sysdb_delete_view_tree(struct sysdb_ctx *sysdb, const char *view_name);
errno_t sysdb_invalidate_overrides(struct sysdb_ctx *sysdb);
errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
struct sysdb_attrs *override_attrs,
struct ldb_dn *obj_dn);
errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
enum sysdb_member_type type,
const char *member_dn,
const char **attrs,
size_t *msgs_counts,
struct ldb_message ***msgs);
#define sysdb_search_users_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \
sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_USER, member_dn, attrs, msgs_counts, msgs);
#define sysdb_search_groups_by_orig_dn(mem_ctx, domain, member_dn, attrs, msgs_counts, msgs) \
sysdb_search_by_orig_dn(mem_ctx, domain, SYSDB_MEMBER_GROUP, member_dn, attrs, msgs_counts, msgs);
errno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_result **override_obj,
struct ldb_result **orig_obj);
errno_t sysdb_search_group_override_attrs_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_result **override_obj,
struct ldb_result **orig_obj);
errno_t sysdb_search_user_override_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **override_obj,
struct ldb_result **orig_obj);
errno_t sysdb_search_group_override_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **override_obj,
struct ldb_result **orig_obj);
errno_t sysdb_search_user_override_by_uid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
uid_t uid,
struct ldb_result **override_obj,
struct ldb_result **orig_obj);
errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
gid_t gid,
struct ldb_result **override_obj,
struct ldb_result **orig_obj);
errno_t sysdb_search_override_by_cert(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *cert,
const char **attrs,
struct ldb_result **override_obj,
struct ldb_result **orig_obj);
errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
struct ldb_message *obj,
struct ldb_message *override_obj,
const char **req_attrs);
errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
struct ldb_message *obj,
bool expect_override_dn);
errno_t sysdb_getpwnam_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
uid_t uid,
struct ldb_result **res);
int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
gid_t gid,
struct ldb_result **res);
struct ldb_message_element *
sss_view_ldb_msg_find_element(struct sss_domain_info *dom,
const struct ldb_message *msg,
const char *attr_name);
const char *sss_view_ldb_msg_find_attr_as_string(struct sss_domain_info *dom,
const struct ldb_message *msg,
const char *attr_name,
const char * default_value);
uint64_t sss_view_ldb_msg_find_attr_as_uint64(struct sss_domain_info *dom,
const struct ldb_message *msg,
const char *attr_name,
uint64_t default_value);
errno_t sysdb_update_certmap(struct sysdb_ctx *sysdb,
struct certmap_info **certmaps,
bool user_name_hint);
errno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
struct certmap_info ***certmaps,
bool *user_name_hint);
/* Sysdb initialization.
* call this function *only* once to initialize the database and get
* the sysdb ctx */
int sysdb_init(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domains);
/* Same as sysdb_init, but additionally allows to change
* file ownership of the sysdb databases and allow the
* upgrade via passing a context. */
struct sysdb_upgrade_ctx {
struct confdb_ctx *cdb;
};
int sysdb_init_ext(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domains,
struct sysdb_upgrade_ctx *upgrade_ctx,
bool chown_dbfile,
uid_t uid, gid_t gid);
/* used to initialize only one domain database.
* Do NOT use if sysdb_init has already been called */
int sysdb_domain_init(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *db_path,
struct sysdb_ctx **_ctx);
/* functions to retrieve information from sysdb
* These functions automatically starts an operation
* therefore they cannot be called within a transaction */
int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
int sysdb_getpwuid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
uid_t uid,
struct ldb_result **res);
int sysdb_getpwupn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
bool domain_scope,
const char *upn,
struct ldb_result **res);
int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_result **res);
int sysdb_enumpwent_filter(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name_filter,
const char *addtl_filter,
struct ldb_result **res);
int sysdb_enumpwent_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_result **res);
int sysdb_enumpwent_filter_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name_filter,
const char *addtl_filter,
struct ldb_result **res);
int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
int sysdb_getgrgid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
gid_t gid,
struct ldb_result **res);
int sysdb_enumgrent(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_result **res);
int sysdb_enumgrent_filter(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name_filter,
const char *addtl_filter,
struct ldb_result **res);
int sysdb_enumgrent_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_result **res);
int sysdb_enumgrent_filter_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name_filter,
const char *addtl_filter,
struct ldb_result **res);
struct sysdb_netgroup_ctx {
enum {SYSDB_NETGROUP_TRIPLE_VAL, SYSDB_NETGROUP_GROUP_VAL} type;
union {
struct {
char *hostname;
char *username;
char *domainname;
} triple;
char *groupname;
} value;
};
errno_t sysdb_getnetgr(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *netgroup,
struct ldb_result **res);
int sysdb_initgroups(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
int sysdb_initgroups_by_upn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *upn,
struct ldb_result **res);
int sysdb_initgroups_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
int sysdb_get_user_attr(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attributes,
struct ldb_result **res);
int sysdb_get_user_attr_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attributes,
struct ldb_result **res);
int sysdb_search_user_by_cert_with_views(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *cert,
struct ldb_result **res);
int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *netgrname,
const char **attributes,
struct ldb_result **res);
/* functions that modify the database
* they have to be called within a transaction
* See sysdb_transaction_send()/_recv() */
/* Permissive modify */
int sss_ldb_modify_permissive(struct ldb_context *ldb,
struct ldb_message *msg);
/* Delete Entry */
int sysdb_delete_entry(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found);
int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
bool ignore_not_found);
/* Mark entry as expired */
errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom,
struct ldb_dn *ldbdn);
errno_t sysdb_mark_entry_as_expired_ldb_val(struct sss_domain_info *dom,
struct ldb_val *dn_val);
/* Search Entry */
int sysdb_search_entry(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct ldb_dn *base_dn,
enum ldb_scope scope,
const char *filter,
const char **attrs,
size_t *_msgs_count,
struct ldb_message ***_msgs);
#define SSS_LDB_SEARCH(ret, ldb, mem_ctx, _result, base, scope, attrs, \
exp_fmt, ...) do { \
int _sls_lret; \
\
_sls_lret = ldb_search(ldb, mem_ctx, _result, base, scope, attrs, \
exp_fmt, ##__VA_ARGS__); \
ret = sysdb_error_to_errno(_sls_lret); \
if (ret == EOK && (*_result)->count == 0) { \
ret = ENOENT; \
} \
} while(0)
/* Search User (by uid, sid or name) */
int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg);
int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
uid_t uid,
const char **attrs,
struct ldb_message **msg);
int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sid_str,
const char **attrs,
struct ldb_message **msg);
int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
bool domain_scope,
const char *upn,
const char **attrs,
struct ldb_result **out_res);
int sysdb_search_user_by_upn(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
bool domain_scope,
const char *sid_str,
const char **attrs,
struct ldb_message **msg);
/* Search Group (by gid, sid or name) */
int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg);
int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
gid_t gid,
const char **attrs,
struct ldb_message **msg);
int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sid_str,
const char **attrs,
struct ldb_message **msg);
/* Search Netgroup (by name) */
int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg);
/* Replace entry attrs */
int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
struct ldb_dn *entry_dn,
struct sysdb_attrs *attrs,
int mod_op);
/* User/group invalidation of cache by direct writing to persistent cache
* WARNING: This function can cause performance issue!!
* is_user = true --> user invalidation
* is_user = false --> group invalidation
*/
int sysdb_invalidate_cache_entry(struct sss_domain_info *domain,
const char *name,
bool is_user);
/* Replace user attrs */
int sysdb_set_user_attr(struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
/* Replace group attrs */
int sysdb_set_group_attr(struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
/* Replace netgroup attrs */
int sysdb_set_netgroup_attr(struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
/* Allocate a new id */
int sysdb_get_new_id(struct sss_domain_info *domain,
uint32_t *id);
/* Add user (only basic attrs and w/o checks) */
int sysdb_add_basic_user(struct sss_domain_info *domain,
const char *name,
uid_t uid, gid_t gid,
const char *gecos,
const char *homedir,
const char *shell);
/* Add user (all checks) */
int sysdb_add_user(struct sss_domain_info *domain,
const char *name,
uid_t uid, gid_t gid,
const char *gecos,
const char *homedir,
const char *shell,
const char *orig_dn,
struct sysdb_attrs *attrs,
int cache_timeout,
time_t now);
/* Add group (only basic attrs and w/o checks) */
int sysdb_add_basic_group(struct sss_domain_info *domain,
const char *name, gid_t gid);
/* Add group (all checks) */
int sysdb_add_group(struct sss_domain_info *domain,
const char *name, gid_t gid,
struct sysdb_attrs *attrs,
int cache_timeout,
time_t now);
int sysdb_add_incomplete_group(struct sss_domain_info *domain,
const char *name,
gid_t gid,
const char *original_dn,
const char *sid_str,
const char *uuid,
bool posix,
time_t now);
/* Add netgroup (only basic attrs and w/o checks) */
int sysdb_add_basic_netgroup(struct sss_domain_info *domain,
const char *name, const char *description);
int sysdb_add_netgroup(struct sss_domain_info *domain,
const char *name,
const char *description,
struct sysdb_attrs *attrs,
char **missing,
int cache_timeout,
time_t now);
/* mod_op must be either LDB_FLAG_MOD_ADD or LDB_FLAG_MOD_DELETE */
int sysdb_mod_group_member(struct sss_domain_info *domain,
struct ldb_dn *member_dn,
struct ldb_dn *group_dn,
int mod_op);
int sysdb_store_user(struct sss_domain_info *domain,
const char *name,
const char *pwd,
uid_t uid, gid_t gid,
const char *gecos,
const char *homedir,
const char *shell,
const char *orig_dn,
struct sysdb_attrs *attrs,
char **remove_attrs,
uint64_t cache_timeout,
time_t now);
int sysdb_store_group(struct sss_domain_info *domain,
const char *name,
gid_t gid,
struct sysdb_attrs *attrs,
uint64_t cache_timeout,
time_t now);
int sysdb_add_group_member(struct sss_domain_info *domain,
const char *group,
const char *member,
enum sysdb_member_type type,
bool is_dn);
int sysdb_remove_group_member(struct sss_domain_info *domain,
const char *group,
const char *member,
enum sysdb_member_type type,
bool is_dn);
errno_t sysdb_update_members(struct sss_domain_info *domain,
const char *member,
enum sysdb_member_type type,
const char *const *add_groups,
const char *const *del_groups);
errno_t sysdb_update_members_dn(struct sss_domain_info *member_domain,
const char *member,
enum sysdb_member_type type,
const char *const *add_groups,
const char *const *del_groups);
errno_t sysdb_store_override(struct sss_domain_info *domain,
const char *view_name,
enum sysdb_member_type type,
struct sysdb_attrs *attrs, struct ldb_dn *obj_dn);
/* Password caching function.
* If you are in a transaction ignore sysdb and pass in the handle.
* If you are not in a transaction pass NULL in handle and provide sysdb,
* in this case a transaction will be automatically started and the
* function will be completely wrapped in it's own sysdb transaction */
int sysdb_cache_password(struct sss_domain_info *domain,
const char *username,
const char *password);
int sysdb_cache_password_ex(struct sss_domain_info *domain,
const char *username,
const char *password,
enum sss_authtok_type authtok_type,
size_t second_factor_size);
errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
struct ldb_message *ldb_msg,
uint32_t *failed_login_attempts,
time_t *delayed_until);
int sysdb_cache_auth(struct sss_domain_info *domain,
const char *name,
const char *password,
struct confdb_ctx *cdb,
bool just_check,
time_t *_expire_date,
time_t *_delayed_until);
int sysdb_store_custom(struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
struct sysdb_attrs *attrs);
int sysdb_search_custom(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *filter,
const char *subtree_name,
const char **attrs,
size_t *msgs_count,
struct ldb_message ***msgs);
int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
const char **attrs,
size_t *_count,
struct ldb_message ***_msgs);
int sysdb_delete_custom(struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name);
int sysdb_asq_search(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_dn *base_dn,
const char *expression,
const char *asq_attribute,
const char **attrs,
size_t *msgs_count,
struct ldb_message ***msgs);
int sysdb_search_users(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs,
size_t *msgs_count,
struct ldb_message ***msgs);
int sysdb_search_users_by_timestamp(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs,
size_t *_msgs_count,
struct ldb_message ***_msgs);
int sysdb_delete_user(struct sss_domain_info *domain,
const char *name, uid_t uid);
int sysdb_search_groups(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs,
size_t *msgs_count,
struct ldb_message ***msgs);
int sysdb_search_groups_by_timestamp(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs,
size_t *_msgs_count,
struct ldb_message ***_msgs);
int sysdb_delete_group(struct sss_domain_info *domain,
const char *name, gid_t gid);
int sysdb_search_netgroups(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs,
size_t *msgs_count,
struct ldb_message ***msgs);
int sysdb_delete_netgroup(struct sss_domain_info *domain,
const char *name);
int sysdb_delete_by_sid(struct sysdb_ctx *sysdb,
struct sss_domain_info *domain,
const char *sid_str);
errno_t sysdb_attrs_to_list(TALLOC_CTX *mem_ctx,
struct sysdb_attrs **attrs,
int attr_count,
const char *attr_name,
char ***_list);
errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx,
struct ldb_result *res,
struct sysdb_netgroup_ctx ***entries,
size_t *netgroup_count);
errno_t sysdb_dn_sanitize(TALLOC_CTX *mem_ctx, const char *input,
char **sanitized);
errno_t sysdb_get_bool(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
const char *attr_name,
bool *value);
errno_t sysdb_set_bool(struct sysdb_ctx *sysdb,
struct ldb_dn *dn,
const char *cn_value,
const char *attr_name,
bool value);
errno_t sysdb_has_enumerated(struct sss_domain_info *domain,
bool *has_enumerated);
errno_t sysdb_set_enumerated(struct sss_domain_info *domain,
bool enumerated);
errno_t sysdb_remove_attrs(struct sss_domain_info *domain,
const char *name,
enum sysdb_member_type type,
char **remove_attrs);
/**
* @brief Return direct parents of an object in the cache
*
* @param[in] mem_ctx Memory context the result should be allocated
* on
* @param[in] dom domain the object is in
* @param[in] parent_dom domain which should be searched for direct
* parents if NULL all domains in the given cache
* are searched
* @param[in] mtype Type of the object, SYSDB_MEMBER_USER or
* SYSDB_MEMBER_GROUP
* @param[in] name Name of the object
* @param[out] _direct_parents List of names of the direct parent groups
*
*
* @return
* - EOK: success
* - EINVAL: wrong mtype
* - ENOMEM: Memory allocation failed
*/
errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
struct sss_domain_info *parent_dom,
enum sysdb_member_type mtype,
const char *name,
char ***_direct_parents);
/* === Functions related to ID-mapping === */
#define SYSDB_IDMAP_CONTAINER "cn=id_mappings"
#define SYSDB_IDMAP_SUBTREE "idmap"
#define SYSDB_IDMAP_MAPPING_OC "id_mapping"
#define SYSDB_IDMAP_FILTER "(objectClass="SYSDB_IDMAP_MAPPING_OC")"
#define SYSDB_IDMAP_SID_ATTR "objectSID"
#define SYSDB_IDMAP_SLICE_ATTR "slice"
#define SYSDB_IDMAP_ATTRS { \
SYSDB_NAME, \
SYSDB_IDMAP_SID_ATTR, \
SYSDB_IDMAP_SLICE_ATTR, \
NULL }
#define SYSDB_TMPL_IDMAP_BASE SYSDB_IDMAP_CONTAINER",cn=%s,"SYSDB_BASE
#define SYSDB_TMPL_IDMAP SYSDB_IDMAP_SID_ATTR"=%s,"SYSDB_TMPL_IDMAP_BASE
errno_t sysdb_idmap_store_mapping(struct sss_domain_info *domain,
const char *dom_name,
const char *dom_sid,
id_t slice_num);
errno_t sysdb_idmap_get_mappings(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_result **_result);
errno_t sysdb_search_object_by_id(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
uint32_t id,
const char **attrs,
struct ldb_result **res);
errno_t sysdb_search_object_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_result **res);
errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *sid_str,
const char **attrs,
struct ldb_result **res);
errno_t sysdb_search_object_by_uuid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *uuid_str,
const char **attrs,
struct ldb_result **res);
errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *cert,
const char **attrs,
struct ldb_result **res);
errno_t sysdb_search_user_by_cert(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *cert,
struct ldb_result **res);
errno_t sysdb_remove_cert(struct sss_domain_info *domain,
const char *cert);
errno_t sysdb_remove_mapped_data(struct sss_domain_info *domain,
struct sysdb_attrs *mapped_attr);
/* === Functions related to GPOs === */
#define SYSDB_GPO_CONTAINER "cn=gpos,cn=ad,cn=custom"
/* === Functions related to GPO entries === */
#define SYSDB_GPO_OC "gpo"
#define SYSDB_GPO_FILTER "(objectClass="SYSDB_GPO_OC")"
#define SYSDB_GPO_GUID_FILTER "(&(objectClass="SYSDB_GPO_OC")("SYSDB_GPO_GUID_ATTR"=%s))"
#define SYSDB_GPO_GUID_ATTR "gpoGUID"
#define SYSDB_GPO_VERSION_ATTR "gpoVersion"
#define SYSDB_GPO_TIMEOUT_ATTR "gpoPolicyFileTimeout"
#define SYSDB_TMPL_GPO_BASE SYSDB_GPO_CONTAINER","SYSDB_DOM_BASE
#define SYSDB_TMPL_GPO SYSDB_GPO_GUID_ATTR"=%s,"SYSDB_TMPL_GPO_BASE
#define SYSDB_GPO_ATTRS { \
SYSDB_NAME, \
SYSDB_GPO_GUID_ATTR, \
SYSDB_GPO_VERSION_ATTR, \
SYSDB_GPO_TIMEOUT_ATTR, \
NULL }
errno_t sysdb_gpo_store_gpo(struct sss_domain_info *domain,
const char *gpo_guid,
int gpo_version,
int cache_timeout,
time_t now);
errno_t sysdb_gpo_get_gpo_by_guid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *gpo_guid,
struct ldb_result **_result);
errno_t sysdb_gpo_get_gpos(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
struct ldb_result **_result);
/* === Functions related to GPO Result object === */
#define SYSDB_GPO_RESULT_OC "gpo_result"
#define SYSDB_GPO_RESULT_FILTER "(objectClass="SYSDB_GPO_RESULT_OC")"
#define SYSDB_TMPL_GPO_RESULT_BASE SYSDB_GPO_CONTAINER","SYSDB_DOM_BASE
#define SYSDB_TMPL_GPO_RESULT "cn=%s,"SYSDB_TMPL_GPO_RESULT_BASE
errno_t sysdb_gpo_delete_gpo_result_object(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain);
errno_t sysdb_gpo_store_gpo_result_setting(struct sss_domain_info *domain,
const char *policy_setting_key,
const char *policy_setting_value);
errno_t sysdb_gpo_get_gpo_result_setting(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *policy_setting_key,
const char **policy_setting_value);
errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
const char *group_name,
const char ***_sids,
const char ***_dns,
size_t *_n);
errno_t sysdb_get_user_members_recursively(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
struct ldb_dn *group_dn,
struct ldb_result **members);
errno_t sysdb_handle_original_uuid(const char *orig_name,
struct sysdb_attrs *src_attrs,
const char *src_name,
struct sysdb_attrs *dest_attrs,
const char *dest_name);
#endif /* __SYS_DB_H__ */