sysdb.h revision 363ce75bfe2f73198e1ae7feeed97b6009ae24b8
/*
SSSD
System Database Header
Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __SYS_DB_H__
#define __SYS_DB_H__
#include <tevent.h>
#define CACHE_SYSDB_FILE "cache_%s.ldb"
#define LOCAL_SYSDB_FILE "sssd.ldb"
#define SYSDB_BASE "cn=sysdb"
#define SYSDB_DOM_BASE "cn=%s,cn=sysdb"
#define SYSDB_USERS_CONTAINER "cn=users"
#define SYSDB_GROUPS_CONTAINER "cn=groups"
#define SYSDB_CUSTOM_CONTAINER "cn=custom"
#define SYSDB_NETGROUP_CONTAINER "cn=Netgroups"
#define SYSDB_RANGE_CONTAINER "cn=ranges"
#define SYSDB_SUBDOMAIN_CLASS "subdomain"
#define SYSDB_USER_CLASS "user"
#define SYSDB_GROUP_CLASS "group"
#define SYSDB_NETGROUP_CLASS "netgroup"
#define SYSDB_HOST_CLASS "host"
#define SYSDB_HOSTGROUP_CLASS "hostgroup"
#define SYSDB_SELINUX_USERMAP_CLASS "selinuxusermap"
#define SYSDB_SELINUX_CLASS "selinux"
#define SYSDB_ID_RANGE_CLASS "idRange"
#define SYSDB_DOMAIN_ID_RANGE_CLASS "domainIDRange"
#define SYSDB_TRUSTED_AD_DOMAIN_RANGE_CLASS "TrustedADDomainRange"
#define SYSDB_NAME "name"
#define SYSDB_NAME_ALIAS "nameAlias"
#define SYSDB_OBJECTCLASS "objectClass"
#define SYSDB_NEXTID "nextID"
#define SYSDB_UIDNUM "uidNumber"
#define SYSDB_GIDNUM "gidNumber"
#define SYSDB_CREATE_TIME "createTimestamp"
#define SYSDB_PWD "userPassword"
#define SYSDB_FULLNAME "fullName"
#define SYSDB_HOMEDIR "homeDirectory"
#define SYSDB_SHELL "loginShell"
#define SYSDB_MEMBEROF "memberOf"
#define SYSDB_DISABLED "disabled"
#define SYSDB_MEMBER "member"
#define SYSDB_MEMBERUID "memberUid"
#define SYSDB_GHOST "ghost"
#define SYSDB_POSIX "isPosix"
#define SYSDB_USER_CATEGORY "userCategory"
#define SYSDB_HOST_CATEGORY "hostCategory"
#define SYSDB_GECOS "gecos"
#define SYSDB_LAST_LOGIN "lastLogin"
#define SYSDB_LAST_ONLINE_AUTH "lastOnlineAuth"
#define SYSDB_LAST_FAILED_LOGIN "lastFailedLogin"
#define SYSDB_FAILED_LOGIN_ATTEMPTS "failedLoginAttempts"
#define SYSDB_LAST_UPDATE "lastUpdate"
#define SYSDB_CACHE_EXPIRE "dataExpireTimestamp"
#define SYSDB_INITGR_EXPIRE "initgrExpireTimestamp"
#define SYSDB_AUTHORIZED_SERVICE "authorizedService"
#define SYSDB_AUTHORIZED_HOST "authorizedHost"
#define SYSDB_NETGROUP_TRIPLE "netgroupTriple"
#define SYSDB_ORIG_NETGROUP_MEMBER "originalMemberNisNetgroup"
#define SYSDB_ORIG_NETGROUP_EXTERNAL_HOST "originalExternalHost"
#define SYSDB_NETGROUP_DOMAIN "nisDomain"
#define SYSDB_NETGROUP_MEMBER "memberNisNetgroup"
#define SYSDB_DESCRIPTION "description"
#define SYSDB_FQDN "fqdn"
#define SYSDB_SERVERHOSTNAME "serverHostname"
#define SYSDB_CACHEDPWD "cachedPassword"
#define SYSDB_UUID "uniqueID"
#define SYSDB_SID "objectSID"
#define SYSDB_PRIMARY_GROUP "ADPrimaryGroupID"
#define SYSDB_SID_STR "objectSIDString"
#define SYSDB_UPN "userPrincipalName"
#define SYSDB_CCACHE_FILE "ccacheFile"
#define SYSDB_ORIG_DN "originalDN"
#define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp"
#define SYSDB_ORIG_MEMBEROF "originalMemberOf"
#define SYSDB_ORIG_MEMBER "orig_member"
#define SYSDB_ORIG_MEMBER_USER "originalMemberUser"
#define SYSDB_ORIG_MEMBER_HOST "originalMemberHost"
#define SYSDB_USN "entryUSN"
#define SYSDB_HIGH_USN "highestUSN"
#define SYSDB_SSH_PUBKEY "sshPublicKey"
#define SYSDB_SUBDOMAIN_REALM "realmName"
#define SYSDB_SUBDOMAIN_FLAT "flatName"
#define SYSDB_SUBDOMAIN_ID "domainID"
#define SYSDB_BASE_ID "baseID"
#define SYSDB_ID_RANGE_SIZE "idRangeSize"
#define SYSDB_BASE_RID "baseRID"
#define SYSDB_SECONDARY_BASE_RID "secondaryBaseRID"
#define SYSDB_DOMAIN_ID "domainID"
#define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))"
#define SYSDB_HAS_ENUMERATED "has_enumerated"
#define SYSDB_DEFAULT_ATTRS SYSDB_LAST_UPDATE, \
NULL}
SYSDB_GHOST, \
NULL}
NULL}
#define SYSDB_INITGR_ATTR SYSDB_MEMBEROF
NULL}
#define SYSDB_MOD_ADD LDB_FLAG_MOD_ADD
#define SYSDB_MOD_DEL LDB_FLAG_MOD_DELETE
#define SYSDB_MOD_REP LDB_FLAG_MOD_REPLACE
/* sysdb version check macros */
#define SYSDB_VERSION_ERROR_HINT \
"but note that removing cache files will also remove all of your " \
"cached credentials.\n")
#define SYSDB_VERSION_LOWER_ERROR(ret) do { \
ERROR("Lower version of database is expected!\n"); \
} \
} while(0)
#define SYSDB_VERSION_HIGHER_ERROR(ret) do { \
if (ret == EMEDIUMTYPE) { \
ERROR("Higher version of database is expected!\n"); \
ERROR("In order to upgrade the database, you must run SSSD.\n"); \
} \
} while(0)
/* use this in daemons */
#define SYSDB_VERSION_ERROR_DAEMON(ret) \
/* use this in tools */
#define SYSDB_VERSION_ERROR(ret) \
struct confdb_ctx;
struct sysdb_ctx;
struct sysdb_attrs {
int num;
struct ldb_message_element *a;
};
/* sysdb_attrs helper functions */
struct sysdb_subdom {
const char *realm;
const char *name;
const char *flat_name;
const char *id;
};
struct range_info {
char *name;
char *trusted_dom_sid;
};
/* values are copied in the structure, allocated on "attrs" */
struct sysdb_attrs *dst,
const char *name);
struct ldb_message_element **el);
const char **string);
bool *value);
const char *newname);
const char *attr_name,
const char *domain,
const char *const *list);
struct sysdb_attrs *attrs,
const char *ldap_attr,
const char **_primary);
struct sysdb_attrs *attrs,
const char *primary,
bool lowercase,
const char ***_aliases);
struct sysdb_attrs **attr_list,
const char *ldap_attr,
char ***name_list);
const char *name,
const char **_cname);
struct ldb_message **msgs,
struct sysdb_attrs ***attrs);
/* convert an ldb error into an errno error */
int sysdb_error_to_errno(int ldberr);
/* DNs related helper functions */
struct sss_domain_info *dom);
struct sss_domain_info *dom);
struct sss_domain_info *dom,
const char *object_name,
const char *subtree_name);
struct sss_domain_info *dom,
const char *subtree_name);
/* functions to start and finish transactions */
/* functions related to subdomains */
struct sysdb_subdom ***subdomain_list);
int num_subdoms,
struct sysdb_subdom *subdoms);
struct sss_domain_info *subdomain,
struct sysdb_ctx **subdomain_ctx);
struct sysdb_subdom **info);
struct sysdb_subdom *domain_info);
struct range_info ***range_list);
struct range_info **ranges);
/* Sysdb initialization.
* call this function *only* once to initialize the database and get
* the sysdb ctx */
struct sss_domain_info *domains,
const char *alt_db_path,
bool allow_upgrade);
/* used to initialize only one domain database.
* Do NOT use if sysdb_init has already been called */
struct sss_domain_info *domain,
const char *db_path,
/* functions to retrieve information from sysdb
* These functions automatically starts an operation
* therefore they cannot be called within a transaction */
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
struct sss_domain_info *domain,
struct ldb_result **res);
struct sss_domain_info *domain,
struct ldb_result **res);
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
struct sss_domain_info *domain,
struct ldb_result **res);
struct sss_domain_info *domain,
struct ldb_result **res);
struct sysdb_netgroup_ctx {
union {
struct {
char *hostname;
char *username;
char *domainname;
} triple;
char *groupname;
} value;
};
struct sss_domain_info *domain,
const char *netgroup,
struct ldb_result **res);
struct sss_domain_info *domain,
const char *name,
struct ldb_result **res);
struct sss_domain_info *domain,
const char *name,
const char **attributes,
struct ldb_result **res);
struct sss_domain_info *domain,
const char *netgrname,
const char **attributes,
struct ldb_result **res);
/* functions that modify the databse
* they have to be called within a transaction
* See sysdb_transaction_send()/_recv() */
/* Delete Entry */
bool ignore_not_found);
bool ignore_not_found);
/* Search Entry */
int scope,
const char *filter,
const char **attrs,
struct ldb_message ***msgs);
/* Search User (by uid or name) */
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg);
struct sss_domain_info *domain,
const char **attrs,
struct ldb_message **msg);
/* Search Group (by gid or name) */
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg);
struct sss_domain_info *domain,
const char **attrs,
struct ldb_message **msg);
/* Search Netgroup (by name) */
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg);
/* Replace entry attrs */
struct sysdb_attrs *attrs,
int mod_op);
/* Replace user attrs */
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
/* Replace group attrs */
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
/* Replace netgroup attrs */
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
/* Allocate a new id */
struct sss_domain_info *domain,
/* Add user (only basic attrs and w/o checks) */
struct sss_domain_info *domain,
const char *name,
const char *gecos,
const char *homedir,
const char *shell);
/* Add user (all checks) */
struct sss_domain_info *domain,
const char *name,
const char *gecos,
const char *homedir,
const char *shell,
const char *orig_dn,
struct sysdb_attrs *attrs,
int cache_timeout,
/* Add group (only basic attrs and w/o checks) */
struct sss_domain_info *domain,
/* Add group (all checks) */
struct sss_domain_info *domain,
struct sysdb_attrs *attrs,
int cache_timeout,
struct sss_domain_info *domain,
const char *name,
const char *original_dn, bool posix,
/* Add netgroup (only basic attrs and w/o checks) */
struct sss_domain_info *domain,
const char *name, const char *description);
struct sss_domain_info *domain,
const char *name,
const char *description,
struct sysdb_attrs *attrs,
char **missing,
int cache_timeout,
/* mod_op must be either LDB_FLAG_MOD_ADD or LDB_FLAG_MOD_DELETE */
int mod_op);
struct sss_domain_info *domain,
const char *name,
const char *pwd,
const char *gecos,
const char *homedir,
const char *shell,
const char *orig_dn,
struct sysdb_attrs *attrs,
char **remove_attrs,
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
enum sysdb_member_type {
};
struct sss_domain_info *domain,
const char *group,
const char *member,
enum sysdb_member_type type);
struct sss_domain_info *domain,
const char *group,
const char *member,
enum sysdb_member_type type);
struct sss_domain_info *domain,
const char *member,
enum sysdb_member_type type,
const char *const *add_groups,
const char *const *del_groups);
/* Password caching function.
* If you are in a transaction ignore sysdb and pass in the handle.
* If you are not in a transaction pass NULL in handle and provide sysdb,
* in this case a transaction will be automatically started and the
* function will be completely wrapped in it's own sysdb transaction */
const char *username,
const char *password);
struct ldb_message *ldb_msg,
const char *name,
const char *password,
struct confdb_ctx *cdb,
bool just_check,
const char *object_name,
const char *subtree_name,
struct sysdb_attrs *attrs);
const char *filter,
const char *subtree_name,
const char **attrs,
struct ldb_message ***msgs);
const char *object_name,
const char *subtree_name,
const char **attrs,
struct ldb_message ***_msgs);
const char *object_name,
const char *subtree_name);
const char *expression,
const char *asq_attribute,
const char **attrs,
struct ldb_message ***msgs);
const char *sub_filter,
const char **attrs,
struct ldb_message ***msgs);
const char *sub_filter,
const char **attrs,
struct ldb_message ***msgs);
const char *sub_filter,
const char **attrs,
struct ldb_message ***msgs);
const char *name);
struct sysdb_attrs **attrs,
int attr_count,
const char *attr_name,
char ***_list);
struct ldb_result *res,
struct sysdb_netgroup_ctx ***entries);
char **sanitized);
const char *attr_name,
bool *value);
const char *cn_value,
const char *attr_name,
bool value);
bool *has_enumerated);
bool enumerated);
const char *name,
enum sysdb_member_type type,
char **remove_attrs);
struct sss_domain_info *dom,
enum sysdb_member_type mtype,
const char *name,
char ***_direct_parents);
/* === Functions related to ID-mapping === */
#define SYSDB_IDMAP_CONTAINER "cn=id_mappings"
#define SYSDB_IDMAP_SUBTREE "idmap"
#define SYSDB_IDMAP_MAPPING_OC "id_mapping"
#define SYSDB_IDMAP_SID_ATTR "objectSID"
#define SYSDB_IDMAP_SLICE_ATTR "slice"
#define SYSDB_IDMAP_ATTRS { \
SYSDB_NAME, \
NULL }
const char *object_sid);
const char *dom_name,
const char *dom_sid,
struct ldb_result **_result);
#endif /* __SYS_DB_H__ */