64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley Yassir Elley <yelley@redhat.com>
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley Copyright (C) 2014 Red Hat
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley This program is free software; you can redistribute it and/or modify
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley it under the terms of the GNU General Public License as published by
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley the Free Software Foundation; either version 3 of the License, or
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley (at your option) any later version.
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley This program is distributed in the hope that it will be useful,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley but WITHOUT ANY WARRANTY; without even the implied warranty of
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley GNU General Public License for more details.
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley You should have received a copy of the GNU General Public License
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley along with this program. If not, see <http://www.gnu.org/licenses/>.
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elleystatic struct ldb_dn *
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elleysysdb_gpo_dn(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley ret = sysdb_dn_sanitize(NULL, gpo_guid, &clean_gpo_guid);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_ALL, SYSDB_TMPL_GPO"\n", clean_gpo_guid, domain->name);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley dn = ldb_dn_new_fmt(mem_ctx, domain->sysdb->ldb, SYSDB_TMPL_GPO,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elleysysdb_gpo_store_gpo(struct sss_domain_info *domain,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley update_msg->dn = sysdb_gpo_dn(update_msg, domain, gpo_guid);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley /* Check for an existing gpo_guid entry */
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley ret = sysdb_search_entry(tmp_ctx, domain->sysdb, update_msg->dn,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley /* Create new GPO */
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley "Adding new GPO [gpo_guid:%s][gpo_version:%d]\n",
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley /* Add the objectClass */
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_empty(update_msg, SYSDB_OBJECTCLASS,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_string(update_msg, SYSDB_OBJECTCLASS,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley /* Add the GPO GUID */
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_empty(update_msg, SYSDB_GPO_GUID_ATTR,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_string(update_msg, SYSDB_GPO_GUID_ATTR, gpo_guid);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley /* Add the Version */
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_empty(update_msg, SYSDB_GPO_VERSION_ATTR,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_fmt(update_msg, SYSDB_GPO_VERSION_ATTR,
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley /* Add the Policy File Timeout */
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley lret = ldb_msg_add_empty(update_msg, SYSDB_GPO_TIMEOUT_ATTR,
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley lret = ldb_msg_add_fmt(update_msg, SYSDB_GPO_TIMEOUT_ATTR, "%lu",
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley ((cache_timeout) ? (now + cache_timeout) : 0));
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_add(domain->sysdb->ldb, update_msg);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley "Failed to add GPO: [%s]\n",
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley /* Update the existing GPO */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_ALL, "Updating new GPO [%s][%s]\n", domain->name, gpo_guid);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley /* Add the Version */
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_empty(update_msg, SYSDB_GPO_VERSION_ATTR,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_msg_add_fmt(update_msg, SYSDB_GPO_VERSION_ATTR,
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley /* Add the Policy File Timeout */
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley lret = ldb_msg_add_empty(update_msg, SYSDB_GPO_TIMEOUT_ATTR,
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley lret = ldb_msg_add_fmt(update_msg, SYSDB_GPO_TIMEOUT_ATTR, "%lu",
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley ((cache_timeout) ? (now + cache_timeout) : 0));
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_modify(domain->sysdb->ldb, update_msg);
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik "Failed to modify GPO: [%s](%d)[%s]\n",
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik ldb_strerror(lret), lret, ldb_errstring(domain->sysdb->ldb));
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley "Could not commit transaction: [%s]\n", strerror(ret));
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley sret = sysdb_transaction_cancel(domain->sysdb);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_ALL, SYSDB_TMPL_GPO_BASE"\n", domain->name);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley lret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn,
9bda5ab39fc3429191e2272a8be62e230677ecb1Yassir Elley LDB_SCOPE_SUBTREE, attrs, SYSDB_GPO_GUID_FILTER, gpo_guid);
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley "Could not locate GPO: [%s]\n",
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley DEBUG(SSSDBG_CRIT_FAILURE, "Search for GUID [%s] returned more than " \
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley } else if (ret) {
64074e584a56611d7563667e0fcdadd215b0c922Yassir Elley DEBUG(SSSDBG_OP_FAILURE, "Error: %d (%s)\n", ret, strerror(ret));
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_ALL, SYSDB_TMPL_GPO_BASE"\n", domain->name);
9bda5ab39fc3429191e2272a8be62e230677ecb1Yassir Elley base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
9bda5ab39fc3429191e2272a8be62e230677ecb1Yassir Elley lret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn,
9bda5ab39fc3429191e2272a8be62e230677ecb1Yassir Elley "Could not locate GPOs: [%s]\n",
9bda5ab39fc3429191e2272a8be62e230677ecb1Yassir Elley } else if (ret) {
9bda5ab39fc3429191e2272a8be62e230677ecb1Yassir Elley DEBUG(SSSDBG_OP_FAILURE, "Error: %d (%s)\n", ret, strerror(ret));
4611802d41d8954a3040f39403590adb920ca521Yassir Elley/* GPO Result */
4611802d41d8954a3040f39403590adb920ca521Yassir Elleystatic struct ldb_dn *
4611802d41d8954a3040f39403590adb920ca521Yassir Elley ret = sysdb_dn_sanitize(NULL, result_name, &clean_result_name);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_ALL, SYSDB_TMPL_GPO_RESULT"\n",
4611802d41d8954a3040f39403590adb920ca521Yassir Elley dn = ldb_dn_new_fmt(mem_ctx, domain->sysdb->ldb, SYSDB_TMPL_GPO_RESULT,
4611802d41d8954a3040f39403590adb920ca521Yassir Elleysysdb_gpo_store_gpo_result_setting(struct sss_domain_info *domain,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley update_msg->dn = sysdb_gpo_result_dn(update_msg, domain, "gpo_result");
eb0cde4e6dfdbda08588860534f7ece5776ec3afYassir Elley DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* Check for an existing GPO Result object */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley ret = sysdb_search_entry(tmp_ctx, domain->sysdb, update_msg->dn,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* Create new GPO Result object */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_FUNC, "Storing setting: key [%s] value [%s]\n",
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* Add the objectClass */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley lret = ldb_msg_add_empty(update_msg, SYSDB_OBJECTCLASS,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley lret = ldb_msg_add_string(update_msg, SYSDB_OBJECTCLASS,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* Store the policy_setting if it is non-NULL */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley lret = ldb_msg_add_string(update_msg, ini_key, ini_value);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley lret = ldb_add(domain->sysdb->ldb, update_msg);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley "Failed to add GPO Result: [%s]\n",
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* Update existing GPO Result object*/
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_FUNC, "Updating setting: key [%s] value [%s]\n",
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* Update the policy setting */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley lret = ldb_msg_add_fmt(update_msg, ini_key, "%s", ini_value);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* If the value is NULL, we need to remove it from the cache */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_FUNC, "Removing setting: key [%s]\n", ini_key);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley /* Update the policy setting */
4611802d41d8954a3040f39403590adb920ca521Yassir Elley lret = ldb_modify(domain->sysdb->ldb, update_msg);
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik "Failed to modify GPO Result: [%s](%d)[%s]\n",
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik ldb_strerror(lret), lret, ldb_errstring(domain->sysdb->ldb));
4611802d41d8954a3040f39403590adb920ca521Yassir Elley "Could not commit transaction: [%s]\n", strerror(ret));
4611802d41d8954a3040f39403590adb920ca521Yassir Elley sret = sysdb_transaction_cancel(domain->sysdb);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozeksysdb_gpo_get_gpo_result_object(TALLOC_CTX *mem_ctx,
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek const char **attrs,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_ALL, SYSDB_TMPL_GPO_RESULT_BASE"\n", domain->name);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley lret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley LDB_SCOPE_SUBTREE, attrs, SYSDB_GPO_RESULT_FILTER);
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek "Could not locate GPO Result object: [%s]\n",
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek DEBUG(SSSDBG_TRACE_ALL, "No GPO Result object.\n");
4611802d41d8954a3040f39403590adb920ca521Yassir Elley } else if (ret) {
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_OP_FAILURE, "Error: %d (%s)\n", ret, strerror(ret));
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozeksysdb_gpo_get_gpo_result_setting(TALLOC_CTX *mem_ctx,
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek ret = sysdb_gpo_get_gpo_result_object(tmp_ctx, domain, attrs, &res);
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek ini_value = ldb_msg_find_attr_as_string(res->msgs[0],
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, "key [%s] value [%s]\n", ini_key, ini_value);
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek *_ini_value = talloc_strdup(mem_ctx, ini_value);
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek /* If ini_value was NULL, this is expected to also be NULL */
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek DEBUG(SSSDBG_TRACE_ALL, "No setting for key [%s].\n", ini_key);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley } else if (ret) {
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_OP_FAILURE, "Error: %d (%s)\n", ret, strerror(ret));
4611802d41d8954a3040f39403590adb920ca521Yassir Elleyerrno_t sysdb_gpo_delete_gpo_result_object(TALLOC_CTX *mem_ctx,
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
4f4d35e14b4dc35a8df0ba28d6bd26f9ce75f962Jakub Hrozek ret = sysdb_gpo_get_gpo_result_object(mem_ctx, domain, NULL, &res);
ee8dccf5f0a7de4aba16ab73a53872df9a65175cJakub Hrozek "Could not delete GPO result object: %d\n", ret);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley DEBUG(SSSDBG_TRACE_FUNC, "Deleting GPO Result object\n");
4611802d41d8954a3040f39403590adb920ca521Yassir Elley ret = sysdb_delete_entry(domain->sysdb, res->msgs[0]->dn, true);
4611802d41d8954a3040f39403590adb920ca521Yassir Elley "Could not delete GPO Result cache entry\n");
eb0cde4e6dfdbda08588860534f7ece5776ec3afYassir Elley "Could not commit transaction: [%s]\n", strerror(ret));
eb0cde4e6dfdbda08588860534f7ece5776ec3afYassir Elley sret = sysdb_transaction_cancel(domain->sysdb);
eb0cde4e6dfdbda08588860534f7ece5776ec3afYassir Elley DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");