sysdb_ops.c revision b01d8c856117f42f1a2c11669c9704166dc8f9ca
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher System Database
c252d148fa8ab50aaaa8bbae7beb4d208025171dNikolai Kondrashov Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
9542512d7be40f2000298c86d3d2b728f4f0f65aStephen Gallagher This program is free software; you can redistribute it and/or modify
9542512d7be40f2000298c86d3d2b728f4f0f65aStephen Gallagher it under the terms of the GNU General Public License as published by
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov the Free Software Foundation; either version 3 of the License, or
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov (at your option) any later version.
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov This program is distributed in the hope that it will be useful,
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov but WITHOUT ANY WARRANTY; without even the implied warranty of
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek GNU General Public License for more details.
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher You should have received a copy of the GNU General Public License
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint add_string(struct ldb_message *msg, int flags,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_msg_add_empty(msg, attr, flags, NULL);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_msg_add_string(msg, attr, value);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint add_ulong(struct ldb_message *msg, int flags,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke ret = ldb_msg_add_fmt(msg, attr, "%lu", value);
f3c85d900c4663854cc7bbae7d9f77867ed1f69bSumit Bosestatic uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr)
f3c85d900c4663854cc7bbae7d9f77867ed1f69bSumit Bose const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher long long int l;
2a552e43581c74f51205c7141ec9f6e9542509f8Stephen Gallagher if (!v || !v->data) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherstatic int sss_ldb_modify_permissive(struct ldb_context *ldb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_request_add_control(req, LDB_CONTROL_PERMISSIVE_MODIFY_OID,
bc13c352ba9c2877f1e9bc62e55ad60fc000a55dJakub Hrozek#define ERROR_OUT(v, r, l) do { v = r; goto l; } while(0)
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce/* =Remove-Entry-From-Sysdb=============================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_delete_entry(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* fall through */
558998ce664055a75595371118f818084d8f2b23Jan Cholasta DEBUG(1, ("LDB Error: %s(%d)\nError Message: [%s]\n",
558998ce664055a75595371118f818084d8f2b23Jan Cholasta ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Remove-Subentries-From-Sysdb=========================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_delete_recursive(struct sysdb_ctx *sysdb,
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta DEBUG(6, ("Search error: %d (%s)\n", ret, strerror(ret)));
19d3aba12c70528708be9440aca66038a291f29eYassir Elley DEBUG(9, ("Found [%d] items to delete.\n", msgs_count));
f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozek sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozek for (i = 0; i < msgs_count; i++) {
5484044ea7bb632b915f706685fce509f6eacc48Jakub Hrozek ret = sysdb_delete_entry(sysdb, msgs[i]->dn, false);
9c0c83eecf963416effee67dab55711234373fdeFabiano Fidêncio/* =Search-Entry========================================================== */
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce const char *filter,
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozek const char **attrs,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_search(sysdb->ldb, mem_ctx, &res,
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek/* =Search-User-by-[UID/NAME]============================================= */
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozekint sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek const char *name,
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek const char **attrs,
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
723d514f641e2b5a5cbfe1c6c7bdd2a6f3c5070eFabiano Fidêncio DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
2b62d5a414b8b7dba4f714dc5033e28dc4b1f4feJakub Hrozekint sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx,
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek const char **attrs,
b9d83e10cec267ae11fee64a30f42a12bbf7abe4Pavel Březina const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
8cfb42e1985550e99585d311f68087d414932806Jakub Hrozek filter = talloc_asprintf(tmp_ctx, SYSDB_PWUID_FILTER, (unsigned long)uid);
2b5518eeaacc6245cfa77ee4a7086f16208060fcJakub Hrozek /* Use SUBTREE scope here, not ONELEVEL
2b5518eeaacc6245cfa77ee4a7086f16208060fcJakub Hrozek * There is a bug in LDB that makes ONELEVEL searches extremely
2b5518eeaacc6245cfa77ee4a7086f16208060fcJakub Hrozek * slow (it ignores indexing)
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
b4e45531b3e98efce868d8a01ebd2dbe54348217Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek/* =Search-Group-by-[GID/NAME]============================================ */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
fb3c5cdfcda069a5fbeb7b9d200c0881911364b8Jakub Hrozek const char *name,
9f521c61c17cecd9625ebc1b33c666fa3488622cJakub Hrozek const char **attrs,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik static const char *def_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL };
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher basedn = sysdb_group_dn(sysdb, tmp_ctx, name);
cbff3fcdce5b0377a62fbe74f32e476efbf7ca9cNikolai Kondrashov ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
cbff3fcdce5b0377a62fbe74f32e476efbf7ca9cNikolai Kondrashov attrs?attrs:def_attrs, &msgs_count, &msgs);
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
c71e0a6710418991d759a329b8dcb77c7ad3e16eJakub Hrozekint sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx,
c71e0a6710418991d759a329b8dcb77c7ad3e16eJakub Hrozek const char **attrs,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke filter = talloc_asprintf(tmp_ctx, SYSDB_GRGID_FILTER, (unsigned long)gid);
1d1a0a019d8d4d9ab0f51ada03604cd2cada287eSumit Bose /* Use SUBTREE scope here, not ONELEVEL
1d1a0a019d8d4d9ab0f51ada03604cd2cada287eSumit Bose * There is a bug in LDB that makes ONELEVEL searches extremely
96453f402831275a39d5fb89c33c9776e148d03fStephen Gallagher * slow (it ignores indexing)
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher attrs?attrs:def_attrs, &msgs_count, &msgs);
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Search-Group-by-Name============================================ */
1467daed400d6c186bd0c99c057c42e764309ff3Stephen Gallagherint sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik const char **attrs,
6a6a821866091e0f722808566c25b951aa346d7cStephen Gallagher static const char *def_attrs[] = { SYSDB_NAME, NULL };
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik basedn = sysdb_netgroup_dn(sysdb, tmp_ctx, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
84ae5edab16ad6be5e3be956cb6fa031c1428eb5Stephen Gallagher attrs?attrs:def_attrs, &msgs_count, &msgs);
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
6398f22526303343193a18e514602f1af6fb29cbNikolai Kondrashov/* =Replace-Attributes-On-Entry=========================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ("ldb_modify failed: [%s]\n", ldb_strerror(lret)));
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
7a2ca8d776df685bddbb64370181fb32d776f676Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina/* =Replace-Attributes-On-User============================================ */
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březinaint sysdb_set_user_attr(struct sysdb_ctx *sysdb,
c109f063b4469818fd335b8b509f0458e7b33b0aJakub Hrozek ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op);
83a79d93035c2d75a1941f3b54426119174044a0Pavel Březina/* =Replace-Attributes-On-Group=========================================== */
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březinaint sysdb_set_group_attr(struct sysdb_ctx *sysdb,
ca261795ce61c41d7e62217ccb2ee913923040ffPavel Březina ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Replace-Attributes-On-Netgroup=========================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_set_netgroup_attr(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher dn = sysdb_netgroup_dn(sysdb, tmp_ctx, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher/* =Get-New-ID============================================================ */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_get_new_id(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *attrs_1[] = { SYSDB_NEXTID, NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *attrs_2[] = { SYSDB_UIDNUM, SYSDB_GIDNUM, NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher struct sss_domain_info *domain = sysdb->domain;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher base_dn = sysdb_domain_dn(sysdb, tmp_ctx);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_BASE,
8cfb42e1985550e99585d311f68087d414932806Jakub Hrozek new_id = get_attr_as_uint32(msgs[0], SYSDB_NEXTID);
ca90f2102a43a3d49a2ef26610d7b4ff3062a823Jakub Hrozek DEBUG(1, ("Invalid Next ID in domain %s\n", domain->name));
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina if ((domain->id_max != 0) && (new_id > domain->id_max)) {
66c8e92eb5a4985bb7f64c349a53b08030a000cfFabiano Fidêncio DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* looks like the domain is not initialized yet, use min_id */
7f0b01bf0a8f5c5b3ef145e81511b6db2cb4f98fPavel Březina /* verify the id is actually really free.
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek * search all entries with id >= new_id and < max_id */
c747b0c875785ce693f70b50bdda0237c4b04e35Pavel Březina "(|(&(%s>=%u)(%s<=%u))(&(%s>=%u)(%s<=%u)))",
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek "(|(%s>=%u)(%s>=%u))",
364b3572bab5a9649e8f2d4da835d05d3c8ca7a9Pavel Březina ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_SUBTREE,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek /* if anything was found, find the maximum and increment past it */
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny for (i = 0; i < count; i++) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher id = get_attr_as_uint32(msgs[i], SYSDB_UIDNUM);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher id = get_attr_as_uint32(msgs[i], SYSDB_GIDNUM);
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina /* check again we are not falling out of range */
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina if ((domain->id_max != 0) && (new_id > domain->id_max)) {
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
3441d0c2d11aea0c39b009751a1898333c009674Stephen Gallagher /* finally store the new next id */
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio/* =Add-Basic-User-NO-CHECKS============================================== */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaint sysdb_add_basic_user(struct sysdb_ctx *sysdb,
077f8c9ca849ec895da3f0a25d15484ead08e99eLukas Slebodnik /* user dn */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_UIDNUM, (unsigned long)uid);
284937e6b5b0c9d7a1d3382d0d2820d1168842fbPavel Březina ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid);
e157b9f6cb370e1b94bcac2044d26ad66d640fbaPavel Březina /* We set gecos to be the same as fullname on user creation,
53f1b03f4e61ebe21df0c2fd05e09e0504fd8881Jakub Hrozek * But we will not enforce coherency after that, it's up to
3996e391054a1c02ab62e1541ae21a8204bd5d0aAmitKumar * admins to decide if they want to keep it in sync if they change
3996e391054a1c02ab62e1541ae21a8204bd5d0aAmitKumar * one of the 2 */
462db32918a05097652f8232cd6c8d78a826e63cLukas Slebodnik ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FULLNAME, gecos);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_GECOS, gecos);
3b08dec5ee634f83ee18e1753d5ffe0ac5e3c458Jakub Hrozek ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_HOMEDIR, homedir);
2a9af1f71887f02935e2fb6ad5023afba5b6d43eSumit Bose ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_SHELL, shell);
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina /* creation time */
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt/* =Add-User-Function===================================================== */
96453f402831275a39d5fb89c33c9776e148d03fStephen Gallagherint sysdb_add_user(struct sysdb_ctx *sysdb,
69b46c32357ccf1aab9c0bd6d1afa33a8724ad77Lukas Slebodnik const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL};
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n"));
0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose (uid < domain->id_min || uid > domain->id_max)) {
0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose DEBUG(2, ("Supplied uid [%d] is not in the allowed range [%d-%d].\n",
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik (gid < domain->id_min || gid > domain->id_max)) {
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n",
0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose /* In MPG domains you can't have groups with the same name as users,
0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose * search if a group with the same name exists.
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik * Don't worry about users, if we try to add a user with the same
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik * name the operation will fail */
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik ret = sysdb_search_group_by_name(tmp_ctx, sysdb,
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik /* check no other user with the same uid exist */
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik ret = sysdb_search_user_by_uid(tmp_ctx, sysdb,
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose /* try to add the user */
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose ret = sysdb_add_basic_user(sysdb, name, uid, gid, gecos, homedir, shell);
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_UIDNUM, id);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_GIDNUM, id);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = sysdb_set_user_attr(sysdb, name, id_attrs, SYSDB_MOD_REP);
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
1319e71fd1680ca4864afe0b1aca2b8c8e4a1ee4Stef Walter ret = sysdb_set_user_attr(sysdb, name, attrs, SYSDB_MOD_REP);
ae7247551b78a05a5397d3c790afad7ef51b0d9dPavel Březina /* remove all ghost users */
d4aa049726ce8c6feeaf6995d4abb4cb5155b9a1Pavel Březina filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", SYSDB_GHOST, name);
b9d8c6172e48a2633ebe196b2e88bebdf9523c20Stef Walter ret = sysdb_attrs_get_el(attrs, SYSDB_NAME_ALIAS, &alias_el);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher for (i = 0; i < alias_el->num_values; i++) {
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher if (strcmp((const char *)alias_el->values[i].data, name) == 0) {
dbea04f585a30d001b574317c068cd03a4fa332bJakub Hrozek filter = talloc_asprintf_append(filter, "(%s=%s)",
022c6b90bb37851c0e8704c0e5388ebc113c6470Lukas Slebodnik tmpdn = sysdb_user_dn(sysdb, tmp_ctx, name);
5a05b6127064c74349f1edae32e5e13032c386feLukas Slebodnik /* We need to find all groups that contain this object as a ghost user
5a05b6127064c74349f1edae32e5e13032c386feLukas Slebodnik * and replace the ghost user by actual member record in direct parents.
5a05b6127064c74349f1edae32e5e13032c386feLukas Slebodnik * Note that this object can be referred to either by its name or any
7d8b7d82f0a91ed656320577fc781f24a66db9f8Sumit Bose * of its aliases
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret = sysdb_search_entry(tmp_ctx, sysdb, tmpdn, LDB_SCOPE_SUBTREE, filter,
748ba184db97b7534254f97018fa04e8aa458faeJan Cholasta for (i = 0; i < group_count; i++) {
1e0fa55fb377db788e065de917ba8e149eb56161Jakub Hrozek /* We have no way of telling which groups this user belongs to.
1e0fa55fb377db788e065de917ba8e149eb56161Jakub Hrozek * Add it to all that reference it in the ghost attribute */
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek orig_members = ldb_msg_find_element(groups[i], SYSDB_ORIG_MEMBER);
1e0fa55fb377db788e065de917ba8e149eb56161Jakub Hrozek for (j = 0; j < orig_members->num_values; j++) {
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek if (strcmp((const char *) orig_members->values[j].data,
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek /* This is a direct member. Add the member attribute */
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek /* Nothing to compare the originalDN with. Let's rely on the
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek * memberof plugin to do the right thing during initgroups..
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_MEMBER, userdn);
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose ret = add_string(msg, LDB_FLAG_MOD_DELETE, SYSDB_GHOST, name);
e0c86d21388bffe2e3919e780780c40d96186abbJakub Hrozek /* Delete aliases from the ghost attribute as well */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher if (strcmp((const char *)alias_el->values[j].data, name) == 0) {
de5fa34860886ad68fba5e739987e16c342e8f14Lukas Slebodnik ret = sss_ldb_modify_permissive(sysdb->ldb, msg);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik/* =Add-Basic-Group-NO-CHECKS============================================= */
2a9af1f71887f02935e2fb6ad5023afba5b6d43eSumit Boseint sysdb_add_basic_group(struct sysdb_ctx *sysdb,
a9c287bda3fc2a1e12cef2135ade96945f11ad01Sumit Bose /* group dn */
1270ffe9f3809f2fd488ef4a320d344ae107ab87Sumit Bose ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose /* creation time */
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
1270ffe9f3809f2fd488ef4a320d344ae107ab87Sumit Bose/* =Add-Group-Function==================================================== */
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina struct sss_domain_info *domain = sysdb->domain;
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina (gid < domain->id_min || gid > domain->id_max)) {
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n",
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek /* In MPG domains you can't have groups with the same name as users,
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek * search if a group with the same name exists.
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek * Don't worry about users, if we try to add a user with the same
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek * name the operation will fail */
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek ret = sysdb_search_user_by_name(tmp_ctx, sysdb,
8c829226ce0cf98c35ffce39a66f9645cff65767Jakub Hrozek /* check no other groups with the same gid exist */
41291f19dbc5bf14f20729959b852fa605fcc02dJakub Hrozek ret = sysdb_search_group_by_gid(tmp_ctx, sysdb,
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek /* try to add the group */
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek ret = sysdb_attrs_get_bool(attrs, SYSDB_POSIX, &posix);
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, true);
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, id);
c109f063b4469818fd335b8b509f0458e7b33b0aJakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter ret = sysdb_set_group_attr(sysdb, name, attrs, SYSDB_MOD_REP);
fcd8093c58638dc7c4f9cddfc97f273b94ce2eadStef Walter DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walterint sysdb_add_incomplete_group(struct sysdb_ctx *sysdb,
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter const char *name,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* try to add the group */
9917c138d9a270deb5820915384fbde751190c2aLukas Slebodnik ret = sysdb_add_basic_group(sysdb, name, gid);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, posix);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, original_dn);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_set_group_attr(sysdb, name, attrs, SYSDB_MOD_REP);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Add-Or-Remove-Group-Memeber=========================================== */
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher/* mod_op must be either SYSDB_MOD_ADD or SYSDB_MOD_DEL */
300c772767c1b12077cac1d148ac89738b058f97Jan Zelenyint sysdb_mod_group_member(struct sysdb_ctx *sysdb,
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina const char *dn;
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, mod_op, NULL);
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek ret = ldb_msg_add_string(msg, SYSDB_MEMBER, dn);
a8191ce7ad5364801ad9458c3194075a7ca77b8aPavel Březina DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta/* =Add-Basic-Netgroup-NO-CHECKS============================================= */
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Boseint sysdb_add_basic_netgroup(struct sysdb_ctx *sysdb,
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose /* netgroup dn */
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
590582be38cdbfde387fcc57df92903d48c5a083Jakub Hrozek /* creation time */
8a1fd0633e85221da1fb63451516a70d66c0af31Pavel Březina ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
e5911e72198df96ec7cfe486ff66363c2297a5f7Simo Sorce DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
1a59af8245f183f22d87d067a90197d8e2ea958dJakub Hrozek/* =Add-Netgroup-Function==================================================== */
9222a4fcbeec9d5a6f84aab31a5131f14d4a6430Fabiano Fidêncioint sysdb_add_netgroup(struct sysdb_ctx *sysdb,
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* try to add the netgroup */
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce ret = sysdb_add_basic_netgroup(sysdb, name, description);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek ret = sysdb_set_netgroup_attr(sysdb, name, attrs, SYSDB_MOD_REP);
2b5518eeaacc6245cfa77ee4a7086f16208060fcJakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove missing attributes\n"));
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek/* =Store-Users-(Native/Legacy)-(replaces-existing-data)================== */
bea0dc79faf609de8603cb42f190adae544bc8fbJakub Hrozek/* if one of the basic attributes is empty ("") as opposed to NULL,
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek * this will just remove it */
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek const char *name,
376eaf187c13c2a1eaea0ffbdd970b6b563ab74cPetr Cech const char *gecos,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (pwd && (sysdb->domain->legacy_passwords || !*pwd)) {
5ea60d18ddb8eaff25d274c22c7db7df57b6ec4dNikolai Kondrashov ret = sysdb_attrs_add_string(attrs, SYSDB_PWD, pwd);
2db6afe70eee2bbc22aa657a6b6609a9f3eb5d4cSimo Sorce DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
d46d59e78600aa72176df7217c94743b7e71881aJustin Stephenson ret = sysdb_search_user_by_name(tmp_ctx, sysdb,
8359bf07a2e6c0181251ce8d5d9160dc57546c55Stephen Gallagher /* get transaction timestamp */
8a07521b413a3b5879f824e1872c5770c92ee5c0Stephen Gallagher /* users doesn't exist, turn into adding a user */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_add_user(sysdb, name, uid, gid, gecos, homedir,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher shell, orig_dn, attrs, cache_timeout, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* This may be a user rename. If there is a user with the
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * same UID, remove it and try to add the basic user again
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_delete_user(sysdb, NULL, uid);
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher /* Not found by UID, return the original EEXIST,
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher * this may be a conflict in MPG domain or something
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ("A user with the same UID [%llu] was removed from the "
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_add_user(sysdb, name, uid, gid, gecos, homedir,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher shell, orig_dn, attrs, cache_timeout, now);
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek /* Handle the result of sysdb_add_user */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_OP_FAILURE, ("Could not add user\n"));
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek /* the user exists, let's just replace attributes when set */
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek ret = sysdb_attrs_add_uint32(attrs, SYSDB_UIDNUM, uid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, uid);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_attrs_add_string(attrs, SYSDB_GECOS, gecos);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir);
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt ret = sysdb_attrs_add_string(attrs, SYSDB_SHELL, shell);
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
2c0a971010596c122d7a0c0d76c8eb85f16f6d06Jakub Hrozek ret = sysdb_set_user_attr(sysdb, name, attrs, SYSDB_MOD_REP);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik DEBUG(4, ("Could not remove missing attributes\n"));
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
f1828234a850dd28465425248a83a993f262918fPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
1746e8b8399da2a7a8da4aace186f66055ccfec1Jakub Hrozek/* =Store-Group-(Native/Legacy)-(replaces-existing-data)================== */
1746e8b8399da2a7a8da4aace186f66055ccfec1Jakub Hrozek/* this function does not check that all user members are actually present */
1746e8b8399da2a7a8da4aace186f66055ccfec1Jakub Hrozek const char *name,
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina static const char *src_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM,
e157b9f6cb370e1b94bcac2044d26ad66d640fbaPavel Březina ret = sysdb_search_group_by_name(tmp_ctx, sysdb,
e157b9f6cb370e1b94bcac2044d26ad66d640fbaPavel Březina /* get transaction timestamp */
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina /* FIXME: use the remote modification timestamp to know if the
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina * group needs any update */
70e59ed31c5a9c9ed02d9065ddf92be87c887efbJakub Hrozek /* group doesn't exist, turn into adding a group */
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina ret = sysdb_add_group(sysdb, name, gid, attrs, cache_timeout, now);
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina /* This may be a group rename. If there is a group with the
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina * same GID, remove it and try to add the basic group again
748ba184db97b7534254f97018fa04e8aa458faeJan Cholasta /* Not found by GID, return the original EEXIST,
558998ce664055a75595371118f818084d8f2b23Jan Cholasta * this may be a conflict in MPG domain or something
9a3e40dc49c1e38bf58e45be5adff37615f3910bJan Cholasta ("A group with the same GID [%llu] was removed from the "
9a3e40dc49c1e38bf58e45be5adff37615f3910bJan Cholasta ret = sysdb_add_group(sysdb, name, gid, attrs, cache_timeout, now);
558998ce664055a75595371118f818084d8f2b23Jan Cholasta /* the group exists, let's just replace attributes when set */
9c0c83eecf963416effee67dab55711234373fdeFabiano Fidêncio ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
9c0c83eecf963416effee67dab55711234373fdeFabiano Fidêncio ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
9c0c83eecf963416effee67dab55711234373fdeFabiano Fidêncio ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
9c0c83eecf963416effee67dab55711234373fdeFabiano Fidêncio ret = sysdb_set_group_attr(sysdb, name, attrs, SYSDB_MOD_REP);
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
a20fb9cbd5f42a6ca895aea1b84347fdfea34b89Sumit Bose/* =Add-User-to-Group(Native/Legacy)====================================== */
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bosesysdb_group_membership_mod(struct sysdb_ctx *sysdb,
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose const char *group,
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose const char *member,
84fecc2fd535030bc56b5046ba2a1ba95c46bc34Lukas Slebodnik member_dn = sysdb_user_dn(sysdb, tmp_ctx, member);
31a6661ff2a640fbcf97460df2415fd1bab309b5Sumit Bose member_dn = sysdb_group_dn(sysdb, tmp_ctx, member);
31a6661ff2a640fbcf97460df2415fd1bab309b5Sumit Bose group_dn = sysdb_group_dn(sysdb, tmp_ctx, group);
db36dca3d45e6eefbb30042ee65876566f1a6014Sumit Bose ret = sysdb_mod_group_member(sysdb, member_dn, group_dn, modify_op);
cbff3fcdce5b0377a62fbe74f32e476efbf7ca9cNikolai Kondrashovint sysdb_add_group_member(struct sysdb_ctx *sysdb,
21f28bdbab10881b9fb0b890dfa15af429326606Sumit Bose const char *member,
21f28bdbab10881b9fb0b890dfa15af429326606Sumit Bose return sysdb_group_membership_mod(sysdb, group, member, type, SYSDB_MOD_ADD);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Remove-member-from-Group(Native/Legacy)=============================== */
d65f692d7b7639ed8ba0f5cffa4f88b68056739aLukas Slebodnikint sysdb_remove_group_member(struct sysdb_ctx *sysdb,
25c394fc9d09aa7f58700e67b942aba86505934aLukas Slebodnik return sysdb_group_membership_mod(sysdb, group, member, type, SYSDB_MOD_DEL);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Password-Caching====================================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_cache_password(struct sysdb_ctx *sysdb,
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce ret = s3crypt_sha512(tmp_ctx, password, salt, &hash);
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash);
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce /* FIXME: should we use a different attribute for chache passwords ?? */
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange",
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik ret = sysdb_attrs_add_uint32(attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, 0U);
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik ret = sysdb_set_user_attr(sysdb, username, attrs, SYSDB_MOD_REP);
a801d42c4637bbdf9664d0d8b913ffcab81b904eLukas Slebodnik DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce/* =Custom Search================== */
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozek const char **attrs,
16c351625346b3193e1762027e5215ab76042127Sumit Bose basedn = sysdb_custom_subtree_dn(sysdb, mem_ctx, subtree_name);
25f8fac2489fd209d603acb2b494f7c72968e9bbMichal Zidek DEBUG(1, ("sysdb_custom_subtree_dn failed.\n"));
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_search_entry(mem_ctx, sysdb, basedn,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
291a6c8af9759e41cec6f332cb72606ca90768c3Pavel Březina if (object_name == NULL || subtree_name == NULL) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher basedn = sysdb_custom_dn(sysdb, tmp_ctx, object_name, subtree_name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, basedn,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher LDB_SCOPE_BASE, NULL, attrs, &count, &msgs);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(1, ("More than one result found.\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Custom Store (replaces-existing-data)================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_store_custom(struct sysdb_ctx *sysdb,
5b93634c7f0e34f69b4cf8fb9b2e77b9179024a7Fabiano Fidêncio const char *search_attrs[] = { "*", NULL };
c71e0a6710418991d759a329b8dcb77c7ad3e16eJakub Hrozek if (object_name == NULL || subtree_name == NULL) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_custom_by_name(tmp_ctx, sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher msg->dn = sysdb_custom_dn(sysdb, tmp_ctx, object_name, subtree_name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher msg->elements[i].flags = LDB_FLAG_MOD_ADD;
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher el = ldb_msg_find_element(resp[0], attrs->a[i].name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher msg->elements[i].flags = LDB_FLAG_MOD_ADD;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher DEBUG(1, ("Failed to store custom entry: %s(%d)[%s]\n",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)));
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
676bf6dda60776d9db79dad1c2506c0e57bb5503Pavel Březina/* = Custom Delete======================================= */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (object_name == NULL || subtree_name == NULL) {
291a6c8af9759e41cec6f332cb72606ca90768c3Pavel Březina dn = sysdb_custom_dn(sysdb, tmp_ctx, object_name, subtree_name);
5a5c5cdeb92f4012fc75fd717bfea06598f68f12Pavel Reichl DEBUG(1, ("LDB Error: %s(%d)\nError Message: [%s]\n",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)));
b9d8c6172e48a2633ebe196b2e88bebdf9523c20Stef Walter/* = ASQ search request ======================================== */
b9d8c6172e48a2633ebe196b2e88bebdf9523c20Stef Walter const char **attrs,
69aaef8719c5cf33ed1c4090fa313ba281bf8a02Jakub Hrozek ctrl = talloc_array(tmp_ctx, struct ldb_control *, 2);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher asq_control = talloc(ctrl[0], struct ldb_asq_control);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose asq_control->source_attribute = talloc_strdup(asq_control, asq_attribute);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose asq_control->src_attr_len = strlen(asq_control->source_attribute);
83a79d93035c2d75a1941f3b54426119174044a0Pavel Březina ret = ldb_build_search_req(&ldb_req, sysdb->ldb, tmp_ctx,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek/* =Search-Users-with-Custom-Filter====================================== */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek const char **attrs,
f5e47e1d65f80ffdb1893feab18583a74d661214Stef Walter filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_UC, sub_filter);
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter ret = sysdb_search_entry(mem_ctx, sysdb, basedn,
c440c424443517b12afa8d56f989d92ca6ba56a3Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, ("No such entry\n"));
e7ccfb139388c947ec2dee16cfe3005f5643b90dPetr Cech DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
29dd456102dc995aa59a56483363087071bb84d6Nikolai Kondrashov/* =Delete-User-by-Name-OR-uid============================================ */
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek ret = sysdb_search_user_by_name(tmp_ctx, sysdb,
8d5292227a8d1ab9c6aa5b88d8ac8655cd1223e5Pavel Březina ret = sysdb_search_user_by_uid(tmp_ctx, sysdb,
8d5292227a8d1ab9c6aa5b88d8ac8655cd1223e5Pavel Březina /* verify name/gid match */
8d5292227a8d1ab9c6aa5b88d8ac8655cd1223e5Pavel Březina c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek c_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek DEBUG(2, ("Attribute is missing but this should never happen!\n"));
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek /* this is not the entry we are looking for */
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek ret = sysdb_delete_entry(sysdb, msg->dn, false);
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek /* Perhaps a ghost user? */
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_GHOST, name);
ec9ac22d699a17d590b1d4ba9ba3750eb719f340Sumit Bose ret = sysdb_search_groups(tmp_ctx, sysdb, filter, attrs, &msg_count, &msgs);
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek for (i = 0; i < msg_count; i++) {
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek ret = add_string(msg, LDB_FLAG_MOD_DELETE, SYSDB_GHOST, name);
ea422c7061072c125eb53b40d7f3ca444d886913Sumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub Hrozek/* =Search-Groups-with-Custom-Filter===================================== */
56c9f8731173eae841a05f31bb03d311076a8485Petr Cech const char **attrs,
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozek filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_GC, sub_filter);
537103f296b7112d9fd505af941a6d83d7902eb1Michal Židek ret = sysdb_search_entry(mem_ctx, sysdb, basedn,
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singh DEBUG(SSSDBG_TRACE_INTERNAL, ("No such entry\n"));
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singh DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
b49a7d90708e816120ff88ce5a88fa62b35ff795Simo Sorce/* =Delete-Group-by-Name-OR-gid=========================================== */
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singhint sysdb_delete_group(struct sysdb_ctx *sysdb,
ae6c1596225c65bec2a2dabff9eee4e3e0691181Abhishek Singh ret = sysdb_search_group_by_name(tmp_ctx, sysdb,
d00ffd2cb4e2f17c75b466178bb645b5c9317909Pallavi Jha /* verify name/gid match */
e5911e72198df96ec7cfe486ff66363c2297a5f7Simo Sorce c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
d00ffd2cb4e2f17c75b466178bb645b5c9317909Pallavi Jha c_gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
d00ffd2cb4e2f17c75b466178bb645b5c9317909Pallavi Jha DEBUG(2, ("Attribute is missing but this should never happen!\n"));
bc052ea17d858c19f9cb9c9e2bc602e754f68831Sumit Bose /* this is not the entry we are looking for */
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha ret = sysdb_delete_entry(sysdb, msg->dn, false);
80b5dbe123ec94c5a8fcb99f9a4953c1513deb58Sumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
d65f692d7b7639ed8ba0f5cffa4f88b68056739aLukas Slebodnik/* =Search-Netgroups-with-Custom-Filter===================================== */
d65f692d7b7639ed8ba0f5cffa4f88b68056739aLukas Slebodnikint sysdb_search_netgroups(TALLOC_CTX *mem_ctx,
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik const char **attrs,
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek SYSDB_TMPL_NETGROUP_BASE, sysdb->domain->name);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_NC, sub_filter);
777374243e15c53e7b0a7345e190c1018920be18Jakub Hrozek DEBUG(6, ("Search netgroups with filter: %s\n", filter));
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_search_entry(mem_ctx, sysdb, basedn,
3432a503c714732407ea18b2dd32f4f432a6c545Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Entry not found\n"));
3432a503c714732407ea18b2dd32f4f432a6c545Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
3432a503c714732407ea18b2dd32f4f432a6c545Jakub Hrozek/* =Delete-Netgroup-by-Name============================================== */
3432a503c714732407ea18b2dd32f4f432a6c545Jakub Hrozekint sysdb_delete_netgroup(struct sysdb_ctx *sysdb,
3432a503c714732407ea18b2dd32f4f432a6c545Jakub Hrozek const char *name)
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose ret = sysdb_search_netgroup_by_name(tmp_ctx, sysdb,
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose DEBUG(6, ("sysdb_search_netgroup_by_name failed: %d (%s)\n",
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose DEBUG(6, ("Netgroup does not exist, nothing to delete\n"));
022c6b90bb37851c0e8704c0e5388ebc113c6470Lukas Slebodnik DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose/* ========= Authentication against cached password ============ */
939246537b0b9a4af6862c513d3919501ad57d92Sumit Boseerrno_t check_failed_login_attempts(struct confdb_ctx *cdb,
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl *failed_login_attempts = ldb_msg_find_attr_as_uint(ldb_msg,
802909e59daa52c734dbe7f8fa13b0ee23e3e576Lukas Slebodnik last_failed_login = (time_t) ldb_msg_find_attr_as_int64(ldb_msg,
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
338af078fcc18126df939f20182acea7a646b7c8Michal Zidek DEBUG(1, ("Failed to read the number of allowed failed login "
338af078fcc18126df939f20182acea7a646b7c8Michal Zidek "attempts.\n"));
338af078fcc18126df939f20182acea7a646b7c8Michal Zidek ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
338af078fcc18126df939f20182acea7a646b7c8Michal Zidek DEBUG(1, ("Failed to read the failed login delay.\n"));
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl DEBUG(9, ("Failed login attempts [%d], allowed failed login attempts [%d], "
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl "failed login delay [%d].\n", *failed_login_attempts,
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl allowed_failed_login_attempts, failed_login_delay));
802909e59daa52c734dbe7f8fa13b0ee23e3e576Lukas Slebodnik if (*failed_login_attempts >= allowed_failed_login_attempts) {
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl end = last_failed_login + (failed_login_delay * 60);
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl "resetting failed_login_attempts.\n"));
1ce58f139699dd26b8888f4131c996263b6a80a5Jakub Hrozek DEBUG(7, ("login delayed until %lld.\n", (long long) end));
0352c371e743d8dae996123f658b5d32c677614eYassir Elley const char *name,
802909e59daa52c734dbe7f8fa13b0ee23e3e576Lukas Slebodnik const char *attrs[] = { SYSDB_NAME, SYSDB_CACHEDPWD, SYSDB_DISABLED,
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek "lastCachedPasswordChange",
90afedb00608547ae1f32aa7aafd552c4b306909Jakub Hrozek DEBUG(3, ("Cached credentials not available.\n"));
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek ret = sysdb_search_user_by_name(tmp_ctx, sysdb,
5dbf360f2d6b0281c32f1bba6ebf5cc834c1716eSimo Sorce DEBUG(1, ("sysdb_search_user_by_name failed [%d][%s].\n",
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek /* Check offline_auth_cache_timeout */
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek lastLogin = ldb_msg_find_attr_as_uint64(ldb_msg,
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek DEBUG(1, ("Failed to read expiration time of offline credentials.\n"));
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek DEBUG(9, ("Offline credentials expiration is [%d] days.\n",
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek expire_date = lastLogin + (cred_expiration * 86400);
842f83f8db513214241a0fea076ac160b180e1ddLukas Slebodnik DEBUG(4, ("Cached user entry is too old.\n"));
3fe339bcba0e211cc666bb3afe34e5c8fce85f4fJakub Hrozek ret = check_failed_login_attempts(cdb, ldb_msg, &failed_login_attempts,
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek DEBUG(1, ("Failed to check login attempts\n"));
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek /* TODO: verify user account (disabled, expired ...) */
e5911e72198df96ec7cfe486ff66363c2297a5f7Simo Sorce password = talloc_strndup(tmp_ctx, (const char *)authtok, authtok_size);
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL);
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina DEBUG(4, ("Cached credentials not available.\n"));
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash);
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina DEBUG(4, ("Failed to create password hash.\n"));
6ea6662287147308b81b9c9f2f1f3c992d01bc50Jakub Hrozek /* TODO: probable good point for audit logging */
d36f4db9bb5efc63b94190cca25adb08ee56971cJakub Hrozek "but authentication is successful.\n"));
d36f4db9bb5efc63b94190cca25adb08ee56971cJakub Hrozek "but authentication is successful.\n"));
526a15438525417cd701f837d7085b7f8c8a6325Jakub Hrozek DEBUG(3, ("sysdb_attrs_add_time_t failed\n."));
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose ret = sysdb_set_user_attr(sysdb, name, update_attrs, LDB_FLAG_MOD_REPLACE);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose DEBUG(1, ("Failed to update Login attempt information!\n"));
27a7dedb0ee4d4b51ca4c196aa894ad30cb3e821Petr Cech if (password) for (i = 0; password[i]; i++) password[i] = 0;
1d93029624d708119bbf803e6647a2cbb271f001Sumit Boseerrno_t sysdb_update_members(struct sysdb_ctx *sysdb,
1d93029624d708119bbf803e6647a2cbb271f001Sumit Bose const char *member,
1d93029624d708119bbf803e6647a2cbb271f001Sumit Bose const char *const *add_groups,
1d93029624d708119bbf803e6647a2cbb271f001Sumit Bose const char *const *del_groups)
723d514f641e2b5a5cbfe1c6c7bdd2a6f3c5070eFabiano Fidêncio DEBUG(0, ("Failed to start update transaction\n"));
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose /* Add the user to all add_groups */
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose for (i = 0; add_groups[i]; i++) {
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose ret = sysdb_add_group_member(sysdb, add_groups[i], member,
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose DEBUG(1, ("Could not add member [%s] to group [%s]. "
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose /* Continue on, we should try to finish the rest */
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose /* Remove the user from all del_groups */
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose for (i = 0; del_groups[i]; i++) {
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose ret = sysdb_remove_group_member(sysdb, del_groups[i], member,
0b78b4e32955ced0f35c6d4685bd277bb03d04cbSumit Bose DEBUG(1, ("Could not remove member [%s] from group [%s]. "
a5623363d6042290fe652a1ca5ce5a85a821236fPavel Březina /* Continue on, we should try to finish the rest */
a5623363d6042290fe652a1ca5ce5a85a821236fPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Boseerrno_t sysdb_add_netgroup_tuple(struct sysdb_ctx *sysdb,
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Bose return sysdb_mod_netgroup_tuple(sysdb, netgroup, hostname,
a0ab15ceb80290db80c2052520830a95390de385Sumit Boseerrno_t sysdb_remove_netgroup_tuple(struct sysdb_ctx *sysdb,
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose return sysdb_mod_netgroup_tuple(sysdb, netgroup, hostname,
a0ab15ceb80290db80c2052520830a95390de385Sumit Boseerrno_t sysdb_mod_netgroup_tuple(struct sysdb_ctx *sysdb,
e00c2b5ac4963de9521599c88597b7fb97339d0eJakub Hrozek msg->dn = sysdb_netgroup_dn(sysdb, msg, netgroup);
e00c2b5ac4963de9521599c88597b7fb97339d0eJakub Hrozek ret = add_string(msg, mod_op, SYSDB_NETGROUP_TRIPLE, triple);
4d9db278db1197ae84fecb8f269e2de368a6be2aLukas Slebodnik DEBUG(3, ("Error: %d (%s)\n", ret, strerror(ret)));
360a4be4266d6a72be99dfd252623dc0527f5b84Pavel Březinaerrno_t sysdb_add_netgroup_member(struct sysdb_ctx *sysdb,
360a4be4266d6a72be99dfd252623dc0527f5b84Pavel Březina return sysdb_mod_netgroup_member(sysdb, netgroup,
360a4be4266d6a72be99dfd252623dc0527f5b84Pavel Březinaerrno_t sysdb_remove_netgroup_member(struct sysdb_ctx *sysdb,
e5911e72198df96ec7cfe486ff66363c2297a5f7Simo Sorce return sysdb_mod_netgroup_member(sysdb, netgroup,
3a8f6b575f4019f21c9425a26f1b346c08a197aePavel Březinaerrno_t sysdb_mod_netgroup_member(struct sysdb_ctx *sysdb,
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek msg->dn = sysdb_netgroup_dn(sysdb, msg, netgroup);
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek member = talloc_asprintf(msg, SYSDB_TMPL_NETGROUP,
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek ret = add_string(msg, mod_op, SYSDB_MEMBER, member);
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozek DEBUG(3, ("Error: %d (%s)\n", ret, strerror(ret)));
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozekerrno_t sysdb_remove_attrs(struct sysdb_ctx *sysdb,
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozek const char *name,
e5d8b0e10238490c5d199063c0a258ba53c2ac65Lukas Slebodnik msg->dn = sysdb_netgroup_dn(sysdb, msg, name);
0b7ded15e53b3f31f1570c366f04bc41e5761929Petr Čech msg->dn = sysdb_svc_dn(sysdb, msg, sysdb->domain->name, name);
e4d18b748fd8298b5cc6b6687ca05ffffa20c574Petr Cech DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
e4d18b748fd8298b5cc6b6687ca05ffffa20c574Petr Cech for (i = 0; remove_attrs[i]; i++) {
e4d18b748fd8298b5cc6b6687ca05ffffa20c574Petr Cech /* SYSDB_MEMBEROF is exclusively handled by the memberof plugin */
e4d18b748fd8298b5cc6b6687ca05ffffa20c574Petr Cech if (strcasecmp(remove_attrs[i], SYSDB_MEMBEROF) == 0) {
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek /* We need to do individual modifies so that we can
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek * skip unknown attributes. Otherwise, any nonexistent
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek * attribute in the sysdb will cause other removals to
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek if (lret != LDB_SUCCESS && lret != LDB_ERR_NO_SUCH_ATTRIBUTE) {
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozek /* Remove this attribute and move on to the next one */
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));