sysdb_ops.c revision cae9c9fbdebc3f6a4c390a20e75447217439dff7
/*
SSSD
System Database
Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "db/sysdb_private.h"
#include "util/sha512crypt.h"
#include <time.h>
{
int ret;
if (ret == LDB_SUCCESS) {
}
return ENOMEM;
}
{
int ret;
if (ret == LDB_SUCCESS) {
}
return ENOMEM;
}
{
long long int l;
if (!v || !v->data) {
return 0;
}
errno = 0;
if (errno) {
return (uint32_t)-1;
}
if (l < 0 || l > ((uint32_t)(-1))) {
return (uint32_t)-1;
}
return l;
}
#define ERROR_OUT(v, r, l) do { v = r; goto l; } while(0);
/* =LDB-Request-(tevent_req-style)======================================== */
struct sldb_request_state {
struct tevent_context *ev;
struct ldb_context *ldbctx;
struct ldb_request *ldbreq;
};
struct tevent_context *ev,
struct ldb_context *ldbctx,
struct ldb_request *ldbreq)
{
struct sldb_request_state *state;
if (!subreq) {
return NULL;
}
return req;
}
{
struct tevent_req);
struct sldb_request_state);
int ret;
if (!tevent_wakeup_recv(subreq)) return;
if (ret != LDB_SUCCESS) {
}
}
{
struct tevent_req);
struct sldb_request_state);
int err;
if (!ldbreply) {
}
}
return EOK;
}
return EOK;
fail:
return EOK;
}
{
struct sldb_request_state);
enum tevent_req_state tstate;
}
switch (tstate) {
case TEVENT_REQ_USER_ERROR:
return err;
case TEVENT_REQ_IN_PROGRESS:
return EOK;
default:
return EIO;
}
}
return EOK;
}
/* =Standard-Sysdb-Operations-utility-functions=========================== */
struct sysdb_op_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
bool ignore_not_found;
struct ldb_message **msgs;
};
{
struct tevent_req);
struct sysdb_op_state);
int ret;
if (ret) {
goto done;
}
return;
}
return;
}
done:
}
{
return EOK;
}
/* =Remove-Entry-From-Sysdb=============================================== */
bool ignore_not_found)
{
int ret;
switch (ret) {
case LDB_SUCCESS:
return EOK;
case LDB_ERR_NO_SUCH_OBJECT:
if (ignore_not_found) {
return EOK;
}
/* fall through */
default:
return sysdb_error_to_errno(ret);
}
}
static
struct tevent_context *ev,
struct sysdb_handle *handle,
bool ignore_not_found)
{
struct sysdb_op_state *state;
struct ldb_request *ldbreq;
int ret;
if (ret != LDB_SUCCESS) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
static
{
return sysdb_op_default_recv(req);
}
/* =Remove-Subentries-From-Sysdb=============================================== */
struct sysdb_delete_recursive_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
bool ignore_not_found;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
bool ignore_not_found)
{
struct sysdb_delete_recursive_state *state;
int ret;
const char **no_attrs;
struct sysdb_delete_recursive_state);
state->msgs_count = 0;
state->current_item = 0;
}
"(distinguishedName=*)", no_attrs);
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_delete_recursive_state);
int ret;
if (ret) {
return;
}
return;
}
state->current_item = 0;
}
{
struct sysdb_delete_recursive_state);
struct tevent_req *subreq;
int ret;
struct ldb_request *ldbreq;
if (ret != LDB_SUCCESS) {
goto fail;
}
ldbreq);
if (!subreq) {
goto fail;
}
state->current_item++;
return;
}
return;
fail:
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Search-Entry========================================================== */
struct tevent_context *ev,
struct sysdb_handle *handle,
int scope,
const char *filter,
const char **attrs)
{
struct sysdb_op_state *state;
struct ldb_request *ldbreq;
int ret;
state->ignore_not_found = false;
state->msgs_count = 0;
if (ret != LDB_SUCCESS) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_op_state);
struct ldb_message **dummy;
int ret;
if (ret) {
return;
}
case LDB_REPLY_ENTRY:
struct ldb_message *,
return;
}
state->msgs_count++;
return;
case LDB_REPLY_DONE:
if (state->msgs_count == 0) {
return;
}
return tevent_req_done(req);
default:
/* unexpected stuff */
return;
}
}
struct ldb_message ***msgs)
{
struct sysdb_op_state);
return EOK;
}
struct sysdb_search_user_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
const char **attrs;
const char *filter;
int scope;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char **attrs)
{
struct sysdb_search_user_state *state;
int ret;
state->msgs_count = 0;
}
if (!handle) {
if (!subreq) {
}
}
else {
if (!subreq) {
}
}
return req;
fail:
return req;
}
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char **attrs)
{
struct sysdb_search_user_state *state;
int ret;
state->msgs_count = 0;
}
(unsigned long)uid);
}
if (!handle) {
if (!subreq) {
}
}
else {
if (!subreq) {
}
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_search_user_state);
int ret;
if (ret) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_search_user_state);
int ret;
if (ret) {
return;
}
}
struct ldb_message **msg)
{
struct sysdb_search_user_state);
return EFAULT;
}
return EOK;
}
struct sysdb_search_group_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
const char **attrs;
const char *filter;
int scope;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char **attrs)
{
struct sysdb_search_group_state *state;
int ret;
state->msgs_count = 0;
}
if (!handle) {
if (!subreq) {
}
}
else {
if (!subreq) {
}
}
return req;
fail:
return req;
}
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char **attrs)
{
struct sysdb_search_group_state *state;
int ret;
state->msgs_count = 0;
}
(unsigned long)gid);
}
if (!handle) {
if (!subreq) {
}
}
else {
if (!subreq) {
}
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_search_group_state);
int ret;
if (ret) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_search_group_state);
int ret;
if (ret) {
return;
}
}
struct ldb_message **msg)
{
struct sysdb_search_group_state);
return EFAULT;
}
return EOK;
}
/* =Replace-Attributes-On-Entry=========================================== */
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sysdb_attrs *attrs,
int mod_op)
{
struct sysdb_op_state *state;
struct ldb_request *ldbreq;
struct ldb_message *msg;
int i, ret;
state->ignore_not_found = false;
if (!entry_dn) {
}
}
if (!msg) {
}
}
}
if (ret != LDB_SUCCESS) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
return sysdb_op_default_recv(req);
}
/* =Replace-Attributes-On-User============================================ */
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
{
struct sysdb_op_state *state;
int ret;
state->ignore_not_found = false;
if (!dn) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Replace-Attributes-On-Group=========================================== */
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
{
struct sysdb_op_state *state;
int ret;
state->ignore_not_found = false;
if (!dn) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Get-New-ID============================================================ */
struct sysdb_get_new_id_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
struct ldb_message *base;
struct ldb_message **v_msgs;
int v_count;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain)
{
struct sysdb_get_new_id_state *state;
struct ldb_request *ldbreq;
int ret;
}
if (ret != LDB_SUCCESS) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_get_new_id_state);
struct ldb_request *ldbreq;
char *filter;
int ret;
if (ret) {
return;
}
case LDB_REPLY_ENTRY:
"DB seems corrupted, aborting.\n"));
return;
}
return;
}
/* just return, wait for a LDB_REPLY_DONE entry */
return;
case LDB_REPLY_DONE:
break;
default:
/* unexpected stuff */
return;
}
return;
}
}
DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
return;
}
} else {
/* looks like the domain is not initialized yet, use min_id */
}
/* verify the id is actually really free.
* search all entries with id >= new_id and < max_id */
"(|(&(%s>=%u)(%s<=%u))(&(%s>=%u)(%s<=%u)))",
}
else {
"(|(%s>=%u)(%s>=%u))",
}
if (!filter) {
return;
}
if (ret != LDB_SUCCESS) {
return;
}
if (!subreq) {
return;
}
return;
}
{
struct tevent_req);
struct sysdb_get_new_id_state);
struct ldb_request *ldbreq;
struct ldb_message *msg;
int ret, i;
if (ret) {
return;
}
case LDB_REPLY_ENTRY:
struct ldb_message *,
return;
}
return;
}
/* just return, wait for a LDB_REPLY_DONE entry */
return;
case LDB_REPLY_DONE:
break;
default:
/* unexpected stuff */
return;
}
/* if anything was found, find the maximum and increment past it */
}
}
}
/* check again we are not falling out of range */
DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
return;
}
}
/* finally store the new next id */
if (!msg) {
return;
}
if (ret) {
return;
}
if (ret != LDB_SUCCESS) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_get_new_id_state);
int ret;
if (ret) {
return;
}
return;
}
}
{
struct sysdb_get_new_id_state);
return EOK;
}
/* =Add-Basic-User-NO-CHECKS============================================== */
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char *gecos,
const char *homedir,
const char *shell)
{
struct sysdb_op_state *state;
struct ldb_request *ldbreq;
struct ldb_message *msg;
int ret;
state->ignore_not_found = false;
if (!msg) {
}
/* user dn */
}
/* We set gecos to be the same as fullname on user creation,
* But we will not enforce coherency after that, it's up to
* admins to decide if they want to keep it in sync if they change
* one of the 2 */
}
}
}
/* creation time */
if (ret != LDB_SUCCESS) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
return sysdb_op_default_recv(req);
}
/* =Add-User-Function===================================================== */
struct sysdb_add_user_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *name;
const char *gecos;
const char *homedir;
const char *shell;
struct sysdb_attrs *attrs;
int cache_timeout;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char *gecos,
const char *homedir,
const char *shell,
struct sysdb_attrs *attrs,
int cache_timeout)
{
struct sysdb_add_user_state *state;
int ret;
if (gid != 0) {
DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n"));
}
}
}
}
/* In MPG domains you can't have groups with the same name as users,
* search if a group with the same name exists.
* Don't worry about users, if we try to add a user with the same
* name the operation will fail */
if (!subreq) {
}
return req;
}
/* check no other user with the same uid exist */
if (!subreq) {
}
return req;
}
/* try to add the user */
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_add_user_state);
struct ldb_message *msg;
int ret;
/* We can succeed only if we get an ENOENT error, which means no groups
* with the same name exist.
* If any other error is returned fail as well. */
return;
}
/* check no other user with the same uid exist */
NULL);
if (!subreq) {
return;
}
return;
}
/* try to add the user */
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_add_user_state);
struct ldb_message *msg;
int ret;
/* We can succeed only if we get an ENOENT error, which means no user
* with the same uid exist.
* If any other error is returned fail as well. */
return;
}
/* try to add the user */
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_add_user_state);
int ret;
if (ret) {
return;
}
if (!subreq) {
return;
}
return;
}
}
{
struct tevent_req);
struct sysdb_add_user_state);
struct sysdb_attrs *id_attrs;
int ret;
if (ret) {
return;
}
if (!id_attrs) {
return;
}
if (ret) {
return;
}
if (ret) {
return;
}
}
if (!subreq) {
return;
}
return;
}
}
{
struct tevent_req);
struct sysdb_add_user_state);
int ret;
if (ret) {
return;
}
}
}
{
struct sysdb_add_user_state);
struct tevent_req *subreq;
int ret;
return;
}
}
if (ret) {
return;
}
((state->cache_timeout) ?
if (ret) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Add-Basic-Group-NO-CHECKS============================================= */
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
{
struct sysdb_op_state *state;
struct ldb_request *ldbreq;
struct ldb_message *msg;
int ret;
state->ignore_not_found = false;
if (!msg) {
}
/* user dn */
}
/* creation time */
if (ret != LDB_SUCCESS) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
return sysdb_op_default_recv(req);
}
/* =Add-Group-Function==================================================== */
struct sysdb_add_group_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *name;
struct sysdb_attrs *attrs;
int cache_timeout;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
struct sysdb_attrs *attrs,
int cache_timeout)
{
struct sysdb_add_group_state *state;
int ret;
}
/* In MPG domains you can't have groups with the same name as users,
* search if a group with the same name exists.
* Don't worry about users, if we try to add a user with the same
* name the operation will fail */
if (!subreq) {
}
return req;
}
/* check no other groups with the same gid exist */
if (!subreq) {
}
return req;
}
/* try to add the group */
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_add_group_state);
struct ldb_message *msg;
int ret;
/* We can succeed only if we get an ENOENT error, which means no users
* with the same name exist.
* If any other error is returned fail as well. */
return;
}
/* check no other group with the same gid exist */
NULL);
if (!subreq) {
return;
}
return;
}
/* try to add the group */
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_add_group_state);
struct ldb_message *msg;
int ret;
/* We can succeed only if we get an ENOENT error, which means no group
* with the same gid exist.
* If any other error is returned fail as well. */
return;
}
/* try to add the group */
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_add_group_state);
int ret;
if (ret) {
return;
}
if (!subreq) {
return;
}
return;
}
}
{
struct tevent_req);
struct sysdb_add_group_state);
int ret;
if (ret) {
return;
}
return;
}
}
if (ret) {
return;
}
}
}
{
struct sysdb_add_group_state);
struct tevent_req *subreq;
int ret;
return;
}
}
if (ret) {
return;
}
((state->cache_timeout) ?
if (ret) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Add-Or-Remove-Group-Memeber=========================================== */
/* mod_op must be either SYSDB_MOD_ADD or SYSDB_MOD_DEL */
struct tevent_context *ev,
struct sysdb_handle *handle,
int mod_op)
{
struct sysdb_op_state *state;
struct ldb_request *ldbreq;
struct ldb_message *msg;
const char *dn;
int ret;
state->ignore_not_found = false;
if (!msg) {
}
if (ret != LDB_SUCCESS) {
}
if (!dn) {
}
if (ret != LDB_SUCCESS) {
}
if (ret != LDB_SUCCESS) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
return sysdb_op_default_recv(req);
}
/* if one of the basic attributes is empty ("") as opposed to NULL,
* this will just remove it */
struct sysdb_store_user_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *name;
const char *gecos;
const char *homedir;
const char *shell;
struct sysdb_attrs *attrs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char *pwd,
const char *gecos,
const char *homedir,
const char *shell,
struct sysdb_attrs *attrs,
{
struct sysdb_store_user_state *state;
int ret;
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_store_user_state);
struct ldb_message *msg;
int ret;
return;
}
/* users doesn't exist, turn into adding a user */
if (!subreq) {
return;
}
return;
}
/* the user exists, let's just replace attributes when set */
return;
}
}
if (ret) {
return;
}
}
if (ret) {
return;
}
}
if (ret) {
return;
}
}
if (ret) {
return;
}
}
if (ret) {
return;
}
}
if (ret) {
return;
}
}
if (ret) {
return;
}
((state->cache_timeout) ?
if (ret) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* this function does not check that all user members are actually present */
struct sysdb_store_group_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *name;
struct sysdb_attrs *attrs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
{
struct sysdb_store_group_state *state;
int ret;
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_store_group_state);
struct ldb_message *msg;
bool new_group = false;
int ret;
return;
}
new_group = true;
}
/* FIXME: use the remote modification timestamp to know if the
* group needs any update */
if (new_group) {
/* group doesn't exist, turn into adding a group */
if (!subreq) {
return;
}
return;
}
/* the group exists, let's just replace attributes when set */
return;
}
}
if (ret) {
return;
}
}
if (ret) {
return;
}
((state->cache_timeout) ?
if (ret) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *group,
const char *user)
{
struct sysdb_op_state *state;
int ret;
state->ignore_not_found = false;
if (!group_dn) {
}
if (!user_dn) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *group,
const char *user)
{
struct sysdb_op_state *state;
int ret;
state->ignore_not_found = false;
if (!group_dn) {
}
if (!user_dn) {
}
if (!subreq) {
}
return req;
fail:
return req;
}
{
struct tevent_req);
int ret;
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Password-Caching====================================================== */
struct sysdb_cache_pw_state {
struct tevent_context *ev;
struct sss_domain_info *domain;
const char *username;
struct sysdb_attrs *attrs;
struct sysdb_handle *handle;
bool commit;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *username,
const char *password)
{
struct sysdb_cache_pw_state *state;
char *salt;
int ret;
if (ret) {
goto fail;
}
if (ret) {
goto fail;
}
}
/* FIXME: should we use a different attribute for chache passwords ?? */
if (handle) {
if (!subreq) {
}
} else {
if (!subreq) {
goto fail;
}
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_cache_pw_state);
int ret;
if (ret) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_cache_pw_state);
int ret;
if (ret) {
return;
}
if (!subreq) {
return;
}
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* = sysdb_check_handle ================== */
struct sysdb_check_handle_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
};
struct tevent_context *ev,
struct sysdb_handle *handle)
{
struct tevent_req *req;
struct tevent_req *subreq;
struct sysdb_check_handle_state *state;
return NULL;
}
return NULL;
}
} else {
}
return req;
}
if (!subreq) {
return req;
}
return req;
}
{
struct tevent_req);
struct sysdb_check_handle_state);
int ret;
if (ret) {
return;
}
return;
}
struct sysdb_handle **handle)
{
struct sysdb_check_handle_state);
return EOK;
}
/* =Custom Search================== */
struct sysdb_search_custom_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
const char **attrs;
const char *filter;
int scope;
bool expect_not_more_than_one;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *filter,
const char *subtree_name,
const char **attrs)
{
struct sysdb_search_custom_state *state;
int ret;
return NULL;
}
state->expect_not_more_than_one = false;
state->msgs_count = 0;
}
goto fail;
}
goto fail;
}
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
const char **attrs)
{
struct sysdb_search_custom_state *state;
int ret;
return NULL;
}
state->expect_not_more_than_one = true;
state->msgs_count = 0;
}
goto fail;
}
goto fail;
}
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_search_custom_state);
int ret;
return;
}
if (!subreq) {
return;
}
return;
}
{
struct tevent_req);
struct sysdb_search_custom_state);
int ret;
if (ret) {
return;
}
return;
}
}
struct ldb_message ***msgs)
{
struct sysdb_search_custom_state);
return EOK;
}
/* =Custom Store (replaces-existing-data)================== */
struct sysdb_store_custom_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *object_name;
const char *subtree_name;
struct sysdb_attrs *attrs;
struct ldb_message *msg;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
struct sysdb_attrs *attrs)
{
struct sysdb_store_custom_state *state;
int ret;
const char **search_attrs;
return NULL;
}
return NULL;
}
goto fail;
}
if (search_attrs == NULL) {
goto fail;
}
search_attrs[0] = "*";
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_store_custom_state);
int ret;
int i;
size_t resp_count = 0;
struct ldb_message **resp;
struct ldb_message *msg;
struct ldb_request *ldbreq;
struct ldb_message_element *el;
bool add_object = false;
return;
}
add_object = true;
}
return;
}
return;
}
if (add_object) {
} else {
} else {
}
}
}
if (add_object) {
} else {
}
if (ret != LDB_SUCCESS) {
return;
}
ldbreq);
if (!subreq) {
return;
}
return;
}
{
struct tevent_req);
int ret;
return;
}
return;
}
{
return EOK;
}
/* = Custom Delete======================================= */
struct sysdb_delete_custom_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *object_name;
const char *subtree_name;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name)
{
struct sysdb_delete_custom_state *state;
int ret;
return NULL;
}
return NULL;
}
goto fail;
}
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
int ret;
return;
}
return;
}
{
return EOK;
}
/* = ASQ search request ======================================== */
struct sysdb_asq_search_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *asq_attribute;
const char **attrs;
const char *expression;
int msgs_count;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *expression,
const char *asq_attribute,
const char **attrs)
{
struct tevent_req *req;
struct tevent_req *subreq;
struct sysdb_asq_search_state *state;
int ret;
return NULL;
}
return NULL;
}
state->msgs_count = 0;
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_asq_search_state);
struct ldb_request *ldb_req;
struct ldb_control **ctrl;
struct ldb_asq_control *asq_control;
int ret;
return;
}
goto fail;
}
goto fail;
}
if (asq_control == NULL) {
goto fail;
}
goto fail;
}
if (ret != LDB_SUCCESS) {
goto fail;
}
ldb_req);
if (!subreq) {
goto fail;
}
return;
fail:
return;
}
{
struct tevent_req);
struct sysdb_asq_search_state);
int ret;
/* DO NOT free the subreq here, the subrequest search is not
* finished until we get an ldbreply of type LDB_REPLY_DONE */
return;
}
case LDB_REPLY_ENTRY:
struct ldb_message *,
return;
}
state->msgs_count++;
return;
case LDB_REPLY_DONE:
/* now it is safe to free the subrequest, the search is complete */
break;
default:
return;
}
}
{
struct sysdb_asq_search_state);
return EOK;
}
/* =Search-Users-with-Custom-Filter====================================== */
struct sysdb_search_users_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *sub_filter;
const char **attrs;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs)
{
struct sysdb_search_users_state *state;
int ret;
return NULL;
}
state->msgs_count = 0;
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_search_users_state);
char *filter;
int ret;
return;
}
if (!basedn) {
return;
}
if (!filter) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_search_users_state);
int ret;
if (ret) {
return;
}
}
{
struct sysdb_search_users_state);
return EOK;
}
/* =Delete-User-by-Name-OR-uid============================================ */
struct sysdb_delete_user_state {
struct tevent_context *ev;
struct sss_domain_info *domain;
const char *name;
struct sysdb_handle *handle;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
{
struct sysdb_delete_user_state *state;
if (!subreq) {
return req;
}
return req;
}
{
struct tevent_req);
struct sysdb_delete_user_state);
int ret;
return;
}
} else {
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_delete_user_state);
struct ldb_message *msg;
int ret;
if (ret) {
return;
}
const char *name;
return;
}
/* this is not the entry we are looking for */
return;
}
}
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Search-Groups-with-Custom-Filter===================================== */
struct sysdb_search_groups_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *sub_filter;
const char **attrs;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs)
{
struct sysdb_search_groups_state *state;
int ret;
return NULL;
}
state->msgs_count = 0;
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_search_groups_state);
char *filter;
int ret;
return;
}
if (!basedn) {
return;
}
if (!filter) {
return;
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_search_groups_state);
int ret;
if (ret) {
return;
}
}
{
struct sysdb_search_groups_state);
return EOK;
}
/* =Delete-Group-by-Name-OR-gid=========================================== */
struct sysdb_delete_group_state {
struct tevent_context *ev;
struct sss_domain_info *domain;
const char *name;
struct sysdb_handle *handle;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
{
struct sysdb_delete_group_state *state;
if (!subreq) {
return req;
}
return req;
}
{
struct tevent_req);
struct sysdb_delete_group_state);
int ret;
return;
}
} else {
}
if (!subreq) {
return;
}
}
{
struct tevent_req);
struct sysdb_delete_group_state);
struct ldb_message *msg;
int ret;
if (ret) {
return;
}
const char *name;
return;
}
/* this is not the entry we are looking for */
return;
}
}
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* ========= Authentication against cached password ============ */
struct sysdb_cache_auth_state {
struct tevent_context *ev;
const char *name;
struct sss_domain_info *domain;
struct confdb_ctx *cdb;
struct sysdb_attrs *update_attrs;
struct sysdb_handle *handle;
};
struct ldb_message *ldb_msg,
{
int ret;
int failed_login_delay;
*delayed_until = -1;
"attempts.\n"));
return EIO;
}
return EIO;
}
"failed login delay [%d].\n", *failed_login_attempts,
if (failed_login_delay) {
"resetting failed_login_attempts.\n"));
*failed_login_attempts = 0;
} else {
*delayed_until = end;
return EACCES;
}
} else {
return EACCES;
}
}
}
return EOK;
}
struct tevent_context *ev,
struct sss_domain_info *domain,
const char *name,
struct confdb_ctx *cdb)
{
struct tevent_req *req;
struct tevent_req *subreq;
struct sysdb_cache_auth_state *state;
return NULL;
}
return NULL;
}
return NULL;
}
if (!domain->cache_credentials) {
return NULL;
}
static const char *attrs[] = {SYSDB_NAME,
"lastCachedPasswordChange",
"accountExpires",
NULL};
return NULL;
}
state->authentication_successful = false;
return NULL;
}
return req;
}
{
struct ldb_message *ldb_msg;
const char *userhash;
char *comphash;
int i;
int ret;
int cred_expiration;
struct tevent_req);
struct sysdb_cache_auth_state);
return;
}
/* Check offline_auth_cache_timeout */
0);
goto done;
}
if (cred_expiration) {
state->expire_date = 0;
goto done;
}
} else {
state->expire_date = 0;
}
&state->delayed_until);
goto done;
}
/* TODO: verify user account (disabled, expired ...) */
goto done;
}
goto done;
}
if (ret) {
goto done;
}
goto done;
}
/* TODO: probable good point for audit logging */
state->authentication_successful = true;
"but authentication is successful.\n"));
goto done;
}
"but authentication is successful.\n"));
goto done;
}
} else {
state->authentication_successful = false;
goto done;
}
goto done;
}
}
goto done;
}
req);
return;
done:
} else {
}
return;
}
{
int ret;
struct tevent_req);
struct sysdb_cache_auth_state);
goto done;
}
goto done;
}
req);
return;
done:
if (state->authentication_successful) {
} else {
}
return;
}
{
int ret;
struct tevent_req);
struct sysdb_cache_auth_state);
goto done;
}
goto done;
}
return;
done:
if (state->authentication_successful) {
} else {
}
return;
}
{
int ret;
struct tevent_req);
struct sysdb_cache_auth_state);
}
if (state->authentication_successful) {
} else {
}
return;
}
time_t *delayed_until) {
struct sysdb_cache_auth_state);
}