sysdb_ops.c revision e60b425ddc0e24178d044bef04ab7349ac7a7826
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher System Database
c252d148fa8ab50aaaa8bbae7beb4d208025171dNikolai Kondrashov Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
9542512d7be40f2000298c86d3d2b728f4f0f65aStephen Gallagher This program is free software; you can redistribute it and/or modify
9542512d7be40f2000298c86d3d2b728f4f0f65aStephen Gallagher it under the terms of the GNU General Public License as published by
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov the Free Software Foundation; either version 3 of the License, or
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov (at your option) any later version.
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov This program is distributed in the hope that it will be useful,
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov but WITHOUT ANY WARRANTY; without even the implied warranty of
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek GNU General Public License for more details.
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher You should have received a copy of the GNU General Public License
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint add_string(struct ldb_message *msg, int flags,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_msg_add_empty(msg, attr, flags, NULL);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_msg_add_string(msg, attr, value);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint add_ulong(struct ldb_message *msg, int flags,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke ret = ldb_msg_add_fmt(msg, attr, "%lu", value);
f3c85d900c4663854cc7bbae7d9f77867ed1f69bSumit Bosestatic uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr)
f3c85d900c4663854cc7bbae7d9f77867ed1f69bSumit Bose const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher long long int l;
2a552e43581c74f51205c7141ec9f6e9542509f8Stephen Gallagher if (!v || !v->data) {
2a5790216f57e9bdfb2930d52860bb5300366536Jakub Hrozek * The wrapper around ldb_modify that uses LDB_CONTROL_PERMISSIVE_MODIFY_OID
5377441d7a846461c2d9a7a870cea711360a529aNikolai Kondrashov * so that on adds entries that already exist are skipped and similarly
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * entries that are missing are ignored on deletes
32381402a4a9afc003782c9e2301fc59c9bda2a9Yassir Elleyint sss_ldb_modify_permissive(struct ldb_context *ldb,
bc13c352ba9c2877f1e9bc62e55ad60fc000a55dJakub Hrozek ret = ldb_request_add_control(req, LDB_CONTROL_PERMISSIVE_MODIFY_OID,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_wait(req->handle, LDB_WAIT_ALL);
4f6931e854c698dcb1c09f99eb330ce2fb97e7c6Lukas Slebodnik#define ERROR_OUT(v, r, l) do { v = r; goto l; } while(0)
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Remove-Entry-From-Sysdb=============================================== */
f1828234a850dd28465425248a83a993f262918fPavel Březina /* fall through */
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina DEBUG(1, ("LDB Error: %s(%d)\nError Message: [%s]\n",
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Remove-Subentries-From-Sysdb=========================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_delete_recursive(struct sysdb_ctx *sysdb,
3be9e26dcd169d44ae105f1b8a0674464c700b77Sumit Bose DEBUG(6, ("Search error: %d (%s)\n", ret, strerror(ret)));
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce DEBUG(SSSDBG_TRACE_ALL, ("Found [%zu] items to delete.\n", msgs_count));
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose for (i = 0; i < msgs_count; i++) {
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozek ret = sysdb_delete_entry(sysdb, msgs[i]->dn, false);
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek/* =Search-Entry========================================================== */
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek const char **attrs,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina/* =Search-Entry-by-SID-string============================================ */
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichlint sysdb_search_entry_by_sid_str(TALLOC_CTX *mem_ctx,
526a15438525417cd701f837d7085b7f8c8a6325Jakub Hrozek const char **attrs,
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Bose const char *def_attrs[] = { SYSDB_NAME, SYSDB_SID_STR, NULL };
99c5f2f6ba0af6ce52be0d82ec2794bacc215742Jakub Hrozek basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek filter = talloc_asprintf(tmp_ctx, filter_str, sid_str);
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn, LDB_SCOPE_SUBTREE,
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Search-User-by-[UID/SID/NAME]============================================= */
fb3c5cdfcda069a5fbeb7b9d200c0881911364b8Jakub Hrozekint sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
9f521c61c17cecd9625ebc1b33c666fa3488622cJakub Hrozek const char *name,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher filter = talloc_asprintf(tmp_ctx, SYSDB_PWNAM_FILTER, sanitized_name,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn, LDB_SCOPE_SUBTREE,
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkeint sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx,
1d1a0a019d8d4d9ab0f51ada03604cd2cada287eSumit Bose const char **attrs,
1d1a0a019d8d4d9ab0f51ada03604cd2cada287eSumit Bose const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik filter = talloc_asprintf(tmp_ctx, SYSDB_PWUID_FILTER, (unsigned long)uid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Use SUBTREE scope here, not ONELEVEL
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * There is a bug in LDB that makes ONELEVEL searches extremely
1467daed400d6c186bd0c99c057c42e764309ff3Stephen Gallagher * slow (it ignores indexing)
15b266d9f14dad26da8678a79019749d0f69532eStephen Gallagher ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn,
51d65c4ad15c2cc23f38fa09dd6efeb15e4f3e86Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
51d65c4ad15c2cc23f38fa09dd6efeb15e4f3e86Jakub Hrozekint sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher return sysdb_search_entry_by_sid_str(mem_ctx, domain,
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov/* =Search-Group-by-[GID/SID/NAME]============================================ */
6398f22526303343193a18e514602f1af6fb29cbNikolai Kondrashovint sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
a8d887323f83984679a7d9b827a70146656bb7b2Sumit Bose const char *name,
a8d887323f83984679a7d9b827a70146656bb7b2Sumit Bose const char **attrs,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher static const char *def_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher basedn = sysdb_group_dn(tmp_ctx, domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn, LDB_SCOPE_BASE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher NULL, attrs?attrs:def_attrs, &msgs_count, &msgs);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Boseint sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx,
0ef783e186ef1c9f60e61a4e8e54c44cb366fdfePavel Březina const char **attrs,
50c9d542e8bf641412debaa82a4dcf67ddb72258Lukas Slebodnik const char *def_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL };
0ae7e46a3990c47873fca879a9395e3ce00d9150Pavel Březina basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina filter = talloc_asprintf(tmp_ctx, SYSDB_GRGID_FILTER, (unsigned long)gid);
3be2628d8aba6aeb99ac1484da990f1fad8169ecPavel Březina /* Use SUBTREE scope here, not ONELEVEL
2e13817e64ff1e0e47dc844be501f2d3ab299f34Pavel Březina * There is a bug in LDB that makes ONELEVEL searches extremely
c2fc9459c31cb1192ab3c15ce4df1c150e99bf95Pavel Březina * slow (it ignores indexing)
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn, LDB_SCOPE_SUBTREE,
83a79d93035c2d75a1941f3b54426119174044a0Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx,
aea1d5c0ca9bb1470759b024c8b97b6c1f577193Pavel Březina const char **attrs,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher return sysdb_search_entry_by_sid_str(mem_ctx, domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Search-Group-by-Name============================================ */
ca261795ce61c41d7e62217ccb2ee913923040ffPavel Březinaint sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher static const char *def_attrs[] = { SYSDB_NAME, NULL };
6499d0b915209b670f8e337c4fe76a8be9fa6576Simo Sorce basedn = sysdb_netgroup_dn(tmp_ctx, domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn, LDB_SCOPE_BASE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
bfbf5cb0f00c60c0f000f56c282377b13b9a89abSumit Bose DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Replace-Attributes-On-Entry=========================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
5a70b84cb66fb8c7a3fce0e3f2e4b61e0b2ea9d4Simo Sorce msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num);
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina ("ldb_modify failed: [%s]\n", ldb_strerror(lret)));
ef39c0adcb61b16f9edc7beb4cdc8f3b0d5a8f15Stephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
04e870d99e72aa3160bdb6ab05d986fb4005c3edPavel Březina DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta/* =Replace-Attributes-On-User============================================ */
7f0b01bf0a8f5c5b3ef145e81511b6db2cb4f98fPavel Březinaint sysdb_set_user_attr(struct sss_domain_info *domain,
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek const char *name,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher dn = sysdb_user_dn(tmp_ctx, domain, name);
1f1e6cbc59868f06dee3ab4b3df660fcb77ce1c8Jakub Hrozek ret = sysdb_set_entry_attr(domain->sysdb, dn, attrs, mod_op);
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina/* =Replace-Attributes-On-Group=========================================== */
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březinaint sysdb_set_group_attr(struct sss_domain_info *domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher dn = sysdb_group_dn(tmp_ctx, domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_entry_attr(domain->sysdb, dn, attrs, mod_op);
cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464Pavel Reichl/* =Replace-Attributes-On-Netgroup=========================================== */
fae99bfe4bfc8b4a12e9c2a0ad01b3684c22f934Simo Sorceint sysdb_set_netgroup_attr(struct sss_domain_info *domain,
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek const char *name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_set_entry_attr(domain->sysdb, dn, attrs, mod_op);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina/* =Get-New-ID============================================================ */
e07d700ed9daf0cf96607fa2d72978cb2431b794Pavel Březinaint sysdb_get_new_id(struct sss_domain_info *domain,
347f7c4d1e8e83fc7ffcaf9524a67e8b3ad5d7c5Jan Cholasta const char *attrs_1[] = { SYSDB_NEXTID, NULL };
4139a7a731f2831963a42b26aac111422be28792Jakub Hrozek const char *attrs_2[] = { SYSDB_UIDNUM, SYSDB_GIDNUM, NULL };
284937e6b5b0c9d7a1d3382d0d2820d1168842fbPavel Březina ret = ldb_transaction_start(domain->sysdb->ldb);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, domain->sysdb, base_dn, LDB_SCOPE_BASE,
3b08dec5ee634f83ee18e1753d5ffe0ac5e3c458Jakub Hrozek new_id = get_attr_as_uint32(msgs[0], SYSDB_NEXTID);
374bf54785365273b20690bd3792c25a44738041Pavel Březina DEBUG(1, ("Invalid Next ID in domain %s\n", domain->name));
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina if ((domain->id_max != 0) && (new_id > domain->id_max)) {
eaa723b4d06b4c1e588df67bef44a84bbfaebf1aLukas Slebodnik DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher /* looks like the domain is not initialized yet, use min_id */
96453f402831275a39d5fb89c33c9776e148d03fStephen Gallagher /* verify the id is actually really free.
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher * search all entries with id >= new_id and < max_id */
5a05b6127064c74349f1edae32e5e13032c386feLukas Slebodnik "(|(&(%s>=%u)(%s<=%u))(&(%s>=%u)(%s<=%u)))",
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik "(|(%s>=%u)(%s>=%u))",
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik ret = sysdb_search_entry(tmp_ctx, domain->sysdb, base_dn, LDB_SCOPE_SUBTREE,
625bb2ddf15e8f305a53afa44e87f2146fa930afSimo Sorce /* if anything was found, find the maximum and increment past it */
b3a22ee1d91aa4ed1544475be16ec2b7cf886180Jakub Hrozek for (i = 0; i < count; i++) {
0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose /* check again we are not falling out of range */
0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose if ((domain->id_max != 0) && (new_id > domain->id_max)) {
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
0d5bb38364a6976e9c85d6349aa13a04d181a090Sumit Bose /* finally store the new next id */
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose ret = ldb_transaction_commit(domain->sysdb->ldb);
3b1aa479b377e570c6dff359a1f8099289a2af75Michal Židek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose/* =Add-Basic-User-NO-CHECKS============================================== */
bf01e8179cbb2be476805340636098deda7e1366Sumit Boseint sysdb_add_basic_user(struct sss_domain_info *domain,
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose const char *name,
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose const char *gecos,
d87e960c17d7598781cf032d06ba03a3ecadbfa2Pavel Březina ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS);
1319e71fd1680ca4864afe0b1aca2b8c8e4a1ee4Stef Walter ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
ae7247551b78a05a5397d3c790afad7ef51b0d9dPavel Březina ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_UIDNUM, (unsigned long)uid);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher /* We set gecos to be the same as fullname on user creation,
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher * But we will not enforce coherency after that, it's up to
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher * admins to decide if they want to keep it in sync if they change
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher * one of the 2 */
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FULLNAME, gecos);
29be7d76c949b82350c7603cfd362a1fcb47eb1bJan Zeleny ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_GECOS, gecos);
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_HOMEDIR, homedir);
22d381367c27910fe82f476a76b9f4ede555e35aLukas Slebodnik ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_SHELL, shell);
de38d860e39585486e3ccbb42555196e319c7efdSumit Bose /* creation time */
022c6b90bb37851c0e8704c0e5388ebc113c6470Lukas Slebodnik ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
ac40d2f2b2b2fc35c95389f5e28febd580bd2b7aJakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
5a05b6127064c74349f1edae32e5e13032c386feLukas Slebodniksysdb_remove_ghost_from_group(struct sss_domain_info *dom,
ac40d2f2b2b2fc35c95389f5e28febd580bd2b7aJakub Hrozek const char *name,
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek /* We have no way of telling which groups this user belongs to.
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek * Add it to all that reference it in the ghost attribute */
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek orig_members = ldb_msg_find_element(group, SYSDB_ORIG_MEMBER);
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek for (i = 0; i < orig_members->num_values; i++) {
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek if (strcmp((const char *) orig_members->values[i].data,
fd98a28d6e94080e52bbedc789b06606a6019b10Lukas Slebodnik /* This is a direct member. Add the member attribute */
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik /* Nothing to compare the originalDN with. Let's rely on the
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose * memberof plugin to do the right thing during initgroups..
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_MEMBER, userdn);
de5fa34860886ad68fba5e739987e16c342e8f14Lukas Slebodnik ret = add_string(msg, LDB_FLAG_MOD_DELETE, SYSDB_GHOST, name);
e0c86d21388bffe2e3919e780780c40d96186abbJakub Hrozek /* Delete aliases from the ghost attribute as well */
e0c86d21388bffe2e3919e780780c40d96186abbJakub Hrozek if (strcmp((const char *)alias_el->values[i].data, name) == 0) {
4f6931e854c698dcb1c09f99eb330ce2fb97e7c6Lukas Slebodnik ret = sss_ldb_modify_permissive(dom->sysdb->ldb, msg);
2a9af1f71887f02935e2fb6ad5023afba5b6d43eSumit Bosesysdb_remove_ghostattr_from_groups(struct sss_domain_info *domain,
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL};
1270ffe9f3809f2fd488ef4a320d344ae107ab87Sumit Bose ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
885386b7e3f1c3e74b354576b98a092b0835d64eSumit Bose ret = sysdb_attrs_get_el(attrs, SYSDB_NAME_ALIAS, &alias_el);
1270ffe9f3809f2fd488ef4a320d344ae107ab87Sumit Bose if (strcmp((const char *)alias_el->values[i].data, name) == 0) {
1270ffe9f3809f2fd488ef4a320d344ae107ab87Sumit Bose filter = talloc_asprintf_append(filter, "(%s=%s)",
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina tmpdn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina /* We need to find all groups that contain this object as a ghost user
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina * and replace the ghost user by actual member record in direct parents.
36e262020c80479baa09b2c4c8dd045c7a0f32a1Pavel Březina * Note that this object can be referred to either by its name or any
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina * of its aliases
a7e27c11866a48742bb70564b88e15bf15e9367dPavel Březina ret = sysdb_search_entry(tmp_ctx, domain->sysdb, tmpdn, LDB_SCOPE_SUBTREE,
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek for (i = 0; i < group_count; i++) {
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek sysdb_remove_ghost_from_group(domain, groups[i], alias_el, name,
8c829226ce0cf98c35ffce39a66f9645cff65767Jakub Hrozek/* =Add-User-Function===================================================== */
8c829226ce0cf98c35ffce39a66f9645cff65767Jakub Hrozekint sysdb_add_user(struct sss_domain_info *domain,
41291f19dbc5bf14f20729959b852fa605fcc02dJakub Hrozek const char *name,
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n"));
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek (uid < domain->id_min || uid > domain->id_max)) {
29c5542feb4c45865ea61be97e0e84a1d1f04918Jakub Hrozek ("Supplied uid [%"SPRIuid"] is not in the allowed range "
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter "[%d-%d].\n", uid, domain->id_min, domain->id_max));
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter (gid < domain->id_min || gid > domain->id_max)) {
769347ad4d35d43488eb98f980143495b0db415dStef Walter ("Supplied gid [%"SPRIgid"] is not in the allowed range "
769347ad4d35d43488eb98f980143495b0db415dStef Walter "[%d-%d].\n", gid, domain->id_min, domain->id_max));
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter ret = ldb_transaction_start(domain->sysdb->ldb);
fcd8093c58638dc7c4f9cddfc97f273b94ce2eadStef Walter /* In MPG domains you can't have groups with the same name as users,
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter * search if a group with the same name exists.
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter * Don't worry about users, if we try to add a user with the same
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter * name the operation will fail */
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter ret = sysdb_search_group_by_name(tmp_ctx, domain, name, NULL, &msg);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* check no other user with the same uid exist */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_user_by_uid(tmp_ctx, domain, uid, NULL, &msg);
d2d8f342cd5e90bb9fd947c448492225f959aa86Pavel Březina /* try to add the user */
7ac503a73a26abe49f9f7d175c74df705380898dPavel Březina ret = sysdb_add_basic_user(domain, name, uid, gid, gecos, homedir, shell);
8c3a4809b3420657289b42f028a1c9019b112991Stephen Gallagher ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_UIDNUM, id);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_GIDNUM, id);
f427b36b0cecc426856ab3f77a9c684ac355659dSumit Bose ret = sysdb_set_user_attr(domain, name, id_attrs, SYSDB_MOD_REP);
300c772767c1b12077cac1d148ac89738b058f97Jan Zeleny ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
bdc2aced1185c4ee36921fa01b8dc01789a63900Jakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP);
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina /* If we're not enumerating, previous getgr{nam,gid} calls might
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina * have stored ghost users into the cache, so we need to link them
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina * with the newly-created user entry
e5911e72198df96ec7cfe486ff66363c2297a5f7Simo Sorce ret = sysdb_remove_ghostattr_from_groups(domain, orig_dn, attrs,
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek ret = ldb_transaction_commit(domain->sysdb->ldb);
e5911e72198df96ec7cfe486ff66363c2297a5f7Simo Sorce DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
b42b5d5aaf4da165582e73ad985fdff6e34e61e4Jakub Hrozek/* =Add-Basic-Group-NO-CHECKS============================================= */
4de84af23db74e13e867985c9093f394c9fa8d51Sumit Boseint sysdb_add_basic_group(struct sss_domain_info *domain,
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose /* group dn */
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS);
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
8214510f125879c3b1d247f2ce981ee20b5375d1Jakub Hrozek ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid);
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek /* creation time */
590582be38cdbfde387fcc57df92903d48c5a083Jakub Hrozek ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
1a59af8245f183f22d87d067a90197d8e2ea958dJakub Hrozek/* =Add-Group-Function==================================================== */
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozekint sysdb_add_group(struct sss_domain_info *domain,
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce (gid < domain->id_min || gid > domain->id_max)) {
1dd679584241a0f9b29072c7eed1c5c5e4a577e4Simo Sorce ("Supplied gid [%"SPRIgid"] is not in the allowed range "
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce "[%d-%d].\n", gid, domain->id_min, domain->id_max));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_transaction_start(domain->sysdb->ldb);
769347ad4d35d43488eb98f980143495b0db415dStef Walter /* In MPG domains you can't have groups with the same name as users,
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina * search if a group with the same name exists.
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina * Don't worry about users, if we try to add a user with the same
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina * name the operation will fail */
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina ret = sysdb_search_user_by_name(tmp_ctx, domain, name, NULL, &msg);
d3dee2a07f1a8ee9ae6f94e149ced754ef76c248Pavel Březina /* check no other groups with the same gid exist */
a1bf79449204ce9a5392b9d09b953a6bdf53a122Pavel Březina ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher /* try to add the group */
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = sysdb_add_basic_group(domain, name, gid);
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek ret = sysdb_attrs_get_bool(attrs, SYSDB_POSIX, &posix);
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, true);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, id);
59744cff6edb106ae799b2321cb8731edadf409aStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_group_attr(domain, name, attrs, SYSDB_MOD_REP);
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidek ret = ldb_transaction_commit(domain->sysdb->ldb);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
42ec8af02ecf1937e4db9b1ecc6216022634f0f9Michal Zidekint sysdb_add_incomplete_group(struct sss_domain_info *domain,
b49a7d90708e816120ff88ce5a88fa62b35ff795Simo Sorce const char *name,
a9eff330a7fbd231e8cc28a6828a1e5014ddb0d2Michal Zidek /* try to add the group */
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt ret = sysdb_add_basic_group(domain, name, gid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, posix);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, original_dn);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ret = sysdb_attrs_add_string(attrs, SYSDB_SID_STR, sid_str);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_set_group_attr(domain, name, attrs, SYSDB_MOD_REP);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik/* =Add-Or-Remove-Group-Memeber=========================================== */
6ea6ec5cb7d9985e2730fb9d4657624d10aed4d8Nick Guay/* mod_op must be either SYSDB_MOD_ADD or SYSDB_MOD_DEL */
6ea6ec5cb7d9985e2730fb9d4657624d10aed4d8Nick Guayint sysdb_mod_group_member(struct sss_domain_info *domain,
1746e8b8399da2a7a8da4aace186f66055ccfec1Jakub Hrozek const char *dn;
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, mod_op, NULL);
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina ret = ldb_msg_add_string(msg, SYSDB_MEMBER, dn);
e157b9f6cb370e1b94bcac2044d26ad66d640fbaPavel Březina DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
e157b9f6cb370e1b94bcac2044d26ad66d640fbaPavel Březina/* =Add-Basic-Netgroup-NO-CHECKS============================================= */
e157b9f6cb370e1b94bcac2044d26ad66d640fbaPavel Březinaint sysdb_add_basic_netgroup(struct sss_domain_info *domain,
70e59ed31c5a9c9ed02d9065ddf92be87c887efbJakub Hrozek /* netgroup dn */
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina msg->dn = sysdb_netgroup_dn(msg, domain, name);
558998ce664055a75595371118f818084d8f2b23Jan Cholasta ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
9a3e40dc49c1e38bf58e45be5adff37615f3910bJan Cholasta /* creation time */
9a3e40dc49c1e38bf58e45be5adff37615f3910bJan Cholasta ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
62b20154899f847e760d6dfbae6a32fb45b448deLukas Slebodnik DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
21f28bdbab10881b9fb0b890dfa15af429326606Sumit Bose/* =Add-Netgroup-Function==================================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_add_netgroup(struct sss_domain_info *domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_transaction_start(domain->sysdb->ldb);
1d1a0a019d8d4d9ab0f51ada03604cd2cada287eSumit Bose /* try to add the netgroup */
1d1a0a019d8d4d9ab0f51ada03604cd2cada287eSumit Bose ret = sysdb_add_basic_netgroup(domain, name, description);
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik ret = sysdb_set_netgroup_attr(domain, name, attrs, SYSDB_MOD_REP);
f28b09f887870c10c8c611beee3c17eaa9ef74f3Lukas Slebodnik DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove missing attributes\n"));
a801d42c4637bbdf9664d0d8b913ffcab81b904eLukas Slebodnik ret = ldb_transaction_commit(domain->sysdb->ldb);
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce/* =Store-Users-(Native/Legacy)-(replaces-existing-data)================== */
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozek/* if one of the basic attributes is empty ("") as opposed to NULL,
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozek * this will just remove it */
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozekint sysdb_store_user(struct sss_domain_info *domain,
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozek const char *name,
4b39208286ca0351ee76d4e64e077e7ad5ca8568Jakub Hrozek const char *pwd,
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher if (pwd && (domain->legacy_passwords || !*pwd)) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_PWD, pwd);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_transaction_start(domain->sysdb);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
9df7cddb68c61ef4e0397c196604999c68f4be0dJakub Hrozek ret = sysdb_search_user_by_name(tmp_ctx, domain, name, NULL, &msg);
22091abbe7b4a5667f62603dfd875e9ec6adf789Alexey Shabalin /* get transaction timestamp */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* users doesn't exist, turn into adding a user */
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_add_user(domain, name, uid, gid, gecos, homedir,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher shell, orig_dn, attrs, cache_timeout, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* This may be a user rename. If there is a user with the
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * same UID, remove it and try to add the basic user again
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_delete_user(domain, NULL, uid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Not found by UID, return the original EEXIST,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * this may be a conflict in MPG domain or something
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ("A user with the same UID [%llu] was removed from the "
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_add_user(domain, name, uid, gid, gecos, homedir,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher shell, orig_dn, attrs, cache_timeout, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Handle the result of sysdb_add_user */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_OP_FAILURE, ("Could not add user\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* the user exists, let's just replace attributes when set */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_UIDNUM, uid);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, uid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_GECOS, gecos);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_SHELL, shell);
4f2509f8d23d9e921f07b2ead63392ae82ad3a38Petr Čech ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_user_attr(domain, name, attrs, SYSDB_MOD_REP);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(4, ("Could not remove missing attributes\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_transaction_commit(domain->sysdb);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
b49a7d90708e816120ff88ce5a88fa62b35ff795Simo Sorce DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Store-Group-(Native/Legacy)-(replaces-existing-data)================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* this function does not check that all user members are actually present */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_store_group(struct sss_domain_info *domain,
fb83de0699b16e7d8eca803305e2112795807b4cJakub Hrozek static const char *src_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_group_by_name(tmp_ctx, domain, name, src_attrs, &msg);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* get transaction timestamp */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* FIXME: use the remote modification timestamp to know if the
5a5c5cdeb92f4012fc75fd717bfea06598f68f12Pavel Reichl * group needs any update */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* group doesn't exist, turn into adding a group */
5a5c5cdeb92f4012fc75fd717bfea06598f68f12Pavel Reichl ret = sysdb_add_group(domain, name, gid, attrs, cache_timeout,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* This may be a group rename. If there is a group with the
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * same GID, remove it and try to add the basic group again
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Not found by GID, return the original EEXIST,
b9d8c6172e48a2633ebe196b2e88bebdf9523c20Stef Walter * this may be a conflict in MPG domain or something
b9d8c6172e48a2633ebe196b2e88bebdf9523c20Stef Walter ("A group with the same GID [%llu] was removed from the "
b9d8c6172e48a2633ebe196b2e88bebdf9523c20Stef Walter ret = sysdb_add_group(domain, name, gid, attrs, cache_timeout,
fe60346714a73ac3987f786731389320633dd245Pavel Březina /* the group exists, let's just replace attributes when set */
fe60346714a73ac3987f786731389320633dd245Pavel Březina ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
fe60346714a73ac3987f786731389320633dd245Pavel Březina ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
69aaef8719c5cf33ed1c4090fa313ba281bf8a02Jakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
8f61739e0de45ce2ee3be436fc91ef12a1a1c4f3Lukas Slebodnik ret = sysdb_set_group_attr(domain, name, attrs, SYSDB_MOD_REP);
69aaef8719c5cf33ed1c4090fa313ba281bf8a02Jakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher/* =Add-User-to-Group(Native/Legacy)====================================== */
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallaghersysdb_group_membership_mod(struct sss_domain_info *domain,
2d257ccf620ce1b611f89cec8f0a94c88c2f2881Sumit Bose member_dn = sysdb_user_dn(tmp_ctx, domain, member);
56c9f8731173eae841a05f31bb03d311076a8485Petr Cech member_dn = sysdb_group_dn(tmp_ctx, domain, member);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik group_dn = sysdb_group_dn(tmp_ctx, domain, group);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik group_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, group);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_mod_group_member(domain, member_dn, group_dn, modify_op);
291a6c8af9759e41cec6f332cb72606ca90768c3Pavel Březinaint sysdb_add_group_member(struct sss_domain_info *domain,
9df7cddb68c61ef4e0397c196604999c68f4be0dJakub Hrozek return sysdb_group_membership_mod(domain, group, member, type,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek/* =Remove-member-from-Group(Native/Legacy)=============================== */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekint sysdb_remove_group_member(struct sss_domain_info *domain,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek return sysdb_group_membership_mod(domain, group, member, type,
f5e47e1d65f80ffdb1893feab18583a74d661214Stef Walter/* =Password-Caching====================================================== */
f5e47e1d65f80ffdb1893feab18583a74d661214Stef Walterint sysdb_cache_password(struct sss_domain_info *domain,
b699c4d7f85a5404be1d1ee9450331aea869b886Stef Walter DEBUG(4, ("Failed to generate random salt.\n"));
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek ret = s3crypt_sha512(tmp_ctx, password, salt, &hash);
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek DEBUG(4, ("Failed to create password hash.\n"));
360a4be4266d6a72be99dfd252623dc0527f5b84Pavel Březina ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash);
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek /* FIXME: should we use a different attribute for chache passwords ?? */
4169fb26ea2ff93c19ecdad6e09382732ea5deebPavel Březina ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange",
5dbf360f2d6b0281c32f1bba6ebf5cc834c1716eSimo Sorce ret = sysdb_attrs_add_uint32(attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, 0U);
dc70b11ddc2dfc6ed99cd895f020cd3429278968Pavel Březina ret = sysdb_set_user_attr(domain, username, attrs, SYSDB_MOD_REP);
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek/* =Custom Search================== */
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek const char **attrs,
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek basedn = sysdb_custom_subtree_dn(mem_ctx, domain, subtree_name);
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek DEBUG(1, ("sysdb_custom_subtree_dn failed.\n"));
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek ret = sysdb_search_entry(mem_ctx, domain->sysdb, basedn,
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozekint sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek const char **attrs,
2dcf7b9b65df21f2aee6cdf051a7fbdef6dfe034Jakub Hrozek if (object_name == NULL || subtree_name == NULL) {
7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub Hrozek basedn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name);
7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub Hrozek ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn,
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozek/* =Custom Store (replaces-existing-data)================== */
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozekint sysdb_store_custom(struct sss_domain_info *domain,
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singh if (object_name == NULL || subtree_name == NULL) {
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = ldb_transaction_start(domain->sysdb->ldb);
d00ffd2cb4e2f17c75b466178bb645b5c9317909Pallavi Jha ret = sysdb_search_custom_by_name(tmp_ctx, domain,
d00ffd2cb4e2f17c75b466178bb645b5c9317909Pallavi Jha msg->dn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num);
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha el = ldb_msg_find_element(resp[0], attrs->a[i].name);
d65f692d7b7639ed8ba0f5cffa4f88b68056739aLukas Slebodnik msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
04868f1573f4b26ef34610b6d7069172f93bd8abJakub Hrozek DEBUG(1, ("Failed to store custom entry: %s(%d)[%s]\n",
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb)));
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek ret = ldb_transaction_commit(domain->sysdb->ldb);
777374243e15c53e7b0a7345e190c1018920be18Jakub Hrozek/* = Custom Delete======================================= */
777374243e15c53e7b0a7345e190c1018920be18Jakub Hrozekint sysdb_delete_custom(struct sss_domain_info *domain,
3432a503c714732407ea18b2dd32f4f432a6c545Jakub Hrozek if (object_name == NULL || subtree_name == NULL) {
3432a503c714732407ea18b2dd32f4f432a6c545Jakub Hrozek dn = sysdb_custom_dn(tmp_ctx, domain, object_name, subtree_name);
d064fef06dcbcb5f6c1be03e286b1a3433d6dfd7Sumit Bose DEBUG(1, ("LDB Error: %s(%d)\nError Message: [%s]\n",
d064fef06dcbcb5f6c1be03e286b1a3433d6dfd7Sumit Bose ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb)));
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose/* = ASQ search request ======================================== */
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose const char **attrs,
1ce58f139699dd26b8888f4131c996263b6a80a5Jakub Hrozek ctrl = talloc_array(tmp_ctx, struct ldb_control *, 2);
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl asq_control = talloc(ctrl[0], struct ldb_asq_control);
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl asq_control->source_attribute = talloc_strdup(asq_control, asq_attribute);
338af078fcc18126df939f20182acea7a646b7c8Michal Zidek asq_control->src_attr_len = strlen(asq_control->source_attribute);
e2e334b2f51118cb14c7391c4e4e44ff247ef638Pavel Reichl ret = ldb_build_search_req(&ldb_req, domain->sysdb->ldb, tmp_ctx,
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl ret = ldb_request(domain->sysdb->ldb, ldb_req);
0352c371e743d8dae996123f658b5d32c677614eYassir Elley DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
0352c371e743d8dae996123f658b5d32c677614eYassir Elley/* =Search-Users-with-Custom-Filter====================================== */
1ce58f139699dd26b8888f4131c996263b6a80a5Jakub Hrozek const char **attrs,
63b8e826f62d2e8930c872de7d4cc8b5bc15d4a4Sumit Bose basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
51b5e1475b3e0b7acac34ed382cfaca8411883a4Jakub Hrozek filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_UC, sub_filter);
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek ret = sysdb_search_entry(mem_ctx, domain->sysdb, basedn,
90afedb00608547ae1f32aa7aafd552c4b306909Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, ("No such entry\n"));
5c36e1f8901a4baff2b51d81d87c2b577f84fef6Lukas Slebodnik DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
fb83de0699b16e7d8eca803305e2112795807b4cJakub Hrozek/* =Delete-User-by-Name-OR-uid============================================ */
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozekint sysdb_delete_user(struct sss_domain_info *domain,
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek ret = sysdb_search_user_by_name(tmp_ctx, domain, name, NULL, &msg);
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek ret = sysdb_search_user_by_uid(tmp_ctx, domain, uid, NULL, &msg);
842f83f8db513214241a0fea076ac160b180e1ddLukas Slebodnik /* verify name/gid match */
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek c_uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek DEBUG(2, ("Attribute is missing but this should never happen!\n"));
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek /* this is not the entry we are looking for */
e5911e72198df96ec7cfe486ff66363c2297a5f7Simo Sorce ret = sysdb_delete_entry(domain->sysdb, msg->dn, false);
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina /* Perhaps a ghost user? */
0bb98b7700b1b61f5b0a20b93279d5c2c391007fPavel Březina ret = sss_filter_sanitize(tmp_ctx, name, &sanitized_name);
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina ret = sysdb_search_groups(tmp_ctx, domain, filter, attrs,
770dc892f867639f36f84455d65be6287935a529Jakub Hrozek for (i = 0; i < msg_count; i++) {
6ea6662287147308b81b9c9f2f1f3c992d01bc50Jakub Hrozek ret = add_string(msg, LDB_FLAG_MOD_DELETE, SYSDB_GHOST, name);
d36f4db9bb5efc63b94190cca25adb08ee56971cJakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
526a15438525417cd701f837d7085b7f8c8a6325Jakub Hrozek/* =Search-Groups-with-Custom-Filter===================================== */
526a15438525417cd701f837d7085b7f8c8a6325Jakub Hrozek const char **attrs,
27a7dedb0ee4d4b51ca4c196aa894ad30cb3e821Petr Cech basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
27a7dedb0ee4d4b51ca4c196aa894ad30cb3e821Petr Cech filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_GC, sub_filter);
1d93029624d708119bbf803e6647a2cbb271f001Sumit Bose ret = sysdb_search_entry(mem_ctx, domain->sysdb, basedn,
a5623363d6042290fe652a1ca5ce5a85a821236fPavel Březina DEBUG(SSSDBG_TRACE_INTERNAL, ("No such entry\n"));
a5623363d6042290fe652a1ca5ce5a85a821236fPavel Březina DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
a5623363d6042290fe652a1ca5ce5a85a821236fPavel Březina/* =Delete-Group-by-Name-OR-gid=========================================== */
a5623363d6042290fe652a1ca5ce5a85a821236fPavel Březinaint sysdb_delete_group(struct sss_domain_info *domain,
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Bose ret = sysdb_search_group_by_name(tmp_ctx, domain, name, NULL, &msg);
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Bose ret = sysdb_search_group_by_gid(tmp_ctx, domain, gid, NULL, &msg);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose /* verify name/gid match */
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose const char *c_name;
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose c_name = ldb_msg_find_attr_as_string(msg, SYSDB_NAME, NULL);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose c_gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose DEBUG(2, ("Attribute is missing but this should never happen!\n"));
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose /* this is not the entry we are looking for */
e00c2b5ac4963de9521599c88597b7fb97339d0eJakub Hrozek ret = sysdb_delete_entry(domain->sysdb, msg->dn, false);
4d9db278db1197ae84fecb8f269e2de368a6be2aLukas Slebodnik DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
e00c2b5ac4963de9521599c88597b7fb97339d0eJakub Hrozek/* =Search-Netgroups-with-Custom-Filter===================================== */
e00c2b5ac4963de9521599c88597b7fb97339d0eJakub Hrozek const char **attrs,
360a4be4266d6a72be99dfd252623dc0527f5b84Pavel Březina basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
360a4be4266d6a72be99dfd252623dc0527f5b84Pavel Březina filter = talloc_asprintf(tmp_ctx, "(&(%s)%s)", SYSDB_NC, sub_filter);
3a8f6b575f4019f21c9425a26f1b346c08a197aePavel Březina DEBUG(6, ("Search netgroups with filter: %s\n", filter));
3a8f6b575f4019f21c9425a26f1b346c08a197aePavel Březina ret = sysdb_search_entry(mem_ctx, domain->sysdb, basedn,
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Entry not found\n"));
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek/* =Delete-Netgroup-by-Name============================================== */
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozekint sysdb_delete_netgroup(struct sss_domain_info *domain,
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek const char *name)
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozek ret = sysdb_search_netgroup_by_name(tmp_ctx, domain, name, NULL, &msg);
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozek DEBUG(6, ("sysdb_search_netgroup_by_name failed: %d (%s)\n",
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozek DEBUG(6, ("Netgroup does not exist, nothing to delete\n"));
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozek ret = sysdb_delete_entry(domain->sysdb, msg->dn, false);
e4d18b748fd8298b5cc6b6687ca05ffffa20c574Petr Cech DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
e4d18b748fd8298b5cc6b6687ca05ffffa20c574Petr Cech const char *sid_str)
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek ret = sysdb_search_object_by_sid(tmp_ctx, domain, sid_str, NULL, &res);
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("search by sid failed: %d (%s)\n",
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek DEBUG(SSSDBG_FATAL_FAILURE, ("getbysid call returned more than one " \
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozek "result !?!\n"));
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozek /* No existing entry. Just quit. */
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozek ret = sysdb_delete_entry(sysdb, res->msgs[0]->dn, false);
db5f9ab3feb85aa444eab20428ca2b98801b6783Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozek/* ========= Authentication against cached password ============ */
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozekerrno_t check_failed_login_attempts(struct confdb_ctx *cdb,
b590f44c06158485357d69cc5b24d5af05f1bb95Petr Cech *failed_login_attempts = ldb_msg_find_attr_as_uint(ldb_msg,
b590f44c06158485357d69cc5b24d5af05f1bb95Petr Cech last_failed_login = (time_t) ldb_msg_find_attr_as_int64(ldb_msg,
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek DEBUG(1, ("Failed to read the number of allowed failed login "
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek "attempts.\n"));
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek DEBUG(1, ("Failed to read the failed login delay.\n"));
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose DEBUG(9, ("Failed login attempts [%d], allowed failed login attempts [%d], "
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose "failed login delay [%d].\n", *failed_login_attempts,
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose allowed_failed_login_attempts, failed_login_delay));
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose if (*failed_login_attempts >= allowed_failed_login_attempts) {
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose end = last_failed_login + (failed_login_delay * 60);
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose "resetting failed_login_attempts.\n"));
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose DEBUG(7, ("login delayed until %lld.\n", (long long) end));
73ec8fdfddb2d4bf99977f758eec80e1b1ee8542Lukas Slebodnikint sysdb_cache_auth(struct sss_domain_info *domain,
99c5f2f6ba0af6ce52be0d82ec2794bacc215742Jakub Hrozek const char *name,
b9d83e10cec267ae11fee64a30f42a12bbf7abe4Pavel Březina const char *attrs[] = { SYSDB_NAME, SYSDB_CACHEDPWD, SYSDB_DISABLED,
b9d83e10cec267ae11fee64a30f42a12bbf7abe4Pavel Březina "lastCachedPasswordChange",
b9d83e10cec267ae11fee64a30f42a12bbf7abe4Pavel Březina "accountExpires", SYSDB_FAILED_LOGIN_ATTEMPTS,
49c467733ca65c9b77b9c33f38cdc223a99562e1Pavel Reichl DEBUG(3, ("Cached credentials not available.\n"));
62370340092503baeaf6587d7ffe4fe25bd9582dPavel Reichl ret = ldb_transaction_start(domain->sysdb->ldb);
62370340092503baeaf6587d7ffe4fe25bd9582dPavel Reichl ret = sysdb_search_user_by_name(tmp_ctx, domain, name, attrs, &ldb_msg);
62370340092503baeaf6587d7ffe4fe25bd9582dPavel Reichl DEBUG(1, ("sysdb_search_user_by_name failed [%d][%s].\n",
62370340092503baeaf6587d7ffe4fe25bd9582dPavel Reichl /* Check offline_auth_cache_timeout */
62370340092503baeaf6587d7ffe4fe25bd9582dPavel Reichl lastLogin = ldb_msg_find_attr_as_uint64(ldb_msg,
b407fe0474a674bb42f0f42ab47c7f530a07a367Pavel Březina ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
b407fe0474a674bb42f0f42ab47c7f530a07a367Pavel Březina CONFDB_PAM_CRED_TIMEOUT, 0, &cred_expiration);
b407fe0474a674bb42f0f42ab47c7f530a07a367Pavel Březina DEBUG(1, ("Failed to read expiration time of offline credentials.\n"));
b407fe0474a674bb42f0f42ab47c7f530a07a367Pavel Březina DEBUG(9, ("Offline credentials expiration is [%d] days.\n",
b407fe0474a674bb42f0f42ab47c7f530a07a367Pavel Březina expire_date = lastLogin + (cred_expiration * 86400);
b407fe0474a674bb42f0f42ab47c7f530a07a367Pavel Březina DEBUG(4, ("Cached user entry is too old.\n"));
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek ret = check_failed_login_attempts(cdb, ldb_msg, &failed_login_attempts,
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek DEBUG(1, ("Failed to check login attempts\n"));
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek /* TODO: verify user account (disabled, expired ...) */
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek userhash = ldb_msg_find_attr_as_string(ldb_msg, SYSDB_CACHEDPWD, NULL);
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek DEBUG(4, ("Cached credentials not available.\n"));
583c1b9a052f4eb5ba046c5f2b7d2ed2a81b6d66Jakub Hrozek ret = s3crypt_sha512(tmp_ctx, password, userhash, &comphash);
167b05b28d6b969230973646bee2f1c1f49205d2Sumit Bose /* TODO: probable good point for audit logging */
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek "but authentication is successful.\n"));
8359bf07a2e6c0181251ce8d5d9160dc57546c55Stephen Gallagher ret = sysdb_attrs_add_uint32(update_attrs,
8359bf07a2e6c0181251ce8d5d9160dc57546c55Stephen Gallagher DEBUG(3, ("sysdb_attrs_add_uint32 failed, "
6e8238868a4d17030bb4f01494961d0354a953bfJakub Hrozek "but authentication is successful.\n"));
bae42db17f223e9ba7fa239d899414877d9d8eafJakub Hrozek DEBUG(3, ("sysdb_attrs_add_time_t failed\n."));
bae42db17f223e9ba7fa239d899414877d9d8eafJakub Hrozek DEBUG(3, ("sysdb_attrs_add_uint32 failed.\n"));
6159c33125f8ee82e88d495ea2aa5d00018ea844Fabiano Fidêncio ret = sysdb_set_user_attr(domain, name, update_attrs,
bc1e74e5f0f69d7ed9a7ad8455de59c979816431Lukas Slebodnik DEBUG(1, ("Failed to update Login attempt information!\n"));
6159c33125f8ee82e88d495ea2aa5d00018ea844Fabiano Fidêncio ldb_transaction_cancel(domain->sysdb->ldb);
6159c33125f8ee82e88d495ea2aa5d00018ea844Fabiano Fidêncio ret = ldb_transaction_commit(domain->sysdb->ldb);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(2, ("Failed to commit transaction!\n"));
3a4186ae40d0c3b7be46a4c973166f6048fcfe38Lukas Slebodnikstatic errno_t sysdb_update_members_ex(struct sss_domain_info *domain,
5f216c753dbd2f2b25a011c5f705ee4f8ad924e6Simo Sorce const char *member,
10eae23e2483733d4ca3c21f15b5bdb3f04c9839Simo Sorce const char *const *add_groups,
88e68607e474ab2ce46c562753ef2e988516d1e9Lukas Slebodnik const char *const *del_groups,
b9c8ce2bdd4045782c243605a1b999098bedcffcNoam Meltzer DEBUG(0, ("Failed to start update transaction\n"));
b9c8ce2bdd4045782c243605a1b999098bedcffcNoam Meltzer /* Add the user to all add_groups */
b9c8ce2bdd4045782c243605a1b999098bedcffcNoam Meltzer for (i = 0; add_groups[i]; i++) {
b9c8ce2bdd4045782c243605a1b999098bedcffcNoam Meltzer ret = sysdb_add_group_member(domain, add_groups[i],
b9c8ce2bdd4045782c243605a1b999098bedcffcNoam Meltzer DEBUG(1, ("Could not add member [%s] to group [%s]. "
b9c8ce2bdd4045782c243605a1b999098bedcffcNoam Meltzer /* Continue on, we should try to finish the rest */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Remove the user from all del_groups */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher for (i = 0; del_groups[i]; i++) {
2b7349575770521243a34611e97d73790946a961Stephen Gallagher ret = sysdb_remove_group_member(domain, del_groups[i],
683e1f67d08be7165ea456d4594c4c8a4eddc9b3Lukas Slebodnik DEBUG(1, ("Could not remove member [%s] from group [%s]. "
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt /* Continue on, we should try to finish the rest */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_transaction_commit(domain->sysdb);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
70e59ed31c5a9c9ed02d9065ddf92be87c887efbJakub Hrozek sret = sysdb_transaction_cancel(domain->sysdb);
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
70e59ed31c5a9c9ed02d9065ddf92be87c887efbJakub Hrozekerrno_t sysdb_update_members(struct sss_domain_info *domain,
70e59ed31c5a9c9ed02d9065ddf92be87c887efbJakub Hrozek const char *const *add_groups,
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek const char *const *del_groups)
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek return sysdb_update_members_ex(domain, member, type,
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozekerrno_t sysdb_update_members_dn(struct sss_domain_info *member_domain,
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt const char *const *add_groups,
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek const char *const *del_groups)
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek return sysdb_update_members_ex(member_domain, member, type,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallaghererrno_t sysdb_remove_attrs(struct sss_domain_info *domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher msg->dn = sysdb_group_dn(msg, domain, name);
ce35bb272d25926b8fa0f9450c8b74064f25c816Pavel Březina msg->dn = sysdb_svc_dn(domain->sysdb, msg, domain->name, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher for (i = 0; remove_attrs[i]; i++) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* SYSDB_MEMBEROF is exclusively handled by the memberof plugin */
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher if (strcasecmp(remove_attrs[i], SYSDB_MEMBEROF) == 0) {
41be4e3976cf66823ad2c6880671ac7fbafdc640Pavel Březina DEBUG(8, ("Removing attribute [%s] from [%s]\n",
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina lret = ldb_msg_add_empty(msg, remove_attrs[i],
5dbf360f2d6b0281c32f1bba6ebf5cc834c1716eSimo Sorce /* We need to do individual modifies so that we can
13ec767e6ca3e435e119f1f07bda10eb213383f6Pavel Reichl * skip unknown attributes. Otherwise, any nonexistent
13ec767e6ca3e435e119f1f07bda10eb213383f6Pavel Reichl * attribute in the sysdb will cause other removals to
13ec767e6ca3e435e119f1f07bda10eb213383f6Pavel Reichl if (lret != LDB_SUCCESS && lret != LDB_ERR_NO_SUCH_ATTRIBUTE) {
13ec767e6ca3e435e119f1f07bda10eb213383f6Pavel Reichl /* Remove this attribute and move on to the next one */
630f3ff08c1d17c7900b9bde814922f775ca2703Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
85feb8d77a2c832787880944e02104846c4d5376Pavel Březina sret = sysdb_transaction_cancel(domain->sysdb);
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallaghererrno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx,
291a6c8af9759e41cec6f332cb72606ca90768c3Pavel Březina const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, SYSDB_GIDNUM,
6261893e00bd14fdd192ffc9a1379cb9c647d326Lukas Slebodnik basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_DOM_BASE, domain->name);
6261893e00bd14fdd192ffc9a1379cb9c647d326Lukas Slebodnik DEBUG(SSSDBG_OP_FAILURE, ("ldb_dn_new_fmt failed.\n"));
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher basedn, LDB_SCOPE_SUBTREE, attrs?attrs:def_attrs,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_OP_FAILURE, ("ldb_search failed.\n"));
12805da52a93c268290cec7b8fbbdbd4ea8abc3eLukas Slebodnik DEBUG(SSSDBG_CRIT_FAILURE, ("Search for SID [%s] returned more than " \
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, ("No such entry.\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher } else if (ret) {
04feeade1f6259368a6b23c6b3ecbad261161659Sumit Bose DEBUG(SSSDBG_OP_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));