sysdb_ops.c revision efc81d1b44169206a2e55bb8e900d3859375abe3
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher System Database
c636315472e4f87313af7be30b7fbcad4b8ca8a4Stephen Gallagher Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher This program is free software; you can redistribute it and/or modify
fd5a4eacd56700ffb08a73121aeacdc806cb0132Sumit Bose it under the terms of the GNU General Public License as published by
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher the Free Software Foundation; either version 3 of the License, or
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher (at your option) any later version.
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher This program is distributed in the hope that it will be useful,
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
84ae5edab16ad6be5e3be956cb6fa031c1428eb5Stephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher GNU General Public License for more details.
df4cc3a83c5d6700b6a09ff96cb4a6b1949b1aa9Stephen Gallagher You should have received a copy of the GNU General Public License
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint add_string(struct ldb_message *msg, int flags,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke ret = ldb_msg_add_string(msg, attr, value);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint add_ulong(struct ldb_message *msg, int flags,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_msg_add_empty(msg, attr, flags, NULL);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_msg_add_fmt(msg, attr, "%lu", value);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherstatic uint32_t get_attr_as_uint32(struct ldb_message *msg, const char *attr)
4b6a0d0b3d42e5fdb457f47d9adfa5e66b160256Stephen Gallagher const struct ldb_val *v = ldb_msg_find_ldb_val(msg, attr);
e124844907ed6973915e4d56f5442ecd07535a12Jakub Hrozek long long int l;
b32159300fea63222d8dd9200ed634087704ea74Stephen Gallagher if (!v || !v->data) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher l = strtoll((const char *)v->data, NULL, 10);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherstatic int sss_ldb_modify_permissive(struct ldb_context *ldb,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny ret = ldb_request_add_control(req, LDB_CONTROL_PERMISSIVE_MODIFY_OID,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_wait(req->handle, LDB_WAIT_ALL);
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek#define ERROR_OUT(v, r, l) do { v = r; goto l; } while(0)
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta/* =Remove-Entry-From-Sysdb=============================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* fall through */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(1, ("LDB Error: %s(%d)\nError Message: [%s]\n",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)));
fe60346714a73ac3987f786731389320633dd245Pavel Březina/* =Remove-Subentries-From-Sysdb=========================================== */
2d257ccf620ce1b611f89cec8f0a94c88c2f2881Sumit Boseint sysdb_delete_recursive(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, dn,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher LDB_SCOPE_SUBTREE, "(distinguishedName=*)",
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher DEBUG(6, ("Search error: %d (%s)\n", ret, strerror(ret)));
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher DEBUG(9, ("Found [%d] items to delete.\n", msgs_count));
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher for (i = 0; i < msgs_count; i++) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_delete_entry(sysdb, msgs[i]->dn, false);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke/* =Search-Entry========================================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Search-User-by-[UID/NAME]============================================= */
96453f402831275a39d5fb89c33c9776e148d03fStephen Gallagherint sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
c080a11e9e88f35e40aff4e476cabbd971833019Sumit Bose const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
6a6a821866091e0f722808566c25b951aa346d7cStephen Gallagher basedn = sysdb_user_dn(sysdb, tmp_ctx, domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher attrs?attrs:def_attrs, &msgs_count, &msgs);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek filter = talloc_asprintf(tmp_ctx, SYSDB_PWUID_FILTER, (unsigned long)uid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Use SUBTREE scope here, not ONELEVEL
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * There is a bug in LDB that makes ONELEVEL searches extremely
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * slow (it ignores indexing)
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
543676afec3c08fdc0a5a794976adc8dfdca974bJakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Search-Group-by-[GID/NAME]============================================ */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
77d165f0629966db65753a3aee84a8b4971673afPavel Březina const char **attrs,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher static const char *def_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM, NULL };
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher basedn = sysdb_group_dn(sysdb, tmp_ctx, domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher attrs?attrs:def_attrs, &msgs_count, &msgs);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
bfbf5cb0f00c60c0f000f56c282377b13b9a89abSumit Boseint sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx,
2e6087c6cc903d5164b9a1d5e3d791fd046001d9Jakub Hrozek const char **attrs,
2e6087c6cc903d5164b9a1d5e3d791fd046001d9Jakub Hrozek const char *def_attrs[] = { SYSDB_NAME, SYSDB_UIDNUM, NULL };
1658c567191c35beaddffafdb079abe33248037bLukas Slebodnik basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
748ba184db97b7534254f97018fa04e8aa458faeJan Cholasta filter = talloc_asprintf(tmp_ctx, SYSDB_GRGID_FILTER, (unsigned long)gid);
5a70b84cb66fb8c7a3fce0e3f2e4b61e0b2ea9d4Simo Sorce /* Use SUBTREE scope here, not ONELEVEL
5f90993426fa2bdc3b3d994c9e85e0805bb92bbcSimo Sorce * There is a bug in LDB that makes ONELEVEL searches extremely
9959c512ac3ba36f7a0db7614f0357ce0bae748fJakub Hrozek * slow (it ignores indexing)
918b2a5a91f1c551d48f4bffed2a28c36fdb4be1Simo Sorce ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
8c3a4809b3420657289b42f028a1c9019b112991Stephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Search-Group-by-Name============================================ */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny const char *name,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher static const char *def_attrs[] = { SYSDB_NAME, NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher basedn = sysdb_netgroup_dn(sysdb, tmp_ctx, domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher attrs?attrs:def_attrs, &msgs_count, &msgs);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Replace-Attributes-On-Entry=========================================== */
8359bf07a2e6c0181251ce8d5d9160dc57546c55Stephen Gallagher msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num);
77c0d1f6074059dafd2293f9c42ea0f9d60f8aadJakub Hrozek ("ldb_modify failed: [%s]\n", ldb_strerror(lret)));
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
87c07559af5cfcd2752295ef7c425bd3205f426fStephen Gallagher/* =Replace-Attributes-On-User============================================ */
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagherint sysdb_set_user_attr(struct sysdb_ctx *sysdb,
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher dn = sysdb_user_dn(sysdb, tmp_ctx, domain, name);
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op);
9959c512ac3ba36f7a0db7614f0357ce0bae748fJakub Hrozek/* =Replace-Attributes-On-Group=========================================== */
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce const char *name,
748ba184db97b7534254f97018fa04e8aa458faeJan Cholasta dn = sysdb_group_dn(sysdb, tmp_ctx, domain, name);
fd98a28d6e94080e52bbedc789b06606a6019b10Lukas Slebodnik ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op);
b32159300fea63222d8dd9200ed634087704ea74Stephen Gallagher/* =Replace-Attributes-On-Netgroup=========================================== */
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardtint sysdb_set_netgroup_attr(struct sysdb_ctx *sysdb,
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose const char *name,
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt dn = sysdb_netgroup_dn(sysdb, tmp_ctx, domain, name);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose ret = sysdb_set_entry_attr(sysdb, dn, attrs, mod_op);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Get-New-ID============================================================ */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_get_new_id(struct sysdb_ctx *sysdb,
9917c138d9a270deb5820915384fbde751190c2aLukas Slebodnik const char *attrs_1[] = { SYSDB_NEXTID, NULL };
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher const char *attrs_2[] = { SYSDB_UIDNUM, SYSDB_GIDNUM, NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher base_dn = sysdb_domain_dn(sysdb, tmp_ctx, domain);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_BASE,
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina new_id = get_attr_as_uint32(msgs[0], SYSDB_NEXTID);
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina DEBUG(1, ("Invalid Next ID in domain %s\n", domain->name));
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek if ((domain->id_max != 0) && (new_id > domain->id_max)) {
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek /* looks like the domain is not initialized yet, use min_id */
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta /* verify the id is actually really free.
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta * search all entries with id >= new_id and < max_id */
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose "(|(&(%s>=%u)(%s<=%u))(&(%s>=%u)(%s<=%u)))",
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose "(|(%s>=%u)(%s>=%u))",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_SUBTREE,
b79e0e50a935d108173ca3062f2afe16103fcb1dPavel Březina /* if anything was found, find the maximum and increment past it */
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher for (i = 0; i < count; i++) {
ccf340e56364851f2e5b75e52d3d63701b662954Lukas Slebodnik id = get_attr_as_uint32(msgs[i], SYSDB_UIDNUM);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik id = get_attr_as_uint32(msgs[i], SYSDB_GIDNUM);
8359bf07a2e6c0181251ce8d5d9160dc57546c55Stephen Gallagher /* check again we are not falling out of range */
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek if ((domain->id_max != 0) && (new_id > domain->id_max)) {
530ba03ecabb472f17d5d1ab546aec9390492de1Jakub Hrozek DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* finally store the new next id */
543676afec3c08fdc0a5a794976adc8dfdca974bJakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Add-Basic-User-NO-CHECKS============================================== */
2c0a971010596c122d7a0c0d76c8eb85f16f6d06Jakub Hrozekint sysdb_add_basic_user(struct sysdb_ctx *sysdb,
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny /* user dn */
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny msg->dn = sysdb_user_dn(sysdb, msg, domain, name);
543676afec3c08fdc0a5a794976adc8dfdca974bJakub Hrozek ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS);
f1828234a850dd28465425248a83a993f262918fPavel Březina ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
f1828234a850dd28465425248a83a993f262918fPavel Březina ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_UIDNUM, (unsigned long)uid);
f1828234a850dd28465425248a83a993f262918fPavel Březina ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid);
6ea6ec5cb7d9985e2730fb9d4657624d10aed4d8Nick Guay /* We set gecos to be the same as fullname on user creation,
6ea6ec5cb7d9985e2730fb9d4657624d10aed4d8Nick Guay * But we will not enforce coherency after that, it's up to
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik * admins to decide if they want to keep it in sync if they change
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik * one of the 2 */
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_FULLNAME, gecos);
f8c829e72968b574e1c9bda96f4d5f206622358fPavel Březina ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_GECOS, gecos);
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_HOMEDIR, homedir);
558998ce664055a75595371118f818084d8f2b23Jan Cholasta ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_SHELL, shell);
558998ce664055a75595371118f818084d8f2b23Jan Cholasta /* creation time */
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
21f28bdbab10881b9fb0b890dfa15af429326606Sumit Bosesysdb_remove_ghost_from_group(struct sysdb_ctx *sysdb,
21f28bdbab10881b9fb0b890dfa15af429326606Sumit Bose const char *name,
21f28bdbab10881b9fb0b890dfa15af429326606Sumit Bose const char *userdn)
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce /* We have no way of telling which groups this user belongs to.
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce * Add it to all that reference it in the ghost attribute */
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce orig_members = ldb_msg_find_element(group, SYSDB_ORIG_MEMBER);
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce if (strcmp((const char *) orig_members->values[i].data,
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce /* This is a direct member. Add the member attribute */
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce /* Nothing to compare the originalDN with. Let's rely on the
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce * memberof plugin to do the right thing during initgroups..
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_MEMBER, userdn);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = add_string(msg, LDB_FLAG_MOD_DELETE, SYSDB_GHOST, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Delete aliases from the ghost attribute as well */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher for (i = 0; i < alias_el->num_values; i++) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (strcmp((const char *)alias_el->values[i].data, name) == 0) {
25f8fac2489fd209d603acb2b494f7c72968e9bbMichal Zidek ret = sss_ldb_modify_permissive(sysdb->ldb, msg);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallaghersysdb_remove_ghostattr_from_groups(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *group_attrs[] = {SYSDB_NAME, SYSDB_GHOST, SYSDB_ORIG_MEMBER, NULL};
5843ad321944a028f6dee7e1fd4f9381c4953d07Sumit Bose const char *userdn;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher filter = talloc_asprintf(tmp_ctx, "(|(%s=%s)", SYSDB_GHOST, name);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_attrs_get_el(attrs, SYSDB_NAME_ALIAS, &alias_el);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher for (i = 0; i < alias_el->num_values; i++) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (strcmp((const char *)alias_el->values[i].data, name) == 0) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher filter = talloc_asprintf_append(filter, "(%s=%s)",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher filter = talloc_asprintf_append(filter, ")");
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher tmpdn = sysdb_user_dn(sysdb, tmp_ctx, sysdb->domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher tmpdn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher SYSDB_TMPL_GROUP_BASE, sysdb->domain->name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* We need to find all groups that contain this object as a ghost user
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * and replace the ghost user by actual member record in direct parents.
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * Note that this object can be referred to either by its name or any
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * of its aliases
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, tmpdn, LDB_SCOPE_SUBTREE, filter,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher for (i = 0; i < group_count; i++) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher sysdb_remove_ghost_from_group(sysdb, groups[i], alias_el, name, orig_dn, userdn);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Add-User-Function===================================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_add_user(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher struct sss_domain_info *domain = sysdb->domain;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher (uid < domain->id_min || uid > domain->id_max)) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(2, ("Supplied uid [%d] is not in the allowed range [%d-%d].\n",
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher (gid < domain->id_min || gid > domain->id_max)) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n",
35872dc24058c5e8028cb4082fd405a27835dcd1Jakub Hrozek /* In MPG domains you can't have groups with the same name as users,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * search if a group with the same name exists.
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * Don't worry about users, if we try to add a user with the same
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * name the operation will fail */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* check no other user with the same uid exist */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sysdb_search_user_by_uid(tmp_ctx, sysdb, domain,
d35ff4d0db1cd87c94091a85846b46e4732b1eeePavel Březina /* try to add the user */
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozek ret = sysdb_add_basic_user(sysdb, domain, name,
ccf340e56364851f2e5b75e52d3d63701b662954Lukas Slebodnik ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_UIDNUM, id);
c0bca1722d6f9dfb654ad78397be70f79ff39af1Jakub Hrozek ret = sysdb_attrs_add_uint32(id_attrs, SYSDB_GIDNUM, id);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_user_attr(sysdb, domain, name,
fe60346714a73ac3987f786731389320633dd245Pavel Březina ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
69aaef8719c5cf33ed1c4090fa313ba281bf8a02Jakub Hrozek ret = sysdb_set_user_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP);
69aaef8719c5cf33ed1c4090fa313ba281bf8a02Jakub Hrozek /* remove all ghost users */
69aaef8719c5cf33ed1c4090fa313ba281bf8a02Jakub Hrozek ret = sysdb_remove_ghostattr_from_groups(sysdb, orig_dn, attrs, name);
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher/* =Add-Basic-Group-NO-CHECKS============================================= */
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Boseint sysdb_add_basic_group(struct sysdb_ctx *sysdb,
2d257ccf620ce1b611f89cec8f0a94c88c2f2881Sumit Bose /* group dn */
2d257ccf620ce1b611f89cec8f0a94c88c2f2881Sumit Bose msg->dn = sysdb_group_dn(sysdb, msg, sysdb->domain, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_GROUP_CLASS);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_GIDNUM, (unsigned long)gid);
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek /* creation time */
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
f232789430a080384188d5da89b19d874cf17513Jakub Hrozek/* =Add-Group-Function==================================================== */
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek struct sss_domain_info *domain = sysdb->domain;
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek (gid < domain->id_min || gid > domain->id_max)) {
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek DEBUG(2, ("Supplied gid [%d] is not in the allowed range [%d-%d].\n",
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik /* In MPG domains you can't have groups with the same name as users,
d65f692d7b7639ed8ba0f5cffa4f88b68056739aLukas Slebodnik * search if a group with the same name exists.
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik * Don't worry about users, if we try to add a user with the same
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singh * name the operation will fail */
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singh ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain,
b49a7d90708e816120ff88ce5a88fa62b35ff795Simo Sorce /* check no other groups with the same gid exist */
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singh ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, domain,
25255e4d0e1517a5d443e8fee22e91862e255702Abhishek Singh /* try to add the group */
25255e4d0e1517a5d443e8fee22e91862e255702Abhishek Singh ret = sysdb_add_basic_group(sysdb, name, gid);
d65f692d7b7639ed8ba0f5cffa4f88b68056739aLukas Slebodnik ret = sysdb_attrs_get_bool(attrs, SYSDB_POSIX, &posix);
16c351625346b3193e1762027e5215ab76042127Sumit Bose ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, true);
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, id);
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
777374243e15c53e7b0a7345e190c1018920be18Jakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
577ba99b3150404533bd3d859522a2c994b17e76Lukas Slebodnik ret = sysdb_set_group_attr(sysdb, domain, name, attrs, SYSDB_MOD_REP);
d064fef06dcbcb5f6c1be03e286b1a3433d6dfd7Sumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
d064fef06dcbcb5f6c1be03e286b1a3433d6dfd7Sumit Boseint sysdb_add_incomplete_group(struct sysdb_ctx *sysdb,
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose const char *name,
1ce58f139699dd26b8888f4131c996263b6a80a5Jakub Hrozek /* try to add the group */
1ce58f139699dd26b8888f4131c996263b6a80a5Jakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
1ce58f139699dd26b8888f4131c996263b6a80a5Jakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, posix);
6e8238868a4d17030bb4f01494961d0354a953bfJakub Hrozek ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, original_dn);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_group_attr(sysdb, sysdb->domain, name, attrs, SYSDB_MOD_REP);
8359bf07a2e6c0181251ce8d5d9160dc57546c55Stephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
6e8238868a4d17030bb4f01494961d0354a953bfJakub Hrozek/* =Add-Or-Remove-Group-Memeber=========================================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* mod_op must be either SYSDB_MOD_ADD or SYSDB_MOD_DEL */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_mod_group_member(struct sysdb_ctx *sysdb,
1171986bdc3011555c5b62a9d9ee9f7481f48cdcSimo Sorce ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, mod_op, NULL);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ldb_msg_add_string(msg, SYSDB_MEMBER, dn);
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardt DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
70e59ed31c5a9c9ed02d9065ddf92be87c887efbJakub Hrozek/* =Add-Basic-Netgroup-NO-CHECKS============================================= */
70e59ed31c5a9c9ed02d9065ddf92be87c887efbJakub Hrozekint sysdb_add_basic_netgroup(struct sysdb_ctx *sysdb,
42870c7ac3608ffc58f2c9524ad3dfc1401bc1aaPavel Březina /* netgroup dn */
42870c7ac3608ffc58f2c9524ad3dfc1401bc1aaPavel Březina msg->dn = sysdb_netgroup_dn(sysdb, msg, sysdb->domain, name);
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek /* creation time */
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Add-Netgroup-Function==================================================== */
96453f402831275a39d5fb89c33c9776e148d03fStephen Gallagherint sysdb_add_netgroup(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* try to add the netgroup */
505e75ba28b42bb3de7a6d55de825091b70cc2b2Stephen Gallagher ret = sysdb_add_basic_netgroup(sysdb, name, description);
5f73b623fc72e3b9b3590420825f30e618b4d4ddPavel Březina ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher ret = sysdb_set_netgroup_attr(sysdb, sysdb->domain, name, attrs, SYSDB_MOD_REP);
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher DEBUG(SSSDBG_MINOR_FAILURE, ("Could not remove missing attributes\n"));
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Store-Users-(Native/Legacy)-(replaces-existing-data)================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* if one of the basic attributes is empty ("") as opposed to NULL,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * this will just remove it */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (pwd && (sysdb->domain->legacy_passwords || !*pwd)) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_PWD, pwd);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_search_user_by_name(tmp_ctx, sysdb, sysdb->domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* get transaction timestamp */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* users doesn't exist, turn into adding a user */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_add_user(sysdb, name, uid, gid, gecos, homedir,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher shell, orig_dn, attrs, cache_timeout, now);
213ce2a78b1abe3921d8dc13c949a28130d00aecJan Zeleny /* This may be a user rename. If there is a user with the
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny * same UID, remove it and try to add the basic user again
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_delete_user(sysdb, NULL, uid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Not found by UID, return the original EEXIST,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny * this may be a conflict in MPG domain or something
71ad247500b417836a1a2edec257a4433a7c415fJan Zeleny ("A user with the same UID [%llu] was removed from the "
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_add_user(sysdb, name, uid, gid, gecos, homedir,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher shell, orig_dn, attrs, cache_timeout, now);
88275cccddf39892e01682b39b02292eb74729bdPavel Březina /* Handle the result of sysdb_add_user */
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Could not add user\n"));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* the user exists, let's just replace attributes when set */
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_UIDNUM, uid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, uid);
92ae9d2b909d0fd4a522a270157926878b5d0862Stephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_GECOS, gecos);
e92ecf948387d1687a5e772ac86e606b1b6af957Stephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_HOMEDIR, homedir);
cc84fd46f356c4a36a721ab135a33ec77c93e34dJakub Hrozek ret = sysdb_attrs_add_string(attrs, SYSDB_SHELL, shell);
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
1a7d1977037864e52858058777af8ff8401547ddJan Cholasta ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sysdb_set_user_attr(sysdb, sysdb->domain, name, attrs, SYSDB_MOD_REP);
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher DEBUG(4, ("Could not remove missing attributes\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher/* =Store-Group-(Native/Legacy)-(replaces-existing-data)================== */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher/* this function does not check that all user members are actually present */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherint sysdb_store_group(struct sysdb_ctx *sysdb,
6a9bdb6289bb374d203861cef16f312185725cbcPavel Zuna static const char *src_attrs[] = { SYSDB_NAME, SYSDB_GIDNUM,
6a9bdb6289bb374d203861cef16f312185725cbcPavel Zuna bool new_group = false;
fe2091327ff44f80d6681c261494e4432404e9baStephen Gallagher ret = sysdb_search_group_by_name(tmp_ctx, sysdb, sysdb->domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* get transaction timestamp */
87c07559af5cfcd2752295ef7c425bd3205f426fStephen Gallagher /* FIXME: use the remote modification timestamp to know if the
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * group needs any update */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* group doesn't exist, turn into adding a group */
6a9bdb6289bb374d203861cef16f312185725cbcPavel Zuna ret = sysdb_add_group(sysdb, name, gid, attrs, cache_timeout, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* This may be a group rename. If there is a group with the
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * same GID, remove it and try to add the basic group again
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_delete_group(sysdb, NULL, gid);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* Not found by GID, return the original EEXIST,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher * this may be a conflict in MPG domain or something
adc4351a04cef89ced2dbb240180e5d00fd8dd3cStephen Gallagher ("A group with the same GID [%llu] was removed from the "
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_add_group(sysdb, name, gid, attrs, cache_timeout, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* the group exists, let's just replace attributes when set */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
9d7d4458d94d0aac0a7edf999368eb18f89cb76aJakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_group_attr(sysdb, sysdb->domain, name, attrs, SYSDB_MOD_REP);
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
86b61156743b7ebdc049450a6f88452890fd9a61Jakub Hrozek/* =Add-User-to-Group(Native/Legacy)====================================== */
654757bcead49427baaeb1b368c0e3433b67c51aJan Engelhardtsysdb_group_membership_mod(struct sysdb_ctx *sysdb,
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose const char *group,
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose const char *member,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher member_dn = sysdb_user_dn(sysdb, tmp_ctx, sysdb->domain, member);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher member_dn = sysdb_group_dn(sysdb, tmp_ctx, sysdb->domain, member);
667db40da4db362d7ca0a1f7f1c4ba40fb71795aJakub Hrozek group_dn = sysdb_group_dn(sysdb, tmp_ctx, sysdb->domain, group);
60e51fd2764291df2332f36ff478777627d92b57Sumit Bose ret = sysdb_mod_group_member(sysdb, member_dn, group_dn, modify_op);
60e51fd2764291df2332f36ff478777627d92b57Sumit Boseint sysdb_add_group_member(struct sysdb_ctx *sysdb,
c080a11e9e88f35e40aff4e476cabbd971833019Sumit Bose const char *member,
c080a11e9e88f35e40aff4e476cabbd971833019Sumit Bose return sysdb_group_membership_mod(sysdb, group, member, type, SYSDB_MOD_ADD);
c080a11e9e88f35e40aff4e476cabbd971833019Sumit Bose/* =Remove-member-from-Group(Native/Legacy)=============================== */
c080a11e9e88f35e40aff4e476cabbd971833019Sumit Boseint sysdb_remove_group_member(struct sysdb_ctx *sysdb,
c080a11e9e88f35e40aff4e476cabbd971833019Sumit Bose const char *group,
c080a11e9e88f35e40aff4e476cabbd971833019Sumit Bose const char *member,
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke return sysdb_group_membership_mod(sysdb, group, member, type, SYSDB_MOD_DEL);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke/* =Password-Caching====================================================== */
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzkeint sysdb_cache_password(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(4, ("Failed to generate random salt.\n"));
2a5790216f57e9bdfb2930d52860bb5300366536Jakub Hrozek ret = s3crypt_sha512(tmp_ctx, password, salt, &hash);
2a5790216f57e9bdfb2930d52860bb5300366536Jakub Hrozek DEBUG(4, ("Failed to create password hash.\n"));
0d7e647da737b71a7dbbe0bb5f94af18017e5aa9Maxim ret = sysdb_attrs_add_string(attrs, SYSDB_CACHEDPWD, hash);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* FIXME: should we use a different attribute for chache passwords ?? */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_long(attrs, "lastCachedPasswordChange",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_uint32(attrs, SYSDB_FAILED_LOGIN_ATTEMPTS, 0U);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_set_user_attr(sysdb, sysdb->domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher/* =Custom Search================== */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherint sysdb_search_custom(TALLOC_CTX *mem_ctx,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher basedn = sysdb_custom_subtree_dn(sysdb, mem_ctx,
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher ret = sysdb_search_entry(mem_ctx, sysdb, basedn,
f1ce53a3b5656361557f80f61dfd42a371230c65Stephen Gallagherint sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher if (object_name == NULL || subtree_name == NULL) {
4b6a0d0b3d42e5fdb457f47d9adfa5e66b160256Stephen Gallagher ret = sysdb_search_entry(tmp_ctx, sysdb, basedn,
4b6a0d0b3d42e5fdb457f47d9adfa5e66b160256Stephen Gallagher LDB_SCOPE_BASE, NULL, attrs, &count, &msgs);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(1, ("More than one result found.\n"));
f1ce53a3b5656361557f80f61dfd42a371230c65Stephen Gallagher/* =Custom Store (replaces-existing-data)================== */
f1ce53a3b5656361557f80f61dfd42a371230c65Stephen Gallagherint sysdb_store_custom(struct sysdb_ctx *sysdb,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *search_attrs[] = { "*", NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (object_name == NULL || subtree_name == NULL) {
78395373edc3fcf62847de2c630b656967222901Stephen Gallagher ret = sysdb_search_custom_by_name(tmp_ctx, sysdb,
78fe240e7c47f45c87cdfba0107fca6390401137Stephen Gallagher sysdb->domain, object_name, subtree_name);
e9ea1b4e59384cdfe3accdf31e5c579c3dad5591Stephen Gallagher msg->elements = talloc_array(msg, struct ldb_message_element, attrs->num);
1183d29d87c5c7439cf2364b7d7324d4a13b6e35Stephen Gallagher msg->elements[i].flags = LDB_FLAG_MOD_ADD;
if (add_object) {
done:
if (ret) {
return ret;
const char *object_name,
const char *subtree_name)
int ret;
return EINVAL;
if (!tmp_ctx) {
return ENOMEM;
goto done;
switch (ret) {
case LDB_SUCCESS:
case LDB_ERR_NO_SUCH_OBJECT:
done:
return ret;
const char *expression,
const char *asq_attribute,
const char **attrs,
int ret;
if (!tmp_ctx) {
return ENOMEM;
goto fail;
goto fail;
goto fail;
goto fail;
if (!res) {
goto fail;
goto fail;
if (ret) {
goto fail;
return EOK;
fail:
else if (ret) {
return ret;
const char *sub_filter,
const char **attrs,
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
if (!basedn) {
goto fail;
if (!filter) {
goto fail;
if (ret) {
goto fail;
return EOK;
fail:
else if (ret) {
return ret;
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
if (name) {
const char *c_name;
goto fail;
goto fail;
if (ret) {
goto fail;
goto fail;
goto fail;
for (i = 0; i < msg_count; i++) {
if (!msg) {
goto fail;
goto fail;
return EOK;
fail:
return ret;
const char *sub_filter,
const char **attrs,
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
if (!basedn) {
goto fail;
if (!filter) {
goto fail;
if (ret) {
goto fail;
return EOK;
fail:
else if (ret) {
return ret;
int ret;
if (!tmp_ctx) {
return ENOMEM;
if (name) {
if (ret) {
goto fail;
const char *c_name;
goto fail;
goto fail;
if (ret) {
goto fail;
return EOK;
fail:
return ret;
const char *sub_filter,
const char **attrs,
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
if (!basedn) {
goto fail;
if (!filter) {
goto fail;
if (ret) {
goto fail;
return EOK;
fail:
return ret;
const char *name)
int ret;
if (!tmp_ctx) {
return ENOMEM;
goto done;
goto done;
goto done;
done:
return ret;
int ret;
int failed_login_delay;
if (!tmp_ctx) {
return ENOMEM;
goto done;
goto done;
if (failed_login_delay) {
*failed_login_attempts = 0;
goto done;
goto done;
done:
return ret;
const char *name,
const char *password,
bool just_check,
const char *userhash;
char *comphash;
int cred_expiration;
bool authentication_successful = false;
int ret;
return EINVAL;
return EINVAL;
return EINVAL;
return EINVAL;
if (!tmp_ctx) {
return ENOMEM;
if (ret) {
return ret;
goto done;
goto done;
if (cred_expiration) {
expire_date = 0;
goto done;
expire_date = 0;
goto done;
goto done;
if (ret) {
goto done;
goto done;
authentication_successful = true;
if (just_check) {
goto done;
goto done;
goto done;
authentication_successful = false;
goto done;
goto done;
if (ret) {
done:
if (ret) {
if (ret) {
if (authentication_successful) {
return ret;
const char *member,
const char *const *add_groups,
const char *const *del_groups)
bool in_transaction = false;
if(!tmp_ctx) {
return ENOMEM;
goto done;
in_transaction = true;
if (add_groups) {
for (i = 0; add_groups[i]; i++) {
type);
if (del_groups) {
for (i = 0; del_groups[i]; i++) {
type);
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
const char *name,
char **remove_attrs)
bool in_transaction = false;
int lret;
size_t i;
switch(type) {
case SYSDB_MEMBER_USER:
case SYSDB_MEMBER_GROUP:
case SYSDB_MEMBER_NETGROUP:
case SYSDB_MEMBER_SERVICE:
goto done;
goto done;
in_transaction = true;
for (i = 0; remove_attrs[i]; i++) {
goto done;
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;