e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny System Database - Sub-domain related calls
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny Copyright (C) 2012 Jan Zeleny <jzeleny@redhat.com>
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny Copyright (C) 2012 Sumit Bose <sbose@redhat.com>
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny This program is free software; you can redistribute it and/or modify
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny it under the terms of the GNU General Public License as published by
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny the Free Software Foundation; either version 3 of the License, or
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny (at your option) any later version.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny This program is distributed in the hope that it will be useful,
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny GNU General Public License for more details.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny You should have received a copy of the GNU General Public License
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidêncio#include "db/sysdb_domain_resolution_order.h"
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židekcheck_subdom_config_file(struct confdb_ctx *confdb,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozekstruct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek const char *name,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek const char *id,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek "Creating [%s] as subdomain of [%s]!\n", name, parent->name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom = talloc_zero(mem_ctx, struct sss_domain_info);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek /* Sub-domains always have the same view as the parent */
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->view_name = talloc_strdup(dom, parent->view_name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy parent's view name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy domain name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->provider = talloc_strdup(dom, parent->provider);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy provider name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->conn_name = talloc_strdup(dom, parent->conn_name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy connection name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy realm name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->flat_name = talloc_strdup(dom, flat_name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy flat name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy id.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy forest.\n");
8718ff9ccd29f6431bfa8630bfa3576b2692c9eeJakub Hrozek dom->upn_suffixes = dup_string_list(dom, upn_suffixes);
8718ff9ccd29f6431bfa8630bfa3576b2692c9eeJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy UPN upn_suffixes.\n");
86526891366c4bc3e1ee861143b736d2670a6ba8Fabiano Fidêncio /* use fully qualified names as output in order to avoid causing
86526891366c4bc3e1ee861143b736d2670a6ba8Fabiano Fidêncio * conflicts with users who have the same name and either the
86526891366c4bc3e1ee861143b736d2670a6ba8Fabiano Fidêncio * shortname user resolution is enabled or the trusted domain has
86526891366c4bc3e1ee861143b736d2670a6ba8Fabiano Fidêncio * been explicitly set to use non-fully qualified names as input.
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek /* If the parent domain filters out group members, the subdomain should
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek * as well if configured */
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->ignore_group_members = parent->ignore_group_members;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek /* If the parent domain explicitly limits ID ranges, the subdomain
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek * should honour the limits as well.
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->id_min = parent->id_min ? parent->id_min : 0;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->id_max = parent->id_max ? parent->id_max : 0xffffffff;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->pwd_expiration_warning = parent->pwd_expiration_warning;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->cache_credentials = parent->cache_credentials;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->netgroup_timeout = parent->netgroup_timeout;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->service_timeout = parent->service_timeout;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->override_homedir = parent->override_homedir;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->fallback_homedir = parent->fallback_homedir;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->subdomain_homedir = parent->subdomain_homedir;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n");
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek /* If confdb was provided, also check for sssd.conf */
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek "Failed to read subdomain configuration [%d]: %s",
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židekcheck_subdom_config_file(struct confdb_ctx *confdb,
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek sd_conf_path = subdomain_create_conf_path(tmp_ctx, subdomain);
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek /* use_fully_qualified_names */
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek ret = confdb_get_bool(confdb, sd_conf_path, CONFDB_DOMAIN_FQ,
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek "Failed to get %s option for the subdomain: %s\n",
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židek DEBUG(SSSDBG_CONF_SETTINGS, "%s/%s has value %s\n",
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozekstatic bool is_forest_root(struct sss_domain_info *d)
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek /* IPA subdomain provider saves/saved trusted forest root domains
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek * without the forest attribute. Those are automatically forest
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return true;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek if (d->realm && (strcasecmp(d->forest, d->realm) == 0)) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return true;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return false;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozekstatic bool is_same_forest(struct sss_domain_info *root,
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek && strcasecmp(member->forest, root->realm) == 0) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return true;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return false;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozekstatic void link_forest_roots(struct sss_domain_info *domain)
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (d = domain; d; d = get_next_domain(d, gnd_flags)) {
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (d = domain; d; d = get_next_domain(d, gnd_flags)) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek if (is_forest_root(d) == true) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "[%s] is a forest root\n", d->name);
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (dd = domain; dd; dd = get_next_domain(dd, gnd_flags)) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek "[%s] is a forest root of [%s]\n",
a63d74f65db2db7389cd373cb37adcdaaa2d56eaMichal Židekerrno_t sysdb_update_subdomains(struct sss_domain_info *domain,
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce basedn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, SYSDB_BASE);
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce /* disable all domains,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * let the search result refresh any that are still valid */
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) {
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce name = ldb_msg_find_attr_as_string(res->msgs[i], "cn", NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "The object [%s] doesn't have a name\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[i]->dn));
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce realm = ldb_msg_find_attr_as_string(res->msgs[i],
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek enumerate = ldb_msg_find_attr_as_bool(res->msgs[i],
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose forest = ldb_msg_find_attr_as_string(res->msgs[i],
a8a3fcbf6f75a7c2665e8bf503c186e07dfab333Jakub Hrozek tmp_el = ldb_msg_find_element(res->msgs[i], SYSDB_UPN_SUFFIXES);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose upn_suffixes = sss_ldb_el_to_string_list(tmp_ctx, tmp_el);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n");
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek trust_direction = ldb_msg_find_attr_as_int(res->msgs[i],
2bbc9d6f8d5f2c1b07fd6968314b7f530b7f3a4dMichal Židek dom = get_next_domain(dom, SSS_GND_INCLUDE_DISABLED)) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce /* in theory these may change, but it should never happen */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Realm name changed from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Flat name changed from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Domain changed from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "MPG state change from [%s] to [%s]!\n",
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek "enumerate state change from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Forest changed from [%s] to [%s]!\n",
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose dom->upn_suffixes = talloc_steal(dom, upn_suffixes);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* maybe views are not initialized, copy from parent */
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Failed to copy parent's view name.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Sub-domain [%s][%s] and parent [%s][%s] " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "views are different.\n",
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose dom->parent->has_views ? "has view" : "has no view",
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek "Trust direction change from [%d] to [%d]!\n",
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce /* If not found in loop it is a new subdomain */
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek dom = new_subdomain(domain, domain, name, realm,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce DLIST_ADD_END(domain->subdomains, dom, struct sss_domain_info *);
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorceerrno_t sysdb_master_domain_update(struct sss_domain_info *domain)
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Base search returned [%d] results, "
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_REALM,
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce (domain->realm == NULL || strcasecmp(tmp_str, domain->realm) != 0)) {
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FLAT,
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce domain->flat_name = talloc_strdup(domain, tmp_str);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_ID,
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce domain->domain_id = talloc_strdup(domain, tmp_str);
17195241500e46272018d7897d6e87249870caf2Pavel Reichl tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST,
17195241500e46272018d7897d6e87249870caf2Pavel Reichl domain->forest = talloc_strdup(domain, tmp_str);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose domain->upn_suffixes = sss_ldb_el_to_string_list(domain, tmp_el);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose ret = sysdb_get_view_name(tmp_ctx, domain->sysdb, &view_name);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* If no view is defined the default view will be used. In this case
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->has_views is FALSE and
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->view_name is set to SYSDB_DEFAULT_VIEW_NAME
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * If there is a view defined
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->has_views is TRUE and
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->view_name is set to the given view name
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Currently changing the view is not supported hence we have to check for
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * changes and error out accordingly.
9ac2a33f4cdc4941fa63118dcffe8058854f33c4Michal Židek if (ret == ENOENT || is_default_view(view_name)) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* handle default view */
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name change is currently not supported. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "New view is the default view while current view is [%s]. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name is not changed!\n", domain->view_name);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose if (strcmp(domain->view_name, SYSDB_DEFAULT_VIEW_NAME) != 0) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Domain [%s] has no view but view name [%s] " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "is not the default view name [%s].\n",
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* handle view other than default */
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name change is currently not supported. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "New view is [%s] while current view is [%s]. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name is not changed!\n",
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose domain->view_name = talloc_steal(domain, view_name);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_steal failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose if (strcmp(domain->view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name change is currently not supported. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "New view is [%s] while current is the default view. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Domain currently has no views, " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "but current view name is set to [%s] " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "and new view name is [%s].\n",
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorceerrno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek const char *flat,
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek const char *id,
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose const char *forest,
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce if (flat != NULL && (domain->flat_name == NULL ||
7fe69bb6ec70bce439c6b975a9a0044c98ff502bSimo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT,
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat);
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, id);
17195241500e46272018d7897d6e87249870caf2Pavel Reichl if (forest != NULL && (domain->forest == NULL ||
17195241500e46272018d7897d6e87249870caf2Pavel Reichl ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST,
17195241500e46272018d7897d6e87249870caf2Pavel Reichl ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM,
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose upn_suffixes->name = talloc_strdup(upn_suffixes, SYSDB_UPN_SUFFIXES);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose ret = ldb_msg_add(msg, upn_suffixes, LDB_FLAG_MOD_REPLACE);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose /* Remove alternative_domain_suffixes from the cache */
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny if (do_update == false) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorceerrno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name);
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek if (trust_direction) td_flags = LDB_FLAG_MOD_ADD;
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce } else { /* 1 found */
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (!tmp_str || strcasecmp(tmp_str, realm) != 0) {
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (!tmp_str || strcasecmp(tmp_str, flat_name) != 0) {
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (!tmp_str || strcasecmp(tmp_str, domain_id) != 0) {
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_MPG,
b3458bbb5315b05d7ac1abc58f1c380761756603Jakub Hrozek tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_ENUM,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (!tmp_str || strcasecmp(tmp_str, forest) != 0) {
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek tmp_td = ldb_msg_find_attr_as_uint(res->msgs[0],
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose /* Luckily ldb_msg_element_compare() only compares the values and
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose * not the name. */
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose || ldb_msg_element_compare(upn_suffixes, tmp_el) != 0) {
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek && mpg_flags == 0 && enum_flags == 0 && forest_flags == 0
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_OBJECTCLASS, SYSDB_SUBDOMAIN_CLASS);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM, realm_flags, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT, flat_flags, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat_name);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, id_flags, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, domain_id);
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_MPG, mpg_flags, NULL);
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_MPG,
b3458bbb5315b05d7ac1abc58f1c380761756603Jakub Hrozek ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ENUM, enum_flags, NULL);
b3458bbb5315b05d7ac1abc58f1c380761756603Jakub Hrozek ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ENUM,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST, forest_flags,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose tmp_el = talloc_zero(tmp_ctx, struct ldb_message_element);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorceerrno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name)
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Removing sub-domain [%s] from db.\n", name);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_delete_recursive failed.\n");
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidênciosysdb_domain_get_domain_resolution_order(TALLOC_CTX *mem_ctx,
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidêncio dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain_name);
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidêncio ret = sysdb_get_domain_resolution_order(mem_ctx, sysdb, dn,
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidênciosysdb_domain_update_domain_resolution_order(struct sysdb_ctx *sysdb,
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidêncio dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, domain_name);
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidêncio ret = sysdb_update_domain_resolution_order(sysdb, dn,
3cbf0e7b63e8e6888917e9215bbdc5674c2fa852Fabiano Fidêncio "sysdb_update_domain_resolution_order() failed [%d]: [%s].\n",
e16539779668dacff868999bd59dbf33e3eab872Pavel Březina const char **_site)
e16539779668dacff868999bd59dbf33e3eab872Pavel Březina ret = ldb_search(dom->sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
e16539779668dacff868999bd59dbf33e3eab872Pavel Březina "Got more than one reply for base search!\n");
e16539779668dacff868999bd59dbf33e3eab872Pavel Březina *_site = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SITE, NULL);
e16539779668dacff868999bd59dbf33e3eab872Pavel Březina ret = ldb_msg_add_empty(msg, SYSDB_SITE, LDB_FLAG_MOD_REPLACE, NULL);
e16539779668dacff868999bd59dbf33e3eab872Pavel Březina ret = ldb_msg_add_string(msg, SYSDB_SITE, site);
e16539779668dacff868999bd59dbf33e3eab872Pavel Březina "ldb_modify()_failed: [%s][%d][%s]\n",