/*
SSSD
System Database - View and Override related calls
Copyright (C) 2014 Sumit Bose <sbose@redhat.com>
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "db/sysdb_private.h"
#include "db/sysdb_domain_resolution_order.h"
/* In general is should not be possible that there is a view container without
* a view name set. But to be on the safe side we return both information
* separately. */
char **_view_name,
bool *view_container_exists)
{
const char *tmp_str;
NULL};
return ENOMEM;
}
if (view_base_dn == NULL) {
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
goto done;
}
*view_container_exists = false;
goto done;
} else {
*view_container_exists = true;
NULL);
goto done;
}
}
done:
return ret;
}
char **view_name)
{
bool view_container_exists;
}
const char *view_name)
{
char *tmp_str;
bool view_container_exists = false;
bool add_view_name = false;
return ENOMEM;
}
goto done;
}
/* view name already known, nothing to do */
goto done;
} else {
/* view name changed */
}
} else {
add_view_name = true;
}
goto done;
}
goto done;
}
NULL);
if (ret != LDB_SUCCESS) {
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
if (view_container_exists) {
} else {
}
if (ret != LDB_SUCCESS) {
"Failed to %s view container [%s](%d)[%s]\n",
goto done;
}
done:
return ret;
}
const char **_domain_resolution_order)
{
return ENOMEM;
}
goto done;
}
done:
return ret;
}
const char *domain_resolution_order)
{
return ENOMEM;
}
goto done;
}
"sysdb_update_domain_resolution_order() failed [%d]: [%s].\n",
goto done;
}
done:
return ret;
}
{
int ret;
return ENOMEM;
}
goto done;
}
goto done;
}
done:
return ret;
}
struct ldb_message *msg_del,
struct ldb_message *msg_repl)
{
int ret;
"ldb_modify failed: [%s](%d)[%s]\n",
return sysdb_error_to_errno(ret);
}
"ldb_modify failed: [%s](%d)[%s]\n",
return sysdb_error_to_errno(ret);
}
"ldb_modify failed: [%s](%d)[%s]\n",
return sysdb_error_to_errno(ret);
}
}
return EOK;
}
{
int ret;
int sret;
bool in_transaction = false;
size_t c;
"Timestamp cache context not available, cache might not be "
"invalidated completely. Please call 'sss_cache -E' or remove "
"the cache file if there are issues after a view name change.\n");
}
return ENOMEM;
}
goto done;
}
goto done;
}
NULL);
if (ret != LDB_SUCCESS) {
goto done;
}
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
goto done;
}
in_transaction = true;
if (ret != LDB_SUCCESS) {
goto done;
}
msg_repl);
"invalidate_entry_override failed [%d][%s].\n",
goto done;
}
}
if (ret != LDB_SUCCESS) {
goto done;
}
msg_repl);
"invalidate_entry_override failed [%d][%s].\n",
goto done;
}
}
done:
if (in_transaction) {
"nothing we can do about.\n");
}
} else {
"nothing we can do about.\n");
}
}
}
return ret;
}
static errno_t
struct sysdb_attrs *attrs,
bool add_name,
const char *name_override)
{
int ret;
if (add_name) {
return ret;
}
}
if (!domain->case_sensitive) {
} else {
}
return ret;
}
return EOK;
}
const char *view_name,
enum sysdb_member_type type,
{
const char *anchor;
int ret;
const char *override_dn_str;
const char *obj_dn_str;
NULL};
const char *obj_override_dn;
bool add_ref = true;
size_t c;
bool in_transaction = false;
bool has_override = true;
const char *name_override;
goto done;
}
has_override = true;
&anchor);
"Missing anchor in override attributes.\n");
goto done;
}
if (override_dn == NULL) {
goto done;
}
} else {
/* if there is no override for the given object, just store the DN of
* the object iself in the SYSDB_OVERRIDE_DN attribute to indicate
* that it was checked if an override exists and none was found. */
has_override = false;
}
goto done;
}
} else {
}
goto done;
}
if (count != 1) {
goto done;
}
NULL);
if (obj_override_dn != NULL) {
/* obj_override_dn can either point to the object itself, i.e there is
* no override, or to a override object. This means it can change from
* the object DN to a override DN and back but not from one override
* DN to a different override DN. If the new and the old DN are the
* same we do not need to update the original object. */
"Existing [%s] and new [%s] override DN do not match.\n",
goto done;
}
} else {
add_ref = false;
}
}
return sysdb_error_to_errno(ret);
}
in_transaction = true;
if (has_override) {
"ldb_delete failed, maybe object did not exist. Ignoring.\n");
}
"add_name_and_aliases_for_name_override failed.\n");
goto done;
}
goto done;
}
goto done;
}
goto done;
}
/* Set num_values to 1 because by default user and group overrides
* use the same attribute name for the GID and this cause SSSD
* machinery to add the same value twice */
}
}
if (ret != LDB_SUCCESS) {
goto done;
}
switch(type) {
case SYSDB_MEMBER_USER:
break;
case SYSDB_MEMBER_GROUP:
break;
default:
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
NULL);
if (ret != LDB_SUCCESS) {
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
if (ret != LDB_SUCCESS) {
"Failed to store override entry: %s(%d)[%s]\n",
goto done;
}
}
if (add_ref) {
goto done;
}
NULL);
if (ret != LDB_SUCCESS) {
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
if (ret != LDB_SUCCESS) {
"Failed to store override DN: %s(%d)[%s]\n",
goto done;
}
}
done:
if (in_transaction) {
} else {
}
}
return ret;
}
struct sysdb_attrs *attrs,
const char **allowed_attrs)
{
int ret;
size_t c;
char *orig_attr_name;
return ENOMEM;
}
goto done;
}
/* Safe original values in attributes prefixed by OriginalAD. */
for (c = 0; allowed_attrs[c] != NULL; c++) {
allowed_attrs[c]);
if (orig_attr_name == NULL) {
goto done;
}
"sysdb_attrs_add_val failed.\n");
goto done;
}
} else {
"Original object does not have [%s] set.\n",
allowed_attrs[c]);
}
}
/* Add existing aliases to new ones */
for (c = 0; c < el->num_values; c++) {
/* To avoid issue with ldb_modify if e.g. the original and the
* override name are the same, we use the *_safe version here. */
goto done;
}
}
}
done:
return ret;
}
struct sysdb_attrs *override_attrs,
{
int ret;
size_t c;
size_t d;
NULL };
bool override_attrs_found = false;
bool is_cert = false;
if (override_attrs == NULL) {
/* nothing to do */
return EOK;
}
return ENOMEM;
}
goto done;
}
for (c = 0; allowed_attrs[c] != NULL; c++) {
&el);
override_attrs_found = true;
"String attribute does not end with \\0.\n");
goto done;
}
true,
"add_name_and_aliases_for_name_override failed.\n");
goto done;
}
} else {
/* Only SYSDB_SSH_PUBKEY and SYSDB_USER_CERT are allowed to
* have multiple values. */
&& num_values != 1) {
"Override attribute for [%s] has more [%zd] " \
"than one value, using only the first.\n",
allowed_attrs[c], num_values);
num_values = 1;
}
is_cert = false;
/* Certificates in overrides are explicitly used to map
* users to certificates, so we add them to
* SYSDB_USER_MAPPED_CERT as well. */
is_cert = true;
if (mapped_attrs == NULL) {
if (mapped_attrs == NULL) {
"sysdb_new_attrs failed.\n");
goto done;
}
}
}
for (d = 0; d < num_values; d++) {
"sysdb_attrs_add_val failed.\n");
goto done;
}
if (is_cert) {
"sysdb_attrs_add_val failed.\n");
goto done;
}
}
"Override [%s] with [%.*s] for [%s].\n",
}
}
"sysdb_set_entry_attr failed.\n");
goto done;
}
}
} else {
goto done;
}
}
if (override_attrs_found) {
goto done;
}
goto done;
}
if (mapped_attrs != NULL) {
"sysdb_set_entry_attr failed, ignored.\n");
}
}
}
done:
return ret;
}
#define SYSDB_USER_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_USER_UID_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")("SYSDB_UIDNUM"=%lu))"
#define SYSDB_GROUP_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_GROUP_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
#define SYSDB_GROUP_GID_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_GROUP_CLASS")("SYSDB_GIDNUM"=%lu))"
enum override_object_type {
OO_TYPE_UNDEF = 0,
};
struct sss_domain_info *domain,
const char *cert,
const char **attrs,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
char *cert_filter;
int ret;
const char *orig_obj_dn;
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
}
NULL, &cert_filter);
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
if (override_res->count == 0) {
cert);
goto done;
"Found more than one override for cert [%s].\n", cert);
goto done;
}
NULL);
if (orig_obj_dn == NULL) {
"Missing link to original object in override [%s].\n",
goto done;
}
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
}
done:
return ret;
}
struct sss_domain_info *domain,
const char *name,
const char *filter,
const char **attrs,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
char *sanitized_name;
char *lc_sanitized_name;
int ret;
const char *orig_obj_dn;
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
}
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
if (override_res->count == 0) {
name);
goto done;
"Found more than one override for name [%s].\n", name);
goto done;
}
NULL);
if (orig_obj_dn == NULL) {
"Missing link to original object in override [%s].\n",
goto done;
}
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
}
done:
return ret;
}
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
}
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
}
struct sss_domain_info *domain,
const char *name,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
}
struct sss_domain_info *domain,
const char *name,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
}
struct sss_domain_info *domain,
unsigned long int id,
enum override_object_type type,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
const char **attrs;
int ret;
const char *orig_obj_dn;
const char *filter;
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
}
switch(type) {
case OO_TYPE_USER:
attrs = user_attrs;
break;
case OO_TYPE_GROUP:
attrs = group_attrs;
break;
default:
type);
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
if (override_res->count == 0) {
"No user override found for %s with id [%lu].\n",
goto done;
"Found more than one override for id [%lu].\n", id);
goto done;
}
NULL);
if (orig_obj_dn == NULL) {
"Missing link to original object in override [%s].\n",
goto done;
}
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
}
done:
return ret;
}
struct sss_domain_info *domain,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
}
struct sss_domain_info *domain,
struct ldb_result **override_obj,
struct ldb_result **orig_obj)
{
}
/**
* @brief Add override data to the original object
*
* @param[in] domain Domain struct, needed to access the cache
* @oaram[in] obj The original object
* @param[in] override_obj The object with the override data, may be NULL
* @param[in] req_attrs List of attributes to be requested, if not set a
* default list dependig on the object type will be used
*
* @return EOK - Override data was added successfully
* @return ENOMEM - There was insufficient memory to complete the operation
* @return ENOENT - The original object did not have the SYSDB_OVERRIDE_DN
* attribute or the value of the attribute points an object
* which does not exists. Both conditions indicate that the
* cache must be refreshed.
*/
struct ldb_message *obj,
struct ldb_message *override_obj,
const char **req_attrs)
{
int ret;
const char *override_dn_str;
const char **attrs;
struct attr_map {
const char *attr;
const char *new_attr;
} attr_map[] = {
};
size_t c;
size_t d;
return ENOMEM;
}
if (override_obj == NULL) {
if (override_dn_str == NULL) {
/* LOCAL view doesn't have to have overrideDN specified. */
goto done;
}
"Missing override DN for object [%s].\n",
goto done;
}
if (override_dn == NULL) {
goto done;
}
goto done;
}
if (uid == 0) {
/* No UID hence group object */
attrs = group_attrs;
} else {
attrs = user_attrs;
}
}
if (ret != LDB_SUCCESS) {
goto done;
}
goto done;
} else {
"Base search for override object returned [%d] results.\n",
goto done;
}
} else {
}
for (d = 0; d < tmp_el->num_values; d++) {
if (ret != LDB_SUCCESS) {
goto done;
}
}
}
}
done:
return ret;
}
struct ldb_message *obj,
bool expect_override_dn)
{
int ret;
size_t c;
const char *override_dn_str;
const char *memberuid;
const char *orig_name;
char *orig_domain;
char *val;
goto done;
}
&res_members);
goto done;
"sysdb_get_user_members_recursively failed.\n");
goto done;
}
for (c = 0; c < res_members->count; c++) {
SYSDB_UIDNUM, 0) == 0) {
/* Skip non-POSIX-user members i.e. groups and non-POSIX users */
continue;
}
if (expect_override_dn) {
NULL);
} else {
}
if (override_dn_str == NULL) {
/* LOCAL view doesn't have to have overrideDN specified. */
goto done;
}
"Missing override DN for object [%s].\n",
goto done;
}
if (override_dn == NULL) {
goto done;
}
NULL);
goto done;
}
/* start with default view name, if it exists or use NULL */
NULL);
/* If there is an override object, check if the name is overridden */
if (ret != LDB_SUCCESS) {
goto done;
}
"Base search for override object returned [%d] results.\n",
goto done;
}
}
/* add domain name if memberuid is a short name */
NULL, &orig_domain);
"sss_parse_internal_fqname failed to split [%s].\n",
goto done;
}
if (orig_domain != NULL) {
orig_domain, true);
"Cannot find domain with name [%s].\n",
goto done;
}
"sss_create_internal_fqname failed.\n");
goto done;
}
}
}
}
goto done;
}
if (ret != LDB_SUCCESS) {
goto done;
}
}
done:
return ret;
}
struct ldb_message_element *
const struct ldb_message *msg,
const char *attr_name)
{
char *override_attr_name;
if (DOM_HAS_VIEWS(dom)) {
goto done;
}
if (override_attr_name == NULL) {
goto done;
}
goto done;
}
}
done:
return val;
}
const struct ldb_message *msg,
const char *attr_name,
{
char *override_attr_name;
if (DOM_HAS_VIEWS(dom)) {
val = default_value;
goto done;
}
if (override_attr_name == NULL) {
val = default_value;
goto done;
}
goto done;
}
}
done:
return val;
}
const struct ldb_message *msg,
const char *attr_name,
const char * default_value)
{
const char *val;
char *override_attr_name;
if (DOM_HAS_VIEWS(dom)) {
val = default_value;
goto done;
}
if (override_attr_name == NULL) {
val = default_value;
goto done;
}
goto done;
}
}
done:
return val;
}