2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose System Database - View and Override related calls
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose Copyright (C) 2014 Sumit Bose <sbose@redhat.com>
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose This program is free software; you can redistribute it and/or modify
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose it under the terms of the GNU General Public License as published by
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose the Free Software Foundation; either version 3 of the License, or
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose (at your option) any later version.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose This program is distributed in the hope that it will be useful,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose GNU General Public License for more details.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose You should have received a copy of the GNU General Public License
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidêncio#include "db/sysdb_domain_resolution_order.h"
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidêncio#define SYSDB_VIEWS_BASE "cn=views,cn=sysdb"
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose/* In general is should not be possible that there is a view container without
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose * a view name set. But to be on the safe side we return both information
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose * separately. */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bosestatic errno_t sysdb_get_view_name_ex(TALLOC_CTX *mem_ctx,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose view_base_dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_VIEW_BASE);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = ldb_search(sysdb->ldb, tmp_ctx, &res, view_base_dn, LDB_SCOPE_BASE,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Base search returned [%d] results, "
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_VIEW_NAME,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose *_view_name = talloc_steal(mem_ctx, discard_const(tmp_str));
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Boseerrno_t sysdb_get_view_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose return sysdb_get_view_name_ex(mem_ctx, sysdb, view_name,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Boseerrno_t sysdb_update_view_name(struct sysdb_ctx *sysdb,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = sysdb_get_view_name_ex(tmp_ctx, sysdb, &tmp_str,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name_ex failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* view name already known, nothing to do */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "View name already in place.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* view name changed */
cd5033e86bb4065d75188e2b6ef287a4421344c8Sumit Bose "View name changed from [%s] to [%s].\n", tmp_str, view_name);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_VIEW_BASE);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_VIEW_NAME, view_name);
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik "Failed to %s view container [%s](%d)[%s]\n",
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb));
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidênciosysdb_get_view_domain_resolution_order(TALLOC_CTX *mem_ctx,
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidêncio dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_VIEWS_BASE);
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidêncio ret = sysdb_get_domain_resolution_order(mem_ctx, sysdb, dn,
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidênciosysdb_update_view_domain_resolution_order(struct sysdb_ctx *sysdb,
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidêncio dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_VIEWS_BASE);
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidêncio ret = sysdb_update_domain_resolution_order(sysdb, dn,
fb81f337b68c85471c3f5140850dccf549a2d0acFabiano Fidêncio "sysdb_update_domain_resolution_order() failed [%d]: [%s].\n",
fe2ab0d67fe8c66fb6352e9d8f845bb46d1848cbSumit Boseerrno_t sysdb_delete_view_tree(struct sysdb_ctx *sysdb, const char *view_name)
fe2ab0d67fe8c66fb6352e9d8f845bb46d1848cbSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
fe2ab0d67fe8c66fb6352e9d8f845bb46d1848cbSumit Bose dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_VIEW_SEARCH_BASE,
fe2ab0d67fe8c66fb6352e9d8f845bb46d1848cbSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
fe2ab0d67fe8c66fb6352e9d8f845bb46d1848cbSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_delete_recursive failed.\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bosestatic errno_t invalidate_entry_override(struct sysdb_ctx *sysdb,
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_ATTRIBUTE) {
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "ldb_modify failed: [%s](%d)[%s]\n",
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb));
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_ATTRIBUTE) {
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "ldb_modify failed: [%s](%d)[%s]\n",
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb));
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose if (ret != LDB_SUCCESS && ret != LDB_ERR_NO_SUCH_ATTRIBUTE) {
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "ldb_modify failed: [%s](%d)[%s]\n",
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb_ts));
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Boseerrno_t sysdb_invalidate_overrides(struct sysdb_ctx *sysdb)
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "Timestamp cache context not available, cache might not be "
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "invalidated completely. Please call 'sss_cache -E' or remove "
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "the cache file if there are issues after a view name change.\n");
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose base_dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_BASE);
87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595Lukas Slebodnik DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ret = ldb_msg_add_empty(msg_del, SYSDB_OVERRIDE_DN, LDB_FLAG_MOD_DELETE,
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ret = ldb_msg_add_empty(msg_repl, SYSDB_CACHE_EXPIRE,
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ret = ldb_msg_add_string(msg_repl, SYSDB_CACHE_EXPIRE, "1");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_transaction_start failed.\n");
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE,
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed.\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ret = invalidate_entry_override(sysdb, res->msgs[c]->dn, msg_del,
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "invalidate_entry_override failed [%d][%s].\n",
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose ret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_SUBTREE,
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed.\n");
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose ret = invalidate_entry_override(sysdb, res->msgs[c]->dn, msg_del,
4671acb949c65c5c080532e03b1b6f1c9377a6a5Sumit Bose "invalidate_entry_override failed [%d][%s].\n",
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_transaction_commit failed, " \
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose "nothing we can do about.\n");
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_transaction_cancel failed, " \
2fe140d3a41e1ac66400069d35adc9379348c1e5Sumit Bose "nothing we can do about.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Boseadd_name_and_aliases_for_name_override(struct sss_domain_info *domain,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_DEFAULT_OVERRIDE_NAME,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_lc_name_alias failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_lc_name_alias(attrs, name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_lc_name_alias failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Boseerrno_t sysdb_store_override(struct sss_domain_info *domain,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose struct sysdb_attrs *attrs, struct ldb_dn *obj_dn)
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_get_string(attrs, SYSDB_OVERRIDE_ANCHOR_UUID,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Missing anchor in override attributes.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose override_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose /* if there is no override for the given object, just store the DN of
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose * the object iself in the SYSDB_OVERRIDE_DN attribute to indicate
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose * that it was checked if an override exists and none was found. */
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose override_dn_str = ldb_dn_get_linearized(override_dn);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose if (override_dn_str == NULL || obj_dn_str == NULL) {
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_get_linearized failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_search_entry(tmp_ctx, domain->sysdb, obj_dn, LDB_SCOPE_BASE,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Object to override does not exists.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Base searched returned more than one object.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose obj_override_dn = ldb_msg_find_attr_as_string(msgs[0], SYSDB_OVERRIDE_DN,
26a3d4f2ef35a088e4c5fc928290052c89a2ff43Sumit Bose /* obj_override_dn can either point to the object itself, i.e there is
352f4832324839d358235de1236090b1fd4ddc0fRené Genz * no override, or to a override object. This means it can change from
26a3d4f2ef35a088e4c5fc928290052c89a2ff43Sumit Bose * the object DN to a override DN and back but not from one override
26a3d4f2ef35a088e4c5fc928290052c89a2ff43Sumit Bose * DN to a different override DN. If the new and the old DN are the
26a3d4f2ef35a088e4c5fc928290052c89a2ff43Sumit Bose * same we do not need to update the original object. */
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose if (strcmp(obj_override_dn, override_dn_str) != 0) {
26a3d4f2ef35a088e4c5fc928290052c89a2ff43Sumit Bose "Existing [%s] and new [%s] override DN do not match.\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_delete(domain->sysdb->ldb, override_dn);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "ldb_delete failed, maybe object did not exist. Ignoring.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_get_string(attrs, SYSDB_NAME, &name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = add_name_and_aliases_for_name_override(domain, attrs, false,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "add_name_and_aliases_for_name_override failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose msg->elements = talloc_array(msg, struct ldb_message_element,
b52b26176c92f3b06dba5598428c70c0cde13fd1Sumit Bose /* Set num_values to 1 because by default user and group overrides
b52b26176c92f3b06dba5598428c70c0cde13fd1Sumit Bose * use the same attribute name for the GID and this cause SSSD
b52b26176c92f3b06dba5598428c70c0cde13fd1Sumit Bose * machinery to add the same value twice */
b52b26176c92f3b06dba5598428c70c0cde13fd1Sumit Bose && strcmp(attrs->a[c].name, SYSDB_GIDNUM) == 0) {
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected object type.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OVERRIDE_OBJECT_DN, LDB_FLAG_MOD_ADD,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_OVERRIDE_OBJECT_DN, obj_dn_str);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Failed to store override entry: %s(%d)[%s]\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_OVERRIDE_DN, override_dn_str);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Failed to store override DN: %s(%d)[%s]\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_transaction_commit(domain->sysdb->ldb);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bosestatic errno_t safe_original_attributes(struct sss_domain_info *domain,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_obj, obj_dn,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Original object not found.\n");
a02a5ed51178b2cbede0396d66aed716b8898096René Genz /* Safe original values in attributes prefixed by OriginalAD. */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose el = ldb_msg_find_element(orig_obj->msgs[0], allowed_attrs[c]);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose orig_attr_name = talloc_asprintf(tmp_ctx, "%s%s",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "sysdb_attrs_add_val failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "Original object does not have [%s] set.\n",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose /* Add existing aliases to new ones */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_NAME_ALIAS);
a02a5ed51178b2cbede0396d66aed716b8898096René Genz /* To avoid issue with ldb_modify if e.g. the original and the
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose * override name are the same, we use the *_safe version here. */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_val_safe(attrs, SYSDB_NAME_ALIAS,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Boseerrno_t sysdb_apply_default_override(struct sss_domain_info *domain,
d0d3631242178f0b6fccf08baeca1a57f28771faFabiano Fidêncio struct ldb_message_element el_del = { 0, SYSDB_SSH_PUBKEY, 0, NULL };
d0d3631242178f0b6fccf08baeca1a57f28771faFabiano Fidêncio struct sysdb_attrs del_attrs = { 1, &el_del };
145578006684481434ced78461ab8d1c3570f478Sumit Bose /* nothing to do */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_get_el_ext(override_attrs, allowed_attrs[c], false,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose if (el->values[0].data[el->values[0].length] != '\0') {
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "String attribute does not end with \\0.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = add_name_and_aliases_for_name_override(domain, attrs,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "add_name_and_aliases_for_name_override failed.\n");
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose /* Only SYSDB_SSH_PUBKEY and SYSDB_USER_CERT are allowed to
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose * have multiple values. */
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose if (strcmp(allowed_attrs[c], SYSDB_SSH_PUBKEY) != 0
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose && strcmp(allowed_attrs[c], SYSDB_USER_CERT) != 0
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "Override attribute for [%s] has more [%zd] " \
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "than one value, using only the first.\n",
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose if (strcmp(allowed_attrs[c], SYSDB_USER_CERT) == 0) {
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose /* Certificates in overrides are explicitly used to map
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose * users to certificates, so we add them to
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose * SYSDB_USER_MAPPED_CERT as well. */
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose "sysdb_new_attrs failed.\n");
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose for (d = 0; d < num_values; d++) {
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose ret = sysdb_attrs_add_val(attrs, allowed_attrs[c],
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "sysdb_attrs_add_val failed.\n");
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose "sysdb_attrs_add_val failed.\n");
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "Override [%s] with [%.*s] for [%s].\n",
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose el->values[d].data, ldb_dn_get_linearized(obj_dn));
d0d3631242178f0b6fccf08baeca1a57f28771faFabiano Fidêncio if (strcmp(allowed_attrs[c], SYSDB_SSH_PUBKEY) == 0) {
d0d3631242178f0b6fccf08baeca1a57f28771faFabiano Fidêncio ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, &del_attrs,
d0d3631242178f0b6fccf08baeca1a57f28771faFabiano Fidêncio "sysdb_set_entry_attr failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_el_ext failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = safe_original_attributes(domain, attrs, obj_dn, allowed_attrs);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "safe_original_attributes failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, attrs, SYSDB_MOD_REP);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n");
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, mapped_attrs,
2e5fc89ef25434fab7febe2c52e97ef989b50d5bSumit Bose "sysdb_set_entry_attr failed, ignored.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose#define SYSDB_USER_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose#define SYSDB_USER_UID_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")("SYSDB_UIDNUM"=%lu))"
352f4832324839d358235de1236090b1fd4ddc0fRené Genz#define SYSDB_USER_CERT_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")%s)"
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose#define SYSDB_GROUP_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_GROUP_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose#define SYSDB_GROUP_GID_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_GROUP_CLASS")("SYSDB_GIDNUM"=%lu))"
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Boseerrno_t sysdb_search_override_by_cert(TALLOC_CTX *mem_ctx,
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose const char *cert,
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose const char **attrs,
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
b341ee51cffd98b642b9c68a417f8a7504e303a1Sumit Bose ret = sss_cert_derb64_to_ldap_filter(tmp_ctx, cert, SYSDB_USER_CERT, NULL,
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_cert_derb64_to_ldap_filter failed.\n");
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &override_res, base_dn,
352f4832324839d358235de1236090b1fd4ddc0fRené Genz LDB_SCOPE_SUBTREE, attrs, SYSDB_USER_CERT_OVERRIDE_FILTER,
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "No user override found for cert [%s].\n",
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose "Found more than one override for cert [%s].\n", cert);
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose orig_obj_dn = ldb_msg_find_attr_as_string(override_res->msgs[0],
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose "Missing link to original object in override [%s].\n",
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose ldb_dn_get_linearized(override_res->msgs[0]->dn));
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose base_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, orig_obj_dn);
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_res, base_dn,
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose *override_obj = talloc_steal(mem_ctx, override_res);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bosestatic errno_t sysdb_search_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina const char **attrs,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
da1fd52202cffa3260470565b74af885a466cb00Jakub Hrozek ret = sss_filter_sanitize_for_dom(tmp_ctx, name, domain,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize_for_dom failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &override_res, base_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "No user override found for name [%s].\n",
e087497ad7648e81a1b4d0752e07c2fb6fcfe2b1Pavel Reichl "Found more than one override for name [%s].\n", name);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose orig_obj_dn = ldb_msg_find_attr_as_string(override_res->msgs[0],
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Missing link to original object in override [%s].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ldb_dn_get_linearized(override_res->msgs[0]->dn));
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose base_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, orig_obj_dn);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_res, base_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose *override_obj = talloc_steal(mem_ctx, override_res);
727d46f4dace666c809310b3f685eef387023f65Pavel Březinaerrno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina const char **attrs,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březinaerrno_t sysdb_search_group_override_attrs_by_name(TALLOC_CTX *mem_ctx,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina const char **attrs,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_search_user_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_search_group_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bosestatic errno_t sysdb_search_override_by_id(TALLOC_CTX *mem_ctx,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose unsigned long int id,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose static const char *user_attrs[] = SYSDB_PW_ATTRS;
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected override object type [%d].\n",
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &override_res, base_dn,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose "No user override found for %s with id [%lu].\n",
e087497ad7648e81a1b4d0752e07c2fb6fcfe2b1Pavel Reichl "Found more than one override for id [%lu].\n", id);
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose orig_obj_dn = ldb_msg_find_attr_as_string(override_res->msgs[0],
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose "Missing link to original object in override [%s].\n",
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose ldb_dn_get_linearized(override_res->msgs[0]->dn));
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose base_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, orig_obj_dn);
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_res, base_dn,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose *override_obj = talloc_steal(mem_ctx, override_res);
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Boseerrno_t sysdb_search_user_override_by_uid(TALLOC_CTX *mem_ctx,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose return sysdb_search_override_by_id(mem_ctx, domain, uid, OO_TYPE_USER,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Boseerrno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose return sysdb_search_override_by_id(mem_ctx, domain, gid, OO_TYPE_GROUP,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @brief Add override data to the original object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @param[in] domain Domain struct, needed to access the cache
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @oaram[in] obj The original object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @param[in] override_obj The object with the override data, may be NULL
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose * @param[in] req_attrs List of attributes to be requested, if not set a
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose * default list dependig on the object type will be used
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return EOK - Override data was added successfully
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return ENOMEM - There was insufficient memory to complete the operation
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return ENOENT - The original object did not have the SYSDB_OVERRIDE_DN
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * attribute or the value of the attribute points an object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * which does not exists. Both conditions indicate that the
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * cache must be refreshed.
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose const char **req_attrs)
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *user_attrs[] = SYSDB_PW_ATTRS;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose {SYSDB_SSH_PUBKEY, OVERRIDE_PREFIX SYSDB_SSH_PUBKEY},
6cb34580ee6e9e2c9190b77b10db8a3c43e3c9c8Sumit Bose {SYSDB_USER_CERT, OVERRIDE_PREFIX SYSDB_USER_CERT},
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose override_dn_str = ldb_msg_find_attr_as_string(obj,
a8d31510d12af6ee39fb3e1e13f3a4f6bdef33c1Pavel Březina /* LOCAL view doesn't have to have overrideDN specified. */
d5e26a3ec3fa1f217f0afd045a03b29d4f88fe1dPavel Březina "Missing override DN for object [%s].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose override_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, override_dn_str);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Object [%s] has no overrides.\n",
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose /* No UID hence group object */
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, override_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "Override object [%s] does not exists.\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Base search for override object returned [%d] results.\n",
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose tmp_el = ldb_msg_find_element(override, attr_map[c].attr);
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose ret = ldb_msg_add_steal_value(obj, attr_map[c].new_attr,
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_value failed.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Boseerrno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose static const char *member_attrs[] = SYSDB_PW_ATTRS;
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose ret = sysdb_get_user_members_recursively(tmp_ctx, domain, obj->dn,
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose "sysdb_get_user_members_recursively failed.\n");
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose if (ldb_msg_find_attr_as_uint64(res_members->msgs[c],
fbcdc08722aa8ed17c4b114e01fbb37c02cfb2feSumit Bose /* Skip non-POSIX-user members i.e. groups and non-POSIX users */
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose override_dn_str = ldb_msg_find_attr_as_string(res_members->msgs[c],
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose override_dn_str = ldb_dn_get_linearized(res_members->msgs[c]->dn);
9571c9ba5ee7f8aad24e9dec6c44ce21688fa044Pavel Březina /* LOCAL view doesn't have to have overrideDN specified. */
d5e26a3ec3fa1f217f0afd045a03b29d4f88fe1dPavel Březina "Missing override DN for object [%s].\n",
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose ldb_dn_get_linearized(res_members->msgs[c]->dn));
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose override_dn = ldb_dn_new(res_members, domain->sysdb->ldb,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose orig_name = ldb_msg_find_attr_as_string(res_members->msgs[c],
fbcdc08722aa8ed17c4b114e01fbb37c02cfb2feSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n",
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose ldb_dn_get_linearized(res_members->msgs[c]->dn));
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose /* start with default view name, if it exists or use NULL */
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose memberuid = ldb_msg_find_attr_as_string(res_members->msgs[c],
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose /* If there is an override object, check if the name is overridden */
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose if (ldb_dn_compare(res_members->msgs[c]->dn, override_dn) != 0) {
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Checking override for object [%s].\n",
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose ldb_dn_get_linearized(res_members->msgs[c]->dn));
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose ret = ldb_search(domain->sysdb->ldb, res_members, &override_obj,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose override_dn, LDB_SCOPE_BASE, member_attrs, NULL);
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose "Base search for override object returned [%d] results.\n",
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose memberuid = ldb_msg_find_attr_as_string(override_obj->msgs[0],
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose /* add domain name if memberuid is a short name */
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose if (memberuid != NULL && strchr(memberuid, '@') == NULL) {
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose ret = sss_parse_internal_fqname(tmp_ctx, orig_name,
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose "sss_parse_internal_fqname failed to split [%s].\n",
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose orig_dom = find_domain_by_name(get_domains_head(domain),
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose "Cannot find domain with name [%s].\n",
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose memberuid = sss_create_internal_fqname(tmp_ctx, memberuid,
1594701fbdc341069e11cff9a85e7a795e52db3dSumit Bose "sss_create_internal_fqname failed.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "No override name available.\n");
fbcdc08722aa8ed17c4b114e01fbb37c02cfb2feSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
fbcdc08722aa8ed17c4b114e01fbb37c02cfb2feSumit Bose ret = ldb_msg_add_string(obj, OVERRIDE_PREFIX SYSDB_MEMBERUID, val);
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
fbcdc08722aa8ed17c4b114e01fbb37c02cfb2feSumit Bose DEBUG(SSSDBG_TRACE_ALL, "Added [%s] to [%s].\n", memberuid,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bosesss_view_ldb_msg_find_element(struct sss_domain_info *dom,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose override_attr_name = talloc_asprintf(tmp_ctx, "%s%s", OVERRIDE_PREFIX,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_element(msg, override_attr_name);
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Boseuint64_t sss_view_ldb_msg_find_attr_as_uint64(struct sss_domain_info *dom,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose override_attr_name = talloc_asprintf(tmp_ctx, "%s%s", OVERRIDE_PREFIX,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose if (ldb_msg_find_element(msg, override_attr_name) != NULL) {
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_attr_as_uint64(msg, override_attr_name,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_attr_as_uint64(msg, attr_name, default_value);
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Boseconst char *sss_view_ldb_msg_find_attr_as_string(struct sss_domain_info *dom,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose override_attr_name = talloc_asprintf(tmp_ctx, "%s%s", OVERRIDE_PREFIX,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose if (ldb_msg_find_element(msg, override_attr_name) != NULL) {
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_attr_as_string(msg, override_attr_name,