sysdb_views.c revision ab355eced46b5f488ed62a79a7f2e5ac2b6a574c
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose System Database - View and Override related calls
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose Copyright (C) 2014 Sumit Bose <sbose@redhat.com>
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose This program is free software; you can redistribute it and/or modify
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose it under the terms of the GNU General Public License as published by
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose the Free Software Foundation; either version 3 of the License, or
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose (at your option) any later version.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose This program is distributed in the hope that it will be useful,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose GNU General Public License for more details.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose You should have received a copy of the GNU General Public License
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose/* In general is should not be possible that there is a view container without
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose * a view name set. But to be on the safe side we return both information
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose * separately. */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bosestatic errno_t sysdb_get_view_name_ex(TALLOC_CTX *mem_ctx,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose view_base_dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_VIEW_BASE);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = ldb_search(sysdb->ldb, tmp_ctx, &res, view_base_dn, LDB_SCOPE_BASE,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Base search returned [%d] results, "
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_VIEW_NAME,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose *_view_name = talloc_steal(mem_ctx, discard_const(tmp_str));
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Boseerrno_t sysdb_get_view_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose return sysdb_get_view_name_ex(mem_ctx, sysdb, view_name,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Boseerrno_t sysdb_update_view_name(struct sysdb_ctx *sysdb,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = sysdb_get_view_name_ex(tmp_ctx, sysdb, &tmp_str,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name_ex failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* view name already known, nothing to do */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "View name already in place.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* view name changed */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* not supported atm */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose "View name changed from [%s] to [%s]. NOT SUPPORTED.\n",
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_VIEW_BASE);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_VIEW_NAME, view_name);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_FATAL_FAILURE, "Failed to %s view container",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Boseadd_name_and_aliases_for_name_override(struct sss_domain_info *domain,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose fq_name = sss_tc_fqname(attrs, domain->names, domain, name_override);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_tc_fqname failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_add_lc_name_alias(attrs, fq_name);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "sysdb_attrs_add_lc_name_alias failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_DEFAULT_OVERRIDE_NAME,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_lc_name_alias failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_lc_name_alias(attrs, name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_lc_name_alias failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Boseerrno_t sysdb_store_override(struct sss_domain_info *domain,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose struct sysdb_attrs *attrs, struct ldb_dn *obj_dn)
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose const char *anchor;
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_get_string(attrs, SYSDB_OVERRIDE_ANCHOR_UUID,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Missing anchor in override attributes.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose override_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose /* if there is no override for the given object, just store the DN of
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose * the object iself in the SYSDB_OVERRIDE_DN attribute to indicate
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose * that it was checked if an override exists and none was found. */
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose override_dn_str = ldb_dn_get_linearized(override_dn);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose if (override_dn_str == NULL || obj_dn_str == NULL) {
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_get_linearized failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_search_entry(tmp_ctx, domain->sysdb, obj_dn, LDB_SCOPE_BASE,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Object to override does not exists.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Base searched returned more than one object.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose obj_override_dn = ldb_msg_find_attr_as_string(msgs[0], SYSDB_OVERRIDE_DN,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose if (strcmp(obj_override_dn, override_dn_str) != 0) {
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Existing [%s] and new [%s] override DN do not match.\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_delete(domain->sysdb->ldb, override_dn);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "ldb_delete failed, maybe object did not exist. Ignoring.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_get_string(attrs, SYSDB_NAME, &name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = add_name_and_aliases_for_name_override(domain, attrs, false,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "add_name_and_aliases_for_name_override failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose msg->elements = talloc_array(msg, struct ldb_message_element,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose /* TODO: add nameAlias for case-insentitive searches */
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected object type.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OVERRIDE_OBJECT_DN, LDB_FLAG_MOD_ADD,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_OVERRIDE_OBJECT_DN, obj_dn_str);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Failed to store override entry: %s(%d)[%s]\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OVERRIDE_DN, LDB_FLAG_MOD_ADD,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_OVERRIDE_DN, override_dn_str);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Failed to store override DN: %s(%d)[%s]\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_transaction_commit(domain->sysdb->ldb);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bosestatic errno_t safe_original_attributes(struct sss_domain_info *domain,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_obj, obj_dn,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Original object not found.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose /* Safe orginal values in attributes prefixed by OriginalAD. */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose el = ldb_msg_find_element(orig_obj->msgs[0], allowed_attrs[c]);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose orig_attr_name = talloc_asprintf(tmp_ctx, "%s%s",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "sysdb_attrs_add_val failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "Original object does not have [%s] set.\n",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose /* Add existing aliases to new ones */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_NAME_ALIAS);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose /* To avoid issue with ldb_modify if e.g. the orginal and the
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose * override name are the same, we use the *_safe version here. */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_val_safe(attrs, SYSDB_NAME_ALIAS,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Boseerrno_t sysdb_apply_default_override(struct sss_domain_info *domain,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_get_el_ext(override_attrs, allowed_attrs[c], false,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose if (el->values[0].data[el->values[0].length] != '\0') {
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "String attribute does not end with \\0.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = add_name_and_aliases_for_name_override(domain, attrs,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "add_name_and_aliases_for_name_override failed.\n");
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose /* Only SYSDB_SSH_PUBKEY is allowed to have multiple values. */
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose if (strcmp(allowed_attrs[c], SYSDB_SSH_PUBKEY) != 0
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "Override attribute for [%s] has more [%zd] " \
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "than one value, using only the first.\n",
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose for (d = 0; d < num_values; d++) {
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose ret = sysdb_attrs_add_val(attrs, allowed_attrs[c],
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "sysdb_attrs_add_val failed.\n");
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose "Override [%s] with [%.*s] for [%s].\n",
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose el->values[d].data, ldb_dn_get_linearized(obj_dn));
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_el_ext failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = safe_original_attributes(domain, attrs, obj_dn, allowed_attrs);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "safe_original_attributes failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, attrs, SYSDB_MOD_REP);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose#define SYSDB_USER_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose#define SYSDB_USER_UID_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")("SYSDB_UIDNUM"=%lu))"
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose#define SYSDB_GROUP_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_GROUP_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose#define SYSDB_GROUP_GID_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_GROUP_CLASS")("SYSDB_GIDNUM"=%lu))"
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bosestatic errno_t sysdb_search_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina const char **attrs,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose /* If this is a subdomain we need to use fully qualified names for the
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * search as well by default */
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose src_name = sss_get_domain_name(tmp_ctx, name, domain);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize_for_dom failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &override_res, base_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "No user override found for name [%s].\n",
e087497ad7648e81a1b4d0752e07c2fb6fcfe2b1Pavel Reichl "Found more than one override for name [%s].\n", name);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose orig_obj_dn = ldb_msg_find_attr_as_string(override_res->msgs[0],
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Missing link to original object in override [%s].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ldb_dn_get_linearized(override_res->msgs[0]->dn));
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose base_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, orig_obj_dn);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_res, base_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose *override_obj = talloc_steal(mem_ctx, override_res);
727d46f4dace666c809310b3f685eef387023f65Pavel Březinaerrno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina const char **attrs,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březinaerrno_t sysdb_search_group_override_attrs_by_name(TALLOC_CTX *mem_ctx,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina const char **attrs,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_search_user_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_search_group_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
727d46f4dace666c809310b3f685eef387023f65Pavel Březina return sysdb_search_override_by_name(mem_ctx, domain, name,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bosestatic errno_t sysdb_search_override_by_id(TALLOC_CTX *mem_ctx,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose unsigned long int id,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose static const char *user_attrs[] = SYSDB_PW_ATTRS;
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose const char **attrs;
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose const char *filter;
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected override object type [%d].\n",
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &override_res, base_dn,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose "No user override found for %s with id [%lu].\n",
e087497ad7648e81a1b4d0752e07c2fb6fcfe2b1Pavel Reichl "Found more than one override for id [%lu].\n", id);
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose orig_obj_dn = ldb_msg_find_attr_as_string(override_res->msgs[0],
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose "Missing link to original object in override [%s].\n",
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose ldb_dn_get_linearized(override_res->msgs[0]->dn));
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose base_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, orig_obj_dn);
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_res, base_dn,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose *override_obj = talloc_steal(mem_ctx, override_res);
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Boseerrno_t sysdb_search_user_override_by_uid(TALLOC_CTX *mem_ctx,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose return sysdb_search_override_by_id(mem_ctx, domain, uid, OO_TYPE_USER,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Boseerrno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
89b065cb85f57e80760ce4d4b1215b533e249e92Sumit Bose return sysdb_search_override_by_id(mem_ctx, domain, gid, OO_TYPE_GROUP,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @brief Add override data to the original object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @param[in] domain Domain struct, needed to access the cache
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @oaram[in] obj The original object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @param[in] override_obj The object with the override data, may be NULL
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose * @param[in] req_attrs List of attributes to be requested, if not set a
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose * default list dependig on the object type will be used
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return EOK - Override data was added successfully
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return ENOMEM - There was insufficient memory to complete the operation
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return ENOENT - The original object did not have the SYSDB_OVERRIDE_DN
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * attribute or the value of the attribute points an object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * which does not exists. Both conditions indicate that the
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * cache must be refreshed.
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose const char **req_attrs)
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *user_attrs[] = SYSDB_PW_ATTRS;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char **attrs;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *attr;
ab355eced46b5f488ed62a79a7f2e5ac2b6a574cSumit Bose {SYSDB_SSH_PUBKEY, OVERRIDE_PREFIX SYSDB_SSH_PUBKEY},
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose override_dn_str = ldb_msg_find_attr_as_string(obj,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Missing override DN for objext [%s].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose override_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, override_dn_str);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Object [%s] has no overrides.\n",
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose /* No UID hence group object */
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, override_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "Override object [%s] does not exists.\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Base search for override object returned [%d] results.\n",
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose tmp_el = ldb_msg_find_element(override, attr_map[c].attr);
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose ret = ldb_msg_add_steal_value(obj, attr_map[c].new_attr,
1a9f66352070d71a6b998c5afbc268ba6fddc51cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_value failed.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Boseerrno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose static const char *member_attrs[] = SYSDB_PW_ATTRS;
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose members = ldb_msg_find_element(obj, SYSDB_MEMBER);
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose if (members == NULL || members->num_values == 0) {
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Group has no members.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose member_dn = ldb_dn_from_ldb_val(tmp_ctx, domain->sysdb->ldb,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_from_ldb_val failed.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose ret = ldb_search(domain->sysdb->ldb, member_dn, &member_obj, member_dn,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose "Base search for member object returned [%d] results.\n",
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose override_dn_str = ldb_msg_find_attr_as_string(member_obj->msgs[0],
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose "Missing override DN for objext [%s].\n",
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose override_dn = ldb_dn_new(member_obj, domain->sysdb->ldb,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose if (ldb_dn_compare(member_obj->msgs[0]->dn, override_dn) != 0) {
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Checking override for object [%s].\n",
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose ret = ldb_search(domain->sysdb->ldb, member_obj, &override_obj,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose override_dn, LDB_SCOPE_BASE, member_attrs, NULL);
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose "Base search for override object returned [%d] results.\n",
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose memberuid = ldb_msg_find_attr_as_string(override_obj->msgs[0],
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "No override name available.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose memberuid = ldb_msg_find_attr_as_string(member_obj->msgs[0],
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Object [%s] has no name.\n",
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose ret = ldb_msg_add_string(obj, OVERRIDE_PREFIX SYSDB_MEMBERUID,
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose /* Free all temporary data of the current member to avoid memory usage
d2f4551519698809e73a029c49599e1f67e6bdd4Sumit Bose * spikes. All temporary data should be allocated below member_dn. */
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bosesss_view_ldb_msg_find_element(struct sss_domain_info *dom,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose override_attr_name = talloc_asprintf(tmp_ctx, "%s%s", OVERRIDE_PREFIX,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_element(msg, override_attr_name);
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Boseuint64_t sss_view_ldb_msg_find_attr_as_uint64(struct sss_domain_info *dom,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose override_attr_name = talloc_asprintf(tmp_ctx, "%s%s", OVERRIDE_PREFIX,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose if (ldb_msg_find_element(msg, override_attr_name) != NULL) {
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_attr_as_uint64(msg, override_attr_name,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_attr_as_uint64(msg, attr_name, default_value);
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Boseconst char *sss_view_ldb_msg_find_attr_as_string(struct sss_domain_info *dom,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose const char *val;
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose override_attr_name = talloc_asprintf(tmp_ctx, "%s%s", OVERRIDE_PREFIX,
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose if (ldb_msg_find_element(msg, override_attr_name) != NULL) {
ba88f3617e5a56bba19a0d65d35069d8e4d0c89cSumit Bose val = ldb_msg_find_attr_as_string(msg, override_attr_name,