sysdb_views.c revision d70023a7fa95c8c12683de965a76ec38a6234ae5
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose System Database - View and Override related calls
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose Copyright (C) 2014 Sumit Bose <sbose@redhat.com>
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose This program is free software; you can redistribute it and/or modify
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose it under the terms of the GNU General Public License as published by
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose the Free Software Foundation; either version 3 of the License, or
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose (at your option) any later version.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose This program is distributed in the hope that it will be useful,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose GNU General Public License for more details.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose You should have received a copy of the GNU General Public License
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose/* In general is should not be possible that there is a view container without
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose * a view name set. But to be on the safe side we return both information
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose * separately. */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bosestatic errno_t sysdb_get_view_name_ex(TALLOC_CTX *mem_ctx,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose view_base_dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_VIEW_BASE);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = ldb_search(sysdb->ldb, tmp_ctx, &res, view_base_dn, LDB_SCOPE_BASE,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Base search returned [%d] results, "
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_VIEW_NAME,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose *_view_name = talloc_steal(mem_ctx, discard_const(tmp_str));
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Boseerrno_t sysdb_get_view_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose return sysdb_get_view_name_ex(mem_ctx, sysdb, view_name,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Boseerrno_t sysdb_update_view_name(struct sysdb_ctx *sysdb,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = sysdb_get_view_name_ex(tmp_ctx, sysdb, &tmp_str,
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name_ex failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* view name already known, nothing to do */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "View name already in place.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* view name changed */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose /* not supported atm */
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose "View name changed from [%s] to [%s]. NOT SUPPORTED.\n",
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose msg->dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_VIEW_BASE);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_VIEW_NAME, view_name);
2ef62c64e7f07c8aced3f72850008ecb72860162Sumit Bose DEBUG(SSSDBG_FATAL_FAILURE, "Failed to %s view container",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Boseadd_name_and_aliases_for_name_override(struct sss_domain_info *domain,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose fq_name = sss_tc_fqname(attrs, domain->names, domain, name_override);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_tc_fqname failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_add_lc_name_alias(attrs, fq_name);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "sysdb_attrs_add_lc_name_alias failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_DEFAULT_OVERRIDE_NAME,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_lc_name_alias failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_lc_name_alias(attrs, name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_lc_name_alias failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Boseerrno_t sysdb_store_override(struct sss_domain_info *domain,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose struct sysdb_attrs *attrs, struct ldb_dn *obj_dn)
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose const char *anchor;
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_get_string(attrs, SYSDB_OVERRIDE_ANCHOR_UUID,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Missing anchor in override attributes.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose override_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose /* if there is no override for the given object, just store the DN of
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose * the object iself in the SYSDB_OVERRIDE_DN attribute to indicate
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose * that it was checked if an override exists and none was found. */
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose override_dn_str = ldb_dn_get_linearized(override_dn);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose if (override_dn_str == NULL || obj_dn_str == NULL) {
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_get_linearized failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_search_entry(tmp_ctx, domain->sysdb, obj_dn, LDB_SCOPE_BASE,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Object to override does not exists.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_entry failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Base searched returned more than one object.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose obj_override_dn = ldb_msg_find_attr_as_string(msgs[0], SYSDB_OVERRIDE_DN,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose if (strcmp(obj_override_dn, override_dn_str) != 0) {
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Existing [%s] and new [%s] override DN do not match.\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_delete(domain->sysdb->ldb, override_dn);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "ldb_delete failed, maybe object did not exist. Ignoring.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = sysdb_attrs_get_string(attrs, SYSDB_NAME, &name_override);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = add_name_and_aliases_for_name_override(domain, attrs, false,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "add_name_and_aliases_for_name_override failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose msg->elements = talloc_array(msg, struct ldb_message_element,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose /* TODO: add nameAlias for case-insentitive searches */
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected object type.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OVERRIDE_OBJECT_DN, LDB_FLAG_MOD_ADD,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_OVERRIDE_OBJECT_DN, obj_dn_str);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Failed to store override entry: %s(%d)[%s]\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_OVERRIDE_DN, LDB_FLAG_MOD_ADD,
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_empty failed.\n");
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_OVERRIDE_DN, override_dn_str);
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose "Failed to store override DN: %s(%d)[%s]\n",
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ldb_strerror(ret), ret, ldb_errstring(domain->sysdb->ldb));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
ca49ae1eee321751681e99f3ebe2547211db3bf6Sumit Bose ret = ldb_transaction_commit(domain->sysdb->ldb);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bosestatic errno_t safe_original_attributes(struct sss_domain_info *domain,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_obj, obj_dn,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Original object not found.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose /* Safe orginal values in attributes prefixed by OriginalAD. */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose el = ldb_msg_find_element(orig_obj->msgs[0], allowed_attrs[c]);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose orig_attr_name = talloc_asprintf(tmp_ctx, "%s%s",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "sysdb_attrs_add_val failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "Original object does not have [%s] set.\n",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose /* Add existing aliases to new ones */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose el = ldb_msg_find_element(orig_obj->msgs[0], SYSDB_NAME_ALIAS);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose /* To avoid issue with ldb_modify if e.g. the orginal and the
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose * override name are the same, we use the *_safe version here. */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_val_safe(attrs, SYSDB_NAME_ALIAS,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Boseerrno_t sysdb_apply_default_override(struct sss_domain_info *domain,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose /* TODO: add nameAlias for case-insentitive searches */
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_get_el_ext(override_attrs, allowed_attrs[c], false,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose if (el->values[0].data[el->values[0].length] != '\0') {
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "String attribute does not end with \\0.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = add_name_and_aliases_for_name_override(domain, attrs,
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose "add_name_and_aliases_for_name_override failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_attrs_add_val(attrs, allowed_attrs[c],
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Override [%s] with [%.*s] for [%s].\n",
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_el_ext failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = safe_original_attributes(domain, attrs, obj_dn, allowed_attrs);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "safe_original_attributes failed.\n");
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose ret = sysdb_set_entry_attr(domain->sysdb, obj_dn, attrs, SYSDB_MOD_REP);
9da27cbc7532f775afc411d809735760dd5294a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_entry_attr failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose#define SYSDB_USER_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_USER_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose#define SYSDB_GROUP_NAME_OVERRIDE_FILTER "(&(objectClass="SYSDB_OVERRIDE_GROUP_CLASS")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bosestatic errno_t sysdb_search_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *user_attrs[] = SYSDB_PW_ATTRS;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char **attrs;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *filter;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose /* If this is a subdomain we need to use fully qualified names for the
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * search as well by default */
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose src_name = sss_get_domain_name(tmp_ctx, name, domain);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_get_domain_name failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize_for_dom failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected override object type [%d].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &override_res, base_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "No user override found for name [%s].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Found more than one override for name [%s]\n.", name);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose orig_obj_dn = ldb_msg_find_attr_as_string(override_res->msgs[0],
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Missing link to original object in override [%s].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ldb_dn_get_linearized(override_res->msgs[0]->dn));
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose base_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, orig_obj_dn);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &orig_res, base_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose *override_obj = talloc_steal(mem_ctx, override_res);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_search_user_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose return sysdb_search_override_by_name(mem_ctx, domain, name, OO_TYPE_USER,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_search_group_override_by_name(TALLOC_CTX *mem_ctx,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *name,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose return sysdb_search_override_by_name(mem_ctx, domain, name, OO_TYPE_GROUP,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @brief Add override data to the original object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @param[in] domain Domain struct, needed to access the cache
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @oaram[in] obj The original object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @param[in] override_obj The object with the override data, may be NULL
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return EOK - Override data was added successfully
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return ENOMEM - There was insufficient memory to complete the operation
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * @return ENOENT - The original object did not have the SYSDB_OVERRIDE_DN
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * attribute or the value of the attribute points an object
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * which does not exists. Both conditions indicate that the
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose * cache must be refreshed.
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Boseerrno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *user_attrs[] = SYSDB_PW_ATTRS;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose static const char *group_attrs[] = SYSDB_GRSRC_ATTRS;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char **attrs;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose const char *attr;
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose override_dn_str = ldb_msg_find_attr_as_string(obj,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Missing override DN for objext [%s].\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose override_dn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, override_dn_str);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Object [%s] has no overrides.\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose uid = ldb_msg_find_attr_as_uint64(obj, SYSDB_UIDNUM, 0);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose /* No UID hence group object */
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, override_dn,
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_TRACE_FUNC, "Override object [%s] does not exists.\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose "Base search for override object returned [%d] results.\n",
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose tmp_str = ldb_msg_find_attr_as_string(override, attr_map[c].attr, NULL);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose ret = ldb_msg_add_string(obj, attr_map[c].new_attr, tmp_str);
d70023a7fa95c8c12683de965a76ec38a6234ae5Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add_string failed.\n");