sdap_async_users.c revision cdb74b2cc6cc3fe52969712907c9eb4026c7a44f
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina Async LDAP Helper routines - retrieving users
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina Copyright (C) Simo Sorce <ssorce@redhat.com> - 2009
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina Copyright (C) 2010, Ralf Haferkamp <rhafer@suse.de>, Novell Inc.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina Copyright (C) Jan Zeleny <jzeleny@redhat.com> - 2011
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina This program is free software; you can redistribute it and/or modify
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina it under the terms of the GNU General Public License as published by
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina the Free Software Foundation; either version 3 of the License, or
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina (at your option) any later version.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina This program is distributed in the hope that it will be useful,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina GNU General Public License for more details.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina You should have received a copy of the GNU General Public License
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic void make_realm_upper_case(const char *upn)
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina DEBUG(SSSDBG_TRACE_ALL, "No realm delimiter found in upn [%s].\n", upn);
60a715a0dd79873d2d2607eab8fdfaf0ffd2e7d3Hristo Venev while(*(++c) != '\0') {
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina/* ==Save-User-Entry====================================================== */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinasdap_get_idmap_primary_gid(struct sdap_options *opts,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_PRIMARY_GROUP].sys_name,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, "no primary group ID provided\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* The primary group ID is just the RID part of the objectSID
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * of the group. Generate the GID by adding this to the domain
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* First, get the domain SID if we didn't do so above */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_idmap_get_dom_sid_from_object(tmpctx, sid_str,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Could not parse domain SID from [%s]\n", sid_str);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Add the RID to the end */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina group_sid_str = talloc_asprintf(tmpctx, "%s-%lu", dom_sid_str,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina (unsigned long) primary_gid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Convert the SID into a UNIX group ID */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, group_sid_str, &gid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic errno_t sdap_set_non_posix_flag(struct sysdb_attrs *attrs,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Failed to add a zero ID to a non-posix object!\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_bool(attrs, SYSDB_POSIX, false);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Error: Failed to mark objects as non-posix!\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic int sdap_user_set_mpg(struct sysdb_attrs *user_attrs,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* The original entry had no GID number. This is OK, we just won't add
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * the SYSDB_PRIMARY_GROUP_GIDNUM attribute
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_uint32 failed.\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* We won't really store gidNumber=0, but the zero value tells
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * the sysdb layer that no GID is set, which sysdb requires for
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * MPG-enabled domains
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina/* FIXME: support storing additional attributes */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina const char *pwd;
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Always store SID string if available */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_attrs_get_sid_str(tmpctx, opts->idmap_ctx, attrs,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_OBJECTSID].sys_name,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user_attrs, SYSDB_SID_STR, sid_str);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, "Could not add SID string: [%s]\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_ALL, "objectSID: not available for user\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, "Could not identify objectSID: [%s]\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Always store UUID if available */
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina ret = sysdb_handle_original_uuid(opts->user_map[SDAP_AT_USER_UUID].def_name,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG((ret == ENOENT) ? SSSDBG_TRACE_ALL : SSSDBG_MINOR_FAILURE,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Failed to retrieve UUID [%d][%s].\n", ret, sss_strerror(ret));
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina /* If this object has a SID available, we will determine the correct
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * domain by its SID. */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina subdomain = find_domain_by_sid(get_domains_head(dom), sid_str);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "SID %s does not belong to any known "
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_get_user_primary_name(memctx, opts, attrs, dom, &user_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Failed to get user name\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Processing user %s\n", user_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_FULLNAME].sys_name, &fullname);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user_attrs, SYSDB_FULLNAME, fullname);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_PWD].sys_name, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_GECOS].sys_name, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina else gecos = (const char *)el->values[0].data;
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Fall back to the user's full name */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_FULLNAME].sys_name, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina if (el->num_values > 0) gecos = (const char *)el->values[0].data;
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_HOME].sys_name, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina else homedir = (const char *)el->values[0].data;
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_SHELL].sys_name, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina else shell = (const char *)el->values[0].data;
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Retrieve or map the UID as appropriate */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, "SID not available, cannot map a " \
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Mapping user [%s] objectSID [%s] to unix ID\n", user_name, sid_str);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Convert the SID into a UNIX user ID */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str, &uid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Skipping built-in object.\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Store the UID in the ldap_attrs so it doesn't get
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * treated as a missing attribute from LDAP and removed.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_replace_id(attrs, SYSDB_UIDNUM, uid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Cannot set the id-mapped UID\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina if (ret == ENOENT && dom->type == DOM_TYPE_APPLICATION) {
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Marking object as non-posix and setting ID=0!\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Cannot retrieve UID for [%s] in domain [%s].\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* check that the uid is valid for this domain if the user is a POSIX one */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina if (is_posix == true && OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "User [%s] filtered out! (uid out of range)\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_get_idmap_primary_gid(opts, attrs, sid_str, dom_sid_str,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Cannot get the GID for [%s] in domain [%s].\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* For subdomain users, only create the private group as
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * the subdomain is an MPG domain.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * But we have to save the GID of the original primary group
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * becasuse otherwise this information might be lost because
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * typically (Unix and AD) the user is not listed in his primary
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * group as a member.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Store the GID in the ldap_attrs so it doesn't get
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * treated as a missing attribute from LDAP and removed.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_uint32(attrs, SYSDB_GIDNUM, gid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Likewise, if a domain is set to contain 'magic private groups', do
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * not process the real GID, but save it in the cache as originalGID
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * (if available)
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Missing GID, won't save the %s attribute\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Store the UID as GID (since we're in a MPG domain so that it doesn't
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * get treated as a missing attribute and removed
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_replace_id(attrs, SYSDB_GIDNUM, uid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Cannot set the id-mapped UID\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Cannot retrieve GID, won't save the %s attribute\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "sdap_user_set_mpg failed [%d]: %s\n", ret, sss_strerror(ret));
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina if (ret == ENOENT && dom->type == DOM_TYPE_APPLICATION) {
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Marking object as non-posix and setting ID=0!\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Cannot retrieve GID for [%s] in domain [%s].\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* check that the gid is valid for this domain */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina if (is_posix == true && IS_SUBDOMAIN(dom) == false
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina && OUT_OF_ID_RANGE(gid, dom->id_min, dom->id_max)) {
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "User [%s] filtered out! (primary gid out of range)\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "originalDN is not available for [%s].\n", user_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_INTERNAL, "Adding originalDN [%s] to attributes "
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN, orig_dn);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_get_el(attrs, SYSDB_MEMBEROF, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Original memberOf is not available for [%s].\n", user_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Adding original memberOf attributes to [%s].\n", user_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_MODSTAMP].sys_name,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "original mod-Timestamp",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_USN].sys_name, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Original USN value is not available for [%s].\n", user_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina usn_value = talloc_strdup(tmpctx, (const char*)el->values[0].data);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina opts->user_map[SDAP_AT_USER_PRINC].sys_name, &el);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "User principal is not available for [%s].\n", user_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina upn = talloc_strdup(tmpctx, (const char*) el->values[c].data);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Check for IPA Kerberos enterprise principal strings
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * 'user\@my.realm@IPA.REALM' and use 'user@my.realm' */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina upn = talloc_asprintf(tmpctx, "%s%s", upn, p1 + 1);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) {
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson "Adding user principal [%s] to attributes of [%s].\n",
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn);
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina for (i = SDAP_FIRST_EXTRA_USER_AT; i < opts->user_map_cnt; i++) {
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina ret = sdap_attrs_add_list(attrs, opts->user_map[i].sys_name,
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina ret = sdap_save_all_names(user_name, attrs, dom,
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Failed to save user names\n");
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina /* Make sure that any attributes we requested from LDAP that we
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina * did not receive are also removed from the sysdb
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina ret = list_missing_attrs(user_attrs, opts->user_map, opts->user_map_cnt,
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Storing info for user %s\n", user_name);
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina ret = sysdb_store_user(dom, user_name, pwd, uid, gid,
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina ret = sysdb_set_user_attr(dom, user_name, mapped_attrs, SYSDB_MOD_ADD);
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina *_usn_value = talloc_steal(memctx, usn_value);
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina "Failed to save user [%s]\n",
84060f52e782b079337ee7a99bb7ad17e8c84fbbPavel Březina/* ==Generic-Function-to-save-multiple-users============================= */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Nothing to do if there are no users */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_remove_mapped_data(dom, mapped_attrs);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sysdb_remove_mapped_data failed, "
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "some cached entries might contain invalid mapping data.\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina for (i = 0; i < num_users; i++) {
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_save_user(tmpctx, opts, dom, users[i], mapped_attrs,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Do not fail completely on errors.
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * Just report the failure to save and go on */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Failed to store user %d. Ignoring.\n", i);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_ALL, "User %d processed!\n", i);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina if ((strlen(usn_value) > strlen(higher_usn)) ||
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction!\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina *_usn_value = talloc_steal(memctx, higher_usn);
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson/* ==Search-Users-with-filter============================================= */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina const char **attrs;
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic errno_t sdap_search_user_next_base(struct tevent_req *req);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic void sdap_search_user_copy_batch(struct sdap_search_user_state *state,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic void sdap_search_user_process(struct tevent_req *subreq);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastruct tevent_req *sdap_search_user_send(TALLOC_CTX *memctx,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina const char **attrs,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina req = tevent_req_create(memctx, &state, struct sdap_search_user_state);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "User lookup request without a search base\n");
d0aae3c1e87e2e51ab178b7b343261443094a974Justin Stephensonstatic errno_t sdap_search_user_next_base(struct tevent_req *req)
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina state = tevent_req_data(req, struct sdap_search_user_state);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina state->filter = sdap_combine_filters(state, state->base_filter,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina state->search_bases[state->base_iter]->filter);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Searching for users with base [%s]\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina state->search_bases[state->base_iter]->basedn);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Only requests that can return multiple entries should require
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * the paging control
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina sizelimit = dp_opt_get_int(state->opts->basic, SDAP_WILDCARD_LIMIT);
d0aae3c1e87e2e51ab178b7b343261443094a974Justin Stephenson state->opts->user_map, state->opts->user_map_cnt,
64497d479e92ebc34717c20c3d017f1823f9e630Jakub Hrozek tevent_req_set_callback(subreq, sdap_search_user_process, req);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic void sdap_search_user_process(struct tevent_req *subreq)
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina struct tevent_req *req = tevent_req_callback_data(subreq,
d0aae3c1e87e2e51ab178b7b343261443094a974Justin Stephenson struct sdap_search_user_state *state = tevent_req_data(req,
64497d479e92ebc34717c20c3d017f1823f9e630Jakub Hrozek ret = sdap_get_and_parse_generic_recv(subreq, state,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina "Search for users, returned %zu results.\n", count);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina if (state->lookup_type == SDAP_LOOKUP_WILDCARD || \
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina state->lookup_type == SDAP_LOOKUP_ENUMERATE || \
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* No users found in this search or looking up multiple entries */
d0aae3c1e87e2e51ab178b7b343261443094a974Justin Stephenson /* Add this batch of users to the list */
d0aae3c1e87e2e51ab178b7b343261443094a974Justin Stephenson sdap_search_user_copy_batch(state, users, count);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* There are more search bases to try */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_INTERNAL, "Retrieved total %zu users\n", state->count);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* No more search bases
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina * Return ENOENT if no users were found
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic void sdap_search_user_copy_batch(struct sdap_search_user_state *state,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina /* Always copy all objects for wildcard lookups. */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina filter = state->lookup_type == SDAP_LOOKUP_SINGLE ? true : false;
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina copied = sdap_steal_objects_in_dom(state->opts,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinaint sdap_search_user_recv(TALLOC_CTX *memctx, struct tevent_req *req,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina char **higher_usn, struct sysdb_attrs ***users,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina struct sdap_search_user_state *state = tevent_req_data(req,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina *higher_usn = talloc_steal(memctx, state->higher_usn);
d0aae3c1e87e2e51ab178b7b343261443094a974Justin Stephenson/* ==Search-And-Save-Users-with-filter============================================= */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic void sdap_get_users_done(struct tevent_req *subreq);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastruct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina const char **attrs,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina req = tevent_req_create(memctx, &state, struct sdap_get_users_state);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
e547eb597ade731f49b679ce264bbfd907363ff8Lukas Slebodnik ret = sysdb_attrs_copy(mapped_attrs, state->mapped_attrs);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_copy failed.\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina subreq = sdap_search_user_send(state, ev, dom, opts, search_bases,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina tevent_req_set_callback(subreq, sdap_get_users_done, req);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinastatic void sdap_get_users_done(struct tevent_req *subreq)
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina struct tevent_req *req = tevent_req_callback_data(subreq,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina struct sdap_get_users_state *state = tevent_req_data(req,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sdap_search_user_recv(state, subreq, &state->higher_usn,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Failed to retrieve users [%d][%s].\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina PROBE(SDAP_SEARCH_USER_SAVE_BEGIN, state->filter);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina PROBE(SDAP_SEARCH_USER_SAVE_END, state->filter);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Failed to store users [%d][%s].\n",
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_TRACE_ALL, "Saving %zu Users - Done\n", state->count);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinaint sdap_get_users_recv(struct tevent_req *req,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina struct sdap_get_users_state *state = tevent_req_data(req,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina *usn_value = talloc_steal(mem_ctx, state->higher_usn);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina/* ==Fetch-Fallback-local-user============================================ */
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březinaerrno_t sdap_fallback_local_user(TALLOC_CTX *memctx,
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ua = talloc_array(memctx, struct sysdb_attrs *, 2);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user, SYSDB_NAME, pwd->pw_name);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user, SYSDB_PWD, pwd->pw_passwd);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_long(user, SYSDB_UIDNUM, (long)pwd->pw_uid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_long(user, SYSDB_GIDNUM, (long)pwd->pw_gid);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user, SYSDB_GECOS, pwd->pw_gecos);
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina ret = sysdb_attrs_add_string(user, SYSDB_HOMEDIR, pwd->pw_dir);