src/db/sysdb_idmap.c

817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher/*
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    SSSD
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    Authors:
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher        Stephen Gallagher <sgallagh@redhat.com>
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    Copyright (C) 2012 Red Hat
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    This program is free software; you can redistribute it and/or modify
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    it under the terms of the GNU General Public License as published by
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    the Free Software Foundation; either version 3 of the License, or
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    (at your option) any later version.
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    This program is distributed in the hope that it will be useful,
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    but WITHOUT ANY WARRANTY; without even the implied warranty of
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    GNU General Public License for more details.
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    You should have received a copy of the GNU General Public License
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    along with this program.  If not, see <http://www.gnu.org/licenses/>.
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher*/
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher#include "db/sysdb.h"
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher#include "db/sysdb_private.h"
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
9a7b6d3248c5aac460e164f2246b26131cfbc055Simo Sorcestatic struct ldb_dn *
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozeksysdb_idmap_dn(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain,
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek               const char *object_sid)
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher{
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    errno_t ret;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    char *clean_sid;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    struct ldb_dn *dn;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    ret = sysdb_dn_sanitize(NULL, object_sid, &clean_sid);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    if (ret != EOK) {
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher        return NULL;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    }
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(SSSDBG_TRACE_ALL, SYSDB_TMPL_IDMAP"\n", clean_sid, domain->name);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek    dn = ldb_dn_new_fmt(mem_ctx, domain->sysdb->ldb, SYSDB_TMPL_IDMAP,
9a7b6d3248c5aac460e164f2246b26131cfbc055Simo Sorce                        clean_sid, domain->name);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    talloc_free(clean_sid);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    return dn;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher}
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallaghererrno_t
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozeksysdb_idmap_store_mapping(struct sss_domain_info *domain,
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher                          const char *dom_name,
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher                          const char *dom_sid,
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher                          id_t slice_num)
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher{
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    errno_t ret, sret;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    int lret;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    bool in_transaction = false;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    TALLOC_CTX *tmp_ctx;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    struct ldb_dn *dn;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    static const char *attrs[] = SYSDB_IDMAP_ATTRS;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    size_t count;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    struct ldb_message *update_msg;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    struct ldb_message **msgs;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    const char *old_name;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    id_t old_slice;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    tmp_ctx = talloc_new(NULL);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (!tmp_ctx) return ENOMEM;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek    dn = sysdb_idmap_dn(tmp_ctx, domain, dom_sid);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (!dn) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        ret = ENOMEM;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    update_msg = ldb_msg_new(tmp_ctx);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (!update_msg) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        ret = ENOMEM;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    update_msg->dn = dn;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek    ret = sysdb_transaction_start(domain->sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    in_transaction = true;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    /* Check for an existing mapping */
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek    ret = sysdb_search_entry(tmp_ctx, domain->sysdb, dn, LDB_SCOPE_BASE,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                             NULL, attrs, &count, &msgs);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret != EOK && ret != ENOENT) goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret == EOK && count != 1) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* More than one reply for a base search? */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        ret = EIO;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    } else if (ret == ENOENT) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Create a new mapping */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        DEBUG(SSSDBG_CONF_SETTINGS,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov              "Adding new ID mapping [%s][%s][%lu]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov               dom_name, dom_sid, (unsigned long)slice_num);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Add the objectClass */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_empty(update_msg, SYSDB_OBJECTCLASS,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 LDB_FLAG_MOD_ADD,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 NULL);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_string(update_msg, SYSDB_OBJECTCLASS,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                  SYSDB_IDMAP_MAPPING_OC);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Add the domain objectSID */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_empty(update_msg, SYSDB_IDMAP_SID_ATTR,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 LDB_FLAG_MOD_ADD,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 NULL);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_string(update_msg, SYSDB_IDMAP_SID_ATTR, dom_sid);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Add the domain name */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_empty(update_msg, SYSDB_NAME,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 LDB_FLAG_MOD_ADD,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 NULL);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_string(update_msg, SYSDB_NAME, dom_name);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Add the slice number */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_empty(update_msg, SYSDB_IDMAP_SLICE_ATTR,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 LDB_FLAG_MOD_ADD,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                 NULL);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        lret = ldb_msg_add_fmt(update_msg, SYSDB_IDMAP_SLICE_ATTR,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                               "%lu", (unsigned long)slice_num);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek        lret = ldb_add(domain->sysdb->ldb, update_msg);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_MINOR_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "Failed to add mapping: [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                   ldb_strerror(lret));
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    } else {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Update the existing mapping */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Check whether the slice has changed
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek         * This should never happen, and it's a recipe for
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek         * disaster. We'll throw an error if it does.
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek         */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        old_slice = ldb_msg_find_attr_as_int(msgs[0],
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                             SYSDB_IDMAP_SLICE_ATTR,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                             -1);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (old_slice == -1) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "Could not identify original slice for SID [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                   dom_sid);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = ENOENT;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (slice_num != old_slice) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_FATAL_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "Detected attempt to change slice value for sid [%s] "
7486dea9f5f7b2a6fbbacc6db740a82140b6377cLukas Slebodnik                   "This will break existing users. Refusing to perform.\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                   dom_sid);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = EINVAL;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        /* Check whether the name has changed. This may happen
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek         * if we're told the real name of a domain and want to
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek         * replace the SID as placeholder.
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek         */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        old_name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (!old_name) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "Could not identify original domain name of SID [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                   dom_sid);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = ENOENT;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (strcmp(old_name, dom_name) == 0) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            /* There's nothing to be done. We don't need to
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek             * make any changes here. Just return success.
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek             */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_TRACE_LIBS,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "No changes needed, canceling transaction\n");
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = EOK;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        } else {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            /* The name has changed. Replace it */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_CONF_SETTINGS,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "Changing domain name of SID [%s] from [%s] to [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                   dom_sid, old_name, dom_name);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            /* Set the new name */
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            lret = ldb_msg_add_empty(update_msg, SYSDB_NAME,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                     LDB_FLAG_MOD_REPLACE,
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                                     NULL);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            lret = ldb_msg_add_string(update_msg, SYSDB_NAME, dom_name);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek                goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek        lret = ldb_modify(domain->sysdb->ldb, update_msg);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (lret != LDB_SUCCESS) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_MINOR_FAILURE,
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik                  "Failed to update mapping: [%s](%d)[%s]\n",
04d138472cc086fb7961f0d378852b09961b1a33Lukas Slebodnik                  ldb_strerror(lret), lret, ldb_errstring(domain->sysdb->ldb));
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            ret = sysdb_error_to_errno(lret);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek    ret = sysdb_transaction_commit(domain->sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret != EOK) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov              "Could not commit transaction: [%s]\n", strerror(ret));
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    in_transaction = false;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagherdone:
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (in_transaction) {
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek        sret = sysdb_transaction_cancel(domain->sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (sret != EOK) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov                  "Could not cancel transaction\n");
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    talloc_free(tmp_ctx);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    return ret;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher}
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallaghererrno_t
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallaghersysdb_idmap_get_mappings(TALLOC_CTX *mem_ctx,
9a7b6d3248c5aac460e164f2246b26131cfbc055Simo Sorce                         struct sss_domain_info *domain,
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher                         struct ldb_result **_result)
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher{
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    errno_t ret;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    struct ldb_dn *base_dn;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    TALLOC_CTX *tmp_ctx;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    struct ldb_result *res;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    static const char *attrs[] = SYSDB_IDMAP_ATTRS;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    tmp_ctx = talloc_new(NULL);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    if (!tmp_ctx) return ENOMEM;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov    DEBUG(SSSDBG_TRACE_ALL, SYSDB_TMPL_IDMAP_BASE"\n", domain->name);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
7d056853e4a5fe6daa5743e38d21b4493f4fca27Jakub Hrozek    base_dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
9a7b6d3248c5aac460e164f2246b26131cfbc055Simo Sorce                             SYSDB_TMPL_IDMAP_BASE, domain->name);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    if (!base_dn) {
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher        ret = ENOMEM;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher        goto done;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    }
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
a5b55bdfcda8bfce8cb2ced981773998093d7857Pavel Reichl    SSS_LDB_SEARCH(ret, domain->sysdb->ldb, tmp_ctx, &res, base_dn,
a5b55bdfcda8bfce8cb2ced981773998093d7857Pavel Reichl                   LDB_SCOPE_SUBTREE, attrs, SYSDB_IDMAP_FILTER);
a5b55bdfcda8bfce8cb2ced981773998093d7857Pavel Reichl    if (ret != EOK) {
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher        DEBUG(SSSDBG_MINOR_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov              "Could not locate ID mappings: [%s]\n",
a5b55bdfcda8bfce8cb2ced981773998093d7857Pavel Reichl              sss_strerror(ret));
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher        goto done;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    }
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    *_result = talloc_steal(mem_ctx, res);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    ret = EOK;
a5b55bdfcda8bfce8cb2ced981773998093d7857Pavel Reichl
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagherdone:
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    talloc_free(tmp_ctx);
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher    return ret;
817b1bcafff27cc67630dd0cbd36df708c05fcccStephen Gallagher}