sysdb_ops.c revision 16ef1ec0d10d24703351d02bbd7d0c2255da4359
/*
SSSD
System Database
Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "db/sysdb_private.h"
#include "util/sha512crypt.h"
#include <time.h>
{
int ret;
if (ret == LDB_SUCCESS) {
}
return ENOMEM;
}
{
int ret;
if (ret == LDB_SUCCESS) {
}
return ENOMEM;
}
{
long long int l;
if (!v || !v->data) {
return 0;
}
errno = 0;
if (errno) {
return (uint32_t)-1;
}
if (l < 0 || l > ((uint32_t)(-1))) {
return (uint32_t)-1;
}
return l;
}
#define ERROR_OUT(v, r, l) do { v = r; goto l; } while(0);
/* =Standard-Sysdb-Operations-utility-functions=========================== */
{
return EOK;
}
/* =Remove-Entry-From-Sysdb=============================================== */
bool ignore_not_found)
{
int ret;
switch (ret) {
case LDB_SUCCESS:
return EOK;
case LDB_ERR_NO_SUCH_OBJECT:
if (ignore_not_found) {
return EOK;
}
/* fall through */
default:
return sysdb_error_to_errno(ret);
}
}
/* =Remove-Subentries-From-Sysdb=========================================== */
bool ignore_not_found)
{
struct ldb_message **msgs;
int ret;
int i;
LDB_SCOPE_SUBTREE, "(distinguishedName=*)",
if (ret) {
return EOK;
}
return ret;
}
sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
for (i = 0; i < msgs_count; i++) {
if (ret) {
return ret;
}
}
return EOK;
}
/* =Search-Entry========================================================== */
int scope,
const char *filter,
const char **attrs,
struct ldb_message ***msgs)
{
struct ldb_result *res;
int ret;
if (ret) {
return sysdb_error_to_errno(ret);
}
return ENOENT;
}
return EOK;
}
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
int ret;
if (!tmpctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (ret) {
goto done;
}
done:
if (ret) {
}
return ret;
}
struct sss_domain_info *domain,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
char *filter;
int ret;
if (!tmpctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (!filter) {
goto done;
}
if (ret) {
goto done;
}
done:
if (ret) {
}
return ret;
}
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
int ret;
if (!tmpctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (ret) {
goto done;
}
done:
if (ret) {
}
return ret;
}
struct sss_domain_info *domain,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
char *filter;
int ret;
if (!tmpctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (!filter) {
goto done;
}
if (ret) {
goto done;
}
done:
if (ret) {
}
return ret;
}
/* =Replace-Attributes-On-Entry=========================================== */
struct sysdb_attrs *attrs,
int mod_op)
{
struct ldb_message *msg;
int i, ret;
return EINVAL;
}
if (!msg) {
return ENOMEM;
}
goto fail;
}
}
fail:
if (ret) {
}
return ret;
}
/* =Replace-Attributes-On-User============================================ */
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
{
if (!dn) {
return ENOMEM;
}
}
/* =Replace-Attributes-On-Group=========================================== */
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
{
if (!dn) {
return ENOMEM;
}
}
/* =Get-New-ID============================================================ */
struct sss_domain_info *domain,
{
char *filter;
struct ldb_message **msgs;
struct ldb_message *msg;
int ret;
int i;
if (!tmpctx) {
return ENOMEM;
}
if (!base_dn) {
return ENOMEM;
}
if (ret) {
return ret;
}
switch (ret) {
case EOK:
goto done;
}
}
DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
goto done;
}
break;
case ENOENT:
/* looks like the domain is not initialized yet, use min_id */
break;
default:
goto done;
}
count = 0;
/* verify the id is actually really free.
* search all entries with id >= new_id and < max_id */
"(|(&(%s>=%u)(%s<=%u))(&(%s>=%u)(%s<=%u)))",
}
else {
"(|(%s>=%u)(%s>=%u))",
}
if (!filter) {
goto done;
}
switch (ret) {
/* if anything was found, find the maximum and increment past it */
case EOK:
for (i = 0; i < count; i++) {
}
}
}
new_id++;
/* check again we are not falling out of range */
DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
goto done;
}
break;
case ENOENT:
break;
default:
goto done;
}
count = 0;
/* finally store the new next id */
if (!msg) {
goto done;
}
if (ret) {
goto done;
}
done:
} else {
}
if (ret) {
}
return ret;
}
/* =Add-Basic-User-NO-CHECKS============================================== */
struct sss_domain_info *domain,
const char *name,
const char *gecos,
const char *homedir,
const char *shell)
{
struct ldb_message *msg;
int ret;
if (!msg) {
return ENOMEM;
}
/* user dn */
}
/* We set gecos to be the same as fullname on user creation,
* But we will not enforce coherency after that, it's up to
* admins to decide if they want to keep it in sync if they change
* one of the 2 */
}
}
}
/* creation time */
done:
if (ret) {
}
return ret;
}
/* =Add-User-Function===================================================== */
struct sss_domain_info *domain,
const char *name,
const char *gecos,
const char *homedir,
const char *shell,
struct sysdb_attrs *attrs,
int cache_timeout)
{
struct ldb_message *msg;
struct sysdb_attrs *id_attrs;
int ret;
if (gid != 0) {
DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n"));
return EINVAL;
}
}
return ERANGE;
}
return ERANGE;
}
if (!tmpctx) {
return ENOMEM;
}
/* In MPG domains you can't have groups with the same name as users,
* search if a group with the same name exists.
* Don't worry about users, if we try to add a user with the same
* name the operation will fail */
goto done;
}
}
/* check no other user with the same uid exist */
if (uid != 0) {
goto done;
}
}
/* try to add the user */
if (uid == 0) {
if (!id_attrs) {
goto done;
}
}
goto done;
}
if (!attrs) {
if (!attrs) {
goto done;
}
}
((cache_timeout) ?
(now + cache_timeout) : 0));
done:
if (ret) {
}
return ret;
}
/* =Add-Basic-Group-NO-CHECKS============================================= */
struct sss_domain_info *domain,
{
struct ldb_message *msg;
int ret;
if (!msg) {
return ENOMEM;
}
/* user dn */
}
/* creation time */
done:
if (ret) {
}
return ret;
}
/* =Add-Group-Function==================================================== */
struct sss_domain_info *domain,
struct sysdb_attrs *attrs,
int cache_timeout)
{
struct ldb_message *msg;
int ret;
return ERANGE;
}
if (!tmpctx) {
return ENOMEM;
}
/* In MPG domains you can't have groups with the same name as users,
* search if a group with the same name exists.
* Don't worry about users, if we try to add a user with the same
* name the operation will fail */
goto done;
}
}
/* check no other groups with the same gid exist */
if (gid != 0) {
goto done;
}
}
/* try to add the group */
if (gid == 0) {
if (!attrs) {
if (!attrs) {
goto done;
}
}
}
if (!attrs) {
if (!attrs) {
goto done;
}
}
((cache_timeout) ?
(now + cache_timeout) : 0));
done:
if (ret) {
}
return ret;
}
/* =Add-Or-Remove-Group-Memeber=========================================== */
/* mod_op must be either SYSDB_MOD_ADD or SYSDB_MOD_DEL */
int mod_op)
{
struct ldb_message *msg;
const char *dn;
int ret;
if (!msg) {
}
if (ret != LDB_SUCCESS) {
}
if (!dn) {
}
if (ret != LDB_SUCCESS) {
}
fail:
if (ret) {
}
return ret;
}
/* if one of the basic attributes is empty ("") as opposed to NULL,
* this will just remove it */
struct sss_domain_info *domain,
const char *name,
const char *pwd,
const char *gecos,
const char *homedir,
const char *shell,
struct sysdb_attrs *attrs,
{
struct ldb_message *msg;
int ret;
if (!tmpctx) {
return ENOMEM;
}
}
goto done;
}
/* users doesn't exist, turn into adding a user */
goto done;
}
/* the user exists, let's just replace attributes when set */
if (!attrs) {
if (!attrs) {
goto done;
}
}
if (uid) {
}
if (gid) {
}
}
if (gecos) {
}
if (homedir) {
}
if (shell) {
}
((cache_timeout) ?
(now + cache_timeout) : 0));
done:
if (ret) {
}
return ret;
}
/* this function does not check that all user members are actually present */
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
{
struct ldb_message *msg;
bool new_group = false;
int ret;
if (!tmpctx) {
return ENOMEM;
}
goto done;
}
new_group = true;
}
/* FIXME: use the remote modification timestamp to know if the
* group needs any update */
if (new_group) {
/* group doesn't exist, turn into adding a group */
goto done;
}
/* the group exists, let's just replace attributes when set */
if (!attrs) {
if (!attrs) {
goto done;
}
}
if (gid) {
}
((cache_timeout) ?
(now + cache_timeout) : 0));
done:
if (ret) {
}
return ret;
}
struct sss_domain_info *domain,
const char *group,
const char *user)
{
int ret;
if (!group_dn) {
return ENOMEM;
}
if (!user_dn) {
return ENOMEM;
}
return ret;
}
struct sss_domain_info *domain,
const char *group,
const char *user)
{
int ret;
if (!group_dn) {
return ENOMEM;
}
if (!user_dn) {
return ENOMEM;
}
return ret;
}
/* =Password-Caching====================================================== */
struct sss_domain_info *domain,
const char *username,
const char *password)
{
struct sysdb_attrs *attrs;
char *salt;
int ret;
if (!tmpctx) {
return ENOMEM;
}
if (ret) {
goto fail;
}
if (ret) {
goto fail;
}
if (!attrs) {
}
/* FIXME: should we use a different attribute for chache passwords ?? */
if (ret) {
goto fail;
}
return EOK;
fail:
if (ret) {
}
return ret;
}
/* = sysdb_check_handle ================== */
struct sysdb_check_handle_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
};
struct tevent_context *ev,
struct sysdb_handle *handle)
{
struct tevent_req *req;
struct tevent_req *subreq;
struct sysdb_check_handle_state *state;
return NULL;
}
return NULL;
}
} else {
}
return req;
}
if (!subreq) {
return req;
}
return req;
}
{
struct tevent_req);
struct sysdb_check_handle_state);
int ret;
if (ret) {
return;
}
return;
}
struct sysdb_handle **handle)
{
struct sysdb_check_handle_state);
return EOK;
}
/* =Custom Search================== */
struct sss_domain_info *domain,
const char *filter,
const char *subtree_name,
const char **attrs,
struct ldb_message ***msgs)
{
int ret;
return EINVAL;
}
return ENOMEM;
}
if (!ldb_dn_validate(basedn)) {
return EINVAL;
}
msgs_count, msgs);
return ret;
}
struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
const char **attrs,
struct ldb_message ***_msgs)
{
struct ldb_message **msgs;
int ret;
return EINVAL;
}
if (!tmpctx) {
return ENOMEM;
}
goto done;
}
if (!ldb_dn_validate(basedn)) {
goto done;
}
if (ret) {
goto done;
}
if (count > 1) {
goto done;
}
done:
return ret;
}
/* =Custom Store (replaces-existing-data)================== */
struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name,
struct sysdb_attrs *attrs)
{
size_t resp_count = 0;
struct ldb_message **resp;
struct ldb_message *msg;
struct ldb_message_element *el;
bool add_object = false;
int ret;
int i;
return EINVAL;
}
if (ret) {
return sysdb_error_to_errno(ret);
}
if (!tmpctx) {
goto done;
}
goto done;
}
add_object = true;
}
goto done;
}
goto done;
}
goto done;
}
if (add_object) {
} else {
} else {
}
}
}
if (add_object) {
} else {
}
if (ret != LDB_SUCCESS) {
}
done:
if (ret) {
} else {
}
return ret;
}
/* = Custom Delete======================================= */
struct sss_domain_info *domain,
const char *object_name,
const char *subtree_name)
{
int ret;
return EINVAL;
}
if (!tmpctx) {
return ENOMEM;
}
goto done;
}
switch (ret) {
case LDB_SUCCESS:
case LDB_ERR_NO_SUCH_OBJECT:
break;
default:
break;
}
done:
return ret;
}
/* = ASQ search request ======================================== */
struct sss_domain_info *domain,
const char *expression,
const char *asq_attribute,
const char **attrs,
struct ldb_message ***msgs)
{
struct ldb_request *ldb_req;
struct ldb_control **ctrl;
struct ldb_asq_control *asq_control;
struct ldb_result *res;
int ret;
if (!tmpctx) {
return ENOMEM;
}
goto fail;
}
goto fail;
}
if (asq_control == NULL) {
goto fail;
}
goto fail;
}
if (!res) {
return ENOMEM;
}
if (ret != LDB_SUCCESS) {
goto fail;
}
if (ret == LDB_SUCCESS) {
}
if (ret) {
goto fail;
}
return EOK;
fail:
return ret;
}
/* =Search-Users-with-Custom-Filter====================================== */
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs,
struct ldb_message ***msgs)
{
char *filter;
int ret;
if (!tmpctx) {
return ENOMEM;
}
if (!basedn) {
goto fail;
}
if (!filter) {
goto fail;
}
msgs_count, msgs);
if (ret) {
goto fail;
}
return EOK;
fail:
return ret;
}
/* =Delete-User-by-Name-OR-uid============================================ */
struct sysdb_delete_user_state {
struct tevent_context *ev;
struct sss_domain_info *domain;
const char *name;
struct sysdb_handle *handle;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
{
struct sysdb_delete_user_state *state;
if (!subreq) {
return req;
}
return req;
}
{
struct tevent_req);
struct sysdb_delete_user_state);
struct ldb_message *msg;
int ret;
return;
}
} else {
}
if (ret) {
return;
}
const char *name;
return;
}
/* this is not the entry we are looking for */
return;
}
}
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* =Search-Groups-with-Custom-Filter===================================== */
struct sysdb_search_groups_state {
struct tevent_context *ev;
struct sysdb_handle *handle;
struct sss_domain_info *domain;
const char *sub_filter;
const char **attrs;
struct ldb_message **msgs;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *sub_filter,
const char **attrs)
{
struct sysdb_search_groups_state *state;
int ret;
return NULL;
}
state->msgs_count = 0;
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct sysdb_search_groups_state);
char *filter;
int ret;
return;
}
if (!basedn) {
return;
}
if (!filter) {
return;
}
if (ret) {
return;
}
}
{
struct sysdb_search_groups_state);
return EOK;
}
/* =Delete-Group-by-Name-OR-gid=========================================== */
struct sysdb_delete_group_state {
struct tevent_context *ev;
struct sss_domain_info *domain;
const char *name;
struct sysdb_handle *handle;
};
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
{
struct sysdb_delete_group_state *state;
if (!subreq) {
return req;
}
return req;
}
{
struct tevent_req);
struct sysdb_delete_group_state);
struct ldb_message *msg;
int ret;
return;
}
} else {
}
if (ret) {
return;
}
const char *name;
return;
}
/* this is not the entry we are looking for */
return;
}
}
if (ret) {
return;
}
}
{
return sysdb_op_default_recv(req);
}
/* ========= Authentication against cached password ============ */
struct sysdb_cache_auth_state {
struct tevent_context *ev;
const char *name;
struct sss_domain_info *domain;
struct confdb_ctx *cdb;
struct sysdb_attrs *update_attrs;
struct sysdb_handle *handle;
};
struct ldb_message *ldb_msg,
{
int ret;
int failed_login_delay;
*delayed_until = -1;
"attempts.\n"));
return EIO;
}
return EIO;
}
"failed login delay [%d].\n", *failed_login_attempts,
if (failed_login_delay) {
"resetting failed_login_attempts.\n"));
*failed_login_attempts = 0;
} else {
*delayed_until = end;
return EACCES;
}
} else {
return EACCES;
}
}
}
return EOK;
}
struct tevent_context *ev,
struct sss_domain_info *domain,
const char *name,
struct confdb_ctx *cdb)
{
struct tevent_req *req;
struct tevent_req *subreq;
struct sysdb_cache_auth_state *state;
"lastCachedPasswordChange",
"accountExpires", SYSDB_FAILED_LOGIN_ATTEMPTS,
struct ldb_message *ldb_msg;
const char *userhash;
char *comphash;
int cred_expiration;
int ret;
int i;
return NULL;
}
goto done;
}
goto done;
}
goto done;
}
if (!domain->cache_credentials) {
goto done;
}
state->authentication_successful = false;
goto done;
}
/* Check offline_auth_cache_timeout */
0);
goto done;
}
if (cred_expiration) {
state->expire_date = 0;
goto done;
}
} else {
state->expire_date = 0;
}
&state->delayed_until);
goto done;
}
/* TODO: verify user account (disabled, expired ...) */
goto done;
}
goto done;
}
if (ret) {
goto done;
}
goto done;
}
/* TODO: probable good point for audit logging */
state->authentication_successful = true;
"but authentication is successful.\n"));
goto done;
}
"but authentication is successful.\n"));
goto done;
}
} else {
state->authentication_successful = false;
goto done;
}
goto done;
}
}
goto done;
}
return req;
done:
if (ret) {
} else {
}
return req;
}
{
int ret;
struct tevent_req);
struct sysdb_cache_auth_state);
goto done;
}
if (ret) {
if (!state->authentication_successful) {
goto done;
}
}
goto done;
}
return;
done:
if (state->authentication_successful) {
} else {
}
return;
}
{
int ret;
struct tevent_req);
struct sysdb_cache_auth_state);
}
if (state->authentication_successful) {
} else {
}
return;
}
time_t *delayed_until) {
struct sysdb_cache_auth_state);
}