sysdb_ops.c revision a5a4e5b4836fdd693bab6e1c7f9d633d1440447d
/*
SSSD
System Database
Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "db/sysdb_private.h"
#include "db/sysdb_services.h"
#include "db/sysdb_autofs.h"
#include "util/crypto/sss_crypto.h"
#include <time.h>
{
int ret;
if (ret == LDB_SUCCESS) {
}
return ENOMEM;
}
{
int ret;
if (ret == LDB_SUCCESS) {
}
return ENOMEM;
}
{
long long int l;
if (!v || !v->data) {
return 0;
}
errno = 0;
if (errno) {
return (uint32_t)-1;
}
if (l < 0 || l > ((uint32_t)(-1))) {
return (uint32_t)-1;
}
return l;
}
struct ldb_message *msg)
{
struct ldb_request *req;
msg,
NULL,
NULL,
NULL);
false, NULL);
if (ret != LDB_SUCCESS) {
return ret;
}
if (ret == LDB_SUCCESS) {
}
return ret;
}
#define ERROR_OUT(v, r, l) do { v = r; goto l; } while(0)
/* =Remove-Entry-From-Sysdb=============================================== */
bool ignore_not_found)
{
int ret;
switch (ret) {
case LDB_SUCCESS:
return EOK;
case LDB_ERR_NO_SUCH_OBJECT:
if (ignore_not_found) {
return EOK;
}
/* fall through */
default:
return sysdb_error_to_errno(ret);
}
}
/* =Remove-Subentries-From-Sysdb=========================================== */
bool ignore_not_found)
{
struct ldb_message **msgs;
int ret;
int i;
if (!tmp_ctx) {
return ENOMEM;
}
if (ret) {
goto done;
}
LDB_SCOPE_SUBTREE, "(distinguishedName=*)",
if (ret) {
}
if (ret) {
}
goto done;
}
sizeof(struct ldb_message *), compare_ldb_dn_comp_num);
for (i = 0; i < msgs_count; i++) {
if (ret) {
goto done;
}
}
done:
} else {
}
return ret;
}
/* =Search-Entry========================================================== */
int scope,
const char *filter,
const char **attrs,
struct ldb_message ***msgs)
{
struct ldb_result *res;
int ret;
if (ret) {
return sysdb_error_to_errno(ret);
}
return ENOENT;
}
return EOK;
}
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (ret) {
goto done;
}
done:
}
else if (ret) {
}
return ret;
}
struct sss_domain_info *domain,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (!filter) {
goto done;
}
/* Use SUBTREE scope here, not ONELEVEL
* There is a bug in LDB that makes ONELEVEL searches extremely
* slow (it ignores indexing)
*/
if (ret) {
goto done;
}
done:
}
else if (ret) {
}
return ret;
}
const char *name,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (ret) {
goto done;
}
done:
}
else if (ret) {
}
return ret;
}
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (!filter) {
goto done;
}
/* Use SUBTREE scope here, not ONELEVEL
* There is a bug in LDB that makes ONELEVEL searches extremely
* slow (it ignores indexing)
*/
if (ret) {
goto done;
}
done:
}
else if (ret) {
}
return ret;
}
/* =Search-Group-by-Name============================================ */
const char *name,
const char **attrs,
struct ldb_message **msg)
{
size_t msgs_count = 0;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto done;
}
if (ret) {
goto done;
}
done:
}
else if (ret) {
}
return ret;
}
/* =Replace-Attributes-On-Entry=========================================== */
struct sysdb_attrs *attrs,
int mod_op)
{
struct ldb_message *msg;
int i, ret;
int lret;
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
}
if (!msg) {
goto done;
}
goto done;
}
}
if (lret != LDB_SUCCESS) {
}
done:
}
else if (ret) {
}
return ret;
}
/* =Replace-Attributes-On-User============================================ */
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
{
if (!tmp_ctx) {
return ENOMEM;
}
if (!dn) {
goto done;
}
goto done;
}
done:
return ret;
}
/* =Replace-Attributes-On-Group=========================================== */
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
{
if (!tmp_ctx) {
goto done;
}
if (!dn) {
goto done;
}
if (ret) {
goto done;
}
done:
return ret;
}
/* =Replace-Attributes-On-Netgroup=========================================== */
const char *name,
struct sysdb_attrs *attrs,
int mod_op)
{
if (!tmp_ctx) {
return ENOMEM;
}
if (!dn) {
goto done;
}
done:
return ret;
}
/* =Get-New-ID============================================================ */
{
char *filter;
struct ldb_message **msgs;
struct ldb_message *msg;
int ret;
int i;
if (!tmp_ctx) {
return ENOMEM;
}
if (!base_dn) {
return ENOMEM;
}
if (ret) {
return ret;
}
switch (ret) {
case EOK:
goto done;
}
}
DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
goto done;
}
break;
case ENOENT:
/* looks like the domain is not initialized yet, use min_id */
break;
default:
goto done;
}
count = 0;
/* verify the id is actually really free.
* search all entries with id >= new_id and < max_id */
"(|(&(%s>=%u)(%s<=%u))(&(%s>=%u)(%s<=%u)))",
}
else {
"(|(%s>=%u)(%s>=%u))",
}
if (!filter) {
goto done;
}
switch (ret) {
/* if anything was found, find the maximum and increment past it */
case EOK:
for (i = 0; i < count; i++) {
}
}
}
new_id++;
/* check again we are not falling out of range */
DEBUG(0, ("Failed to allocate new id, out of range (%u/%u)\n",
goto done;
}
break;
case ENOENT:
break;
default:
goto done;
}
count = 0;
/* finally store the new next id */
if (!msg) {
goto done;
}
if (ret) {
goto done;
}
done:
} else {
}
if (ret) {
}
return ret;
}
/* =Add-Basic-User-NO-CHECKS============================================== */
const char *name,
const char *gecos,
const char *homedir,
const char *shell)
{
struct ldb_message *msg;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!msg) {
goto done;
}
/* user dn */
}
/* We set gecos to be the same as fullname on user creation,
* But we will not enforce coherency after that, it's up to
* admins to decide if they want to keep it in sync if they change
* one of the 2 */
}
}
}
/* creation time */
done:
if (ret) {
}
return ret;
}
static errno_t
struct ldb_message *group,
struct ldb_message_element *alias_el,
const char *name,
const char *orig_dn,
const char *userdn)
{
struct ldb_message *msg;
struct ldb_message_element *orig_members;
bool add_member = false;
int i;
if (!tmp_ctx) {
return ENOENT;
}
if (!msg) {
}
/* We have no way of telling which groups this user belongs to.
* Add it to all that reference it in the ghost attribute */
add_member = true;
} else {
add_member = false;
if (orig_members) {
for (i = 0; i < orig_members->num_values; i++) {
orig_dn) == 0) {
/* This is a direct member. Add the member attribute */
add_member = true;
}
}
} else {
/* Nothing to compare the originalDN with. Let's rely on the
* memberof plugin to do the right thing during initgroups..
*/
add_member = true;
}
}
if (add_member) {
}
/* Delete aliases from the ghost attribute as well */
for (i = 0; i < alias_el->num_values; i++) {
continue;
}
if (ret != LDB_SUCCESS) {
}
}
goto done;
}
done:
return ret;
}
static errno_t
const char *orig_dn,
struct sysdb_attrs *attrs,
const char *name)
{
struct ldb_message **groups;
struct ldb_message_element *alias_el;
const char *userdn;
char *filter;
size_t group_count = 0;
int i;
if (!tmp_ctx) {
return ENOENT;
}
if (!filter) {
goto done;
}
goto done;
}
for (i = 0; i < alias_el->num_values; i++) {
continue;
}
goto done;
}
}
goto done;
}
if (!tmpdn) {
}
if (!userdn) {
}
if (!tmpdn) {
goto done;
}
/* We need to find all groups that contain this object as a ghost user
* and replace the ghost user by actual member record in direct parents.
* Note that this object can be referred to either by its name or any
* of its aliases
*/
goto done;
}
for (i = 0; i < group_count; i++) {
}
done:
return ret;
}
/* =Add-User-Function===================================================== */
const char *name,
const char *gecos,
const char *homedir,
const char *shell,
const char *orig_dn,
struct sysdb_attrs *attrs,
int cache_timeout,
{
struct ldb_message *msg;
struct sysdb_attrs *id_attrs;
int ret;
if (gid != 0) {
DEBUG(0, ("Cannot add user with arbitrary GID in MPG domain!\n"));
return EINVAL;
}
}
return ERANGE;
}
return ERANGE;
}
if (!tmp_ctx) {
return ENOMEM;
}
if (ret) {
return ret;
}
/* In MPG domains you can't have groups with the same name as users,
* search if a group with the same name exists.
* Don't worry about users, if we try to add a user with the same
* name the operation will fail */
goto done;
}
}
/* check no other user with the same uid exist */
if (uid != 0) {
goto done;
}
}
/* try to add the user */
if (uid == 0) {
if (!id_attrs) {
goto done;
}
}
goto done;
}
if (!attrs) {
if (!attrs) {
goto done;
}
}
if (!now) {
}
((cache_timeout) ?
(now + cache_timeout) : 0));
/* remove all ghost users */
done:
} else {
}
return ret;
}
/* =Add-Basic-Group-NO-CHECKS============================================= */
{
struct ldb_message *msg;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!msg) {
goto done;
}
/* group dn */
}
/* creation time */
done:
if (ret) {
}
return ret;
}
/* =Add-Group-Function==================================================== */
struct sysdb_attrs *attrs,
int cache_timeout,
{
struct ldb_message *msg;
int ret;
bool posix;
return ERANGE;
}
if (!tmp_ctx) {
return ENOMEM;
}
if (ret) {
return ret;
}
/* In MPG domains you can't have groups with the same name as users,
* search if a group with the same name exists.
* Don't worry about users, if we try to add a user with the same
* name the operation will fail */
goto done;
}
}
/* check no other groups with the same gid exist */
if (gid != 0) {
goto done;
}
}
/* try to add the group */
if (!attrs) {
if (!attrs) {
goto done;
}
}
posix = true;
goto done;
}
}
if (!now) {
}
((cache_timeout) ?
(now + cache_timeout) : 0));
done:
} else {
}
return ret;
}
const char *name,
const char *original_dn,
bool posix,
{
int ret;
struct sysdb_attrs *attrs;
if (!tmp_ctx) {
return ENOMEM;
}
/* try to add the group */
if (!attrs) {
goto done;
}
if (!now) {
}
now-1);
if (original_dn) {
}
done:
}
return ret;
}
/* =Add-Or-Remove-Group-Memeber=========================================== */
/* mod_op must be either SYSDB_MOD_ADD or SYSDB_MOD_DEL */
int mod_op)
{
struct ldb_message *msg;
const char *dn;
int ret;
if (!msg) {
}
if (ret != LDB_SUCCESS) {
}
if (!dn) {
}
if (ret != LDB_SUCCESS) {
}
fail:
if (ret) {
}
return ret;
}
/* =Add-Basic-Netgroup-NO-CHECKS============================================= */
const char *name, const char *description)
{
struct ldb_message *msg;
int ret;
if (!msg) {
return ENOMEM;
}
/* netgroup dn */
}
if (description && *description) {
}
/* creation time */
done:
if (ret) {
}
return ret;
}
/* =Add-Netgroup-Function==================================================== */
const char *name,
const char *description,
struct sysdb_attrs *attrs,
char **missing,
int cache_timeout,
{
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (ret) {
return ret;
}
/* try to add the netgroup */
if (!attrs) {
if (!attrs) {
goto done;
}
}
if (!now) {
}
((cache_timeout) ?
(now + cache_timeout) : 0));
if (missing) {
missing);
}
}
done:
}
}
return ret;
}
/* if one of the basic attributes is empty ("") as opposed to NULL,
* this will just remove it */
const char *name,
const char *pwd,
const char *gecos,
const char *homedir,
const char *shell,
const char *orig_dn,
struct sysdb_attrs *attrs,
char **remove_attrs,
{
struct ldb_message *msg;
int ret;
bool in_transaction = false;
if (!tmp_ctx) {
return ENOMEM;
}
if (!attrs) {
if (!attrs) {
goto fail;
}
}
}
goto fail;
}
in_transaction = true;
goto fail;
}
/* get transaction timestamp */
if (!now) {
}
/* users doesn't exist, turn into adding a user */
/* This may be a user rename. If there is a user with the
* same UID, remove it and try to add the basic user again
*/
/* Not found by UID, return the original EEXIST,
* this may be a conflict in MPG domain or something
* else */
goto fail;
goto fail;
}
("A user with the same UID [%llu] was removed from the "
"cache\n", (unsigned long long) uid));
}
/* Handle the result of sysdb_add_user */
goto done;
} else {
goto fail;
}
}
/* the user exists, let's just replace attributes when set */
if (uid) {
}
if (gid) {
}
}
if (gecos) {
}
if (homedir) {
}
if (shell) {
}
((cache_timeout) ?
(now + cache_timeout) : 0));
if (remove_attrs) {
}
}
done:
goto fail;
}
in_transaction = false;
fail:
if (in_transaction) {
}
}
if (ret) {
}
return ret;
}
/* this function does not check that all user members are actually present */
const char *name,
struct sysdb_attrs *attrs,
{
struct ldb_message *msg;
bool new_group = false;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
}
new_group = true;
}
if (!attrs) {
if (!attrs) {
goto done;
}
}
/* get transaction timestamp */
if (!now) {
}
/* FIXME: use the remote modification timestamp to know if the
* group needs any update */
if (new_group) {
/* group doesn't exist, turn into adding a group */
/* This may be a group rename. If there is a group with the
* same GID, remove it and try to add the basic group again
*/
/* Not found by GID, return the original EEXIST,
* this may be a conflict in MPG domain or something
* else */
return EEXIST;
goto done;
}
("A group with the same GID [%llu] was removed from the "
"cache\n", (unsigned long long) gid));
}
goto done;
}
/* the group exists, let's just replace attributes when set */
if (gid) {
}
((cache_timeout) ?
(now + cache_timeout) : 0));
done:
if (ret) {
}
return ret;
}
static int
const char *group,
const char *member,
enum sysdb_member_type type,
int modify_op)
{
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (type == SYSDB_MEMBER_USER) {
} else if (type == SYSDB_MEMBER_GROUP) {
} else {
goto done;
}
if (!member_dn) {
goto done;
}
if (!group_dn) {
goto done;
}
done:
return ret;
}
const char *group,
const char *member,
enum sysdb_member_type type)
{
}
const char *group,
const char *member,
enum sysdb_member_type type)
{
}
/* =Password-Caching====================================================== */
const char *username,
const char *password)
{
struct sysdb_attrs *attrs;
char *salt;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (ret) {
goto fail;
}
if (ret) {
goto fail;
}
if (!attrs) {
}
/* FIXME: should we use a different attribute for chache passwords ?? */
if (ret) {
goto fail;
}
return EOK;
fail:
if (ret) {
}
return ret;
}
/* =Custom Search================== */
const char *filter,
const char *subtree_name,
const char **attrs,
struct ldb_message ***msgs)
{
int ret;
return EINVAL;
}
return ENOMEM;
}
if (!ldb_dn_validate(basedn)) {
return EINVAL;
}
msgs_count, msgs);
return ret;
}
const char *object_name,
const char *subtree_name,
const char **attrs,
struct ldb_message ***_msgs)
{
struct ldb_message **msgs;
int ret;
return EINVAL;
}
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
}
if (!ldb_dn_validate(basedn)) {
goto done;
}
if (ret) {
goto done;
}
if (count > 1) {
goto done;
}
done:
return ret;
}
/* =Custom Store (replaces-existing-data)================== */
const char *object_name,
const char *subtree_name,
struct sysdb_attrs *attrs)
{
size_t resp_count = 0;
struct ldb_message **resp;
struct ldb_message *msg;
struct ldb_message_element *el;
bool add_object = false;
int ret;
int i;
return EINVAL;
}
if (ret) {
return sysdb_error_to_errno(ret);
}
if (!tmp_ctx) {
goto done;
}
goto done;
}
add_object = true;
}
goto done;
}
goto done;
}
goto done;
}
if (add_object) {
} else {
} else {
}
}
}
if (add_object) {
} else {
}
if (ret != LDB_SUCCESS) {
}
done:
if (ret) {
} else {
}
return ret;
}
/* = Custom Delete======================================= */
const char *object_name,
const char *subtree_name)
{
int ret;
return EINVAL;
}
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
}
switch (ret) {
case LDB_SUCCESS:
case LDB_ERR_NO_SUCH_OBJECT:
break;
default:
break;
}
done:
return ret;
}
/* = ASQ search request ======================================== */
const char *expression,
const char *asq_attribute,
const char **attrs,
struct ldb_message ***msgs)
{
struct ldb_request *ldb_req;
struct ldb_control **ctrl;
struct ldb_asq_control *asq_control;
struct ldb_result *res;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
goto fail;
}
goto fail;
}
if (asq_control == NULL) {
goto fail;
}
goto fail;
}
if (!res) {
goto fail;
}
if (ret != LDB_SUCCESS) {
goto fail;
}
if (ret == LDB_SUCCESS) {
}
if (ret) {
goto fail;
}
return EOK;
fail:
}
else if (ret) {
}
return ret;
}
/* =Search-Users-with-Custom-Filter====================================== */
const char *sub_filter,
const char **attrs,
struct ldb_message ***msgs)
{
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto fail;
}
if (!filter) {
goto fail;
}
("Search users with filter: %s\n", filter));
msgs_count, msgs);
if (ret) {
goto fail;
}
return EOK;
fail:
}
else if (ret) {
}
return ret;
}
/* =Delete-User-by-Name-OR-uid============================================ */
{
char *filter;
struct ldb_message **msgs;
struct ldb_message *msg;
int ret;
int i;
if (!tmp_ctx) {
return ENOMEM;
}
if (name) {
} else {
}
const char *c_name;
goto fail;
}
/* this is not the entry we are looking for */
goto fail;
}
}
if (ret) {
goto fail;
}
/* Perhaps a ghost user? */
goto fail;
}
goto fail;
}
for (i = 0; i < msg_count; i++) {
if (!msg) {
}
goto fail;
}
}
} else {
goto fail;
}
return EOK;
fail:
return ret;
}
/* =Search-Groups-with-Custom-Filter===================================== */
const char *sub_filter,
const char **attrs,
struct ldb_message ***msgs)
{
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto fail;
}
if (!filter) {
goto fail;
}
("Search groups with filter: %s\n", filter));
msgs_count, msgs);
if (ret) {
goto fail;
}
return EOK;
fail:
}
else if (ret) {
}
return ret;
}
/* =Delete-Group-by-Name-OR-gid=========================================== */
{
struct ldb_message *msg;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (name) {
} else {
}
if (ret) {
goto fail;
}
const char *c_name;
goto fail;
}
/* this is not the entry we are looking for */
goto fail;
}
}
if (ret) {
goto fail;
}
return EOK;
fail:
return ret;
}
/* =Search-Netgroups-with-Custom-Filter===================================== */
const char *sub_filter,
const char **attrs,
struct ldb_message ***msgs)
{
char *filter;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!basedn) {
goto fail;
}
if (!filter) {
goto fail;
}
msgs_count, msgs);
if (ret) {
goto fail;
}
return EOK;
fail:
} else {
}
return ret;
}
/* =Delete-Netgroup-by-Name============================================== */
const char *name)
{
struct ldb_message *msg;
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
goto done;
goto done;
}
goto done;
}
done:
}
return ret;
}
/* ========= Authentication against cached password ============ */
struct ldb_message *ldb_msg,
{
int ret;
int failed_login_delay;
if (!tmp_ctx) {
return ENOMEM;
}
*delayed_until = -1;
"attempts.\n"));
goto done;
}
goto done;
}
"failed login delay [%d].\n", *failed_login_attempts,
if (failed_login_delay) {
"resetting failed_login_attempts.\n"));
*failed_login_attempts = 0;
} else {
*delayed_until = end;
goto done;
}
} else {
goto done;
}
}
}
done:
return ret;
}
const char *name,
const char *password,
struct confdb_ctx *cdb,
bool just_check,
{
"lastCachedPasswordChange",
"accountExpires", SYSDB_FAILED_LOGIN_ATTEMPTS,
struct ldb_message *ldb_msg;
const char *userhash;
char *comphash;
int cred_expiration;
struct sysdb_attrs *update_attrs;
bool authentication_successful = false;
int ret;
return EINVAL;
}
return EINVAL;
}
return EINVAL;
}
return EINVAL;
}
if (!tmp_ctx) {
return ENOMEM;
}
if (ret) {
return ret;
}
goto done;
}
/* Check offline_auth_cache_timeout */
0);
goto done;
}
if (cred_expiration) {
expire_date = 0;
goto done;
}
} else {
expire_date = 0;
}
goto done;
}
/* TODO: verify user account (disabled, expired ...) */
goto done;
}
if (ret) {
goto done;
}
if (update_attrs == NULL) {
goto done;
}
/* TODO: probable good point for audit logging */
authentication_successful = true;
if (just_check) {
goto done;
}
"but authentication is successful.\n"));
goto done;
}
"but authentication is successful.\n"));
goto done;
}
} else {
authentication_successful = false;
goto done;
}
goto done;
}
}
if (ret) {
}
done:
if (_expire_date != NULL) {
}
if (_delayed_until != NULL) {
}
if (ret) {
} else {
if (ret) {
}
}
if (authentication_successful) {
} else {
}
}
return ret;
}
const char *member,
enum sysdb_member_type type,
const char *const *add_groups,
const char *const *del_groups)
{
int i;
bool in_transaction = false;
if(!tmp_ctx) {
return ENOMEM;
}
DEBUG(0, ("Failed to start update transaction\n"));
goto done;
}
in_transaction = true;
if (add_groups) {
/* Add the user to all add_groups */
for (i = 0; add_groups[i]; i++) {
type);
/* Continue on, we should try to finish the rest */
}
}
}
if (del_groups) {
/* Remove the user from all del_groups */
for (i = 0; del_groups[i]; i++) {
type);
/* Continue on, we should try to finish the rest */
}
}
}
goto done;
}
in_transaction = false;
done:
if (in_transaction) {
}
}
return ret;
}
const char *name,
enum sysdb_member_type type,
char **remove_attrs)
{
bool in_transaction = false;
struct ldb_message *msg;
int lret;
size_t i;
switch(type) {
case SYSDB_MEMBER_USER:
break;
case SYSDB_MEMBER_GROUP:
break;
case SYSDB_MEMBER_NETGROUP:
break;
case SYSDB_MEMBER_SERVICE:
break;
}
goto done;
}
goto done;
}
in_transaction = true;
for (i = 0; remove_attrs[i]; i++) {
/* SYSDB_MEMBEROF is exclusively handled by the memberof plugin */
continue;
}
remove_attrs[i], name));
if (lret != LDB_SUCCESS) {
goto done;
}
/* We need to do individual modifies so that we can
* skip unknown attributes. Otherwise, any nonexistent
* attribute in the sysdb will cause other removals to
* fail.
*/
goto done;
}
/* Remove this attribute and move on to the next one */
}
goto done;
}
in_transaction = false;
done:
if (in_transaction) {
}
}
return ret;
}