e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny System Database - Sub-domain related calls
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny Copyright (C) 2012 Jan Zeleny <jzeleny@redhat.com>
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny Copyright (C) 2012 Sumit Bose <sbose@redhat.com>
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny This program is free software; you can redistribute it and/or modify
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny it under the terms of the GNU General Public License as published by
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny the Free Software Foundation; either version 3 of the License, or
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny (at your option) any later version.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny This program is distributed in the hope that it will be useful,
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny GNU General Public License for more details.
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny You should have received a copy of the GNU General Public License
e76d78338026fa47dca32eaf7f5c15eabb1b951aJan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozekstruct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek const char *name,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek const char *id,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek "Creating [%s] as subdomain of [%s]!\n", name, parent->name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom = talloc_zero(mem_ctx, struct sss_domain_info);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek /* Sub-domains always have the same view as the parent */
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->view_name = talloc_strdup(dom, parent->view_name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy parent's view name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy domain name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->provider = talloc_strdup(dom, parent->provider);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy provider name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->conn_name = talloc_strdup(dom, parent->conn_name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy connection name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy realm name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->flat_name = talloc_strdup(dom, flat_name);
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy flat name.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy id.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to copy forest.\n");
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek /* If the parent domain filters out group members, the subdomain should
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek * as well if configured */
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->ignore_group_members = parent->ignore_group_members;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek /* If the parent domain explicitly limits ID ranges, the subdomain
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek * should honour the limits as well.
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->id_min = parent->id_min ? parent->id_min : 0;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->id_max = parent->id_max ? parent->id_max : 0xffffffff;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->pwd_expiration_warning = parent->pwd_expiration_warning;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->cache_credentials = parent->cache_credentials;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->netgroup_timeout = parent->netgroup_timeout;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->service_timeout = parent->service_timeout;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->override_homedir = parent->override_homedir;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->fallback_homedir = parent->fallback_homedir;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek dom->subdomain_homedir = parent->subdomain_homedir;
50936fc7230a9b3f01e285e72c4182013542f53eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n");
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozekstatic bool is_forest_root(struct sss_domain_info *d)
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek /* IPA subdomain provider saves/saved trusted forest root domains
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek * without the forest attribute. Those are automatically forest
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return true;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek if (d->realm && (strcasecmp(d->forest, d->realm) == 0)) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return true;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return false;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozekstatic bool is_same_forest(struct sss_domain_info *root,
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek && strcasecmp(member->forest, root->realm) == 0) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return true;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek return false;
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozekstatic void link_forest_roots(struct sss_domain_info *domain)
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (d = domain; d; d = get_next_domain(d, gnd_flags)) {
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (d = domain; d; d = get_next_domain(d, gnd_flags)) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek if (is_forest_root(d) == true) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "[%s] is a forest root\n", d->name);
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (dd = domain; dd; dd = get_next_domain(dd, gnd_flags)) {
b50baee36c9ba9e1dd3f6b9c1356482aecd08128Jakub Hrozek "[%s] is a forest root of [%s]\n",
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorceerrno_t sysdb_update_subdomains(struct sss_domain_info *domain)
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce basedn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, SYSDB_BASE);
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce /* disable all domains,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce * let the search result refresh any that are still valid */
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) {
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce name = ldb_msg_find_attr_as_string(res->msgs[i], "cn", NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "The object [%s] doesn't have a name\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ldb_dn_get_linearized(res->msgs[i]->dn));
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce realm = ldb_msg_find_attr_as_string(res->msgs[i],
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek enumerate = ldb_msg_find_attr_as_bool(res->msgs[i],
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose forest = ldb_msg_find_attr_as_string(res->msgs[i],
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose upn_suffixes = sss_ldb_el_to_string_list(tmp_ctx, tmp_el);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n");
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek trust_direction = ldb_msg_find_attr_as_int(res->msgs[i],
2bbc9d6f8d5f2c1b07fd6968314b7f530b7f3a4dMichal Židek dom = get_next_domain(dom, SSS_GND_INCLUDE_DISABLED)) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce /* in theory these may change, but it should never happen */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Realm name changed from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Flat name changed from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Domain changed from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "MPG state change from [%s] to [%s]!\n",
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek "enumerate state change from [%s] to [%s]!\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Forest changed from [%s] to [%s]!\n",
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose dom->upn_suffixes = talloc_steal(dom, upn_suffixes);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* maybe views are not initialized, copy from parent */
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Failed to copy parent's view name.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Sub-domain [%s][%s] and parent [%s][%s] " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "views are different.\n",
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose dom->parent->has_views ? "has view" : "has no view",
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek "Trust direction change from [%d] to [%d]!\n",
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce /* If not found in loop it is a new subdomain */
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek dom = new_subdomain(domain, domain, name, realm,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce DLIST_ADD_END(domain->subdomains, dom, struct sss_domain_info *);
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorceerrno_t sysdb_master_domain_update(struct sss_domain_info *domain)
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Base search returned [%d] results, "
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_REALM,
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce (domain->realm == NULL || strcasecmp(tmp_str, domain->realm) != 0)) {
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FLAT,
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce domain->flat_name = talloc_strdup(domain, tmp_str);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_ID,
65393a294e635822c1d7a15fe5853dc457ad8a2aSimo Sorce domain->domain_id = talloc_strdup(domain, tmp_str);
17195241500e46272018d7897d6e87249870caf2Pavel Reichl tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST,
17195241500e46272018d7897d6e87249870caf2Pavel Reichl domain->forest = talloc_strdup(domain, tmp_str);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose domain->upn_suffixes = sss_ldb_el_to_string_list(domain, tmp_el);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_ldb_el_to_string_list failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose ret = sysdb_get_view_name(tmp_ctx, domain->sysdb, &view_name);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* If no view is defined the default view will be used. In this case
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->has_views is FALSE and
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->view_name is set to SYSDB_DEFAULT_VIEW_NAME
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * If there is a view defined
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->has_views is TRUE and
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * domain->view_name is set to the given view name
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * Currently changing the view is not supported hence we have to check for
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose * changes and error out accordingly.
9ac2a33f4cdc4941fa63118dcffe8058854f33c4Michal Židek if (ret == ENOENT || is_default_view(view_name)) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* handle default view */
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name change is currently not supported. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "New view is the default view while current view is [%s]. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name is not changed!\n", domain->view_name);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose if (strcmp(domain->view_name, SYSDB_DEFAULT_VIEW_NAME) != 0) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Domain [%s] has no view but view name [%s] " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "is not the default view name [%s].\n",
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose /* handle view other than default */
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name change is currently not supported. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "New view is [%s] while current view is [%s]. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name is not changed!\n",
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose domain->view_name = talloc_steal(domain, view_name);
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_steal failed.\n");
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose if (strcmp(domain->view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "View name change is currently not supported. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "New view is [%s] while current is the default view. " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "Domain currently has no views, " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "but current view name is set to [%s] " \
9f734d4c122e37cc3080974342ed9586d05d5f83Sumit Bose "and new view name is [%s].\n",
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorceerrno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek const char *flat,
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek const char *id,
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose const char *forest,
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce msg->dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce if (flat != NULL && (domain->flat_name == NULL ||
7fe69bb6ec70bce439c6b975a9a0044c98ff502bSimo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT,
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat);
3912262270a6449ebe1d3e92c27c217b4044f894Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, id);
17195241500e46272018d7897d6e87249870caf2Pavel Reichl if (forest != NULL && (domain->forest == NULL ||
17195241500e46272018d7897d6e87249870caf2Pavel Reichl ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST,
17195241500e46272018d7897d6e87249870caf2Pavel Reichl ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM,
9af86b9c936d07cff9d0c2054acde908749ea522Jakub Hrozek ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose upn_suffixes->name = talloc_strdup(upn_suffixes, SYSDB_UPN_SUFFIXES);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose ret = ldb_msg_add(msg, upn_suffixes, LDB_FLAG_MOD_REPLACE);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose /* Remove alternative_domain_suffixes from the cache */
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny if (do_update == false) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorceerrno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name);
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek if (trust_direction) td_flags = LDB_FLAG_MOD_ADD;
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce } else { /* 1 found */
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (!tmp_str || strcasecmp(tmp_str, realm) != 0) {
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (!tmp_str || strcasecmp(tmp_str, flat_name) != 0) {
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce if (!tmp_str || strcasecmp(tmp_str, domain_id) != 0) {
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_MPG,
b3458bbb5315b05d7ac1abc58f1c380761756603Jakub Hrozek tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_ENUM,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (!tmp_str || strcasecmp(tmp_str, forest) != 0) {
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek tmp_td = ldb_msg_find_attr_as_uint(res->msgs[0],
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose tmp_el = ldb_msg_find_element(res->msgs[0], SYSDB_UPN_SUFFIXES);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose /* Luckily ldb_msg_element_compare() only compares the values and
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose * not the name. */
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose || ldb_msg_element_compare(upn_suffixes, tmp_el) != 0) {
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek && mpg_flags == 0 && enum_flags == 0 && forest_flags == 0
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_OBJECTCLASS, SYSDB_SUBDOMAIN_CLASS);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM, realm_flags, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT, flat_flags, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat_name);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, id_flags, NULL);
1187a07ed4207c1c326fdf83915dddfe472b8620Simo Sorce ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, domain_id);
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_MPG, mpg_flags, NULL);
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_MPG,
b3458bbb5315b05d7ac1abc58f1c380761756603Jakub Hrozek ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ENUM, enum_flags, NULL);
b3458bbb5315b05d7ac1abc58f1c380761756603Jakub Hrozek ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ENUM,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST, forest_flags,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
ea224c3813a537639778f91ac762732b3c289603Jakub Hrozek ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose tmp_el = talloc_zero(tmp_ctx, struct ldb_message_element);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorceerrno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name)
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Removing sub-domain [%s] from db.\n", name);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_delete_recursive failed.\n");
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozekstatic errno_t match_cn_users(TALLOC_CTX *tmp_ctx,
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek cn_users_basedn = talloc_asprintf(tmp_ctx, "%s%s", "cn=users,", dom_basedn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_TRACE_ALL, "cn=users baseDN is [%s].\n", cn_users_basedn);
5ff7a765434ed0b4d37564ade26d7761d06f81c3Sumit Bose ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
5ff7a765434ed0b4d37564ade26d7761d06f81c3Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek && strcasecmp(orig_dn + (dn_len - cn_users_basedn_len),
5ff7a765434ed0b4d37564ade26d7761d06f81c3Sumit Bose "Found 2 matching DN [%s] and [%s], expecting only 1.\n",
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozekstatic errno_t match_non_dc_comp(TALLOC_CTX *tmp_ctx,
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek basedn_comp_num = ldb_dn_get_comp_num(ldb_basedn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek ret = sysdb_attrs_get_string(usr_attrs[c], SYSDB_ORIG_DN, &orig_dn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek /* Does the user's original DN with the non-domain part
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek * stripped match the domain base DN?
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek && strcasecmp(orig_dn + (orig_dn_len - basedn_len),
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek ldb_orig_dn = ldb_dn_new(tmp_ctx, ldb_ctx, orig_dn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek dn_comp_num = ldb_dn_get_comp_num(ldb_orig_dn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek component_name = ldb_dn_get_component_name(ldb_orig_dn,
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_TRACE_ALL, "Comparing [%s] and [%s].\n",
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek /* If the component is NOT a DC component, then the entry
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek * must come from our domain, perhaps from a child container.
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek * If it matched the DC component, the entry was from a child
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek * subdomain different from this one.
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek "Found 2 matching DN [%s] and [%s], "
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek "expecting only 1.\n", result_dn_str, orig_dn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozekstatic errno_t match_basedn(TALLOC_CTX *tmp_ctx,
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek ldb_dom_basedn = ldb_dn_new(tmp_ctx, ldb_ctx, dom_basedn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozekstatic errno_t match_search_base(TALLOC_CTX *tmp_ctx,
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Missing ldb context.\n");
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek ldb_search_base = ldb_dn_new(tmp_ctx, ldb_ctx, domain_search_base);
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek /* strip non-DC components from the search base */
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek search_base_comp_num = ldb_dn_get_comp_num(ldb_search_base);
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek component_name = ldb_dn_get_component_name(ldb_search_base,
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek if (strcasecmp(domain_component_name, component_name) == 0) {
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek /* The search base does not have any non-DC components, the search wouldn't
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek * match anyway
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek ok = ldb_dn_remove_child_components(ldb_search_base, non_dc_comp_num);
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek search_base = ldb_dn_get_linearized(ldb_search_base);
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek ret = match_cn_users(tmp_ctx, usr_attrs, count, search_base, &result);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozekerrno_t sysdb_try_to_find_expected_dn(struct sss_domain_info *dom,
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek if (dom == NULL || domain_component_name == NULL
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek ret = domain_to_basedn(tmp_ctx, dom->name, &dom_basedn);
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n");
e5a984093ad7921c83da75272cede2b0e52ba2d6Jakub Hrozek ret = match_cn_users(tmp_ctx, usr_attrs, count, dom_basedn, &result);
24d8c85fae253f988165c112af208198cf48eef6Jakub Hrozek ret = match_search_base(tmp_ctx, dom, domain_component_name,
5ff7a765434ed0b4d37564ade26d7761d06f81c3Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "No matching DN found.\n");