sysdb_subdomains.c revision c03b28a38b14fdb59f74864ae4dc56affe256508
842ae4bd224140319ae7feec1872b93dfd491143fielding/*
842ae4bd224140319ae7feec1872b93dfd491143fielding SSSD
842ae4bd224140319ae7feec1872b93dfd491143fielding
842ae4bd224140319ae7feec1872b93dfd491143fielding System Database - Sub-domain related calls
842ae4bd224140319ae7feec1872b93dfd491143fielding
842ae4bd224140319ae7feec1872b93dfd491143fielding Copyright (C) 2012 Jan Zeleny <jzeleny@redhat.com>
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse Copyright (C) 2012 Sumit Bose <sbose@redhat.com>
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse This program is free software; you can redistribute it and/or modify
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd it under the terms of the GNU General Public License as published by
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd the Free Software Foundation; either version 3 of the License, or
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd (at your option) any later version.
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd This program is distributed in the hope that it will be useful,
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd but WITHOUT ANY WARRANTY; without even the implied warranty of
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh GNU General Public License for more details.
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh You should have received a copy of the GNU General Public License
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh along with this program. If not, see <http://www.gnu.org/licenses/>.
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh*/
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "util/util.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "db/sysdb_private.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianherrno_t sysdb_get_subdomains(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh size_t *subdomain_count,
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh struct sysdb_subdom ***subdomain_list)
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh{
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh int i;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh errno_t ret;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse TALLOC_CTX *tmp_ctx;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse struct ldb_result *res;
60c1c6006c048e5009ae91fa2ba4cd35e5f78e10rse const char *attrs[] = {"cn",
60c1c6006c048e5009ae91fa2ba4cd35e5f78e10rse SYSDB_SUBDOMAIN_FLAT,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse SYSDB_SUBDOMAIN_ID,
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh NULL};
4281cf6a722c99ae21394dc2000bd48efcebdb3akbrand struct sysdb_subdom **list;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse struct ldb_dn *basedn;
e5106092b7fae78cec4898042a78a10acccb4cacwrowe const char *tmp_str;
d1795b4b9ec996109b46845376bdfb82989218dbstsp
d1795b4b9ec996109b46845376bdfb82989218dbstsp tmp_ctx = talloc_new(NULL);
d1795b4b9ec996109b46845376bdfb82989218dbstsp if (tmp_ctx == NULL) {
d1795b4b9ec996109b46845376bdfb82989218dbstsp ret = ENOMEM;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse goto done;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh }
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse basedn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_BASE);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse if (basedn == NULL) {
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse ret = EIO;
d1795b4b9ec996109b46845376bdfb82989218dbstsp goto done;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse }
d1795b4b9ec996109b46845376bdfb82989218dbstsp ret = ldb_search(sysdb->ldb, tmp_ctx, &res,
d1795b4b9ec996109b46845376bdfb82989218dbstsp basedn, LDB_SCOPE_ONELEVEL,
bdec92dd2c27b079aebb91250204febb4c59d7eadougm attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS);
bdec92dd2c27b079aebb91250204febb4c59d7eadougm if (ret != LDB_SUCCESS) {
742318b93e89c311f66b55f426c4d9cf2c14628bjim ret = EIO;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse goto done;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse }
726be39314e1b2ede8378630efccce4cdeb88a31dougm
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse list = talloc_zero_array(tmp_ctx, struct sysdb_subdom *, res->count);
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse if (list == NULL) {
60998c490ad3334eb07ae63b23b479ac564dec94kbrand ret = ENOMEM;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse goto done;
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse }
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand
1b1621900bd89ddc496d721c865a726f635ebd7esf for (i = 0; i < res->count; i++) {
41cfeab1b7ec1ed81de039e811565b1c6df999f9kbrand list[i] = talloc_zero(list, struct sysdb_subdom);
032982212dbcc7c3cce95bf89c503bb56e185ac7kbrand if (list[i] == NULL) {
2c238b83c08ac2d040d9057b1ba83ba7f71138b7kbrand ret = ENOMEM;
d58a822aff1dfda25384d3d009f88f1883c95436kbrand goto done;
9d0d2ad2438f2e8c9ff1dd64b243605170d739aedougm }
9d0d2ad2438f2e8c9ff1dd64b243605170d739aedougm tmp_str = ldb_msg_find_attr_as_string(res->msgs[i], "cn", NULL);
070235bcb25af37efebf6405b082413144968289kbrand if (tmp_str == NULL) {
bdec92dd2c27b079aebb91250204febb4c59d7eadougm DEBUG(SSSDBG_MINOR_FAILURE,
cc003103e52ff9d5fe9bed567ef9438613ab4fbfrse ("The object [%s] doesn't have a name\n",
60c1c6006c048e5009ae91fa2ba4cd35e5f78e10rse ldb_dn_get_linearized(res->msgs[i]->dn)));
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh ret = EINVAL;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh goto done;
}
list[i]->name = talloc_strdup(list, tmp_str);
if (list[i]->name == NULL) {
ret = ENOMEM;
goto done;
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[i],
SYSDB_SUBDOMAIN_FLAT, NULL);
if (tmp_str != NULL) {
list[i]->flat_name = talloc_strdup(list, tmp_str);
if (list[i]->flat_name == NULL) {
ret = ENOMEM;
goto done;
}
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[i],
SYSDB_SUBDOMAIN_ID, NULL);
if (tmp_str != NULL) {
list[i]->id = talloc_strdup(list, tmp_str);
if (list[i]->id == NULL) {
ret = ENOMEM;
goto done;
}
}
}
*subdomain_count = res->count;
*subdomain_list = talloc_steal(mem_ctx, list);
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_master_domain_get_info(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sysdb_subdom **_info)
{
errno_t ret;
TALLOC_CTX *tmp_ctx;
const char *tmp_str;
struct ldb_dn *basedn;
struct sysdb_subdom *info;
struct ldb_result *res;
const char *attrs[] = {"cn",
SYSDB_SUBDOMAIN_FLAT,
SYSDB_SUBDOMAIN_ID,
NULL};
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
info = talloc_zero(tmp_ctx, struct sysdb_subdom);
if (info == NULL) {
ret = ENOMEM;
goto done;
}
basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE,
sysdb->domain->name);
if (basedn == NULL) {
ret = EIO;
goto done;
}
ret = ldb_search(sysdb->ldb, tmp_ctx, &res, basedn, LDB_SCOPE_BASE, attrs,
NULL);
if (ret != LDB_SUCCESS) {
ret = EIO;
goto done;
}
if (res->count != 1) {
DEBUG(SSSDBG_OP_FAILURE, ("Base search returned [%d] results, "
"expected 1.\n"));
ret = EINVAL;
goto done;
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FLAT,
NULL);
if (tmp_str != NULL) {
info->flat_name = talloc_strdup(info, tmp_str);
if (info->flat_name == NULL) {
ret = ENOMEM;
goto done;
}
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_ID,
NULL);
if (tmp_str != NULL) {
info->flat_name = talloc_strdup(info, tmp_str);
if (info->flat_name == NULL) {
ret = ENOMEM;
goto done;
}
}
*_info = talloc_steal(mem_ctx, info);
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_master_domain_add_info(struct sysdb_ctx *sysdb,
struct sysdb_subdom *domain_info)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
int ret;
bool do_update = false;
struct sysdb_subdom *current_info;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
ret = sysdb_master_domain_get_info(tmp_ctx, sysdb, &current_info);
if (ret != EOK) {
goto done;
}
msg = ldb_msg_new(tmp_ctx);
if (msg == NULL) {
ret = ENOMEM;
goto done;
}
msg->dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE,
sysdb->domain->name);
if (msg->dn == NULL) {
ret = EIO;
goto done;
}
if (domain_info->flat_name != NULL &&
(current_info->flat_name == NULL ||
strcmp(current_info->flat_name, domain_info->flat_name) != 0) ) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT,
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_FLAT, "%s",
domain_info->flat_name);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
do_update = true;
}
if (domain_info->id != NULL &&
(current_info->flat_name == NULL ||
strcmp(current_info->flat_name, domain_info->id) != 0) ) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, LDB_FLAG_MOD_REPLACE,
NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_ID, "%s",
domain_info->id);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
do_update = true;
}
if (do_update == false) {
ret = EOK;
goto done;
}
ret = ldb_modify(sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add subdomain attributes to "
"[%s]: [%d][%s]!\n",
domain_info->name, ret,
ldb_errstring(sysdb->ldb)));
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
static errno_t sysdb_add_subdomain_attributes(struct sysdb_ctx *sysdb,
struct sysdb_subdom *domain_info)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
int ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
msg = ldb_msg_new(tmp_ctx);
if (msg == NULL) {
ret = ENOMEM;
goto done;
}
msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_DOM_BASE,
domain_info->name);
if (msg->dn == NULL) {
ret = ENOMEM;
goto done;
}
ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_fmt(msg, SYSDB_OBJECTCLASS, "%s", SYSDB_SUBDOMAIN_CLASS);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
if (domain_info->flat_name != NULL) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT, LDB_FLAG_MOD_ADD,
NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_FLAT, "%s",
domain_info->flat_name);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (domain_info->id != NULL) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, LDB_FLAG_MOD_ADD,
NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_ID, "%s",
domain_info->id);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
ret = ldb_modify(sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add subdomain attributes to "
"[%s]: [%d][%s]!\n",
domain_info->name, ret,
ldb_errstring(sysdb->ldb)));
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_update_subdomains(struct sysdb_ctx *sysdb,
struct sysdb_subdom **subdomains)
{
int ret;
int sret;
size_t c;
size_t d;
TALLOC_CTX *tmp_ctx = NULL;
size_t cur_subdomains_count;
struct sysdb_subdom **cur_subdomains;
struct ldb_dn *dn;
bool in_transaction = false;
bool *keep_subdomain;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
ret = ENOMEM;
goto done;
}
/* Retrieve all subdomains that are currently in sysdb */
ret = sysdb_get_subdomains(tmp_ctx, sysdb, &cur_subdomains_count,
&cur_subdomains);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_get_subdomains failed.\n"));
goto done;
}
keep_subdomain = talloc_zero_array(tmp_ctx, bool, cur_subdomains_count);
if (keep_subdomain == NULL) {
ret = ENOMEM;
DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero_array failed.\n"));
goto done;
}
ret = sysdb_transaction_start(sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_transaction_start failed.\n"));
goto done;
}
in_transaction = true;
/* Go through a list of retrieved subdomains and:
* - if a subdomain already exists in sysdb, mark it for preservation
* - if the subdomain doesn't exist in sysdb, create its bare structure
*/
for (c = 0; subdomains[c] != NULL; c++) {
for (d = 0; d < cur_subdomains_count; d++) {
if (strcasecmp(subdomains[c]->name,
cur_subdomains[d]->name) == 0) {
keep_subdomain[d] = true;
/* sub-domain already in cache, nothing to do */
break;
}
}
if (d == cur_subdomains_count) {
DEBUG(SSSDBG_TRACE_FUNC, ("Adding sub-domain [%s].\n",
subdomains[c]->name));
ret = sysdb_domain_create(sysdb, subdomains[c]->name);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_domain_create failed.\n"));
goto done;
}
ret = sysdb_add_subdomain_attributes(sysdb, subdomains[c]);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
("sysdb_add_subdomain_attributes failed.\n"));
goto done;
}
}
}
/* Now delete all subdomains that have been in sysdb prior to
* refreshing the list and are not marked for preservation
* (i.e. they are not in the new list of subdomains)
*/
for (d = 0; d < cur_subdomains_count; d++) {
if (!keep_subdomain[d]) {
DEBUG(SSSDBG_TRACE_FUNC, ("Removing sub-domain [%s].\n",
cur_subdomains[d]->name));
dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE,
cur_subdomains[d]->name);
if (dn == NULL) {
ret = ENOMEM;
goto done;
}
ret = sysdb_delete_recursive(sysdb, dn, true);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_recursive failed.\n"));
goto done;
}
}
}
ret = sysdb_transaction_commit(sysdb);
if (ret == EOK) {
in_transaction = false;
} else {
DEBUG(SSSDBG_MINOR_FAILURE, ("Could not commit transaction\n"));
}
done:
if (in_transaction) {
sret = sysdb_transaction_cancel(sysdb);
if (sret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
}
}
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_get_subdomain_context(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *subdomain,
struct sysdb_ctx **subdomain_ctx)
{
struct sysdb_ctx *new_ctx;
new_ctx = talloc_zero(mem_ctx, struct sysdb_ctx);
if (new_ctx == NULL) {
return ENOMEM;
}
new_ctx->domain = subdomain;
new_ctx->mpg = true;
new_ctx->ldb = sysdb->ldb;
new_ctx->ldb_file = sysdb->ldb_file;
*subdomain_ctx = new_ctx;
return EOK;
}
#define CHECK_DOMAIN_INFO(dom_info) do { \
if (dom_info == NULL || dom_info->sysdb == NULL) { \
DEBUG(SSSDBG_OP_FAILURE, ("Invalid domain info.\n")); \
return EINVAL; \
} \
} while(0)
errno_t sysdb_search_domuser_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_search_user_by_name(mem_ctx, domain->sysdb, name, attrs, msg);
}
errno_t sysdb_search_domuser_by_uid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
uid_t uid,
const char **attrs,
struct ldb_message **msg)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_search_user_by_uid(mem_ctx, domain->sysdb, uid, attrs, msg);
}
errno_t sysdb_store_domuser(struct sss_domain_info *domain,
const char *name,
const char *pwd,
uid_t uid, gid_t gid,
const char *gecos,
const char *homedir,
const char *shell,
struct sysdb_attrs *attrs,
char **remove_attrs,
uint64_t cache_timeout,
time_t now)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_store_user(domain->sysdb, name, pwd, uid, gid, gecos, homedir,
shell, attrs, remove_attrs, cache_timeout, now);
}
errno_t sysdb_delete_domuser(struct sss_domain_info *domain,
const char *name, uid_t uid)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_delete_user(domain->sysdb, name, uid);
}
errno_t sysdb_search_domgroup_by_name(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **msg)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_search_group_by_name(mem_ctx, domain->sysdb,
name, attrs, msg);
}
errno_t sysdb_search_domgroup_by_gid(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
gid_t gid,
const char **attrs,
struct ldb_message **msg)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_search_group_by_gid(mem_ctx, domain->sysdb, gid, attrs, msg);
}
errno_t sysdb_store_domgroup(struct sss_domain_info *domain,
const char *name,
gid_t gid,
struct sysdb_attrs *attrs,
uint64_t cache_timeout,
time_t now)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_store_group(domain->sysdb, name, gid, attrs, cache_timeout,
now);
}
errno_t sysdb_delete_domgroup(struct sss_domain_info *domain,
const char *name, gid_t gid)
{
CHECK_DOMAIN_INFO(domain);
return sysdb_delete_group(domain->sysdb, name, gid);
}