sysdb_subdomains.c revision 9ac2a33f4cdc4941fa63118dcffe8058854f33c4
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht/*
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht SSSD
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht System Database - Sub-domain related calls
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht
da4b55f4795a4b585f513eaceb67cda10485febfChristian Maeder Copyright (C) 2012 Jan Zeleny <jzeleny@redhat.com>
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht Copyright (C) 2012 Sumit Bose <sbose@redhat.com>
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht This program is free software; you can redistribute it and/or modify
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht it under the terms of the GNU General Public License as published by
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht the Free Software Foundation; either version 3 of the License, or
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht (at your option) any later version.
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht This program is distributed in the hope that it will be useful,
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht but WITHOUT ANY WARRANTY; without even the implied warranty of
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht GNU General Public License for more details.
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht You should have received a copy of the GNU General Public License
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht along with this program. If not, see <http://www.gnu.org/licenses/>.
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht*/
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder#include "util/util.h"
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder#include "db/sysdb_private.h"
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht
8600e22385bce13c5d1048f7b955f9394a5d94d6Simon Ulbrichtstruct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht struct sss_domain_info *parent,
8600e22385bce13c5d1048f7b955f9394a5d94d6Simon Ulbricht const char *name,
79eb29c05606f195fe9c6fdca02bcaa458dde17dSimon Ulbricht const char *realm,
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht const char *flat_name,
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht const char *id,
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht bool mpg,
804459c3af78eeee3fd3c940c74594febd030dacSimon Ulbricht bool enumerate,
da4b55f4795a4b585f513eaceb67cda10485febfChristian Maeder const char *forest,
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht uint32_t trust_direction)
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht{
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht struct sss_domain_info *dom;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht bool inherit_option;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder DEBUG(SSSDBG_TRACE_FUNC,
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht "Creating [%s] as subdomain of [%s]!\n", name, parent->name);
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom = talloc_zero(mem_ctx, struct sss_domain_info);
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht if (dom == NULL) {
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht return NULL;
024d83266148fc53f9d6f82bedd0b8cb4a6213a9Simon Ulbricht }
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
024d83266148fc53f9d6f82bedd0b8cb4a6213a9Simon Ulbricht dom->parent = parent;
024d83266148fc53f9d6f82bedd0b8cb4a6213a9Simon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht /* Sub-domains always have the same view as the parent */
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht dom->has_views = parent->has_views;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht if (parent->view_name != NULL) {
5212c904eb65bed7c08f5c6e54df9618125d2939Simon Ulbricht dom->view_name = talloc_strdup(dom, parent->view_name);
21f01439b3d87ccc385d3bce73afb2d187d14d05Simon Ulbricht if (dom->view_name == NULL) {
21f01439b3d87ccc385d3bce73afb2d187d14d05Simon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Failed to copy parent's view name.\n");
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht goto fail;
21f01439b3d87ccc385d3bce73afb2d187d14d05Simon Ulbricht }
3ff10b5930bbec5d888826a65828397795877213Simon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht dom->name = talloc_strdup(dom, name);
765f0ff34c8f2354a4e8a4fbb4467ec5e788c55fSimon Ulbricht if (dom->name == NULL) {
765f0ff34c8f2354a4e8a4fbb4467ec5e788c55fSimon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Failed to copy domain name.\n");
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder goto fail;
3ff10b5930bbec5d888826a65828397795877213Simon Ulbricht }
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->provider = talloc_strdup(dom, parent->provider);
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht if (dom->provider == NULL) {
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Failed to copy provider name.\n");
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht goto fail;
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder }
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder
e90b8ee3fac5c932d83af2061579c6b57d528885Christian Maeder dom->conn_name = talloc_strdup(dom, parent->conn_name);
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder if (dom->conn_name == NULL) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Failed to copy connection name.\n");
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder goto fail;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
c25b3ec03906317eabc06bb4dd48bc9cf3841332Simon Ulbricht
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder if (realm != NULL) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->realm = talloc_strdup(dom, realm);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (dom->realm == NULL) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Failed to copy realm name.\n");
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht goto fail;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht if (flat_name != NULL) {
8600e22385bce13c5d1048f7b955f9394a5d94d6Simon Ulbricht dom->flat_name = talloc_strdup(dom, flat_name);
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder if (dom->flat_name == NULL) {
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder DEBUG(SSSDBG_OP_FAILURE, "Failed to copy flat name.\n");
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder goto fail;
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder }
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder }
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht if (id != NULL) {
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->domain_id = talloc_strdup(dom, id);
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht if (dom->domain_id == NULL) {
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Failed to copy id.\n");
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht goto fail;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht }
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht }
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht if (forest != NULL) {
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->forest = talloc_strdup(dom, forest);
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht if (dom->forest == NULL) {
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Failed to copy forest.\n");
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht goto fail;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht }
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht }
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->enumerate = enumerate;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->fqnames = true;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->mpg = mpg;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht /* If the parent domain filters out group members, the subdomain should
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht * as well if configured */
8600e22385bce13c5d1048f7b955f9394a5d94d6Simon Ulbricht inherit_option = string_in_list(CONFDB_DOMAIN_IGNORE_GROUP_MEMBERS,
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht parent->sd_inherit, false);
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht if (inherit_option) {
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht dom->ignore_group_members = parent->ignore_group_members;
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht }
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht dom->trust_direction = trust_direction;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht /* If the parent domain explicitly limits ID ranges, the subdomain
1c258a97f602cf389ed2aed3924108889dbef512Simon Ulbricht * should honour the limits as well.
403c7e517cea70c01c7dd15695867fe4f8820ab4Simon Ulbricht */
403c7e517cea70c01c7dd15695867fe4f8820ab4Simon Ulbricht dom->id_min = parent->id_min ? parent->id_min : 0;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->id_max = parent->id_max ? parent->id_max : 0xffffffff;
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht dom->pwd_expiration_warning = parent->pwd_expiration_warning;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->cache_credentials = parent->cache_credentials;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->cache_credentials_min_ff_length =
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht parent->cache_credentials_min_ff_length;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->case_sensitive = false;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->user_timeout = parent->user_timeout;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->group_timeout = parent->group_timeout;
5ea7ec7c1a5dead365687d6b0270837522c0e6feSimon Ulbricht dom->netgroup_timeout = parent->netgroup_timeout;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->service_timeout = parent->service_timeout;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->names = parent->names;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->override_homedir = parent->override_homedir;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->fallback_homedir = parent->fallback_homedir;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->subdomain_homedir = parent->subdomain_homedir;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->override_shell = parent->override_shell;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->default_shell = parent->default_shell;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->homedir_substr = parent->homedir_substr;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (parent->sysdb == NULL) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n");
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht goto fail;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht }
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->sysdb = parent->sysdb;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht return dom;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
403c7e517cea70c01c7dd15695867fe4f8820ab4Simon Ulbrichtfail:
04641e4ea004e422b32d3e6359f68a3326b4aa8bSimon Ulbricht talloc_free(dom);
04641e4ea004e422b32d3e6359f68a3326b4aa8bSimon Ulbricht return NULL;
403c7e517cea70c01c7dd15695867fe4f8820ab4Simon Ulbricht}
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbrichtstatic bool is_forest_root(struct sss_domain_info *d)
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht{
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (d->forest == NULL) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht /* IPA subdomain provider saves/saved trusted forest root domains
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht * without the forest attribute. Those are automatically forest
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht * roots
c51cb4bddcd39a87711e238c0c562d67451476dbSimon Ulbricht */
94968509d2764786208bd34b59a93c7cbe3aa6dbSimon Ulbricht return true;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht if (d->realm && (strcasecmp(d->forest, d->realm) == 0)) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht return true;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht return false;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht}
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbrichtstatic bool is_same_forest(struct sss_domain_info *root,
804459c3af78eeee3fd3c940c74594febd030dacSimon Ulbricht struct sss_domain_info *member)
804459c3af78eeee3fd3c940c74594febd030dacSimon Ulbricht{
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht if (member->forest != NULL
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht && root->realm != NULL
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht && strcasecmp(member->forest, root->realm) == 0) {
403c7e517cea70c01c7dd15695867fe4f8820ab4Simon Ulbricht return true;
04641e4ea004e422b32d3e6359f68a3326b4aa8bSimon Ulbricht }
04641e4ea004e422b32d3e6359f68a3326b4aa8bSimon Ulbricht
04641e4ea004e422b32d3e6359f68a3326b4aa8bSimon Ulbricht return false;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht}
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbrichtstatic void link_forest_roots(struct sss_domain_info *domain)
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht{
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht struct sss_domain_info *d;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht struct sss_domain_info *dd;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht for (d = domain; d; d = get_next_domain(d, true)) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht d->forest_root = NULL;
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht }
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht for (d = domain; d; d = get_next_domain(d, true)) {
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht if (d->forest_root != NULL) {
5917663ca76c8f8b60b767f7fb959f1d1609576bSimon Ulbricht continue;
5917663ca76c8f8b60b767f7fb959f1d1609576bSimon Ulbricht }
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (is_forest_root(d) == true) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht d->forest_root = d;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_TRACE_INTERNAL, "[%s] is a forest root\n", d->name);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht for (dd = domain; dd; dd = get_next_domain(dd, true)) {
96a17035df49356b70d7ac14bd9f4d52a5f0308dSimon Ulbricht if (dd->forest_root != NULL) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht continue;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht if (is_same_forest(d, dd) == true) {
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht dd->forest_root = d;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_TRACE_INTERNAL,
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht "[%s] is a forest root of [%s]\n",
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht d->forest_root->name,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht dd->name);
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht }
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht }
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht }
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht }
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht}
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbrichterrno_t sysdb_update_subdomains(struct sss_domain_info *domain)
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht{
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht int i;
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht errno_t ret;
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht TALLOC_CTX *tmp_ctx;
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht struct ldb_result *res;
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht const char *attrs[] = {"cn",
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht SYSDB_SUBDOMAIN_REALM,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht SYSDB_SUBDOMAIN_FLAT,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht SYSDB_SUBDOMAIN_ID,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht SYSDB_SUBDOMAIN_MPG,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht SYSDB_SUBDOMAIN_ENUM,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht SYSDB_SUBDOMAIN_FOREST,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht SYSDB_SUBDOMAIN_TRUST_DIRECTION,
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht NULL};
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht struct sss_domain_info *dom;
55be4caff6a01e4c32ec47ee27fe00b67dfd3db5Simon Ulbricht struct ldb_dn *basedn;
9458e270eb4d18c8e76fdaa569023931ca7ca8dfSimon Ulbricht const char *name;
5917663ca76c8f8b60b767f7fb959f1d1609576bSimon Ulbricht const char *realm;
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht const char *flat;
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht const char *id;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht const char *forest;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht bool mpg;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht bool enumerate;
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht uint32_t trust_direction;
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht tmp_ctx = talloc_new(NULL);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (tmp_ctx == NULL) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht ret = ENOMEM;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht goto done;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht basedn = ldb_dn_new(tmp_ctx, domain->sysdb->ldb, SYSDB_BASE);
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht if (basedn == NULL) {
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht ret = EIO;
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht goto done;
5917663ca76c8f8b60b767f7fb959f1d1609576bSimon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht basedn, LDB_SCOPE_ONELEVEL,
96a17035df49356b70d7ac14bd9f4d52a5f0308dSimon Ulbricht attrs, "objectclass=%s", SYSDB_SUBDOMAIN_CLASS);
96a17035df49356b70d7ac14bd9f4d52a5f0308dSimon Ulbricht if (ret != LDB_SUCCESS) {
30b3567d60173c99ef8db1f0a1d8bda73a4225fdSimon Ulbricht ret = EIO;
30b3567d60173c99ef8db1f0a1d8bda73a4225fdSimon Ulbricht goto done;
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht }
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht /* disable all domains,
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht * let the search result refresh any that are still valid */
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht for (dom = domain->subdomains; dom; dom = get_next_domain(dom, false)) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->disabled = true;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (res->count == 0) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht ret = EOK;
da4b55f4795a4b585f513eaceb67cda10485febfChristian Maeder goto done;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht for (i = 0; i < res->count; i++) {
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht name = ldb_msg_find_attr_as_string(res->msgs[i], "cn", NULL);
4d1df661384f74cd15d2ceba8a9a3c4760e9ddfbSimon Ulbricht if (name == NULL) {
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht DEBUG(SSSDBG_MINOR_FAILURE,
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht "The object [%s] doesn't have a name\n",
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht ldb_dn_get_linearized(res->msgs[i]->dn));
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht ret = EINVAL;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht goto done;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht realm = ldb_msg_find_attr_as_string(res->msgs[i],
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht SYSDB_SUBDOMAIN_REALM, NULL);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht flat = ldb_msg_find_attr_as_string(res->msgs[i],
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht SYSDB_SUBDOMAIN_FLAT, NULL);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht id = ldb_msg_find_attr_as_string(res->msgs[i],
192498961d079b4a31585f9f63148233804cc1c9Simon Ulbricht SYSDB_SUBDOMAIN_ID, NULL);
3c606bbc21a488c9eaebbfcd833b0b31af25341aSimon Ulbricht
67c57fe89afed0947d5ff8fc8b04c4ace0b9595eSimon Ulbricht mpg = ldb_msg_find_attr_as_bool(res->msgs[i],
3c606bbc21a488c9eaebbfcd833b0b31af25341aSimon Ulbricht SYSDB_SUBDOMAIN_MPG, false);
3c606bbc21a488c9eaebbfcd833b0b31af25341aSimon Ulbricht
67c57fe89afed0947d5ff8fc8b04c4ace0b9595eSimon Ulbricht enumerate = ldb_msg_find_attr_as_bool(res->msgs[i],
3c606bbc21a488c9eaebbfcd833b0b31af25341aSimon Ulbricht SYSDB_SUBDOMAIN_ENUM, false);
5917663ca76c8f8b60b767f7fb959f1d1609576bSimon Ulbricht
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht forest = ldb_msg_find_attr_as_string(res->msgs[i],
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht SYSDB_SUBDOMAIN_FOREST, NULL);
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht trust_direction = ldb_msg_find_attr_as_int(res->msgs[i],
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht SYSDB_SUBDOMAIN_TRUST_DIRECTION,
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht 0);
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht /* explicitly use dom->next as we need to check 'disabled' domains */
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht for (dom = domain->subdomains; dom; dom = dom->next) {
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht if (strcasecmp(dom->name, name) == 0) {
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->disabled = false;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht /* in theory these may change, but it should never happen */
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht if (strcasecmp(dom->realm, realm) != 0) {
972f1416b11d73d3e98597538cd6d96c13caf992Simon Ulbricht DEBUG(SSSDBG_TRACE_INTERNAL,
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht "Realm name changed from [%s] to [%s]!\n",
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht dom->realm, realm);
e3d7fd1b63d824960b1c17b6c7009d52d7528c1eChristian Maeder talloc_zfree(dom->realm);
e3d7fd1b63d824960b1c17b6c7009d52d7528c1eChristian Maeder dom->realm = talloc_strdup(dom, realm);
149252aa10a12adce1929d98f5fcfe9c2e88167dSimon Ulbricht if (dom->realm == NULL) {
5b93337fb97e848522fcc277e384f694595bc42cSimon Ulbricht ret = ENOMEM;
149252aa10a12adce1929d98f5fcfe9c2e88167dSimon Ulbricht goto done;
149252aa10a12adce1929d98f5fcfe9c2e88167dSimon Ulbricht }
da4b55f4795a4b585f513eaceb67cda10485febfChristian Maeder }
da4b55f4795a4b585f513eaceb67cda10485febfChristian Maeder if (strcasecmp(dom->flat_name, flat) != 0) {
da4b55f4795a4b585f513eaceb67cda10485febfChristian Maeder DEBUG(SSSDBG_TRACE_INTERNAL,
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht "Flat name changed from [%s] to [%s]!\n",
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->flat_name, flat);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht talloc_zfree(dom->flat_name);
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht dom->flat_name = talloc_strdup(dom, flat);
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht if (dom->flat_name == NULL) {
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht ret = ENOMEM;
4bf72807172000becf65e11bd225efc1dfd99713Simon Ulbricht goto done;
67c57fe89afed0947d5ff8fc8b04c4ace0b9595eSimon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht if (strcasecmp(dom->domain_id, id) != 0) {
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht DEBUG(SSSDBG_TRACE_INTERNAL,
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht "Domain changed from [%s] to [%s]!\n",
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->domain_id, id);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht talloc_zfree(dom->domain_id);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->domain_id = talloc_strdup(dom, id);
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (dom->domain_id == NULL) {
765f0ff34c8f2354a4e8a4fbb4467ec5e788c55fSimon Ulbricht ret = ENOMEM;
765f0ff34c8f2354a4e8a4fbb4467ec5e788c55fSimon Ulbricht goto done;
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht }
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (dom->mpg != mpg) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_TRACE_INTERNAL,
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht "MPG state change from [%s] to [%s]!\n",
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->mpg ? "true" : "false",
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht mpg ? "true" : "false");
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->mpg = mpg;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if (dom->enumerate != enumerate) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_TRACE_INTERNAL,
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht "enumerate state change from [%s] to [%s]!\n",
fe6a19b07759bc4190e88dda76a211d86bf32062Simon Ulbricht dom->enumerate ? "true" : "false",
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht enumerate ? "true" : "false");
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->enumerate = enumerate;
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht if ((dom->forest == NULL && forest != NULL)
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht || (dom->forest != NULL && forest != NULL
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht && strcasecmp(dom->forest, forest) != 0)) {
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht DEBUG(SSSDBG_TRACE_INTERNAL,
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht "Forest changed from [%s] to [%s]!\n",
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht dom->forest, forest);
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht talloc_zfree(dom->forest);
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht dom->forest = talloc_strdup(dom, forest);
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht if (dom->forest == NULL) {
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht ret = ENOMEM;
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht goto done;
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht }
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht }
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht if (!dom->has_views && dom->view_name == NULL) {
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht /* maybe views are not initialized, copy from parent */
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht dom->has_views = dom->parent->has_views;
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht if (dom->parent->view_name != NULL) {
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht dom->view_name = talloc_strdup(dom,
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht dom->parent->view_name);
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht if (dom->view_name == NULL) {
da4b55f4795a4b585f513eaceb67cda10485febfChristian Maeder DEBUG(SSSDBG_OP_FAILURE,
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht "Failed to copy parent's view name.\n");
7577ca4229962db6f297853d160c2e0214bd2034Simon Ulbricht ret = ENOMEM;
67c57fe89afed0947d5ff8fc8b04c4ace0b9595eSimon Ulbricht goto done;
765f0ff34c8f2354a4e8a4fbb4467ec5e788c55fSimon Ulbricht }
e4d1479434761dc3eb8d17b6c75de4eb24866f0bSimon Ulbricht }
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht } else {
c3b1c9fa0aa53167405eb9a004137fb5e327fd4fSimon Ulbricht if (dom->has_views != dom->parent->has_views
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht || strcmp(dom->view_name,
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht dom->parent->view_name) != 0) {
8fa27254f463e2c958a10dc513450b992f80137bSimon Ulbricht DEBUG(SSSDBG_CRIT_FAILURE,
c3b1c9fa0aa53167405eb9a004137fb5e327fd4fSimon Ulbricht "Sub-domain [%s][%s] and parent [%s][%s] " \
c3b1c9fa0aa53167405eb9a004137fb5e327fd4fSimon Ulbricht "views are different.\n",
21f01439b3d87ccc385d3bce73afb2d187d14d05Simon Ulbricht dom->has_views ? "has view" : "has no view",
9458e270eb4d18c8e76fdaa569023931ca7ca8dfSimon Ulbricht dom->view_name,
689c36560d1509e6f040c096b719a31b31d2d84cSimon Ulbricht dom->parent->has_views ? "has view" : "has no view",
9458e270eb4d18c8e76fdaa569023931ca7ca8dfSimon Ulbricht dom->parent->view_name);
846ef0914b29a4806ca0444c116fd3cf267c4fb7Christian Maeder ret = EINVAL;
9458e270eb4d18c8e76fdaa569023931ca7ca8dfSimon Ulbricht goto done;
}
}
if (dom->trust_direction != trust_direction) {
DEBUG(SSSDBG_TRACE_INTERNAL,
"Trust direction change from [%d] to [%d]!\n",
dom->trust_direction, trust_direction);
dom->trust_direction = trust_direction;
}
break;
}
}
/* If not found in loop it is a new subdomain */
if (dom == NULL) {
dom = new_subdomain(domain, domain, name, realm,
flat, id, mpg, enumerate, forest,
trust_direction);
if (dom == NULL) {
ret = ENOMEM;
goto done;
}
DLIST_ADD_END(domain->subdomains, dom, struct sss_domain_info *);
}
}
link_forest_roots(domain);
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_master_domain_update(struct sss_domain_info *domain)
{
errno_t ret;
TALLOC_CTX *tmp_ctx;
const char *tmp_str;
struct ldb_dn *basedn;
struct ldb_result *res;
const char *attrs[] = {"cn",
SYSDB_SUBDOMAIN_REALM,
SYSDB_SUBDOMAIN_FLAT,
SYSDB_SUBDOMAIN_ID,
SYSDB_SUBDOMAIN_FOREST,
NULL};
char *view_name = NULL;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
SYSDB_DOM_BASE, domain->name);
if (basedn == NULL) {
ret = EIO;
goto done;
}
ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res,
basedn, LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
ret = EIO;
goto done;
}
if (res->count == 0) {
ret = ENOENT;
goto done;
}
if (res->count > 1) {
DEBUG(SSSDBG_OP_FAILURE, "Base search returned [%d] results, "
"expected 1.\n", res->count);
ret = EINVAL;
goto done;
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_REALM,
NULL);
if (tmp_str != NULL &&
(domain->realm == NULL || strcasecmp(tmp_str, domain->realm) != 0)) {
talloc_free(domain->realm);
domain->realm = talloc_strdup(domain, tmp_str);
if (domain->realm == NULL) {
ret = ENOMEM;
goto done;
}
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FLAT,
NULL);
if (tmp_str != NULL &&
(domain->flat_name == NULL ||
strcasecmp(tmp_str, domain->flat_name) != 0)) {
talloc_free(domain->flat_name);
domain->flat_name = talloc_strdup(domain, tmp_str);
if (domain->flat_name == NULL) {
ret = ENOMEM;
goto done;
}
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_ID,
NULL);
if (tmp_str != NULL &&
(domain->domain_id == NULL ||
strcasecmp(tmp_str, domain->domain_id) != 0)) {
talloc_free(domain->domain_id);
domain->domain_id = talloc_strdup(domain, tmp_str);
if (domain->domain_id == NULL) {
ret = ENOMEM;
goto done;
}
}
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_SUBDOMAIN_FOREST,
NULL);
if (tmp_str != NULL &&
(domain->forest == NULL ||
strcasecmp(tmp_str, domain->forest) != 0)) {
talloc_free(domain->forest);
domain->forest = talloc_strdup(domain, tmp_str);
if (domain->forest == NULL) {
ret = ENOMEM;
goto done;
}
}
ret = sysdb_get_view_name(tmp_ctx, domain->sysdb, &view_name);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_view_name failed.\n");
goto done;
}
/* If no view is defined the default view will be used. In this case
* domain->has_views is FALSE and
* domain->view_name is set to SYSDB_DEFAULT_VIEW_NAME
*
* If there is a view defined
* domain->has_views is TRUE and
* domain->view_name is set to the given view name
*
* Currently changing the view is not supported hence we have to check for
* changes and error out accordingly.
*/
if (ret == ENOENT || is_default_view(view_name)) {
/* handle default view */
if (domain->has_views) {
DEBUG(SSSDBG_CRIT_FAILURE,
"View name change is currently not supported. " \
"New view is the default view while current view is [%s]. " \
"View name is not changed!\n", domain->view_name);
} else {
if (domain->view_name == NULL) {
domain->view_name = talloc_strdup(domain,
SYSDB_DEFAULT_VIEW_NAME);
if (domain->view_name == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
} else {
if (strcmp(domain->view_name, SYSDB_DEFAULT_VIEW_NAME) != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Domain [%s] has no view but view name [%s] " \
"is not the default view name [%s].\n",
domain->name, domain->view_name,
SYSDB_DEFAULT_VIEW_NAME);
ret = EINVAL;
goto done;
}
}
}
} else {
/* handle view other than default */
if (domain->has_views) {
if (strcmp(domain->view_name, view_name) != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"View name change is currently not supported. " \
"New view is [%s] while current view is [%s]. " \
"View name is not changed!\n",
view_name, domain->view_name);
}
} else {
if (domain->view_name == NULL) {
domain->has_views = true;
domain->view_name = talloc_steal(domain, view_name);
if (domain->view_name == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_steal failed.\n");
ret = ENOMEM;
goto done;
}
} else {
if (strcmp(domain->view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"View name change is currently not supported. " \
"New view is [%s] while current is the default view. " \
"View name is not changed!\n", view_name);
} else {
DEBUG(SSSDBG_CRIT_FAILURE,
"Domain currently has no views, " \
"but current view name is set to [%s] " \
"and new view name is [%s].\n",
domain->view_name, view_name);
ret = EINVAL;
goto done;
}
}
}
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
const char *realm,
const char *flat,
const char *id,
const char* forest)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
int ret;
bool do_update = false;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
msg = ldb_msg_new(tmp_ctx);
if (msg == NULL) {
ret = ENOMEM;
goto done;
}
msg->dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
SYSDB_DOM_BASE, domain->name);
if (msg->dn == NULL) {
ret = EIO;
goto done;
}
if (flat != NULL && (domain->flat_name == NULL ||
strcmp(domain->flat_name, flat) != 0)) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT,
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
do_update = true;
}
if (id != NULL && (domain->domain_id == NULL ||
strcmp(domain->domain_id, id) != 0)) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID,
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, id);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
do_update = true;
}
if (forest != NULL && (domain->forest == NULL ||
strcmp(domain->forest, forest) != 0)) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST,
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
do_update = true;
}
if (realm != NULL && (domain->realm == NULL ||
strcmp(domain->realm, realm) != 0)) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM,
LDB_FLAG_MOD_REPLACE, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
do_update = true;
}
if (do_update == false) {
ret = EOK;
goto done;
}
ret = ldb_modify(domain->sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
"[%s]: [%d][%s]!\n", domain->name, ret,
ldb_errstring(domain->sysdb->ldb));
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = sysdb_master_domain_update(domain);
if (ret != EOK) {
goto done;
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
const char *name, const char *realm,
const char *flat_name, const char *domain_id,
bool mpg, bool enumerate, const char *forest,
uint32_t trust_direction)
{
TALLOC_CTX *tmp_ctx;
struct ldb_message *msg;
struct ldb_dn *dn;
struct ldb_result *res;
const char *attrs[] = {"cn",
SYSDB_SUBDOMAIN_REALM,
SYSDB_SUBDOMAIN_FLAT,
SYSDB_SUBDOMAIN_ID,
SYSDB_SUBDOMAIN_MPG,
SYSDB_SUBDOMAIN_ENUM,
SYSDB_SUBDOMAIN_FOREST,
SYSDB_SUBDOMAIN_TRUST_DIRECTION,
NULL};
const char *tmp_str;
bool tmp_bool;
bool store = false;
int realm_flags = 0;
int flat_flags = 0;
int id_flags = 0;
int mpg_flags = 0;
int enum_flags = 0;
int forest_flags = 0;
int td_flags = 0;
uint32_t tmp_td;
int ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name);
if (dn == NULL) {
ret = EIO;
goto done;
}
ret = ldb_search(sysdb->ldb, tmp_ctx, &res,
dn, LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
ret = EIO;
goto done;
}
if (res->count == 0) {
ret = sysdb_domain_create(sysdb, name);
if (ret) {
goto done;
}
store = true;
if (realm) realm_flags = LDB_FLAG_MOD_ADD;
if (flat_name) flat_flags = LDB_FLAG_MOD_ADD;
if (domain_id) id_flags = LDB_FLAG_MOD_ADD;
mpg_flags = LDB_FLAG_MOD_ADD;
enum_flags = LDB_FLAG_MOD_ADD;
if (forest) forest_flags = LDB_FLAG_MOD_ADD;
if (trust_direction) td_flags = LDB_FLAG_MOD_ADD;
} else if (res->count != 1) {
ret = EINVAL;
goto done;
} else { /* 1 found */
if (realm) {
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
SYSDB_SUBDOMAIN_REALM, NULL);
if (!tmp_str || strcasecmp(tmp_str, realm) != 0) {
realm_flags = LDB_FLAG_MOD_REPLACE;
}
}
if (flat_name) {
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
SYSDB_SUBDOMAIN_FLAT, NULL);
if (!tmp_str || strcasecmp(tmp_str, flat_name) != 0) {
flat_flags = LDB_FLAG_MOD_REPLACE;
}
}
if (domain_id) {
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
SYSDB_SUBDOMAIN_ID, NULL);
if (!tmp_str || strcasecmp(tmp_str, domain_id) != 0) {
id_flags = LDB_FLAG_MOD_REPLACE;
}
}
tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_MPG,
!mpg);
if (tmp_bool != mpg) {
mpg_flags = LDB_FLAG_MOD_REPLACE;
}
tmp_bool = ldb_msg_find_attr_as_bool(res->msgs[0], SYSDB_SUBDOMAIN_ENUM,
!enumerate);
if (tmp_bool != enumerate) {
enum_flags = LDB_FLAG_MOD_REPLACE;
}
if (forest) {
tmp_str = ldb_msg_find_attr_as_string(res->msgs[0],
SYSDB_SUBDOMAIN_FOREST, NULL);
if (!tmp_str || strcasecmp(tmp_str, forest) != 0) {
forest_flags = LDB_FLAG_MOD_REPLACE;
}
}
tmp_td = ldb_msg_find_attr_as_uint(res->msgs[0],
SYSDB_SUBDOMAIN_TRUST_DIRECTION,
0);
if (tmp_td != trust_direction) {
td_flags = LDB_FLAG_MOD_REPLACE;
}
}
if (!store && realm_flags == 0 && flat_flags == 0 && id_flags == 0
&& mpg_flags == 0 && enum_flags == 0 && forest_flags == 0
&& td_flags == 0) {
ret = EOK;
goto done;
}
msg = ldb_msg_new(tmp_ctx);
if (msg == NULL) {
ret = ENOMEM;
goto done;
}
msg->dn = dn;
if (store) {
ret = ldb_msg_add_empty(msg, SYSDB_OBJECTCLASS, LDB_FLAG_MOD_ADD, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_OBJECTCLASS, SYSDB_SUBDOMAIN_CLASS);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (realm_flags) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_REALM, realm_flags, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_REALM, realm);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (flat_flags) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FLAT, flat_flags, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FLAT, flat_name);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (id_flags) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ID, id_flags, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ID, domain_id);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (mpg_flags) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_MPG, mpg_flags, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_MPG,
mpg ? "TRUE" : "FALSE");
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (enum_flags) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_ENUM, enum_flags, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_ENUM,
enumerate ? "TRUE" : "FALSE");
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (forest_flags) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_FOREST, forest_flags,
NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_string(msg, SYSDB_SUBDOMAIN_FOREST, forest);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
if (td_flags) {
ret = ldb_msg_add_empty(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
td_flags, NULL);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = ldb_msg_add_fmt(msg, SYSDB_SUBDOMAIN_TRUST_DIRECTION,
"%u", trust_direction);
if (ret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(ret);
goto done;
}
}
ret = ldb_modify(sysdb->ldb, msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add subdomain attributes to "
"[%s]: [%d][%s]!\n", name, ret,
ldb_errstring(sysdb->ldb));
ret = sysdb_error_to_errno(ret);
goto done;
}
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name)
{
TALLOC_CTX *tmp_ctx = NULL;
struct ldb_dn *dn;
int ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
ret = ENOMEM;
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, "Removing sub-domain [%s] from db.\n", name);
dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, name);
if (dn == NULL) {
ret = ENOMEM;
goto done;
}
ret = sysdb_delete_recursive(sysdb, dn, true);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sysdb_delete_recursive failed.\n");
goto done;
}
done:
talloc_free(tmp_ctx);
return ret;
}