sdap_async_accounts.c revision 86d77907310fa939fe89884fbbdf2142c06a420e
f062ed7bd262a37a909dd77ce5fc23b446818823fielding Async LDAP Helper routines
2d2eda71267231c2526be701fe655db125852c1ffielding Copyright (C) Simo Sorce <ssorce@redhat.com> - 2009
2d2eda71267231c2526be701fe655db125852c1ffielding Copyright (C) 2010, Ralf Haferkamp <rhafer@suse.de>, Novell Inc.
2d2eda71267231c2526be701fe655db125852c1ffielding This program is free software; you can redistribute it and/or modify
2d2eda71267231c2526be701fe655db125852c1ffielding it under the terms of the GNU General Public License as published by
2d2eda71267231c2526be701fe655db125852c1ffielding the Free Software Foundation; either version 3 of the License, or
f062ed7bd262a37a909dd77ce5fc23b446818823fielding (at your option) any later version.
2d2eda71267231c2526be701fe655db125852c1ffielding This program is distributed in the hope that it will be useful,
2d2eda71267231c2526be701fe655db125852c1ffielding but WITHOUT ANY WARRANTY; without even the implied warranty of
2d2eda71267231c2526be701fe655db125852c1ffielding MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2d2eda71267231c2526be701fe655db125852c1ffielding GNU General Public License for more details.
f062ed7bd262a37a909dd77ce5fc23b446818823fielding You should have received a copy of the GNU General Public License
f062ed7bd262a37a909dd77ce5fc23b446818823fielding along with this program. If not, see <http://www.gnu.org/licenses/>.
f062ed7bd262a37a909dd77ce5fc23b446818823fielding/* ==Save-User-Entry====================================================== */
2d2eda71267231c2526be701fe655db125852c1ffielding/* FIXME: support storing additional attributes */
f062ed7bd262a37a909dd77ce5fc23b446818823fielding const char **ldap_attrs,
f062ed7bd262a37a909dd77ce5fc23b446818823fielding const char *pwd;
f062ed7bd262a37a909dd77ce5fc23b446818823fielding const char *gecos;
f062ed7bd262a37a909dd77ce5fc23b446818823fielding const char *homedir;
2d2eda71267231c2526be701fe655db125852c1ffielding const char *shell;
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(1, ("Failed to save the user - entry has no name attribute\n"));
2d2eda71267231c2526be701fe655db125852c1ffielding /* Fall back to the user's full name */
2d2eda71267231c2526be701fe655db125852c1ffielding opts->user_map[SDAP_AT_USER_FULLNAME].sys_name, &el);
2d2eda71267231c2526be701fe655db125852c1ffielding if (el->num_values > 0) gecos = (const char *)el->values[0].data;
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(1, ("no uid provided for [%s] in domain [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding /* check that the uid is valid for this domain */
2d2eda71267231c2526be701fe655db125852c1ffielding if (OUT_OF_ID_RANGE(uid, dom->id_min, dom->id_max)) {
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(2, ("User [%s] filtered out! (id out of range)\n",
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(1, ("no gid provided for [%s] in domain [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding /* check that the gid is valid for this domain */
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(2, ("User [%s] filtered out! (id out of range)\n",
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &el);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Original DN is not available for [%s].\n", name));
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Adding original DN [%s] to attributes of [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_DN,
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_get_el(attrs, SYSDB_MEMBEROF, &el);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Original memberOf is not available for [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Adding original memberOf attributes to [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_add_string(user_attrs, SYSDB_ORIG_MEMBEROF,
2d2eda71267231c2526be701fe655db125852c1ffielding opts->user_map[SDAP_AT_USER_MODSTAMP].sys_name, &el);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Original mod-Timestamp is not available for [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Original USN value is not available for [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding usn_value = talloc_strdup(memctx, (const char*)el->values[0].data);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("User principal is not available for [%s].\n", name));
2d2eda71267231c2526be701fe655db125852c1ffielding upn = talloc_strdup(user_attrs, (const char*) el->values[0].data);
2d2eda71267231c2526be701fe655db125852c1ffielding if (dp_opt_get_bool(opts->basic, SDAP_FORCE_UPPER_CASE_REALM)) {
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Adding user principal [%s] to attributes of [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_add_string(user_attrs, SYSDB_UPN, upn);
2d2eda71267231c2526be701fe655db125852c1ffielding for (i = SDAP_FIRST_EXTRA_USER_AT; i < SDAP_OPTS_USER; i++) {
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_get_el(attrs, opts->user_map[i].sys_name, &el);
2efb935ae8fe12d5192a3bf2c52c28461b6c68afdgaudet val = talloc_strdup(user_attrs, (const char*) el->values[c].data);
2d2eda71267231c2526be701fe655db125852c1ffielding cache_timeout = dp_opt_get_int(opts->basic, SDAP_ENTRY_CACHE_TIMEOUT);
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb ret = sysdb_attrs_add_time_t(user_attrs, SYSDB_INITGR_EXPIRE,
32644678e889a3253f71bde0b3d6daea6d9dc21awrowe /* Make sure that any attributes we requested from LDAP that we
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb * did not receive are also removed from the sysdb
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb ret = list_missing_attrs(user_attrs, opts->user_map, SDAP_OPTS_USER,
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb /* Remove missing attributes */
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb /* Nothing to remove */
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb/* ==Generic-Function-to-save-multiple-users============================= */
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb const char **attrs,
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb if (num_users == 0) {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb /* Nothing to do if there are no users */
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb for (i = 0; i < num_users; i++) {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb /* Do not fail completely on errors.
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb * Just report the failure to save and go on */
7463de0c603f07c9e1820e812d2f1a73661843e6rbb/* ==Search-Users-with-filter============================================= */
2d2eda71267231c2526be701fe655db125852c1ffielding const char **attrs;
2d2eda71267231c2526be701fe655db125852c1ffielding const char *filter;
2d2eda71267231c2526be701fe655db125852c1ffieldingstatic void sdap_get_users_process(struct tevent_req *subreq);
2d2eda71267231c2526be701fe655db125852c1ffieldingstruct tevent_req *sdap_get_users_send(TALLOC_CTX *memctx,
2d2eda71267231c2526be701fe655db125852c1ffielding const char **attrs,
2d2eda71267231c2526be701fe655db125852c1ffielding const char *filter,
2d2eda71267231c2526be701fe655db125852c1ffielding req = tevent_req_create(memctx, &state, struct sdap_get_users_state);
2d2eda71267231c2526be701fe655db125852c1ffielding subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
2d2eda71267231c2526be701fe655db125852c1ffielding tevent_req_set_callback(subreq, sdap_get_users_process, req);
2d2eda71267231c2526be701fe655db125852c1ffieldingstatic void sdap_get_users_process(struct tevent_req *subreq)
2d2eda71267231c2526be701fe655db125852c1ffielding struct tevent_req *req = tevent_req_callback_data(subreq,
2d2eda71267231c2526be701fe655db125852c1ffielding struct sdap_get_users_state *state = tevent_req_data(req,
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(6, ("Search for users, returned %d results.\n", state->count));
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(9, ("Saving %d Users - Done\n", state->count));
91f0d8da77152d24e4bbb31ce199282b3fd6e3b2coar struct sdap_get_users_state *state = tevent_req_data(req,
2d2eda71267231c2526be701fe655db125852c1ffielding/* ==Group-Parsing Routines=============================================== */
2d2eda71267231c2526be701fe655db125852c1ffieldingstatic int sdap_find_entry_by_origDN(TALLOC_CTX *memctx,
54e94821097724bf413d2d4cc70711760f7494e1trawick const char *orig_dn,
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sss_filter_sanitize(tmpctx, orig_dn, &sanitized_dn);
2d2eda71267231c2526be701fe655db125852c1ffielding filter = talloc_asprintf(tmpctx, "%s=%s", SYSDB_ORIG_DN, sanitized_dn);
2d2eda71267231c2526be701fe655db125852c1ffielding base_dn = sysdb_domain_dn(ctx, tmpctx, domain->name);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(9, ("Searching cache for [%s].\n", sanitized_dn));
952908500d5f99f35afc5ed510391b9bdc3833farbb *localdn = talloc_strdup(memctx, ldb_dn_get_linearized(msgs[0]->dn));
3887202241db08986e94b252fbd06a55e55d4b2dbhydestatic int sdap_fill_memberships(struct sysdb_attrs *group_attrs,
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sysdb_attrs_users_from_ldb_vals(group_attrs, SYSDB_MEMBER,
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_get_el(group_attrs, SYSDB_MEMBER, &el);
952908500d5f99f35afc5ed510391b9bdc3833farbb /* Just allocate both big enough to contain all members for now */
952908500d5f99f35afc5ed510391b9bdc3833farbb el->values = talloc_realloc(el, el->values, struct ldb_val,
2d2eda71267231c2526be701fe655db125852c1ffielding for (i = 0, j = el->num_values; i < num_values; i++) {
952908500d5f99f35afc5ed510391b9bdc3833farbb /* sync search entry with this as origDN */
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sdap_find_entry_by_origDN(el->values, ctx, domain,
952908500d5f99f35afc5ed510391b9bdc3833farbb el->values[j].length = strlen((char *)el->values[j].data);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(0, ("FATAL ERROR: Unhandled schema type! (%d)\n",
952908500d5f99f35afc5ed510391b9bdc3833farbb/* ==Save-Group-Entry===================================================== */
952908500d5f99f35afc5ed510391b9bdc3833farbb /* FIXME: support non legacy */
952908500d5f99f35afc5ed510391b9bdc3833farbb /* FIXME: support storing additional attributes */
952908500d5f99f35afc5ed510391b9bdc3833farbb const char *name,
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb /* make sure that non-posix (empty or explicit gid=0) groups have the
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb * gidNumber set to zero even if updating existing group */
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb ret = sysdb_attrs_add_uint32(group_attrs, SYSDB_GIDNUM, 0);
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(2, ("Could not set explicit GID 0 for %s\n", name));
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(1, ("Failed to save the group - entry has no name attribute\n"));
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sysdb_attrs_get_bool(attrs, SYSDB_POSIX, &posix_group);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(8, ("This is%s a posix group\n", (posix_group)?"":" not"));
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sysdb_attrs_add_bool(group_attrs, SYSDB_POSIX, posix_group);
2e123e8beedc9f921448c113e2d6823a92fd5261fielding DEBUG(1, ("no gid provided for [%s] in domain [%s].\n",
952908500d5f99f35afc5ed510391b9bdc3833farbb /* check that the gid is valid for this domain */
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(2, ("Group [%s] filtered out! (id out of range)\n",
2d2eda71267231c2526be701fe655db125852c1ffielding /* Group ID OK */
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Original DN is not available for [%s].\n", name));
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(7, ("Adding original DN [%s] to attributes of [%s].\n",
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sysdb_attrs_add_string(group_attrs, SYSDB_ORIG_DN,
2d2eda71267231c2526be701fe655db125852c1ffielding opts->group_map[SDAP_AT_GROUP_MODSTAMP].sys_name, &el);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(7, ("Original mod-Timestamp is not available for [%s].\n",
4b86db47932a21da10cd35317b3da737f2b073c4rbb DEBUG(7, ("Original USN value is not available for [%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding usn_value = talloc_strdup(tmpctx, (const char*)el->values[0].data);
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sysdb_attrs_get_el(attrs, opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el1);
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sysdb_attrs_get_el(group_attrs, SYSDB_MEMBER, &el);
91644a5f4d3e992dc208304b50e80bbb236fca89trawick } else if (store_members) {
91644a5f4d3e992dc208304b50e80bbb236fca89trawick opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el);
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(7, ("Adding member users to group [%s]\n", name));
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sdap_fill_memberships(group_attrs, ctx, opts, dom,
b791a95f25326cffa9265d1b7d4f6a2531fa0acarbb/* ==Save-Group-Memebrs=================================================== */
2d2eda71267231c2526be701fe655db125852c1ffielding /* FIXME: support non legacy */
2d2eda71267231c2526be701fe655db125852c1ffielding /* FIXME: support storing additional attributes */
952908500d5f99f35afc5ed510391b9bdc3833farbb const char *name;
2d2eda71267231c2526be701fe655db125852c1ffielding opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el);
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(7, ("Adding member users to group [%s]\n", name));
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sdap_fill_memberships(group_attrs, ctx, opts, dom,
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(6, ("Storing members for group %s\n", name));
169f62b04de69074b561b4e6dcf6f82572a5e367trawick/* ==Generic-Function-to-save-multiple-groups============================= */
3d96ee83babeec32482c9082c9426340cee8c44dwrowe saved_groups = talloc_array(tmpctx, struct sysdb_attrs *,
3d96ee83babeec32482c9082c9426340cee8c44dwrowe for (i = 0; i < num_groups; i++) {
3d96ee83babeec32482c9082c9426340cee8c44dwrowe /* if 2 pass savemembers = false */
3d96ee83babeec32482c9082c9426340cee8c44dwrowe /* Do not fail completely on errors.
3d96ee83babeec32482c9082c9426340cee8c44dwrowe * Just report the failure to save and go on */
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(2, ("Failed to store group %d. Ignoring.\n", i));
952908500d5f99f35afc5ed510391b9bdc3833farbb for (i = 0; i < nsaved_groups; i++) {
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sdap_save_grpmem(tmpctx, sysdb, opts, dom, saved_groups[i]);
952908500d5f99f35afc5ed510391b9bdc3833farbb /* Do not fail completely on errors.
952908500d5f99f35afc5ed510391b9bdc3833farbb * Just report the failure to save and go on */
952908500d5f99f35afc5ed510391b9bdc3833farbb/* ==Process-Groups======================================================= */
952908500d5f99f35afc5ed510391b9bdc3833farbb const char **attrs;
952908500d5f99f35afc5ed510391b9bdc3833farbb const char *filter;
952908500d5f99f35afc5ed510391b9bdc3833farbbstatic void sdap_process_group_members(struct tevent_req *subreq);
952908500d5f99f35afc5ed510391b9bdc3833farbbstatic int sdap_process_group_members_2307bis(struct tevent_req *req,
952908500d5f99f35afc5ed510391b9bdc3833farbbstatic int sdap_process_group_members_2307(struct sdap_process_group_state *state,
3d96ee83babeec32482c9082c9426340cee8c44dwrowestruct tevent_req *sdap_process_group_send(TALLOC_CTX *memctx,
952908500d5f99f35afc5ed510391b9bdc3833farbb const char **attrs;
3d96ee83babeec32482c9082c9426340cee8c44dwrowe ret = build_attrs_from_map(grp_state, opts->user_map, SDAP_OPTS_USER, &attrs);
952908500d5f99f35afc5ed510391b9bdc3833farbb /* FIXME: we ignore nested rfc2307bis groups for now */
952908500d5f99f35afc5ed510391b9bdc3833farbb /* Group without members */
952908500d5f99f35afc5ed510391b9bdc3833farbb grp_state->sysdb_dns = talloc(grp_state, struct ldb_message_element);
952908500d5f99f35afc5ed510391b9bdc3833farbb grp_state->sysdb_dns->values = talloc_array(grp_state, struct ldb_val,
2d2eda71267231c2526be701fe655db125852c1ffielding ret = sdap_process_group_members_2307(grp_state, el);
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sdap_process_group_members_2307bis(req, grp_state, el);
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(1, ("Unknown schema type %d\n", opts->schema_type));
952908500d5f99f35afc5ed510391b9bdc3833farbb /* We managed to process all the entries */
952908500d5f99f35afc5ed510391b9bdc3833farbb /* EBUSY means we need to wait for entries in LDAP */
3d96ee83babeec32482c9082c9426340cee8c44dwrowesdap_process_missing_member_2307bis(struct tevent_req *req,
952908500d5f99f35afc5ed510391b9bdc3833farbbsdap_process_group_members_2307bis(struct tevent_req *req,
952908500d5f99f35afc5ed510391b9bdc3833farbb ret = sdap_find_entry_by_origDN(state->sysdb_dns->values,
952908500d5f99f35afc5ed510391b9bdc3833farbb * User already cached in sysdb. Remember the sysdb DN for later
952908500d5f99f35afc5ed510391b9bdc3833farbb * use by sdap_save_groups()
952908500d5f99f35afc5ed510391b9bdc3833farbb state->sysdb_dns->values[state->sysdb_dns->num_values].data =
952908500d5f99f35afc5ed510391b9bdc3833farbb state->sysdb_dns->values[state->sysdb_dns->num_values].length =
952908500d5f99f35afc5ed510391b9bdc3833farbb /* The user is not in sysdb, need to add it
952908500d5f99f35afc5ed510391b9bdc3833farbb * We don't need to do this if we're in an enumeration,
952908500d5f99f35afc5ed510391b9bdc3833farbb * because all real members should all be populated
3d96ee83babeec32482c9082c9426340cee8c44dwrowe * already by the first pass of the enumeration.
952908500d5f99f35afc5ed510391b9bdc3833farbb * Also, we don't want to be holding the sysdb
952908500d5f99f35afc5ed510391b9bdc3833farbb * transaction while we're performing LDAP lookups.
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(1, ("Error processing missing member #%d (%s):\n",
952908500d5f99f35afc5ed510391b9bdc3833farbb DEBUG(1, ("Error checking cache for member #%d (%s):\n",
952908500d5f99f35afc5ed510391b9bdc3833farbb * All group members are already cached in sysdb, we are done
952908500d5f99f35afc5ed510391b9bdc3833farbb * with this group. To avoid redundant sysdb lookups, populate the
dad234382d8424e1c5a30af2838e172aec9d6d1bdreid * "member" attribute of the group entry with the sysdb DNs of
952908500d5f99f35afc5ed510391b9bdc3833farbb * the members.
952908500d5f99f35afc5ed510391b9bdc3833farbb memberel->values = talloc_steal(state->group, state->sysdb_dns->values);
59ae852bea7d507f61999f982ded8219d2c0ec15wrowesdap_process_missing_member_2307(struct sdap_process_group_state *state,
952908500d5f99f35afc5ed510391b9bdc3833farbbsdap_process_group_members_2307(struct sdap_process_group_state *state,
59ae852bea7d507f61999f982ded8219d2c0ec15wrowe bool in_transaction = false;
952908500d5f99f35afc5ed510391b9bdc3833farbb /* We need to skip over zero-length usernames */
58619148951981bcfa5c506ad8ce745aa8831980rbb * User already cached in sysdb. Remember the sysdb DN for later
58619148951981bcfa5c506ad8ce745aa8831980rbb * use by sdap_save_groups()
58619148951981bcfa5c506ad8ce745aa8831980rbb DEBUG(7,("Member already cached in sysdb: %s\n", strdn));
58619148951981bcfa5c506ad8ce745aa8831980rbb state->sysdb_dns->values[state->sysdb_dns->num_values].data =
58619148951981bcfa5c506ad8ce745aa8831980rbb state->sysdb_dns->values[state->sysdb_dns->num_values].length =
58619148951981bcfa5c506ad8ce745aa8831980rbb /* The user is not in sysdb, need to add it */
58619148951981bcfa5c506ad8ce745aa8831980rbb ret = sdap_process_missing_member_2307(state, member_name,
3d96ee83babeec32482c9082c9426340cee8c44dwrowe DEBUG(1, ("Error processing missing member #%d (%s):\n",
58619148951981bcfa5c506ad8ce745aa8831980rbb DEBUG(1, ("Error checking cache for member #%d (%s):\n",
58619148951981bcfa5c506ad8ce745aa8831980rbb /* sdap_process_missing_member_2307 starts transaction */
30c095035b1d5910cc239a1384c816aef228beb5jim memberel->values = talloc_steal(state->group, state->sysdb_dns->values);
bdadc326446cae4a51bf75811fbe01a3a362df64gstein /* If the transaction is still active here, we need to cancel it */
58619148951981bcfa5c506ad8ce745aa8831980rbbsdap_process_missing_member_2307bis(struct tevent_req *req,
06924437019f9871bc4ee49748511130548b7d35rbb * Issue at most GROUPMEMBER_REQ_PARALLEL LDAP searches at once.
2d2eda71267231c2526be701fe655db125852c1ffielding * The rest is sent while the results are being processed.
58619148951981bcfa5c506ad8ce745aa8831980rbb * We limit the number as of request here, as the Server might
58619148951981bcfa5c506ad8ce745aa8831980rbb * enforce limits on the number of pending operations per
58619148951981bcfa5c506ad8ce745aa8831980rbb * connection.
58619148951981bcfa5c506ad8ce745aa8831980rbb if (grp_state->check_count > GROUPMEMBER_REQ_PARALLEL) {
58619148951981bcfa5c506ad8ce745aa8831980rbb grp_state->queued_members = talloc_array(grp_state, char *,
58619148951981bcfa5c506ad8ce745aa8831980rbb grp_state->queued_members[grp_state->queue_len] = user_dn;
58619148951981bcfa5c506ad8ce745aa8831980rbb tevent_req_set_callback(subreq, sdap_process_group_members, req);
58619148951981bcfa5c506ad8ce745aa8831980rbbsdap_process_missing_member_2307(struct sdap_process_group_state *state,
58619148951981bcfa5c506ad8ce745aa8831980rbb ret = sysdb_add_fake_user(state->sysdb, state->dom, username, NULL);
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(1, ("Cannot store fake user entry: [%d]: %s\n",
58619148951981bcfa5c506ad8ce745aa8831980rbb * Convert the just received DN into the corresponding sysdb DN
58619148951981bcfa5c506ad8ce745aa8831980rbb * for saving into member attribute of the group
58619148951981bcfa5c506ad8ce745aa8831980rbb dn = sysdb_user_dn(state->sysdb, state, state->dom->name,
58619148951981bcfa5c506ad8ce745aa8831980rbb dn_string = ldb_dn_alloc_linearized(state->sysdb_dns->values, dn);
58619148951981bcfa5c506ad8ce745aa8831980rbb state->sysdb_dns->values[state->sysdb_dns->num_values].data =
3d96ee83babeec32482c9082c9426340cee8c44dwrowe state->sysdb_dns->values[state->sysdb_dns->num_values].length =
2d2eda71267231c2526be701fe655db125852c1ffielding DEBUG(0, ("Unable to cancel transaction! [%d][%s]\n",
58619148951981bcfa5c506ad8ce745aa8831980rbbstatic void sdap_process_group_members(struct tevent_req *subreq)
58619148951981bcfa5c506ad8ce745aa8831980rbb DEBUG(9, ("Members remaining: %d\n", state->check_count));
58619148951981bcfa5c506ad8ce745aa8831980rbb ret = sdap_get_generic_recv(subreq, state, &count, &usr_attrs);
30c095035b1d5910cc239a1384c816aef228beb5jim DEBUG(7, ("Expected one user entry and got %d\n", count));
30c095035b1d5910cc239a1384c816aef228beb5jim state->opts->user_map[SDAP_AT_USER_NAME].sys_name, &el);
3d96ee83babeec32482c9082c9426340cee8c44dwrowe * Convert the just received DN into the corresponding sysdb DN
58619148951981bcfa5c506ad8ce745aa8831980rbb * for later usage by sdap_save_groups()
58619148951981bcfa5c506ad8ce745aa8831980rbb dn = sysdb_user_dn(state->sysdb, state, state->dom->name,
2d2eda71267231c2526be701fe655db125852c1ffielding dn_string = ldb_dn_alloc_linearized(state->group, dn);
58619148951981bcfa5c506ad8ce745aa8831980rbb state->sysdb_dns->values[state->sysdb_dns->num_values].data =
c861a36fe9c9a78c4fcb97e29fc1099a5ea81173rbb state->sysdb_dns->values[state->sysdb_dns->num_values].length =
dad234382d8424e1c5a30af2838e172aec9d6d1bdreid DEBUG(7, ("Error reading group member. Skipping\n", ret));
2d2eda71267231c2526be701fe655db125852c1ffielding /* Are there more searches for uncached users to submit ? */
2d2eda71267231c2526be701fe655db125852c1ffielding if (state->queued_members && state->queued_members[state->queue_idx]) {
0186cb43574836fc95a0506456210c94cfc3ea6ftrawick ret = sdap_save_users(state, state->sysdb, state->attrs,
2d2eda71267231c2526be701fe655db125852c1ffielding * To avoid redundant sysdb lookups, populate the "member" attribute
2d2eda71267231c2526be701fe655db125852c1ffielding * of the group entry with the sysdb DNs of the members.
2d2eda71267231c2526be701fe655db125852c1ffielding state->opts->group_map[SDAP_AT_GROUP_MEMBER].sys_name, &el);
2d2eda71267231c2526be701fe655db125852c1ffielding el->values = talloc_steal(state->group, state->sysdb_dns->values);
3d96ee83babeec32482c9082c9426340cee8c44dwrowestatic int sdap_process_group_recv(struct tevent_req *req)
0e6e93183d91142d7cf9ffbf502114ff77bd9e19ben/* ==Search-Groups-with-filter============================================ */
5f7c351eb2a69d8cef6c3e98e27ce6158a0b1780rbb const char **attrs;
0e6e93183d91142d7cf9ffbf502114ff77bd9e19ben const char *filter;
0e6e93183d91142d7cf9ffbf502114ff77bd9e19benstatic void sdap_get_groups_process(struct tevent_req *subreq);
0e6e93183d91142d7cf9ffbf502114ff77bd9e19benstatic void sdap_get_groups_done(struct tevent_req *subreq);
66d349e02d1a5a599a01c977d2c5b0009181f7debenstruct tevent_req *sdap_get_groups_send(TALLOC_CTX *memctx,
0e6e93183d91142d7cf9ffbf502114ff77bd9e19ben const char **attrs,
0a09a4a642f7c0d367598394411dbdd4a6d8cd09fielding const char *filter,
timeout);
if (!subreq) {
return NULL;
return req;
int ret;
bool enumeration = false;
if (ret) {
if (!subreq) {
enumeration = true;
if (ret) {
if (!subreq) {
int ret;
if (ret) {
if (ret) {
struct sdap_get_groups_state);
if (usn_value) {
return EOK;
int num_users);
int hret;
unsigned long count;
struct tevent_req);
struct sdap_get_groups_state);
if (count) {
if (!users) {
for (i = 0; i < count; i++) {
if (!groups) {
for (i = 0; i < count; i++) {
int num_users)
const char *username;
char *clean_orig_dn;
const char *original_dn;
char *filter;
const char *sysdb_name;
if (num_users == 0) {
return EOK;
if (ret) {
goto done;
for (i = 0; i < num_users; i++) {
&username);
goto done;
goto done;
goto done;
if (!filter) {
goto done;
goto done;
if (!attrs) {
goto done;
if (ret) {
goto done;
done:
return ret;
char **groupnames,
int ldap_groups_count)
const char *name;
const char *original_dn;
char **missing;
int ret;
bool in_transaction = false;
bool posix;
if (!missing) {
goto fail;
mi = 0;
goto fail;
in_transaction = true;
for (i=0; groupnames[i]; i++) {
i, groupnames[i]));
mi++;
goto fail;
if (mi == 0) {
goto done;
for (i=0; missing[i]; i++) {
&name);
goto fail;
posix = true;
&gid);
gid = 0;
posix = false;
} else if (ret) {
goto fail;
&original_dn);
if (ret) {
goto fail;
goto fail;
done:
goto fail;
in_transaction = false;
fail:
if (in_transaction) {
return ret;
const char *name,
char **sysdb_grouplist,
int ldap_groups_count,
bool add_fake)
char **add_groups;
char **del_groups;
int ret;
if (ldap_groups_count == 0) {
goto done;
goto done;
type,
(const char *const *) add_groups,
(const char *const *) del_groups);
goto done;
done:
return ret;
/* ==Initgr-call-(groups-a-user-is-member-of)-RFC2307-Classic/BIS========= */
struct sdap_initgr_rfc2307_state {
const char *name;
const char *base_dn,
const char *name)
const char *filter;
const char **attrs;
char *clean_name;
return NULL;
return NULL;
return NULL;
if (!filter) {
return NULL;
if (!subreq) {
return NULL;
return req;
int ret;
if (ret) {
if (!sysdb_grouplist) {
&sysdb_grouplist[i]);
return EOK;
struct sdap_initgr_nested_state {
const char *username;
const char **grp_attrs;
char *filter;
char **group_dns;
int count;
int cur;
int groups_cur;
const char **grp_attrs)
return NULL;
return NULL;
return req;
return NULL;
return NULL;
return NULL;
if (!subreq) {
return NULL;
return req;
int ret;
if (ret) {
if (!subreq) {
int ngroups);
int i, mi;
const char *orig_dn;
const char *user_dn;
const char *member_filter;
const char *tmp_str;
int ndirect;
goto done;
if (!direct_groups) {
goto done;
ndirect = 0;
if (ret) {
goto done;
ndirect++;
if (!user_dn) {
goto done;
if (!member_filter) {
goto done;
if (!basedn) {
goto done;
if (!sysdb_grouplist) {
goto done;
for(i = 0; i < direct_sysdb_count; i++) {
if (!tmp_str) {
if (!sysdb_grouplist[i]) {
goto done;
direct_sysdb_count = 0;
goto done;
ndirect, true);
goto done;
goto done;
goto done;
goto done;
done:
int ngroups,
int *_ndirect);
int ngroups)
const char *member_filter;
const char *group_orig_dn;
const char *group_name;
const char *group_dn;
int ret;
int ndirect;
const char *tmp_str;
if (!basedn) {
goto done;
goto done;
&group_name);
goto done;
if (!group_dn) {
goto done;
if (!member_filter) {
goto done;
if (!sysdb_grouplist) {
goto done;
for(i = 0; i < direct_sysdb_count; i++) {
if (!tmp_str) {
if (!sysdb_grouplist[i]) {
goto done;
direct_sysdb_count = 0;
goto done;
&ndirect);
goto done;
goto done;
done:
return ret;
int ngroups,
int *_ndirect)
int i, mi;
int ret;
const char *orig_dn;
int ndirect;
if (!direct_groups) {
goto done;
ndirect = 0;
goto done;
for (i=0; i < ngroups; i++) {
if (ret) {
ndirect++;
done:
return ret;
return EOK;
struct sdap_get_initgr_state {
const char *name;
const char **grp_attrs;
const char **ldap_attrs;
const char *name,
const char **grp_attrs)
const char *base_dn;
char *filter;
int ret;
char *clean_name;
return NULL;
if (!filter) {
return NULL;
if (!base_dn) {
return NULL;
if (ret) {
return NULL;
if (!subreq) {
return NULL;
return req;
const char *base_dn,
const char *name,
const char *orig_dn);
struct tevent_req);
struct sdap_get_initgr_state);
int ret;
const char *orig_dn;
if (ret) {
if (ret) {
true, NULL);
if (ret) {
if (ret) {
case SDAP_SCHEMA_RFC2307:
if (!subreq) {
case SDAP_SCHEMA_RFC2307BIS:
&orig_dn);
if (!subreq) {
case SDAP_SCHEMA_IPA_V1:
case SDAP_SCHEMA_AD:
if (!subreq) {
struct tevent_req);
struct sdap_get_initgr_state);
int ret;
char *gid;
case SDAP_SCHEMA_RFC2307:
case SDAP_SCHEMA_RFC2307BIS:
case SDAP_SCHEMA_IPA_V1:
case SDAP_SCHEMA_AD:
if (ret) {
if (!subreq) {
return EOK;
struct sdap_deref_ctx {
const char *orig_dn;
char **expired_users;
char **expired_groups;
char **missing_dns;
int deref_threshold;
struct sdap_nested_group_ctx {
char *member_dn;
int hret;
const char *groupname;
if (!req) {
return NULL;
goto immediate;
&groupname);
goto immediate;
goto immediate;
goto immediate;
&gid);
goto immediate;
goto immediate;
} else if (ret) {
goto immediate;
goto immediate;
goto immediate;
return req;
return req;
char *member_dn,
switch(mtype) {
case SYSDB_MEMBER_GROUP:
missing++;
case SYSDB_MEMBER_USER:
missing++;
goto done;
missing++;
if (missing == 0) {
goto done;
return EAGAIN;
done:
return ret;
switch(mtype) {
case SYSDB_MEMBER_GROUP:
case SYSDB_MEMBER_USER:
goto error;
return EAGAIN;
goto error;
return EAGAIN;
return ret;
static errno_t
bool has_key = false;
return EOK;
return ENOMEM;
if (has_key) {
} while (has_key);
return ENOENT;
static errno_t
char *dn,
char *member_dn;
NULL };
char *filter;
goto fail;
if (!filter) {
goto fail;
goto fail;
goto fail;
if (!user_uid) {
goto done;
goto done;
goto fail;
goto fail;
goto done;
goto done;
done:
return ret;
fail:
return ret;
static errno_t
const char **sdap_attrs;
int ret;
int timeout;
if (!sdap_attrs) {
goto fail;
if (!subreq) {
goto fail;
return EOK;
fail:
return ret;
return EAGAIN;
return EAGAIN;
return EAGAIN;
done:
return ret;
const char **sdap_attrs;
char *filter;
if (!filter) {
return ENOMEM;
if (!subreq) {
return EIO;
return EOK;
const char **sdap_attrs;
char *filter;
return ret;
if (!filter) {
return ENOMEM;
if (!subreq) {
return EIO;
return EOK;
int hret;
if (!tmp_ctx) {
goto done;
goto skip;
goto done;
goto done;
skip:
done:
if (!tmp_ctx) {
goto done;
goto skip;
goto done;
if (!subreq) {
goto done;
skip:
done:
int hret;
if (!tmp_ctx) {
goto done;
goto done;
goto done;
goto done;
done:
static errno_t
static errno_t
int hret;
const char *orig_dn;
const char *tmp_name;
return ret;
&tmp_name);
} else if (ret) {
return EIO;
req);
return EAGAIN;
return EOK;
return EOK;
const char *base_dn,
const char *name,
const char *orig_dn)
const char *filter;
const char **attrs;
char *clean_orig_dn;
return NULL;
return NULL;
if (!filter) {
return NULL;
if (!subreq) {
return NULL;
return req;
int ret;
if (ret) {
if (!subreq) {
char *member_dn;
char *sanitized_dn;
char *filter;
const char **attrs;
char **ldap_grouplist;
char **sysdb_grouplist;
char **add_groups;
char **del_groups;
const char *tmp_str;
bool in_transaction = false;
if(!tmp_ctx) {
return ENOMEM;
goto error;
in_transaction = true;
if (!attrs) {
goto error;
if (!member_dn) {
goto error;
goto error;
if (!filter) {
goto error;
goto error;
reply_count = 0;
if (reply_count == 0) {
if (!sysdb_grouplist) {
goto error;
for (i = 0; i < reply_count; i++) {
NULL);
if (!tmp_str) {
if (!sysdb_grouplist[i]) {
goto error;
goto error;
goto error;
(const char *const *)add_groups,
(const char *const *)del_groups);
goto error;
goto error;
return EOK;
if (in_transaction) {
return ret;
struct sdap_rfc2307bis_nested_ctx {
struct sdap_rfc2307bis_nested_ctx);
if ((num_groups == 0) ||
return req;
return req;
const char *name;
char **groupnamelist;
bool in_transaction = false;
char *filter;
const char *orig_dn;
const char **attrs;
char *clean_orig_dn;
if (!tmp_ctx) {
goto error;
&name);
goto error;
goto error;
in_transaction = true;
if (!grouplist) {
goto error;
if (!groupnamelist) {
goto error;
if (!groupnamelist[0]) {
goto error;
groupnamelist[0]));
goto error;
goto error;
&orig_dn);
goto error;
goto error;
goto error;
if (!filter) {
goto error;
if (!subreq) {
goto error;
req);
return EOK;
if (in_transaction) {
return ret;
if (ret) {
if (!subreq) {
return EOK;
const char *name;
bool in_transaction = false;
char *member_dn;
char *sanitized_dn;
char *filter;
const char **attrs;
char **sysdb_grouplist;
char **ldap_grouplist;
char **add_groups;
char **del_groups;
const char *tmp_str;
if (!tmp_ctx) {
return ENOMEM;
goto error;
in_transaction = true;
&name);
goto error;
if (!attrs) {
goto error;
if (!member_dn) {
goto error;
goto error;
if (!filter) {
goto error;
goto error;
reply_count = 0;
if (reply_count == 0) {
if (!sysdb_grouplist) {
goto error;
for (i = 0; i < reply_count; i++) {
NULL);
if (!tmp_str) {
if (!sysdb_grouplist[i]) {
goto error;
goto error;
goto error;
(const char *const *)add_groups,
(const char *const *)del_groups);
goto error;
goto error;
in_transaction = false;
if (in_transaction) {
return ret;
return EOK;