summaryrefslogtreecommitdiff
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/db/sysdb.c1125
-rw-r--r--server/db/sysdb.h148
-rw-r--r--server/examples/config.ldif2
-rw-r--r--server/examples/db.ldif20
-rw-r--r--server/nss/nss_ldb.h45
-rw-r--r--server/nss/nsssrv.c5
-rw-r--r--server/nss/nsssrv.h4
-rw-r--r--server/nss/nsssrv_cmd.c84
-rw-r--r--server/nss/nsssrv_ldb.c762
-rw-r--r--server/nss/nsssrv_ldb.h83
-rw-r--r--server/providers/data_provider.c53
-rw-r--r--server/providers/data_provider_be.c5
-rw-r--r--server/providers/dp_backend.h12
-rw-r--r--server/providers/dp_backend_store.c405
-rw-r--r--server/providers/proxy.c11
-rw-r--r--server/server.mk9
16 files changed, 1344 insertions, 1429 deletions
diff --git a/server/db/sysdb.c b/server/db/sysdb.c
new file mode 100644
index 00000000..aedf7ef2
--- /dev/null
+++ b/server/db/sysdb.c
@@ -0,0 +1,1125 @@
+/*
+ SSSD
+
+ System Database
+
+ Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "util/util.h"
+#include "db/sysdb.h"
+#include "confdb/confdb.h"
+#include <time.h>
+
+struct sysdb_search_ctx {
+ struct sysdb_ctx *dbctx;
+ const char *base_dn;
+ sysdb_callback_t callback;
+ void *ptr;
+ struct ldb_result *res;
+};
+
+static int sysdb_error_to_errno(int lerr)
+{
+ /* fake it up for now, requires a mapping table */
+ return EIO;
+}
+
+static void request_error(struct sysdb_search_ctx *sctx, int ldb_error)
+{
+ sctx->callback(sctx->ptr, sysdb_error_to_errno(ldb_error), sctx->res);
+}
+
+static void request_done(struct sysdb_search_ctx *sctx)
+{
+ sctx->callback(sctx->ptr, EOK, sctx->res);
+}
+
+static int get_gen_callback(struct ldb_request *req,
+ struct ldb_reply *ares)
+{
+ struct sysdb_search_ctx *sctx;
+ struct ldb_result *res;
+ int n;
+
+ sctx = talloc_get_type(req->context, struct sysdb_search_ctx);
+ res = sctx->res;
+
+ if (!ares) {
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ if (ares->error != LDB_SUCCESS) {
+ request_error(sctx, ares->error);
+ return ares->error;
+ }
+
+ switch (ares->type) {
+ case LDB_REPLY_ENTRY:
+ res->msgs = talloc_realloc(res, res->msgs,
+ struct ldb_message *,
+ res->count + 2);
+ if (!res->msgs) {
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ res->msgs[res->count + 1] = NULL;
+
+ res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
+ res->count++;
+ break;
+
+ case LDB_REPLY_REFERRAL:
+ if (res->refs) {
+ for (n = 0; res->refs[n]; n++) /*noop*/ ;
+ } else {
+ n = 0;
+ }
+
+ res->refs = talloc_realloc(res, res->refs, char *, n + 2);
+ if (! res->refs) {
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ res->refs[n] = talloc_steal(res->refs, ares->referral);
+ res->refs[n + 1] = NULL;
+ break;
+
+ case LDB_REPLY_DONE:
+ res->controls = talloc_steal(res, ares->controls);
+
+ /* this is the last message, and means the request is done */
+ request_done(sctx);
+ return LDB_SUCCESS;
+ }
+
+ talloc_free(ares);
+ return LDB_SUCCESS;
+}
+
+static struct sysdb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx,
+ const char *base_dn,
+ struct sysdb_ctx *ctx,
+ sysdb_callback_t fn,
+ void *ptr)
+{
+ struct sysdb_search_ctx *sctx;
+
+ sctx = talloc(mem_ctx, struct sysdb_search_ctx);
+ if (!sctx) {
+ return NULL;
+ }
+ sctx->dbctx = ctx;
+ sctx->base_dn = base_dn;
+ sctx->callback = fn;
+ sctx->ptr = ptr;
+ sctx->res = talloc_zero(sctx, struct ldb_result);
+ if (!sctx->res) {
+ talloc_free(sctx);
+ return NULL;
+ }
+
+ return sctx;
+}
+
+/* users */
+
+static int pwd_search(struct sysdb_search_ctx *sctx,
+ struct sysdb_ctx *ctx,
+ const char *expression)
+{
+ static const char *attrs[] = SYSDB_PW_ATTRS;
+ struct ldb_request *req;
+ int ret;
+
+ ret = ldb_build_search_req(&req, ctx->ldb, sctx,
+ ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
+ LDB_SCOPE_SUBTREE,
+ expression, attrs, NULL,
+ sctx, get_gen_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ return sysdb_error_to_errno(ret);
+ }
+
+ ret = ldb_request(ctx->ldb, req);
+ if (ret != LDB_SUCCESS) {
+ return sysdb_error_to_errno(ret);
+ }
+
+ return EOK;
+}
+
+int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ const char *name,
+ sysdb_callback_t fn, void *ptr)
+{
+ struct sysdb_search_ctx *sctx;
+ const char *base_dn;
+ char *expression;
+
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_USER_BASE, domain);
+ } else {
+ base_dn = SYSDB_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
+ if (!sctx) {
+ return ENOMEM;
+ }
+
+ expression = talloc_asprintf(sctx, SYSDB_PWNAM_FILTER, name);
+ if (!expression) {
+ talloc_free(sctx);
+ return ENOMEM;
+ }
+
+ return pwd_search(sctx, ctx, expression);
+}
+
+int sysdb_getpwuid(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ uint64_t uid,
+ sysdb_callback_t fn, void *ptr)
+{
+ struct sysdb_search_ctx *sctx;
+ unsigned long int filter_uid = uid;
+ const char *base_dn;
+ char *expression;
+
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_USER_BASE, domain);
+ } else {
+ base_dn = SYSDB_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
+ if (!sctx) {
+ return ENOMEM;
+ }
+
+ expression = talloc_asprintf(sctx, SYSDB_PWUID_FILTER, filter_uid);
+ if (!expression) {
+ talloc_free(sctx);
+ return ENOMEM;
+ }
+
+ return pwd_search(sctx, ctx, expression);
+}
+
+int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ sysdb_callback_t fn, void *ptr)
+{
+ struct sysdb_search_ctx *sctx;
+
+ sctx = init_src_ctx(mem_ctx, SYSDB_BASE, ctx, fn, ptr);
+ if (!sctx) {
+ return ENOMEM;
+ }
+
+ return pwd_search(sctx, ctx, SYSDB_PWENT_FILTER);
+}
+
+/* groups */
+
+struct get_mem_ctx {
+ struct sysdb_search_ctx *ret_sctx;
+ struct ldb_message **grps;
+ int num_grps;
+};
+
+static void get_members(void *ptr, int status, struct ldb_result *res)
+{
+ struct sysdb_ctx *ctx;
+ struct sysdb_search_ctx *sctx;
+ struct get_mem_ctx *gmctx;
+ struct sysdb_search_ctx *mem_sctx;
+ struct ldb_request *req;
+ struct ldb_message *msg;
+ struct ldb_result *ret_res;
+ static const char *attrs[] = SYSDB_GRPW_ATTRS;
+ const char *expression;
+ int ret, i;
+
+ sctx = talloc_get_type(ptr, struct sysdb_search_ctx);
+ gmctx = talloc_get_type(sctx->ptr, struct get_mem_ctx);
+ ctx = sctx->dbctx;
+
+ if (status != LDB_SUCCESS) {
+ return request_error(gmctx->ret_sctx, status);
+ }
+
+ ret_res = gmctx->ret_sctx->res;
+
+ /* append previous search results to final (if any) */
+ if (res && res->count != 0) {
+ ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs,
+ struct ldb_message *,
+ ret_res->count + res->count + 1);
+ for(i = 0; i < res->count; i++) {
+ ret_res->msgs[ret_res->count] = talloc_steal(ret_res, res->msgs[i]);
+ ret_res->count++;
+ }
+ ret_res->msgs[ret_res->count] = NULL;
+ }
+
+ if (gmctx->grps[0] == NULL) {
+ return request_done(gmctx->ret_sctx);
+ }
+
+ mem_sctx = init_src_ctx(gmctx, SYSDB_BASE, ctx, get_members, sctx);
+ if (!mem_sctx) {
+ return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ /* fetch next group to search for members */
+ gmctx->num_grps--;
+ msg = gmctx->grps[gmctx->num_grps];
+ gmctx->grps[gmctx->num_grps] = NULL;
+
+ /* queue the group entry on the final result structure */
+ ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs,
+ struct ldb_message *,
+ ret_res->count + 2);
+ if (!ret_res->msgs) {
+ return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+ ret_res->msgs[ret_res->count + 1] = NULL;
+ ret_res->msgs[ret_res->count] = talloc_steal(ret_res->msgs, msg);
+ ret_res->count++;
+
+ /* search for this group members */
+ expression = talloc_asprintf(mem_sctx, SYSDB_GRNA2_FILTER,
+ ldb_dn_get_linearized(msg->dn));
+ if (!expression) {
+ return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ ret = ldb_build_search_req(&req, ctx->ldb, mem_sctx,
+ ldb_dn_new(mem_sctx, ctx->ldb, sctx->base_dn),
+ LDB_SCOPE_SUBTREE,
+ expression, attrs, NULL,
+ mem_sctx, get_gen_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ return request_error(gmctx->ret_sctx, ret);
+ }
+
+ ret = ldb_request(ctx->ldb, req);
+ if (ret != LDB_SUCCESS) {
+ return request_error(gmctx->ret_sctx, ret);
+ }
+}
+
+static int get_grp_callback(struct ldb_request *req,
+ struct ldb_reply *ares)
+{
+ struct sysdb_search_ctx *sctx;
+ struct sysdb_ctx *ctx;
+ struct ldb_result *res;
+ int n;
+
+ sctx = talloc_get_type(req->context, struct sysdb_search_ctx);
+ ctx = sctx->dbctx;
+ res = sctx->res;
+
+ if (!ares) {
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ if (ares->error != LDB_SUCCESS) {
+ request_error(sctx, ares->error);
+ return ares->error;
+ }
+
+ switch (ares->type) {
+ case LDB_REPLY_ENTRY:
+ res->msgs = talloc_realloc(res, res->msgs,
+ struct ldb_message *,
+ res->count + 2);
+ if (!res->msgs) {
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ res->msgs[res->count + 1] = NULL;
+
+ res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
+ res->count++;
+ break;
+
+ case LDB_REPLY_REFERRAL:
+ if (res->refs) {
+ for (n = 0; res->refs[n]; n++) /*noop*/ ;
+ } else {
+ n = 0;
+ }
+
+ res->refs = talloc_realloc(res, res->refs, char *, n + 2);
+ if (! res->refs) {
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ res->refs[n] = talloc_steal(res->refs, ares->referral);
+ res->refs[n + 1] = NULL;
+ break;
+
+ case LDB_REPLY_DONE:
+ res->controls = talloc_steal(res, ares->controls);
+
+ /* no results, return */
+ if (res->count == 0) {
+ request_done(sctx);
+ return LDB_SUCCESS;
+ }
+ if (res->count > 0) {
+ struct get_mem_ctx *gmctx;
+
+ gmctx = talloc_zero(req, struct get_mem_ctx);
+ if (!gmctx) {
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ gmctx->ret_sctx = sctx;
+ gmctx->grps = talloc_steal(gmctx, res->msgs);
+ gmctx->num_grps = res->count;
+ res->msgs = NULL;
+ res->count = 0;
+
+ /* re-use sctx to create a fake handler for the first call to
+ * get_members() */
+ sctx = init_src_ctx(gmctx, SYSDB_BASE, ctx, get_members, gmctx);
+
+ get_members(sctx, LDB_SUCCESS, NULL);
+ return LDB_SUCCESS;
+ }
+
+ /* anything else is an error */
+ request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ talloc_free(ares);
+ return LDB_SUCCESS;
+}
+
+static int grp_search(struct sysdb_search_ctx *sctx,
+ struct sysdb_ctx *ctx,
+ const char *expression)
+{
+ static const char *attrs[] = SYSDB_GRNAM_ATTRS;
+ struct ldb_request *req;
+ int ret;
+
+ ret = ldb_build_search_req(&req, ctx->ldb, sctx,
+ ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
+ LDB_SCOPE_SUBTREE,
+ expression, attrs, NULL,
+ sctx, get_grp_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ return sysdb_error_to_errno(ret);
+ }
+
+ ret = ldb_request(ctx->ldb, req);
+ if (ret != LDB_SUCCESS) {
+ return sysdb_error_to_errno(ret);
+ }
+
+ return EOK;
+}
+
+int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ const char *name,
+ sysdb_callback_t fn, void *ptr)
+{
+ struct sysdb_search_ctx *sctx;
+ const char *base_dn;
+ char *expression;
+
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_GROUP_BASE, domain);
+ } else {
+ base_dn = SYSDB_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
+ if (!sctx) {
+ return ENOMEM;
+ }
+
+ expression = talloc_asprintf(sctx, SYSDB_GRNAM_FILTER, name);
+ if (!expression) {
+ talloc_free(sctx);
+ return ENOMEM;
+ }
+
+ return grp_search(sctx, ctx, expression);
+}
+
+int sysdb_getgrgid(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ uint64_t gid,
+ sysdb_callback_t fn, void *ptr)
+{
+ struct sysdb_search_ctx *sctx;
+ unsigned long int filter_gid = gid;
+ const char *base_dn;
+ char *expression;
+
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_GROUP_BASE, domain);
+ } else {
+ base_dn = SYSDB_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
+ if (!sctx) {
+ return ENOMEM;
+ }
+
+ expression = talloc_asprintf(sctx, SYSDB_GRGID_FILTER, filter_gid);
+ if (!expression) {
+ talloc_free(sctx);
+ return ENOMEM;
+ }
+
+ return grp_search(sctx, ctx, expression);
+}
+
+int sysdb_enumgrent(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ sysdb_callback_t fn, void *ptr)
+{
+ struct sysdb_search_ctx *sctx;
+
+ sctx = init_src_ctx(mem_ctx, SYSDB_BASE, ctx, fn, ptr);
+ if (!sctx) {
+ return ENOMEM;
+ }
+
+ return grp_search(sctx, ctx, SYSDB_GRENT_FILTER);
+}
+
+static void sysdb_initgr_search(void *ptr, int status,
+ struct ldb_result *res)
+{
+ struct sysdb_ctx *ctx;
+ struct sysdb_search_ctx *sctx;
+ char *expression;
+ struct ldb_request *req;
+ struct ldb_control **ctrl;
+ struct ldb_asq_control *control;
+ static const char *attrs[] = SYSDB_INITGR_ATTRS;
+ int ret;
+
+ sctx = talloc_get_type(ptr, struct sysdb_search_ctx);
+ ctx = sctx->dbctx;
+
+ if (res->count == 0) {
+ return request_done(sctx);
+ }
+ if (res->count > 1) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ expression = talloc_asprintf(sctx, SYSDB_INITGR_FILTER);
+ if (!expression) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ ctrl = talloc_array(sctx, struct ldb_control *, 2);
+ if (!ctrl) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+ ctrl[1] = NULL;
+ ctrl[0] = talloc(ctrl, struct ldb_control);
+ if (!ctrl[0]) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+ ctrl[0]->oid = LDB_CONTROL_ASQ_OID;
+ ctrl[0]->critical = 1;
+ control = talloc(ctrl[0], struct ldb_asq_control);
+ if (!control) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+ control->request = 1;
+ control->source_attribute = talloc_strdup(control, SYSDB_INITGR_ATTR);
+ if (!control->source_attribute) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+ control->src_attr_len = strlen(control->source_attribute);
+ ctrl[0]->data = control;
+
+ ret = ldb_build_search_req(&req, ctx->ldb, sctx,
+ res->msgs[0]->dn,
+ LDB_SCOPE_BASE,
+ expression, attrs, ctrl,
+ sctx, get_gen_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ return request_error(sctx, ret);
+ }
+
+ ret = ldb_request(ctx->ldb, req);
+ if (ret != LDB_SUCCESS) {
+ return request_error(sctx, ret);
+ }
+}
+
+int sysdb_initgroups(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ const char *name,
+ sysdb_callback_t fn, void *ptr)
+{
+ static const char *attrs[] = SYSDB_PW_ATTRS;
+ struct sysdb_search_ctx *ret_sctx;
+ struct sysdb_search_ctx *sctx;
+ const char *base_dn;
+ char *expression;
+ struct ldb_request *req;
+ int ret;
+
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_USER_BASE, domain);
+ } else {
+ base_dn = SYSDB_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ ret_sctx = init_src_ctx(mem_ctx, SYSDB_BASE, ctx, fn, ptr);
+ if (!ret_sctx) {
+ return ENOMEM;
+ }
+ sctx = init_src_ctx(ret_sctx, base_dn, ctx, sysdb_initgr_search, ret_sctx);
+ if (!sctx) {
+ talloc_free(sctx);
+ return ENOMEM;
+ }
+
+ expression = talloc_asprintf(sctx, SYSDB_PWNAM_FILTER, name);
+ if (!expression) {
+ talloc_free(sctx);
+ return ENOMEM;
+ }
+
+ ret = ldb_build_search_req(&req, ctx->ldb, sctx,
+ ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
+ LDB_SCOPE_SUBTREE,
+ expression, attrs, NULL,
+ sctx, get_gen_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ return sysdb_error_to_errno(ret);
+ }
+
+ ret = ldb_request(ctx->ldb, req);
+ if (ret != LDB_SUCCESS) {
+ return sysdb_error_to_errno(ret);
+ }
+
+ return LDB_SUCCESS;
+}
+
+static int sysdb_read_var(TALLOC_CTX *tmp_ctx,
+ struct confdb_ctx *cdb,
+ struct sysdb_ctx *ctx,
+ const char *name,
+ const char *def_value,
+ const char **target)
+{
+ int ret;
+ char *t;
+ char **values;
+
+ ret = confdb_get_param(cdb, tmp_ctx,
+ SYSDB_CONF_SECTION,
+ name, &values);
+ if (ret != EOK)
+ return ret;
+
+ if (values[0])
+ t = talloc_steal(ctx, values[0]);
+ else
+ t = talloc_strdup(ctx, def_value);
+
+ *target = t;
+ return EOK;
+}
+
+static int sysdb_read_conf(TALLOC_CTX *mem_ctx,
+ struct confdb_ctx *cdb,
+ struct sysdb_ctx **dbctx)
+{
+ struct sysdb_ctx *ctx;
+ TALLOC_CTX *tmp_ctx;
+ char *default_ldb_path;
+ int ret;
+
+ tmp_ctx = talloc_new(mem_ctx);
+ if (!tmp_ctx)
+ return ENOMEM;
+
+ ctx = talloc(mem_ctx, struct sysdb_ctx);
+ if (!ctx) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ default_ldb_path = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, SYSDB_FILE);
+ if (default_ldb_path == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ sysdb_read_var(tmp_ctx, cdb, ctx, "ldbFile",
+ default_ldb_path, &ctx->ldb_file);
+ DEBUG(3, ("NSS LDB Cache Path: %s\n", ctx->ldb_file));
+
+ *dbctx = ctx;
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+int sysdb_store_account_posix(TALLOC_CTX *memctx,
+ struct sysdb_ctx *sysdb,
+ const char *domain,
+ char *name, char *pwd,
+ uint64_t uid, uint64_t gid,
+ char *gecos, char *homedir, char *shell)
+{
+ TALLOC_CTX *tmp_ctx;
+ const char *attrs[] = { SYSDB_PW_NAME, NULL };
+ struct ldb_dn *account_dn;
+ struct ldb_message *msg;
+ struct ldb_request *req;
+ struct ldb_result *res;
+ int lret, ret;
+ int flags;
+
+ tmp_ctx = talloc_new(memctx);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ account_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
+ "uid=%s,"SYSDB_TMPL_USER_BASE,
+ name, domain);
+ if (!account_dn) {
+ talloc_free(tmp_ctx);
+ return ENOMEM;
+ }
+
+ lret = ldb_transaction_start(sysdb->ldb);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret));
+ ret = EIO;
+ goto done;
+ }
+
+ lret = ldb_search(sysdb->ldb, tmp_ctx, &res, account_dn,
+ LDB_SCOPE_BASE, attrs, SYSDB_PWENT_FILTER);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n",
+ ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb)));
+ ret = EIO;
+ goto done;
+ }
+
+ req = NULL;
+
+ msg = ldb_msg_new(tmp_ctx);
+ if (!msg) {
+ ret = ENOMEM;
+ goto done;
+ }
+ msg->dn = account_dn;
+
+ switch (res->count) {
+ case 0:
+ flags = LDB_FLAG_MOD_ADD;
+ break;
+ case 1:
+ flags = LDB_FLAG_MOD_REPLACE;
+ break;
+ default:
+ DEBUG(0, ("Cache DB corrupted, base search returned %d results\n",
+ res->count));
+ ret = EIO;
+ goto done;
+ }
+
+ talloc_free(res);
+ res = NULL;
+
+ if (flags == LDB_FLAG_MOD_ADD) {
+ /* TODO: retrieve user objectclass list from configuration */
+ lret = ldb_msg_add_empty(msg, "objectClass", flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_string(msg, "objectClass", "user");
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+
+ /* TODO: retrieve user name attribute from configuration */
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_NAME, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_string(msg, SYSDB_PW_NAME, name);
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+ }
+
+ /* TODO: retrieve attribute name mappings from configuration */
+
+ /* pwd */
+ if (pwd && *pwd) {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_PWD, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_string(msg, SYSDB_PW_PWD, pwd);
+ }
+ } else {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_PWD,
+ LDB_FLAG_MOD_DELETE, NULL);
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+
+ /* uid */
+ if (uid) {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_UIDNUM, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_fmt(msg, SYSDB_PW_UIDNUM,
+ "%lu", (unsigned long)uid);
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+ } else {
+ DEBUG(0, ("Cached users can't have UID == 0\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
+ /* gid */
+ if (gid) {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_GIDNUM, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_fmt(msg, SYSDB_PW_GIDNUM,
+ "%lu", (unsigned long)gid);
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+ } else {
+ DEBUG(0, ("Cached users can't have GID == 0\n"));
+ ret = EINVAL;
+ goto done;
+ }
+
+ /* gecos */
+ if (gecos && *gecos) {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_FULLNAME, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_string(msg, SYSDB_PW_FULLNAME, gecos);
+ }
+ } else {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_FULLNAME,
+ LDB_FLAG_MOD_DELETE, NULL);
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+
+ /* homedir */
+ if (homedir && *homedir) {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_HOMEDIR, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_string(msg, SYSDB_PW_HOMEDIR, homedir);
+ }
+ } else {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_HOMEDIR,
+ LDB_FLAG_MOD_DELETE, NULL);
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+
+ /* shell */
+ if (shell && *shell) {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_SHELL, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_string(msg, SYSDB_PW_SHELL, shell);
+ }
+ } else {
+ lret = ldb_msg_add_empty(msg, SYSDB_PW_SHELL,
+ LDB_FLAG_MOD_DELETE, NULL);
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+
+ /* modification time */
+ lret = ldb_msg_add_empty(msg, SYSDB_LAST_UPDATE, flags, NULL);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_msg_add_fmt(msg, SYSDB_LAST_UPDATE,
+ "%ld", (long int)time(NULL));
+ }
+ if (lret != LDB_SUCCESS) {
+ ret = errno;
+ goto done;
+ }
+
+ if (flags == LDB_FLAG_MOD_ADD) {
+ lret = ldb_build_add_req(&req, sysdb->ldb, tmp_ctx, msg, NULL,
+ NULL, ldb_op_default_callback, NULL);
+ } else {
+ lret = ldb_build_mod_req(&req, sysdb->ldb, tmp_ctx, msg, NULL,
+ NULL, ldb_op_default_callback, NULL);
+ }
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_request(sysdb->ldb, req);
+ if (lret == LDB_SUCCESS) {
+ lret = ldb_wait(req->handle, LDB_WAIT_ALL);
+ }
+ }
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed to make modify request: %s(%d)[%s]\n",
+ ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb)));
+ ret = EIO;
+ goto done;
+ }
+
+ lret = ldb_transaction_commit(sysdb->ldb);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret));
+ ret = EIO;
+ goto done;
+ }
+
+ ret = EOK;
+
+done:
+ if (ret != EOK) {
+ lret = ldb_transaction_cancel(sysdb->ldb);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret));
+ }
+ }
+
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+int sysdb_remove_account_posix(TALLOC_CTX *memctx,
+ struct sysdb_ctx *sysdb,
+ const char *domain, const char *name)
+{
+ TALLOC_CTX *tmp_ctx;
+ struct ldb_dn *account_dn;
+ int ret;
+
+ tmp_ctx = talloc_new(memctx);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ account_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
+ "uid=%s,"SYSDB_TMPL_USER_BASE,
+ name, domain);
+ if (!account_dn) {
+ talloc_free(tmp_ctx);
+ return ENOMEM;
+ }
+
+ ret = ldb_delete(sysdb->ldb, account_dn);
+
+ if (ret != LDB_SUCCESS) {
+ DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n",
+ ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)));
+ ret = EIO;
+ }
+
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+int sysdb_remove_account_posix_by_uid(TALLOC_CTX *memctx,
+ struct sysdb_ctx *sysdb,
+ const char *domain, uid_t uid)
+{
+ TALLOC_CTX *tmp_ctx;
+ const char *attrs[] = { SYSDB_PW_NAME, SYSDB_PW_UIDNUM, NULL };
+ struct ldb_dn *base_dn;
+ struct ldb_dn *account_dn;
+ struct ldb_result *res;
+ int lret, ret;
+
+ tmp_ctx = talloc_new(memctx);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
+ SYSDB_TMPL_USER_BASE, domain);
+ if (!base_dn) {
+ talloc_free(tmp_ctx);
+ return ENOMEM;
+ }
+
+ lret = ldb_transaction_start(sysdb->ldb);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret));
+ ret = EIO;
+ goto done;
+ }
+
+ lret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn,
+ LDB_SCOPE_BASE, attrs,
+ SYSDB_PWUID_FILTER,
+ (unsigned long)uid);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n",
+ ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb)));
+ ret = EIO;
+ goto done;
+ }
+
+ if (res->count == 0) {
+ ret = EOK;
+ goto done;
+ }
+ if (res->count > 1) {
+ DEBUG(0, ("Cache DB corrupted, base search returned %d results\n",
+ res->count));
+ ret = EOK;
+ goto done;
+ }
+
+ account_dn = ldb_dn_copy(tmp_ctx, res->msgs[0]->dn);
+ if (!account_dn) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ talloc_free(res);
+ res = NULL;
+
+ ret = ldb_delete(sysdb->ldb, account_dn);
+
+ if (ret != LDB_SUCCESS) {
+ DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n",
+ ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb)));
+ ret = EIO;
+ goto done;
+ }
+
+ lret = ldb_transaction_commit(sysdb->ldb);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed ldb transaction commit !! (%d)\n", lret));
+ ret = EIO;
+ goto done;
+ }
+
+ ret = EOK;
+
+done:
+ if (ret != EOK) {
+ lret = ldb_transaction_cancel(sysdb->ldb);
+ if (lret != LDB_SUCCESS) {
+ DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret));
+ }
+ }
+
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+int sysdb_init(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct confdb_ctx *cdb,
+ struct sysdb_ctx **dbctx)
+{
+ struct sysdb_ctx *ctx;
+ int ret;
+
+ ret = sysdb_read_conf(mem_ctx, cdb, &ctx);
+ if (ret != EOK)
+ return ret;
+
+ ctx->ldb = ldb_init(mem_ctx, ev);
+ if (!ctx->ldb) {
+ talloc_free(ctx);
+ return EIO;
+ }
+
+ ret = ldb_connect(ctx->ldb, ctx->ldb_file, 0, NULL);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(ctx);
+ return EIO;
+ }
+
+ *dbctx = ctx;
+
+ return EOK;
+}
diff --git a/server/db/sysdb.h b/server/db/sysdb.h
new file mode 100644
index 00000000..5b787596
--- /dev/null
+++ b/server/db/sysdb.h
@@ -0,0 +1,148 @@
+/*
+ SSSD
+
+ System Databse Header
+
+ Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __SYS_DB_H__
+#define __SYS_DB_H__
+
+#include "ldb.h"
+#include "ldb_errors.h"
+
+#define SYSDB_CONF_SECTION "config/sysdb"
+#define SYSDB_FILE "sssd.ldb"
+
+#define SYSDB_BASE "cn=sysdb"
+#define SYSDB_TMPL_USER_BASE "cn=users,cn=%s,"SYSDB_BASE
+#define SYSDB_TMPL_GROUP_BASE "cn=groups,cn=%s,"SYSDB_BASE
+
+#define SYSDB_PWNAM_FILTER "(&(objectclass=user)(uid=%s))"
+#define SYSDB_PWUID_FILTER "(&(objectclass=user)(uidNumber=%lu))"
+#define SYSDB_PWENT_FILTER "(objectclass=user)"
+
+#define SYSDB_GRNAM_FILTER "(&(objectclass=group)(cn=%s))"
+#define SYSDB_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))"
+#define SYSDB_GRGID_FILTER "(&(objectclass=group)(gidNumber=%lu))"
+#define SYSDB_GRENT_FILTER "(objectclass=group)"
+
+#define SYSDB_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))"
+
+#define SYSDB_PW_NAME "uid"
+#define SYSDB_PW_PWD "userPassword"
+#define SYSDB_PW_UIDNUM "uidNumber"
+#define SYSDB_PW_GIDNUM "gidNumber"
+#define SYSDB_PW_FULLNAME "fullName"
+#define SYSDB_PW_HOMEDIR "homeDirectory"
+#define SYSDB_PW_SHELL "loginShell"
+
+#define SYSDB_GR_NAME "cn"
+#define SYSDB_GR_GIDNUM "gidNumber"
+#define SYSDB_GR_MEMBER "member"
+
+#define SYSDB_LAST_UPDATE "lastUpdate"
+
+#define SYSDB_PW_ATTRS {SYSDB_PW_NAME, SYSDB_PW_UIDNUM, \
+ SYSDB_PW_GIDNUM, SYSDB_PW_FULLNAME, \
+ SYSDB_PW_HOMEDIR, SYSDB_PW_SHELL, \
+ SYSDB_LAST_UPDATE, \
+ NULL}
+#define SYSDB_GRNAM_ATTRS {SYSDB_GR_NAME, SYSDB_GR_GIDNUM, \
+ SYSDB_LAST_UPDATE, \
+ NULL}
+#define SYSDB_GRPW_ATTRS {SYSDB_PW_NAME, SYSDB_LAST_UPDATE, \
+ NULL}
+
+#define SYSDB_INITGR_ATTR "memberof"
+#define SYSDB_INITGR_ATTRS {SYSDB_GR_GIDNUM, SYSDB_LAST_UPDATE, \
+ NULL}
+
+struct sysdb_ctx {
+ struct ldb_context *ldb;
+ const char *ldb_file;
+};
+
+struct confdb_ctx;
+
+typedef void (*sysdb_callback_t)(void *, int, struct ldb_result *);
+
+int sysdb_init(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct confdb_ctx *cdb,
+ struct sysdb_ctx **nlctx);
+
+int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ const char *name,
+ sysdb_callback_t fn, void *ptr);
+
+int sysdb_getpwuid(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ uint64_t uid,
+ sysdb_callback_t fn, void *ptr);
+
+int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ sysdb_callback_t fn, void *ptr);
+
+int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ const char *name,
+ sysdb_callback_t fn, void *ptr);
+
+int sysdb_getgrgid(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ uint64_t gid,
+ sysdb_callback_t fn, void *ptr);
+
+int sysdb_enumgrent(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ sysdb_callback_t fn, void *ptr);
+
+int sysdb_initgroups(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct sysdb_ctx *ctx,
+ const char *domain,
+ const char *name,
+ sysdb_callback_t fn, void *ptr);
+
+int sysdb_store_account_posix(TALLOC_CTX *memctx,
+ struct sysdb_ctx *sysdb,
+ const char *domain,
+ char *name, char *pwd,
+ uint64_t uid, uint64_t gid,
+ char *gecos, char *homedir, char *shell);
+
+int sysdb_remove_account_posix(TALLOC_CTX *memctx,
+ struct sysdb_ctx *sysdb,
+ const char *domain, const char *name);
+
+int sysdb_remove_account_posix_by_uid(TALLOC_CTX *memctx,
+ struct sysdb_ctx *sysdb,
+ const char *domain, uid_t uid);
+#endif /* __SYS_DB_H__ */
diff --git a/server/examples/config.ldif b/server/examples/config.ldif
index a0deb389..e5f8b873 100644
--- a/server/examples/config.ldif
+++ b/server/examples/config.ldif
@@ -50,7 +50,7 @@ dn: cn=TEST,cn=domains,cn=config
cn: TEST
description: TEST Ldap domain
provider: proxy
-basedn: cn=TEST,dc=sssd
+basedn: cn=TEST,sn=sysdb
command: ./sbin/sssd_be -d 2 --provider proxy --domain TEST
libName: ldap
libPath: /usr/lib64/libnss_ldap.so.2
diff --git a/server/examples/db.ldif b/server/examples/db.ldif
index 4a9bf5e0..af1805c9 100644
--- a/server/examples/db.ldif
+++ b/server/examples/db.ldif
@@ -1,37 +1,37 @@
dn: @MODULES
@LIST: asq
-dn: dc=sssd
-dc: sssd
+dn: cn=sysdb
+cn: sysdb
description: base object
-dn: cn=local,dc=sssd
+dn: cn=local,cn=sysdb
cn: local
description: Local system data
-dn: cn=groups,cn=local,dc=sssd
+dn: cn=groups,cn=local,cn=sysdb
cn: groups
description: Local POSIX groups
-dn: cn=foousers,cn=groups,cn=local,dc=sssd
+dn: cn=foousers,cn=groups,cn=local,cn=sysdb
cn: foousers
description: Local user accounts
-member: uid=foobar,cn=users,cn=local,dc=sssd
+member: uid=foobar,cn=users,cn=local,cn=sysdb
objectclass: group
gidNumber: 10101
-dn: cn=users,cn=local,dc=sssd
+dn: cn=users,cn=local,cn=sysdb
cn: users
description: Local POSIX users
-dn: uid=foobar,cn=users,cn=local,dc=sssd
+dn: uid=foobar,cn=users,cn=local,cn=sysdb
uid: foobar
objectClass: user
description: User Foo Bar
uidNumber: 10101
gidNumber: 10101
legacy: false
-primaryGroup: cn=foousers,cn=groups,cn=local,dc=sssd
+primaryGroup: cn=foousers,cn=groups,cn=local,cn=sysdb
userPassword: !@#$%#@#@!FOOBAR
homeDirectory: /home/foobar
fullName: Foo Bar
@@ -46,5 +46,5 @@ passwordHint: Favorite pasta sauce
passwordHistory: foo,bar,baz
preferredLanguage: IT
preferredSession: GNOME
-memberOf: cn=foousers,cn=groups,cn=local,dc=sssd
+memberOf: cn=foousers,cn=groups,cn=local,cn=sysdb
diff --git a/server/nss/nss_ldb.h b/server/nss/nss_ldb.h
deleted file mode 100644
index 8f5b1124..00000000
--- a/server/nss/nss_ldb.h
+++ /dev/null
@@ -1,45 +0,0 @@
-/* nss_ldb private header file */
-
-#define NSS_LDB_CONF_SECTION "config/services/nss"
-
-#define NSS_DEF_LDB_FILE "sssd.ldb"
-
-#define NSS_DEF_BASE "dc=sssd"
-#define NSS_TMPL_USER_BASE "cn=users,cn=%s,dc=sssd"
-#define NSS_TMPL_GROUP_BASE "cn=groups,cn=%s,dc=sssd"
-
-#define NSS_PWNAM_FILTER "(&(objectclass=user)(uid=%s))"
-#define NSS_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))"
-#define NSS_PWENT_FILTER "(objectclass=user)"
-
-#define NSS_GRNAM_FILTER "(&(objectclass=group)(cn=%s))"
-#define NSS_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))"
-#define NSS_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))"
-#define NSS_GRENT_FILTER "(objectclass=group)"
-
-#define NSS_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))"
-
-#define NSS_PW_NAME "uid"
-#define NSS_PW_PWD "userPassword"
-#define NSS_PW_UIDNUM "uidNumber"
-#define NSS_PW_GIDNUM "gidNumber"
-#define NSS_PW_FULLNAME "fullName"
-#define NSS_PW_HOMEDIR "homeDirectory"
-#define NSS_PW_SHELL "loginShell"
-
-#define NSS_GR_NAME "cn"
-#define NSS_GR_GIDNUM "gidNumber"
-#define NSS_GR_MEMBER "member"
-
-#define NSS_LAST_UPDATE "lastUpdate"
-
-#define NSS_PW_ATTRS {NSS_PW_NAME, NSS_PW_UIDNUM, \
- NSS_PW_GIDNUM, NSS_PW_FULLNAME, \
- NSS_PW_HOMEDIR, NSS_PW_SHELL, \
- NSS_LAST_UPDATE, NULL}
-#define NSS_GRNAM_ATTRS {NSS_GR_NAME, NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL}
-#define NSS_GRPW_ATTRS {NSS_PW_NAME, NSS_LAST_UPDATE, NULL}
-
-#define NSS_INITGR_ATTR "memberof"
-#define NSS_INITGR_ATTRS {NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL}
-
diff --git a/server/nss/nsssrv.c b/server/nss/nsssrv.c
index c787637a..4180a460 100644
--- a/server/nss/nsssrv.c
+++ b/server/nss/nsssrv.c
@@ -30,10 +30,9 @@
#include <sys/time.h>
#include <errno.h>
#include "popt.h"
-#include "ldb.h"
#include "util/util.h"
#include "nss/nsssrv.h"
-#include "nss/nsssrv_ldb.h"
+#include "db/sysdb.h"
#include "confdb/confdb.h"
#include "dbus/dbus.h"
#include "sbus/sssd_dbus.h"
@@ -426,7 +425,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx,
return ret;
}
- ret = nss_ldb_init(nctx, ev, cdb, &nctx->lctx);
+ ret = sysdb_init(nctx, ev, cdb, &nctx->sysdb);
if (ret != EOK) {
DEBUG(0, ("fatal error initializing nss_ctx\n"));
return ret;
diff --git a/server/nss/nsssrv.h b/server/nss/nsssrv.h
index 6e4d57e0..ce1f7b23 100644
--- a/server/nss/nsssrv.h
+++ b/server/nss/nsssrv.h
@@ -41,14 +41,14 @@
#define NSS_DOMAIN_DELIM '@'
#endif
-struct nss_ldb_ctx;
+struct sysdb_ctx;
struct getent_ctx;
struct nss_ctx {
struct event_context *ev;
struct fd_event *lfde;
int lfd;
- struct nss_ldb_ctx *lctx;
+ struct sysdb_ctx *sysdb;
struct confdb_ctx *cdb;
char *sock_name;
struct service_sbus_ctx *ss_ctx;
diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c
index 69823069..95a52ea2 100644
--- a/server/nss/nsssrv_cmd.c
+++ b/server/nss/nsssrv_cmd.c
@@ -19,12 +19,10 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#include "ldb.h"
-#include "ldb_errors.h"
#include "util/util.h"
#include "util/btreemap.h"
#include "nss/nsssrv.h"
-#include "nss/nsssrv_ldb.h"
+#include "db/sysdb.h"
#include <time.h>
struct nss_cmd_ctx {
@@ -137,12 +135,12 @@ static int fill_pwent(struct nss_packet *packet,
for (i = 0; i < count; i++) {
msg = msgs[i];
- name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL);
- fullname = ldb_msg_find_attr_as_string(msg, NSS_PW_FULLNAME, NULL);
- homedir = ldb_msg_find_attr_as_string(msg, NSS_PW_HOMEDIR, NULL);
- shell = ldb_msg_find_attr_as_string(msg, NSS_PW_SHELL, NULL);
- uid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_UIDNUM, 0);
- gid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_GIDNUM, 0);
+ name = ldb_msg_find_attr_as_string(msg, SYSDB_PW_NAME, NULL);
+ fullname = ldb_msg_find_attr_as_string(msg, SYSDB_PW_FULLNAME, NULL);
+ homedir = ldb_msg_find_attr_as_string(msg, SYSDB_PW_HOMEDIR, NULL);
+ shell = ldb_msg_find_attr_as_string(msg, SYSDB_PW_SHELL, NULL);
+ uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_PW_UIDNUM, 0);
+ gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_PW_GIDNUM, 0);
if (!name || !fullname || !homedir || !shell || !uid || !gid) {
DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n",
@@ -262,7 +260,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status,
if (nctx->check_expiration) {
timeout = nctx->cctx->nctx->cache_timeout;
- lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], NSS_LAST_UPDATE, 0);
+ lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_LAST_UPDATE, 0);
if (lastUpdate + timeout < time(NULL)) {
/* dont loop forever :-) */
@@ -347,9 +345,9 @@ static void nss_cmd_getpwnam_callback(uint16_t err_maj, uint32_t err_min,
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
}
- ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->domain, nctx->name,
- nss_cmd_getpw_callback, nctx);
+ ret = sysdb_getpwnam(nctx, cctx->ev, cctx->nctx->sysdb,
+ nctx->domain, nctx->name,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -393,9 +391,9 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
DEBUG(4, ("Requesting info for [%s] from [%s]\n",
nctx->name, nctx->domain?nctx->domain:"all domains"));
- ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->domain, nctx->name,
- nss_cmd_getpw_callback, nctx);
+ ret = sysdb_getpwnam(nctx, cctx->ev, cctx->nctx->sysdb,
+ nctx->domain, nctx->name,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -422,9 +420,9 @@ static void nss_cmd_getpwuid_callback(uint16_t err_maj, uint32_t err_min,
(unsigned int)err_maj, (unsigned int)err_min, err_msg));
}
- ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->domain, nctx->id,
- nss_cmd_getpw_callback, nctx);
+ ret = sysdb_getpwuid(nctx, cctx->ev, cctx->nctx->sysdb,
+ nctx->domain, nctx->id,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -463,9 +461,9 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx)
DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain));
- ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->domain, nctx->id,
- nss_cmd_getpw_callback, nctx);
+ ret = sysdb_getpwuid(nctx, cctx->ev, cctx->nctx->sysdb,
+ nctx->domain, nctx->id,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -544,8 +542,8 @@ static int nss_cmd_setpwent(struct cli_ctx *cctx)
cctx->gctx->pwd_cur = 0;
}
- ret = nss_ldb_enumpwent(nctx, cctx->ev, cctx->nctx->lctx,
- nss_cmd_setpwent_callback, nctx);
+ ret = sysdb_enumpwent(nctx, cctx->ev, cctx->nctx->sysdb,
+ nss_cmd_setpwent_callback, nctx);
return ret;
}
@@ -642,8 +640,8 @@ static int nss_cmd_getpwent(struct cli_ctx *cctx)
cctx->gctx = gctx;
}
if (cctx->gctx->pwds == NULL) {
- ret = nss_ldb_enumpwent(nctx, cctx->ev, cctx->nctx->lctx,
- nss_cmd_getpwent_callback, nctx);
+ ret = sysdb_enumpwent(nctx, cctx->ev, cctx->nctx->sysdb,
+ nss_cmd_getpwent_callback, nctx);
return ret;
}
}
@@ -720,8 +718,8 @@ static int fill_grent(struct nss_packet *packet,
if (get_group) {
/* find group name/gid */
- name = ldb_msg_find_attr_as_string(msg, NSS_GR_NAME, NULL);
- gid = ldb_msg_find_attr_as_uint64(msg, NSS_GR_GIDNUM, 0);
+ name = ldb_msg_find_attr_as_string(msg, SYSDB_GR_NAME, NULL);
+ gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GR_GIDNUM, 0);
if (!name || !gid) {
DEBUG(1, ("Incomplete group object for %s[%llu]! Aborting\n",
name?name:"<NULL>", (unsigned long long int)gid));
@@ -749,7 +747,7 @@ static int fill_grent(struct nss_packet *packet,
continue;
}
- name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL);
+ name = ldb_msg_find_attr_as_string(msg, SYSDB_PW_NAME, NULL);
if (!name) {
/* last member of previous group found, or error.
@@ -862,9 +860,9 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain));
- ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->domain, nctx->name,
- nss_cmd_getgr_callback, nctx);
+ ret = sysdb_getgrnam(nctx, cctx->ev, cctx->nctx->sysdb,
+ nctx->domain, nctx->name,
+ nss_cmd_getgr_callback, nctx);
return ret;
}
@@ -895,9 +893,9 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx)
DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain));
- ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->domain, nctx->id,
- nss_cmd_getgr_callback, nctx);
+ ret = sysdb_getgrgid(nctx, cctx->ev, cctx->nctx->sysdb,
+ nctx->domain, nctx->id,
+ nss_cmd_getgr_callback, nctx);
return ret;
}
@@ -968,8 +966,8 @@ static int nss_cmd_setgrent(struct cli_ctx *cctx)
cctx->gctx->grp_cur = 0;
}
- ret = nss_ldb_enumgrent(nctx, cctx->ev, cctx->nctx->lctx,
- nss_cmd_setgrent_callback, nctx);
+ ret = sysdb_enumgrent(nctx, cctx->ev, cctx->nctx->sysdb,
+ nss_cmd_setgrent_callback, nctx);
return ret;
}
@@ -1069,8 +1067,8 @@ static int nss_cmd_getgrent(struct cli_ctx *cctx)
cctx->gctx = gctx;
}
if (cctx->gctx->grps == NULL) {
- ret = nss_ldb_enumgrent(nctx, cctx->ev, cctx->nctx->lctx,
- nss_cmd_getgrent_callback, nctx);
+ ret = sysdb_enumgrent(nctx, cctx->ev, cctx->nctx->sysdb,
+ nss_cmd_getgrent_callback, nctx);
return ret;
}
}
@@ -1155,7 +1153,7 @@ static void nss_cmd_initgr_callback(void *ptr, int status,
nss_packet_get_body(cctx->creq->out, &body, &blen);
for (i = 0; i < num; i++) {
- gid = ldb_msg_find_attr_as_uint64(res->msgs[i], NSS_GR_GIDNUM, 0);
+ gid = ldb_msg_find_attr_as_uint64(res->msgs[i], SYSDB_GR_GIDNUM, 0);
if (!gid) {
DEBUG(1, ("Incomplete group object for initgroups! Aborting\n"));
nss_packet_set_error(cctx->creq->out, EIO);
@@ -1201,9 +1199,9 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain));
- ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->domain, nctx->name,
- nss_cmd_initgr_callback, nctx);
+ ret = sysdb_initgroups(nctx, cctx->ev, cctx->nctx->sysdb,
+ nctx->domain, nctx->name,
+ nss_cmd_initgr_callback, nctx);
return ret;
}
diff --git a/server/nss/nsssrv_ldb.c b/server/nss/nsssrv_ldb.c
deleted file mode 100644
index d9c40463..00000000
--- a/server/nss/nsssrv_ldb.c
+++ /dev/null
@@ -1,762 +0,0 @@
-/*
- SSSD
-
- NSS Responder
-
- Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include "ldb.h"
-#include "ldb_errors.h"
-#include "util/util.h"
-#include "nss/nsssrv.h"
-#include "nss/nsssrv_ldb.h"
-#include "confdb/confdb.h"
-
-struct nss_ldb_search_ctx {
- struct nss_ldb_ctx *nlctx;
- const char *base_dn;
- nss_ldb_callback_t callback;
- void *ptr;
- struct ldb_result *res;
-};
-
-static int nss_ldb_error_to_errno(int lerr)
-{
- /* fake it up for now, requires a mapping table */
- return EIO;
-}
-
-static void request_error(struct nss_ldb_search_ctx *sctx, int ldb_error)
-{
- sctx->callback(sctx->ptr, nss_ldb_error_to_errno(ldb_error), sctx->res);
-}
-
-static void request_done(struct nss_ldb_search_ctx *sctx)
-{
- sctx->callback(sctx->ptr, EOK, sctx->res);
-}
-
-static int get_gen_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct nss_ldb_search_ctx *sctx;
- struct ldb_result *res;
- int n;
-
- sctx = talloc_get_type(req->context, struct nss_ldb_search_ctx);
- res = sctx->res;
-
- if (!ares) {
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- if (ares->error != LDB_SUCCESS) {
- request_error(sctx, ares->error);
- return ares->error;
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- res->msgs = talloc_realloc(res, res->msgs,
- struct ldb_message *,
- res->count + 2);
- if (!res->msgs) {
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- res->msgs[res->count + 1] = NULL;
-
- res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
- res->count++;
- break;
-
- case LDB_REPLY_REFERRAL:
- if (res->refs) {
- for (n = 0; res->refs[n]; n++) /*noop*/ ;
- } else {
- n = 0;
- }
-
- res->refs = talloc_realloc(res, res->refs, char *, n + 2);
- if (! res->refs) {
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- res->refs[n] = talloc_steal(res->refs, ares->referral);
- res->refs[n + 1] = NULL;
- break;
-
- case LDB_REPLY_DONE:
- res->controls = talloc_steal(res, ares->controls);
-
- /* this is the last message, and means the request is done */
- request_done(sctx);
- return LDB_SUCCESS;
- }
-
- talloc_free(ares);
- return LDB_SUCCESS;
-}
-
-static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx,
- const char *base_dn,
- struct nss_ldb_ctx *ctx,
- nss_ldb_callback_t fn,
- void *ptr)
-{
- struct nss_ldb_search_ctx *sctx;
-
- sctx = talloc(mem_ctx, struct nss_ldb_search_ctx);
- if (!sctx) {
- return NULL;
- }
- sctx->nlctx = ctx;
- sctx->base_dn = base_dn;
- sctx->callback = fn;
- sctx->ptr = ptr;
- sctx->res = talloc_zero(sctx, struct ldb_result);
- if (!sctx->res) {
- talloc_free(sctx);
- return NULL;
- }
-
- return sctx;
-}
-
-/* users */
-
-static int pwd_search(struct nss_ldb_search_ctx *sctx,
- struct nss_ldb_ctx *ctx,
- const char *expression)
-{
- static const char *attrs[] = NSS_PW_ATTRS;
- struct ldb_request *req;
- int ret;
-
- ret = ldb_build_search_req(&req, ctx->ldb, sctx,
- ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
- LDB_SCOPE_SUBTREE,
- expression, attrs, NULL,
- sctx, get_gen_callback,
- NULL);
- if (ret != LDB_SUCCESS) {
- return nss_ldb_error_to_errno(ret);
- }
-
- ret = ldb_request(ctx->ldb, req);
- if (ret != LDB_SUCCESS) {
- return nss_ldb_error_to_errno(ret);
- }
-
- return EOK;
-}
-
-int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- const char *name,
- nss_ldb_callback_t fn, void *ptr)
-{
- struct nss_ldb_search_ctx *sctx;
- const char *base_dn;
- char *expression;
-
- if (domain) {
- base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain);
- } else {
- base_dn = NSS_DEF_BASE;
- }
- if (!base_dn) {
- return ENOMEM;
- }
-
- sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
- if (!sctx) {
- return ENOMEM;
- }
-
- expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name);
- if (!expression) {
- talloc_free(sctx);
- return ENOMEM;
- }
-
- return pwd_search(sctx, ctx, expression);
-}
-
-int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- uint64_t uid,
- nss_ldb_callback_t fn, void *ptr)
-{
- struct nss_ldb_search_ctx *sctx;
- unsigned long long int filter_uid = uid;
- const char *base_dn;
- char *expression;
-
- if (domain) {
- base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain);
- } else {
- base_dn = NSS_DEF_BASE;
- }
- if (!base_dn) {
- return ENOMEM;
- }
-
- sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
- if (!sctx) {
- return ENOMEM;
- }
-
- expression = talloc_asprintf(sctx, NSS_PWUID_FILTER, filter_uid);
- if (!expression) {
- talloc_free(sctx);
- return ENOMEM;
- }
-
- return pwd_search(sctx, ctx, expression);
-}
-
-int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- nss_ldb_callback_t fn, void *ptr)
-{
- struct nss_ldb_search_ctx *sctx;
-
- sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr);
- if (!sctx) {
- return ENOMEM;
- }
-
- return pwd_search(sctx, ctx, NSS_PWENT_FILTER);
-}
-
-/* groups */
-
-struct get_mem_ctx {
- struct nss_ldb_search_ctx *ret_sctx;
- struct ldb_message **grps;
- int num_grps;
-};
-
-static void get_members(void *ptr, int status, struct ldb_result *res)
-{
- struct nss_ldb_ctx *ctx;
- struct nss_ldb_search_ctx *sctx;
- struct get_mem_ctx *gmctx;
- struct nss_ldb_search_ctx *mem_sctx;
- struct ldb_request *req;
- struct ldb_message *msg;
- struct ldb_result *ret_res;
- static const char *attrs[] = NSS_GRPW_ATTRS;
- const char *expression;
- int ret, i;
-
- sctx = talloc_get_type(ptr, struct nss_ldb_search_ctx);
- gmctx = talloc_get_type(sctx->ptr, struct get_mem_ctx);
- ctx = sctx->nlctx;
-
- if (status != LDB_SUCCESS) {
- return request_error(gmctx->ret_sctx, status);
- }
-
- ret_res = gmctx->ret_sctx->res;
-
- /* append previous search results to final (if any) */
- if (res && res->count != 0) {
- ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs,
- struct ldb_message *,
- ret_res->count + res->count + 1);
- for(i = 0; i < res->count; i++) {
- ret_res->msgs[ret_res->count] = talloc_steal(ret_res, res->msgs[i]);
- ret_res->count++;
- }
- ret_res->msgs[ret_res->count] = NULL;
- }
-
- if (gmctx->grps[0] == NULL) {
- return request_done(gmctx->ret_sctx);
- }
-
- mem_sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, sctx);
- if (!mem_sctx) {
- return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
- }
-
- /* fetch next group to search for members */
- gmctx->num_grps--;
- msg = gmctx->grps[gmctx->num_grps];
- gmctx->grps[gmctx->num_grps] = NULL;
-
- /* queue the group entry on the final result structure */
- ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs,
- struct ldb_message *,
- ret_res->count + 2);
- if (!ret_res->msgs) {
- return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
- }
- ret_res->msgs[ret_res->count + 1] = NULL;
- ret_res->msgs[ret_res->count] = talloc_steal(ret_res->msgs, msg);
- ret_res->count++;
-
- /* search for this group members */
- expression = talloc_asprintf(mem_sctx, NSS_GRNA2_FILTER,
- ldb_dn_get_linearized(msg->dn));
- if (!expression) {
- return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
- }
-
- ret = ldb_build_search_req(&req, ctx->ldb, mem_sctx,
- ldb_dn_new(mem_sctx, ctx->ldb, sctx->base_dn),
- LDB_SCOPE_SUBTREE,
- expression, attrs, NULL,
- mem_sctx, get_gen_callback,
- NULL);
- if (ret != LDB_SUCCESS) {
- return request_error(gmctx->ret_sctx, ret);
- }
-
- ret = ldb_request(ctx->ldb, req);
- if (ret != LDB_SUCCESS) {
- return request_error(gmctx->ret_sctx, ret);
- }
-}
-
-static int get_grp_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct nss_ldb_search_ctx *sctx;
- struct nss_ldb_ctx *ctx;
- struct ldb_result *res;
- int n;
-
- sctx = talloc_get_type(req->context, struct nss_ldb_search_ctx);
- ctx = sctx->nlctx;
- res = sctx->res;
-
- if (!ares) {
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- if (ares->error != LDB_SUCCESS) {
- request_error(sctx, ares->error);
- return ares->error;
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- res->msgs = talloc_realloc(res, res->msgs,
- struct ldb_message *,
- res->count + 2);
- if (!res->msgs) {
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- res->msgs[res->count + 1] = NULL;
-
- res->msgs[res->count] = talloc_steal(res->msgs, ares->message);
- res->count++;
- break;
-
- case LDB_REPLY_REFERRAL:
- if (res->refs) {
- for (n = 0; res->refs[n]; n++) /*noop*/ ;
- } else {
- n = 0;
- }
-
- res->refs = talloc_realloc(res, res->refs, char *, n + 2);
- if (! res->refs) {
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- res->refs[n] = talloc_steal(res->refs, ares->referral);
- res->refs[n + 1] = NULL;
- break;
-
- case LDB_REPLY_DONE:
- res->controls = talloc_steal(res, ares->controls);
-
- /* no results, return */
- if (res->count == 0) {
- request_done(sctx);
- return LDB_SUCCESS;
- }
- if (res->count > 0) {
- struct get_mem_ctx *gmctx;
-
- gmctx = talloc_zero(req, struct get_mem_ctx);
- if (!gmctx) {
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- gmctx->ret_sctx = sctx;
- gmctx->grps = talloc_steal(gmctx, res->msgs);
- gmctx->num_grps = res->count;
- res->msgs = NULL;
- res->count = 0;
-
- /* re-use sctx to create a fake handler for the first call to
- * get_members() */
- sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, gmctx);
-
- get_members(sctx, LDB_SUCCESS, NULL);
- return LDB_SUCCESS;
- }
-
- /* anything else is an error */
- request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- talloc_free(ares);
- return LDB_SUCCESS;
-}
-
-static int grp_search(struct nss_ldb_search_ctx *sctx,
- struct nss_ldb_ctx *ctx,
- const char *expression)
-{
- static const char *attrs[] = NSS_GRNAM_ATTRS;
- struct ldb_request *req;
- int ret;
-
- ret = ldb_build_search_req(&req, ctx->ldb, sctx,
- ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
- LDB_SCOPE_SUBTREE,
- expression, attrs, NULL,
- sctx, get_grp_callback,
- NULL);
- if (ret != LDB_SUCCESS) {
- return nss_ldb_error_to_errno(ret);
- }
-
- ret = ldb_request(ctx->ldb, req);
- if (ret != LDB_SUCCESS) {
- return nss_ldb_error_to_errno(ret);
- }
-
- return EOK;
-}
-
-int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- const char *name,
- nss_ldb_callback_t fn, void *ptr)
-{
- struct nss_ldb_search_ctx *sctx;
- const char *base_dn;
- char *expression;
-
- if (domain) {
- base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain);
- } else {
- base_dn = NSS_DEF_BASE;
- }
- if (!base_dn) {
- return ENOMEM;
- }
-
- sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
- if (!sctx) {
- return ENOMEM;
- }
-
- expression = talloc_asprintf(sctx, NSS_GRNAM_FILTER, name);
- if (!expression) {
- talloc_free(sctx);
- return ENOMEM;
- }
-
- return grp_search(sctx, ctx, expression);
-}
-
-int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- uint64_t gid,
- nss_ldb_callback_t fn, void *ptr)
-{
- struct nss_ldb_search_ctx *sctx;
- unsigned long long int filter_gid = gid;
- const char *base_dn;
- char *expression;
-
- if (domain) {
- base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain);
- } else {
- base_dn = NSS_DEF_BASE;
- }
- if (!base_dn) {
- return ENOMEM;
- }
-
- sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
- if (!sctx) {
- return ENOMEM;
- }
-
- expression = talloc_asprintf(sctx, NSS_GRGID_FILTER, filter_gid);
- if (!expression) {
- talloc_free(sctx);
- return ENOMEM;
- }
-
- return grp_search(sctx, ctx, expression);
-}
-
-int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- nss_ldb_callback_t fn, void *ptr)
-{
- struct nss_ldb_search_ctx *sctx;
-
- sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr);
- if (!sctx) {
- return ENOMEM;
- }
-
- return grp_search(sctx, ctx, NSS_GRENT_FILTER);
-}
-
-static void nss_ldb_initgr_search(void *ptr, int status,
- struct ldb_result *res)
-{
- struct nss_ldb_ctx *ctx;
- struct nss_ldb_search_ctx *sctx;
- char *expression;
- struct ldb_request *req;
- struct ldb_control **ctrl;
- struct ldb_asq_control *control;
- static const char *attrs[] = NSS_INITGR_ATTRS;
- int ret;
-
- sctx = talloc_get_type(ptr, struct nss_ldb_search_ctx);
- ctx = sctx->nlctx;
-
- if (res->count == 0) {
- return request_done(sctx);
- }
- if (res->count > 1) {
- return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- }
-
- expression = talloc_asprintf(sctx, NSS_INITGR_FILTER);
- if (!expression) {
- return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- }
-
- ctrl = talloc_array(sctx, struct ldb_control *, 2);
- if (!ctrl) {
- return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- }
- ctrl[1] = NULL;
- ctrl[0] = talloc(ctrl, struct ldb_control);
- if (!ctrl[0]) {
- return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- }
- ctrl[0]->oid = LDB_CONTROL_ASQ_OID;
- ctrl[0]->critical = 1;
- control = talloc(ctrl[0], struct ldb_asq_control);
- if (!control) {
- return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- }
- control->request = 1;
- control->source_attribute = talloc_strdup(control, NSS_INITGR_ATTR);
- if (!control->source_attribute) {
- return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
- }
- control->src_attr_len = strlen(control->source_attribute);
- ctrl[0]->data = control;
-
- ret = ldb_build_search_req(&req, ctx->ldb, sctx,
- res->msgs[0]->dn,
- LDB_SCOPE_BASE,
- expression, attrs, ctrl,
- sctx, get_gen_callback,
- NULL);
- if (ret != LDB_SUCCESS) {
- return request_error(sctx, ret);
- }
-
- ret = ldb_request(ctx->ldb, req);
- if (ret != LDB_SUCCESS) {
- return request_error(sctx, ret);
- }
-}
-
-int nss_ldb_initgroups(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- const char *name,
- nss_ldb_callback_t fn, void *ptr)
-{
- static const char *attrs[] = NSS_PW_ATTRS;
- struct nss_ldb_search_ctx *ret_sctx;
- struct nss_ldb_search_ctx *sctx;
- const char *base_dn;
- char *expression;
- struct ldb_request *req;
- int ret;
-
- if (domain) {
- base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain);
- } else {
- base_dn = NSS_DEF_BASE;
- }
- if (!base_dn) {
- return ENOMEM;
- }
-
- ret_sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr);
- if (!ret_sctx) {
- return ENOMEM;
- }
- sctx = init_src_ctx(ret_sctx, base_dn, ctx, nss_ldb_initgr_search, ret_sctx);
- if (!sctx) {
- talloc_free(sctx);
- return ENOMEM;
- }
-
- expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name);
- if (!expression) {
- talloc_free(sctx);
- return ENOMEM;
- }
-
- ret = ldb_build_search_req(&req, ctx->ldb, sctx,
- ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
- LDB_SCOPE_SUBTREE,
- expression, attrs, NULL,
- sctx, get_gen_callback,
- NULL);
- if (ret != LDB_SUCCESS) {
- return nss_ldb_error_to_errno(ret);
- }
-
- ret = ldb_request(ctx->ldb, req);
- if (ret != LDB_SUCCESS) {
- return nss_ldb_error_to_errno(ret);
- }
-
- return LDB_SUCCESS;
-}
-
-static int nss_ldb_read_var(TALLOC_CTX *tmp_ctx,
- struct confdb_ctx *cdb,
- struct nss_ldb_ctx *ctx,
- const char *name,
- const char *def_value,
- const char **target)
-{
- int ret;
- char *t;
- char **values;
-
- ret = confdb_get_param(cdb, tmp_ctx,
- NSS_LDB_CONF_SECTION,
- name, &values);
- if (ret != EOK)
- return ret;
-
- if (values[0])
- t = talloc_steal(ctx, values[0]);
- else
- t = talloc_strdup(ctx, def_value);
-
- *target = t;
- return EOK;
-}
-
-static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx,
- struct confdb_ctx *cdb,
- struct nss_ldb_ctx **nlctx)
-{
- struct nss_ldb_ctx *ctx;
- TALLOC_CTX *tmp_ctx;
- char *default_ldb_path;
- int ret;
-
- tmp_ctx = talloc_new(mem_ctx);
- if (!tmp_ctx)
- return ENOMEM;
-
- ctx = talloc(mem_ctx, struct nss_ldb_ctx);
- if (!ctx) {
- ret = ENOMEM;
- goto done;
- }
-
- default_ldb_path = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, NSS_DEF_LDB_FILE);
- if (default_ldb_path == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "ldbFile",
- default_ldb_path, &ctx->ldb_file);
- DEBUG(3, ("NSS LDB Cache Path: %s\n", ctx->ldb_file));
-
- *nlctx = ctx;
- ret = EOK;
-
-done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
-int nss_ldb_init(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct confdb_ctx *cdb,
- struct nss_ldb_ctx **nlctx)
-{
- struct nss_ldb_ctx *ctx;
- int ret;
-
- ret = nss_ldb_read_conf(mem_ctx, cdb, &ctx);
- if (ret != EOK)
- return ret;
-
- ctx->ldb = ldb_init(mem_ctx, ev);
- if (!ctx->ldb) {
- talloc_free(ctx);
- return EIO;
- }
-
- ret = ldb_connect(ctx->ldb, ctx->ldb_file, 0, NULL);
- if (ret != LDB_SUCCESS) {
- talloc_free(ctx);
- return EIO;
- }
-
- *nlctx = ctx;
-
- return EOK;
-}
diff --git a/server/nss/nsssrv_ldb.h b/server/nss/nsssrv_ldb.h
deleted file mode 100644
index 66c9687d..00000000
--- a/server/nss/nsssrv_ldb.h
+++ /dev/null
@@ -1,83 +0,0 @@
-/*
- SSSD
-
- NSS LDB Header
-
- Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-
-#include "nss/nss_ldb.h"
-
-struct nss_ldb_ctx {
- struct ldb_context *ldb;
- const char *ldb_file;
-};
-
-struct confdb_ctx;
-
-typedef void (*nss_ldb_callback_t)(void *, int, struct ldb_result *);
-
-int nss_ldb_init(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct confdb_ctx *cdb,
- struct nss_ldb_ctx **nlctx);
-
-int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- const char *name,
- nss_ldb_callback_t fn, void *ptr);
-
-int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- uint64_t uid,
- nss_ldb_callback_t fn, void *ptr);
-
-int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- nss_ldb_callback_t fn, void *ptr);
-
-int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- const char *name,
- nss_ldb_callback_t fn, void *ptr);
-
-int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- uint64_t gid,
- nss_ldb_callback_t fn, void *ptr);
-
-int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- nss_ldb_callback_t fn, void *ptr);
-
-int nss_ldb_initgroups(TALLOC_CTX *mem_ctx,
- struct event_context *ev,
- struct nss_ldb_ctx *ctx,
- const char *domain,
- const char *name,
- nss_ldb_callback_t fn, void *ptr);
-
diff --git a/server/providers/data_provider.c b/server/providers/data_provider.c
index ee449a52..e0de4dbb 100644
--- a/server/providers/data_provider.c
+++ b/server/providers/data_provider.c
@@ -30,8 +30,6 @@
#include <sys/time.h>
#include <errno.h>
#include "popt.h"
-#include "ldb.h"
-#include "ldb_errors.h"
#include "util/util.h"
#include "confdb/confdb.h"
#include "dbus/dbus.h"
@@ -47,7 +45,6 @@ struct dp_frontend;
struct dp_ctx {
struct event_context *ev;
struct confdb_ctx *cdb;
- struct ldb_context *ldb;
struct service_sbus_ctx *ss_ctx;
struct sbus_srv_ctx *sbus_srv;
struct dp_backend *be_list;
@@ -165,50 +162,6 @@ static int dp_monitor_init(struct dp_ctx *dpctx)
return EOK;
}
-static int dp_db_init(struct dp_ctx *dpctx)
-{
- TALLOC_CTX *ctx;
- char *ldb_file;
- char *default_db_file;
- int ret;
-
- ctx = talloc_new(dpctx);
- if(ctx == NULL) {
- return ENOMEM;
- }
-
- default_db_file = talloc_asprintf(ctx, "%s/%s", DB_PATH, DATA_PROVIDER_DB_FILE);
- if (default_db_file == NULL) {
- talloc_free(ctx);
- return ENOMEM;
- }
-
- ret = confdb_get_string(dpctx->cdb, ctx,
- DATA_PROVIDER_DB_CONF_SEC, "ldbFile",
- default_db_file, &ldb_file);
- if (ret != EOK) {
- talloc_free(ctx);
- return ret;
- }
-
- dpctx->ldb = ldb_init(ctx, dpctx->ev);
- if (!dpctx->ldb) {
- talloc_free(ctx);
- return EIO;
- }
-
- ret = ldb_connect(dpctx->ldb, ldb_file, 0, NULL);
- if (ret != LDB_SUCCESS) {
- talloc_free(ctx);
- return EIO;
- }
-
- talloc_steal(dpctx,dpctx->ldb);
- talloc_free(ctx);
-
- return EOK;
-}
-
static void be_identity_check(DBusPendingCall *pending, void *data);
static void be_online_check(DBusPendingCall *pending, void *data);
static void be_got_account_info(DBusPendingCall *pending, void *data);
@@ -831,12 +784,6 @@ static int dp_process_init(TALLOC_CTX *mem_ctx,
dpctx->ev = ev;
dpctx->cdb = cdb;
- ret = dp_db_init(dpctx);
- if (ret != EOK) {
- DEBUG(0, ("fatal error opening database\n"));
- return ret;
- }
-
ret = dp_monitor_init(dpctx);
if (ret != EOK) {
DEBUG(0, ("fatal error setting up monitor bus\n"));
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index 8f0d8318..75e99bdc 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -30,10 +30,9 @@
#include <sys/time.h>
#include <errno.h>
#include "popt.h"
-#include "ldb.h"
-#include "ldb_errors.h"
#include "util/util.h"
#include "confdb/confdb.h"
+#include "db/sysdb.h"
#include "dbus/dbus.h"
#include "sbus/sssd_dbus.h"
#include "sbus_interfaces.h"
@@ -408,7 +407,7 @@ int be_process_init(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
- ret = dp_be_cachedb_init(ctx);
+ ret = sysdb_init(ctx, ev, cdb, &ctx->sysdb);
if (ret != EOK) {
DEBUG(0, ("fatal error opening cache database\n"));
return ret;
diff --git a/server/providers/dp_backend.h b/server/providers/dp_backend.h
index 1ad31d5e..219df957 100644
--- a/server/providers/dp_backend.h
+++ b/server/providers/dp_backend.h
@@ -23,13 +23,14 @@
#define __DP_BACKEND_H__
#include "providers/data_provider.h"
+#include "db/sysdb.h"
struct be_mod_ops;
struct be_ctx {
struct event_context *ev;
struct confdb_ctx *cdb;
- struct ldb_context *ldb;
+ struct sysdb_ctx *sysdb;
struct service_sbus_ctx *ss_ctx;
struct service_sbus_ctx *dp_ctx;
const char *name;
@@ -47,13 +48,4 @@ struct be_mod_ops {
int filter_type, char *filter_value);
};
-int dp_be_store_account_posix(struct be_ctx *ctx,
- char *name, char *pwd,
- uint64_t uid, uint64_t gid,
- char *gecos, char *homedir, char *shell);
-int dp_be_remove_account_posix(struct be_ctx *ctx, char *name);
-int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid);
-
-int dp_be_cachedb_init(struct be_ctx *ctx);
-
#endif /* __DP_BACKEND_H___ */
diff --git a/server/providers/dp_backend_store.c b/server/providers/dp_backend_store.c
index 0d7153c1..6c97951e 100644
--- a/server/providers/dp_backend_store.c
+++ b/server/providers/dp_backend_store.c
@@ -33,408 +33,3 @@
* In case this changes (ex. plugins that contact the network etc..
* make sure to split functions in multiple async calls */
-int dp_be_store_account_posix(struct be_ctx *ctx,
- char *name, char *pwd,
- uint64_t uid, uint64_t gid,
- char *gecos, char *homedir, char *shell)
-{
- TALLOC_CTX *tmp_ctx;
- const char *attrs[] = { NSS_PW_NAME, NULL };
- struct ldb_dn *account_dn;
- struct ldb_message *msg;
- struct ldb_request *req;
- struct ldb_result *res;
- int lret, ret;
- int flags;
-
- tmp_ctx = talloc_new(ctx);
- if (!tmp_ctx) {
- return ENOMEM;
- }
-
- account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
- "uid=%s,"NSS_TMPL_USER_BASE,
- name, ctx->domain);
- if (!account_dn) {
- talloc_free(tmp_ctx);
- return ENOMEM;
- }
-
- lret = ldb_transaction_start(ctx->ldb);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret));
- ret = EIO;
- goto done;
- }
-
- lret = ldb_search(ctx->ldb, tmp_ctx, &res, account_dn,
- LDB_SCOPE_BASE, attrs, NSS_PWENT_FILTER);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n",
- ldb_strerror(lret), lret, ldb_errstring(ctx->ldb)));
- ret = EIO;
- goto done;
- }
-
- req = NULL;
-
- msg = ldb_msg_new(tmp_ctx);
- if (!msg) {
- ret = ENOMEM;
- goto done;
- }
- msg->dn = account_dn;
-
- switch (res->count) {
- case 0:
- flags = LDB_FLAG_MOD_ADD;
- break;
- case 1:
- flags = LDB_FLAG_MOD_REPLACE;
- break;
- default:
- DEBUG(0, ("Cache DB corrupted, base search returned %d results\n",
- res->count));
- ret = EIO;
- goto done;
- }
-
- talloc_free(res);
- res = NULL;
-
- if (flags == LDB_FLAG_MOD_ADD) {
- /* TODO: retrieve user objectclass list from configuration */
- lret = ldb_msg_add_empty(msg, "objectClass", flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, "objectClass", "user");
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
-
- /* TODO: retrieve user name attribute from configuration */
- lret = ldb_msg_add_empty(msg, NSS_PW_NAME, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, NSS_PW_NAME, name);
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
- }
-
- /* TODO: retrieve attribute name mappings from configuration */
-
- /* pwd */
- if (pwd && *pwd) {
- lret = ldb_msg_add_empty(msg, NSS_PW_PWD, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, NSS_PW_PWD, pwd);
- }
- } else {
- lret = ldb_msg_add_empty(msg, NSS_PW_PWD,
- LDB_FLAG_MOD_DELETE, NULL);
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
-
- /* uid */
- if (uid) {
- lret = ldb_msg_add_empty(msg, NSS_PW_UIDNUM, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_fmt(msg, NSS_PW_UIDNUM,
- "%lu", (unsigned long)uid);
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
- } else {
- DEBUG(0, ("Cached users can't have UID == 0\n"));
- ret = EINVAL;
- goto done;
- }
-
- /* gid */
- if (gid) {
- lret = ldb_msg_add_empty(msg, NSS_PW_GIDNUM, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_fmt(msg, NSS_PW_GIDNUM,
- "%lu", (unsigned long)gid);
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
- } else {
- DEBUG(0, ("Cached users can't have GID == 0\n"));
- ret = EINVAL;
- goto done;
- }
-
- /* gecos */
- if (gecos && *gecos) {
- lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, NSS_PW_FULLNAME, gecos);
- }
- } else {
- lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME,
- LDB_FLAG_MOD_DELETE, NULL);
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
-
- /* homedir */
- if (homedir && *homedir) {
- lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, NSS_PW_HOMEDIR, homedir);
- }
- } else {
- lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR,
- LDB_FLAG_MOD_DELETE, NULL);
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
-
- /* shell */
- if (shell && *shell) {
- lret = ldb_msg_add_empty(msg, NSS_PW_SHELL, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, NSS_PW_SHELL, shell);
- }
- } else {
- lret = ldb_msg_add_empty(msg, NSS_PW_SHELL,
- LDB_FLAG_MOD_DELETE, NULL);
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
-
- /* modification time */
- lret = ldb_msg_add_empty(msg, NSS_LAST_UPDATE, flags, NULL);
- if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_fmt(msg, NSS_LAST_UPDATE,
- "%ld", (long int)time(NULL));
- }
- if (lret != LDB_SUCCESS) {
- ret = errno;
- goto done;
- }
-
- if (flags == LDB_FLAG_MOD_ADD) {
- lret = ldb_build_add_req(&req, ctx->ldb, tmp_ctx, msg, NULL,
- NULL, ldb_op_default_callback, NULL);
- } else {
- lret = ldb_build_mod_req(&req, ctx->ldb, tmp_ctx, msg, NULL,
- NULL, ldb_op_default_callback, NULL);
- }
- if (lret == LDB_SUCCESS) {
- lret = ldb_request(ctx->ldb, req);
- if (lret == LDB_SUCCESS) {
- lret = ldb_wait(req->handle, LDB_WAIT_ALL);
- }
- }
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to make modify request: %s(%d)[%s]\n",
- ldb_strerror(lret), lret, ldb_errstring(ctx->ldb)));
- ret = EIO;
- goto done;
- }
-
- lret = ldb_transaction_commit(ctx->ldb);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret));
- ret = EIO;
- goto done;
- }
-
- ret = EOK;
-
-done:
- if (ret != EOK) {
- lret = ldb_transaction_cancel(ctx->ldb);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret));
- }
- }
-
- talloc_free(tmp_ctx);
- return ret;
-}
-
-int dp_be_remove_account_posix(struct be_ctx *ctx, char *name)
-{
- TALLOC_CTX *tmp_ctx;
- struct ldb_dn *account_dn;
- int ret;
-
- tmp_ctx = talloc_new(ctx);
- if (!tmp_ctx) {
- return ENOMEM;
- }
-
- account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
- "uid=%s,"NSS_TMPL_USER_BASE,
- name, ctx->domain);
- if (!account_dn) {
- talloc_free(tmp_ctx);
- return ENOMEM;
- }
-
- ret = ldb_delete(ctx->ldb, account_dn);
-
- if (ret != LDB_SUCCESS) {
- DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n",
- ldb_strerror(ret), ret, ldb_errstring(ctx->ldb)));
- ret = EIO;
- }
-
- talloc_free(tmp_ctx);
- return ret;
-}
-
-int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid)
-{
- TALLOC_CTX *tmp_ctx;
- const char *attrs[] = { NSS_PW_NAME, NSS_PW_UIDNUM, NULL };
- struct ldb_dn *base_dn;
- struct ldb_dn *account_dn;
- struct ldb_result *res;
- int lret, ret;
-
- tmp_ctx = talloc_new(ctx);
- if (!tmp_ctx) {
- return ENOMEM;
- }
-
- base_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
- NSS_TMPL_USER_BASE, ctx->domain);
- if (!base_dn) {
- talloc_free(tmp_ctx);
- return ENOMEM;
- }
-
- lret = ldb_transaction_start(ctx->ldb);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret));
- ret = EIO;
- goto done;
- }
-
- lret = ldb_search(ctx->ldb, tmp_ctx, &res, base_dn,
- LDB_SCOPE_BASE, attrs,
- NSS_PWUID_FILTER,
- (unsigned long)uid);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n",
- ldb_strerror(lret), lret, ldb_errstring(ctx->ldb)));
- ret = EIO;
- goto done;
- }
-
- if (res->count == 0) {
- ret = EOK;
- goto done;
- }
- if (res->count > 1) {
- DEBUG(0, ("Cache DB corrupted, base search returned %d results\n",
- res->count));
- ret = EOK;
- goto done;
- }
-
- account_dn = ldb_dn_copy(tmp_ctx, res->msgs[0]->dn);
- if (!account_dn) {
- ret = ENOMEM;
- goto done;
- }
-
- talloc_free(res);
- res = NULL;
-
- ret = ldb_delete(ctx->ldb, account_dn);
-
- if (ret != LDB_SUCCESS) {
- DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n",
- ldb_strerror(ret), ret, ldb_errstring(ctx->ldb)));
- ret = EIO;
- goto done;
- }
-
- lret = ldb_transaction_commit(ctx->ldb);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed ldb transaction commit !! (%d)\n", lret));
- ret = EIO;
- goto done;
- }
-
- ret = EOK;
-
-done:
- if (ret != EOK) {
- lret = ldb_transaction_cancel(ctx->ldb);
- if (lret != LDB_SUCCESS) {
- DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret));
- }
- }
-
- talloc_free(tmp_ctx);
- return ret;
-}
-
-/* TODO: Unify with nss_ldb and provide a single cachedb interface */
-
-int dp_be_cachedb_init(struct be_ctx *ctx)
-{
- TALLOC_CTX *tmp_ctx;
- char *ldb_file;
- char *default_db_file;
- int ret;
-
- tmp_ctx = talloc_new(ctx);
- if (!tmp_ctx) {
- return ENOMEM;
- }
-
- default_db_file = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, DATA_PROVIDER_DB_FILE);
- if (!default_db_file) {
- talloc_free(tmp_ctx);
- return ENOMEM;
- }
-
- ret = confdb_get_string(ctx->cdb, tmp_ctx,
- DATA_PROVIDER_DB_CONF_SEC, "ldbFile",
- default_db_file, &ldb_file);
- if (ret != EOK) {
- talloc_free(tmp_ctx);
- return ret;
- }
-
- ctx->ldb = ldb_init(tmp_ctx, ctx->ev);
- if (!ctx->ldb) {
- talloc_free(tmp_ctx);
- return EIO;
- }
-
- ret = ldb_connect(ctx->ldb, ldb_file, 0, NULL);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return EIO;
- }
-
- talloc_steal(ctx, ctx->ldb);
-
- talloc_free(tmp_ctx);
- return EOK;
-}
-
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index f93a5ede..04d4a58a 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -25,6 +25,7 @@
#include <grp.h>
#include "util/util.h"
#include "providers/dp_backend.h"
+#include "db/sysdb.h"
struct proxy_nss_ops {
enum nss_status (*getpwnam_r)(const char *name, struct passwd *result,
@@ -69,10 +70,11 @@ static int get_pw_name(struct be_ctx *be_ctx, struct proxy_ctx *proxy_ctx, char
switch (status) {
case NSS_STATUS_NOTFOUND:
- ret = dp_be_remove_account_posix(be_ctx, name);
+ ret = sysdb_remove_account_posix(be_ctx, be_ctx->sysdb,
+ be_ctx->domain, name);
break;
case NSS_STATUS_SUCCESS:
- ret = dp_be_store_account_posix(be_ctx,
+ ret = sysdb_store_account_posix(be_ctx, be_ctx->sysdb, be_ctx->domain,
result.pw_name, result.pw_passwd,
result.pw_uid, result.pw_gid,
result.pw_gecos, result.pw_dir,
@@ -109,10 +111,11 @@ static int get_pw_uid(struct be_ctx *be_ctx, struct proxy_ctx *proxy_ctx, uid_t
switch (status) {
case NSS_STATUS_NOTFOUND:
- ret = dp_be_remove_account_posix_by_uid(be_ctx, uid);
+ ret = sysdb_remove_account_posix_by_uid(be_ctx, be_ctx->sysdb,
+ be_ctx->domain,uid);
break;
case NSS_STATUS_SUCCESS:
- ret = dp_be_store_account_posix(be_ctx,
+ ret = sysdb_store_account_posix(be_ctx, be_ctx->sysdb, be_ctx->domain,
result.pw_name, result.pw_passwd,
result.pw_uid, result.pw_gid,
result.pw_gecos, result.pw_dir,
diff --git a/server/server.mk b/server/server.mk
index 30ee9126..b77a1729 100644
--- a/server/server.mk
+++ b/server/server.mk
@@ -5,11 +5,12 @@ UTIL_OBJ = \
util/memory.o \
util/btreemap.o \
util/service_helpers.o \
- providers/dp_helpers.o \
- confdb/confdb.o \
sbus/sssd_dbus_common.o \
sbus/sssd_dbus_connection.o \
- sbus/sssd_dbus_server.o
+ sbus/sssd_dbus_server.o \
+ providers/dp_helpers.o \
+ confdb/confdb.o \
+ db/sysdb.o
SERVER_OBJ = \
monitor.o
@@ -19,7 +20,6 @@ DP_OBJ = \
DP_BE_OBJ = \
providers/data_provider_be.o \
- providers/dp_backend_store.o
PROXY_BE_OBJ = \
providers/proxy.o
@@ -28,7 +28,6 @@ NSSSRV_OBJ = \
nss/nsssrv.o \
nss/nsssrv_packet.o \
nss/nsssrv_cmd.o \
- nss/nsssrv_ldb.o \
nss/nsssrv_dp.o
install:: all