diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/db/sysdb.c | 1125 | ||||
-rw-r--r-- | server/db/sysdb.h | 148 | ||||
-rw-r--r-- | server/examples/config.ldif | 2 | ||||
-rw-r--r-- | server/examples/db.ldif | 20 | ||||
-rw-r--r-- | server/nss/nss_ldb.h | 45 | ||||
-rw-r--r-- | server/nss/nsssrv.c | 5 | ||||
-rw-r--r-- | server/nss/nsssrv.h | 4 | ||||
-rw-r--r-- | server/nss/nsssrv_cmd.c | 84 | ||||
-rw-r--r-- | server/nss/nsssrv_ldb.c | 762 | ||||
-rw-r--r-- | server/nss/nsssrv_ldb.h | 83 | ||||
-rw-r--r-- | server/providers/data_provider.c | 53 | ||||
-rw-r--r-- | server/providers/data_provider_be.c | 5 | ||||
-rw-r--r-- | server/providers/dp_backend.h | 12 | ||||
-rw-r--r-- | server/providers/dp_backend_store.c | 405 | ||||
-rw-r--r-- | server/providers/proxy.c | 11 | ||||
-rw-r--r-- | server/server.mk | 9 |
16 files changed, 1344 insertions, 1429 deletions
diff --git a/server/db/sysdb.c b/server/db/sysdb.c new file mode 100644 index 00000000..aedf7ef2 --- /dev/null +++ b/server/db/sysdb.c @@ -0,0 +1,1125 @@ +/* + SSSD + + System Database + + Copyright (C) Simo Sorce <ssorce@redhat.com> 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "util/util.h" +#include "db/sysdb.h" +#include "confdb/confdb.h" +#include <time.h> + +struct sysdb_search_ctx { + struct sysdb_ctx *dbctx; + const char *base_dn; + sysdb_callback_t callback; + void *ptr; + struct ldb_result *res; +}; + +static int sysdb_error_to_errno(int lerr) +{ + /* fake it up for now, requires a mapping table */ + return EIO; +} + +static void request_error(struct sysdb_search_ctx *sctx, int ldb_error) +{ + sctx->callback(sctx->ptr, sysdb_error_to_errno(ldb_error), sctx->res); +} + +static void request_done(struct sysdb_search_ctx *sctx) +{ + sctx->callback(sctx->ptr, EOK, sctx->res); +} + +static int get_gen_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct sysdb_search_ctx *sctx; + struct ldb_result *res; + int n; + + sctx = talloc_get_type(req->context, struct sysdb_search_ctx); + res = sctx->res; + + if (!ares) { + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + if (ares->error != LDB_SUCCESS) { + request_error(sctx, ares->error); + return ares->error; + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + res->msgs = talloc_realloc(res, res->msgs, + struct ldb_message *, + res->count + 2); + if (!res->msgs) { + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + + res->msgs[res->count + 1] = NULL; + + res->msgs[res->count] = talloc_steal(res->msgs, ares->message); + res->count++; + break; + + case LDB_REPLY_REFERRAL: + if (res->refs) { + for (n = 0; res->refs[n]; n++) /*noop*/ ; + } else { + n = 0; + } + + res->refs = talloc_realloc(res, res->refs, char *, n + 2); + if (! res->refs) { + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + + res->refs[n] = talloc_steal(res->refs, ares->referral); + res->refs[n + 1] = NULL; + break; + + case LDB_REPLY_DONE: + res->controls = talloc_steal(res, ares->controls); + + /* this is the last message, and means the request is done */ + request_done(sctx); + return LDB_SUCCESS; + } + + talloc_free(ares); + return LDB_SUCCESS; +} + +static struct sysdb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx, + const char *base_dn, + struct sysdb_ctx *ctx, + sysdb_callback_t fn, + void *ptr) +{ + struct sysdb_search_ctx *sctx; + + sctx = talloc(mem_ctx, struct sysdb_search_ctx); + if (!sctx) { + return NULL; + } + sctx->dbctx = ctx; + sctx->base_dn = base_dn; + sctx->callback = fn; + sctx->ptr = ptr; + sctx->res = talloc_zero(sctx, struct ldb_result); + if (!sctx->res) { + talloc_free(sctx); + return NULL; + } + + return sctx; +} + +/* users */ + +static int pwd_search(struct sysdb_search_ctx *sctx, + struct sysdb_ctx *ctx, + const char *expression) +{ + static const char *attrs[] = SYSDB_PW_ATTRS; + struct ldb_request *req; + int ret; + + ret = ldb_build_search_req(&req, ctx->ldb, sctx, + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), + LDB_SCOPE_SUBTREE, + expression, attrs, NULL, + sctx, get_gen_callback, + NULL); + if (ret != LDB_SUCCESS) { + return sysdb_error_to_errno(ret); + } + + ret = ldb_request(ctx->ldb, req); + if (ret != LDB_SUCCESS) { + return sysdb_error_to_errno(ret); + } + + return EOK; +} + +int sysdb_getpwnam(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + const char *name, + sysdb_callback_t fn, void *ptr) +{ + struct sysdb_search_ctx *sctx; + const char *base_dn; + char *expression; + + if (domain) { + base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_USER_BASE, domain); + } else { + base_dn = SYSDB_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); + if (!sctx) { + return ENOMEM; + } + + expression = talloc_asprintf(sctx, SYSDB_PWNAM_FILTER, name); + if (!expression) { + talloc_free(sctx); + return ENOMEM; + } + + return pwd_search(sctx, ctx, expression); +} + +int sysdb_getpwuid(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + uint64_t uid, + sysdb_callback_t fn, void *ptr) +{ + struct sysdb_search_ctx *sctx; + unsigned long int filter_uid = uid; + const char *base_dn; + char *expression; + + if (domain) { + base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_USER_BASE, domain); + } else { + base_dn = SYSDB_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); + if (!sctx) { + return ENOMEM; + } + + expression = talloc_asprintf(sctx, SYSDB_PWUID_FILTER, filter_uid); + if (!expression) { + talloc_free(sctx); + return ENOMEM; + } + + return pwd_search(sctx, ctx, expression); +} + +int sysdb_enumpwent(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + sysdb_callback_t fn, void *ptr) +{ + struct sysdb_search_ctx *sctx; + + sctx = init_src_ctx(mem_ctx, SYSDB_BASE, ctx, fn, ptr); + if (!sctx) { + return ENOMEM; + } + + return pwd_search(sctx, ctx, SYSDB_PWENT_FILTER); +} + +/* groups */ + +struct get_mem_ctx { + struct sysdb_search_ctx *ret_sctx; + struct ldb_message **grps; + int num_grps; +}; + +static void get_members(void *ptr, int status, struct ldb_result *res) +{ + struct sysdb_ctx *ctx; + struct sysdb_search_ctx *sctx; + struct get_mem_ctx *gmctx; + struct sysdb_search_ctx *mem_sctx; + struct ldb_request *req; + struct ldb_message *msg; + struct ldb_result *ret_res; + static const char *attrs[] = SYSDB_GRPW_ATTRS; + const char *expression; + int ret, i; + + sctx = talloc_get_type(ptr, struct sysdb_search_ctx); + gmctx = talloc_get_type(sctx->ptr, struct get_mem_ctx); + ctx = sctx->dbctx; + + if (status != LDB_SUCCESS) { + return request_error(gmctx->ret_sctx, status); + } + + ret_res = gmctx->ret_sctx->res; + + /* append previous search results to final (if any) */ + if (res && res->count != 0) { + ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs, + struct ldb_message *, + ret_res->count + res->count + 1); + for(i = 0; i < res->count; i++) { + ret_res->msgs[ret_res->count] = talloc_steal(ret_res, res->msgs[i]); + ret_res->count++; + } + ret_res->msgs[ret_res->count] = NULL; + } + + if (gmctx->grps[0] == NULL) { + return request_done(gmctx->ret_sctx); + } + + mem_sctx = init_src_ctx(gmctx, SYSDB_BASE, ctx, get_members, sctx); + if (!mem_sctx) { + return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); + } + + /* fetch next group to search for members */ + gmctx->num_grps--; + msg = gmctx->grps[gmctx->num_grps]; + gmctx->grps[gmctx->num_grps] = NULL; + + /* queue the group entry on the final result structure */ + ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs, + struct ldb_message *, + ret_res->count + 2); + if (!ret_res->msgs) { + return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); + } + ret_res->msgs[ret_res->count + 1] = NULL; + ret_res->msgs[ret_res->count] = talloc_steal(ret_res->msgs, msg); + ret_res->count++; + + /* search for this group members */ + expression = talloc_asprintf(mem_sctx, SYSDB_GRNA2_FILTER, + ldb_dn_get_linearized(msg->dn)); + if (!expression) { + return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); + } + + ret = ldb_build_search_req(&req, ctx->ldb, mem_sctx, + ldb_dn_new(mem_sctx, ctx->ldb, sctx->base_dn), + LDB_SCOPE_SUBTREE, + expression, attrs, NULL, + mem_sctx, get_gen_callback, + NULL); + if (ret != LDB_SUCCESS) { + return request_error(gmctx->ret_sctx, ret); + } + + ret = ldb_request(ctx->ldb, req); + if (ret != LDB_SUCCESS) { + return request_error(gmctx->ret_sctx, ret); + } +} + +static int get_grp_callback(struct ldb_request *req, + struct ldb_reply *ares) +{ + struct sysdb_search_ctx *sctx; + struct sysdb_ctx *ctx; + struct ldb_result *res; + int n; + + sctx = talloc_get_type(req->context, struct sysdb_search_ctx); + ctx = sctx->dbctx; + res = sctx->res; + + if (!ares) { + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + if (ares->error != LDB_SUCCESS) { + request_error(sctx, ares->error); + return ares->error; + } + + switch (ares->type) { + case LDB_REPLY_ENTRY: + res->msgs = talloc_realloc(res, res->msgs, + struct ldb_message *, + res->count + 2); + if (!res->msgs) { + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + + res->msgs[res->count + 1] = NULL; + + res->msgs[res->count] = talloc_steal(res->msgs, ares->message); + res->count++; + break; + + case LDB_REPLY_REFERRAL: + if (res->refs) { + for (n = 0; res->refs[n]; n++) /*noop*/ ; + } else { + n = 0; + } + + res->refs = talloc_realloc(res, res->refs, char *, n + 2); + if (! res->refs) { + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + + res->refs[n] = talloc_steal(res->refs, ares->referral); + res->refs[n + 1] = NULL; + break; + + case LDB_REPLY_DONE: + res->controls = talloc_steal(res, ares->controls); + + /* no results, return */ + if (res->count == 0) { + request_done(sctx); + return LDB_SUCCESS; + } + if (res->count > 0) { + struct get_mem_ctx *gmctx; + + gmctx = talloc_zero(req, struct get_mem_ctx); + if (!gmctx) { + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + gmctx->ret_sctx = sctx; + gmctx->grps = talloc_steal(gmctx, res->msgs); + gmctx->num_grps = res->count; + res->msgs = NULL; + res->count = 0; + + /* re-use sctx to create a fake handler for the first call to + * get_members() */ + sctx = init_src_ctx(gmctx, SYSDB_BASE, ctx, get_members, gmctx); + + get_members(sctx, LDB_SUCCESS, NULL); + return LDB_SUCCESS; + } + + /* anything else is an error */ + request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + return LDB_ERR_OPERATIONS_ERROR; + } + + talloc_free(ares); + return LDB_SUCCESS; +} + +static int grp_search(struct sysdb_search_ctx *sctx, + struct sysdb_ctx *ctx, + const char *expression) +{ + static const char *attrs[] = SYSDB_GRNAM_ATTRS; + struct ldb_request *req; + int ret; + + ret = ldb_build_search_req(&req, ctx->ldb, sctx, + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), + LDB_SCOPE_SUBTREE, + expression, attrs, NULL, + sctx, get_grp_callback, + NULL); + if (ret != LDB_SUCCESS) { + return sysdb_error_to_errno(ret); + } + + ret = ldb_request(ctx->ldb, req); + if (ret != LDB_SUCCESS) { + return sysdb_error_to_errno(ret); + } + + return EOK; +} + +int sysdb_getgrnam(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + const char *name, + sysdb_callback_t fn, void *ptr) +{ + struct sysdb_search_ctx *sctx; + const char *base_dn; + char *expression; + + if (domain) { + base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_GROUP_BASE, domain); + } else { + base_dn = SYSDB_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); + if (!sctx) { + return ENOMEM; + } + + expression = talloc_asprintf(sctx, SYSDB_GRNAM_FILTER, name); + if (!expression) { + talloc_free(sctx); + return ENOMEM; + } + + return grp_search(sctx, ctx, expression); +} + +int sysdb_getgrgid(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + uint64_t gid, + sysdb_callback_t fn, void *ptr) +{ + struct sysdb_search_ctx *sctx; + unsigned long int filter_gid = gid; + const char *base_dn; + char *expression; + + if (domain) { + base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_GROUP_BASE, domain); + } else { + base_dn = SYSDB_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); + if (!sctx) { + return ENOMEM; + } + + expression = talloc_asprintf(sctx, SYSDB_GRGID_FILTER, filter_gid); + if (!expression) { + talloc_free(sctx); + return ENOMEM; + } + + return grp_search(sctx, ctx, expression); +} + +int sysdb_enumgrent(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + sysdb_callback_t fn, void *ptr) +{ + struct sysdb_search_ctx *sctx; + + sctx = init_src_ctx(mem_ctx, SYSDB_BASE, ctx, fn, ptr); + if (!sctx) { + return ENOMEM; + } + + return grp_search(sctx, ctx, SYSDB_GRENT_FILTER); +} + +static void sysdb_initgr_search(void *ptr, int status, + struct ldb_result *res) +{ + struct sysdb_ctx *ctx; + struct sysdb_search_ctx *sctx; + char *expression; + struct ldb_request *req; + struct ldb_control **ctrl; + struct ldb_asq_control *control; + static const char *attrs[] = SYSDB_INITGR_ATTRS; + int ret; + + sctx = talloc_get_type(ptr, struct sysdb_search_ctx); + ctx = sctx->dbctx; + + if (res->count == 0) { + return request_done(sctx); + } + if (res->count > 1) { + return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + } + + expression = talloc_asprintf(sctx, SYSDB_INITGR_FILTER); + if (!expression) { + return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + } + + ctrl = talloc_array(sctx, struct ldb_control *, 2); + if (!ctrl) { + return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + } + ctrl[1] = NULL; + ctrl[0] = talloc(ctrl, struct ldb_control); + if (!ctrl[0]) { + return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + } + ctrl[0]->oid = LDB_CONTROL_ASQ_OID; + ctrl[0]->critical = 1; + control = talloc(ctrl[0], struct ldb_asq_control); + if (!control) { + return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + } + control->request = 1; + control->source_attribute = talloc_strdup(control, SYSDB_INITGR_ATTR); + if (!control->source_attribute) { + return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); + } + control->src_attr_len = strlen(control->source_attribute); + ctrl[0]->data = control; + + ret = ldb_build_search_req(&req, ctx->ldb, sctx, + res->msgs[0]->dn, + LDB_SCOPE_BASE, + expression, attrs, ctrl, + sctx, get_gen_callback, + NULL); + if (ret != LDB_SUCCESS) { + return request_error(sctx, ret); + } + + ret = ldb_request(ctx->ldb, req); + if (ret != LDB_SUCCESS) { + return request_error(sctx, ret); + } +} + +int sysdb_initgroups(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + const char *name, + sysdb_callback_t fn, void *ptr) +{ + static const char *attrs[] = SYSDB_PW_ATTRS; + struct sysdb_search_ctx *ret_sctx; + struct sysdb_search_ctx *sctx; + const char *base_dn; + char *expression; + struct ldb_request *req; + int ret; + + if (domain) { + base_dn = talloc_asprintf(mem_ctx, SYSDB_TMPL_USER_BASE, domain); + } else { + base_dn = SYSDB_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + ret_sctx = init_src_ctx(mem_ctx, SYSDB_BASE, ctx, fn, ptr); + if (!ret_sctx) { + return ENOMEM; + } + sctx = init_src_ctx(ret_sctx, base_dn, ctx, sysdb_initgr_search, ret_sctx); + if (!sctx) { + talloc_free(sctx); + return ENOMEM; + } + + expression = talloc_asprintf(sctx, SYSDB_PWNAM_FILTER, name); + if (!expression) { + talloc_free(sctx); + return ENOMEM; + } + + ret = ldb_build_search_req(&req, ctx->ldb, sctx, + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), + LDB_SCOPE_SUBTREE, + expression, attrs, NULL, + sctx, get_gen_callback, + NULL); + if (ret != LDB_SUCCESS) { + return sysdb_error_to_errno(ret); + } + + ret = ldb_request(ctx->ldb, req); + if (ret != LDB_SUCCESS) { + return sysdb_error_to_errno(ret); + } + + return LDB_SUCCESS; +} + +static int sysdb_read_var(TALLOC_CTX *tmp_ctx, + struct confdb_ctx *cdb, + struct sysdb_ctx *ctx, + const char *name, + const char *def_value, + const char **target) +{ + int ret; + char *t; + char **values; + + ret = confdb_get_param(cdb, tmp_ctx, + SYSDB_CONF_SECTION, + name, &values); + if (ret != EOK) + return ret; + + if (values[0]) + t = talloc_steal(ctx, values[0]); + else + t = talloc_strdup(ctx, def_value); + + *target = t; + return EOK; +} + +static int sysdb_read_conf(TALLOC_CTX *mem_ctx, + struct confdb_ctx *cdb, + struct sysdb_ctx **dbctx) +{ + struct sysdb_ctx *ctx; + TALLOC_CTX *tmp_ctx; + char *default_ldb_path; + int ret; + + tmp_ctx = talloc_new(mem_ctx); + if (!tmp_ctx) + return ENOMEM; + + ctx = talloc(mem_ctx, struct sysdb_ctx); + if (!ctx) { + ret = ENOMEM; + goto done; + } + + default_ldb_path = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, SYSDB_FILE); + if (default_ldb_path == NULL) { + ret = ENOMEM; + goto done; + } + + sysdb_read_var(tmp_ctx, cdb, ctx, "ldbFile", + default_ldb_path, &ctx->ldb_file); + DEBUG(3, ("NSS LDB Cache Path: %s\n", ctx->ldb_file)); + + *dbctx = ctx; + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + +int sysdb_store_account_posix(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, + char *name, char *pwd, + uint64_t uid, uint64_t gid, + char *gecos, char *homedir, char *shell) +{ + TALLOC_CTX *tmp_ctx; + const char *attrs[] = { SYSDB_PW_NAME, NULL }; + struct ldb_dn *account_dn; + struct ldb_message *msg; + struct ldb_request *req; + struct ldb_result *res; + int lret, ret; + int flags; + + tmp_ctx = talloc_new(memctx); + if (!tmp_ctx) { + return ENOMEM; + } + + account_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + "uid=%s,"SYSDB_TMPL_USER_BASE, + name, domain); + if (!account_dn) { + talloc_free(tmp_ctx); + return ENOMEM; + } + + lret = ldb_transaction_start(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); + ret = EIO; + goto done; + } + + lret = ldb_search(sysdb->ldb, tmp_ctx, &res, account_dn, + LDB_SCOPE_BASE, attrs, SYSDB_PWENT_FILTER); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n", + ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb))); + ret = EIO; + goto done; + } + + req = NULL; + + msg = ldb_msg_new(tmp_ctx); + if (!msg) { + ret = ENOMEM; + goto done; + } + msg->dn = account_dn; + + switch (res->count) { + case 0: + flags = LDB_FLAG_MOD_ADD; + break; + case 1: + flags = LDB_FLAG_MOD_REPLACE; + break; + default: + DEBUG(0, ("Cache DB corrupted, base search returned %d results\n", + res->count)); + ret = EIO; + goto done; + } + + talloc_free(res); + res = NULL; + + if (flags == LDB_FLAG_MOD_ADD) { + /* TODO: retrieve user objectclass list from configuration */ + lret = ldb_msg_add_empty(msg, "objectClass", flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_string(msg, "objectClass", "user"); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + + /* TODO: retrieve user name attribute from configuration */ + lret = ldb_msg_add_empty(msg, SYSDB_PW_NAME, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_string(msg, SYSDB_PW_NAME, name); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + } + + /* TODO: retrieve attribute name mappings from configuration */ + + /* pwd */ + if (pwd && *pwd) { + lret = ldb_msg_add_empty(msg, SYSDB_PW_PWD, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_string(msg, SYSDB_PW_PWD, pwd); + } + } else { + lret = ldb_msg_add_empty(msg, SYSDB_PW_PWD, + LDB_FLAG_MOD_DELETE, NULL); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + + /* uid */ + if (uid) { + lret = ldb_msg_add_empty(msg, SYSDB_PW_UIDNUM, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_fmt(msg, SYSDB_PW_UIDNUM, + "%lu", (unsigned long)uid); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + } else { + DEBUG(0, ("Cached users can't have UID == 0\n")); + ret = EINVAL; + goto done; + } + + /* gid */ + if (gid) { + lret = ldb_msg_add_empty(msg, SYSDB_PW_GIDNUM, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_fmt(msg, SYSDB_PW_GIDNUM, + "%lu", (unsigned long)gid); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + } else { + DEBUG(0, ("Cached users can't have GID == 0\n")); + ret = EINVAL; + goto done; + } + + /* gecos */ + if (gecos && *gecos) { + lret = ldb_msg_add_empty(msg, SYSDB_PW_FULLNAME, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_string(msg, SYSDB_PW_FULLNAME, gecos); + } + } else { + lret = ldb_msg_add_empty(msg, SYSDB_PW_FULLNAME, + LDB_FLAG_MOD_DELETE, NULL); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + + /* homedir */ + if (homedir && *homedir) { + lret = ldb_msg_add_empty(msg, SYSDB_PW_HOMEDIR, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_string(msg, SYSDB_PW_HOMEDIR, homedir); + } + } else { + lret = ldb_msg_add_empty(msg, SYSDB_PW_HOMEDIR, + LDB_FLAG_MOD_DELETE, NULL); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + + /* shell */ + if (shell && *shell) { + lret = ldb_msg_add_empty(msg, SYSDB_PW_SHELL, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_string(msg, SYSDB_PW_SHELL, shell); + } + } else { + lret = ldb_msg_add_empty(msg, SYSDB_PW_SHELL, + LDB_FLAG_MOD_DELETE, NULL); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + + /* modification time */ + lret = ldb_msg_add_empty(msg, SYSDB_LAST_UPDATE, flags, NULL); + if (lret == LDB_SUCCESS) { + lret = ldb_msg_add_fmt(msg, SYSDB_LAST_UPDATE, + "%ld", (long int)time(NULL)); + } + if (lret != LDB_SUCCESS) { + ret = errno; + goto done; + } + + if (flags == LDB_FLAG_MOD_ADD) { + lret = ldb_build_add_req(&req, sysdb->ldb, tmp_ctx, msg, NULL, + NULL, ldb_op_default_callback, NULL); + } else { + lret = ldb_build_mod_req(&req, sysdb->ldb, tmp_ctx, msg, NULL, + NULL, ldb_op_default_callback, NULL); + } + if (lret == LDB_SUCCESS) { + lret = ldb_request(sysdb->ldb, req); + if (lret == LDB_SUCCESS) { + lret = ldb_wait(req->handle, LDB_WAIT_ALL); + } + } + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed to make modify request: %s(%d)[%s]\n", + ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb))); + ret = EIO; + goto done; + } + + lret = ldb_transaction_commit(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); + ret = EIO; + goto done; + } + + ret = EOK; + +done: + if (ret != EOK) { + lret = ldb_transaction_cancel(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret)); + } + } + + talloc_free(tmp_ctx); + return ret; +} + +int sysdb_remove_account_posix(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, const char *name) +{ + TALLOC_CTX *tmp_ctx; + struct ldb_dn *account_dn; + int ret; + + tmp_ctx = talloc_new(memctx); + if (!tmp_ctx) { + return ENOMEM; + } + + account_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + "uid=%s,"SYSDB_TMPL_USER_BASE, + name, domain); + if (!account_dn) { + talloc_free(tmp_ctx); + return ENOMEM; + } + + ret = ldb_delete(sysdb->ldb, account_dn); + + if (ret != LDB_SUCCESS) { + DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n", + ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb))); + ret = EIO; + } + + talloc_free(tmp_ctx); + return ret; +} + +int sysdb_remove_account_posix_by_uid(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, uid_t uid) +{ + TALLOC_CTX *tmp_ctx; + const char *attrs[] = { SYSDB_PW_NAME, SYSDB_PW_UIDNUM, NULL }; + struct ldb_dn *base_dn; + struct ldb_dn *account_dn; + struct ldb_result *res; + int lret, ret; + + tmp_ctx = talloc_new(memctx); + if (!tmp_ctx) { + return ENOMEM; + } + + base_dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, + SYSDB_TMPL_USER_BASE, domain); + if (!base_dn) { + talloc_free(tmp_ctx); + return ENOMEM; + } + + lret = ldb_transaction_start(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); + ret = EIO; + goto done; + } + + lret = ldb_search(sysdb->ldb, tmp_ctx, &res, base_dn, + LDB_SCOPE_BASE, attrs, + SYSDB_PWUID_FILTER, + (unsigned long)uid); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n", + ldb_strerror(lret), lret, ldb_errstring(sysdb->ldb))); + ret = EIO; + goto done; + } + + if (res->count == 0) { + ret = EOK; + goto done; + } + if (res->count > 1) { + DEBUG(0, ("Cache DB corrupted, base search returned %d results\n", + res->count)); + ret = EOK; + goto done; + } + + account_dn = ldb_dn_copy(tmp_ctx, res->msgs[0]->dn); + if (!account_dn) { + ret = ENOMEM; + goto done; + } + + talloc_free(res); + res = NULL; + + ret = ldb_delete(sysdb->ldb, account_dn); + + if (ret != LDB_SUCCESS) { + DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n", + ldb_strerror(ret), ret, ldb_errstring(sysdb->ldb))); + ret = EIO; + goto done; + } + + lret = ldb_transaction_commit(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed ldb transaction commit !! (%d)\n", lret)); + ret = EIO; + goto done; + } + + ret = EOK; + +done: + if (ret != EOK) { + lret = ldb_transaction_cancel(sysdb->ldb); + if (lret != LDB_SUCCESS) { + DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret)); + } + } + + talloc_free(tmp_ctx); + return ret; +} + +int sysdb_init(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct confdb_ctx *cdb, + struct sysdb_ctx **dbctx) +{ + struct sysdb_ctx *ctx; + int ret; + + ret = sysdb_read_conf(mem_ctx, cdb, &ctx); + if (ret != EOK) + return ret; + + ctx->ldb = ldb_init(mem_ctx, ev); + if (!ctx->ldb) { + talloc_free(ctx); + return EIO; + } + + ret = ldb_connect(ctx->ldb, ctx->ldb_file, 0, NULL); + if (ret != LDB_SUCCESS) { + talloc_free(ctx); + return EIO; + } + + *dbctx = ctx; + + return EOK; +} diff --git a/server/db/sysdb.h b/server/db/sysdb.h new file mode 100644 index 00000000..5b787596 --- /dev/null +++ b/server/db/sysdb.h @@ -0,0 +1,148 @@ +/* + SSSD + + System Databse Header + + Copyright (C) Simo Sorce <ssorce@redhat.com> 2008 + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef __SYS_DB_H__ +#define __SYS_DB_H__ + +#include "ldb.h" +#include "ldb_errors.h" + +#define SYSDB_CONF_SECTION "config/sysdb" +#define SYSDB_FILE "sssd.ldb" + +#define SYSDB_BASE "cn=sysdb" +#define SYSDB_TMPL_USER_BASE "cn=users,cn=%s,"SYSDB_BASE +#define SYSDB_TMPL_GROUP_BASE "cn=groups,cn=%s,"SYSDB_BASE + +#define SYSDB_PWNAM_FILTER "(&(objectclass=user)(uid=%s))" +#define SYSDB_PWUID_FILTER "(&(objectclass=user)(uidNumber=%lu))" +#define SYSDB_PWENT_FILTER "(objectclass=user)" + +#define SYSDB_GRNAM_FILTER "(&(objectclass=group)(cn=%s))" +#define SYSDB_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))" +#define SYSDB_GRGID_FILTER "(&(objectclass=group)(gidNumber=%lu))" +#define SYSDB_GRENT_FILTER "(objectclass=group)" + +#define SYSDB_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))" + +#define SYSDB_PW_NAME "uid" +#define SYSDB_PW_PWD "userPassword" +#define SYSDB_PW_UIDNUM "uidNumber" +#define SYSDB_PW_GIDNUM "gidNumber" +#define SYSDB_PW_FULLNAME "fullName" +#define SYSDB_PW_HOMEDIR "homeDirectory" +#define SYSDB_PW_SHELL "loginShell" + +#define SYSDB_GR_NAME "cn" +#define SYSDB_GR_GIDNUM "gidNumber" +#define SYSDB_GR_MEMBER "member" + +#define SYSDB_LAST_UPDATE "lastUpdate" + +#define SYSDB_PW_ATTRS {SYSDB_PW_NAME, SYSDB_PW_UIDNUM, \ + SYSDB_PW_GIDNUM, SYSDB_PW_FULLNAME, \ + SYSDB_PW_HOMEDIR, SYSDB_PW_SHELL, \ + SYSDB_LAST_UPDATE, \ + NULL} +#define SYSDB_GRNAM_ATTRS {SYSDB_GR_NAME, SYSDB_GR_GIDNUM, \ + SYSDB_LAST_UPDATE, \ + NULL} +#define SYSDB_GRPW_ATTRS {SYSDB_PW_NAME, SYSDB_LAST_UPDATE, \ + NULL} + +#define SYSDB_INITGR_ATTR "memberof" +#define SYSDB_INITGR_ATTRS {SYSDB_GR_GIDNUM, SYSDB_LAST_UPDATE, \ + NULL} + +struct sysdb_ctx { + struct ldb_context *ldb; + const char *ldb_file; +}; + +struct confdb_ctx; + +typedef void (*sysdb_callback_t)(void *, int, struct ldb_result *); + +int sysdb_init(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct confdb_ctx *cdb, + struct sysdb_ctx **nlctx); + +int sysdb_getpwnam(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + const char *name, + sysdb_callback_t fn, void *ptr); + +int sysdb_getpwuid(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + uint64_t uid, + sysdb_callback_t fn, void *ptr); + +int sysdb_enumpwent(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + sysdb_callback_t fn, void *ptr); + +int sysdb_getgrnam(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + const char *name, + sysdb_callback_t fn, void *ptr); + +int sysdb_getgrgid(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + uint64_t gid, + sysdb_callback_t fn, void *ptr); + +int sysdb_enumgrent(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + sysdb_callback_t fn, void *ptr); + +int sysdb_initgroups(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct sysdb_ctx *ctx, + const char *domain, + const char *name, + sysdb_callback_t fn, void *ptr); + +int sysdb_store_account_posix(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, + char *name, char *pwd, + uint64_t uid, uint64_t gid, + char *gecos, char *homedir, char *shell); + +int sysdb_remove_account_posix(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, const char *name); + +int sysdb_remove_account_posix_by_uid(TALLOC_CTX *memctx, + struct sysdb_ctx *sysdb, + const char *domain, uid_t uid); +#endif /* __SYS_DB_H__ */ diff --git a/server/examples/config.ldif b/server/examples/config.ldif index a0deb389..e5f8b873 100644 --- a/server/examples/config.ldif +++ b/server/examples/config.ldif @@ -50,7 +50,7 @@ dn: cn=TEST,cn=domains,cn=config cn: TEST description: TEST Ldap domain provider: proxy -basedn: cn=TEST,dc=sssd +basedn: cn=TEST,sn=sysdb command: ./sbin/sssd_be -d 2 --provider proxy --domain TEST libName: ldap libPath: /usr/lib64/libnss_ldap.so.2 diff --git a/server/examples/db.ldif b/server/examples/db.ldif index 4a9bf5e0..af1805c9 100644 --- a/server/examples/db.ldif +++ b/server/examples/db.ldif @@ -1,37 +1,37 @@ dn: @MODULES @LIST: asq -dn: dc=sssd -dc: sssd +dn: cn=sysdb +cn: sysdb description: base object -dn: cn=local,dc=sssd +dn: cn=local,cn=sysdb cn: local description: Local system data -dn: cn=groups,cn=local,dc=sssd +dn: cn=groups,cn=local,cn=sysdb cn: groups description: Local POSIX groups -dn: cn=foousers,cn=groups,cn=local,dc=sssd +dn: cn=foousers,cn=groups,cn=local,cn=sysdb cn: foousers description: Local user accounts -member: uid=foobar,cn=users,cn=local,dc=sssd +member: uid=foobar,cn=users,cn=local,cn=sysdb objectclass: group gidNumber: 10101 -dn: cn=users,cn=local,dc=sssd +dn: cn=users,cn=local,cn=sysdb cn: users description: Local POSIX users -dn: uid=foobar,cn=users,cn=local,dc=sssd +dn: uid=foobar,cn=users,cn=local,cn=sysdb uid: foobar objectClass: user description: User Foo Bar uidNumber: 10101 gidNumber: 10101 legacy: false -primaryGroup: cn=foousers,cn=groups,cn=local,dc=sssd +primaryGroup: cn=foousers,cn=groups,cn=local,cn=sysdb userPassword: !@#$%#@#@!FOOBAR homeDirectory: /home/foobar fullName: Foo Bar @@ -46,5 +46,5 @@ passwordHint: Favorite pasta sauce passwordHistory: foo,bar,baz preferredLanguage: IT preferredSession: GNOME -memberOf: cn=foousers,cn=groups,cn=local,dc=sssd +memberOf: cn=foousers,cn=groups,cn=local,cn=sysdb diff --git a/server/nss/nss_ldb.h b/server/nss/nss_ldb.h deleted file mode 100644 index 8f5b1124..00000000 --- a/server/nss/nss_ldb.h +++ /dev/null @@ -1,45 +0,0 @@ -/* nss_ldb private header file */ - -#define NSS_LDB_CONF_SECTION "config/services/nss" - -#define NSS_DEF_LDB_FILE "sssd.ldb" - -#define NSS_DEF_BASE "dc=sssd" -#define NSS_TMPL_USER_BASE "cn=users,cn=%s,dc=sssd" -#define NSS_TMPL_GROUP_BASE "cn=groups,cn=%s,dc=sssd" - -#define NSS_PWNAM_FILTER "(&(objectclass=user)(uid=%s))" -#define NSS_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))" -#define NSS_PWENT_FILTER "(objectclass=user)" - -#define NSS_GRNAM_FILTER "(&(objectclass=group)(cn=%s))" -#define NSS_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))" -#define NSS_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))" -#define NSS_GRENT_FILTER "(objectclass=group)" - -#define NSS_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))" - -#define NSS_PW_NAME "uid" -#define NSS_PW_PWD "userPassword" -#define NSS_PW_UIDNUM "uidNumber" -#define NSS_PW_GIDNUM "gidNumber" -#define NSS_PW_FULLNAME "fullName" -#define NSS_PW_HOMEDIR "homeDirectory" -#define NSS_PW_SHELL "loginShell" - -#define NSS_GR_NAME "cn" -#define NSS_GR_GIDNUM "gidNumber" -#define NSS_GR_MEMBER "member" - -#define NSS_LAST_UPDATE "lastUpdate" - -#define NSS_PW_ATTRS {NSS_PW_NAME, NSS_PW_UIDNUM, \ - NSS_PW_GIDNUM, NSS_PW_FULLNAME, \ - NSS_PW_HOMEDIR, NSS_PW_SHELL, \ - NSS_LAST_UPDATE, NULL} -#define NSS_GRNAM_ATTRS {NSS_GR_NAME, NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL} -#define NSS_GRPW_ATTRS {NSS_PW_NAME, NSS_LAST_UPDATE, NULL} - -#define NSS_INITGR_ATTR "memberof" -#define NSS_INITGR_ATTRS {NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL} - diff --git a/server/nss/nsssrv.c b/server/nss/nsssrv.c index c787637a..4180a460 100644 --- a/server/nss/nsssrv.c +++ b/server/nss/nsssrv.c @@ -30,10 +30,9 @@ #include <sys/time.h> #include <errno.h> #include "popt.h" -#include "ldb.h" #include "util/util.h" #include "nss/nsssrv.h" -#include "nss/nsssrv_ldb.h" +#include "db/sysdb.h" #include "confdb/confdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" @@ -426,7 +425,7 @@ int nss_process_init(TALLOC_CTX *mem_ctx, return ret; } - ret = nss_ldb_init(nctx, ev, cdb, &nctx->lctx); + ret = sysdb_init(nctx, ev, cdb, &nctx->sysdb); if (ret != EOK) { DEBUG(0, ("fatal error initializing nss_ctx\n")); return ret; diff --git a/server/nss/nsssrv.h b/server/nss/nsssrv.h index 6e4d57e0..ce1f7b23 100644 --- a/server/nss/nsssrv.h +++ b/server/nss/nsssrv.h @@ -41,14 +41,14 @@ #define NSS_DOMAIN_DELIM '@' #endif -struct nss_ldb_ctx; +struct sysdb_ctx; struct getent_ctx; struct nss_ctx { struct event_context *ev; struct fd_event *lfde; int lfd; - struct nss_ldb_ctx *lctx; + struct sysdb_ctx *sysdb; struct confdb_ctx *cdb; char *sock_name; struct service_sbus_ctx *ss_ctx; diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c index 69823069..95a52ea2 100644 --- a/server/nss/nsssrv_cmd.c +++ b/server/nss/nsssrv_cmd.c @@ -19,12 +19,10 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#include "ldb.h" -#include "ldb_errors.h" #include "util/util.h" #include "util/btreemap.h" #include "nss/nsssrv.h" -#include "nss/nsssrv_ldb.h" +#include "db/sysdb.h" #include <time.h> struct nss_cmd_ctx { @@ -137,12 +135,12 @@ static int fill_pwent(struct nss_packet *packet, for (i = 0; i < count; i++) { msg = msgs[i]; - name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL); - fullname = ldb_msg_find_attr_as_string(msg, NSS_PW_FULLNAME, NULL); - homedir = ldb_msg_find_attr_as_string(msg, NSS_PW_HOMEDIR, NULL); - shell = ldb_msg_find_attr_as_string(msg, NSS_PW_SHELL, NULL); - uid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_UIDNUM, 0); - gid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_GIDNUM, 0); + name = ldb_msg_find_attr_as_string(msg, SYSDB_PW_NAME, NULL); + fullname = ldb_msg_find_attr_as_string(msg, SYSDB_PW_FULLNAME, NULL); + homedir = ldb_msg_find_attr_as_string(msg, SYSDB_PW_HOMEDIR, NULL); + shell = ldb_msg_find_attr_as_string(msg, SYSDB_PW_SHELL, NULL); + uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_PW_UIDNUM, 0); + gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_PW_GIDNUM, 0); if (!name || !fullname || !homedir || !shell || !uid || !gid) { DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n", @@ -262,7 +260,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status, if (nctx->check_expiration) { timeout = nctx->cctx->nctx->cache_timeout; - lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], NSS_LAST_UPDATE, 0); + lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], SYSDB_LAST_UPDATE, 0); if (lastUpdate + timeout < time(NULL)) { /* dont loop forever :-) */ @@ -347,9 +345,9 @@ static void nss_cmd_getpwnam_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } - ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx, - nctx->domain, nctx->name, - nss_cmd_getpw_callback, nctx); + ret = sysdb_getpwnam(nctx, cctx->ev, cctx->nctx->sysdb, + nctx->domain, nctx->name, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -393,9 +391,9 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) DEBUG(4, ("Requesting info for [%s] from [%s]\n", nctx->name, nctx->domain?nctx->domain:"all domains")); - ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx, - nctx->domain, nctx->name, - nss_cmd_getpw_callback, nctx); + ret = sysdb_getpwnam(nctx, cctx->ev, cctx->nctx->sysdb, + nctx->domain, nctx->name, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -422,9 +420,9 @@ static void nss_cmd_getpwuid_callback(uint16_t err_maj, uint32_t err_min, (unsigned int)err_maj, (unsigned int)err_min, err_msg)); } - ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx, - nctx->domain, nctx->id, - nss_cmd_getpw_callback, nctx); + ret = sysdb_getpwuid(nctx, cctx->ev, cctx->nctx->sysdb, + nctx->domain, nctx->id, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -463,9 +461,9 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx) DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain)); - ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx, - nctx->domain, nctx->id, - nss_cmd_getpw_callback, nctx); + ret = sysdb_getpwuid(nctx, cctx->ev, cctx->nctx->sysdb, + nctx->domain, nctx->id, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -544,8 +542,8 @@ static int nss_cmd_setpwent(struct cli_ctx *cctx) cctx->gctx->pwd_cur = 0; } - ret = nss_ldb_enumpwent(nctx, cctx->ev, cctx->nctx->lctx, - nss_cmd_setpwent_callback, nctx); + ret = sysdb_enumpwent(nctx, cctx->ev, cctx->nctx->sysdb, + nss_cmd_setpwent_callback, nctx); return ret; } @@ -642,8 +640,8 @@ static int nss_cmd_getpwent(struct cli_ctx *cctx) cctx->gctx = gctx; } if (cctx->gctx->pwds == NULL) { - ret = nss_ldb_enumpwent(nctx, cctx->ev, cctx->nctx->lctx, - nss_cmd_getpwent_callback, nctx); + ret = sysdb_enumpwent(nctx, cctx->ev, cctx->nctx->sysdb, + nss_cmd_getpwent_callback, nctx); return ret; } } @@ -720,8 +718,8 @@ static int fill_grent(struct nss_packet *packet, if (get_group) { /* find group name/gid */ - name = ldb_msg_find_attr_as_string(msg, NSS_GR_NAME, NULL); - gid = ldb_msg_find_attr_as_uint64(msg, NSS_GR_GIDNUM, 0); + name = ldb_msg_find_attr_as_string(msg, SYSDB_GR_NAME, NULL); + gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GR_GIDNUM, 0); if (!name || !gid) { DEBUG(1, ("Incomplete group object for %s[%llu]! Aborting\n", name?name:"<NULL>", (unsigned long long int)gid)); @@ -749,7 +747,7 @@ static int fill_grent(struct nss_packet *packet, continue; } - name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL); + name = ldb_msg_find_attr_as_string(msg, SYSDB_PW_NAME, NULL); if (!name) { /* last member of previous group found, or error. @@ -862,9 +860,9 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx) DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); - ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx, - nctx->domain, nctx->name, - nss_cmd_getgr_callback, nctx); + ret = sysdb_getgrnam(nctx, cctx->ev, cctx->nctx->sysdb, + nctx->domain, nctx->name, + nss_cmd_getgr_callback, nctx); return ret; } @@ -895,9 +893,9 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx) DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain)); - ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx, - nctx->domain, nctx->id, - nss_cmd_getgr_callback, nctx); + ret = sysdb_getgrgid(nctx, cctx->ev, cctx->nctx->sysdb, + nctx->domain, nctx->id, + nss_cmd_getgr_callback, nctx); return ret; } @@ -968,8 +966,8 @@ static int nss_cmd_setgrent(struct cli_ctx *cctx) cctx->gctx->grp_cur = 0; } - ret = nss_ldb_enumgrent(nctx, cctx->ev, cctx->nctx->lctx, - nss_cmd_setgrent_callback, nctx); + ret = sysdb_enumgrent(nctx, cctx->ev, cctx->nctx->sysdb, + nss_cmd_setgrent_callback, nctx); return ret; } @@ -1069,8 +1067,8 @@ static int nss_cmd_getgrent(struct cli_ctx *cctx) cctx->gctx = gctx; } if (cctx->gctx->grps == NULL) { - ret = nss_ldb_enumgrent(nctx, cctx->ev, cctx->nctx->lctx, - nss_cmd_getgrent_callback, nctx); + ret = sysdb_enumgrent(nctx, cctx->ev, cctx->nctx->sysdb, + nss_cmd_getgrent_callback, nctx); return ret; } } @@ -1155,7 +1153,7 @@ static void nss_cmd_initgr_callback(void *ptr, int status, nss_packet_get_body(cctx->creq->out, &body, &blen); for (i = 0; i < num; i++) { - gid = ldb_msg_find_attr_as_uint64(res->msgs[i], NSS_GR_GIDNUM, 0); + gid = ldb_msg_find_attr_as_uint64(res->msgs[i], SYSDB_GR_GIDNUM, 0); if (!gid) { DEBUG(1, ("Incomplete group object for initgroups! Aborting\n")); nss_packet_set_error(cctx->creq->out, EIO); @@ -1201,9 +1199,9 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx) DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); - ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx, - nctx->domain, nctx->name, - nss_cmd_initgr_callback, nctx); + ret = sysdb_initgroups(nctx, cctx->ev, cctx->nctx->sysdb, + nctx->domain, nctx->name, + nss_cmd_initgr_callback, nctx); return ret; } diff --git a/server/nss/nsssrv_ldb.c b/server/nss/nsssrv_ldb.c deleted file mode 100644 index d9c40463..00000000 --- a/server/nss/nsssrv_ldb.c +++ /dev/null @@ -1,762 +0,0 @@ -/* - SSSD - - NSS Responder - - Copyright (C) Simo Sorce <ssorce@redhat.com> 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "ldb.h" -#include "ldb_errors.h" -#include "util/util.h" -#include "nss/nsssrv.h" -#include "nss/nsssrv_ldb.h" -#include "confdb/confdb.h" - -struct nss_ldb_search_ctx { - struct nss_ldb_ctx *nlctx; - const char *base_dn; - nss_ldb_callback_t callback; - void *ptr; - struct ldb_result *res; -}; - -static int nss_ldb_error_to_errno(int lerr) -{ - /* fake it up for now, requires a mapping table */ - return EIO; -} - -static void request_error(struct nss_ldb_search_ctx *sctx, int ldb_error) -{ - sctx->callback(sctx->ptr, nss_ldb_error_to_errno(ldb_error), sctx->res); -} - -static void request_done(struct nss_ldb_search_ctx *sctx) -{ - sctx->callback(sctx->ptr, EOK, sctx->res); -} - -static int get_gen_callback(struct ldb_request *req, - struct ldb_reply *ares) -{ - struct nss_ldb_search_ctx *sctx; - struct ldb_result *res; - int n; - - sctx = talloc_get_type(req->context, struct nss_ldb_search_ctx); - res = sctx->res; - - if (!ares) { - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - if (ares->error != LDB_SUCCESS) { - request_error(sctx, ares->error); - return ares->error; - } - - switch (ares->type) { - case LDB_REPLY_ENTRY: - res->msgs = talloc_realloc(res, res->msgs, - struct ldb_message *, - res->count + 2); - if (!res->msgs) { - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - - res->msgs[res->count + 1] = NULL; - - res->msgs[res->count] = talloc_steal(res->msgs, ares->message); - res->count++; - break; - - case LDB_REPLY_REFERRAL: - if (res->refs) { - for (n = 0; res->refs[n]; n++) /*noop*/ ; - } else { - n = 0; - } - - res->refs = talloc_realloc(res, res->refs, char *, n + 2); - if (! res->refs) { - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - - res->refs[n] = talloc_steal(res->refs, ares->referral); - res->refs[n + 1] = NULL; - break; - - case LDB_REPLY_DONE: - res->controls = talloc_steal(res, ares->controls); - - /* this is the last message, and means the request is done */ - request_done(sctx); - return LDB_SUCCESS; - } - - talloc_free(ares); - return LDB_SUCCESS; -} - -static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx, - const char *base_dn, - struct nss_ldb_ctx *ctx, - nss_ldb_callback_t fn, - void *ptr) -{ - struct nss_ldb_search_ctx *sctx; - - sctx = talloc(mem_ctx, struct nss_ldb_search_ctx); - if (!sctx) { - return NULL; - } - sctx->nlctx = ctx; - sctx->base_dn = base_dn; - sctx->callback = fn; - sctx->ptr = ptr; - sctx->res = talloc_zero(sctx, struct ldb_result); - if (!sctx->res) { - talloc_free(sctx); - return NULL; - } - - return sctx; -} - -/* users */ - -static int pwd_search(struct nss_ldb_search_ctx *sctx, - struct nss_ldb_ctx *ctx, - const char *expression) -{ - static const char *attrs[] = NSS_PW_ATTRS; - struct ldb_request *req; - int ret; - - ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), - LDB_SCOPE_SUBTREE, - expression, attrs, NULL, - sctx, get_gen_callback, - NULL); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); - } - - ret = ldb_request(ctx->ldb, req); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); - } - - return EOK; -} - -int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - const char *name, - nss_ldb_callback_t fn, void *ptr) -{ - struct nss_ldb_search_ctx *sctx; - const char *base_dn; - char *expression; - - if (domain) { - base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); - } else { - base_dn = NSS_DEF_BASE; - } - if (!base_dn) { - return ENOMEM; - } - - sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); - if (!sctx) { - return ENOMEM; - } - - expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); - if (!expression) { - talloc_free(sctx); - return ENOMEM; - } - - return pwd_search(sctx, ctx, expression); -} - -int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - uint64_t uid, - nss_ldb_callback_t fn, void *ptr) -{ - struct nss_ldb_search_ctx *sctx; - unsigned long long int filter_uid = uid; - const char *base_dn; - char *expression; - - if (domain) { - base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); - } else { - base_dn = NSS_DEF_BASE; - } - if (!base_dn) { - return ENOMEM; - } - - sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); - if (!sctx) { - return ENOMEM; - } - - expression = talloc_asprintf(sctx, NSS_PWUID_FILTER, filter_uid); - if (!expression) { - talloc_free(sctx); - return ENOMEM; - } - - return pwd_search(sctx, ctx, expression); -} - -int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - nss_ldb_callback_t fn, void *ptr) -{ - struct nss_ldb_search_ctx *sctx; - - sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); - if (!sctx) { - return ENOMEM; - } - - return pwd_search(sctx, ctx, NSS_PWENT_FILTER); -} - -/* groups */ - -struct get_mem_ctx { - struct nss_ldb_search_ctx *ret_sctx; - struct ldb_message **grps; - int num_grps; -}; - -static void get_members(void *ptr, int status, struct ldb_result *res) -{ - struct nss_ldb_ctx *ctx; - struct nss_ldb_search_ctx *sctx; - struct get_mem_ctx *gmctx; - struct nss_ldb_search_ctx *mem_sctx; - struct ldb_request *req; - struct ldb_message *msg; - struct ldb_result *ret_res; - static const char *attrs[] = NSS_GRPW_ATTRS; - const char *expression; - int ret, i; - - sctx = talloc_get_type(ptr, struct nss_ldb_search_ctx); - gmctx = talloc_get_type(sctx->ptr, struct get_mem_ctx); - ctx = sctx->nlctx; - - if (status != LDB_SUCCESS) { - return request_error(gmctx->ret_sctx, status); - } - - ret_res = gmctx->ret_sctx->res; - - /* append previous search results to final (if any) */ - if (res && res->count != 0) { - ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs, - struct ldb_message *, - ret_res->count + res->count + 1); - for(i = 0; i < res->count; i++) { - ret_res->msgs[ret_res->count] = talloc_steal(ret_res, res->msgs[i]); - ret_res->count++; - } - ret_res->msgs[ret_res->count] = NULL; - } - - if (gmctx->grps[0] == NULL) { - return request_done(gmctx->ret_sctx); - } - - mem_sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, sctx); - if (!mem_sctx) { - return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); - } - - /* fetch next group to search for members */ - gmctx->num_grps--; - msg = gmctx->grps[gmctx->num_grps]; - gmctx->grps[gmctx->num_grps] = NULL; - - /* queue the group entry on the final result structure */ - ret_res->msgs = talloc_realloc(ret_res, ret_res->msgs, - struct ldb_message *, - ret_res->count + 2); - if (!ret_res->msgs) { - return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); - } - ret_res->msgs[ret_res->count + 1] = NULL; - ret_res->msgs[ret_res->count] = talloc_steal(ret_res->msgs, msg); - ret_res->count++; - - /* search for this group members */ - expression = talloc_asprintf(mem_sctx, NSS_GRNA2_FILTER, - ldb_dn_get_linearized(msg->dn)); - if (!expression) { - return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); - } - - ret = ldb_build_search_req(&req, ctx->ldb, mem_sctx, - ldb_dn_new(mem_sctx, ctx->ldb, sctx->base_dn), - LDB_SCOPE_SUBTREE, - expression, attrs, NULL, - mem_sctx, get_gen_callback, - NULL); - if (ret != LDB_SUCCESS) { - return request_error(gmctx->ret_sctx, ret); - } - - ret = ldb_request(ctx->ldb, req); - if (ret != LDB_SUCCESS) { - return request_error(gmctx->ret_sctx, ret); - } -} - -static int get_grp_callback(struct ldb_request *req, - struct ldb_reply *ares) -{ - struct nss_ldb_search_ctx *sctx; - struct nss_ldb_ctx *ctx; - struct ldb_result *res; - int n; - - sctx = talloc_get_type(req->context, struct nss_ldb_search_ctx); - ctx = sctx->nlctx; - res = sctx->res; - - if (!ares) { - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - if (ares->error != LDB_SUCCESS) { - request_error(sctx, ares->error); - return ares->error; - } - - switch (ares->type) { - case LDB_REPLY_ENTRY: - res->msgs = talloc_realloc(res, res->msgs, - struct ldb_message *, - res->count + 2); - if (!res->msgs) { - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - - res->msgs[res->count + 1] = NULL; - - res->msgs[res->count] = talloc_steal(res->msgs, ares->message); - res->count++; - break; - - case LDB_REPLY_REFERRAL: - if (res->refs) { - for (n = 0; res->refs[n]; n++) /*noop*/ ; - } else { - n = 0; - } - - res->refs = talloc_realloc(res, res->refs, char *, n + 2); - if (! res->refs) { - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - - res->refs[n] = talloc_steal(res->refs, ares->referral); - res->refs[n + 1] = NULL; - break; - - case LDB_REPLY_DONE: - res->controls = talloc_steal(res, ares->controls); - - /* no results, return */ - if (res->count == 0) { - request_done(sctx); - return LDB_SUCCESS; - } - if (res->count > 0) { - struct get_mem_ctx *gmctx; - - gmctx = talloc_zero(req, struct get_mem_ctx); - if (!gmctx) { - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - gmctx->ret_sctx = sctx; - gmctx->grps = talloc_steal(gmctx, res->msgs); - gmctx->num_grps = res->count; - res->msgs = NULL; - res->count = 0; - - /* re-use sctx to create a fake handler for the first call to - * get_members() */ - sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, gmctx); - - get_members(sctx, LDB_SUCCESS, NULL); - return LDB_SUCCESS; - } - - /* anything else is an error */ - request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - return LDB_ERR_OPERATIONS_ERROR; - } - - talloc_free(ares); - return LDB_SUCCESS; -} - -static int grp_search(struct nss_ldb_search_ctx *sctx, - struct nss_ldb_ctx *ctx, - const char *expression) -{ - static const char *attrs[] = NSS_GRNAM_ATTRS; - struct ldb_request *req; - int ret; - - ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), - LDB_SCOPE_SUBTREE, - expression, attrs, NULL, - sctx, get_grp_callback, - NULL); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); - } - - ret = ldb_request(ctx->ldb, req); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); - } - - return EOK; -} - -int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - const char *name, - nss_ldb_callback_t fn, void *ptr) -{ - struct nss_ldb_search_ctx *sctx; - const char *base_dn; - char *expression; - - if (domain) { - base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain); - } else { - base_dn = NSS_DEF_BASE; - } - if (!base_dn) { - return ENOMEM; - } - - sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); - if (!sctx) { - return ENOMEM; - } - - expression = talloc_asprintf(sctx, NSS_GRNAM_FILTER, name); - if (!expression) { - talloc_free(sctx); - return ENOMEM; - } - - return grp_search(sctx, ctx, expression); -} - -int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - uint64_t gid, - nss_ldb_callback_t fn, void *ptr) -{ - struct nss_ldb_search_ctx *sctx; - unsigned long long int filter_gid = gid; - const char *base_dn; - char *expression; - - if (domain) { - base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain); - } else { - base_dn = NSS_DEF_BASE; - } - if (!base_dn) { - return ENOMEM; - } - - sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); - if (!sctx) { - return ENOMEM; - } - - expression = talloc_asprintf(sctx, NSS_GRGID_FILTER, filter_gid); - if (!expression) { - talloc_free(sctx); - return ENOMEM; - } - - return grp_search(sctx, ctx, expression); -} - -int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - nss_ldb_callback_t fn, void *ptr) -{ - struct nss_ldb_search_ctx *sctx; - - sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); - if (!sctx) { - return ENOMEM; - } - - return grp_search(sctx, ctx, NSS_GRENT_FILTER); -} - -static void nss_ldb_initgr_search(void *ptr, int status, - struct ldb_result *res) -{ - struct nss_ldb_ctx *ctx; - struct nss_ldb_search_ctx *sctx; - char *expression; - struct ldb_request *req; - struct ldb_control **ctrl; - struct ldb_asq_control *control; - static const char *attrs[] = NSS_INITGR_ATTRS; - int ret; - - sctx = talloc_get_type(ptr, struct nss_ldb_search_ctx); - ctx = sctx->nlctx; - - if (res->count == 0) { - return request_done(sctx); - } - if (res->count > 1) { - return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - } - - expression = talloc_asprintf(sctx, NSS_INITGR_FILTER); - if (!expression) { - return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - } - - ctrl = talloc_array(sctx, struct ldb_control *, 2); - if (!ctrl) { - return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - } - ctrl[1] = NULL; - ctrl[0] = talloc(ctrl, struct ldb_control); - if (!ctrl[0]) { - return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - } - ctrl[0]->oid = LDB_CONTROL_ASQ_OID; - ctrl[0]->critical = 1; - control = talloc(ctrl[0], struct ldb_asq_control); - if (!control) { - return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - } - control->request = 1; - control->source_attribute = talloc_strdup(control, NSS_INITGR_ATTR); - if (!control->source_attribute) { - return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); - } - control->src_attr_len = strlen(control->source_attribute); - ctrl[0]->data = control; - - ret = ldb_build_search_req(&req, ctx->ldb, sctx, - res->msgs[0]->dn, - LDB_SCOPE_BASE, - expression, attrs, ctrl, - sctx, get_gen_callback, - NULL); - if (ret != LDB_SUCCESS) { - return request_error(sctx, ret); - } - - ret = ldb_request(ctx->ldb, req); - if (ret != LDB_SUCCESS) { - return request_error(sctx, ret); - } -} - -int nss_ldb_initgroups(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - const char *name, - nss_ldb_callback_t fn, void *ptr) -{ - static const char *attrs[] = NSS_PW_ATTRS; - struct nss_ldb_search_ctx *ret_sctx; - struct nss_ldb_search_ctx *sctx; - const char *base_dn; - char *expression; - struct ldb_request *req; - int ret; - - if (domain) { - base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); - } else { - base_dn = NSS_DEF_BASE; - } - if (!base_dn) { - return ENOMEM; - } - - ret_sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); - if (!ret_sctx) { - return ENOMEM; - } - sctx = init_src_ctx(ret_sctx, base_dn, ctx, nss_ldb_initgr_search, ret_sctx); - if (!sctx) { - talloc_free(sctx); - return ENOMEM; - } - - expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); - if (!expression) { - talloc_free(sctx); - return ENOMEM; - } - - ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), - LDB_SCOPE_SUBTREE, - expression, attrs, NULL, - sctx, get_gen_callback, - NULL); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); - } - - ret = ldb_request(ctx->ldb, req); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); - } - - return LDB_SUCCESS; -} - -static int nss_ldb_read_var(TALLOC_CTX *tmp_ctx, - struct confdb_ctx *cdb, - struct nss_ldb_ctx *ctx, - const char *name, - const char *def_value, - const char **target) -{ - int ret; - char *t; - char **values; - - ret = confdb_get_param(cdb, tmp_ctx, - NSS_LDB_CONF_SECTION, - name, &values); - if (ret != EOK) - return ret; - - if (values[0]) - t = talloc_steal(ctx, values[0]); - else - t = talloc_strdup(ctx, def_value); - - *target = t; - return EOK; -} - -static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx, - struct confdb_ctx *cdb, - struct nss_ldb_ctx **nlctx) -{ - struct nss_ldb_ctx *ctx; - TALLOC_CTX *tmp_ctx; - char *default_ldb_path; - int ret; - - tmp_ctx = talloc_new(mem_ctx); - if (!tmp_ctx) - return ENOMEM; - - ctx = talloc(mem_ctx, struct nss_ldb_ctx); - if (!ctx) { - ret = ENOMEM; - goto done; - } - - default_ldb_path = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, NSS_DEF_LDB_FILE); - if (default_ldb_path == NULL) { - ret = ENOMEM; - goto done; - } - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "ldbFile", - default_ldb_path, &ctx->ldb_file); - DEBUG(3, ("NSS LDB Cache Path: %s\n", ctx->ldb_file)); - - *nlctx = ctx; - ret = EOK; - -done: - talloc_free(tmp_ctx); - return ret; -} - -int nss_ldb_init(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct confdb_ctx *cdb, - struct nss_ldb_ctx **nlctx) -{ - struct nss_ldb_ctx *ctx; - int ret; - - ret = nss_ldb_read_conf(mem_ctx, cdb, &ctx); - if (ret != EOK) - return ret; - - ctx->ldb = ldb_init(mem_ctx, ev); - if (!ctx->ldb) { - talloc_free(ctx); - return EIO; - } - - ret = ldb_connect(ctx->ldb, ctx->ldb_file, 0, NULL); - if (ret != LDB_SUCCESS) { - talloc_free(ctx); - return EIO; - } - - *nlctx = ctx; - - return EOK; -} diff --git a/server/nss/nsssrv_ldb.h b/server/nss/nsssrv_ldb.h deleted file mode 100644 index 66c9687d..00000000 --- a/server/nss/nsssrv_ldb.h +++ /dev/null @@ -1,83 +0,0 @@ -/* - SSSD - - NSS LDB Header - - Copyright (C) Simo Sorce <ssorce@redhat.com> 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - - -#include "nss/nss_ldb.h" - -struct nss_ldb_ctx { - struct ldb_context *ldb; - const char *ldb_file; -}; - -struct confdb_ctx; - -typedef void (*nss_ldb_callback_t)(void *, int, struct ldb_result *); - -int nss_ldb_init(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct confdb_ctx *cdb, - struct nss_ldb_ctx **nlctx); - -int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - const char *name, - nss_ldb_callback_t fn, void *ptr); - -int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - uint64_t uid, - nss_ldb_callback_t fn, void *ptr); - -int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - nss_ldb_callback_t fn, void *ptr); - -int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - const char *name, - nss_ldb_callback_t fn, void *ptr); - -int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - uint64_t gid, - nss_ldb_callback_t fn, void *ptr); - -int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - nss_ldb_callback_t fn, void *ptr); - -int nss_ldb_initgroups(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct nss_ldb_ctx *ctx, - const char *domain, - const char *name, - nss_ldb_callback_t fn, void *ptr); - diff --git a/server/providers/data_provider.c b/server/providers/data_provider.c index ee449a52..e0de4dbb 100644 --- a/server/providers/data_provider.c +++ b/server/providers/data_provider.c @@ -30,8 +30,6 @@ #include <sys/time.h> #include <errno.h> #include "popt.h" -#include "ldb.h" -#include "ldb_errors.h" #include "util/util.h" #include "confdb/confdb.h" #include "dbus/dbus.h" @@ -47,7 +45,6 @@ struct dp_frontend; struct dp_ctx { struct event_context *ev; struct confdb_ctx *cdb; - struct ldb_context *ldb; struct service_sbus_ctx *ss_ctx; struct sbus_srv_ctx *sbus_srv; struct dp_backend *be_list; @@ -165,50 +162,6 @@ static int dp_monitor_init(struct dp_ctx *dpctx) return EOK; } -static int dp_db_init(struct dp_ctx *dpctx) -{ - TALLOC_CTX *ctx; - char *ldb_file; - char *default_db_file; - int ret; - - ctx = talloc_new(dpctx); - if(ctx == NULL) { - return ENOMEM; - } - - default_db_file = talloc_asprintf(ctx, "%s/%s", DB_PATH, DATA_PROVIDER_DB_FILE); - if (default_db_file == NULL) { - talloc_free(ctx); - return ENOMEM; - } - - ret = confdb_get_string(dpctx->cdb, ctx, - DATA_PROVIDER_DB_CONF_SEC, "ldbFile", - default_db_file, &ldb_file); - if (ret != EOK) { - talloc_free(ctx); - return ret; - } - - dpctx->ldb = ldb_init(ctx, dpctx->ev); - if (!dpctx->ldb) { - talloc_free(ctx); - return EIO; - } - - ret = ldb_connect(dpctx->ldb, ldb_file, 0, NULL); - if (ret != LDB_SUCCESS) { - talloc_free(ctx); - return EIO; - } - - talloc_steal(dpctx,dpctx->ldb); - talloc_free(ctx); - - return EOK; -} - static void be_identity_check(DBusPendingCall *pending, void *data); static void be_online_check(DBusPendingCall *pending, void *data); static void be_got_account_info(DBusPendingCall *pending, void *data); @@ -831,12 +784,6 @@ static int dp_process_init(TALLOC_CTX *mem_ctx, dpctx->ev = ev; dpctx->cdb = cdb; - ret = dp_db_init(dpctx); - if (ret != EOK) { - DEBUG(0, ("fatal error opening database\n")); - return ret; - } - ret = dp_monitor_init(dpctx); if (ret != EOK) { DEBUG(0, ("fatal error setting up monitor bus\n")); diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c index 8f0d8318..75e99bdc 100644 --- a/server/providers/data_provider_be.c +++ b/server/providers/data_provider_be.c @@ -30,10 +30,9 @@ #include <sys/time.h> #include <errno.h> #include "popt.h" -#include "ldb.h" -#include "ldb_errors.h" #include "util/util.h" #include "confdb/confdb.h" +#include "db/sysdb.h" #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "sbus_interfaces.h" @@ -408,7 +407,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = dp_be_cachedb_init(ctx); + ret = sysdb_init(ctx, ev, cdb, &ctx->sysdb); if (ret != EOK) { DEBUG(0, ("fatal error opening cache database\n")); return ret; diff --git a/server/providers/dp_backend.h b/server/providers/dp_backend.h index 1ad31d5e..219df957 100644 --- a/server/providers/dp_backend.h +++ b/server/providers/dp_backend.h @@ -23,13 +23,14 @@ #define __DP_BACKEND_H__ #include "providers/data_provider.h" +#include "db/sysdb.h" struct be_mod_ops; struct be_ctx { struct event_context *ev; struct confdb_ctx *cdb; - struct ldb_context *ldb; + struct sysdb_ctx *sysdb; struct service_sbus_ctx *ss_ctx; struct service_sbus_ctx *dp_ctx; const char *name; @@ -47,13 +48,4 @@ struct be_mod_ops { int filter_type, char *filter_value); }; -int dp_be_store_account_posix(struct be_ctx *ctx, - char *name, char *pwd, - uint64_t uid, uint64_t gid, - char *gecos, char *homedir, char *shell); -int dp_be_remove_account_posix(struct be_ctx *ctx, char *name); -int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid); - -int dp_be_cachedb_init(struct be_ctx *ctx); - #endif /* __DP_BACKEND_H___ */ diff --git a/server/providers/dp_backend_store.c b/server/providers/dp_backend_store.c index 0d7153c1..6c97951e 100644 --- a/server/providers/dp_backend_store.c +++ b/server/providers/dp_backend_store.c @@ -33,408 +33,3 @@ * In case this changes (ex. plugins that contact the network etc.. * make sure to split functions in multiple async calls */ -int dp_be_store_account_posix(struct be_ctx *ctx, - char *name, char *pwd, - uint64_t uid, uint64_t gid, - char *gecos, char *homedir, char *shell) -{ - TALLOC_CTX *tmp_ctx; - const char *attrs[] = { NSS_PW_NAME, NULL }; - struct ldb_dn *account_dn; - struct ldb_message *msg; - struct ldb_request *req; - struct ldb_result *res; - int lret, ret; - int flags; - - tmp_ctx = talloc_new(ctx); - if (!tmp_ctx) { - return ENOMEM; - } - - account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb, - "uid=%s,"NSS_TMPL_USER_BASE, - name, ctx->domain); - if (!account_dn) { - talloc_free(tmp_ctx); - return ENOMEM; - } - - lret = ldb_transaction_start(ctx->ldb); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); - ret = EIO; - goto done; - } - - lret = ldb_search(ctx->ldb, tmp_ctx, &res, account_dn, - LDB_SCOPE_BASE, attrs, NSS_PWENT_FILTER); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n", - ldb_strerror(lret), lret, ldb_errstring(ctx->ldb))); - ret = EIO; - goto done; - } - - req = NULL; - - msg = ldb_msg_new(tmp_ctx); - if (!msg) { - ret = ENOMEM; - goto done; - } - msg->dn = account_dn; - - switch (res->count) { - case 0: - flags = LDB_FLAG_MOD_ADD; - break; - case 1: - flags = LDB_FLAG_MOD_REPLACE; - break; - default: - DEBUG(0, ("Cache DB corrupted, base search returned %d results\n", - res->count)); - ret = EIO; - goto done; - } - - talloc_free(res); - res = NULL; - - if (flags == LDB_FLAG_MOD_ADD) { - /* TODO: retrieve user objectclass list from configuration */ - lret = ldb_msg_add_empty(msg, "objectClass", flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, "objectClass", "user"); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - - /* TODO: retrieve user name attribute from configuration */ - lret = ldb_msg_add_empty(msg, NSS_PW_NAME, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, NSS_PW_NAME, name); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - } - - /* TODO: retrieve attribute name mappings from configuration */ - - /* pwd */ - if (pwd && *pwd) { - lret = ldb_msg_add_empty(msg, NSS_PW_PWD, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, NSS_PW_PWD, pwd); - } - } else { - lret = ldb_msg_add_empty(msg, NSS_PW_PWD, - LDB_FLAG_MOD_DELETE, NULL); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - - /* uid */ - if (uid) { - lret = ldb_msg_add_empty(msg, NSS_PW_UIDNUM, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_fmt(msg, NSS_PW_UIDNUM, - "%lu", (unsigned long)uid); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - } else { - DEBUG(0, ("Cached users can't have UID == 0\n")); - ret = EINVAL; - goto done; - } - - /* gid */ - if (gid) { - lret = ldb_msg_add_empty(msg, NSS_PW_GIDNUM, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_fmt(msg, NSS_PW_GIDNUM, - "%lu", (unsigned long)gid); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - } else { - DEBUG(0, ("Cached users can't have GID == 0\n")); - ret = EINVAL; - goto done; - } - - /* gecos */ - if (gecos && *gecos) { - lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, NSS_PW_FULLNAME, gecos); - } - } else { - lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME, - LDB_FLAG_MOD_DELETE, NULL); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - - /* homedir */ - if (homedir && *homedir) { - lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, NSS_PW_HOMEDIR, homedir); - } - } else { - lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR, - LDB_FLAG_MOD_DELETE, NULL); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - - /* shell */ - if (shell && *shell) { - lret = ldb_msg_add_empty(msg, NSS_PW_SHELL, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, NSS_PW_SHELL, shell); - } - } else { - lret = ldb_msg_add_empty(msg, NSS_PW_SHELL, - LDB_FLAG_MOD_DELETE, NULL); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - - /* modification time */ - lret = ldb_msg_add_empty(msg, NSS_LAST_UPDATE, flags, NULL); - if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_fmt(msg, NSS_LAST_UPDATE, - "%ld", (long int)time(NULL)); - } - if (lret != LDB_SUCCESS) { - ret = errno; - goto done; - } - - if (flags == LDB_FLAG_MOD_ADD) { - lret = ldb_build_add_req(&req, ctx->ldb, tmp_ctx, msg, NULL, - NULL, ldb_op_default_callback, NULL); - } else { - lret = ldb_build_mod_req(&req, ctx->ldb, tmp_ctx, msg, NULL, - NULL, ldb_op_default_callback, NULL); - } - if (lret == LDB_SUCCESS) { - lret = ldb_request(ctx->ldb, req); - if (lret == LDB_SUCCESS) { - lret = ldb_wait(req->handle, LDB_WAIT_ALL); - } - } - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed to make modify request: %s(%d)[%s]\n", - ldb_strerror(lret), lret, ldb_errstring(ctx->ldb))); - ret = EIO; - goto done; - } - - lret = ldb_transaction_commit(ctx->ldb); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); - ret = EIO; - goto done; - } - - ret = EOK; - -done: - if (ret != EOK) { - lret = ldb_transaction_cancel(ctx->ldb); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret)); - } - } - - talloc_free(tmp_ctx); - return ret; -} - -int dp_be_remove_account_posix(struct be_ctx *ctx, char *name) -{ - TALLOC_CTX *tmp_ctx; - struct ldb_dn *account_dn; - int ret; - - tmp_ctx = talloc_new(ctx); - if (!tmp_ctx) { - return ENOMEM; - } - - account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb, - "uid=%s,"NSS_TMPL_USER_BASE, - name, ctx->domain); - if (!account_dn) { - talloc_free(tmp_ctx); - return ENOMEM; - } - - ret = ldb_delete(ctx->ldb, account_dn); - - if (ret != LDB_SUCCESS) { - DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n", - ldb_strerror(ret), ret, ldb_errstring(ctx->ldb))); - ret = EIO; - } - - talloc_free(tmp_ctx); - return ret; -} - -int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid) -{ - TALLOC_CTX *tmp_ctx; - const char *attrs[] = { NSS_PW_NAME, NSS_PW_UIDNUM, NULL }; - struct ldb_dn *base_dn; - struct ldb_dn *account_dn; - struct ldb_result *res; - int lret, ret; - - tmp_ctx = talloc_new(ctx); - if (!tmp_ctx) { - return ENOMEM; - } - - base_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb, - NSS_TMPL_USER_BASE, ctx->domain); - if (!base_dn) { - talloc_free(tmp_ctx); - return ENOMEM; - } - - lret = ldb_transaction_start(ctx->ldb); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed ldb transaction start !? (%d)\n", lret)); - ret = EIO; - goto done; - } - - lret = ldb_search(ctx->ldb, tmp_ctx, &res, base_dn, - LDB_SCOPE_BASE, attrs, - NSS_PWUID_FILTER, - (unsigned long)uid); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n", - ldb_strerror(lret), lret, ldb_errstring(ctx->ldb))); - ret = EIO; - goto done; - } - - if (res->count == 0) { - ret = EOK; - goto done; - } - if (res->count > 1) { - DEBUG(0, ("Cache DB corrupted, base search returned %d results\n", - res->count)); - ret = EOK; - goto done; - } - - account_dn = ldb_dn_copy(tmp_ctx, res->msgs[0]->dn); - if (!account_dn) { - ret = ENOMEM; - goto done; - } - - talloc_free(res); - res = NULL; - - ret = ldb_delete(ctx->ldb, account_dn); - - if (ret != LDB_SUCCESS) { - DEBUG(2, ("LDB Error: %s(%d)\nError Message: [%s]\n", - ldb_strerror(ret), ret, ldb_errstring(ctx->ldb))); - ret = EIO; - goto done; - } - - lret = ldb_transaction_commit(ctx->ldb); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed ldb transaction commit !! (%d)\n", lret)); - ret = EIO; - goto done; - } - - ret = EOK; - -done: - if (ret != EOK) { - lret = ldb_transaction_cancel(ctx->ldb); - if (lret != LDB_SUCCESS) { - DEBUG(1, ("Failed to cancel ldb transaction (%d)\n", lret)); - } - } - - talloc_free(tmp_ctx); - return ret; -} - -/* TODO: Unify with nss_ldb and provide a single cachedb interface */ - -int dp_be_cachedb_init(struct be_ctx *ctx) -{ - TALLOC_CTX *tmp_ctx; - char *ldb_file; - char *default_db_file; - int ret; - - tmp_ctx = talloc_new(ctx); - if (!tmp_ctx) { - return ENOMEM; - } - - default_db_file = talloc_asprintf(tmp_ctx, "%s/%s", DB_PATH, DATA_PROVIDER_DB_FILE); - if (!default_db_file) { - talloc_free(tmp_ctx); - return ENOMEM; - } - - ret = confdb_get_string(ctx->cdb, tmp_ctx, - DATA_PROVIDER_DB_CONF_SEC, "ldbFile", - default_db_file, &ldb_file); - if (ret != EOK) { - talloc_free(tmp_ctx); - return ret; - } - - ctx->ldb = ldb_init(tmp_ctx, ctx->ev); - if (!ctx->ldb) { - talloc_free(tmp_ctx); - return EIO; - } - - ret = ldb_connect(ctx->ldb, ldb_file, 0, NULL); - if (ret != LDB_SUCCESS) { - talloc_free(tmp_ctx); - return EIO; - } - - talloc_steal(ctx, ctx->ldb); - - talloc_free(tmp_ctx); - return EOK; -} - diff --git a/server/providers/proxy.c b/server/providers/proxy.c index f93a5ede..04d4a58a 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -25,6 +25,7 @@ #include <grp.h> #include "util/util.h" #include "providers/dp_backend.h" +#include "db/sysdb.h" struct proxy_nss_ops { enum nss_status (*getpwnam_r)(const char *name, struct passwd *result, @@ -69,10 +70,11 @@ static int get_pw_name(struct be_ctx *be_ctx, struct proxy_ctx *proxy_ctx, char switch (status) { case NSS_STATUS_NOTFOUND: - ret = dp_be_remove_account_posix(be_ctx, name); + ret = sysdb_remove_account_posix(be_ctx, be_ctx->sysdb, + be_ctx->domain, name); break; case NSS_STATUS_SUCCESS: - ret = dp_be_store_account_posix(be_ctx, + ret = sysdb_store_account_posix(be_ctx, be_ctx->sysdb, be_ctx->domain, result.pw_name, result.pw_passwd, result.pw_uid, result.pw_gid, result.pw_gecos, result.pw_dir, @@ -109,10 +111,11 @@ static int get_pw_uid(struct be_ctx *be_ctx, struct proxy_ctx *proxy_ctx, uid_t switch (status) { case NSS_STATUS_NOTFOUND: - ret = dp_be_remove_account_posix_by_uid(be_ctx, uid); + ret = sysdb_remove_account_posix_by_uid(be_ctx, be_ctx->sysdb, + be_ctx->domain,uid); break; case NSS_STATUS_SUCCESS: - ret = dp_be_store_account_posix(be_ctx, + ret = sysdb_store_account_posix(be_ctx, be_ctx->sysdb, be_ctx->domain, result.pw_name, result.pw_passwd, result.pw_uid, result.pw_gid, result.pw_gecos, result.pw_dir, diff --git a/server/server.mk b/server/server.mk index 30ee9126..b77a1729 100644 --- a/server/server.mk +++ b/server/server.mk @@ -5,11 +5,12 @@ UTIL_OBJ = \ util/memory.o \ util/btreemap.o \ util/service_helpers.o \ - providers/dp_helpers.o \ - confdb/confdb.o \ sbus/sssd_dbus_common.o \ sbus/sssd_dbus_connection.o \ - sbus/sssd_dbus_server.o + sbus/sssd_dbus_server.o \ + providers/dp_helpers.o \ + confdb/confdb.o \ + db/sysdb.o SERVER_OBJ = \ monitor.o @@ -19,7 +20,6 @@ DP_OBJ = \ DP_BE_OBJ = \ providers/data_provider_be.o \ - providers/dp_backend_store.o PROXY_BE_OBJ = \ providers/proxy.o @@ -28,7 +28,6 @@ NSSSRV_OBJ = \ nss/nsssrv.o \ nss/nsssrv_packet.o \ nss/nsssrv_cmd.o \ - nss/nsssrv_ldb.o \ nss/nsssrv_dp.o install:: all |