From c1d525a90f06a9414d0788857b271b80625a5858 Mon Sep 17 00:00:00 2001
From: Jakub Hrozek <jhrozek@redhat.com>
Date: Wed, 29 Sep 2010 22:15:39 +0200
Subject: sysdb interface for adding fake users

---
 src/db/sysdb.h                       |  4 +++
 src/db/sysdb_ops.c                   | 61 ++++++++++++++++++++++++++++++++++++
 src/providers/ldap/ldap_id_cleanup.c |  7 +++--
 src/responder/nss/nsssrv_cmd.c       |  2 +-
 4 files changed, 70 insertions(+), 4 deletions(-)

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 7db1a6ea..a1baa20d 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -465,6 +465,10 @@ int sysdb_add_user(TALLOC_CTX *mem_ctx,
                    struct sysdb_attrs *attrs,
                    int cache_timeout);
 
+int sysdb_add_fake_user(struct sysdb_ctx *ctx,
+                        struct sss_domain_info *domain,
+                        const char *name);
+
 /* Add group (only basic attrs and w/o checks) */
 int sysdb_add_basic_group(TALLOC_CTX *mem_ctx,
                           struct sysdb_ctx *ctx,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index f8e1fbd5..7ae22f7d 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -916,6 +916,67 @@ done:
     return ret;
 }
 
+int sysdb_add_fake_user(struct sysdb_ctx *ctx,
+                        struct sss_domain_info *domain,
+                        const char *name)
+{
+    TALLOC_CTX *tmpctx;
+    struct ldb_message *msg;
+    time_t now;
+    int ret;
+
+    tmpctx = talloc_new(NULL);
+    if (!tmpctx) {
+        return ENOMEM;
+    }
+
+    msg = ldb_msg_new(tmpctx);
+    if (!msg) {
+        ERROR_OUT(ret, ENOMEM, done);
+    }
+
+    /* user dn */
+    msg->dn = sysdb_user_dn(ctx, msg, domain->name, name);
+    if (!msg->dn) {
+        ERROR_OUT(ret, ENOMEM, done);
+    }
+
+    ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS);
+    if (ret) goto done;
+
+    ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
+    if (ret) goto done;
+
+    now = time(NULL);
+
+    ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
+                    (unsigned long) now);
+    if (ret) goto done;
+
+    /* set last login so that the fake entry does not get cleaned up
+     * immediately */
+    ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_LAST_LOGIN,
+                    (unsigned long) now);
+    if (ret) return ret;
+
+    ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_LAST_UPDATE,
+                    (unsigned long) now);
+    if (ret) goto done;
+
+    ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CACHE_EXPIRE,
+                    (unsigned long) now-1);
+    if (ret) goto done;
+
+    ret = ldb_add(ctx->ldb, msg);
+    ret = sysdb_error_to_errno(ret);
+
+done:
+    if (ret != EOK) {
+        DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
+    }
+    talloc_zfree(tmpctx);
+    return ret;
+}
 
 /* =Add-Basic-Group-NO-CHECKS============================================= */
 
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 60bc171c..6357708a 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -306,7 +306,8 @@ static int cleanup_users(TALLOC_CTX *memctx, struct sdap_id_ctx *ctx)
             ret = cleanup_users_logged_in(uid_table, msgs[i]);
             if (ret == EOK) {
                 /* If the user is logged in, proceed to the next one */
-                DEBUG(5, ("User %s is still logged in, keeping data\n", name));
+                DEBUG(5, ("User %s is still logged in or a dummy entry, "
+                          "keeping data\n", name));
                 continue;
             } else if (ret != ENOENT) {
                 goto done;
@@ -337,9 +338,9 @@ static int cleanup_users_logged_in(hash_table_t *table,
     uid = ldb_msg_find_attr_as_uint64(msg,
                                       SYSDB_UIDNUM, 0);
     if (!uid) {
-        DEBUG(2, ("Entry %s has no UID Attribute ?!?\n",
+        DEBUG(2, ("Entry %s has no UID Attribute, fake user perhaps?\n",
                   ldb_dn_get_linearized(msg->dn)));
-        return EFAULT;
+        return ENOENT;
     }
 
     key.type = HASH_KEY_ULONG;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index c82f891e..e6437a62 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -209,7 +209,7 @@ static int fill_pwent(struct sss_packet *packet,
         gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
 
         if (!name || !uid || !gid) {
-            DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n",
+            DEBUG(2, ("Incomplete or fake user object for %s[%llu]! Skipping\n",
                       name?name:"<NULL>", (unsigned long long int)uid));
             continue;
         }
-- 
cgit