From f947e77d5a16b61092314b79cc5b660f0f897976 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Sun, 11 Jan 2009 18:52:48 -0500 Subject: Use a unified base (temp. dc=sssd), for all domain including LOCAL. It makes no sense to have internal attribute names user configurable, remove that option and use macros internally. Also now always pass the domain name to all nss_ldb_* calls. --- server/examples/config.ldif | 10 +- server/examples/db.ldif | 20 ++-- server/nss/nss_ldb.h | 74 ++++++------ server/nss/nsssrv_cmd.c | 131 ++++++++++++--------- server/nss/nsssrv_ldb.c | 226 +++++++++++++++--------------------- server/nss/nsssrv_ldb.h | 52 ++++----- server/providers/dp_backend_store.c | 55 ++++----- 7 files changed, 273 insertions(+), 295 deletions(-) diff --git a/server/examples/config.ldif b/server/examples/config.ldif index 2ca830c4..a0deb389 100644 --- a/server/examples/config.ldif +++ b/server/examples/config.ldif @@ -36,7 +36,7 @@ dn: cn=LOCAL,cn=domains,cn=config cn: LOCAL description: Reserved domain for local configurations provider: local -basedn: cn=local +basedn: cn=local,dc=sssd dn: cn=EXAMPLE.COM,cn=domains,cn=config cn: EXAMPLE.COM @@ -44,14 +44,14 @@ description: Example domain served by IPA provider: ipa server: ipaserver1.example.com server: ipabackupserver.example.com -basedn: cn=EXAMPLE.COM,cn=ipa,cn=remote +basedn: cn=EXAMPLE.COM,dc=sssd dn: cn=TEST,cn=domains,cn=config cn: TEST description: TEST Ldap domain -provider: TEST -basedn: cn=test,cn=remote -command: ./sbin/sssd_be -d 2 --provider ldap --domain TEST +provider: proxy +basedn: cn=TEST,dc=sssd +command: ./sbin/sssd_be -d 2 --provider proxy --domain TEST libName: ldap libPath: /usr/lib64/libnss_ldap.so.2 diff --git a/server/examples/db.ldif b/server/examples/db.ldif index bdb12753..4a9bf5e0 100644 --- a/server/examples/db.ldif +++ b/server/examples/db.ldif @@ -1,33 +1,37 @@ dn: @MODULES @LIST: asq -dn: cn=local +dn: dc=sssd +dc: sssd +description: base object + +dn: cn=local,dc=sssd cn: local description: Local system data -dn: cn=groups,cn=local +dn: cn=groups,cn=local,dc=sssd cn: groups description: Local POSIX groups -dn: cn=foousers,cn=groups,cn=local +dn: cn=foousers,cn=groups,cn=local,dc=sssd cn: foousers description: Local user accounts -member: uid=foobar,cn=users,cn=local +member: uid=foobar,cn=users,cn=local,dc=sssd objectclass: group gidNumber: 10101 -dn: cn=users,cn=local +dn: cn=users,cn=local,dc=sssd cn: users description: Local POSIX users -dn: uid=foobar,cn=users,cn=local +dn: uid=foobar,cn=users,cn=local,dc=sssd uid: foobar objectClass: user description: User Foo Bar uidNumber: 10101 gidNumber: 10101 legacy: false -primaryGroup: cn=foousers,cn=groups,cn=local +primaryGroup: cn=foousers,cn=groups,cn=local,dc=sssd userPassword: !@#$%#@#@!FOOBAR homeDirectory: /home/foobar fullName: Foo Bar @@ -42,5 +46,5 @@ passwordHint: Favorite pasta sauce passwordHistory: foo,bar,baz preferredLanguage: IT preferredSession: GNOME -memberOf: cn=foousers,cn=groups,cn=local +memberOf: cn=foousers,cn=groups,cn=local,dc=sssd diff --git a/server/nss/nss_ldb.h b/server/nss/nss_ldb.h index eee4344f..8f5b1124 100644 --- a/server/nss/nss_ldb.h +++ b/server/nss/nss_ldb.h @@ -4,40 +4,42 @@ #define NSS_DEF_LDB_FILE "sssd.ldb" -#define NSS_DEF_USER_BASE "cn=users,cn=local" -#define NSS_DEF_GROUP_BASE "cn=groups,cn=local" - -#define NSS_DEF_PWNAM_FILTER "(&(objectclass=user)(uid=%s))" -#define NSS_DEF_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))" -#define NSS_DEF_PWENT_FILTER "(objectclass=user)" - -#define NSS_DEF_GRNAM_FILTER "(&(objectclass=group)(cn=%s))" -#define NSS_DEF_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))" -#define NSS_DEF_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))" -#define NSS_DEF_GRENT_FILTER "(objectclass=group)" - -#define NSS_DEF_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))" - -#define NSS_DEF_PW_NAME "uid" -#define NSS_DEF_PW_UIDNUM "uidNumber" -#define NSS_DEF_PW_GIDNUM "gidNumber" -#define NSS_DEF_PW_FULLNAME "fullName" -#define NSS_DEF_PW_HOMEDIR "homeDirectory" -#define NSS_DEF_PW_SHELL "loginShell" - -#define NSS_DEF_GR_NAME "cn" -#define NSS_DEF_GR_GIDNUM "gidNumber" -#define NSS_DEF_GR_MEMBER "member" - -#define NSS_DEF_LAST_UPDATE "lastUpdate" - -#define NSS_DEF_PW_ATTRS {NSS_DEF_PW_NAME, NSS_DEF_PW_UIDNUM, \ - NSS_DEF_PW_GIDNUM, NSS_DEF_PW_FULLNAME, \ - NSS_DEF_PW_HOMEDIR, NSS_DEF_PW_SHELL, \ - NSS_DEF_LAST_UPDATE, NULL} -#define NSS_DEF_GRNAM_ATTRS {NSS_DEF_GR_NAME, NSS_DEF_GR_GIDNUM, NSS_DEF_LAST_UPDATE, NULL} -#define NSS_DEF_GRPW_ATTRS {NSS_DEF_PW_NAME, NSS_DEF_LAST_UPDATE, NULL} - -#define NSS_DEF_INITGR_ATTR "memberof" -#define NSS_DEF_INITGR_ATTRS {NSS_DEF_GR_GIDNUM, NSS_DEF_LAST_UPDATE, NULL} +#define NSS_DEF_BASE "dc=sssd" +#define NSS_TMPL_USER_BASE "cn=users,cn=%s,dc=sssd" +#define NSS_TMPL_GROUP_BASE "cn=groups,cn=%s,dc=sssd" + +#define NSS_PWNAM_FILTER "(&(objectclass=user)(uid=%s))" +#define NSS_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))" +#define NSS_PWENT_FILTER "(objectclass=user)" + +#define NSS_GRNAM_FILTER "(&(objectclass=group)(cn=%s))" +#define NSS_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))" +#define NSS_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))" +#define NSS_GRENT_FILTER "(objectclass=group)" + +#define NSS_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))" + +#define NSS_PW_NAME "uid" +#define NSS_PW_PWD "userPassword" +#define NSS_PW_UIDNUM "uidNumber" +#define NSS_PW_GIDNUM "gidNumber" +#define NSS_PW_FULLNAME "fullName" +#define NSS_PW_HOMEDIR "homeDirectory" +#define NSS_PW_SHELL "loginShell" + +#define NSS_GR_NAME "cn" +#define NSS_GR_GIDNUM "gidNumber" +#define NSS_GR_MEMBER "member" + +#define NSS_LAST_UPDATE "lastUpdate" + +#define NSS_PW_ATTRS {NSS_PW_NAME, NSS_PW_UIDNUM, \ + NSS_PW_GIDNUM, NSS_PW_FULLNAME, \ + NSS_PW_HOMEDIR, NSS_PW_SHELL, \ + NSS_LAST_UPDATE, NULL} +#define NSS_GRNAM_ATTRS {NSS_GR_NAME, NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL} +#define NSS_GRPW_ATTRS {NSS_PW_NAME, NSS_LAST_UPDATE, NULL} + +#define NSS_INITGR_ATTR "memberof" +#define NSS_INITGR_ATTRS {NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL} diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c index 4d856e06..4bacee05 100644 --- a/server/nss/nsssrv_cmd.c +++ b/server/nss/nsssrv_cmd.c @@ -28,6 +28,7 @@ struct nss_cmd_ctx { struct cli_ctx *cctx; + const char *domain; const char *name; uid_t id; bool check_expiration; @@ -112,7 +113,6 @@ static int nss_cmd_get_version(struct cli_ctx *cctx) ***************************************************************************/ static int fill_pwent(struct nss_packet *packet, - struct nss_ldb_ctx *lctx, struct ldb_message **msgs, int count) { @@ -136,12 +136,12 @@ static int fill_pwent(struct nss_packet *packet, for (i = 0; i < count; i++) { msg = msgs[i]; - name = ldb_msg_find_attr_as_string(msg, lctx->pw_name, NULL); - fullname = ldb_msg_find_attr_as_string(msg, lctx->pw_fullname, NULL); - homedir = ldb_msg_find_attr_as_string(msg, lctx->pw_homedir, NULL); - shell = ldb_msg_find_attr_as_string(msg, lctx->pw_shell, NULL); - uid = ldb_msg_find_attr_as_uint64(msg, lctx->pw_uidnum, 0); - gid = ldb_msg_find_attr_as_uint64(msg, lctx->pw_gidnum, 0); + name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL); + fullname = ldb_msg_find_attr_as_string(msg, NSS_PW_FULLNAME, NULL); + homedir = ldb_msg_find_attr_as_string(msg, NSS_PW_HOMEDIR, NULL); + shell = ldb_msg_find_attr_as_string(msg, NSS_PW_SHELL, NULL); + uid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_UIDNUM, 0); + gid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_GIDNUM, 0); if (!name || !fullname || !homedir || !shell || !uid || !gid) { DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n", @@ -261,7 +261,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status, if (nctx->check_expiration) { timeout = nctx->cctx->nctx->cache_timeout; - lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], "lastUpdate", 0); + lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], NSS_LAST_UPDATE, 0); if (lastUpdate + timeout < time(NULL)) { /* dont loop forever :-) */ @@ -292,7 +292,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status, NSS_CMD_FATAL_ERROR(cctx); } - ret = fill_pwent(cctx->creq->out, cctx->nctx->lctx, res->msgs, res->count); + ret = fill_pwent(cctx->creq->out, res->msgs, res->count); nss_packet_set_error(cctx->creq->out, ret); done: @@ -314,7 +314,8 @@ static void nss_cmd_getpwnam_callback(uint16_t err_maj, uint32_t err_min, } ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx, - nctx->name, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->name, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -348,13 +349,15 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) return EINVAL; } - DEBUG(4, ("Requesting info for [%s]\n", nctx->name)); - /* FIXME: Just ask all backends for now, until Steve provides for name * parsing code */ + nctx->domain = NULL; + + DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx, - nctx->name, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->name, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -382,7 +385,8 @@ static void nss_cmd_getpwuid_callback(uint16_t err_maj, uint32_t err_min, } ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx, - nctx->id, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->id, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -416,12 +420,14 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx) nctx->id = (uid_t)*((uint64_t *)body); - DEBUG(4, ("Requesting info for [%lu]\n", nctx->id)); - /* FIXME: Just ask all backends for now, until we check for ranges */ + nctx->domain = NULL; + + DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain)); ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx, - nctx->id, nss_cmd_getpw_callback, nctx); + nctx->domain, nctx->id, + nss_cmd_getpw_callback, nctx); if (ret != EOK) { DEBUG(1, ("Failed to make request to our cache!\n")); @@ -514,7 +520,7 @@ static int nss_cmd_retpwent(struct cli_ctx *cctx, int num) n = gctx->pwds->count - gctx->pwd_cur; if (n > num) n = num; - ret = fill_pwent(cctx->creq->out, cctx->nctx->lctx, + ret = fill_pwent(cctx->creq->out, &(gctx->pwds->msgs[gctx->pwd_cur]), n); gctx->pwd_cur += n; @@ -654,7 +660,6 @@ done: ***************************************************************************/ static int fill_grent(struct nss_packet *packet, - struct nss_ldb_ctx *lctx, struct ldb_message **msgs, int count) { @@ -677,8 +682,8 @@ static int fill_grent(struct nss_packet *packet, if (get_group) { /* find group name/gid */ - name = ldb_msg_find_attr_as_string(msg, lctx->gr_name, NULL); - gid = ldb_msg_find_attr_as_uint64(msg, lctx->gr_gidnum, 0); + name = ldb_msg_find_attr_as_string(msg, NSS_GR_NAME, NULL); + gid = ldb_msg_find_attr_as_uint64(msg, NSS_GR_GIDNUM, 0); if (!name || !gid) { DEBUG(1, ("Incomplete group object for %s[%llu]! Aborting\n", name?name:"", (unsigned long long int)gid)); @@ -706,7 +711,7 @@ static int fill_grent(struct nss_packet *packet, continue; } - name = ldb_msg_find_attr_as_string(msg, lctx->pw_name, NULL); + name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL); if (!name) { /* last member of previous group found, or error. @@ -784,7 +789,7 @@ static void nss_cmd_getgr_callback(void *ptr, int status, goto done; } - ret = fill_grent(cctx->creq->out, cctx->nctx->lctx, res->msgs, res->count); + ret = fill_grent(cctx->creq->out, res->msgs, res->count); nss_packet_set_error(cctx->creq->out, ret); done: @@ -797,25 +802,30 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx) uint8_t *body; size_t blen; int ret; - const char *name; + + nctx = talloc_zero(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + nctx->check_expiration = true; /* get group name to query */ nss_packet_get_body(cctx->creq->in, &body, &blen); - name = (const char *)body; + nctx->name = (const char *)body; /* if not terminated fail */ - if (name[blen -1] != '\0') { + if (nctx->name[blen -1] != '\0') { return EINVAL; } - DEBUG(4, ("Requesting info for [%s]\n", name)); + /* FIXME: Just ask all backends for now, until Steve provides for name + * parsing code */ + nctx->domain = NULL; - nctx = talloc(cctx, struct nss_cmd_ctx); - if (!nctx) { - return ENOMEM; - } - nctx->cctx = cctx; + DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); - ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx, name, + ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx, + nctx->domain, nctx->name, nss_cmd_getgr_callback, nctx); return ret; @@ -827,26 +837,28 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx) uint8_t *body; size_t blen; int ret; - uint64_t gid; + + nctx = talloc_zero(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + nctx->check_expiration = true; /* get gid to query */ nss_packet_get_body(cctx->creq->in, &body, &blen); - if (blen != sizeof(uint64_t)) { return EINVAL; } + nctx->id = (uid_t)*((uint64_t *)body); - gid = *((uint64_t *)body); - - DEBUG(4, ("Requesting info for [%lu]\n", gid)); + /* FIXME: Just ask all backends for now, until we check for ranges */ + nctx->domain = NULL; - nctx = talloc(cctx, struct nss_cmd_ctx); - if (!nctx) { - return ENOMEM; - } - nctx->cctx = cctx; + DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain)); - ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx, gid, + ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx, + nctx->domain, nctx->id, nss_cmd_getgr_callback, nctx); return ret; @@ -932,7 +944,7 @@ static int nss_cmd_retgrent(struct cli_ctx *cctx, int num) n = gctx->grps->count - gctx->grp_cur; if (n > num) n = num; - ret = fill_grent(cctx->creq->out, cctx->nctx->lctx, + ret = fill_grent(cctx->creq->out, &(gctx->grps->msgs[gctx->grp_cur]), n); gctx->grp_cur += n; @@ -1075,7 +1087,6 @@ static void nss_cmd_initgr_callback(void *ptr, int status, { struct nss_cmd_ctx *nctx = talloc_get_type(ptr, struct nss_cmd_ctx); struct cli_ctx *cctx = nctx->cctx; - struct nss_ldb_ctx *lctx = cctx->nctx->lctx; uint8_t *body; size_t blen; uint64_t gid; @@ -1106,7 +1117,7 @@ static void nss_cmd_initgr_callback(void *ptr, int status, nss_packet_get_body(cctx->creq->out, &body, &blen); for (i = 0; i < num; i++) { - gid = ldb_msg_find_attr_as_uint64(res->msgs[i], lctx->gr_gidnum, 0); + gid = ldb_msg_find_attr_as_uint64(res->msgs[i], NSS_GR_GIDNUM, 0); if (!gid) { DEBUG(1, ("Incomplete group object for initgroups! Aborting\n")); nss_packet_set_error(cctx->creq->out, EIO); @@ -1129,25 +1140,31 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx) uint8_t *body; size_t blen; int ret; - const char *name; + + nctx = talloc_zero(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + nctx->check_expiration = true; /* get user name to query */ nss_packet_get_body(cctx->creq->in, &body, &blen); - name = (const char *)body; + nctx->name = (const char *)body; /* if not terminated fail */ - if (name[blen -1] != '\0') { + if (nctx->name[blen -1] != '\0') { return EINVAL; } - DEBUG(4, ("Requesting groups for [%s]\n", name)); + /* FIXME: Just ask all backends for now, until Steve provides for name + * parsing code */ + nctx->domain = NULL; + + DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain)); - nctx = talloc(cctx, struct nss_cmd_ctx); - if (!nctx) { - return ENOMEM; - } - nctx->cctx = cctx; - ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx, name, + ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx, + nctx->domain, nctx->name, nss_cmd_initgr_callback, nctx); return ret; diff --git a/server/nss/nsssrv_ldb.c b/server/nss/nsssrv_ldb.c index 98fcb76c..d9c40463 100644 --- a/server/nss/nsssrv_ldb.c +++ b/server/nss/nsssrv_ldb.c @@ -24,11 +24,11 @@ #include "util/util.h" #include "nss/nsssrv.h" #include "nss/nsssrv_ldb.h" -#include "nss/nss_ldb.h" #include "confdb/confdb.h" struct nss_ldb_search_ctx { struct nss_ldb_ctx *nlctx; + const char *base_dn; nss_ldb_callback_t callback; void *ptr; struct ldb_result *res; @@ -115,6 +115,7 @@ static int get_gen_callback(struct ldb_request *req, } static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx, + const char *base_dn, struct nss_ldb_ctx *ctx, nss_ldb_callback_t fn, void *ptr) @@ -126,6 +127,7 @@ static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx, return NULL; } sctx->nlctx = ctx; + sctx->base_dn = base_dn; sctx->callback = fn; sctx->ptr = ptr; sctx->res = talloc_zero(sctx, struct ldb_result); @@ -143,13 +145,14 @@ static int pwd_search(struct nss_ldb_search_ctx *sctx, struct nss_ldb_ctx *ctx, const char *expression) { + static const char *attrs[] = NSS_PW_ATTRS; struct ldb_request *req; int ret; ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, ctx->user_base), + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->pw_attrs, NULL, + expression, attrs, NULL, sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -167,18 +170,29 @@ static int pwd_search(struct nss_ldb_search_ctx *sctx, int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->pwnam_filter, name); + expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -190,19 +204,30 @@ int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t uid, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; unsigned long long int filter_uid = uid; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->pwuid_filter, filter_uid); + expression = talloc_asprintf(sctx, NSS_PWUID_FILTER, filter_uid); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -218,12 +243,12 @@ int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, { struct nss_ldb_search_ctx *sctx; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - return pwd_search(sctx, ctx, ctx->pwent_filter); + return pwd_search(sctx, ctx, NSS_PWENT_FILTER); } /* groups */ @@ -243,6 +268,7 @@ static void get_members(void *ptr, int status, struct ldb_result *res) struct ldb_request *req; struct ldb_message *msg; struct ldb_result *ret_res; + static const char *attrs[] = NSS_GRPW_ATTRS; const char *expression; int ret, i; @@ -272,7 +298,7 @@ static void get_members(void *ptr, int status, struct ldb_result *res) return request_done(gmctx->ret_sctx); } - mem_sctx = init_src_ctx(gmctx, ctx, get_members, sctx); + mem_sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, sctx); if (!mem_sctx) { return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); } @@ -294,16 +320,16 @@ static void get_members(void *ptr, int status, struct ldb_result *res) ret_res->count++; /* search for this group members */ - expression = talloc_asprintf(mem_sctx, ctx->grna2_filter, + expression = talloc_asprintf(mem_sctx, NSS_GRNA2_FILTER, ldb_dn_get_linearized(msg->dn)); if (!expression) { return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR); } ret = ldb_build_search_req(&req, ctx->ldb, mem_sctx, - ldb_dn_new(mem_sctx, ctx->ldb, ctx->user_base), + ldb_dn_new(mem_sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->grpw_attrs, NULL, + expression, attrs, NULL, mem_sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -394,7 +420,7 @@ static int get_grp_callback(struct ldb_request *req, /* re-use sctx to create a fake handler for the first call to * get_members() */ - sctx = init_src_ctx(gmctx, ctx, get_members, gmctx); + sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, gmctx); get_members(sctx, LDB_SUCCESS, NULL); return LDB_SUCCESS; @@ -413,13 +439,14 @@ static int grp_search(struct nss_ldb_search_ctx *sctx, struct nss_ldb_ctx *ctx, const char *expression) { + static const char *attrs[] = NSS_GRNAM_ATTRS; struct ldb_request *req; int ret; ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, ctx->group_base), + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->grnam_attrs, NULL, + expression, attrs, NULL, sctx, get_grp_callback, NULL); if (ret != LDB_SUCCESS) { @@ -437,18 +464,29 @@ static int grp_search(struct nss_ldb_search_ctx *sctx, int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->grnam_filter, name); + expression = talloc_asprintf(sctx, NSS_GRNAM_FILTER, name); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -460,19 +498,30 @@ int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t gid, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; unsigned long long int filter_gid = gid; + const char *base_dn; char *expression; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->grgid_filter, filter_gid); + expression = talloc_asprintf(sctx, NSS_GRGID_FILTER, filter_gid); if (!expression) { talloc_free(sctx); return ENOMEM; @@ -488,12 +537,12 @@ int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx, { struct nss_ldb_search_ctx *sctx; - sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); if (!sctx) { return ENOMEM; } - return grp_search(sctx, ctx, ctx->grent_filter); + return grp_search(sctx, ctx, NSS_GRENT_FILTER); } static void nss_ldb_initgr_search(void *ptr, int status, @@ -505,6 +554,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, struct ldb_request *req; struct ldb_control **ctrl; struct ldb_asq_control *control; + static const char *attrs[] = NSS_INITGR_ATTRS; int ret; sctx = talloc_get_type(ptr, struct nss_ldb_search_ctx); @@ -517,7 +567,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } - expression = talloc_asprintf(sctx, ctx->initgr_filter); + expression = talloc_asprintf(sctx, NSS_INITGR_FILTER); if (!expression) { return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } @@ -538,7 +588,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } control->request = 1; - control->source_attribute = talloc_strdup(control, ctx->initgr_attr); + control->source_attribute = talloc_strdup(control, NSS_INITGR_ATTR); if (!control->source_attribute) { return request_error(sctx, LDB_ERR_OPERATIONS_ERROR); } @@ -548,7 +598,7 @@ static void nss_ldb_initgr_search(void *ptr, int status, ret = ldb_build_search_req(&req, ctx->ldb, sctx, res->msgs[0]->dn, LDB_SCOPE_BASE, - expression, ctx->initgr_attrs, ctrl, + expression, attrs, ctrl, sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -564,35 +614,47 @@ static void nss_ldb_initgr_search(void *ptr, int status, int nss_ldb_initgroups(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr) { + static const char *attrs[] = NSS_PW_ATTRS; struct nss_ldb_search_ctx *ret_sctx; struct nss_ldb_search_ctx *sctx; + const char *base_dn; char *expression; struct ldb_request *req; int ret; - ret_sctx = init_src_ctx(mem_ctx, ctx, fn, ptr); + if (domain) { + base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain); + } else { + base_dn = NSS_DEF_BASE; + } + if (!base_dn) { + return ENOMEM; + } + + ret_sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr); if (!ret_sctx) { return ENOMEM; } - sctx = init_src_ctx(ret_sctx, ctx, nss_ldb_initgr_search, ret_sctx); + sctx = init_src_ctx(ret_sctx, base_dn, ctx, nss_ldb_initgr_search, ret_sctx); if (!sctx) { talloc_free(sctx); return ENOMEM; } - expression = talloc_asprintf(sctx, ctx->pwnam_filter, name); + expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); if (!expression) { talloc_free(sctx); return ENOMEM; } ret = ldb_build_search_req(&req, ctx->ldb, sctx, - ldb_dn_new(sctx, ctx->ldb, ctx->user_base), + ldb_dn_new(sctx, ctx->ldb, sctx->base_dn), LDB_SCOPE_SUBTREE, - expression, ctx->pw_attrs, NULL, + expression, attrs, NULL, sctx, get_gen_callback, NULL); if (ret != LDB_SUCCESS) { @@ -633,49 +695,6 @@ static int nss_ldb_read_var(TALLOC_CTX *tmp_ctx, return EOK; } -static int nss_ldb_read_array(TALLOC_CTX *tmp_ctx, - struct confdb_ctx *cdb, - struct nss_ldb_ctx *ctx, - const char *name, - const char **def_value, - const char ***target) -{ - char **values; - const char **t; - int i, ret; - - ret = confdb_get_param(cdb, tmp_ctx, - NSS_LDB_CONF_SECTION, - name, &values); - if (ret != EOK) - return ret; - - for (i = 0; values[i]; i++) /* count */ ; - if (i == 0) { - for (i = 0; def_value[i]; i++) /*count */ ; - } - if (i == 0) - return EINVAL; - - t = talloc_array(ctx, const char *, i+1); - if (!*target) - return ENOMEM; - - if (values[0]) { - for (i = 0; values[i]; i++) { - t[i] = talloc_steal(ctx, values[i]); - } - } else { - for (i = 0; def_value[i]; i++) { - t[i] = talloc_strdup(ctx, def_value[i]); - } - } - t[i] = NULL; - - *target = t; - return EOK; -} - static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, struct nss_ldb_ctx **nlctx) @@ -705,67 +724,6 @@ static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx, default_ldb_path, &ctx->ldb_file); DEBUG(3, ("NSS LDB Cache Path: %s\n", ctx->ldb_file)); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "userBase", - NSS_DEF_USER_BASE, &ctx->user_base); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "groupBase", - NSS_DEF_GROUP_BASE, &ctx->group_base); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwnamFilter", - NSS_DEF_PWNAM_FILTER, &ctx->pwnam_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwuidFilter", - NSS_DEF_PWUID_FILTER, &ctx->pwuid_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwentFilter", - NSS_DEF_PWENT_FILTER, &ctx->pwent_filter); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grnamFilter", - NSS_DEF_GRNAM_FILTER, &ctx->grnam_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grna2Filter", - NSS_DEF_GRNA2_FILTER, &ctx->grna2_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grgidFilter", - NSS_DEF_GRGID_FILTER, &ctx->grgid_filter); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grentFilter", - NSS_DEF_GRENT_FILTER, &ctx->grent_filter); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "initgrFilter", - NSS_DEF_INITGR_FILTER, &ctx->initgr_filter); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwName", - NSS_DEF_PW_NAME, &ctx->pw_name); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwUidnum", - NSS_DEF_PW_UIDNUM, &ctx->pw_uidnum); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwGidnum", - NSS_DEF_PW_GIDNUM, &ctx->pw_gidnum); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwFullname", - NSS_DEF_PW_FULLNAME, &ctx->pw_fullname); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwHomedir", - NSS_DEF_PW_HOMEDIR, &ctx->pw_homedir); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwShell", - NSS_DEF_PW_SHELL, &ctx->pw_shell); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grName", - NSS_DEF_GR_NAME, &ctx->gr_name); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grGidnum", - NSS_DEF_GR_GIDNUM, &ctx->gr_gidnum); - nss_ldb_read_var(tmp_ctx, cdb, ctx, "grMember", - NSS_DEF_GR_MEMBER, &ctx->gr_member); - - nss_ldb_read_var(tmp_ctx, cdb, ctx, "initgrAttr", - NSS_DEF_INITGR_ATTR, - &ctx->initgr_attr); - - const char *pwattrs[] = NSS_DEF_PW_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "pwAttrs", - pwattrs, &ctx->pw_attrs); - const char *grnamattrs[] = NSS_DEF_GRNAM_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "grnamAttrs", - grnamattrs, &ctx->grnam_attrs); - const char *grpwattrs[] = NSS_DEF_GRPW_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "grpwAttrs", - grpwattrs, &ctx->grpw_attrs); - const char *initgrattrs[] = NSS_DEF_INITGR_ATTRS; - nss_ldb_read_array(tmp_ctx, cdb, ctx, "initgrAttrs", - initgrattrs, &ctx->initgr_attrs); - *nlctx = ctx; ret = EOK; diff --git a/server/nss/nsssrv_ldb.h b/server/nss/nsssrv_ldb.h index 016f5a54..66c9687d 100644 --- a/server/nss/nsssrv_ldb.h +++ b/server/nss/nsssrv_ldb.h @@ -1,39 +1,30 @@ +/* + SSSD -struct nss_ldb_ctx { - struct ldb_context *ldb; - const char *ldb_file; - - const char *user_base; - const char *group_base; + NSS LDB Header - const char *pwnam_filter; - const char *pwuid_filter; - const char *pwent_filter; + Copyright (C) Simo Sorce 2008 - const char *grnam_filter; - const char *grna2_filter; - const char *grgid_filter; - const char *grent_filter; + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. - const char *initgr_filter; + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. - const char *pw_name; - const char *pw_uidnum; - const char *pw_gidnum; - const char *pw_fullname; - const char *pw_homedir; - const char *pw_shell; + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ - const char *gr_name; - const char *gr_gidnum; - const char *gr_member; - const char *initgr_attr; +#include "nss/nss_ldb.h" - const char **pw_attrs; - const char **grnam_attrs; - const char **grpw_attrs; - const char **initgr_attrs; +struct nss_ldb_ctx { + struct ldb_context *ldb; + const char *ldb_file; }; struct confdb_ctx; @@ -48,12 +39,14 @@ int nss_ldb_init(TALLOC_CTX *mem_ctx, int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr); int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t uid, nss_ldb_callback_t fn, void *ptr); @@ -65,12 +58,14 @@ int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr); int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, uint64_t gid, nss_ldb_callback_t fn, void *ptr); @@ -82,6 +77,7 @@ int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx, int nss_ldb_initgroups(TALLOC_CTX *mem_ctx, struct event_context *ev, struct nss_ldb_ctx *ctx, + const char *domain, const char *name, nss_ldb_callback_t fn, void *ptr); diff --git a/server/providers/dp_backend_store.c b/server/providers/dp_backend_store.c index f9c55e0b..0d7153c1 100644 --- a/server/providers/dp_backend_store.c +++ b/server/providers/dp_backend_store.c @@ -25,6 +25,7 @@ #include "ldb_errors.h" #include "util/util.h" #include "providers/dp_backend.h" +#include "nss/nss_ldb.h" #include /* NOTE: these functions ues ldb sync calls, but the cache db is a @@ -38,7 +39,7 @@ int dp_be_store_account_posix(struct be_ctx *ctx, char *gecos, char *homedir, char *shell) { TALLOC_CTX *tmp_ctx; - const char *attrs[] = { "uid", NULL }; + const char *attrs[] = { NSS_PW_NAME, NULL }; struct ldb_dn *account_dn; struct ldb_message *msg; struct ldb_request *req; @@ -52,7 +53,7 @@ int dp_be_store_account_posix(struct be_ctx *ctx, } account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb, - "uid=%s,cn=users,cn=%s,cn=accounts", + "uid=%s,"NSS_TMPL_USER_BASE, name, ctx->domain); if (!account_dn) { talloc_free(tmp_ctx); @@ -67,7 +68,7 @@ int dp_be_store_account_posix(struct be_ctx *ctx, } lret = ldb_search(ctx->ldb, tmp_ctx, &res, account_dn, - LDB_SCOPE_BASE, attrs, "(objectClass=User)"); + LDB_SCOPE_BASE, attrs, NSS_PWENT_FILTER); if (lret != LDB_SUCCESS) { DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n", ldb_strerror(lret), lret, ldb_errstring(ctx->ldb))); @@ -113,9 +114,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx, } /* TODO: retrieve user name attribute from configuration */ - lret = ldb_msg_add_empty(msg, "uid", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_PW_NAME, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, "uid", name); + lret = ldb_msg_add_string(msg, NSS_PW_NAME, name); } if (lret != LDB_SUCCESS) { ret = errno; @@ -127,12 +128,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx, /* pwd */ if (pwd && *pwd) { - lret = ldb_msg_add_empty(msg, "userPassword", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_PW_PWD, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, "userPassword", pwd); + lret = ldb_msg_add_string(msg, NSS_PW_PWD, pwd); } } else { - lret = ldb_msg_add_empty(msg, "userPassword", + lret = ldb_msg_add_empty(msg, NSS_PW_PWD, LDB_FLAG_MOD_DELETE, NULL); } if (lret != LDB_SUCCESS) { @@ -142,9 +143,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx, /* uid */ if (uid) { - lret = ldb_msg_add_empty(msg, "uidNumber", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_PW_UIDNUM, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_fmt(msg, "uidNumber", + lret = ldb_msg_add_fmt(msg, NSS_PW_UIDNUM, "%lu", (unsigned long)uid); } if (lret != LDB_SUCCESS) { @@ -159,9 +160,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx, /* gid */ if (gid) { - lret = ldb_msg_add_empty(msg, "gidNumber", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_PW_GIDNUM, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_fmt(msg, "gidNumber", + lret = ldb_msg_add_fmt(msg, NSS_PW_GIDNUM, "%lu", (unsigned long)gid); } if (lret != LDB_SUCCESS) { @@ -176,12 +177,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx, /* gecos */ if (gecos && *gecos) { - lret = ldb_msg_add_empty(msg, "fullName", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, "fullName", gecos); + lret = ldb_msg_add_string(msg, NSS_PW_FULLNAME, gecos); } } else { - lret = ldb_msg_add_empty(msg, "fullName", + lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME, LDB_FLAG_MOD_DELETE, NULL); } if (lret != LDB_SUCCESS) { @@ -191,12 +192,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx, /* homedir */ if (homedir && *homedir) { - lret = ldb_msg_add_empty(msg, "homeDirectory", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, "homeDirectory", homedir); + lret = ldb_msg_add_string(msg, NSS_PW_HOMEDIR, homedir); } } else { - lret = ldb_msg_add_empty(msg, "homeDirectory", + lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR, LDB_FLAG_MOD_DELETE, NULL); } if (lret != LDB_SUCCESS) { @@ -206,12 +207,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx, /* shell */ if (shell && *shell) { - lret = ldb_msg_add_empty(msg, "loginShell", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_PW_SHELL, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_string(msg, "loginShell", shell); + lret = ldb_msg_add_string(msg, NSS_PW_SHELL, shell); } } else { - lret = ldb_msg_add_empty(msg, "loginShell", + lret = ldb_msg_add_empty(msg, NSS_PW_SHELL, LDB_FLAG_MOD_DELETE, NULL); } if (lret != LDB_SUCCESS) { @@ -220,9 +221,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx, } /* modification time */ - lret = ldb_msg_add_empty(msg, "lastUpdate", flags, NULL); + lret = ldb_msg_add_empty(msg, NSS_LAST_UPDATE, flags, NULL); if (lret == LDB_SUCCESS) { - lret = ldb_msg_add_fmt(msg, "lastUpdate", + lret = ldb_msg_add_fmt(msg, NSS_LAST_UPDATE, "%ld", (long int)time(NULL)); } if (lret != LDB_SUCCESS) { @@ -283,7 +284,7 @@ int dp_be_remove_account_posix(struct be_ctx *ctx, char *name) } account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb, - "uid=%s,cn=users,cn=%s,cn=remote", + "uid=%s,"NSS_TMPL_USER_BASE, name, ctx->domain); if (!account_dn) { talloc_free(tmp_ctx); @@ -305,7 +306,7 @@ int dp_be_remove_account_posix(struct be_ctx *ctx, char *name) int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid) { TALLOC_CTX *tmp_ctx; - const char *attrs[] = { "name", "uid", NULL }; + const char *attrs[] = { NSS_PW_NAME, NSS_PW_UIDNUM, NULL }; struct ldb_dn *base_dn; struct ldb_dn *account_dn; struct ldb_result *res; @@ -317,7 +318,7 @@ int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid) } base_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb, - "cn=users,cn=%s,cn=accounts", ctx->domain); + NSS_TMPL_USER_BASE, ctx->domain); if (!base_dn) { talloc_free(tmp_ctx); return ENOMEM; @@ -332,7 +333,7 @@ int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid) lret = ldb_search(ctx->ldb, tmp_ctx, &res, base_dn, LDB_SCOPE_BASE, attrs, - "(&(uid=%lu)(objectClass=User))", + NSS_PWUID_FILTER, (unsigned long)uid); if (lret != LDB_SUCCESS) { DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n", -- cgit