1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
|
/*
SSSD
System Database Header
Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#ifndef __SYS_DB_H__
#define __SYS_DB_H__
#include "confdb/confdb.h"
#include <tevent.h>
#define SYSDB_CONF_SECTION "config/sysdb"
#define SYSDB_FILE "sssd.ldb"
#define SYSDB_BASE "cn=sysdb"
#define SYSDB_DOM_BASE "cn=%s,cn=sysdb"
#define SYSDB_TMPL_USER_BASE "cn=users,cn=%s,"SYSDB_BASE
#define SYSDB_TMPL_GROUP_BASE "cn=groups,cn=%s,"SYSDB_BASE
#define SYSDB_USER_CLASS "user"
#define SYSDB_GROUP_CLASS "group"
#define SYSDB_NAME "name"
#define SYSDB_NEXTID "nextID"
#define SYSDB_UIDNUM "uidNumber"
#define SYSDB_GIDNUM "gidNumber"
#define SYSDB_CREATE_TIME "createTimestamp"
#define SYSDB_PWD "userPassword"
#define SYSDB_FULLNAME "fullName"
#define SYSDB_HOMEDIR "homeDirectory"
#define SYSDB_SHELL "loginShell"
#define SYSDB_MEMBEROF "memberOf"
#define SYSDB_DISABLED "disabled"
#define SYSDB_MEMBER "member"
#define SYSDB_LEGACY_MEMBER "memberUid"
#define SYSDB_DEFAULTGROUP "defaultGroup"
#define SYSDB_GECOS "gecos"
#define SYSDB_LOCALE "locale"
#define SYSDB_KEYBOARD "keyboard"
#define SYSDB_SESSION "session"
#define SYSDB_LAST_LOGIN "lastLogin"
#define SYSDB_USERPIC "userPicture"
#define SYSDB_LAST_UPDATE "lastUpdate"
#define SYSDB_CACHEDPWD "cachedPassword"
#define SYSDB_ORIG_DN "originalDN"
#define SYSDB_UUID "uniqueID"
#define SYSDB_UPN "UserPrincipalName"
#define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
#define SYSDB_UC "objectclass="SYSDB_USER_CLASS
#define SYSDB_GC "objectclass="SYSDB_GROUP_CLASS
#define SYSDB_MPGC "|("SYSDB_UC")("SYSDB_GC")"
#define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")("SYSDB_NAME"=%s))"
#define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))"
#define SYSDB_PWENT_FILTER "("SYSDB_UC")"
#define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")("SYSDB_NAME"=%s))"
#define SYSDB_GRNA2_FILTER "(&("SYSDB_UC")("SYSDB_MEMBEROF"=%s))"
#define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))"
#define SYSDB_GRENT_FILTER "("SYSDB_GC")"
#define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_NAME"=%s))"
#define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))"
#define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")"
#define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))"
#define SYSDB_INITGR_LEGACY_FILTER "(&("SYSDB_GC")("SYSDB_LEGACY_MEMBER"=%s))"
#define SYSDB_GETCACHED_FILTER "(&"SYSDB_UC")("SYSDB_LAST_LOGIN">=%lu))"
#define SYSDB_PW_ATTRS {SYSDB_NAME, SYSDB_UIDNUM, \
SYSDB_GIDNUM, SYSDB_GECOS, \
SYSDB_HOMEDIR, SYSDB_SHELL, \
SYSDB_LAST_UPDATE, \
"objectClass", \
NULL}
#define SYSDB_USER_ATTRS {SYSDB_DEFAULTGROUP, \
SYSDB_GECOS, \
SYSDB_HOMEDIR, \
SYSDB_SHELL, \
SYSDB_FULLNAME, \
SYSDB_LOCALE, \
SYSDB_KEYBOARD, \
SYSDB_SESSION, \
SYSDB_LAST_LOGIN, \
SYSDB_USERPIC, \
SYSDB_LAST_UPDATE, \
NULL}
#define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
SYSDB_LAST_UPDATE, SYSDB_LEGACY_MEMBER, \
"objectClass", \
NULL}
#define SYSDB_GRPW_ATTRS {SYSDB_NAME, SYSDB_UIDNUM, \
SYSDB_LAST_UPDATE, \
"objectClass", \
NULL}
#define SYSDB_INITGR_ATTR "memberof"
#define SYSDB_INITGR_ATTRS {SYSDB_GIDNUM, SYSDB_LAST_UPDATE, \
"objectClass", \
NULL}
#define SYSDB_TMPL_USER SYSDB_NAME"=%s,"SYSDB_TMPL_USER_BASE
#define SYSDB_TMPL_GROUP SYSDB_NAME"=%s,"SYSDB_TMPL_GROUP_BASE
#define SYSDB_MOD_ADD LDB_FLAG_MOD_ADD
#define SYSDB_MOD_DEL LDB_FLAG_MOD_DELETE
#define SYSDB_MOD_REP LDB_FLAG_MOD_REPLACE
struct confdb_ctx;
struct sysdb_ctx;
struct sysdb_handle;
struct sysdb_attrs {
int num;
struct ldb_message_element *a;
};
/* sysdb_attrs helper functions */
struct sysdb_attrs *sysdb_new_attrs(TALLOC_CTX *memctx);
/* values are copied in the structure, allocated on "attrs" */
int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
const char *name, const struct ldb_val *val);
int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
const char *name, const char *str);
int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
const char *name, long value);
int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs,
const char *name, uint32_t value);
int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs,
const char *name, time_t value);
int sysdb_attrs_get_el(struct sysdb_attrs *attrs, const char *name,
struct ldb_message_element **el);
/* convert an ldb error into an errno error */
int sysdb_error_to_errno(int ldberr);
/* DNs related helper functions */
struct ldb_dn *sysdb_user_dn(struct sysdb_ctx *ctx, void *memctx,
const char *domain, const char *name);
struct ldb_dn *sysdb_group_dn(struct sysdb_ctx *ctx, void *memctx,
const char *domain, const char *name);
struct ldb_dn *sysdb_domain_dn(struct sysdb_ctx *ctx, void *memctx,
const char *domain);
/* function to start and finish a transaction
* sysdb_transaction_send() will queue a request for a transaction
* when it is done it will call the tevent_req callback, which must
* retrieve the transaction handle using sysdb_transaction_recv()
*
* A transaction must be completed either by sending a commit:
* sysdb_transaction_commit_send()/sysdb_transaction_commit_recv()
* or by freeing the transaction handle (this will implicitly cause
* a transaction cancelation).
*
* Transactions are serialized, no other transaction or operation can be
* performed while a transaction is active. Multiple transaction request
* are queued internally and served in order.
*/
struct tevent_req *sysdb_transaction_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_ctx *ctx);
int sysdb_transaction_recv(struct tevent_req *req, TALLOC_CTX *memctx,
struct sysdb_handle **handle);
struct tevent_req *sysdb_transaction_commit_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle);
int sysdb_transaction_commit_recv(struct tevent_req *req);
/* default transaction commit receive function.
* This function does not use the request state so it is safe to use
* from any caller */
void sysdb_transaction_complete(struct tevent_req *subreq);
/* Sysdb initialization.
* call this function *only* once to initialize the database and get
* the sysdb ctx */
int sysdb_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb,
const char *alt_db_path,
struct sysdb_ctx **dbctx);
/* FIXME: REMOVE */
typedef void (*sysdb_callback_t)(void *, int, struct ldb_result *);
/* functions to retrieve information from sysdb
* These functions automatically starts an operation
* therefore they cannot be called within a transaction */
int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
const char *name,
sysdb_callback_t fn, void *ptr);
int sysdb_getpwuid(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
uid_t uid,
sysdb_callback_t fn, void *ptr);
int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
const char *expression,
sysdb_callback_t fn, void *ptr);
int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
const char *name,
sysdb_callback_t fn, void *ptr);
int sysdb_getgrgid(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
gid_t gid,
sysdb_callback_t fn, void *ptr);
int sysdb_enumgrent(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
sysdb_callback_t fn, void *ptr);
int sysdb_initgroups(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
const char *name,
sysdb_callback_t fn, void *ptr);
int sysdb_get_user_attr(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
struct sss_domain_info *domain,
const char *name,
const char **attributes,
sysdb_callback_t fn, void *ptr);
/* functions that modify the databse
* they have to be called within a transaction
* See sysdb_transaction_send()/_recv() */
/* Delete Entry */
struct tevent_req *sysdb_delete_entry_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct ldb_dn *dn);
int sysdb_delete_entry_recv(struct tevent_req *req);
/* Search Entry */
struct tevent_req *sysdb_search_entry_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct ldb_dn *base_dn,
int scope,
const char *filter,
const char **attrs);
int sysdb_search_entry_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct ldb_message **msg);
/* Search User (by uid or name) */
struct tevent_req *sysdb_search_user_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_ctx *sysdb,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char **attrs);
struct tevent_req *sysdb_search_user_by_uid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_ctx *sysdb,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
uid_t uid,
const char **attrs);
int sysdb_search_user_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct ldb_message **msg);
/* Delete User by uid */
struct tevent_req *sysdb_delete_user_by_uid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
uid_t uid);
int sysdb_delete_user_by_uid_recv(struct tevent_req *req);
/* Search Group (gy gid or name) */
struct tevent_req *sysdb_search_group_by_name_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_ctx *sysdb,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char **attrs);
struct tevent_req *sysdb_search_group_by_gid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_ctx *sysdb,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
gid_t gid,
const char **attrs);
int sysdb_search_group_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
struct ldb_message **msg);
/* Delete group by gid */
struct tevent_req *sysdb_delete_group_by_gid_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
gid_t gid);
int sysdb_delete_group_by_gid_recv(struct tevent_req *req);
/* Replace entry attrs */
struct tevent_req *sysdb_set_entry_attr_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct ldb_dn *entry_dn,
struct sysdb_attrs *attrs,
int mod_op);
int sysdb_set_entry_attr_recv(struct tevent_req *req);
/* Replace user attrs */
struct tevent_req *sysdb_set_user_attr_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
int sysdb_set_user_attr_recv(struct tevent_req *req);
/* Replace group attrs */
struct tevent_req *sysdb_set_group_attr_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
struct sysdb_attrs *attrs,
int mod_op);
int sysdb_set_group_attr_recv(struct tevent_req *req);
/* Allocate a new id */
struct tevent_req *sysdb_get_new_id_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain);
int sysdb_get_new_id_recv(struct tevent_req *req, uint32_t *id);
/* Add user (only basic attrs and w/o checks) */
struct tevent_req *sysdb_add_basic_user_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
uid_t uid, gid_t gid,
const char *gecos,
const char *homedir,
const char *shell);
int sysdb_add_basic_user_recv(struct tevent_req *req);
/* Add user (all checks) */
struct tevent_req *sysdb_add_user_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
uid_t uid, gid_t gid,
const char *gecos,
const char *homedir,
const char *shell,
struct sysdb_attrs *attrs);
int sysdb_add_user_recv(struct tevent_req *req);
/* Add group (only basic attrs and w/o checks) */
struct tevent_req *sysdb_add_basic_group_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name, gid_t gid);
int sysdb_add_basic_group_recv(struct tevent_req *req);
/* Add group (all checks) */
struct tevent_req *sysdb_add_group_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name, gid_t gid,
struct sysdb_attrs *attrs);
int sysdb_add_group_recv(struct tevent_req *req);
/* mod_op must be either LDB_FLAG_MOD_ADD or LDB_FLAG_MOD_DELETE */
struct tevent_req *sysdb_mod_group_member_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct ldb_dn *member_dn,
struct ldb_dn *group_dn,
int mod_op);
int sysdb_mod_group_member_recv(struct tevent_req *req);
int sysdb_set_group_gid(struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name, gid_t gid,
sysdb_callback_t fn, void *pvt);
struct tevent_req *sysdb_store_user_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
const char *pwd,
uid_t uid, gid_t gid,
const char *gecos,
const char *homedir,
const char *shell);
int sysdb_store_user_recv(struct tevent_req *req);
struct tevent_req *sysdb_store_group_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *name,
gid_t gid,
const char **members);
int sysdb_store_group_recv(struct tevent_req *req);
struct tevent_req *sysdb_add_group_member_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *group,
const char *member);
int sysdb_add_group_member_recv(struct tevent_req *req);
struct tevent_req *sysdb_remove_group_member_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *group,
const char *member);
int sysdb_remove_group_member_recv(struct tevent_req *req);
/* Password caching function.
* If you are in a transaction ignore sysdb and pass in the handle.
* If you are not in a transaction pass NULL in handle and provide sysdb,
* in this case a transaction will be automatically started and the
* function will be completely wrapped in it's own sysdb transaction */
struct tevent_req *sysdb_cache_password_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct sysdb_ctx *sysdb,
struct sysdb_handle *handle,
struct sss_domain_info *domain,
const char *username,
const char *password);
int sysdb_cache_password_recv(struct tevent_req *req);
/* TODO: remove later
* These functions are available in the latest tevent and are the ones that
* should be used as tevent_req is rightfully opaque there */
#ifndef tevent_req_data
#define tevent_req_data(req, type) ((type *)req->private_state)
#endif
#ifndef tevent_req_set_callback
#define tevent_req_set_callback(req, func, data) \
do { req->async.fn = func; req->async.private_data = data; } while(0)
#endif
#ifndef tevent_req_callback_data
#define tevent_req_callback_data(req, type) ((type *)req->async.private_data)
#endif
#ifndef tevent_req_notify_callback
#define tevent_req_notify_callback(req) \
do { \
if (req->async.fn != NULL) { \
req->async.fn(req); \
} \
} while(0)
#endif
#endif /* __SYS_DB_H__ */
|