6
Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
8
This program is free software; you can redistribute it and/or modify
9
it under the terms of the GNU General Public License as published by
10
the Free Software Foundation; either version 3 of the License, or
11
(at your option) any later version.
13
This program is distributed in the hope that it will be useful,
14
but WITHOUT ANY WARRANTY; without even the implied warranty of
15
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16
GNU General Public License for more details.
18
You should have received a copy of the GNU General Public License
19
along with this program. If not, see <http://www.gnu.org/licenses/>.
22
#include "util/util.h"
23
#include "util/strtonum.h"
24
#include "db/sysdb_private.h"
25
#include "confdb/confdb.h"
28
#define LDB_MODULES_PATH "LDB_MODULES_PATH"
30
static errno_t sysdb_ldb_connect(TALLOC_CTX *mem_ctx, const char *filename,
31
struct ldb_context **_ldb)
34
struct ldb_context *ldb;
41
ldb = ldb_init(mem_ctx, NULL);
46
ret = ldb_set_debug(ldb, ldb_debug_messages, NULL);
47
if (ret != LDB_SUCCESS) {
51
mod_path = getenv(LDB_MODULES_PATH);
52
if (mod_path != NULL) {
53
DEBUG(9, ("Setting ldb module path to [%s].\n", mod_path));
54
ldb_set_modules_dir(ldb, mod_path);
57
ret = ldb_connect(ldb, filename, 0, NULL);
58
if (ret != LDB_SUCCESS) {
67
errno_t sysdb_dn_sanitize(void *mem_ctx, const char *input,
73
val.data = (uint8_t *)talloc_strdup(mem_ctx, input);
78
/* We can't include the trailing NULL because it would
79
* be escaped and result in an unterminated string
81
val.length = strlen(input);
83
*sanitized = ldb_dn_escape_value(mem_ctx, val);
88
talloc_free(val.data);
92
struct ldb_dn *sysdb_custom_subtree_dn(struct sysdb_ctx *ctx, void *memctx,
94
const char *subtree_name)
98
struct ldb_dn *dn = NULL;
100
ret = sysdb_dn_sanitize(NULL, subtree_name, &clean_subtree);
105
dn = ldb_dn_new_fmt(memctx, ctx->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
106
clean_subtree, domain);
107
talloc_free(clean_subtree);
111
struct ldb_dn *sysdb_custom_dn(struct sysdb_ctx *ctx, void *memctx,
112
const char *domain, const char *object_name,
113
const char *subtree_name)
119
struct ldb_dn *dn = NULL;
121
tmp_ctx = talloc_new(NULL);
126
ret = sysdb_dn_sanitize(tmp_ctx, object_name, &clean_name);
131
ret = sysdb_dn_sanitize(tmp_ctx, subtree_name, &clean_subtree);
136
dn = ldb_dn_new_fmt(memctx, ctx->ldb, SYSDB_TMPL_CUSTOM, clean_name,
137
clean_subtree, domain);
140
talloc_free(tmp_ctx);
144
struct ldb_dn *sysdb_user_dn(struct sysdb_ctx *ctx, void *memctx,
145
const char *domain, const char *name)
151
ret = sysdb_dn_sanitize(NULL, name, &clean_name);
156
dn = ldb_dn_new_fmt(memctx, ctx->ldb, SYSDB_TMPL_USER,
158
talloc_free(clean_name);
163
struct ldb_dn *sysdb_group_dn(struct sysdb_ctx *ctx, void *memctx,
164
const char *domain, const char *name)
170
ret = sysdb_dn_sanitize(NULL, name, &clean_name);
175
dn = ldb_dn_new_fmt(memctx, ctx->ldb, SYSDB_TMPL_GROUP,
177
talloc_free(clean_name);
182
struct ldb_dn *sysdb_netgroup_dn(struct sysdb_ctx *ctx, void *memctx,
183
const char *domain, const char *name)
189
ret = sysdb_dn_sanitize(NULL, name, &clean_name);
194
dn = ldb_dn_new_fmt(memctx, ctx->ldb, SYSDB_TMPL_NETGROUP,
196
talloc_free(clean_name);
201
struct ldb_dn *sysdb_netgroup_base_dn(struct sysdb_ctx *ctx, void *memctx,
204
return ldb_dn_new_fmt(memctx, ctx->ldb, SYSDB_TMPL_NETGROUP_BASE, domain);
207
errno_t sysdb_get_rdn(struct sysdb_ctx *ctx, void *memctx,
208
const char *_dn, char **_name, char **_val)
212
const char *attr_name = NULL;
213
const struct ldb_val *val;
216
/* We have to create a tmpctx here because
217
* ldb_dn_new_fmt() fails if memctx is NULL
219
tmpctx = talloc_new(NULL);
224
dn = ldb_dn_new_fmt(tmpctx, ctx->ldb, "%s", _dn);
231
attr_name = ldb_dn_get_rdn_name(dn);
232
if (attr_name == NULL) {
237
*_name = talloc_strdup(memctx, attr_name);
244
val = ldb_dn_get_rdn_val(dn);
247
if (_name) talloc_free(*_name);
251
*_val = talloc_strndup(memctx, (char *) val->data, val->length);
254
if (_name) talloc_free(*_name);
261
talloc_zfree(tmpctx);
265
errno_t sysdb_group_dn_name(struct sysdb_ctx *ctx, void *memctx,
266
const char *_dn, char **_name)
268
return sysdb_get_rdn(ctx, memctx, _dn, NULL, _name);
271
struct ldb_dn *sysdb_domain_dn(struct sysdb_ctx *ctx, void *memctx,
274
return ldb_dn_new_fmt(memctx, ctx->ldb, SYSDB_DOM_BASE, domain);
277
struct ldb_context *sysdb_ctx_get_ldb(struct sysdb_ctx *ctx)
282
struct sysdb_attrs *sysdb_new_attrs(TALLOC_CTX *memctx)
284
return talloc_zero(memctx, struct sysdb_attrs);
287
static int sysdb_attrs_get_el_int(struct sysdb_attrs *attrs, const char *name,
288
bool alloc, struct ldb_message_element **el)
290
struct ldb_message_element *e = NULL;
293
for (i = 0; i < attrs->num; i++) {
294
if (strcasecmp(name, attrs->a[i].name) == 0)
299
e = talloc_realloc(attrs, attrs->a,
300
struct ldb_message_element, attrs->num+1);
301
if (!e) return ENOMEM;
304
e[attrs->num].name = talloc_strdup(e, name);
305
if (!e[attrs->num].name) return ENOMEM;
307
e[attrs->num].num_values = 0;
308
e[attrs->num].values = NULL;
309
e[attrs->num].flags = 0;
311
e = &(attrs->a[attrs->num]);
324
int sysdb_attrs_get_el(struct sysdb_attrs *attrs, const char *name,
325
struct ldb_message_element **el)
327
return sysdb_attrs_get_el_int(attrs, name, true, el);
330
int sysdb_attrs_get_string(struct sysdb_attrs *attrs, const char *name,
333
struct ldb_message_element *el;
336
ret = sysdb_attrs_get_el_int(attrs, name, false, &el);
341
if (el->num_values != 1) {
345
*string = (const char *)el->values[0].data;
349
int sysdb_attrs_get_uint32_t(struct sysdb_attrs *attrs, const char *name,
352
struct ldb_message_element *el;
357
ret = sysdb_attrs_get_el_int(attrs, name, false, &el);
362
if (el->num_values != 1) {
367
val = strtouint32((const char *) el->values[0].data, &endptr, 0);
368
if (errno != 0) return errno;
369
if (*endptr) return EINVAL;
375
int sysdb_attrs_get_string_array(struct sysdb_attrs *attrs, const char *name,
376
TALLOC_CTX *mem_ctx, const char ***string)
378
struct ldb_message_element *el;
383
ret = sysdb_attrs_get_el_int(attrs, name, false, &el);
388
a = talloc_array(mem_ctx, const char *, el->num_values + 1);
393
memset(a, 0, sizeof(const char *) * (el->num_values + 1));
395
for(u = 0; u < el->num_values; u++) {
396
a[u] = talloc_strndup(a, (const char *)el->values[u].data,
397
el->values[u].length);
408
int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
409
const char *name, const struct ldb_val *val)
411
struct ldb_message_element *el = NULL;
412
struct ldb_val *vals;
415
ret = sysdb_attrs_get_el(attrs, name, &el);
420
vals = talloc_realloc(attrs->a, el->values,
421
struct ldb_val, el->num_values+1);
422
if (!vals) return ENOMEM;
424
vals[el->num_values] = ldb_val_dup(vals, val);
425
if (vals[el->num_values].data == NULL &&
426
vals[el->num_values].length != 0) {
436
int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
437
const char *name, const char *str)
441
v.data = (uint8_t *)discard_const(str);
442
v.length = strlen(str);
444
return sysdb_attrs_add_val(attrs, name, &v);
447
int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
448
const char *name, bool value)
451
return sysdb_attrs_add_string(attrs, name, "TRUE");
454
return sysdb_attrs_add_string(attrs, name, "FALSE");
457
int sysdb_attrs_steal_string(struct sysdb_attrs *attrs,
458
const char *name, char *str)
460
struct ldb_message_element *el = NULL;
461
struct ldb_val *vals;
464
ret = sysdb_attrs_get_el(attrs, name, &el);
466
vals = talloc_realloc(attrs->a, el->values,
467
struct ldb_val, el->num_values+1);
468
if (!vals) return ENOMEM;
471
/* now steal and assign the string */
472
talloc_steal(el->values, str);
474
el->values[el->num_values].data = (uint8_t *)str;
475
el->values[el->num_values].length = strlen(str);
481
int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
482
const char *name, long value)
488
str = talloc_asprintf(attrs, "%ld", value);
489
if (!str) return ENOMEM;
491
v.data = (uint8_t *)str;
492
v.length = strlen(str);
494
ret = sysdb_attrs_add_val(attrs, name, &v);
500
int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs,
501
const char *name, uint32_t value)
503
unsigned long val = value;
508
str = talloc_asprintf(attrs, "%lu", val);
509
if (!str) return ENOMEM;
511
v.data = (uint8_t *)str;
512
v.length = strlen(str);
514
ret = sysdb_attrs_add_val(attrs, name, &v);
520
int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs,
521
const char *name, time_t value)
523
long long val = value;
528
str = talloc_asprintf(attrs, "%lld", val);
529
if (!str) return ENOMEM;
531
v.data = (uint8_t *)str;
532
v.length = strlen(str);
534
ret = sysdb_attrs_add_val(attrs, name, &v);
540
int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs,
541
const char *attr_name,
543
const char *const *list)
545
struct ldb_message_element *el = NULL;
546
struct ldb_val *vals;
551
ret = sysdb_attrs_get_el(attrs, attr_name, &el);
556
for (num = 0; list[num]; num++) /* count */ ;
558
vals = talloc_realloc(attrs->a, el->values,
559
struct ldb_val, el->num_values + num);
565
DEBUG(9, ("Adding %d members to existing %d ones\n",
566
num, el->num_values));
568
for (i = 0, j = el->num_values; i < num; i++) {
570
member = sysdb_user_strdn(el->values, domain, list[i]);
572
DEBUG(4, ("Failed to get user dn for [%s]\n", list[i]));
575
el->values[j].data = (uint8_t *)member;
576
el->values[j].length = strlen(member);
579
DEBUG(7, (" member #%d: [%s]\n", i, member));
586
int sysdb_attrs_users_from_ldb_vals(struct sysdb_attrs *attrs,
587
const char *attr_name,
589
struct ldb_val *values,
592
struct ldb_message_element *el = NULL;
593
struct ldb_val *vals;
598
ret = sysdb_attrs_get_el(attrs, attr_name, &el);
603
vals = talloc_realloc(attrs->a, el->values, struct ldb_val,
604
el->num_values + num_values);
610
DEBUG(9, ("Adding %d members to existing %d ones\n",
611
num_values, el->num_values));
613
for (i = 0, j = el->num_values; i < num_values; i++) {
614
member = sysdb_user_strdn(el->values, domain,
615
(char *)values[i].data);
617
DEBUG(4, ("Failed to get user dn for [%s]\n",
618
(char *)values[i].data));
621
el->values[j].data = (uint8_t *)member;
622
el->values[j].length = strlen(member);
625
DEBUG(7, (" member #%d: [%s]\n", i, member));
632
static char *build_dom_dn_str_escape(TALLOC_CTX *memctx, const char *template,
633
const char *domain, const char *name)
638
l = strcspn(name, ",=\n+<>#;\\\"");
639
if (name[l] != '\0') {
643
v.data = discard_const_p(uint8_t, name);
644
v.length = strlen(name);
646
tmp = ldb_dn_escape_value(memctx, v);
651
ret = talloc_asprintf(memctx, template, tmp, domain);
660
ret = talloc_asprintf(memctx, template, name, domain);
668
char *sysdb_user_strdn(TALLOC_CTX *memctx,
669
const char *domain, const char *name)
671
return build_dom_dn_str_escape(memctx, SYSDB_TMPL_USER, domain, name);
674
char *sysdb_group_strdn(TALLOC_CTX *memctx,
675
const char *domain, const char *name)
677
return build_dom_dn_str_escape(memctx, SYSDB_TMPL_GROUP, domain, name);
680
/* TODO: make a more complete and precise mapping */
681
int sysdb_error_to_errno(int ldberr)
686
case LDB_ERR_OPERATIONS_ERROR:
688
case LDB_ERR_NO_SUCH_OBJECT:
692
case LDB_ERR_ENTRY_ALREADY_EXISTS:
699
/* =Transactions========================================================== */
701
int sysdb_transaction_start(struct sysdb_ctx *ctx)
705
ret = ldb_transaction_start(ctx->ldb);
706
if (ret != LDB_SUCCESS) {
707
DEBUG(1, ("Failed to start ldb transaction! (%d)\n", ret));
709
return sysdb_error_to_errno(ret);
712
int sysdb_transaction_commit(struct sysdb_ctx *ctx)
716
ret = ldb_transaction_commit(ctx->ldb);
717
if (ret != LDB_SUCCESS) {
718
DEBUG(1, ("Failed to commit ldb transaction! (%d)\n", ret));
720
return sysdb_error_to_errno(ret);
723
int sysdb_transaction_cancel(struct sysdb_ctx *ctx)
727
ret = ldb_transaction_cancel(ctx->ldb);
728
if (ret != LDB_SUCCESS) {
729
DEBUG(1, ("Failed to cancel ldb transaction! (%d)\n", ret));
731
return sysdb_error_to_errno(ret);
734
/* =Initialization======================================================== */
736
static int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
737
struct sss_domain_info *domain,
740
struct sysdb_ctx **_ctx);
742
static int sysdb_get_db_file(TALLOC_CTX *mem_ctx,
743
const char *provider, const char *name,
744
const char *base_path, char **_ldb_file)
748
/* special case for the local domain */
749
if (strcasecmp(provider, "local") == 0) {
750
ldb_file = talloc_asprintf(mem_ctx, "%s/"LOCAL_SYSDB_FILE,
753
ldb_file = talloc_asprintf(mem_ctx, "%s/"CACHE_SYSDB_FILE,
760
*_ldb_file = ldb_file;
764
/* serach all groups that have a memberUid attribute.
765
* change it into a member attribute for a user of same domain.
766
* remove the memberUid attribute
767
* add the new member attribute
768
* finally stop indexing memberUid
769
* upgrade version to 0.2
771
static int sysdb_upgrade_01(TALLOC_CTX *mem_ctx,
772
struct ldb_context *ldb,
775
struct ldb_message_element *el;
776
struct ldb_result *res;
777
struct ldb_dn *basedn;
778
struct ldb_dn *mem_dn;
779
struct ldb_message *msg;
780
const struct ldb_val *val;
781
const char *filter = "(&(memberUid=*)(objectclass=group))";
782
const char *attrs[] = { "memberUid", NULL };
787
basedn = ldb_dn_new(mem_ctx, ldb, "cn=sysdb");
793
ret = ldb_search(ldb, mem_ctx, &res,
794
basedn, LDB_SCOPE_SUBTREE,
796
if (ret != LDB_SUCCESS) {
801
ret = ldb_transaction_start(ldb);
802
if (ret != LDB_SUCCESS) {
807
for (i = 0; i < res->count; i++) {
808
el = ldb_msg_find_element(res->msgs[i], "memberUid");
810
DEBUG(1, ("memberUid is missing from message [%s], skipping\n",
811
ldb_dn_get_linearized(res->msgs[i]->dn)));
815
/* create modification message */
816
msg = ldb_msg_new(mem_ctx);
821
msg->dn = res->msgs[i]->dn;
823
ret = ldb_msg_add_empty(msg, "memberUid", LDB_FLAG_MOD_DELETE, NULL);
824
if (ret != LDB_SUCCESS) {
829
ret = ldb_msg_add_empty(msg, SYSDB_MEMBER, LDB_FLAG_MOD_ADD, NULL);
830
if (ret != LDB_SUCCESS) {
835
/* get domain name component value */
836
val = ldb_dn_get_component_val(res->msgs[i]->dn, 2);
837
domain = talloc_strndup(mem_ctx, (const char *)val->data, val->length);
843
for (j = 0; j < el->num_values; j++) {
844
mem_dn = ldb_dn_new_fmt(mem_ctx, ldb, SYSDB_TMPL_USER,
845
(const char *)el->values[j].data, domain);
851
mdn = talloc_strdup(msg, ldb_dn_get_linearized(mem_dn));
856
ret = ldb_msg_add_string(msg, SYSDB_MEMBER, mdn);
857
if (ret != LDB_SUCCESS) {
862
talloc_zfree(mem_dn);
865
/* ok now we are ready to modify the entry */
866
ret = ldb_modify(ldb, msg);
867
if (ret != LDB_SUCCESS) {
868
ret = sysdb_error_to_errno(ret);
875
/* conversion done, upgrade version number */
876
msg = ldb_msg_new(mem_ctx);
881
msg->dn = ldb_dn_new(mem_ctx, ldb, "cn=sysdb");
887
ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL);
888
if (ret != LDB_SUCCESS) {
892
ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_2);
893
if (ret != LDB_SUCCESS) {
898
ret = ldb_modify(ldb, msg);
899
if (ret != LDB_SUCCESS) {
900
ret = sysdb_error_to_errno(ret);
908
ldb_transaction_cancel(ldb);
910
ret = ldb_transaction_commit(ldb);
911
if (ret != LDB_SUCCESS) {
915
*ver = SYSDB_VERSION_0_2;
921
static int sysdb_check_upgrade_02(TALLOC_CTX *mem_ctx,
922
struct sss_domain_info *domains,
925
TALLOC_CTX *tmp_ctx = NULL;
926
struct ldb_context *ldb;
928
struct sysdb_ctx *ctx;
929
struct sss_domain_info *dom;
930
struct ldb_message_element *el;
931
struct ldb_message *msg;
932
struct ldb_result *res;
933
struct ldb_dn *verdn;
934
const char *version = NULL;
935
bool do_02_upgrade = false;
936
bool ctx_trans = false;
939
tmp_ctx = talloc_new(mem_ctx);
944
ret = sysdb_get_db_file(mem_ctx,
951
ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb);
953
DEBUG(1, ("sysdb_ldb_connect failed.\n"));
957
verdn = ldb_dn_new(tmp_ctx, ldb, "cn=sysdb");
963
ret = ldb_search(ldb, tmp_ctx, &res,
964
verdn, LDB_SCOPE_BASE,
966
if (ret != LDB_SUCCESS) {
970
if (res->count > 1) {
975
if (res->count == 1) {
976
el = ldb_msg_find_element(res->msgs[0], "version");
978
if (el->num_values != 1) {
982
version = talloc_strndup(tmp_ctx,
983
(char *)(el->values[0].data),
984
el->values[0].length);
990
if (strcmp(version, SYSDB_VERSION) == 0) {
991
/* all fine, return */
996
DEBUG(4, ("Upgrading DB from version: %s\n", version));
998
if (strcmp(version, SYSDB_VERSION_0_1) == 0) {
999
/* convert database */
1000
ret = sysdb_upgrade_01(tmp_ctx, ldb, &version);
1001
if (ret != EOK) goto exit;
1004
if (strcmp(version, SYSDB_VERSION_0_2) == 0) {
1005
/* need to convert database to split files */
1006
do_02_upgrade = true;
1012
if (!do_02_upgrade) {
1013
/* not a v2 upgrade, return and let the normal code take over any
1014
* further upgrade */
1019
/* == V2->V3 UPGRADE == */
1021
DEBUG(0, ("UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_3));
1023
/* ldb uses posix locks,
1024
* posix is stupid and kills all locks when you close *any* file
1025
* descriptor associated to the same file.
1026
* Therefore we must close and reopen the ldb file here */
1028
/* == Backup and reopen ldb == */
1034
ret = backup_file(ldb_file, 0);
1040
ret = sysdb_ldb_connect(tmp_ctx, ldb_file, &ldb);
1042
DEBUG(1, ("sysdb_ldb_connect failed.\n"));
1046
/* open a transaction */
1047
ret = ldb_transaction_start(ldb);
1048
if (ret != LDB_SUCCESS) {
1049
DEBUG(1, ("Failed to start ldb transaction! (%d)\n", ret));
1054
/* == Upgrade contents == */
1056
for (dom = domains; dom; dom = dom->next) {
1057
struct ldb_dn *domain_dn;
1058
struct ldb_dn *users_dn;
1059
struct ldb_dn *groups_dn;
1063
if (strcasecmp(dom->provider, "local") == 0) {
1067
/* create new dom db */
1068
ret = sysdb_domain_init_internal(tmp_ctx, dom,
1069
db_path, false, &ctx);
1074
ret = ldb_transaction_start(ctx->ldb);
1075
if (ret != LDB_SUCCESS) {
1076
DEBUG(1, ("Failed to start ldb transaction! (%d)\n", ret));
1082
/* search all entries for this domain in local,
1083
* copy them all in the new database,
1084
* then remove them from local */
1086
domain_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
1087
SYSDB_DOM_BASE, ctx->domain->name);
1093
ret = ldb_search(ldb, tmp_ctx, &res,
1094
domain_dn, LDB_SCOPE_SUBTREE,
1096
if (ret != LDB_SUCCESS) {
1101
users_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
1102
SYSDB_TMPL_USER_BASE, ctx->domain->name);
1107
groups_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
1108
SYSDB_TMPL_GROUP_BASE, ctx->domain->name);
1114
for (i = 0; i < res->count; i++) {
1116
struct ldb_dn *orig_dn;
1120
/* skip pre-created congtainers */
1121
if ((ldb_dn_compare(msg->dn, domain_dn) == 0) ||
1122
(ldb_dn_compare(msg->dn, users_dn) == 0) ||
1123
(ldb_dn_compare(msg->dn, groups_dn) == 0)) {
1127
/* regenerate the DN against the new ldb as it may have different
1128
* casefolding rules (example: name changing from case insensitive
1129
* to case sensitive) */
1131
msg->dn = ldb_dn_new(msg, ctx->ldb,
1132
ldb_dn_get_linearized(orig_dn));
1138
ret = ldb_add(ctx->ldb, msg);
1139
if (ret != LDB_SUCCESS) {
1140
DEBUG(0, ("WARNING: Could not add entry %s,"
1141
" to new ldb file! (%d [%s])\n",
1142
ldb_dn_get_linearized(msg->dn),
1143
ret, ldb_errstring(ctx->ldb)));
1146
ret = ldb_delete(ldb, orig_dn);
1147
if (ret != LDB_SUCCESS) {
1148
DEBUG(0, ("WARNING: Could not remove entry %s,"
1149
" from old ldb file! (%d [%s])\n",
1150
ldb_dn_get_linearized(orig_dn),
1151
ret, ldb_errstring(ldb)));
1155
/* now remove the basic containers from local */
1156
/* these were optional so debug at level 9 in case
1157
* of failure just for tracing */
1158
ret = ldb_delete(ldb, groups_dn);
1159
if (ret != LDB_SUCCESS) {
1160
DEBUG(9, ("WARNING: Could not remove entry %s,"
1161
" from old ldb file! (%d [%s])\n",
1162
ldb_dn_get_linearized(groups_dn),
1163
ret, ldb_errstring(ldb)));
1165
ret = ldb_delete(ldb, users_dn);
1166
if (ret != LDB_SUCCESS) {
1167
DEBUG(9, ("WARNING: Could not remove entry %s,"
1168
" from old ldb file! (%d [%s])\n",
1169
ldb_dn_get_linearized(users_dn),
1170
ret, ldb_errstring(ldb)));
1172
ret = ldb_delete(ldb, domain_dn);
1173
if (ret != LDB_SUCCESS) {
1174
DEBUG(9, ("WARNING: Could not remove entry %s,"
1175
" from old ldb file! (%d [%s])\n",
1176
ldb_dn_get_linearized(domain_dn),
1177
ret, ldb_errstring(ldb)));
1180
ret = ldb_transaction_commit(ctx->ldb);
1181
if (ret != LDB_SUCCESS) {
1182
DEBUG(1, ("Failed to commit ldb transaction! (%d)\n", ret));
1188
talloc_zfree(domain_dn);
1189
talloc_zfree(groups_dn);
1190
talloc_zfree(users_dn);
1194
/* conversion done, upgrade version number */
1195
msg = ldb_msg_new(tmp_ctx);
1200
msg->dn = ldb_dn_new(tmp_ctx, ldb, "cn=sysdb");
1206
ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL);
1207
if (ret != LDB_SUCCESS) {
1211
ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_3);
1212
if (ret != LDB_SUCCESS) {
1217
ret = ldb_modify(ldb, msg);
1218
if (ret != LDB_SUCCESS) {
1219
ret = sysdb_error_to_errno(ret);
1223
ret = ldb_transaction_commit(ldb);
1224
if (ret != LDB_SUCCESS) {
1225
DEBUG(1, ("Failed to commit ldb transaction! (%d)\n", ret));
1235
ret = ldb_transaction_cancel(ctx->ldb);
1236
if (ret != LDB_SUCCESS) {
1237
DEBUG(1, ("Failed to cancel ldb transaction! (%d)\n", ret));
1240
ret = ldb_transaction_cancel(ldb);
1241
if (ret != LDB_SUCCESS) {
1242
DEBUG(1, ("Failed to cancel ldb transaction! (%d)\n", ret));
1247
talloc_free(tmp_ctx);
1251
static int sysdb_upgrade_03(struct sysdb_ctx *ctx, const char **ver)
1253
TALLOC_CTX *tmp_ctx;
1255
struct ldb_message *msg;
1257
tmp_ctx = talloc_new(ctx);
1262
DEBUG(0, ("UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_4));
1264
ret = ldb_transaction_start(ctx->ldb);
1265
if (ret != LDB_SUCCESS) {
1270
/* Make this database case-sensitive */
1271
msg = ldb_msg_new(tmp_ctx);
1276
msg->dn = ldb_dn_new(tmp_ctx, ctx->ldb, "@ATTRIBUTES");
1282
ret = ldb_msg_add_empty(msg, "name", LDB_FLAG_MOD_DELETE, NULL);
1283
if (ret != LDB_SUCCESS) {
1288
ret = ldb_modify(ctx->ldb, msg);
1289
if (ret != LDB_SUCCESS) {
1290
ret = sysdb_error_to_errno(ret);
1294
/* conversion done, upgrade version number */
1295
msg = ldb_msg_new(tmp_ctx);
1300
msg->dn = ldb_dn_new(tmp_ctx, ctx->ldb, "cn=sysdb");
1306
ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL);
1307
if (ret != LDB_SUCCESS) {
1311
ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_4);
1312
if (ret != LDB_SUCCESS) {
1317
ret = ldb_modify(ctx->ldb, msg);
1318
if (ret != LDB_SUCCESS) {
1319
ret = sysdb_error_to_errno(ret);
1326
talloc_zfree(tmp_ctx);
1329
ret = ldb_transaction_cancel(ctx->ldb);
1331
ret = ldb_transaction_commit(ctx->ldb);
1332
*ver = SYSDB_VERSION_0_4;
1334
if (ret != LDB_SUCCESS) {
1341
static int sysdb_upgrade_04(struct sysdb_ctx *ctx, const char **ver)
1343
TALLOC_CTX *tmp_ctx;
1345
struct ldb_message *msg;
1347
tmp_ctx = talloc_new(ctx);
1352
DEBUG(0, ("UPGRADING DB TO VERSION %s\n", SYSDB_VERSION_0_5));
1354
ret = ldb_transaction_start(ctx->ldb);
1355
if (ret != LDB_SUCCESS) {
1361
msg = ldb_msg_new(tmp_ctx);
1366
msg->dn = ldb_dn_new(tmp_ctx, ctx->ldb, "@INDEXLIST");
1372
ret = ldb_msg_add_empty(msg, "@IDXATTR", LDB_FLAG_MOD_ADD, NULL);
1373
if (ret != LDB_SUCCESS) {
1377
ret = ldb_msg_add_string(msg, "@IDXATTR", "originalDN");
1378
if (ret != LDB_SUCCESS) {
1383
ret = ldb_modify(ctx->ldb, msg);
1384
if (ret != LDB_SUCCESS) {
1385
ret = sysdb_error_to_errno(ret);
1389
/* Rebuild memberuid and memberoif attributes */
1390
msg = ldb_msg_new(tmp_ctx);
1395
msg->dn = ldb_dn_new(tmp_ctx, ctx->ldb, "@MEMBEROF-REBUILD");
1401
ret = ldb_add(ctx->ldb, msg);
1402
if (ret != LDB_SUCCESS) {
1403
ret = sysdb_error_to_errno(ret);
1407
/* conversion done, upgrade version number */
1408
msg = ldb_msg_new(tmp_ctx);
1413
msg->dn = ldb_dn_new(tmp_ctx, ctx->ldb, "cn=sysdb");
1419
ret = ldb_msg_add_empty(msg, "version", LDB_FLAG_MOD_REPLACE, NULL);
1420
if (ret != LDB_SUCCESS) {
1424
ret = ldb_msg_add_string(msg, "version", SYSDB_VERSION_0_5);
1425
if (ret != LDB_SUCCESS) {
1430
ret = ldb_modify(ctx->ldb, msg);
1431
if (ret != LDB_SUCCESS) {
1432
ret = sysdb_error_to_errno(ret);
1439
talloc_zfree(tmp_ctx);
1442
ret = ldb_transaction_cancel(ctx->ldb);
1444
ret = ldb_transaction_commit(ctx->ldb);
1445
*ver = SYSDB_VERSION_0_5;
1447
if (ret != LDB_SUCCESS) {
1454
static int sysdb_domain_init_internal(TALLOC_CTX *mem_ctx,
1455
struct sss_domain_info *domain,
1456
const char *db_path,
1458
struct sysdb_ctx **_ctx)
1460
TALLOC_CTX *tmp_ctx = NULL;
1461
struct sysdb_ctx *ctx;
1462
const char *base_ldif;
1463
struct ldb_ldif *ldif;
1464
struct ldb_message *msg;
1465
struct ldb_message_element *el;
1466
struct ldb_result *res;
1467
struct ldb_dn *verdn;
1468
const char *version = NULL;
1471
ctx = talloc_zero(mem_ctx, struct sysdb_ctx);
1475
ctx->domain = domain;
1477
/* The local provider s the only true MPG,
1478
* for the other domains, the provider actually unrolls MPGs */
1479
if (strcasecmp(domain->provider, "local") == 0) {
1483
ret = sysdb_get_db_file(ctx, domain->provider,
1484
domain->name, db_path,
1489
DEBUG(5, ("DB File for %s: %s\n", domain->name, ctx->ldb_file));
1491
ret = sysdb_ldb_connect(ctx, ctx->ldb_file, &ctx->ldb);
1493
DEBUG(1, ("sysdb_ldb_connect failed.\n"));
1497
tmp_ctx = talloc_new(ctx);
1502
verdn = ldb_dn_new(tmp_ctx, ctx->ldb, "cn=sysdb");
1508
ret = ldb_search(ctx->ldb, tmp_ctx, &res,
1509
verdn, LDB_SCOPE_BASE,
1511
if (ret != LDB_SUCCESS) {
1515
if (res->count > 1) {
1520
if (res->count == 1) {
1521
el = ldb_msg_find_element(res->msgs[0], "version");
1523
if (el->num_values != 1) {
1527
version = talloc_strndup(tmp_ctx,
1528
(char *)(el->values[0].data),
1529
el->values[0].length);
1535
if (strcmp(version, SYSDB_VERSION) == 0) {
1536
/* all fine, return */
1541
if (!allow_upgrade) {
1542
DEBUG(0, ("Wrong DB version (got %s expected %s)\n",
1543
version, SYSDB_VERSION));
1548
DEBUG(4, ("Upgrading DB [%s] from version: %s\n",
1549
domain->name, version));
1551
if (strcmp(version, SYSDB_VERSION_0_3) == 0) {
1552
ret = sysdb_upgrade_03(ctx, &version);
1558
if (strcmp(version, SYSDB_VERSION_0_4) == 0) {
1559
ret = sysdb_upgrade_04(ctx, &version);
1564
DEBUG(0,("Unknown DB version [%s], expected [%s] for domain %s!\n",
1565
version?version:"not found", SYSDB_VERSION, domain->name));
1570
/* cn=sysdb does not exists, means db is empty, populate */
1572
base_ldif = SYSDB_BASE_LDIF;
1573
while ((ldif = ldb_ldif_read_string(ctx->ldb, &base_ldif))) {
1574
ret = ldb_add(ctx->ldb, ldif->msg);
1575
if (ret != LDB_SUCCESS) {
1576
DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n",
1577
ret, ldb_errstring(ctx->ldb), domain->name));
1581
ldb_ldif_read_free(ctx->ldb, ldif);
1584
/* == create base domain object == */
1586
msg = ldb_msg_new(tmp_ctx);
1591
msg->dn = ldb_dn_new_fmt(msg, ctx->ldb, SYSDB_DOM_BASE, domain->name);
1596
ret = ldb_msg_add_fmt(msg, "cn", "%s", domain->name);
1597
if (ret != LDB_SUCCESS) {
1601
/* do a synchronous add */
1602
ret = ldb_add(ctx->ldb, msg);
1603
if (ret != LDB_SUCCESS) {
1604
DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n",
1605
ret, ldb_errstring(ctx->ldb), domain->name));
1611
/* == create Users tree == */
1613
msg = ldb_msg_new(tmp_ctx);
1618
msg->dn = ldb_dn_new_fmt(msg, ctx->ldb,
1619
SYSDB_TMPL_USER_BASE, domain->name);
1624
ret = ldb_msg_add_fmt(msg, "cn", "Users");
1625
if (ret != LDB_SUCCESS) {
1629
/* do a synchronous add */
1630
ret = ldb_add(ctx->ldb, msg);
1631
if (ret != LDB_SUCCESS) {
1632
DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n",
1633
ret, ldb_errstring(ctx->ldb), domain->name));
1639
/* == create Groups tree == */
1641
msg = ldb_msg_new(tmp_ctx);
1646
msg->dn = ldb_dn_new_fmt(msg, ctx->ldb,
1647
SYSDB_TMPL_GROUP_BASE, domain->name);
1652
ret = ldb_msg_add_fmt(msg, "cn", "Groups");
1653
if (ret != LDB_SUCCESS) {
1657
/* do a synchronous add */
1658
ret = ldb_add(ctx->ldb, msg);
1659
if (ret != LDB_SUCCESS) {
1660
DEBUG(0, ("Failed to initialize DB (%d, [%s]) for domain %s!\n",
1661
ret, ldb_errstring(ctx->ldb), domain->name));
1673
talloc_free(tmp_ctx);
1677
int sysdb_init(TALLOC_CTX *mem_ctx,
1678
struct confdb_ctx *cdb,
1679
const char *alt_db_path,
1681
struct sysdb_ctx_list **_ctx_list)
1683
struct sysdb_ctx_list *ctx_list;
1684
struct sss_domain_info *domains, *dom;
1685
struct sysdb_ctx *ctx;
1688
ctx_list = talloc_zero(mem_ctx, struct sysdb_ctx_list);
1694
ctx_list->db_path = talloc_strdup(ctx_list, alt_db_path);
1696
ctx_list->db_path = talloc_strdup(ctx_list, DB_PATH);
1698
if (!ctx_list->db_path) {
1699
talloc_zfree(ctx_list);
1703
/* open a db for each backend */
1704
ret = confdb_get_domains(cdb, &domains);
1706
talloc_zfree(ctx_list);
1710
if (allow_upgrade) {
1711
/* check if we have an old sssd.ldb to upgrade */
1712
ret = sysdb_check_upgrade_02(ctx_list, domains,
1715
talloc_zfree(ctx_list);
1720
for (dom = domains; dom; dom = dom->next) {
1722
ctx_list->dbs = talloc_realloc(ctx_list, ctx_list->dbs,
1724
ctx_list->num_dbs + 1);
1725
if (!ctx_list->dbs) {
1726
talloc_zfree(ctx_list);
1730
ret = sysdb_domain_init_internal(ctx_list, dom,
1732
allow_upgrade, &ctx);
1734
talloc_zfree(ctx_list);
1738
ctx_list->dbs[ctx_list->num_dbs] = ctx;
1739
ctx_list->num_dbs++;
1741
if (ctx_list->num_dbs == 0) {
1743
talloc_zfree(ctx_list);
1747
*_ctx_list = ctx_list;
1752
int sysdb_domain_init(TALLOC_CTX *mem_ctx,
1753
struct sss_domain_info *domain,
1754
const char *db_path,
1755
struct sysdb_ctx **_ctx)
1757
return sysdb_domain_init_internal(mem_ctx, domain,
1758
db_path, false, _ctx);
1761
int sysdb_get_ctx_from_list(struct sysdb_ctx_list *ctx_list,
1762
struct sss_domain_info *domain,
1763
struct sysdb_ctx **ctx)
1767
for (i = 0; i < ctx_list->num_dbs; i++) {
1768
if (ctx_list->dbs[i]->domain == domain) {
1769
*ctx = ctx_list->dbs[i];
1772
if (strcasecmp(ctx_list->dbs[i]->domain->name, domain->name) == 0) {
1773
*ctx = ctx_list->dbs[i];
1777
/* definitely not found */
1782
int compare_ldb_dn_comp_num(const void *m1, const void *m2)
1784
struct ldb_message *msg1 = talloc_get_type(*(void **) discard_const(m1),
1785
struct ldb_message);
1786
struct ldb_message *msg2 = talloc_get_type(*(void **) discard_const(m2),
1787
struct ldb_message);
1789
return ldb_dn_get_comp_num(msg2->dn) - ldb_dn_get_comp_num(msg1->dn);
1792
int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname,
1793
const char *newname)
1795
struct ldb_message_element *e = NULL;
1799
if (attrs == NULL || oldname == NULL || newname == NULL) return EINVAL;
1801
for (i = 0; i < attrs->num; i++) {
1802
if (strcasecmp(oldname, attrs->a[i].name) == 0) {
1805
if (strcasecmp(newname, attrs->a[i].name) == 0) {
1806
DEBUG(3, ("New attribute name [%s] already exists.\n", newname));
1812
dummy = talloc_strdup(attrs, newname);
1813
if (dummy == NULL) {
1814
DEBUG(1, ("talloc_strdup failed.\n"));
1818
talloc_free(discard_const(e->name));
1825
/* Search for all incidences of attr_name in a list of
1826
* sysdb_attrs and add their value to a list
1828
* TODO: Currently only works for single-valued
1829
* attributes. Multi-valued attributes will return
1830
* only the first entry
1832
errno_t sysdb_attrs_to_list(TALLOC_CTX *memctx,
1833
struct sysdb_attrs **attrs,
1835
const char *attr_name,
1846
/* Assume that every attrs entry contains the attr_name
1847
* This may waste a little memory if some entries don't
1848
* have the attribute, but it will save us the trouble
1849
* of continuously resizing the array.
1851
list = talloc_array(memctx, char *, attr_count+1);
1857
/* Loop through all entries in attrs */
1858
for (attr_idx = 0; attr_idx < attr_count; attr_idx++) {
1859
/* Examine each attribute within the entry */
1860
for (i = 0; i < attrs[attr_idx]->num; i++) {
1861
if (strcasecmp(attrs[attr_idx]->a[i].name, attr_name) == 0) {
1862
/* Attribute name matches the requested name
1863
* Copy it to the output list
1865
list[list_idx] = talloc_strdup(
1867
(const char *)attrs[attr_idx]->a[i].values[0].data);
1868
if (!list[list_idx]) {
1874
/* We only support single-valued attributes
1875
* Break here and go on to the next entry
1882
list[list_idx] = NULL;
1884
/* if list_idx < attr_count, do a realloc to
1885
* reclaim unused memory
1887
if (list_idx < attr_count) {
1888
tmp_list = talloc_realloc(memctx, list, char *, list_idx+1);
1900
errno_t sysdb_has_enumerated(struct sysdb_ctx *ctx,
1901
struct sss_domain_info *dom,
1902
bool *has_enumerated)
1906
struct ldb_dn *base_dn;
1907
struct ldb_result *res;
1908
const char *attributes[2] = {SYSDB_HAS_ENUMERATED,
1913
tmpctx = talloc_new(NULL);
1919
base_dn = ldb_dn_new_fmt(tmpctx, ctx->ldb,
1927
lret = ldb_search(ctx->ldb, tmpctx, &res, base_dn,
1928
LDB_SCOPE_BASE, attributes, NULL);
1929
if (lret != LDB_SUCCESS) {
1930
ret = sysdb_error_to_errno(lret);
1934
if (res->count == 0) {
1935
/* This entry has not been populated in LDB
1936
* This is a common case, as unlike LDAP,
1937
* LDB does not need to have all of its parent
1938
* objects actually exist.
1939
* This object in the sysdb exists mostly just
1940
* to contain this attribute.
1942
*has_enumerated = false;
1945
} else if (res->count != 1) {
1946
DEBUG(0, ("Corrupted database. "
1947
"More than one entry for base search.\n"));
1952
/* Object existed. Return the stored value */
1953
*has_enumerated = ldb_msg_find_attr_as_bool(res->msgs[0],
1954
SYSDB_HAS_ENUMERATED,
1960
talloc_free(tmpctx);
1964
errno_t sysdb_set_enumerated(struct sysdb_ctx *ctx,
1965
struct sss_domain_info *dom,
1970
TALLOC_CTX *tmp_ctx;
1971
struct ldb_message *msg;
1972
struct ldb_result *res;
1975
tmp_ctx = talloc_new(NULL);
1981
dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
1989
lret = ldb_search(ctx->ldb, tmp_ctx, &res,
1992
if (lret != LDB_SUCCESS) {
1997
msg = ldb_msg_new(tmp_ctx);
2004
if (res->count == 0) {
2005
lret = ldb_msg_add_string(msg, "cn", dom->name);
2006
if (lret != LDB_SUCCESS) {
2007
ret = sysdb_error_to_errno(lret);
2010
} else if (res->count != 1) {
2011
DEBUG(0, ("Got more than one reply for base search!\n"));
2015
lret = ldb_msg_add_empty(msg, SYSDB_HAS_ENUMERATED,
2016
LDB_FLAG_MOD_REPLACE, NULL);
2017
if (lret != LDB_SUCCESS) {
2018
ret = sysdb_error_to_errno(lret);
2022
lret = ldb_msg_add_fmt(msg, SYSDB_HAS_ENUMERATED, "%s",
2023
enumerated?"TRUE":"FALSE");
2024
if (lret != LDB_SUCCESS) {
2025
ret = sysdb_error_to_errno(lret);
2030
lret = ldb_modify(ctx->ldb, msg);
2032
lret = ldb_add(ctx->ldb, msg);
2035
ret = sysdb_error_to_errno(lret);
2038
talloc_free(tmp_ctx);
2042
errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
2043
struct sysdb_attrs *attrs,
2044
const char *ldap_attr,
2045
const char **_primary)
2048
char *rdn_attr = NULL;
2049
char *rdn_val = NULL;
2050
struct ldb_message_element *sysdb_name_el;
2051
struct ldb_message_element *orig_dn_el;
2053
TALLOC_CTX *tmpctx = NULL;
2055
tmpctx = talloc_new(NULL);
2060
ret = sysdb_attrs_get_el(attrs,
2063
if (sysdb_name_el->num_values == 0) {
2068
if (sysdb_name_el->num_values == 1) {
2069
/* Entry contains only one name. Just return that */
2070
*_primary = (const char *)sysdb_name_el->values[0].data;
2075
/* Multiple values for name. Check whether one matches the RDN */
2077
ret = sysdb_attrs_get_el(attrs, SYSDB_ORIG_DN, &orig_dn_el);
2081
if (orig_dn_el->num_values == 0) {
2082
DEBUG(1, ("Original DN is not available.\n"));
2085
} else if (orig_dn_el->num_values == 1) {
2086
ret = sysdb_get_rdn(sysdb, tmpctx,
2087
(const char *) orig_dn_el->values[0].data,
2091
DEBUG(1, ("Could not get rdn from [%s]\n",
2092
(const char *) orig_dn_el->values[0].data));
2096
DEBUG(1, ("Should not have more than one origDN\n"));
2101
/* First check whether the attribute name matches */
2102
DEBUG(8, ("Comparing attribute names [%s] and [%s]\n",
2103
rdn_attr, ldap_attr));
2104
if (strcasecmp(rdn_attr, ldap_attr) != 0) {
2105
/* Multiple entries, and the RDN attribute doesn't match.
2106
* We have no way of resolving this deterministically,
2109
DEBUG(1, ("Cannot save entry. It has multiple names and the RDN "
2110
"attribute does not match\n"));
2115
for (i = 0; i < sysdb_name_el->num_values; i++) {
2116
if (strcasecmp(rdn_val,
2117
(const char *)sysdb_name_el->values[i].data) == 0) {
2118
/* This name matches the RDN. Use it */
2122
if (i < sysdb_name_el->num_values) {
2123
/* Match was found */
2124
*_primary = (const char *)sysdb_name_el->values[i].data;
2126
/* If we can't match the name to the RDN, we just have to
2127
* throw up our hands. There's no deterministic way to
2128
* decide which name is correct.
2130
DEBUG(1, ("Cannot save entry. Unable to determine groupname\n"));
2139
DEBUG(1, ("Could not determine primary name: [%d][%s]\n",
2140
ret, strerror(ret)));
2142
talloc_free(tmpctx);
2146
errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb,
2147
TALLOC_CTX *mem_ctx,
2148
struct sysdb_attrs **attr_list,
2150
const char *ldap_attr,
2158
/* Assume that every entry has a primary name */
2159
list = talloc_array(mem_ctx, char *, attr_count+1);
2165
for (i = 0; i < attr_count; i++) {
2166
ret = sysdb_attrs_primary_name(sysdb,
2171
DEBUG(1, ("Could not determine primary name\n"));
2172
/* Skip and continue. Don't advance 'j' */
2176
list[j] = talloc_strdup(list, name);
2185
/* NULL-terminate the list */