Line data Source code
1 : /*
2 : SSSD
3 :
4 : System Database Header
5 :
6 : Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
7 :
8 : This program is free software; you can redistribute it and/or modify
9 : it under the terms of the GNU General Public License as published by
10 : the Free Software Foundation; either version 3 of the License, or
11 : (at your option) any later version.
12 :
13 : This program is distributed in the hope that it will be useful,
14 : but WITHOUT ANY WARRANTY; without even the implied warranty of
15 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
16 : GNU General Public License for more details.
17 :
18 : You should have received a copy of the GNU General Public License
19 : along with this program. If not, see <http://www.gnu.org/licenses/>.
20 : */
21 :
22 : #ifndef __SYS_DB_H__
23 : #define __SYS_DB_H__
24 :
25 : #include "util/util.h"
26 : #include "confdb/confdb.h"
27 : #include "sss_client/sss_cli.h"
28 : #include <tevent.h>
29 :
30 : #define CACHE_SYSDB_FILE "cache_%s.ldb"
31 : #define LOCAL_SYSDB_FILE "sssd.ldb"
32 :
33 : #define SYSDB_BASE "cn=sysdb"
34 : #define SYSDB_DOM_BASE "cn=%s,cn=sysdb"
35 : #define SYSDB_USERS_CONTAINER "cn=users"
36 : #define SYSDB_GROUPS_CONTAINER "cn=groups"
37 : #define SYSDB_CUSTOM_CONTAINER "cn=custom"
38 : #define SYSDB_NETGROUP_CONTAINER "cn=Netgroups"
39 : #define SYSDB_RANGE_CONTAINER "cn=ranges"
40 : #define SYSDB_VIEW_CONTAINER "cn=views"
41 : #define SYSDB_TMPL_USER_BASE SYSDB_USERS_CONTAINER","SYSDB_DOM_BASE
42 : #define SYSDB_TMPL_GROUP_BASE SYSDB_GROUPS_CONTAINER","SYSDB_DOM_BASE
43 : #define SYSDB_TMPL_CUSTOM_BASE SYSDB_CUSTOM_CONTAINER","SYSDB_DOM_BASE
44 : #define SYSDB_TMPL_NETGROUP_BASE SYSDB_NETGROUP_CONTAINER","SYSDB_DOM_BASE
45 : #define SYSDB_TMPL_RANGE_BASE SYSDB_RANGE_CONTAINER","SYSDB_BASE
46 : #define SYSDB_TMPL_VIEW_BASE SYSDB_VIEW_CONTAINER","SYSDB_BASE
47 : #define SYSDB_TMPL_VIEW_SEARCH_BASE "cn=%s,"SYSDB_TMPL_VIEW_BASE
48 :
49 : #define SYSDB_SUBDOMAIN_CLASS "subdomain"
50 : #define SYSDB_USER_CLASS "user"
51 : #define SYSDB_GROUP_CLASS "group"
52 : #define SYSDB_NETGROUP_CLASS "netgroup"
53 : #define SYSDB_HOST_CLASS "host"
54 : #define SYSDB_HOSTGROUP_CLASS "hostgroup"
55 : #define SYSDB_SELINUX_USERMAP_CLASS "selinuxusermap"
56 : #define SYSDB_SELINUX_CLASS "selinux"
57 : #define SYSDB_ID_RANGE_CLASS "idRange"
58 : #define SYSDB_DOMAIN_ID_RANGE_CLASS "domainIDRange"
59 : #define SYSDB_TRUSTED_AD_DOMAIN_RANGE_CLASS "TrustedADDomainRange"
60 :
61 : #define SYSDB_NAME "name"
62 : #define SYSDB_NAME_ALIAS "nameAlias"
63 : #define SYSDB_OBJECTCLASS "objectClass"
64 :
65 : #define SYSDB_NEXTID "nextID"
66 : #define SYSDB_UIDNUM "uidNumber"
67 : #define SYSDB_GIDNUM "gidNumber"
68 : #define SYSDB_CREATE_TIME "createTimestamp"
69 :
70 : #define SYSDB_PWD "userPassword"
71 : #define SYSDB_FULLNAME "fullName"
72 : #define SYSDB_HOMEDIR "homeDirectory"
73 : #define SYSDB_SHELL "loginShell"
74 : #define SYSDB_MEMBEROF "memberOf"
75 : #define SYSDB_DISABLED "disabled"
76 :
77 : #define SYSDB_MEMBER "member"
78 : #define SYSDB_MEMBERUID "memberUid"
79 : #define SYSDB_GHOST "ghost"
80 : #define SYSDB_POSIX "isPosix"
81 : #define SYSDB_USER_CATEGORY "userCategory"
82 : #define SYSDB_HOST_CATEGORY "hostCategory"
83 : #define SYSDB_GROUP_TYPE "groupType"
84 :
85 : #define SYSDB_GECOS "gecos"
86 : #define SYSDB_LAST_LOGIN "lastLogin"
87 : #define SYSDB_LAST_ONLINE_AUTH "lastOnlineAuth"
88 : #define SYSDB_LAST_FAILED_LOGIN "lastFailedLogin"
89 : #define SYSDB_FAILED_LOGIN_ATTEMPTS "failedLoginAttempts"
90 : #define SYSDB_LAST_ONLINE_AUTH_WITH_CURR_TOKEN "lastOnlineAuthWithCurrentToken"
91 :
92 : #define SYSDB_LAST_UPDATE "lastUpdate"
93 : #define SYSDB_CACHE_EXPIRE "dataExpireTimestamp"
94 : #define SYSDB_INITGR_EXPIRE "initgrExpireTimestamp"
95 : #define SYSDB_IFP_CACHED "ifpCached"
96 :
97 : #define SYSDB_AUTHORIZED_SERVICE "authorizedService"
98 : #define SYSDB_AUTHORIZED_HOST "authorizedHost"
99 :
100 : #define SYSDB_NETGROUP_TRIPLE "netgroupTriple"
101 : #define SYSDB_ORIG_NETGROUP_MEMBER "originalMemberNisNetgroup"
102 : #define SYSDB_ORIG_NETGROUP_EXTERNAL_HOST "originalExternalHost"
103 : #define SYSDB_NETGROUP_DOMAIN "nisDomain"
104 : #define SYSDB_NETGROUP_MEMBER "memberNisNetgroup"
105 : #define SYSDB_DESCRIPTION "description"
106 :
107 : #define SYSDB_FQDN "fqdn"
108 : #define SYSDB_SERVERHOSTNAME "serverHostname"
109 :
110 : #define SYSDB_CACHEDPWD "cachedPassword"
111 : #define SYSDB_CACHEDPWD_TYPE "cachedPasswordType"
112 : #define SYSDB_CACHEDPWD_FA2_LEN "cachedPasswordSecondFactorLen"
113 :
114 : #define SYSDB_UUID "uniqueID"
115 : #define SYSDB_SID "objectSID"
116 : #define SYSDB_PRIMARY_GROUP "ADPrimaryGroupID"
117 : #define SYSDB_PRIMARY_GROUP_GIDNUM "origPrimaryGroupGidNumber"
118 : #define SYSDB_SID_STR "objectSIDString"
119 : #define SYSDB_UPN "userPrincipalName"
120 : #define SYSDB_CANONICAL_UPN "canonicalUserPrincipalName"
121 : #define SYSDB_CCACHE_FILE "ccacheFile"
122 :
123 : #define SYSDB_ORIG_DN "originalDN"
124 : #define SYSDB_ORIG_MODSTAMP "originalModifyTimestamp"
125 : #define SYSDB_ORIG_MEMBEROF "originalMemberOf"
126 : #define SYSDB_ORIG_MEMBER "orig_member"
127 : #define SYSDB_ORIG_MEMBER_USER "originalMemberUser"
128 : #define SYSDB_ORIG_MEMBER_HOST "originalMemberHost"
129 :
130 : #define SYSDB_USN "entryUSN"
131 : #define SYSDB_HIGH_USN "highestUSN"
132 :
133 : #define SYSDB_SSH_PUBKEY "sshPublicKey"
134 :
135 : #define SYSDB_AUTH_TYPE "authType"
136 : #define SYSDB_USER_CERT "userCertificate"
137 :
138 : #define SYSDB_SUBDOMAIN_REALM "realmName"
139 : #define SYSDB_SUBDOMAIN_FLAT "flatName"
140 : #define SYSDB_SUBDOMAIN_ID "domainID"
141 : #define SYSDB_SUBDOMAIN_MPG "mpg"
142 : #define SYSDB_SUBDOMAIN_ENUM "enumerate"
143 : #define SYSDB_SUBDOMAIN_FOREST "memberOfForest"
144 : #define SYSDB_SUBDOMAIN_TRUST_DIRECTION "trustDirection"
145 :
146 : #define SYSDB_BASE_ID "baseID"
147 : #define SYSDB_ID_RANGE_SIZE "idRangeSize"
148 : #define SYSDB_BASE_RID "baseRID"
149 : #define SYSDB_SECONDARY_BASE_RID "secondaryBaseRID"
150 : #define SYSDB_DOMAIN_ID "domainID"
151 : #define SYSDB_ID_RANGE_TYPE "idRangeType"
152 :
153 : #define ORIGINALAD_PREFIX "originalAD"
154 : #define OVERRIDE_PREFIX "override"
155 : #define SYSDB_DEFAULT_OVERRIDE_NAME "defaultOverrideName"
156 :
157 : #define SYSDB_AD_ACCOUNT_EXPIRES "adAccountExpires"
158 : #define SYSDB_AD_USER_ACCOUNT_CONTROL "adUserAccountControl"
159 :
160 : #define SYSDB_DEFAULT_VIEW_NAME "default"
161 : #define SYSDB_LOCAL_VIEW_NAME "LOCAL" /* reserved for client-side overrides */
162 : #define SYSDB_VIEW_CLASS "view"
163 : #define SYSDB_VIEW_NAME "viewName"
164 : #define SYSDB_OVERRIDE_CLASS "overrride"
165 : #define SYSDB_OVERRIDE_ANCHOR_UUID "overrideAnchorUUID"
166 : #define SYSDB_OVERRIDE_USER_CLASS "userOverride"
167 : #define SYSDB_OVERRIDE_GROUP_CLASS "groupOverride"
168 : #define SYSDB_OVERRIDE_DN "overrideDN"
169 : #define SYSDB_OVERRIDE_OBJECT_DN "overrideObjectDN"
170 :
171 : #define SYSDB_NEXTID_FILTER "("SYSDB_NEXTID"=*)"
172 :
173 : #define SYSDB_UC "objectclass="SYSDB_USER_CLASS
174 : #define SYSDB_GC "objectclass="SYSDB_GROUP_CLASS
175 : #define SYSDB_NC "objectclass="SYSDB_NETGROUP_CLASS
176 : #define SYSDB_MPGC "|("SYSDB_UC")("SYSDB_GC")"
177 :
178 : #define SYSDB_PWNAM_FILTER "(&("SYSDB_UC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
179 : #define SYSDB_PWUID_FILTER "(&("SYSDB_UC")("SYSDB_UIDNUM"=%lu))"
180 : #define SYSDB_PWSID_FILTER "(&("SYSDB_UC")("SYSDB_SID_STR"=%s))"
181 : #define SYSDB_PWUPN_FILTER "(&("SYSDB_UC")(|("SYSDB_UPN"=%s)("SYSDB_CANONICAL_UPN"=%s)))"
182 : #define SYSDB_PWENT_FILTER "("SYSDB_UC")"
183 :
184 : #define SYSDB_GRNAM_FILTER "(&("SYSDB_GC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
185 : #define SYSDB_GRGID_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=%lu))"
186 : #define SYSDB_GRSID_FILTER "(&("SYSDB_GC")("SYSDB_SID_STR"=%s))"
187 : #define SYSDB_GRENT_FILTER "("SYSDB_GC")"
188 : #define SYSDB_GRNAM_MPG_FILTER "(&("SYSDB_MPGC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
189 : #define SYSDB_GRGID_MPG_FILTER "(&("SYSDB_MPGC")("SYSDB_GIDNUM"=%lu))"
190 : #define SYSDB_GRENT_MPG_FILTER "("SYSDB_MPGC")"
191 :
192 : #define SYSDB_INITGR_FILTER "(&("SYSDB_GC")("SYSDB_GIDNUM"=*))"
193 :
194 : #define SYSDB_NETGR_FILTER "(&("SYSDB_NC")(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)))"
195 : #define SYSDB_NETGR_TRIPLES_FILTER "(|("SYSDB_NAME_ALIAS"=%s)("SYSDB_NAME"=%s)("SYSDB_NAME_ALIAS"=%s)("SYSDB_MEMBEROF"=%s))"
196 :
197 : #define SYSDB_SID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_SID_STR"=%s))"
198 : #define SYSDB_UUID_FILTER "(&(|("SYSDB_UC")("SYSDB_GC"))("SYSDB_UUID"=%s))"
199 : #define SYSDB_USER_CERT_FILTER "(&("SYSDB_UC")%s)"
200 :
201 : #define SYSDB_HAS_ENUMERATED "has_enumerated"
202 :
203 : #define SYSDB_DEFAULT_ATTRS SYSDB_LAST_UPDATE, \
204 : SYSDB_CACHE_EXPIRE, \
205 : SYSDB_INITGR_EXPIRE, \
206 : SYSDB_OBJECTCLASS
207 :
208 : #define SYSDB_PW_ATTRS {SYSDB_NAME, SYSDB_UIDNUM, \
209 : SYSDB_GIDNUM, SYSDB_GECOS, \
210 : SYSDB_HOMEDIR, SYSDB_SHELL, \
211 : SYSDB_DEFAULT_ATTRS, \
212 : SYSDB_PRIMARY_GROUP_GIDNUM, \
213 : SYSDB_SID_STR, \
214 : SYSDB_UPN, \
215 : SYSDB_OVERRIDE_DN, \
216 : SYSDB_OVERRIDE_OBJECT_DN, \
217 : SYSDB_DEFAULT_OVERRIDE_NAME, \
218 : NULL}
219 :
220 : #define SYSDB_GRSRC_ATTRS {SYSDB_NAME, SYSDB_GIDNUM, \
221 : SYSDB_MEMBERUID, \
222 : SYSDB_MEMBER, \
223 : SYSDB_GHOST, \
224 : SYSDB_DEFAULT_ATTRS, \
225 : SYSDB_SID_STR, \
226 : SYSDB_OVERRIDE_DN, \
227 : SYSDB_OVERRIDE_OBJECT_DN, \
228 : SYSDB_DEFAULT_OVERRIDE_NAME, \
229 : NULL}
230 :
231 : #define SYSDB_NETGR_ATTRS {SYSDB_NAME, SYSDB_NETGROUP_TRIPLE, \
232 : SYSDB_NETGROUP_MEMBER, \
233 : SYSDB_DEFAULT_ATTRS, \
234 : NULL}
235 :
236 : #define SYSDB_INITGR_ATTR SYSDB_MEMBEROF
237 : #define SYSDB_INITGR_ATTRS {SYSDB_GIDNUM, SYSDB_POSIX, \
238 : SYSDB_DEFAULT_ATTRS, \
239 : SYSDB_ORIG_DN, \
240 : SYSDB_SID_STR, \
241 : SYSDB_NAME, \
242 : SYSDB_OVERRIDE_DN, \
243 : NULL}
244 :
245 : #define SYSDB_TMPL_USER SYSDB_NAME"=%s,"SYSDB_TMPL_USER_BASE
246 : #define SYSDB_TMPL_GROUP SYSDB_NAME"=%s,"SYSDB_TMPL_GROUP_BASE
247 : #define SYSDB_TMPL_NETGROUP SYSDB_NAME"=%s,"SYSDB_TMPL_NETGROUP_BASE
248 : #define SYSDB_TMPL_CUSTOM_SUBTREE "cn=%s,"SYSDB_TMPL_CUSTOM_BASE
249 : #define SYSDB_TMPL_CUSTOM SYSDB_NAME"=%s,cn=%s,"SYSDB_TMPL_CUSTOM_BASE
250 : #define SYSDB_TMPL_RANGE SYSDB_NAME"=%s,"SYSDB_TMPL_RANGE_BASE
251 : #define SYSDB_TMPL_OVERRIDE SYSDB_OVERRIDE_ANCHOR_UUID"=%s,"SYSDB_TMPL_VIEW_SEARCH_BASE
252 :
253 : #define SYSDB_MOD_ADD LDB_FLAG_MOD_ADD
254 : #define SYSDB_MOD_DEL LDB_FLAG_MOD_DELETE
255 : #define SYSDB_MOD_REP LDB_FLAG_MOD_REPLACE
256 :
257 : /* sysdb version check macros */
258 : #define SYSDB_VERSION_ERROR_HINT \
259 : ERROR("Removing cache files in "DB_PATH" should fix the issue, " \
260 : "but note that removing cache files will also remove all of your " \
261 : "cached credentials.\n")
262 :
263 : #define SYSDB_VERSION_LOWER_ERROR(ret) do { \
264 : if (ret == EUCLEAN) { \
265 : ERROR("Lower version of database is expected!\n"); \
266 : SYSDB_VERSION_ERROR_HINT; \
267 : } \
268 : } while(0)
269 :
270 : #define SYSDB_VERSION_HIGHER_ERROR(ret) do { \
271 : if (ret == EMEDIUMTYPE) { \
272 : ERROR("Higher version of database is expected!\n"); \
273 : ERROR("In order to upgrade the database, you must run SSSD.\n"); \
274 : SYSDB_VERSION_ERROR_HINT; \
275 : } \
276 : } while(0)
277 :
278 : /* use this in daemons */
279 : #define SYSDB_VERSION_ERROR_DAEMON(ret) \
280 : SYSDB_VERSION_LOWER_ERROR(ret)
281 :
282 : /* use this in tools */
283 : #define SYSDB_VERSION_ERROR(ret) \
284 : SYSDB_VERSION_LOWER_ERROR(ret); \
285 : SYSDB_VERSION_HIGHER_ERROR(ret)
286 :
287 : struct confdb_ctx;
288 : struct sysdb_ctx;
289 :
290 : struct sysdb_attrs {
291 : int num;
292 : struct ldb_message_element *a;
293 : };
294 :
295 : /* sysdb_attrs helper functions */
296 : struct sysdb_attrs *sysdb_new_attrs(TALLOC_CTX *mem_ctx);
297 :
298 : struct range_info {
299 : char *name;
300 : uint32_t base_id;
301 : uint32_t id_range_size;
302 : uint32_t base_rid;
303 : uint32_t secondary_base_rid;
304 : char *trusted_dom_sid;
305 : char *range_type;
306 : };
307 :
308 :
309 : /* values are copied in the structure, allocated on "attrs" */
310 : int sysdb_attrs_add_val(struct sysdb_attrs *attrs,
311 : const char *name, const struct ldb_val *val);
312 : int sysdb_attrs_add_val_safe(struct sysdb_attrs *attrs,
313 : const char *name, const struct ldb_val *val);
314 : int sysdb_attrs_add_string_safe(struct sysdb_attrs *attrs,
315 : const char *name, const char *str);
316 : int sysdb_attrs_add_string(struct sysdb_attrs *attrs,
317 : const char *name, const char *str);
318 : int sysdb_attrs_add_lower_case_string(struct sysdb_attrs *attrs,
319 : const char *name, const char *str);
320 : int sysdb_attrs_add_mem(struct sysdb_attrs *attrs, const char *name,
321 : const void *mem, size_t size);
322 : int sysdb_attrs_add_bool(struct sysdb_attrs *attrs,
323 : const char *name, bool value);
324 : int sysdb_attrs_add_long(struct sysdb_attrs *attrs,
325 : const char *name, long value);
326 : int sysdb_attrs_add_uint32(struct sysdb_attrs *attrs,
327 : const char *name, uint32_t value);
328 : int sysdb_attrs_add_time_t(struct sysdb_attrs *attrs,
329 : const char *name, time_t value);
330 : int sysdb_attrs_add_lc_name_alias(struct sysdb_attrs *attrs,
331 : const char *value);
332 : int sysdb_attrs_copy_values(struct sysdb_attrs *src,
333 : struct sysdb_attrs *dst,
334 : const char *name);
335 : int sysdb_attrs_get_el(struct sysdb_attrs *attrs, const char *name,
336 : struct ldb_message_element **el);
337 : int sysdb_attrs_get_el_ext(struct sysdb_attrs *attrs, const char *name,
338 : bool alloc, struct ldb_message_element **el);
339 : int sysdb_attrs_steal_string(struct sysdb_attrs *attrs,
340 : const char *name, char *str);
341 : int sysdb_attrs_get_string(struct sysdb_attrs *attrs, const char *name,
342 : const char **string);
343 : const char **sss_ldb_el_to_string_list(TALLOC_CTX *mem_ctx,
344 : struct ldb_message_element *el);
345 : int sysdb_attrs_get_string_array(struct sysdb_attrs *attrs, const char *name,
346 : TALLOC_CTX *mem_ctx, const char ***string);
347 : errno_t sysdb_attrs_get_bool(struct sysdb_attrs *attrs, const char *name,
348 : bool *value);
349 : int sysdb_attrs_get_uint16_t(struct sysdb_attrs *attrs, const char *name,
350 : uint16_t *value);
351 : int sysdb_attrs_get_int32_t(struct sysdb_attrs *attrs, const char *name,
352 : int32_t *value);
353 : int sysdb_attrs_get_uint32_t(struct sysdb_attrs *attrs, const char *name,
354 : uint32_t *value);
355 :
356 : int sysdb_attrs_replace_name(struct sysdb_attrs *attrs, const char *oldname,
357 : const char *newname);
358 :
359 : int sysdb_attrs_users_from_str_list(struct sysdb_attrs *attrs,
360 : const char *attr_name,
361 : const char *domain,
362 : const char *const *list);
363 : errno_t sysdb_attrs_primary_name(struct sysdb_ctx *sysdb,
364 : struct sysdb_attrs *attrs,
365 : const char *ldap_attr,
366 : const char **_primary);
367 : errno_t sysdb_attrs_get_aliases(TALLOC_CTX *mem_ctx,
368 : struct sysdb_attrs *attrs,
369 : const char *primary,
370 : bool lowercase,
371 : const char ***_aliases);
372 : errno_t sysdb_attrs_primary_name_list(struct sysdb_ctx *sysdb,
373 : TALLOC_CTX *mem_ctx,
374 : struct sysdb_attrs **attr_list,
375 : size_t attr_count,
376 : const char *ldap_attr,
377 : char ***name_list);
378 : errno_t sysdb_get_real_name(TALLOC_CTX *mem_ctx,
379 : struct sss_domain_info *domain,
380 : const char *name_or_upn,
381 : const char **_cname);
382 :
383 : errno_t sysdb_msg2attrs(TALLOC_CTX *mem_ctx, size_t count,
384 : struct ldb_message **msgs,
385 : struct sysdb_attrs ***attrs);
386 :
387 : /* convert an ldb error into an errno error */
388 : int sysdb_error_to_errno(int ldberr);
389 :
390 : /* DNs related helper functions */
391 : errno_t sysdb_get_rdn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx,
392 : const char *dn, char **_name, char **_val);
393 : struct ldb_dn *sysdb_user_dn(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
394 : const char *name);
395 : struct ldb_dn *sysdb_user_base_dn(TALLOC_CTX *mem_ctx,
396 : struct sss_domain_info *dom);
397 : struct ldb_dn *sysdb_group_dn(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
398 : const char *name);
399 : struct ldb_dn *sysdb_group_base_dn(TALLOC_CTX *mem_ctx,
400 : struct sss_domain_info *dom);
401 : struct ldb_dn *sysdb_netgroup_dn(TALLOC_CTX *mem_ctx,
402 : struct sss_domain_info *dom, const char *name);
403 : struct ldb_dn *sysdb_netgroup_base_dn(TALLOC_CTX *mem_ctx,
404 : struct sss_domain_info *dom);
405 : errno_t sysdb_group_dn_name(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx,
406 : const char *dn_str, char **name);
407 : struct ldb_dn *sysdb_domain_dn(TALLOC_CTX *mem_ctx,
408 : struct sss_domain_info *dom);
409 : struct ldb_dn *sysdb_base_dn(struct sysdb_ctx *sysdb, TALLOC_CTX *mem_ctx);
410 : struct ldb_dn *sysdb_custom_dn(TALLOC_CTX *mem_ctx,
411 : struct sss_domain_info *dom,
412 : const char *object_name,
413 : const char *subtree_name);
414 : struct ldb_dn *sysdb_custom_subtree_dn(TALLOC_CTX *mem_ctx,
415 : struct sss_domain_info *dom,
416 : const char *subtree_name);
417 :
418 : char *sysdb_user_strdn(TALLOC_CTX *mem_ctx,
419 : const char *domain, const char *name);
420 : char *sysdb_group_strdn(TALLOC_CTX *mem_ctx,
421 : const char *domain, const char *name);
422 :
423 :
424 : struct ldb_context *sysdb_ctx_get_ldb(struct sysdb_ctx *sysdb);
425 :
426 : int compare_ldb_dn_comp_num(const void *m1, const void *m2);
427 :
428 : /* functions to start and finish transactions */
429 : int sysdb_transaction_start(struct sysdb_ctx *sysdb);
430 : int sysdb_transaction_commit(struct sysdb_ctx *sysdb);
431 : int sysdb_transaction_cancel(struct sysdb_ctx *sysdb);
432 :
433 : /* functions related to subdomains */
434 : errno_t sysdb_domain_create(struct sysdb_ctx *sysdb, const char *domain_name);
435 :
436 : errno_t sysdb_subdomain_store(struct sysdb_ctx *sysdb,
437 : const char *name, const char *realm,
438 : const char *flat_name, const char *domain_id,
439 : bool mpg, bool enumerate, const char *forest,
440 : uint32_t trust_direction);
441 :
442 : errno_t sysdb_update_subdomains(struct sss_domain_info *domain);
443 :
444 : errno_t sysdb_master_domain_update(struct sss_domain_info *domain);
445 :
446 : errno_t sysdb_master_domain_add_info(struct sss_domain_info *domain,
447 : const char *realm,
448 : const char *flat,
449 : const char *id,
450 : const char* forest);
451 :
452 : errno_t sysdb_subdomain_delete(struct sysdb_ctx *sysdb, const char *name);
453 :
454 : errno_t sysdb_get_ranges(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
455 : size_t *range_count,
456 : struct range_info ***range_list);
457 : errno_t sysdb_range_create(struct sysdb_ctx *sysdb, struct range_info *range);
458 : errno_t sysdb_update_ranges(struct sysdb_ctx *sysdb,
459 : struct range_info **ranges);
460 :
461 : errno_t sysdb_update_view_name(struct sysdb_ctx *sysdb, const char *view_name);
462 :
463 : errno_t sysdb_get_view_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
464 : char **view_name);
465 :
466 0 : static inline bool is_default_view(const char *view_name)
467 : {
468 : /* NULL is treated as default */
469 0 : if (view_name == NULL
470 0 : || strcmp(view_name, SYSDB_DEFAULT_VIEW_NAME) == 0) {
471 0 : return true;
472 : } else {
473 0 : return false;
474 : }
475 : }
476 :
477 2 : static inline bool is_local_view(const char *view_name)
478 : {
479 : /* NULL is treated as default */
480 2 : if (view_name != NULL
481 2 : && strcmp(view_name, SYSDB_LOCAL_VIEW_NAME) == 0) {
482 1 : return true;
483 : } else {
484 1 : return false;
485 : }
486 : }
487 :
488 : errno_t sysdb_delete_view_tree(struct sysdb_ctx *sysdb, const char *view_name);
489 :
490 : errno_t sysdb_invalidate_overrides(struct sysdb_ctx *sysdb);
491 :
492 : errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
493 : struct sysdb_attrs *override_attrs,
494 : struct ldb_dn *obj_dn);
495 :
496 : errno_t sysdb_search_user_override_attrs_by_name(TALLOC_CTX *mem_ctx,
497 : struct sss_domain_info *domain,
498 : const char *name,
499 : const char **attrs,
500 : struct ldb_result **override_obj,
501 : struct ldb_result **orig_obj);
502 :
503 : errno_t sysdb_search_group_override_attrs_by_name(TALLOC_CTX *mem_ctx,
504 : struct sss_domain_info *domain,
505 : const char *name,
506 : const char **attrs,
507 : struct ldb_result **override_obj,
508 : struct ldb_result **orig_obj);
509 :
510 : errno_t sysdb_search_user_override_by_name(TALLOC_CTX *mem_ctx,
511 : struct sss_domain_info *domain,
512 : const char *name,
513 : struct ldb_result **override_obj,
514 : struct ldb_result **orig_obj);
515 :
516 : errno_t sysdb_search_group_override_by_name(TALLOC_CTX *mem_ctx,
517 : struct sss_domain_info *domain,
518 : const char *name,
519 : struct ldb_result **override_obj,
520 : struct ldb_result **orig_obj);
521 :
522 : errno_t sysdb_search_user_override_by_uid(TALLOC_CTX *mem_ctx,
523 : struct sss_domain_info *domain,
524 : uid_t uid,
525 : struct ldb_result **override_obj,
526 : struct ldb_result **orig_obj);
527 :
528 : errno_t sysdb_search_group_override_by_gid(TALLOC_CTX *mem_ctx,
529 : struct sss_domain_info *domain,
530 : gid_t gid,
531 : struct ldb_result **override_obj,
532 : struct ldb_result **orig_obj);
533 :
534 : errno_t sysdb_add_overrides_to_object(struct sss_domain_info *domain,
535 : struct ldb_message *obj,
536 : struct ldb_message *override_obj,
537 : const char **req_attrs);
538 :
539 : errno_t sysdb_add_group_member_overrides(struct sss_domain_info *domain,
540 : struct ldb_message *obj);
541 :
542 : errno_t sysdb_getpwnam_with_views(TALLOC_CTX *mem_ctx,
543 : struct sss_domain_info *domain,
544 : const char *name,
545 : struct ldb_result **res);
546 :
547 : errno_t sysdb_getpwuid_with_views(TALLOC_CTX *mem_ctx,
548 : struct sss_domain_info *domain,
549 : uid_t uid,
550 : struct ldb_result **res);
551 :
552 : int sysdb_getgrnam_with_views(TALLOC_CTX *mem_ctx,
553 : struct sss_domain_info *domain,
554 : const char *name,
555 : struct ldb_result **res);
556 :
557 : int sysdb_getgrgid_with_views(TALLOC_CTX *mem_ctx,
558 : struct sss_domain_info *domain,
559 : gid_t gid,
560 : struct ldb_result **res);
561 :
562 : struct ldb_message_element *
563 : sss_view_ldb_msg_find_element(struct sss_domain_info *dom,
564 : const struct ldb_message *msg,
565 : const char *attr_name);
566 :
567 : const char *sss_view_ldb_msg_find_attr_as_string(struct sss_domain_info *dom,
568 : const struct ldb_message *msg,
569 : const char *attr_name,
570 : const char * default_value);
571 :
572 : uint64_t sss_view_ldb_msg_find_attr_as_uint64(struct sss_domain_info *dom,
573 : const struct ldb_message *msg,
574 : const char *attr_name,
575 : uint64_t default_value);
576 :
577 : /* Sysdb initialization.
578 : * call this function *only* once to initialize the database and get
579 : * the sysdb ctx */
580 : int sysdb_init(TALLOC_CTX *mem_ctx,
581 : struct sss_domain_info *domains,
582 : bool allow_upgrade);
583 :
584 : /* Same as sysdb_init, but additionally allows to change
585 : * file ownership of the sysdb databases. */
586 : int sysdb_init_ext(TALLOC_CTX *mem_ctx,
587 : struct sss_domain_info *domains,
588 : bool allow_upgrade,
589 : bool chown_dbfile,
590 : uid_t uid, gid_t gid);
591 :
592 : /* used to initialize only one domain database.
593 : * Do NOT use if sysdb_init has already been called */
594 : int sysdb_domain_init(TALLOC_CTX *mem_ctx,
595 : struct sss_domain_info *domain,
596 : const char *db_path,
597 : struct sysdb_ctx **_ctx);
598 :
599 : /* functions to retrieve information from sysdb
600 : * These functions automatically starts an operation
601 : * therefore they cannot be called within a transaction */
602 : int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
603 : struct sss_domain_info *domain,
604 : const char *name,
605 : struct ldb_result **res);
606 :
607 : int sysdb_getpwuid(TALLOC_CTX *mem_ctx,
608 : struct sss_domain_info *domain,
609 : uid_t uid,
610 : struct ldb_result **res);
611 :
612 : int sysdb_getpwupn(TALLOC_CTX *mem_ctx,
613 : struct sss_domain_info *domain,
614 : const char *upn,
615 : struct ldb_result **res);
616 :
617 : int sysdb_enumpwent(TALLOC_CTX *mem_ctx,
618 : struct sss_domain_info *domain,
619 : struct ldb_result **res);
620 :
621 : int sysdb_enumpwent_filter(TALLOC_CTX *mem_ctx,
622 : struct sss_domain_info *domain,
623 : const char *name_filter,
624 : const char *addtl_filter,
625 : struct ldb_result **res);
626 :
627 : int sysdb_enumpwent_with_views(TALLOC_CTX *mem_ctx,
628 : struct sss_domain_info *domain,
629 : struct ldb_result **res);
630 :
631 : int sysdb_enumpwent_filter_with_views(TALLOC_CTX *mem_ctx,
632 : struct sss_domain_info *domain,
633 : const char *name_filter,
634 : const char *addtl_filter,
635 : struct ldb_result **res);
636 :
637 : int sysdb_getgrnam(TALLOC_CTX *mem_ctx,
638 : struct sss_domain_info *domain,
639 : const char *name,
640 : struct ldb_result **res);
641 :
642 : int sysdb_getgrgid(TALLOC_CTX *mem_ctx,
643 : struct sss_domain_info *domain,
644 : gid_t gid,
645 : struct ldb_result **res);
646 :
647 : int sysdb_enumgrent(TALLOC_CTX *mem_ctx,
648 : struct sss_domain_info *domain,
649 : struct ldb_result **res);
650 :
651 : int sysdb_enumgrent_filter(TALLOC_CTX *mem_ctx,
652 : struct sss_domain_info *domain,
653 : const char *name_filter,
654 : const char *addtl_filter,
655 : struct ldb_result **res);
656 :
657 : int sysdb_enumgrent_with_views(TALLOC_CTX *mem_ctx,
658 : struct sss_domain_info *domain,
659 : struct ldb_result **res);
660 :
661 : int sysdb_enumgrent_filter_with_views(TALLOC_CTX *mem_ctx,
662 : struct sss_domain_info *domain,
663 : const char *name_filter,
664 : const char *addtl_filter,
665 : struct ldb_result **res);
666 :
667 : struct sysdb_netgroup_ctx {
668 : enum {SYSDB_NETGROUP_TRIPLE_VAL, SYSDB_NETGROUP_GROUP_VAL} type;
669 : union {
670 : struct {
671 : char *hostname;
672 : char *username;
673 : char *domainname;
674 : } triple;
675 : char *groupname;
676 : } value;
677 : };
678 :
679 : errno_t sysdb_getnetgr(TALLOC_CTX *mem_ctx,
680 : struct sss_domain_info *domain,
681 : const char *netgroup,
682 : struct ldb_result **res);
683 :
684 : int sysdb_initgroups(TALLOC_CTX *mem_ctx,
685 : struct sss_domain_info *domain,
686 : const char *name,
687 : struct ldb_result **res);
688 :
689 : int sysdb_initgroups_by_upn(TALLOC_CTX *mem_ctx,
690 : struct sss_domain_info *domain,
691 : const char *upn,
692 : struct ldb_result **res);
693 :
694 : int sysdb_initgroups_with_views(TALLOC_CTX *mem_ctx,
695 : struct sss_domain_info *domain,
696 : const char *name,
697 : struct ldb_result **res);
698 :
699 : int sysdb_get_user_attr(TALLOC_CTX *mem_ctx,
700 : struct sss_domain_info *domain,
701 : const char *name,
702 : const char **attributes,
703 : struct ldb_result **res);
704 :
705 : int sysdb_get_user_attr_with_views(TALLOC_CTX *mem_ctx,
706 : struct sss_domain_info *domain,
707 : const char *name,
708 : const char **attributes,
709 : struct ldb_result **res);
710 :
711 : int sysdb_get_netgroup_attr(TALLOC_CTX *mem_ctx,
712 : struct sss_domain_info *domain,
713 : const char *netgrname,
714 : const char **attributes,
715 : struct ldb_result **res);
716 :
717 : /* functions that modify the databse
718 : * they have to be called within a transaction
719 : * See sysdb_transaction_send()/_recv() */
720 :
721 : /* Permissive modify */
722 : int sss_ldb_modify_permissive(struct ldb_context *ldb,
723 : struct ldb_message *msg);
724 :
725 : /* Delete Entry */
726 : int sysdb_delete_entry(struct sysdb_ctx *sysdb,
727 : struct ldb_dn *dn,
728 : bool ignore_not_found);
729 :
730 : int sysdb_delete_recursive(struct sysdb_ctx *sysdb,
731 : struct ldb_dn *dn,
732 : bool ignore_not_found);
733 :
734 : /* Mark entry as expired */
735 : errno_t sysdb_mark_entry_as_expired_ldb_dn(struct sss_domain_info *dom,
736 : struct ldb_dn *ldbdn);
737 : errno_t sysdb_mark_entry_as_expired_ldb_val(struct sss_domain_info *dom,
738 : struct ldb_val *dn_val);
739 :
740 : /* Search Entry */
741 : int sysdb_search_entry(TALLOC_CTX *mem_ctx,
742 : struct sysdb_ctx *sysdb,
743 : struct ldb_dn *base_dn,
744 : enum ldb_scope scope,
745 : const char *filter,
746 : const char **attrs,
747 : size_t *_msgs_count,
748 : struct ldb_message ***_msgs);
749 :
750 : #define SSS_LDB_SEARCH(ret, ldb, mem_ctx, _result, base, scope, attrs, \
751 : exp_fmt, ...) do { \
752 : int _sls_lret; \
753 : \
754 : _sls_lret = ldb_search(ldb, mem_ctx, _result, base, scope, attrs, \
755 : exp_fmt, ##__VA_ARGS__); \
756 : ret = sysdb_error_to_errno(_sls_lret); \
757 : if (ret == EOK && (*_result)->count == 0) { \
758 : ret = ENOENT; \
759 : } \
760 : } while(0)
761 :
762 : /* Search User (by uid, sid or name) */
763 : int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
764 : struct sss_domain_info *domain,
765 : const char *name,
766 : const char **attrs,
767 : struct ldb_message **msg);
768 :
769 : int sysdb_search_user_by_uid(TALLOC_CTX *mem_ctx,
770 : struct sss_domain_info *domain,
771 : uid_t uid,
772 : const char **attrs,
773 : struct ldb_message **msg);
774 :
775 : int sysdb_search_user_by_sid_str(TALLOC_CTX *mem_ctx,
776 : struct sss_domain_info *domain,
777 : const char *sid_str,
778 : const char **attrs,
779 : struct ldb_message **msg);
780 :
781 : int sysdb_search_user_by_upn_res(TALLOC_CTX *mem_ctx,
782 : struct sss_domain_info *domain,
783 : const char *upn,
784 : const char **attrs,
785 : struct ldb_result **out_res);
786 :
787 : int sysdb_search_user_by_upn(TALLOC_CTX *mem_ctx,
788 : struct sss_domain_info *domain,
789 : const char *sid_str,
790 : const char **attrs,
791 : struct ldb_message **msg);
792 :
793 : /* Search Group (by gid, sid or name) */
794 : int sysdb_search_group_by_name(TALLOC_CTX *mem_ctx,
795 : struct sss_domain_info *domain,
796 : const char *name,
797 : const char **attrs,
798 : struct ldb_message **msg);
799 :
800 : int sysdb_search_group_by_gid(TALLOC_CTX *mem_ctx,
801 : struct sss_domain_info *domain,
802 : gid_t gid,
803 : const char **attrs,
804 : struct ldb_message **msg);
805 :
806 : int sysdb_search_group_by_sid_str(TALLOC_CTX *mem_ctx,
807 : struct sss_domain_info *domain,
808 : const char *sid_str,
809 : const char **attrs,
810 : struct ldb_message **msg);
811 :
812 : /* Search Netgroup (by name) */
813 : int sysdb_search_netgroup_by_name(TALLOC_CTX *mem_ctx,
814 : struct sss_domain_info *domain,
815 : const char *name,
816 : const char **attrs,
817 : struct ldb_message **msg);
818 :
819 : /* Replace entry attrs */
820 : int sysdb_set_entry_attr(struct sysdb_ctx *sysdb,
821 : struct ldb_dn *entry_dn,
822 : struct sysdb_attrs *attrs,
823 : int mod_op);
824 :
825 : /* Replace user attrs */
826 : int sysdb_set_user_attr(struct sss_domain_info *domain,
827 : const char *name,
828 : struct sysdb_attrs *attrs,
829 : int mod_op);
830 :
831 : /* Replace group attrs */
832 : int sysdb_set_group_attr(struct sss_domain_info *domain,
833 : const char *name,
834 : struct sysdb_attrs *attrs,
835 : int mod_op);
836 :
837 : /* Replace netgroup attrs */
838 : int sysdb_set_netgroup_attr(struct sss_domain_info *domain,
839 : const char *name,
840 : struct sysdb_attrs *attrs,
841 : int mod_op);
842 :
843 : /* Allocate a new id */
844 : int sysdb_get_new_id(struct sss_domain_info *domain,
845 : uint32_t *id);
846 :
847 : /* Add user (only basic attrs and w/o checks) */
848 : int sysdb_add_basic_user(struct sss_domain_info *domain,
849 : const char *name,
850 : uid_t uid, gid_t gid,
851 : const char *gecos,
852 : const char *homedir,
853 : const char *shell);
854 :
855 : /* Add user (all checks) */
856 : int sysdb_add_user(struct sss_domain_info *domain,
857 : const char *name,
858 : uid_t uid, gid_t gid,
859 : const char *gecos,
860 : const char *homedir,
861 : const char *shell,
862 : const char *orig_dn,
863 : struct sysdb_attrs *attrs,
864 : int cache_timeout,
865 : time_t now);
866 :
867 : /* Add group (only basic attrs and w/o checks) */
868 : int sysdb_add_basic_group(struct sss_domain_info *domain,
869 : const char *name, gid_t gid);
870 :
871 : /* Add group (all checks) */
872 : int sysdb_add_group(struct sss_domain_info *domain,
873 : const char *name, gid_t gid,
874 : struct sysdb_attrs *attrs,
875 : int cache_timeout,
876 : time_t now);
877 :
878 : int sysdb_add_incomplete_group(struct sss_domain_info *domain,
879 : const char *name,
880 : gid_t gid,
881 : const char *original_dn,
882 : const char *sid_str,
883 : const char *uuid,
884 : bool posix,
885 : time_t now);
886 :
887 : /* Add netgroup (only basic attrs and w/o checks) */
888 : int sysdb_add_basic_netgroup(struct sss_domain_info *domain,
889 : const char *name, const char *description);
890 :
891 : int sysdb_add_netgroup(struct sss_domain_info *domain,
892 : const char *name,
893 : const char *description,
894 : struct sysdb_attrs *attrs,
895 : char **missing,
896 : int cache_timeout,
897 : time_t now);
898 :
899 : /* mod_op must be either LDB_FLAG_MOD_ADD or LDB_FLAG_MOD_DELETE */
900 : int sysdb_mod_group_member(struct sss_domain_info *domain,
901 : struct ldb_dn *member_dn,
902 : struct ldb_dn *group_dn,
903 : int mod_op);
904 :
905 : int sysdb_store_user(struct sss_domain_info *domain,
906 : const char *name,
907 : const char *pwd,
908 : uid_t uid, gid_t gid,
909 : const char *gecos,
910 : const char *homedir,
911 : const char *shell,
912 : const char *orig_dn,
913 : struct sysdb_attrs *attrs,
914 : char **remove_attrs,
915 : uint64_t cache_timeout,
916 : time_t now);
917 :
918 : int sysdb_store_group(struct sss_domain_info *domain,
919 : const char *name,
920 : gid_t gid,
921 : struct sysdb_attrs *attrs,
922 : uint64_t cache_timeout,
923 : time_t now);
924 :
925 : enum sysdb_member_type {
926 : SYSDB_MEMBER_USER,
927 : SYSDB_MEMBER_GROUP,
928 : SYSDB_MEMBER_NETGROUP,
929 : SYSDB_MEMBER_SERVICE,
930 : };
931 :
932 : int sysdb_add_group_member(struct sss_domain_info *domain,
933 : const char *group,
934 : const char *member,
935 : enum sysdb_member_type type,
936 : bool is_dn);
937 :
938 : int sysdb_remove_group_member(struct sss_domain_info *domain,
939 : const char *group,
940 : const char *member,
941 : enum sysdb_member_type type,
942 : bool is_dn);
943 :
944 : errno_t sysdb_update_members(struct sss_domain_info *domain,
945 : const char *member,
946 : enum sysdb_member_type type,
947 : const char *const *add_groups,
948 : const char *const *del_groups);
949 :
950 : errno_t sysdb_update_members_dn(struct sss_domain_info *member_domain,
951 : const char *member,
952 : enum sysdb_member_type type,
953 : const char *const *add_groups,
954 : const char *const *del_groups);
955 :
956 : errno_t sysdb_store_override(struct sss_domain_info *domain,
957 : const char *view_name,
958 : enum sysdb_member_type type,
959 : struct sysdb_attrs *attrs, struct ldb_dn *obj_dn);
960 :
961 : /* Password caching function.
962 : * If you are in a transaction ignore sysdb and pass in the handle.
963 : * If you are not in a transaction pass NULL in handle and provide sysdb,
964 : * in this case a transaction will be automatically started and the
965 : * function will be completely wrapped in it's own sysdb transaction */
966 : int sysdb_cache_password(struct sss_domain_info *domain,
967 : const char *username,
968 : const char *password);
969 :
970 : int sysdb_cache_password_ex(struct sss_domain_info *domain,
971 : const char *username,
972 : const char *password,
973 : enum sss_authtok_type authtok_type,
974 : size_t second_factor_size);
975 :
976 : errno_t check_failed_login_attempts(struct confdb_ctx *cdb,
977 : struct ldb_message *ldb_msg,
978 : uint32_t *failed_login_attempts,
979 : time_t *delayed_until);
980 : int sysdb_cache_auth(struct sss_domain_info *domain,
981 : const char *name,
982 : const char *password,
983 : struct confdb_ctx *cdb,
984 : bool just_check,
985 : time_t *_expire_date,
986 : time_t *_delayed_until);
987 :
988 : int sysdb_store_custom(struct sss_domain_info *domain,
989 : const char *object_name,
990 : const char *subtree_name,
991 : struct sysdb_attrs *attrs);
992 :
993 : int sysdb_search_custom(TALLOC_CTX *mem_ctx,
994 : struct sss_domain_info *domain,
995 : const char *filter,
996 : const char *subtree_name,
997 : const char **attrs,
998 : size_t *msgs_count,
999 : struct ldb_message ***msgs);
1000 :
1001 : int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx,
1002 : struct sss_domain_info *domain,
1003 : const char *object_name,
1004 : const char *subtree_name,
1005 : const char **attrs,
1006 : size_t *_count,
1007 : struct ldb_message ***_msgs);
1008 :
1009 : int sysdb_delete_custom(struct sss_domain_info *domain,
1010 : const char *object_name,
1011 : const char *subtree_name);
1012 :
1013 : int sysdb_asq_search(TALLOC_CTX *mem_ctx,
1014 : struct sss_domain_info *domain,
1015 : struct ldb_dn *base_dn,
1016 : const char *expression,
1017 : const char *asq_attribute,
1018 : const char **attrs,
1019 : size_t *msgs_count,
1020 : struct ldb_message ***msgs);
1021 :
1022 : int sysdb_search_users(TALLOC_CTX *mem_ctx,
1023 : struct sss_domain_info *domain,
1024 : const char *sub_filter,
1025 : const char **attrs,
1026 : size_t *msgs_count,
1027 : struct ldb_message ***msgs);
1028 :
1029 : int sysdb_delete_user(struct sss_domain_info *domain,
1030 : const char *name, uid_t uid);
1031 :
1032 : int sysdb_search_groups(TALLOC_CTX *mem_ctx,
1033 : struct sss_domain_info *domain,
1034 : const char *sub_filter,
1035 : const char **attrs,
1036 : size_t *msgs_count,
1037 : struct ldb_message ***msgs);
1038 :
1039 : int sysdb_delete_group(struct sss_domain_info *domain,
1040 : const char *name, gid_t gid);
1041 :
1042 : int sysdb_search_netgroups(TALLOC_CTX *mem_ctx,
1043 : struct sss_domain_info *domain,
1044 : const char *sub_filter,
1045 : const char **attrs,
1046 : size_t *msgs_count,
1047 : struct ldb_message ***msgs);
1048 :
1049 : int sysdb_delete_netgroup(struct sss_domain_info *domain,
1050 : const char *name);
1051 :
1052 : int sysdb_delete_by_sid(struct sysdb_ctx *sysdb,
1053 : struct sss_domain_info *domain,
1054 : const char *sid_str);
1055 :
1056 : errno_t sysdb_attrs_to_list(TALLOC_CTX *mem_ctx,
1057 : struct sysdb_attrs **attrs,
1058 : int attr_count,
1059 : const char *attr_name,
1060 : char ***_list);
1061 :
1062 : errno_t sysdb_netgr_to_entries(TALLOC_CTX *mem_ctx,
1063 : struct ldb_result *res,
1064 : struct sysdb_netgroup_ctx ***entries);
1065 :
1066 : errno_t sysdb_dn_sanitize(TALLOC_CTX *mem_ctx, const char *input,
1067 : char **sanitized);
1068 :
1069 : errno_t sysdb_get_bool(struct sysdb_ctx *sysdb,
1070 : struct ldb_dn *dn,
1071 : const char *attr_name,
1072 : bool *value);
1073 :
1074 : errno_t sysdb_set_bool(struct sysdb_ctx *sysdb,
1075 : struct ldb_dn *dn,
1076 : const char *cn_value,
1077 : const char *attr_name,
1078 : bool value);
1079 :
1080 : errno_t sysdb_has_enumerated(struct sss_domain_info *domain,
1081 : bool *has_enumerated);
1082 :
1083 : errno_t sysdb_set_enumerated(struct sss_domain_info *domain,
1084 : bool enumerated);
1085 :
1086 : errno_t sysdb_remove_attrs(struct sss_domain_info *domain,
1087 : const char *name,
1088 : enum sysdb_member_type type,
1089 : char **remove_attrs);
1090 :
1091 : errno_t sysdb_get_direct_parents(TALLOC_CTX *mem_ctx,
1092 : struct sss_domain_info *dom,
1093 : enum sysdb_member_type mtype,
1094 : const char *name,
1095 : char ***_direct_parents);
1096 :
1097 : /* === Functions related to ID-mapping === */
1098 :
1099 : #define SYSDB_IDMAP_CONTAINER "cn=id_mappings"
1100 :
1101 : #define SYSDB_IDMAP_SUBTREE "idmap"
1102 : #define SYSDB_IDMAP_MAPPING_OC "id_mapping"
1103 : #define SYSDB_IDMAP_FILTER "(objectClass="SYSDB_IDMAP_MAPPING_OC")"
1104 : #define SYSDB_IDMAP_SID_ATTR "objectSID"
1105 : #define SYSDB_IDMAP_SLICE_ATTR "slice"
1106 :
1107 : #define SYSDB_IDMAP_ATTRS { \
1108 : SYSDB_NAME, \
1109 : SYSDB_IDMAP_SID_ATTR, \
1110 : SYSDB_IDMAP_SLICE_ATTR, \
1111 : NULL }
1112 :
1113 : #define SYSDB_TMPL_IDMAP_BASE SYSDB_IDMAP_CONTAINER",cn=%s,"SYSDB_BASE
1114 : #define SYSDB_TMPL_IDMAP SYSDB_IDMAP_SID_ATTR"=%s,"SYSDB_TMPL_IDMAP_BASE
1115 :
1116 : errno_t sysdb_idmap_store_mapping(struct sss_domain_info *domain,
1117 : const char *dom_name,
1118 : const char *dom_sid,
1119 : id_t slice_num);
1120 :
1121 : errno_t sysdb_idmap_get_mappings(TALLOC_CTX *mem_ctx,
1122 : struct sss_domain_info *domain,
1123 : struct ldb_result **_result);
1124 :
1125 : errno_t sysdb_search_object_by_sid(TALLOC_CTX *mem_ctx,
1126 : struct sss_domain_info *domain,
1127 : const char *sid_str,
1128 : const char **attrs,
1129 : struct ldb_result **res);
1130 :
1131 : errno_t sysdb_search_object_by_uuid(TALLOC_CTX *mem_ctx,
1132 : struct sss_domain_info *domain,
1133 : const char *uuid_str,
1134 : const char **attrs,
1135 : struct ldb_result **res);
1136 :
1137 : errno_t sysdb_search_object_by_cert(TALLOC_CTX *mem_ctx,
1138 : struct sss_domain_info *domain,
1139 : const char *cert,
1140 : const char **attrs,
1141 : struct ldb_result **res);
1142 :
1143 : errno_t sysdb_search_user_by_cert(TALLOC_CTX *mem_ctx,
1144 : struct sss_domain_info *domain,
1145 : const char *cert,
1146 : struct ldb_result **res);
1147 :
1148 :
1149 :
1150 : /* === Functions related to GPOs === */
1151 :
1152 : #define SYSDB_GPO_CONTAINER "cn=gpos,cn=ad,cn=custom"
1153 :
1154 : /* === Functions related to GPO entries === */
1155 :
1156 : #define SYSDB_GPO_OC "gpo"
1157 : #define SYSDB_GPO_FILTER "(objectClass="SYSDB_GPO_OC")"
1158 : #define SYSDB_GPO_GUID_FILTER "(&(objectClass="SYSDB_GPO_OC")("SYSDB_GPO_GUID_ATTR"=%s))"
1159 : #define SYSDB_GPO_GUID_ATTR "gpoGUID"
1160 : #define SYSDB_GPO_VERSION_ATTR "gpoVersion"
1161 : #define SYSDB_GPO_TIMEOUT_ATTR "gpoPolicyFileTimeout"
1162 :
1163 : #define SYSDB_TMPL_GPO_BASE SYSDB_GPO_CONTAINER","SYSDB_DOM_BASE
1164 : #define SYSDB_TMPL_GPO SYSDB_GPO_GUID_ATTR"=%s,"SYSDB_TMPL_GPO_BASE
1165 :
1166 : #define SYSDB_GPO_ATTRS { \
1167 : SYSDB_NAME, \
1168 : SYSDB_GPO_GUID_ATTR, \
1169 : SYSDB_GPO_VERSION_ATTR, \
1170 : SYSDB_GPO_TIMEOUT_ATTR, \
1171 : NULL }
1172 :
1173 : errno_t sysdb_gpo_store_gpo(struct sss_domain_info *domain,
1174 : const char *gpo_guid,
1175 : int gpo_version,
1176 : int cache_timeout,
1177 : time_t now);
1178 :
1179 : errno_t sysdb_gpo_get_gpo_by_guid(TALLOC_CTX *mem_ctx,
1180 : struct sss_domain_info *domain,
1181 : const char *gpo_guid,
1182 : struct ldb_result **_result);
1183 :
1184 : errno_t sysdb_gpo_get_gpos(TALLOC_CTX *mem_ctx,
1185 : struct sss_domain_info *domain,
1186 : struct ldb_result **_result);
1187 :
1188 : /* === Functions related to GPO Result object === */
1189 :
1190 : #define SYSDB_GPO_RESULT_OC "gpo_result"
1191 : #define SYSDB_GPO_RESULT_FILTER "(objectClass="SYSDB_GPO_RESULT_OC")"
1192 :
1193 : #define SYSDB_TMPL_GPO_RESULT_BASE SYSDB_GPO_CONTAINER","SYSDB_DOM_BASE
1194 : #define SYSDB_TMPL_GPO_RESULT "cn=%s,"SYSDB_TMPL_GPO_RESULT_BASE
1195 :
1196 : errno_t sysdb_gpo_delete_gpo_result_object(TALLOC_CTX *mem_ctx,
1197 : struct sss_domain_info *domain);
1198 :
1199 : errno_t sysdb_gpo_store_gpo_result_setting(struct sss_domain_info *domain,
1200 : const char *policy_setting_key,
1201 : const char *policy_setting_value);
1202 :
1203 : errno_t sysdb_gpo_get_gpo_result_setting(TALLOC_CTX *mem_ctx,
1204 : struct sss_domain_info *domain,
1205 : const char *policy_setting_key,
1206 : const char **policy_setting_value);
1207 :
1208 : errno_t sysdb_get_sids_of_members(TALLOC_CTX *mem_ctx,
1209 : struct sss_domain_info *dom,
1210 : const char *group_name,
1211 : const char ***_sids,
1212 : const char ***_dns,
1213 : size_t *_n);
1214 :
1215 : errno_t sysdb_handle_original_uuid(const char *orig_name,
1216 : struct sysdb_attrs *src_attrs,
1217 : const char *src_name,
1218 : struct sysdb_attrs *dest_attrs,
1219 : const char *dest_name);
1220 : #endif /* __SYS_DB_H__ */
|
