diff options
-rw-r--r-- | src/db/sysdb.h | 4 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 61 | ||||
-rw-r--r-- | src/providers/ldap/ldap_id_cleanup.c | 7 | ||||
-rw-r--r-- | src/responder/nss/nsssrv_cmd.c | 2 |
4 files changed, 70 insertions, 4 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 7db1a6ea4..a1baa20d9 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -465,6 +465,10 @@ int sysdb_add_user(TALLOC_CTX *mem_ctx, struct sysdb_attrs *attrs, int cache_timeout); +int sysdb_add_fake_user(struct sysdb_ctx *ctx, + struct sss_domain_info *domain, + const char *name); + /* Add group (only basic attrs and w/o checks) */ int sysdb_add_basic_group(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index f8e1fbd52..7ae22f7d1 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -916,6 +916,67 @@ done: return ret; } +int sysdb_add_fake_user(struct sysdb_ctx *ctx, + struct sss_domain_info *domain, + const char *name) +{ + TALLOC_CTX *tmpctx; + struct ldb_message *msg; + time_t now; + int ret; + + tmpctx = talloc_new(NULL); + if (!tmpctx) { + return ENOMEM; + } + + msg = ldb_msg_new(tmpctx); + if (!msg) { + ERROR_OUT(ret, ENOMEM, done); + } + + /* user dn */ + msg->dn = sysdb_user_dn(ctx, msg, domain->name, name); + if (!msg->dn) { + ERROR_OUT(ret, ENOMEM, done); + } + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS); + if (ret) goto done; + + ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name); + if (ret) goto done; + + now = time(NULL); + + ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME, + (unsigned long) now); + if (ret) goto done; + + /* set last login so that the fake entry does not get cleaned up + * immediately */ + ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_LAST_LOGIN, + (unsigned long) now); + if (ret) return ret; + + ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_LAST_UPDATE, + (unsigned long) now); + if (ret) goto done; + + ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CACHE_EXPIRE, + (unsigned long) now-1); + if (ret) goto done; + + ret = ldb_add(ctx->ldb, msg); + ret = sysdb_error_to_errno(ret); + +done: + if (ret != EOK) { + DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); + } + talloc_zfree(tmpctx); + return ret; +} /* =Add-Basic-Group-NO-CHECKS============================================= */ diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c index 60bc171cb..6357708a1 100644 --- a/src/providers/ldap/ldap_id_cleanup.c +++ b/src/providers/ldap/ldap_id_cleanup.c @@ -306,7 +306,8 @@ static int cleanup_users(TALLOC_CTX *memctx, struct sdap_id_ctx *ctx) ret = cleanup_users_logged_in(uid_table, msgs[i]); if (ret == EOK) { /* If the user is logged in, proceed to the next one */ - DEBUG(5, ("User %s is still logged in, keeping data\n", name)); + DEBUG(5, ("User %s is still logged in or a dummy entry, " + "keeping data\n", name)); continue; } else if (ret != ENOENT) { goto done; @@ -337,9 +338,9 @@ static int cleanup_users_logged_in(hash_table_t *table, uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0); if (!uid) { - DEBUG(2, ("Entry %s has no UID Attribute ?!?\n", + DEBUG(2, ("Entry %s has no UID Attribute, fake user perhaps?\n", ldb_dn_get_linearized(msg->dn))); - return EFAULT; + return ENOENT; } key.type = HASH_KEY_ULONG; diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c index c82f891e1..e6437a621 100644 --- a/src/responder/nss/nsssrv_cmd.c +++ b/src/responder/nss/nsssrv_cmd.c @@ -209,7 +209,7 @@ static int fill_pwent(struct sss_packet *packet, gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (!name || !uid || !gid) { - DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n", + DEBUG(2, ("Incomplete or fake user object for %s[%llu]! Skipping\n", name?name:"<NULL>", (unsigned long long int)uid)); continue; } |