summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--src/db/sysdb.h4
-rw-r--r--src/db/sysdb_ops.c61
-rw-r--r--src/providers/ldap/ldap_id_cleanup.c7
-rw-r--r--src/responder/nss/nsssrv_cmd.c2
4 files changed, 70 insertions, 4 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 7db1a6ea4..a1baa20d9 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -465,6 +465,10 @@ int sysdb_add_user(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *attrs,
int cache_timeout);
+int sysdb_add_fake_user(struct sysdb_ctx *ctx,
+ struct sss_domain_info *domain,
+ const char *name);
+
/* Add group (only basic attrs and w/o checks) */
int sysdb_add_basic_group(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *ctx,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index f8e1fbd52..7ae22f7d1 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -916,6 +916,67 @@ done:
return ret;
}
+int sysdb_add_fake_user(struct sysdb_ctx *ctx,
+ struct sss_domain_info *domain,
+ const char *name)
+{
+ TALLOC_CTX *tmpctx;
+ struct ldb_message *msg;
+ time_t now;
+ int ret;
+
+ tmpctx = talloc_new(NULL);
+ if (!tmpctx) {
+ return ENOMEM;
+ }
+
+ msg = ldb_msg_new(tmpctx);
+ if (!msg) {
+ ERROR_OUT(ret, ENOMEM, done);
+ }
+
+ /* user dn */
+ msg->dn = sysdb_user_dn(ctx, msg, domain->name, name);
+ if (!msg->dn) {
+ ERROR_OUT(ret, ENOMEM, done);
+ }
+
+ ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_OBJECTCLASS, SYSDB_USER_CLASS);
+ if (ret) goto done;
+
+ ret = add_string(msg, LDB_FLAG_MOD_ADD, SYSDB_NAME, name);
+ if (ret) goto done;
+
+ now = time(NULL);
+
+ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CREATE_TIME,
+ (unsigned long) now);
+ if (ret) goto done;
+
+ /* set last login so that the fake entry does not get cleaned up
+ * immediately */
+ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_LAST_LOGIN,
+ (unsigned long) now);
+ if (ret) return ret;
+
+ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_LAST_UPDATE,
+ (unsigned long) now);
+ if (ret) goto done;
+
+ ret = add_ulong(msg, LDB_FLAG_MOD_ADD, SYSDB_CACHE_EXPIRE,
+ (unsigned long) now-1);
+ if (ret) goto done;
+
+ ret = ldb_add(ctx->ldb, msg);
+ ret = sysdb_error_to_errno(ret);
+
+done:
+ if (ret != EOK) {
+ DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
+ }
+ talloc_zfree(tmpctx);
+ return ret;
+}
/* =Add-Basic-Group-NO-CHECKS============================================= */
diff --git a/src/providers/ldap/ldap_id_cleanup.c b/src/providers/ldap/ldap_id_cleanup.c
index 60bc171cb..6357708a1 100644
--- a/src/providers/ldap/ldap_id_cleanup.c
+++ b/src/providers/ldap/ldap_id_cleanup.c
@@ -306,7 +306,8 @@ static int cleanup_users(TALLOC_CTX *memctx, struct sdap_id_ctx *ctx)
ret = cleanup_users_logged_in(uid_table, msgs[i]);
if (ret == EOK) {
/* If the user is logged in, proceed to the next one */
- DEBUG(5, ("User %s is still logged in, keeping data\n", name));
+ DEBUG(5, ("User %s is still logged in or a dummy entry, "
+ "keeping data\n", name));
continue;
} else if (ret != ENOENT) {
goto done;
@@ -337,9 +338,9 @@ static int cleanup_users_logged_in(hash_table_t *table,
uid = ldb_msg_find_attr_as_uint64(msg,
SYSDB_UIDNUM, 0);
if (!uid) {
- DEBUG(2, ("Entry %s has no UID Attribute ?!?\n",
+ DEBUG(2, ("Entry %s has no UID Attribute, fake user perhaps?\n",
ldb_dn_get_linearized(msg->dn)));
- return EFAULT;
+ return ENOENT;
}
key.type = HASH_KEY_ULONG;
diff --git a/src/responder/nss/nsssrv_cmd.c b/src/responder/nss/nsssrv_cmd.c
index c82f891e1..e6437a621 100644
--- a/src/responder/nss/nsssrv_cmd.c
+++ b/src/responder/nss/nsssrv_cmd.c
@@ -209,7 +209,7 @@ static int fill_pwent(struct sss_packet *packet,
gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
if (!name || !uid || !gid) {
- DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n",
+ DEBUG(2, ("Incomplete or fake user object for %s[%llu]! Skipping\n",
name?name:"<NULL>", (unsigned long long int)uid));
continue;
}