summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--server/examples/config.ldif10
-rw-r--r--server/examples/db.ldif20
-rw-r--r--server/nss/nss_ldb.h74
-rw-r--r--server/nss/nsssrv_cmd.c131
-rw-r--r--server/nss/nsssrv_ldb.c226
-rw-r--r--server/nss/nsssrv_ldb.h52
-rw-r--r--server/providers/dp_backend_store.c55
7 files changed, 273 insertions, 295 deletions
diff --git a/server/examples/config.ldif b/server/examples/config.ldif
index 2ca830c4c..a0deb3894 100644
--- a/server/examples/config.ldif
+++ b/server/examples/config.ldif
@@ -36,7 +36,7 @@ dn: cn=LOCAL,cn=domains,cn=config
cn: LOCAL
description: Reserved domain for local configurations
provider: local
-basedn: cn=local
+basedn: cn=local,dc=sssd
dn: cn=EXAMPLE.COM,cn=domains,cn=config
cn: EXAMPLE.COM
@@ -44,14 +44,14 @@ description: Example domain served by IPA
provider: ipa
server: ipaserver1.example.com
server: ipabackupserver.example.com
-basedn: cn=EXAMPLE.COM,cn=ipa,cn=remote
+basedn: cn=EXAMPLE.COM,dc=sssd
dn: cn=TEST,cn=domains,cn=config
cn: TEST
description: TEST Ldap domain
-provider: TEST
-basedn: cn=test,cn=remote
-command: ./sbin/sssd_be -d 2 --provider ldap --domain TEST
+provider: proxy
+basedn: cn=TEST,dc=sssd
+command: ./sbin/sssd_be -d 2 --provider proxy --domain TEST
libName: ldap
libPath: /usr/lib64/libnss_ldap.so.2
diff --git a/server/examples/db.ldif b/server/examples/db.ldif
index bdb127534..4a9bf5e03 100644
--- a/server/examples/db.ldif
+++ b/server/examples/db.ldif
@@ -1,33 +1,37 @@
dn: @MODULES
@LIST: asq
-dn: cn=local
+dn: dc=sssd
+dc: sssd
+description: base object
+
+dn: cn=local,dc=sssd
cn: local
description: Local system data
-dn: cn=groups,cn=local
+dn: cn=groups,cn=local,dc=sssd
cn: groups
description: Local POSIX groups
-dn: cn=foousers,cn=groups,cn=local
+dn: cn=foousers,cn=groups,cn=local,dc=sssd
cn: foousers
description: Local user accounts
-member: uid=foobar,cn=users,cn=local
+member: uid=foobar,cn=users,cn=local,dc=sssd
objectclass: group
gidNumber: 10101
-dn: cn=users,cn=local
+dn: cn=users,cn=local,dc=sssd
cn: users
description: Local POSIX users
-dn: uid=foobar,cn=users,cn=local
+dn: uid=foobar,cn=users,cn=local,dc=sssd
uid: foobar
objectClass: user
description: User Foo Bar
uidNumber: 10101
gidNumber: 10101
legacy: false
-primaryGroup: cn=foousers,cn=groups,cn=local
+primaryGroup: cn=foousers,cn=groups,cn=local,dc=sssd
userPassword: !@#$%#@#@!FOOBAR
homeDirectory: /home/foobar
fullName: Foo Bar
@@ -42,5 +46,5 @@ passwordHint: Favorite pasta sauce
passwordHistory: foo,bar,baz
preferredLanguage: IT
preferredSession: GNOME
-memberOf: cn=foousers,cn=groups,cn=local
+memberOf: cn=foousers,cn=groups,cn=local,dc=sssd
diff --git a/server/nss/nss_ldb.h b/server/nss/nss_ldb.h
index eee4344f3..8f5b11245 100644
--- a/server/nss/nss_ldb.h
+++ b/server/nss/nss_ldb.h
@@ -4,40 +4,42 @@
#define NSS_DEF_LDB_FILE "sssd.ldb"
-#define NSS_DEF_USER_BASE "cn=users,cn=local"
-#define NSS_DEF_GROUP_BASE "cn=groups,cn=local"
-
-#define NSS_DEF_PWNAM_FILTER "(&(objectclass=user)(uid=%s))"
-#define NSS_DEF_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))"
-#define NSS_DEF_PWENT_FILTER "(objectclass=user)"
-
-#define NSS_DEF_GRNAM_FILTER "(&(objectclass=group)(cn=%s))"
-#define NSS_DEF_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))"
-#define NSS_DEF_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))"
-#define NSS_DEF_GRENT_FILTER "(objectclass=group)"
-
-#define NSS_DEF_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))"
-
-#define NSS_DEF_PW_NAME "uid"
-#define NSS_DEF_PW_UIDNUM "uidNumber"
-#define NSS_DEF_PW_GIDNUM "gidNumber"
-#define NSS_DEF_PW_FULLNAME "fullName"
-#define NSS_DEF_PW_HOMEDIR "homeDirectory"
-#define NSS_DEF_PW_SHELL "loginShell"
-
-#define NSS_DEF_GR_NAME "cn"
-#define NSS_DEF_GR_GIDNUM "gidNumber"
-#define NSS_DEF_GR_MEMBER "member"
-
-#define NSS_DEF_LAST_UPDATE "lastUpdate"
-
-#define NSS_DEF_PW_ATTRS {NSS_DEF_PW_NAME, NSS_DEF_PW_UIDNUM, \
- NSS_DEF_PW_GIDNUM, NSS_DEF_PW_FULLNAME, \
- NSS_DEF_PW_HOMEDIR, NSS_DEF_PW_SHELL, \
- NSS_DEF_LAST_UPDATE, NULL}
-#define NSS_DEF_GRNAM_ATTRS {NSS_DEF_GR_NAME, NSS_DEF_GR_GIDNUM, NSS_DEF_LAST_UPDATE, NULL}
-#define NSS_DEF_GRPW_ATTRS {NSS_DEF_PW_NAME, NSS_DEF_LAST_UPDATE, NULL}
-
-#define NSS_DEF_INITGR_ATTR "memberof"
-#define NSS_DEF_INITGR_ATTRS {NSS_DEF_GR_GIDNUM, NSS_DEF_LAST_UPDATE, NULL}
+#define NSS_DEF_BASE "dc=sssd"
+#define NSS_TMPL_USER_BASE "cn=users,cn=%s,dc=sssd"
+#define NSS_TMPL_GROUP_BASE "cn=groups,cn=%s,dc=sssd"
+
+#define NSS_PWNAM_FILTER "(&(objectclass=user)(uid=%s))"
+#define NSS_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))"
+#define NSS_PWENT_FILTER "(objectclass=user)"
+
+#define NSS_GRNAM_FILTER "(&(objectclass=group)(cn=%s))"
+#define NSS_GRNA2_FILTER "(&(objectclass=user)(memberof=%s))"
+#define NSS_GRGID_FILTER "(&(objectclass=group)(gidNumber=%llu))"
+#define NSS_GRENT_FILTER "(objectclass=group)"
+
+#define NSS_INITGR_FILTER "(&(objectclass=group)(gidNumber=*))"
+
+#define NSS_PW_NAME "uid"
+#define NSS_PW_PWD "userPassword"
+#define NSS_PW_UIDNUM "uidNumber"
+#define NSS_PW_GIDNUM "gidNumber"
+#define NSS_PW_FULLNAME "fullName"
+#define NSS_PW_HOMEDIR "homeDirectory"
+#define NSS_PW_SHELL "loginShell"
+
+#define NSS_GR_NAME "cn"
+#define NSS_GR_GIDNUM "gidNumber"
+#define NSS_GR_MEMBER "member"
+
+#define NSS_LAST_UPDATE "lastUpdate"
+
+#define NSS_PW_ATTRS {NSS_PW_NAME, NSS_PW_UIDNUM, \
+ NSS_PW_GIDNUM, NSS_PW_FULLNAME, \
+ NSS_PW_HOMEDIR, NSS_PW_SHELL, \
+ NSS_LAST_UPDATE, NULL}
+#define NSS_GRNAM_ATTRS {NSS_GR_NAME, NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL}
+#define NSS_GRPW_ATTRS {NSS_PW_NAME, NSS_LAST_UPDATE, NULL}
+
+#define NSS_INITGR_ATTR "memberof"
+#define NSS_INITGR_ATTRS {NSS_GR_GIDNUM, NSS_LAST_UPDATE, NULL}
diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c
index 4d856e065..4bacee058 100644
--- a/server/nss/nsssrv_cmd.c
+++ b/server/nss/nsssrv_cmd.c
@@ -28,6 +28,7 @@
struct nss_cmd_ctx {
struct cli_ctx *cctx;
+ const char *domain;
const char *name;
uid_t id;
bool check_expiration;
@@ -112,7 +113,6 @@ static int nss_cmd_get_version(struct cli_ctx *cctx)
***************************************************************************/
static int fill_pwent(struct nss_packet *packet,
- struct nss_ldb_ctx *lctx,
struct ldb_message **msgs,
int count)
{
@@ -136,12 +136,12 @@ static int fill_pwent(struct nss_packet *packet,
for (i = 0; i < count; i++) {
msg = msgs[i];
- name = ldb_msg_find_attr_as_string(msg, lctx->pw_name, NULL);
- fullname = ldb_msg_find_attr_as_string(msg, lctx->pw_fullname, NULL);
- homedir = ldb_msg_find_attr_as_string(msg, lctx->pw_homedir, NULL);
- shell = ldb_msg_find_attr_as_string(msg, lctx->pw_shell, NULL);
- uid = ldb_msg_find_attr_as_uint64(msg, lctx->pw_uidnum, 0);
- gid = ldb_msg_find_attr_as_uint64(msg, lctx->pw_gidnum, 0);
+ name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL);
+ fullname = ldb_msg_find_attr_as_string(msg, NSS_PW_FULLNAME, NULL);
+ homedir = ldb_msg_find_attr_as_string(msg, NSS_PW_HOMEDIR, NULL);
+ shell = ldb_msg_find_attr_as_string(msg, NSS_PW_SHELL, NULL);
+ uid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_UIDNUM, 0);
+ gid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_GIDNUM, 0);
if (!name || !fullname || !homedir || !shell || !uid || !gid) {
DEBUG(1, ("Incomplete user object for %s[%llu]! Skipping\n",
@@ -261,7 +261,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status,
if (nctx->check_expiration) {
timeout = nctx->cctx->nctx->cache_timeout;
- lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], "lastUpdate", 0);
+ lastUpdate = ldb_msg_find_attr_as_uint64(res->msgs[0], NSS_LAST_UPDATE, 0);
if (lastUpdate + timeout < time(NULL)) {
/* dont loop forever :-) */
@@ -292,7 +292,7 @@ static void nss_cmd_getpw_callback(void *ptr, int status,
NSS_CMD_FATAL_ERROR(cctx);
}
- ret = fill_pwent(cctx->creq->out, cctx->nctx->lctx, res->msgs, res->count);
+ ret = fill_pwent(cctx->creq->out, res->msgs, res->count);
nss_packet_set_error(cctx->creq->out, ret);
done:
@@ -314,7 +314,8 @@ static void nss_cmd_getpwnam_callback(uint16_t err_maj, uint32_t err_min,
}
ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->name, nss_cmd_getpw_callback, nctx);
+ nctx->domain, nctx->name,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -348,13 +349,15 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx)
return EINVAL;
}
- DEBUG(4, ("Requesting info for [%s]\n", nctx->name));
-
/* FIXME: Just ask all backends for now, until Steve provides for name
* parsing code */
+ nctx->domain = NULL;
+
+ DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain));
ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->name, nss_cmd_getpw_callback, nctx);
+ nctx->domain, nctx->name,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -382,7 +385,8 @@ static void nss_cmd_getpwuid_callback(uint16_t err_maj, uint32_t err_min,
}
ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->id, nss_cmd_getpw_callback, nctx);
+ nctx->domain, nctx->id,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -416,12 +420,14 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx)
nctx->id = (uid_t)*((uint64_t *)body);
- DEBUG(4, ("Requesting info for [%lu]\n", nctx->id));
-
/* FIXME: Just ask all backends for now, until we check for ranges */
+ nctx->domain = NULL;
+
+ DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain));
ret = nss_ldb_getpwuid(nctx, cctx->ev, cctx->nctx->lctx,
- nctx->id, nss_cmd_getpw_callback, nctx);
+ nctx->domain, nctx->id,
+ nss_cmd_getpw_callback, nctx);
if (ret != EOK) {
DEBUG(1, ("Failed to make request to our cache!\n"));
@@ -514,7 +520,7 @@ static int nss_cmd_retpwent(struct cli_ctx *cctx, int num)
n = gctx->pwds->count - gctx->pwd_cur;
if (n > num) n = num;
- ret = fill_pwent(cctx->creq->out, cctx->nctx->lctx,
+ ret = fill_pwent(cctx->creq->out,
&(gctx->pwds->msgs[gctx->pwd_cur]), n);
gctx->pwd_cur += n;
@@ -654,7 +660,6 @@ done:
***************************************************************************/
static int fill_grent(struct nss_packet *packet,
- struct nss_ldb_ctx *lctx,
struct ldb_message **msgs,
int count)
{
@@ -677,8 +682,8 @@ static int fill_grent(struct nss_packet *packet,
if (get_group) {
/* find group name/gid */
- name = ldb_msg_find_attr_as_string(msg, lctx->gr_name, NULL);
- gid = ldb_msg_find_attr_as_uint64(msg, lctx->gr_gidnum, 0);
+ name = ldb_msg_find_attr_as_string(msg, NSS_GR_NAME, NULL);
+ gid = ldb_msg_find_attr_as_uint64(msg, NSS_GR_GIDNUM, 0);
if (!name || !gid) {
DEBUG(1, ("Incomplete group object for %s[%llu]! Aborting\n",
name?name:"<NULL>", (unsigned long long int)gid));
@@ -706,7 +711,7 @@ static int fill_grent(struct nss_packet *packet,
continue;
}
- name = ldb_msg_find_attr_as_string(msg, lctx->pw_name, NULL);
+ name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL);
if (!name) {
/* last member of previous group found, or error.
@@ -784,7 +789,7 @@ static void nss_cmd_getgr_callback(void *ptr, int status,
goto done;
}
- ret = fill_grent(cctx->creq->out, cctx->nctx->lctx, res->msgs, res->count);
+ ret = fill_grent(cctx->creq->out, res->msgs, res->count);
nss_packet_set_error(cctx->creq->out, ret);
done:
@@ -797,25 +802,30 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx)
uint8_t *body;
size_t blen;
int ret;
- const char *name;
+
+ nctx = talloc_zero(cctx, struct nss_cmd_ctx);
+ if (!nctx) {
+ return ENOMEM;
+ }
+ nctx->cctx = cctx;
+ nctx->check_expiration = true;
/* get group name to query */
nss_packet_get_body(cctx->creq->in, &body, &blen);
- name = (const char *)body;
+ nctx->name = (const char *)body;
/* if not terminated fail */
- if (name[blen -1] != '\0') {
+ if (nctx->name[blen -1] != '\0') {
return EINVAL;
}
- DEBUG(4, ("Requesting info for [%s]\n", name));
+ /* FIXME: Just ask all backends for now, until Steve provides for name
+ * parsing code */
+ nctx->domain = NULL;
- nctx = talloc(cctx, struct nss_cmd_ctx);
- if (!nctx) {
- return ENOMEM;
- }
- nctx->cctx = cctx;
+ DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain));
- ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx, name,
+ ret = nss_ldb_getgrnam(nctx, cctx->ev, cctx->nctx->lctx,
+ nctx->domain, nctx->name,
nss_cmd_getgr_callback, nctx);
return ret;
@@ -827,26 +837,28 @@ static int nss_cmd_getgrgid(struct cli_ctx *cctx)
uint8_t *body;
size_t blen;
int ret;
- uint64_t gid;
+
+ nctx = talloc_zero(cctx, struct nss_cmd_ctx);
+ if (!nctx) {
+ return ENOMEM;
+ }
+ nctx->cctx = cctx;
+ nctx->check_expiration = true;
/* get gid to query */
nss_packet_get_body(cctx->creq->in, &body, &blen);
-
if (blen != sizeof(uint64_t)) {
return EINVAL;
}
+ nctx->id = (uid_t)*((uint64_t *)body);
- gid = *((uint64_t *)body);
-
- DEBUG(4, ("Requesting info for [%lu]\n", gid));
+ /* FIXME: Just ask all backends for now, until we check for ranges */
+ nctx->domain = NULL;
- nctx = talloc(cctx, struct nss_cmd_ctx);
- if (!nctx) {
- return ENOMEM;
- }
- nctx->cctx = cctx;
+ DEBUG(4, ("Requesting info for [%lu]@[%s]\n", nctx->id, nctx->domain));
- ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx, gid,
+ ret = nss_ldb_getgrgid(nctx, cctx->ev, cctx->nctx->lctx,
+ nctx->domain, nctx->id,
nss_cmd_getgr_callback, nctx);
return ret;
@@ -932,7 +944,7 @@ static int nss_cmd_retgrent(struct cli_ctx *cctx, int num)
n = gctx->grps->count - gctx->grp_cur;
if (n > num) n = num;
- ret = fill_grent(cctx->creq->out, cctx->nctx->lctx,
+ ret = fill_grent(cctx->creq->out,
&(gctx->grps->msgs[gctx->grp_cur]), n);
gctx->grp_cur += n;
@@ -1075,7 +1087,6 @@ static void nss_cmd_initgr_callback(void *ptr, int status,
{
struct nss_cmd_ctx *nctx = talloc_get_type(ptr, struct nss_cmd_ctx);
struct cli_ctx *cctx = nctx->cctx;
- struct nss_ldb_ctx *lctx = cctx->nctx->lctx;
uint8_t *body;
size_t blen;
uint64_t gid;
@@ -1106,7 +1117,7 @@ static void nss_cmd_initgr_callback(void *ptr, int status,
nss_packet_get_body(cctx->creq->out, &body, &blen);
for (i = 0; i < num; i++) {
- gid = ldb_msg_find_attr_as_uint64(res->msgs[i], lctx->gr_gidnum, 0);
+ gid = ldb_msg_find_attr_as_uint64(res->msgs[i], NSS_GR_GIDNUM, 0);
if (!gid) {
DEBUG(1, ("Incomplete group object for initgroups! Aborting\n"));
nss_packet_set_error(cctx->creq->out, EIO);
@@ -1129,25 +1140,31 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx)
uint8_t *body;
size_t blen;
int ret;
- const char *name;
+
+ nctx = talloc_zero(cctx, struct nss_cmd_ctx);
+ if (!nctx) {
+ return ENOMEM;
+ }
+ nctx->cctx = cctx;
+ nctx->check_expiration = true;
/* get user name to query */
nss_packet_get_body(cctx->creq->in, &body, &blen);
- name = (const char *)body;
+ nctx->name = (const char *)body;
/* if not terminated fail */
- if (name[blen -1] != '\0') {
+ if (nctx->name[blen -1] != '\0') {
return EINVAL;
}
- DEBUG(4, ("Requesting groups for [%s]\n", name));
+ /* FIXME: Just ask all backends for now, until Steve provides for name
+ * parsing code */
+ nctx->domain = NULL;
+
+ DEBUG(4, ("Requesting info for [%s]@[%s]\n", nctx->name, nctx->domain));
- nctx = talloc(cctx, struct nss_cmd_ctx);
- if (!nctx) {
- return ENOMEM;
- }
- nctx->cctx = cctx;
- ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx, name,
+ ret = nss_ldb_initgroups(nctx, cctx->ev, cctx->nctx->lctx,
+ nctx->domain, nctx->name,
nss_cmd_initgr_callback, nctx);
return ret;
diff --git a/server/nss/nsssrv_ldb.c b/server/nss/nsssrv_ldb.c
index 98fcb76c3..d9c404637 100644
--- a/server/nss/nsssrv_ldb.c
+++ b/server/nss/nsssrv_ldb.c
@@ -24,11 +24,11 @@
#include "util/util.h"
#include "nss/nsssrv.h"
#include "nss/nsssrv_ldb.h"
-#include "nss/nss_ldb.h"
#include "confdb/confdb.h"
struct nss_ldb_search_ctx {
struct nss_ldb_ctx *nlctx;
+ const char *base_dn;
nss_ldb_callback_t callback;
void *ptr;
struct ldb_result *res;
@@ -115,6 +115,7 @@ static int get_gen_callback(struct ldb_request *req,
}
static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx,
+ const char *base_dn,
struct nss_ldb_ctx *ctx,
nss_ldb_callback_t fn,
void *ptr)
@@ -126,6 +127,7 @@ static struct nss_ldb_search_ctx *init_src_ctx(TALLOC_CTX *mem_ctx,
return NULL;
}
sctx->nlctx = ctx;
+ sctx->base_dn = base_dn;
sctx->callback = fn;
sctx->ptr = ptr;
sctx->res = talloc_zero(sctx, struct ldb_result);
@@ -143,13 +145,14 @@ static int pwd_search(struct nss_ldb_search_ctx *sctx,
struct nss_ldb_ctx *ctx,
const char *expression)
{
+ static const char *attrs[] = NSS_PW_ATTRS;
struct ldb_request *req;
int ret;
ret = ldb_build_search_req(&req, ctx->ldb, sctx,
- ldb_dn_new(sctx, ctx->ldb, ctx->user_base),
+ ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
LDB_SCOPE_SUBTREE,
- expression, ctx->pw_attrs, NULL,
+ expression, attrs, NULL,
sctx, get_gen_callback,
NULL);
if (ret != LDB_SUCCESS) {
@@ -167,18 +170,29 @@ static int pwd_search(struct nss_ldb_search_ctx *sctx,
int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
const char *name,
nss_ldb_callback_t fn, void *ptr)
{
struct nss_ldb_search_ctx *sctx;
+ const char *base_dn;
char *expression;
- sctx = init_src_ctx(mem_ctx, ctx, fn, ptr);
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain);
+ } else {
+ base_dn = NSS_DEF_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
if (!sctx) {
return ENOMEM;
}
- expression = talloc_asprintf(sctx, ctx->pwnam_filter, name);
+ expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name);
if (!expression) {
talloc_free(sctx);
return ENOMEM;
@@ -190,19 +204,30 @@ int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx,
int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
uint64_t uid,
nss_ldb_callback_t fn, void *ptr)
{
struct nss_ldb_search_ctx *sctx;
unsigned long long int filter_uid = uid;
+ const char *base_dn;
char *expression;
- sctx = init_src_ctx(mem_ctx, ctx, fn, ptr);
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain);
+ } else {
+ base_dn = NSS_DEF_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
if (!sctx) {
return ENOMEM;
}
- expression = talloc_asprintf(sctx, ctx->pwuid_filter, filter_uid);
+ expression = talloc_asprintf(sctx, NSS_PWUID_FILTER, filter_uid);
if (!expression) {
talloc_free(sctx);
return ENOMEM;
@@ -218,12 +243,12 @@ int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx,
{
struct nss_ldb_search_ctx *sctx;
- sctx = init_src_ctx(mem_ctx, ctx, fn, ptr);
+ sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr);
if (!sctx) {
return ENOMEM;
}
- return pwd_search(sctx, ctx, ctx->pwent_filter);
+ return pwd_search(sctx, ctx, NSS_PWENT_FILTER);
}
/* groups */
@@ -243,6 +268,7 @@ static void get_members(void *ptr, int status, struct ldb_result *res)
struct ldb_request *req;
struct ldb_message *msg;
struct ldb_result *ret_res;
+ static const char *attrs[] = NSS_GRPW_ATTRS;
const char *expression;
int ret, i;
@@ -272,7 +298,7 @@ static void get_members(void *ptr, int status, struct ldb_result *res)
return request_done(gmctx->ret_sctx);
}
- mem_sctx = init_src_ctx(gmctx, ctx, get_members, sctx);
+ mem_sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, sctx);
if (!mem_sctx) {
return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
}
@@ -294,16 +320,16 @@ static void get_members(void *ptr, int status, struct ldb_result *res)
ret_res->count++;
/* search for this group members */
- expression = talloc_asprintf(mem_sctx, ctx->grna2_filter,
+ expression = talloc_asprintf(mem_sctx, NSS_GRNA2_FILTER,
ldb_dn_get_linearized(msg->dn));
if (!expression) {
return request_error(gmctx->ret_sctx, LDB_ERR_OPERATIONS_ERROR);
}
ret = ldb_build_search_req(&req, ctx->ldb, mem_sctx,
- ldb_dn_new(mem_sctx, ctx->ldb, ctx->user_base),
+ ldb_dn_new(mem_sctx, ctx->ldb, sctx->base_dn),
LDB_SCOPE_SUBTREE,
- expression, ctx->grpw_attrs, NULL,
+ expression, attrs, NULL,
mem_sctx, get_gen_callback,
NULL);
if (ret != LDB_SUCCESS) {
@@ -394,7 +420,7 @@ static int get_grp_callback(struct ldb_request *req,
/* re-use sctx to create a fake handler for the first call to
* get_members() */
- sctx = init_src_ctx(gmctx, ctx, get_members, gmctx);
+ sctx = init_src_ctx(gmctx, NSS_DEF_BASE, ctx, get_members, gmctx);
get_members(sctx, LDB_SUCCESS, NULL);
return LDB_SUCCESS;
@@ -413,13 +439,14 @@ static int grp_search(struct nss_ldb_search_ctx *sctx,
struct nss_ldb_ctx *ctx,
const char *expression)
{
+ static const char *attrs[] = NSS_GRNAM_ATTRS;
struct ldb_request *req;
int ret;
ret = ldb_build_search_req(&req, ctx->ldb, sctx,
- ldb_dn_new(sctx, ctx->ldb, ctx->group_base),
+ ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
LDB_SCOPE_SUBTREE,
- expression, ctx->grnam_attrs, NULL,
+ expression, attrs, NULL,
sctx, get_grp_callback,
NULL);
if (ret != LDB_SUCCESS) {
@@ -437,18 +464,29 @@ static int grp_search(struct nss_ldb_search_ctx *sctx,
int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
const char *name,
nss_ldb_callback_t fn, void *ptr)
{
struct nss_ldb_search_ctx *sctx;
+ const char *base_dn;
char *expression;
- sctx = init_src_ctx(mem_ctx, ctx, fn, ptr);
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain);
+ } else {
+ base_dn = NSS_DEF_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
if (!sctx) {
return ENOMEM;
}
- expression = talloc_asprintf(sctx, ctx->grnam_filter, name);
+ expression = talloc_asprintf(sctx, NSS_GRNAM_FILTER, name);
if (!expression) {
talloc_free(sctx);
return ENOMEM;
@@ -460,19 +498,30 @@ int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx,
int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
uint64_t gid,
nss_ldb_callback_t fn, void *ptr)
{
struct nss_ldb_search_ctx *sctx;
unsigned long long int filter_gid = gid;
+ const char *base_dn;
char *expression;
- sctx = init_src_ctx(mem_ctx, ctx, fn, ptr);
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_GROUP_BASE, domain);
+ } else {
+ base_dn = NSS_DEF_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ sctx = init_src_ctx(mem_ctx, base_dn, ctx, fn, ptr);
if (!sctx) {
return ENOMEM;
}
- expression = talloc_asprintf(sctx, ctx->grgid_filter, filter_gid);
+ expression = talloc_asprintf(sctx, NSS_GRGID_FILTER, filter_gid);
if (!expression) {
talloc_free(sctx);
return ENOMEM;
@@ -488,12 +537,12 @@ int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx,
{
struct nss_ldb_search_ctx *sctx;
- sctx = init_src_ctx(mem_ctx, ctx, fn, ptr);
+ sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr);
if (!sctx) {
return ENOMEM;
}
- return grp_search(sctx, ctx, ctx->grent_filter);
+ return grp_search(sctx, ctx, NSS_GRENT_FILTER);
}
static void nss_ldb_initgr_search(void *ptr, int status,
@@ -505,6 +554,7 @@ static void nss_ldb_initgr_search(void *ptr, int status,
struct ldb_request *req;
struct ldb_control **ctrl;
struct ldb_asq_control *control;
+ static const char *attrs[] = NSS_INITGR_ATTRS;
int ret;
sctx = talloc_get_type(ptr, struct nss_ldb_search_ctx);
@@ -517,7 +567,7 @@ static void nss_ldb_initgr_search(void *ptr, int status,
return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
}
- expression = talloc_asprintf(sctx, ctx->initgr_filter);
+ expression = talloc_asprintf(sctx, NSS_INITGR_FILTER);
if (!expression) {
return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
}
@@ -538,7 +588,7 @@ static void nss_ldb_initgr_search(void *ptr, int status,
return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
}
control->request = 1;
- control->source_attribute = talloc_strdup(control, ctx->initgr_attr);
+ control->source_attribute = talloc_strdup(control, NSS_INITGR_ATTR);
if (!control->source_attribute) {
return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
}
@@ -548,7 +598,7 @@ static void nss_ldb_initgr_search(void *ptr, int status,
ret = ldb_build_search_req(&req, ctx->ldb, sctx,
res->msgs[0]->dn,
LDB_SCOPE_BASE,
- expression, ctx->initgr_attrs, ctrl,
+ expression, attrs, ctrl,
sctx, get_gen_callback,
NULL);
if (ret != LDB_SUCCESS) {
@@ -564,35 +614,47 @@ static void nss_ldb_initgr_search(void *ptr, int status,
int nss_ldb_initgroups(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
const char *name,
nss_ldb_callback_t fn, void *ptr)
{
+ static const char *attrs[] = NSS_PW_ATTRS;
struct nss_ldb_search_ctx *ret_sctx;
struct nss_ldb_search_ctx *sctx;
+ const char *base_dn;
char *expression;
struct ldb_request *req;
int ret;
- ret_sctx = init_src_ctx(mem_ctx, ctx, fn, ptr);
+ if (domain) {
+ base_dn = talloc_asprintf(mem_ctx, NSS_TMPL_USER_BASE, domain);
+ } else {
+ base_dn = NSS_DEF_BASE;
+ }
+ if (!base_dn) {
+ return ENOMEM;
+ }
+
+ ret_sctx = init_src_ctx(mem_ctx, NSS_DEF_BASE, ctx, fn, ptr);
if (!ret_sctx) {
return ENOMEM;
}
- sctx = init_src_ctx(ret_sctx, ctx, nss_ldb_initgr_search, ret_sctx);
+ sctx = init_src_ctx(ret_sctx, base_dn, ctx, nss_ldb_initgr_search, ret_sctx);
if (!sctx) {
talloc_free(sctx);
return ENOMEM;
}
- expression = talloc_asprintf(sctx, ctx->pwnam_filter, name);
+ expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name);
if (!expression) {
talloc_free(sctx);
return ENOMEM;
}
ret = ldb_build_search_req(&req, ctx->ldb, sctx,
- ldb_dn_new(sctx, ctx->ldb, ctx->user_base),
+ ldb_dn_new(sctx, ctx->ldb, sctx->base_dn),
LDB_SCOPE_SUBTREE,
- expression, ctx->pw_attrs, NULL,
+ expression, attrs, NULL,
sctx, get_gen_callback,
NULL);
if (ret != LDB_SUCCESS) {
@@ -633,49 +695,6 @@ static int nss_ldb_read_var(TALLOC_CTX *tmp_ctx,
return EOK;
}
-static int nss_ldb_read_array(TALLOC_CTX *tmp_ctx,
- struct confdb_ctx *cdb,
- struct nss_ldb_ctx *ctx,
- const char *name,
- const char **def_value,
- const char ***target)
-{
- char **values;
- const char **t;
- int i, ret;
-
- ret = confdb_get_param(cdb, tmp_ctx,
- NSS_LDB_CONF_SECTION,
- name, &values);
- if (ret != EOK)
- return ret;
-
- for (i = 0; values[i]; i++) /* count */ ;
- if (i == 0) {
- for (i = 0; def_value[i]; i++) /*count */ ;
- }
- if (i == 0)
- return EINVAL;
-
- t = talloc_array(ctx, const char *, i+1);
- if (!*target)
- return ENOMEM;
-
- if (values[0]) {
- for (i = 0; values[i]; i++) {
- t[i] = talloc_steal(ctx, values[i]);
- }
- } else {
- for (i = 0; def_value[i]; i++) {
- t[i] = talloc_strdup(ctx, def_value[i]);
- }
- }
- t[i] = NULL;
-
- *target = t;
- return EOK;
-}
-
static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx,
struct confdb_ctx *cdb,
struct nss_ldb_ctx **nlctx)
@@ -705,67 +724,6 @@ static int nss_ldb_read_conf(TALLOC_CTX *mem_ctx,
default_ldb_path, &ctx->ldb_file);
DEBUG(3, ("NSS LDB Cache Path: %s\n", ctx->ldb_file));
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "userBase",
- NSS_DEF_USER_BASE, &ctx->user_base);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "groupBase",
- NSS_DEF_GROUP_BASE, &ctx->group_base);
-
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwnamFilter",
- NSS_DEF_PWNAM_FILTER, &ctx->pwnam_filter);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwuidFilter",
- NSS_DEF_PWUID_FILTER, &ctx->pwuid_filter);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwentFilter",
- NSS_DEF_PWENT_FILTER, &ctx->pwent_filter);
-
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "grnamFilter",
- NSS_DEF_GRNAM_FILTER, &ctx->grnam_filter);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "grna2Filter",
- NSS_DEF_GRNA2_FILTER, &ctx->grna2_filter);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "grgidFilter",
- NSS_DEF_GRGID_FILTER, &ctx->grgid_filter);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "grentFilter",
- NSS_DEF_GRENT_FILTER, &ctx->grent_filter);
-
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "initgrFilter",
- NSS_DEF_INITGR_FILTER, &ctx->initgr_filter);
-
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwName",
- NSS_DEF_PW_NAME, &ctx->pw_name);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwUidnum",
- NSS_DEF_PW_UIDNUM, &ctx->pw_uidnum);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwGidnum",
- NSS_DEF_PW_GIDNUM, &ctx->pw_gidnum);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwFullname",
- NSS_DEF_PW_FULLNAME, &ctx->pw_fullname);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwHomedir",
- NSS_DEF_PW_HOMEDIR, &ctx->pw_homedir);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "pwShell",
- NSS_DEF_PW_SHELL, &ctx->pw_shell);
-
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "grName",
- NSS_DEF_GR_NAME, &ctx->gr_name);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "grGidnum",
- NSS_DEF_GR_GIDNUM, &ctx->gr_gidnum);
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "grMember",
- NSS_DEF_GR_MEMBER, &ctx->gr_member);
-
- nss_ldb_read_var(tmp_ctx, cdb, ctx, "initgrAttr",
- NSS_DEF_INITGR_ATTR,
- &ctx->initgr_attr);
-
- const char *pwattrs[] = NSS_DEF_PW_ATTRS;
- nss_ldb_read_array(tmp_ctx, cdb, ctx, "pwAttrs",
- pwattrs, &ctx->pw_attrs);
- const char *grnamattrs[] = NSS_DEF_GRNAM_ATTRS;
- nss_ldb_read_array(tmp_ctx, cdb, ctx, "grnamAttrs",
- grnamattrs, &ctx->grnam_attrs);
- const char *grpwattrs[] = NSS_DEF_GRPW_ATTRS;
- nss_ldb_read_array(tmp_ctx, cdb, ctx, "grpwAttrs",
- grpwattrs, &ctx->grpw_attrs);
- const char *initgrattrs[] = NSS_DEF_INITGR_ATTRS;
- nss_ldb_read_array(tmp_ctx, cdb, ctx, "initgrAttrs",
- initgrattrs, &ctx->initgr_attrs);
-
*nlctx = ctx;
ret = EOK;
diff --git a/server/nss/nsssrv_ldb.h b/server/nss/nsssrv_ldb.h
index 016f5a54c..66c9687d2 100644
--- a/server/nss/nsssrv_ldb.h
+++ b/server/nss/nsssrv_ldb.h
@@ -1,39 +1,30 @@
+/*
+ SSSD
-struct nss_ldb_ctx {
- struct ldb_context *ldb;
- const char *ldb_file;
-
- const char *user_base;
- const char *group_base;
+ NSS LDB Header
- const char *pwnam_filter;
- const char *pwuid_filter;
- const char *pwent_filter;
+ Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
- const char *grnam_filter;
- const char *grna2_filter;
- const char *grgid_filter;
- const char *grent_filter;
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
- const char *initgr_filter;
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
- const char *pw_name;
- const char *pw_uidnum;
- const char *pw_gidnum;
- const char *pw_fullname;
- const char *pw_homedir;
- const char *pw_shell;
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
- const char *gr_name;
- const char *gr_gidnum;
- const char *gr_member;
- const char *initgr_attr;
+#include "nss/nss_ldb.h"
- const char **pw_attrs;
- const char **grnam_attrs;
- const char **grpw_attrs;
- const char **initgr_attrs;
+struct nss_ldb_ctx {
+ struct ldb_context *ldb;
+ const char *ldb_file;
};
struct confdb_ctx;
@@ -48,12 +39,14 @@ int nss_ldb_init(TALLOC_CTX *mem_ctx,
int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
const char *name,
nss_ldb_callback_t fn, void *ptr);
int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
uint64_t uid,
nss_ldb_callback_t fn, void *ptr);
@@ -65,12 +58,14 @@ int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx,
int nss_ldb_getgrnam(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
const char *name,
nss_ldb_callback_t fn, void *ptr);
int nss_ldb_getgrgid(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
uint64_t gid,
nss_ldb_callback_t fn, void *ptr);
@@ -82,6 +77,7 @@ int nss_ldb_enumgrent(TALLOC_CTX *mem_ctx,
int nss_ldb_initgroups(TALLOC_CTX *mem_ctx,
struct event_context *ev,
struct nss_ldb_ctx *ctx,
+ const char *domain,
const char *name,
nss_ldb_callback_t fn, void *ptr);
diff --git a/server/providers/dp_backend_store.c b/server/providers/dp_backend_store.c
index f9c55e0be..0d7153c15 100644
--- a/server/providers/dp_backend_store.c
+++ b/server/providers/dp_backend_store.c
@@ -25,6 +25,7 @@
#include "ldb_errors.h"
#include "util/util.h"
#include "providers/dp_backend.h"
+#include "nss/nss_ldb.h"
#include <time.h>
/* NOTE: these functions ues ldb sync calls, but the cache db is a
@@ -38,7 +39,7 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
char *gecos, char *homedir, char *shell)
{
TALLOC_CTX *tmp_ctx;
- const char *attrs[] = { "uid", NULL };
+ const char *attrs[] = { NSS_PW_NAME, NULL };
struct ldb_dn *account_dn;
struct ldb_message *msg;
struct ldb_request *req;
@@ -52,7 +53,7 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
}
account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
- "uid=%s,cn=users,cn=%s,cn=accounts",
+ "uid=%s,"NSS_TMPL_USER_BASE,
name, ctx->domain);
if (!account_dn) {
talloc_free(tmp_ctx);
@@ -67,7 +68,7 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
}
lret = ldb_search(ctx->ldb, tmp_ctx, &res, account_dn,
- LDB_SCOPE_BASE, attrs, "(objectClass=User)");
+ LDB_SCOPE_BASE, attrs, NSS_PWENT_FILTER);
if (lret != LDB_SUCCESS) {
DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n",
ldb_strerror(lret), lret, ldb_errstring(ctx->ldb)));
@@ -113,9 +114,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
}
/* TODO: retrieve user name attribute from configuration */
- lret = ldb_msg_add_empty(msg, "uid", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_PW_NAME, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, "uid", name);
+ lret = ldb_msg_add_string(msg, NSS_PW_NAME, name);
}
if (lret != LDB_SUCCESS) {
ret = errno;
@@ -127,12 +128,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
/* pwd */
if (pwd && *pwd) {
- lret = ldb_msg_add_empty(msg, "userPassword", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_PW_PWD, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, "userPassword", pwd);
+ lret = ldb_msg_add_string(msg, NSS_PW_PWD, pwd);
}
} else {
- lret = ldb_msg_add_empty(msg, "userPassword",
+ lret = ldb_msg_add_empty(msg, NSS_PW_PWD,
LDB_FLAG_MOD_DELETE, NULL);
}
if (lret != LDB_SUCCESS) {
@@ -142,9 +143,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
/* uid */
if (uid) {
- lret = ldb_msg_add_empty(msg, "uidNumber", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_PW_UIDNUM, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_fmt(msg, "uidNumber",
+ lret = ldb_msg_add_fmt(msg, NSS_PW_UIDNUM,
"%lu", (unsigned long)uid);
}
if (lret != LDB_SUCCESS) {
@@ -159,9 +160,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
/* gid */
if (gid) {
- lret = ldb_msg_add_empty(msg, "gidNumber", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_PW_GIDNUM, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_fmt(msg, "gidNumber",
+ lret = ldb_msg_add_fmt(msg, NSS_PW_GIDNUM,
"%lu", (unsigned long)gid);
}
if (lret != LDB_SUCCESS) {
@@ -176,12 +177,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
/* gecos */
if (gecos && *gecos) {
- lret = ldb_msg_add_empty(msg, "fullName", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, "fullName", gecos);
+ lret = ldb_msg_add_string(msg, NSS_PW_FULLNAME, gecos);
}
} else {
- lret = ldb_msg_add_empty(msg, "fullName",
+ lret = ldb_msg_add_empty(msg, NSS_PW_FULLNAME,
LDB_FLAG_MOD_DELETE, NULL);
}
if (lret != LDB_SUCCESS) {
@@ -191,12 +192,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
/* homedir */
if (homedir && *homedir) {
- lret = ldb_msg_add_empty(msg, "homeDirectory", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, "homeDirectory", homedir);
+ lret = ldb_msg_add_string(msg, NSS_PW_HOMEDIR, homedir);
}
} else {
- lret = ldb_msg_add_empty(msg, "homeDirectory",
+ lret = ldb_msg_add_empty(msg, NSS_PW_HOMEDIR,
LDB_FLAG_MOD_DELETE, NULL);
}
if (lret != LDB_SUCCESS) {
@@ -206,12 +207,12 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
/* shell */
if (shell && *shell) {
- lret = ldb_msg_add_empty(msg, "loginShell", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_PW_SHELL, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_string(msg, "loginShell", shell);
+ lret = ldb_msg_add_string(msg, NSS_PW_SHELL, shell);
}
} else {
- lret = ldb_msg_add_empty(msg, "loginShell",
+ lret = ldb_msg_add_empty(msg, NSS_PW_SHELL,
LDB_FLAG_MOD_DELETE, NULL);
}
if (lret != LDB_SUCCESS) {
@@ -220,9 +221,9 @@ int dp_be_store_account_posix(struct be_ctx *ctx,
}
/* modification time */
- lret = ldb_msg_add_empty(msg, "lastUpdate", flags, NULL);
+ lret = ldb_msg_add_empty(msg, NSS_LAST_UPDATE, flags, NULL);
if (lret == LDB_SUCCESS) {
- lret = ldb_msg_add_fmt(msg, "lastUpdate",
+ lret = ldb_msg_add_fmt(msg, NSS_LAST_UPDATE,
"%ld", (long int)time(NULL));
}
if (lret != LDB_SUCCESS) {
@@ -283,7 +284,7 @@ int dp_be_remove_account_posix(struct be_ctx *ctx, char *name)
}
account_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
- "uid=%s,cn=users,cn=%s,cn=remote",
+ "uid=%s,"NSS_TMPL_USER_BASE,
name, ctx->domain);
if (!account_dn) {
talloc_free(tmp_ctx);
@@ -305,7 +306,7 @@ int dp_be_remove_account_posix(struct be_ctx *ctx, char *name)
int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid)
{
TALLOC_CTX *tmp_ctx;
- const char *attrs[] = { "name", "uid", NULL };
+ const char *attrs[] = { NSS_PW_NAME, NSS_PW_UIDNUM, NULL };
struct ldb_dn *base_dn;
struct ldb_dn *account_dn;
struct ldb_result *res;
@@ -317,7 +318,7 @@ int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid)
}
base_dn = ldb_dn_new_fmt(tmp_ctx, ctx->ldb,
- "cn=users,cn=%s,cn=accounts", ctx->domain);
+ NSS_TMPL_USER_BASE, ctx->domain);
if (!base_dn) {
talloc_free(tmp_ctx);
return ENOMEM;
@@ -332,7 +333,7 @@ int dp_be_remove_account_posix_by_uid(struct be_ctx *ctx, uid_t uid)
lret = ldb_search(ctx->ldb, tmp_ctx, &res, base_dn,
LDB_SCOPE_BASE, attrs,
- "(&(uid=%lu)(objectClass=User))",
+ NSS_PWUID_FILTER,
(unsigned long)uid);
if (lret != LDB_SUCCESS) {
DEBUG(1, ("Failed to make search request: %s(%d)[%s]\n",
generated by cgit (git 2.34.1) at 2024-11-15 10:18:40 +0000