int sysdb_getpwnam(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *name,
struct ldb_result **_res)
{
TALLOC_CTX *tmp_ctx;
static const char *attrs[] = SYSDB_PW_ATTRS;
struct ldb_dn *base_dn;
struct ldb_result *res;
char *sanitized_name;
char *lc_sanitized_name;
const char *src_name;
int ret;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
base_dn = sysdb_user_base_dn(tmp_ctx, domain);
if (!base_dn) {
ret = ENOMEM;
goto done;
}
/* If this is a subdomain we need to use fully qualified names for the
* search as well by default */
src_name = sss_get_domain_name(tmp_ctx, name, domain);
if (!src_name) {
ret = ENOMEM;
goto done;
}
ret = sss_filter_sanitize_for_dom(tmp_ctx, src_name, domain,
&sanitized_name, &lc_sanitized_name);
if (ret != EOK) {
goto done;
}
ret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, base_dn,
LDB_SCOPE_SUBTREE, attrs, SYSDB_PWNAM_FILTER,
lc_sanitized_name,
sanitized_name, sanitized_name);
if (ret) {
ret = sysdb_error_to_errno(ret);
goto done;
}
*_res = talloc_steal(mem_ctx, res);
done:
talloc_zfree(tmp_ctx);
return ret;
}
static errno_t be_refresh_get_values(TALLOC_CTX *mem_ctx,
enum be_refresh_type type,
struct sss_domain_info *domain,
time_t period,
char ***_values)
{
struct ldb_dn *base_dn = NULL;
const char *class = NULL;
errno_t ret;
switch (type) {
case BE_REFRESH_TYPE_USERS:
base_dn = sysdb_user_base_dn(mem_ctx, domain);
class = SYSDB_USER_CLASS;
break;
case BE_REFRESH_TYPE_GROUPS:
base_dn = sysdb_group_base_dn(mem_ctx, domain);
class = SYSDB_GROUP_CLASS;
break;
case BE_REFRESH_TYPE_NETGROUPS:
base_dn = sysdb_netgroup_base_dn(mem_ctx, domain);
class = SYSDB_NETGROUP_CLASS;
break;
case BE_REFRESH_TYPE_SENTINEL:
return ERR_INTERNAL;
break;
}
if (base_dn == NULL) {
return ENOMEM;
}
ret = be_refresh_get_values_ex(mem_ctx, domain, period, class,
base_dn, SYSDB_NAME, _values);
talloc_free(base_dn);
return ret;
}
static int parse_members(TALLOC_CTX *mem_ctx,
struct ldb_context *ldb,
struct sss_domain_info *domain,
struct ldb_message_element *el,
const char *parent_name,
const char ***user_members,
const char ***group_members,
int *num_group_members)
{
struct ldb_dn *user_basedn = NULL, *group_basedn = NULL;
struct ldb_dn *parent_dn = NULL;
struct ldb_dn *dn = NULL;
const char **um = NULL, **gm = NULL;
unsigned int um_index = 0, gm_index = 0;
TALLOC_CTX *tmp_ctx = NULL;
int ret;
int i;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) {
ret = ENOMEM;
goto fail;
}
user_basedn = sysdb_user_base_dn(tmp_ctx, domain);
group_basedn = sysdb_group_base_dn(tmp_ctx, domain);
if (!user_basedn || !group_basedn) {
ret = ENOMEM;
goto fail;
}
um = talloc_array(mem_ctx, const char *, el->num_values+1);
gm = talloc_array(mem_ctx, const char *, el->num_values+1);
if (!um || !gm) {
ret = ENOMEM;
goto fail;
}
for (i = 0; i< el->num_values; ++i) {
dn = ldb_dn_from_ldb_val(tmp_ctx, ldb, &(el->values[i]));
/* user member or group member? */
parent_dn = ldb_dn_get_parent(tmp_ctx, dn);
if (ldb_dn_compare_base(parent_dn, user_basedn) == 0) {
um[um_index] = rdn_as_string(mem_ctx, dn);
if (um[um_index] == NULL) {
ret = ENOMEM;
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "User member %s\n", um[um_index]);
um_index++;
} else if (ldb_dn_compare_base(parent_dn, group_basedn) == 0) {
gm[gm_index] = rdn_as_string(mem_ctx, dn);
if (gm[gm_index] == NULL) {
ret = ENOMEM;
goto fail;
}
if (parent_name && strcmp(gm[gm_index], parent_name) == 0) {
DEBUG(SSSDBG_TRACE_FUNC,
"Skipping circular nesting for group %s\n",
gm[gm_index]);
continue;
}
DEBUG(SSSDBG_TRACE_FUNC, "Group member %s\n", gm[gm_index]);
gm_index++;
} else {
DEBUG(SSSDBG_OP_FAILURE, "Group member not a user nor group: %s\n",
ldb_dn_get_linearized(dn));
ret = EIO;
goto fail;
}
talloc_zfree(dn);
talloc_zfree(parent_dn);
}
um[um_index] = NULL;
gm[gm_index] = NULL;
if (um_index > 0) {
um = talloc_realloc(mem_ctx, um, const char *, um_index+1);
if (!um) {
ret = ENOMEM;
goto fail;
}
} else {
