SYSDB: Support ID override templates

Author: justin-stephenson

src/db/sysdb.h

@@ -207,12 +207,15 @@
 #define SYSDB_VIEW_NAME "viewName"
 #define SYSDB_OVERRIDE_CLASS "override"
 #define SYSDB_OVERRIDE_ANCHOR_UUID "overrideAnchorUUID"
+#define SYSDB_OVERRIDE_ANCHOR "overrideAnchor"
 #define SYSDB_OVERRIDE_USER_CLASS "userOverride"
 #define SYSDB_OVERRIDE_GROUP_CLASS "groupOverride"
 #define SYSDB_OVERRIDE_DN "overrideDN"
 #define SYSDB_OVERRIDE_OBJECT_DN "overrideObjectDN"
 #define SYSDB_USE_DOMAIN_RESOLUTION_ORDER "useDomainResolutionOrder"
 #define SYSDB_DOMAIN_RESOLUTION_ORDER "domainResolutionOrder"
+#define SYSDB_DOMAIN_TEMPLATE_SHELL "templateLoginShell"
+#define SYSDB_DOMAIN_TEMPLATE_HOMEDIR "templateHomeDirectory"
 #define SYSDB_PASSKEY_USER_VERIFICATION "passkeyUserVerification"
 #define SYSDB_SESSION_RECORDING "sessionRecording"
 
@@ -655,6 +658,23 @@ errno_t sysdb_update_view_name(struct sysdb_ctx *sysdb, const char *view_name);
 errno_t sysdb_get_view_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
                             char **view_name);
 
+errno_t sysdb_update_override_template(struct sysdb_ctx *sysdb,
+                                       const char *view_name,
+                                       const char *anchor,
+                                       const char *home_dir,
+                                       const char *login_shell);
+
+errno_t sysdb_domain_update_domain_template(struct sss_domain_info *parent,
+                                            struct sysdb_ctx *sysdb,
+                                            const char *subdom_name,
+                                            const char *home_dir,
+                                            const char *login_shell);
+
+errno_t sysdb_update_domain_template(struct sysdb_ctx *sysdb,
+                                     struct ldb_dn *dn,
+                                     const char *home_dir,
+                                     const char *login_shell);
+
 errno_t sysdb_update_view_domain_resolution_order(
                                         struct sysdb_ctx *sysdb,
                                         const char *domain_resolution_order);
@@ -692,6 +712,8 @@ errno_t sysdb_invalidate_overrides(struct sysdb_ctx *sysdb);
 
 errno_t sysdb_apply_default_override(struct sss_domain_info *domain,
                                      struct sysdb_attrs *override_attrs,
+                                     const char *global_template_homedir,
+                                     const char *global_template_shell,
                                      struct ldb_dn *obj_dn);
 
 errno_t sysdb_search_by_orig_dn(TALLOC_CTX *mem_ctx,
@@ -1231,6 +1253,13 @@ errno_t sysdb_store_override(struct sss_domain_info *domain,
                              enum sysdb_member_type type,
                              struct sysdb_attrs *attrs, struct ldb_dn *obj_dn);
 
+errno_t sysdb_store_override_template(struct sss_domain_info *domain,
+                                      struct sysdb_attrs *attrs,
+                                      const char *global_template_homedir,
+                                      const char *global_template_shell,
+                                      const char *view_name,
+                                      struct ldb_dn *obj_dn);
+
 /*
  * Cache the time of last initgroups invocation. Typically this is not done when
  * the provider-specific request itself finishes, because currently the request

src/db/sysdb_subdomains.c

@@ -1621,6 +1621,84 @@ sysdb_domain_get_domain_resolution_order(TALLOC_CTX *mem_ctx,
     return ret;
 }
 
+errno_t
+sysdb_domain_update_domain_template(struct sss_domain_info *parent,
+                                    struct sysdb_ctx *sysdb,
+                                    const char *subdom_name,
+                                    const char *home_dir,
+                                    const char *login_shell)
+{
+
+    TALLOC_CTX *tmp_ctx;
+    struct ldb_dn *dn;
+    struct sss_domain_info *subdom;
+    errno_t ret;
+
+    if (home_dir == NULL && login_shell == NULL) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "Either login shell or home directory must be provided\n");
+        return EINVAL;
+    }
+
+    tmp_ctx = talloc_new(NULL);
+    if (tmp_ctx == NULL) {
+        return ENOMEM;
+    }
+
+    dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_DOM_BASE, subdom_name);
+    if (dn == NULL) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    ret = sysdb_update_domain_template(sysdb, dn,
+                                       home_dir, login_shell);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE,
+              "sysdb_update_domain_template() failed [%d]: [%s].\n",
+              ret, sss_strerror(ret));
+        goto done;
+    }
+
+    /* Update sss_domain_info struct to have templates available in memory */
+    subdom = find_domain_by_name(parent, subdom_name, true);
+    if (!subdom) {
+        DEBUG(SSSDBG_CRIT_FAILURE,
+              "Could not find domain matching [%s]\n",
+              subdom_name);
+        ret = EIO;
+        goto done;
+    }
+
+    if (home_dir != NULL) {
+        subdom->template_homedir = talloc_strdup(subdom, home_dir);
+        if (subdom->template_homedir == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, "Failed to copy homedir template.\n");
+            ret = ENOMEM;
+            goto done;
+        }
+    } else {
+        subdom->template_homedir = NULL;
+    }
+
+    if (login_shell != NULL) {
+        subdom->template_shell = talloc_strdup(subdom, login_shell);
+        if (subdom->template_shell == NULL) {
+            DEBUG(SSSDBG_OP_FAILURE, "Failed to copy shell template.\n");
+            ret = ENOMEM;
+            goto done;
+        }
+    } else {
+        subdom->template_shell = NULL;
+    }
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 errno_t
 sysdb_domain_update_domain_resolution_order(struct sysdb_ctx *sysdb,
                                             const char *domain_name,