src/db/sysdb_certmap.c

49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose/*
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   SSSD
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   System Database - certificate mapping rules related calls
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   Copyright (C) 2017 Sumit Bose <sbose@redhat.com>
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   This program is free software; you can redistribute it and/or modify
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   it under the terms of the GNU General Public License as published by
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   the Free Software Foundation; either version 3 of the License, or
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   (at your option) any later version.
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   This program is distributed in the hope that it will be useful,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   but WITHOUT ANY WARRANTY; without even the implied warranty of
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   GNU General Public License for more details.
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   You should have received a copy of the GNU General Public License
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose   along with this program.  If not, see <http://www.gnu.org/licenses/>.
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose*/
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose#include "util/util.h"
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose#include "db/sysdb_private.h"
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bosestatic errno_t sysdb_create_certmap_container(struct sysdb_ctx *sysdb,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                              bool user_name_hint)
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose{
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    struct ldb_message *msg = NULL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    errno_t ret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    msg = ldb_msg_new(sysdb);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (msg == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    msg->dn = ldb_dn_new(msg, sysdb->ldb, SYSDB_TMPL_CERTMAP_BASE);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (msg->dn == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = ldb_msg_add_string(msg, "cn", "certmap");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != LDB_SUCCESS) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = sysdb_error_to_errno(ret);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = ldb_msg_add_string(msg, SYSDB_CERTMAP_USER_NAME_HINT,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                             user_name_hint ? "TRUE" : "FALSE");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != LDB_SUCCESS) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = sysdb_error_to_errno(ret);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    /* do a synchronous add */
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = ldb_add(sysdb->ldb, msg);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != LDB_SUCCESS) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_FATAL_FAILURE,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose              "Failed to add certmap container (%d, [%s])!\n",
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose               ret, ldb_errstring(sysdb->ldb));
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = EIO;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = EOK;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bosedone:
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    talloc_free(msg);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    return ret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose}
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bosestatic errno_t sysdb_certmap_add(struct sysdb_ctx *sysdb,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                 struct certmap_info *certmap)
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose{
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    struct ldb_message *msg;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    struct ldb_message_element *el;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    int ret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    TALLOC_CTX *tmp_ctx;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    size_t c;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    tmp_ctx = talloc_new(NULL);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (tmp_ctx == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        return ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    msg = ldb_msg_new(tmp_ctx);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (msg == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_new failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    msg->dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                             SYSDB_TMPL_CERTMAP, certmap->name);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (msg->dn == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new_fmt failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = sysdb_add_string(msg, SYSDB_OBJECTCLASS, SYSDB_CERTMAP_CLASS);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_string failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = sysdb_add_string(msg, SYSDB_NAME, certmap->name);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_string failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (certmap->map_rule != NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = sysdb_add_string(msg, SYSDB_CERTMAP_MAPPING_RULE,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                               certmap->map_rule);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_string failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (certmap->match_rule != NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = sysdb_add_string(msg, SYSDB_CERTMAP_MATCHING_RULE,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                               certmap->match_rule);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_string failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (certmap->domains != NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        for (c = 0; certmap->domains[c] != NULL; c++);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        el = talloc_zero(tmp_ctx, struct ldb_message_element);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (el == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        el->name = talloc_strdup(el, SYSDB_CERTMAP_DOMAINS);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if(el->name == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        el->num_values = c;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        el->values = talloc_zero_array(el, struct ldb_val, c + 1);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (el->values == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        for (c = 0; certmap->domains[c] != NULL; c++) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            el->values[c].data = (uint8_t *) talloc_strdup(el->values,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                                           certmap->domains[c]);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            if (el->values[c].data == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            el->values[c].length = strlen(certmap->domains[c]);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ldb_msg_add(msg, el, LDB_FLAG_MOD_ADD);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (ret != LDB_SUCCESS) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "ldb_msg_add failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = sysdb_error_to_errno(ret);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = sysdb_add_ulong(msg, SYSDB_CERTMAP_PRIORITY,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                          (unsigned long)certmap->priority);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sysdb_add_ulong failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = ldb_add(sysdb->ldb, msg);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != LDB_SUCCESS) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "ldb_add failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = sysdb_error_to_errno(ret);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = EOK;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bosedone:
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, sss_strerror(ret));
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    talloc_zfree(tmp_ctx);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    return ret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose}
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Boseerrno_t sysdb_update_certmap(struct sysdb_ctx *sysdb,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                             struct certmap_info **certmaps,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                             bool user_name_hint)
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose{
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    size_t c;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    struct ldb_dn *container_dn = NULL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    bool in_transaction = false;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    int ret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    int sret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (certmaps == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        return EINVAL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    container_dn = ldb_dn_new(sysdb, sysdb->ldb, SYSDB_TMPL_CERTMAP_BASE);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (container_dn == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        return ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = sysdb_transaction_start(sysdb);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sysdb_transaction_start failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    in_transaction = true;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = sysdb_delete_recursive(sysdb, container_dn, true);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sysdb_delete_recursive failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = sysdb_create_certmap_container(sysdb, user_name_hint);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sysdb_create_certmap_container failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    for (c = 0; certmaps[c] != NULL; c++) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = sysdb_certmap_add(sysdb, certmaps[c]);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "sysdb_certmap_add failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = sysdb_transaction_commit(sysdb);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_transaction_commit failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    in_transaction = false;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bosedone:
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (in_transaction) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        sret = sysdb_transaction_cancel(sysdb);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (sret != EOK) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    talloc_free(container_dn);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    return ret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose}
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Boseerrno_t sysdb_get_certmap(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                          struct certmap_info ***certmaps, bool *user_name_hint)
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose{
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    size_t c;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    size_t d;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    struct ldb_dn *container_dn = NULL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    int ret;
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose    struct certmap_info **maps = NULL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    TALLOC_CTX *tmp_ctx = NULL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    struct ldb_result *res;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    const char *tmp_str;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    uint64_t tmp_uint;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    struct ldb_message_element *tmp_el;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    const char *attrs[] = {SYSDB_NAME,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                           SYSDB_CERTMAP_PRIORITY,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                           SYSDB_CERTMAP_MATCHING_RULE,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                           SYSDB_CERTMAP_MAPPING_RULE,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                           SYSDB_CERTMAP_DOMAINS,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                           NULL};
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    const char *config_attrs[] = {SYSDB_CERTMAP_USER_NAME_HINT,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                  NULL};
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    size_t num_values;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    bool hint = false;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    tmp_ctx = talloc_new(NULL);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (tmp_ctx == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    container_dn = ldb_dn_new(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CERTMAP_BASE);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (container_dn == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_new failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = ldb_search(sysdb->ldb, tmp_ctx, &res, container_dn, LDB_SCOPE_BASE,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                     config_attrs, SYSDB_CERTMAP_USER_NAME_HINT"=*");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != LDB_SUCCESS || res->count != 1) {
4e8d5c1639c407755ec437c816a0538b074f1d8fLukas Slebodnik        DEBUG(SSSDBG_TRACE_INTERNAL,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose              "Failed to read certmap config, skipping.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    } else {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        hint = ldb_msg_find_attr_as_bool(res->msgs[0],
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                         SYSDB_CERTMAP_USER_NAME_HINT, false);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = ldb_search(sysdb->ldb, tmp_ctx, &res,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                     container_dn, LDB_SCOPE_SUBTREE,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                     attrs, "objectclass=%s", SYSDB_CERTMAP_CLASS);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (ret != LDB_SUCCESS) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "ldb_search failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = EIO;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (res->count == 0) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_TRACE_FUNC, "No certificate maps found.\n");
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose        ret = EOK;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    maps = talloc_zero_array(tmp_ctx, struct certmap_info *, res->count + 1);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    if (maps == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    for (c = 0; c < res->count; c++) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        maps[c] = talloc_zero(maps, struct certmap_info);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (maps[c] == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        tmp_str = ldb_msg_find_attr_as_string(res->msgs[c], SYSDB_NAME, NULL);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (tmp_str == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_MINOR_FAILURE, "The object [%s] doesn't have a name.\n",
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                       ldb_dn_get_linearized(res->msgs[c]->dn));
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = EINVAL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        maps[c]->name = talloc_strdup(maps, tmp_str);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (maps[c]->name == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        tmp_str = ldb_msg_find_attr_as_string(res->msgs[c],
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                              SYSDB_CERTMAP_MAPPING_RULE, NULL);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (tmp_str != NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            maps[c]->map_rule = talloc_strdup(maps, tmp_str);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            if (maps[c]->map_rule == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        tmp_str = ldb_msg_find_attr_as_string(res->msgs[c],
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                              SYSDB_CERTMAP_MATCHING_RULE, NULL);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (tmp_str != NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            maps[c]->match_rule = talloc_strdup(maps, tmp_str);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            if (maps[c]->match_rule == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        tmp_uint = ldb_msg_find_attr_as_uint64(res->msgs[c],
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                               SYSDB_CERTMAP_PRIORITY,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                               (uint64_t) -1);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (tmp_uint != (uint64_t) -1) {
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose            if (tmp_uint > UINT32_MAX) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                DEBUG(SSSDBG_OP_FAILURE, "Priority value [%lu] too large.\n",
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                         (unsigned long) tmp_uint);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                ret = EINVAL;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            maps[c]->priority = (uint32_t) tmp_uint;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        tmp_el = ldb_msg_find_element(res->msgs[c], SYSDB_CERTMAP_DOMAINS);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (tmp_el != NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            num_values = tmp_el->num_values;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        } else {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            num_values = 0;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        maps[c]->domains = talloc_zero_array(maps[c], const char *,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                             num_values + 1);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        if (maps[c]->domains == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        for (d = 0; d < num_values; d++) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            maps[c]->domains[d] = talloc_strndup(maps[c]->domains,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                            (char *) tmp_el->values[d].data,
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                                            tmp_el->values[d].length);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            if (maps[c]->domains[d] == NULL) {
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                ret = ENOMEM;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose                goto done;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose            }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose        }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    }
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    ret = EOK;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bosedone:
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose    if (ret == EOK) {
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose        *certmaps = talloc_steal(mem_ctx, maps);
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose        *user_name_hint = hint;
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose    }
ee7e72a65d323636600ffda271d5b5c4ddbc78b1Sumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    talloc_free(tmp_ctx);
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose    return ret;
49f8ec8e0a3723a748bdb043d6dc1fb2a3977a8aSumit Bose}