ad_common.c revision 04759b59e71c78ab23b84d13dd29d9c6dd680adb
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher/*
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SSSD
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Authors:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Stephen Gallagher <sgallagh@redhat.com>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Copyright (C) 2012 Red Hat
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher This program is free software; you can redistribute it and/or modify
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher it under the terms of the GNU General Public License as published by
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher the Free Software Foundation; either version 3 of the License, or
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher (at your option) any later version.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher This program is distributed in the hope that it will be useful,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher GNU General Public License for more details.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher You should have received a copy of the GNU General Public License
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher*/
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <ctype.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ad/ad_common.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ad/ad_opts.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallaghererrno_t
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_get_common_options(TALLOC_CTX *mem_ctx,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct confdb_ctx *cdb,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher const char *conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct sss_domain_info *dom,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct ad_options **_opts)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher int gret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct ad_options *opts = NULL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *domain;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *server;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *realm;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *ad_hostname;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char hostname[HOST_NAME_MAX + 1];
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher opts = talloc_zero(mem_ctx, struct ad_options);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!opts) return ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_get_options(opts, cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_basic_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher AD_OPTS_BASIC,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &opts->basic);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* If the AD domain name wasn't explicitly set, assume that it
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * matches the SSSD domain name
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher domain = dp_opt_get_string(opts->basic, AD_DOMAIN);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!domain) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(opts->basic, AD_DOMAIN, dom->name);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher domain = dom->name;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Did we get an explicit server name, or are we discovering it? */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher server = dp_opt_get_string(opts->basic, AD_SERVER);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!server) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("No AD server set, will use service discovery!\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Set the machine's hostname to the local host name if it
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * wasn't explicitly specified.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ad_hostname == NULL) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher gret = gethostname(hostname, HOST_NAME_MAX);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (gret != 0) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = errno;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("gethostname failed [%s].\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher hostname[HOST_NAME_MAX] = '\0';
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Setting ad_hostname to [%s].\n", hostname));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Setting ad_hostname failed [%s].\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Always use the upper-case AD domain for the kerberos realm */
e4c29d1f8e3b2c2b268105f169e5156a0a36aebfOndrej Kos realm = get_uppercase_realm(opts, domain);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!realm) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(opts->basic, AD_KRB5_REALM, realm);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher /* Active Directory is always case-insensitive */
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher dom->case_sensitive = false;
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher /* Set this in the confdb so that the responders pick it
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher * up when they start up.
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher */
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher ret = confdb_set_bool(cdb, conf_path, "case_sensitive",
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher dom->case_sensitive);
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher if (ret != EOK) {
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE,
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher ("Could not set domain case-sensitive: [%s]\n",
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher strerror(ret)));
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher goto done;
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher }
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher ("Setting domain case-insensitive\n"));
346f41f1ede975cb2db0af570f5b454b9b306704Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *_opts = opts;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherdone:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_zfree(opts);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstatic void
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_resolve_callback(void *private_data, struct fo_server *server);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zelenystatic errno_t
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zelenyad_servers_init(TALLOC_CTX *mem_ctx,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny struct be_ctx *bectx,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny const char *servers,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny struct ad_options *options,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny bool primary)
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny{
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny size_t i;
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek errno_t ret = 0;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny char **list;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny char *ad_domain;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny TALLOC_CTX *tmp_ctx;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny tmp_ctx = talloc_new(NULL);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (!tmp_ctx) return ENOMEM;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny /* Split the server list */
04759b59e71c78ab23b84d13dd29d9c6dd680adbMichal Zidek ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (ret != EOK) {
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny goto done;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny }
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ad_domain = dp_opt_get_string(options->basic, AD_DOMAIN);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny /* Add each of these servers to the failover service */
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny for (i = 0; list[i]; i++) {
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (be_fo_is_srv_identifier(list[i])) {
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek if (!primary) {
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek DEBUG(SSSDBG_MINOR_FAILURE,
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek ("Failed to add server [%s] to failover service: "
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek "SRV resolution only allowed for primary servers!\n",
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek list[i]));
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek continue;
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek }
4a1e58d85409fbb7a12ac244c3dbef8c0c1b15dfMichal Zidek
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ret = be_fo_add_srv_server(bectx, AD_SERVICE_NAME, "ldap",
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ad_domain, BE_FO_PROTO_TCP,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny false, NULL);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (ret != EOK) {
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_FATAL_FAILURE,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ("Failed to add service discovery to failover: [%s]",
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny strerror(ret)));
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny goto done;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny }
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_CONF_SETTINGS, ("Added service discovery for AD\n"));
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny continue;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny }
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek /* It could be ipv6 address in square brackets. Remove
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek * the brackets if needed. */
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek ret = remove_ipv6_brackets(list[i]);
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek if (ret != EOK) {
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek goto done;
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek }
b096321a5a02dda0b6b71ba0f9c4d8feacd979e4Michal Zidek
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ret = be_fo_add_server(bectx, AD_SERVICE_NAME, list[i], 0, NULL, primary);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (ret && ret != EEXIST) {
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny goto done;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny }
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny DEBUG(SSSDBG_CONF_SETTINGS, ("Added failover server %s\n", list[i]));
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny }
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zelenydone:
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny talloc_free(tmp_ctx);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny return ret;
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny}
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidekstatic int ad_user_data_cmp(void *ud1, void *ud2)
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidek{
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidek return strcasecmp((char*) ud1, (char*) ud2);
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidek}
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidek
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallaghererrno_t
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny const char *primary_servers,
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny const char *backup_servers,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct ad_options *options,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct ad_service **_service)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher TALLOC_CTX *tmp_ctx;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct ad_service *service;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *realm;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher tmp_ctx = talloc_new(mem_ctx);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!tmp_ctx) return ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service = talloc_zero(tmp_ctx, struct ad_service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!service) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap = talloc_zero(service, struct sdap_service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!service->sdap) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->krb5_service = talloc_zero(service, struct krb5_service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!service->krb5_service) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
9ab243b369ba317cc964080786dbcdebaf23d6beMichal Zidek ret = be_fo_add_service(bectx, AD_SERVICE_NAME, ad_user_data_cmp);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap->name = talloc_strdup(service, AD_SERVICE_NAME);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!service->sdap->name) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->krb5_service->name = talloc_strdup(service, AD_SERVICE_NAME);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!service->krb5_service->name) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap->kinit_service_name = service->krb5_service->name;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher realm = dp_opt_get_string(options->basic, AD_KRB5_REALM);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!realm) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EINVAL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->krb5_service->realm =
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_strdup(service->krb5_service, realm);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!service->krb5_service->realm) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (!primary_servers) {
b1caacb098ae99ad65144120fdec4d0fd98ad9d5Pavel Březina DEBUG(SSSDBG_CONF_SETTINGS,
b1caacb098ae99ad65144120fdec4d0fd98ad9d5Pavel Březina ("No primary servers defined, using service discovery\n"));
b1caacb098ae99ad65144120fdec4d0fd98ad9d5Pavel Březina primary_servers = BE_SRV_IDENTIFIER;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ret = ad_servers_init(mem_ctx, bectx, primary_servers, options, true);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (backup_servers) {
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny ret = ad_servers_init(mem_ctx, bectx, backup_servers, options, false);
016e0d7202ff965018e41869c5ab501f86b0d081Jan Zeleny if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = be_fo_service_add_callback(mem_ctx, bectx, AD_SERVICE_NAME,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_resolve_callback, service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Failed to add failover callback! [%s]\n", strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *_service = talloc_steal(mem_ctx, service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherdone:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_free(tmp_ctx);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstatic void
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_resolve_callback(void *private_data, struct fo_server *server)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher TALLOC_CTX *tmp_ctx;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct ad_service *service;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct resolv_hostent *srvaddr;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct sockaddr_storage *sockaddr;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *address;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher const char *safe_address;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *new_uri;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher const char *srv_name;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher tmp_ctx = talloc_new(NULL);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!tmp_ctx) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service = talloc_get_type(private_data, struct ad_service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!service) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EINVAL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher srvaddr = fo_get_server_hostent(server);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!srvaddr) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("No hostent available for server (%s)\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher fo_get_server_str_name(server)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EINVAL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (sockaddr == NULL) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_sockaddr_address failed.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EIO;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher address = resolv_get_string_address(tmp_ctx, srvaddr);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (address == NULL) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_string_address failed.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EIO;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher srv_name = fo_get_server_name(server);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (srv_name == NULL) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get server host name\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EINVAL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher new_uri = talloc_asprintf(service, "ldap://%s", srv_name);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!new_uri) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to copy URI\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS, ("Constructed uri '%s'\n", new_uri));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* free old one and replace with new one */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_zfree(service->sdap->uri);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap->uri = new_uri;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_zfree(service->sdap->sockaddr);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher service->sdap->sockaddr = talloc_steal(service, sockaddr);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher safe_address = sss_escape_ip_address(tmp_ctx,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher srvaddr->family,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher address);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (safe_address == NULL) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("sss_escape_ip_address failed.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = write_krb5info_file(service->krb5_service->realm, safe_address,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SSS_KRB5KDC_FO_SRV);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_MINOR_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("write_krb5info_file failed, authentication might fail.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherdone:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Error: [%s]\n", strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_free(tmp_ctx);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallaghererrno_t
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_set_search_bases(struct sdap_options *id_opts);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallaghererrno_t
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_get_id_options(struct ad_options *ad_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct confdb_ctx *cdb,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher const char *conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct sdap_options **_opts)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher TALLOC_CTX *tmp_ctx;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct sdap_options *id_opts;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *krb5_realm;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *keytab_path;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher tmp_ctx = talloc_new(NULL);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!tmp_ctx) return ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher id_opts = talloc_zero(tmp_ctx, struct sdap_options);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!id_opts) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_get_options(id_opts, cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_def_ldap_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_OPTS_BASIC,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->basic);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Set up search bases if they were assigned explicitly */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ad_set_search_bases(id_opts);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* We only support Kerberos password policy with AD, so
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * force that on.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_PWD_POLICY,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher PWD_POL_OPT_MIT);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE, ("Could not set password policy\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Set the Kerberos Realm for GSSAPI */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!krb5_realm) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Should be impossible, this is set in ad_get_common_options() */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EINVAL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Option %s set to %s\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher id_opts->basic[SDAP_KRB5_REALM].opt_name,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher krb5_realm));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher if (keytab_path) {
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB,
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher keytab_path);
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher if (ret != EOK) goto done;
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher ("Option %s set to %s\n",
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher id_opts->basic[SDAP_KRB5_KEYTAB].opt_name,
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher keytab_path));
4e2d9fe30bf8b692972a9654c60d2d90ed355815Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek ret = sdap_set_sasl_options(id_opts,
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek dp_opt_get_string(ad_opts->basic,
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek AD_HOSTNAME),
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek dp_opt_get_string(ad_opts->basic,
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek AD_KRB5_REALM),
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek keytab_path);
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek if (ret != EOK) {
e0d861963e10c5aba79ad87f8c48b0ce1bec06caJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* fix schema to AD */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher id_opts->schema_type = SDAP_SCHEMA_AD;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Get sdap option maps */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* General Attribute Map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_get_map(id_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_2008r2_attr_map,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_AT_GENERAL,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->gen_map);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* User map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_get_map(id_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_2008r2_user_map,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_OPTS_USER,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->user_map);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Group map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_get_map(id_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_2008r2_group_map,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_OPTS_GROUP,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->group_map);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Netgroup map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_get_map(id_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_netgroup_map,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_OPTS_NETGROUP,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->netgroup_map);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Services map */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_get_map(id_opts,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher cdb, conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_service_map,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_OPTS_SERVICES,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->service_map);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_opts->id = talloc_steal(ad_opts, id_opts);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *_opts = id_opts;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherdone:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_free(tmp_ctx);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallaghererrno_t
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_set_search_bases(struct sdap_options *id_opts)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *default_search_base;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher size_t o;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher const int search_base_options[] = { SDAP_USER_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_GROUP_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_NETGROUP_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_SERVICE_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher -1 };
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* AD servers provide defaultNamingContext, so we will
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * rely on that to specify the search base unless it has
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher * been specifically overridden.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher default_search_base =
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher dp_opt_get_string(id_opts->basic, SDAP_SEARCH_BASE);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (default_search_base) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* set search bases if they are not */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher for (o = 0; search_base_options[o] != -1; o++) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (NULL == dp_opt_get_string(id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher search_base_options[o])) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = dp_opt_set_string(id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher search_base_options[o],
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher default_search_base);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Option %s set to %s\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher id_opts->basic[search_base_options[o]].opt_name,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher dp_opt_get_string(id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher search_base_options[o])));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher } else {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
0051296f67bd7d8e2e3094638ddff4e641324d04Michal Zidek ("Search base not set. SSSD will attempt to discover it later, "
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher "when connecting to the LDAP server.\n"));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Default search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->search_bases);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* User search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_USER_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->user_search_bases);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Group search base */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_GROUP_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->group_search_bases);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Netgroup search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_NETGROUP_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->netgroup_search_bases);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Service search */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = sdap_parse_search_base(id_opts, id_opts->basic,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SDAP_SERVICE_SEARCH_BASE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &id_opts->service_search_bases);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK && ret != ENOENT) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherdone:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallaghererrno_t
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagherad_get_auth_options(TALLOC_CTX *mem_ctx,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher struct ad_options *ad_opts,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher struct be_ctx *bectx,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher struct dp_option **_opts)
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher{
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher errno_t ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher struct dp_option *krb5_options;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher const char *ad_servers;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher const char *krb5_realm;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher TALLOC_CTX *tmp_ctx = talloc_new(NULL);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (!tmp_ctx) return ENOMEM;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Get krb5 options */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = dp_get_options(tmp_ctx, bectx->cdb, bectx->conf_path,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ad_def_krb5_opts, KRB5_OPTS,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher &krb5_options);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Could not read Kerberos options from the configuration\n"));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ad_servers = dp_opt_get_string(ad_opts->basic, AD_SERVER);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Force the krb5_servers to match the ad_servers */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = dp_opt_set_string(krb5_options, KRB5_KDC, ad_servers);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Option %s set to %s\n",
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher krb5_options[KRB5_KDC].opt_name,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ad_servers));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Set krb5 realm */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Set the Kerberos Realm for GSSAPI */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (!krb5_realm) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Should be impossible, this is set in ad_get_common_options() */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = EINVAL;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Force the kerberos realm to match the AD_KRB5_REALM (which may have
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher * been upper-cased in ad_common_options()
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher DEBUG(SSSDBG_CONF_SETTINGS,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Option %s set to %s\n",
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher krb5_options[KRB5_REALM].opt_name,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher krb5_realm));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *_opts = talloc_steal(mem_ctx, krb5_options);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = EOK;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagherdone:
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher talloc_free(tmp_ctx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher return ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher}