d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn#include <ctype.h>

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser#include "providers/ad/ad_common.h"

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser#include "providers/ad/ad_opts.h"

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moserad_get_common_options(TALLOC_CTX *mem_ctx,

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser struct confdb_ctx *cdb,

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser const char *conf_path,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn struct sss_domain_info *dom,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn struct ad_options **_opts)

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn{

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn errno_t ret;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn int gret;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn size_t i;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn struct ad_options *opts = NULL;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn char *domain;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn char *server;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn char *realm;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn char *ad_hostname;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn char hostname[HOST_NAME_MAX + 1];

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn opts = talloc_zero(mem_ctx, struct ad_options);

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn if (!opts) return ENOMEM;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ret = dp_get_options(opts, cdb, conf_path,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ad_basic_opts,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn AD_OPTS_BASIC,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn &opts->basic);

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (ret != EOK) {

42ff5f0f8767114d060f5031055038a1a1c3759aSerge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn /* If the AD domain name wasn't explicitly set, assume that it

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn domain = dp_opt_get_string(opts->basic, AD_DOMAIN);

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn if (!domain) {

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn ret = dp_opt_set_string(opts->basic, AD_DOMAIN, dom->name);

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn if (ret != EOK) {

daaf41b36790bdaae855048e56ed090b17a77c97Stéphane Graber goto done;

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn }

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn domain = dom->name;

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber }

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber /* Did we get an explicit server name, or are we discovering it? */

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn server = dp_opt_get_string(opts->basic, AD_SERVER);

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber if (!server) {

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber DEBUG(SSSDBG_CONF_SETTINGS,

9313e1e628160ca64f9e7fcec6500056c9a0725fStéphane Graber ("No AD server set, will use service discovery!\n"));

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber }

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber

f02ce27d4b1a9d01b88d0ffaf626e5bafa671bf0Stéphane Graber /* Set the machine's hostname to the local host name if it

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber ad_hostname = dp_opt_get_string(opts->basic, AD_HOSTNAME);

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber if (ad_hostname == NULL) {

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber gret = gethostname(hostname, HOST_NAME_MAX);

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber if (gret != 0) {

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber ret = errno;

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber DEBUG(SSSDBG_FATAL_FAILURE,

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber ("gethostname failed [%s].\n",

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber strerror(ret)));

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber goto done;

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn hostname[HOST_NAME_MAX] = '\0';

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber DEBUG(SSSDBG_CONF_SETTINGS,

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber ("Setting ad_hostname to [%s].\n", hostname));

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber ret = dp_opt_set_string(opts->basic, AD_HOSTNAME, hostname);

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber if (ret != EOK) {

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber DEBUG(SSSDBG_FATAL_FAILURE,

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber ("Setting ad_hostname failed [%s].\n",

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber strerror(ret)));

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber goto done;

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber }

bf7d76cf3ae180820c0a29e0bfbaa97c20ce6a3dSerge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber /* Always use the upper-case AD domain for the kerberos realm */

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber realm = talloc_strdup(opts, domain);

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber if (!realm) {

f2a95ee1bf54c949614a68bf152ea9a8e1d3a172Stéphane Graber ret = ENOMEM;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn goto done;

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber }

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber for (i = 0; realm[i]; i++) {

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber realm[i] = toupper(realm[i]);

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber }

17abf2784de1047fb2904ff130ee5efe4ea7b598Elan Ruusamäe

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber ret = dp_opt_set_string(opts->basic, AD_KRB5_REALM, realm);

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber if (ret != EOK) {

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber goto done;

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber }

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber

0a3673e80732ab83d807d406fb2fd3c3b7f54ad3Stéphane Graber /* Active Directory is always case-insensitive */

542939c31bb73bab55f2fd71243b98f5559597d1Stéphane Graber dom->case_sensitive = false;

42ff5f0f8767114d060f5031055038a1a1c3759aSerge Hallyn

42ff5f0f8767114d060f5031055038a1a1c3759aSerge Hallyn /* Set this in the confdb so that the responders pick it

542939c31bb73bab55f2fd71243b98f5559597d1Stéphane Graber ret = confdb_set_bool(cdb, conf_path, "case_sensitive",

5ff337745e4a705293b056ab58f6ea7a92cabbc8Stéphane Graber dom->case_sensitive);

42ff5f0f8767114d060f5031055038a1a1c3759aSerge Hallyn if (ret != EOK) {

42ff5f0f8767114d060f5031055038a1a1c3759aSerge Hallyn DEBUG(SSSDBG_CRIT_FAILURE,

42ff5f0f8767114d060f5031055038a1a1c3759aSerge Hallyn ("Could not set domain case-sensitive: [%s]\n",

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn strerror(ret)));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn DEBUG(SSSDBG_CONF_SETTINGS,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ("Setting domain case-insensitive\n"));

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn ret = EOK;

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn *_opts = opts;

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn

1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyndone:

3f5f5d99b0ea1c204699b13d4a0caf4d9e745449Stéphane Graber if (ret != EOK) {

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn talloc_zfree(opts);

52c8f624b5f9ef665f33a7aa80e0aa18b91daa4aSerge Hallyn }

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser return ret;

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn}

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moserstatic void

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moserad_resolve_callback(void *private_data, struct fo_server *server);

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallynstatic errno_t

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallynad_servers_init(TALLOC_CTX *mem_ctx,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn struct be_ctx *bectx,

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn const char *servers,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn struct ad_options *options,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn bool primary)

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn{

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn size_t i;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn errno_t ret = 0;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn char **list;

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn char *ad_domain;

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser TALLOC_CTX *tmp_ctx;

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn tmp_ctx = talloc_new(NULL);

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (!tmp_ctx) return ENOMEM;

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser /* Split the server list */

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser if (ret != EOK) {

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ad_domain = dp_opt_get_string(options->basic, AD_DOMAIN);

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn /* Add each of these servers to the failover service */

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn for (i = 0; list[i]; i++) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (be_fo_is_srv_identifier(list[i])) {

ed4616b1cfbc84dd01caa8546d813e8c5d482921Christian Bühler if (!primary) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn DEBUG(SSSDBG_MINOR_FAILURE,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ("Failed to add server [%s] to failover service: "

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn "SRV resolution only allowed for primary servers!\n",

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn list[i]));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn continue;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn }

b8bced69a80a8be95fdbbb6b4e9ad7fa85464b1eSerge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn ret = be_fo_add_srv_server(bectx, AD_SERVICE_NAME, "ldap",

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn ad_domain, BE_FO_PROTO_TCP,

8a63c0a9d9089e6365e5a696455476febed39d6aStéphane Graber false, NULL);

8a3c76b24d73ab8a830035e7a66400e2cc2e8334Stéphane Graber if (ret != EOK) {

8a3c76b24d73ab8a830035e7a66400e2cc2e8334Stéphane Graber DEBUG(SSSDBG_FATAL_FAILURE,

8a3c76b24d73ab8a830035e7a66400e2cc2e8334Stéphane Graber ("Failed to add service discovery to failover: [%s]",

8a3c76b24d73ab8a830035e7a66400e2cc2e8334Stéphane Graber strerror(ret)));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

52c8f624b5f9ef665f33a7aa80e0aa18b91daa4aSerge Hallyn DEBUG(SSSDBG_CONF_SETTINGS, ("Added service discovery for AD\n"));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn continue;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ret = be_fo_add_server(bectx, AD_SERVICE_NAME, list[i], 0, NULL, primary);

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov if (ret && ret != EEXIST) {

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn DEBUG(SSSDBG_CONF_SETTINGS, ("Added failover server %s\n", list[i]));

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn }

4759162d078d86628956cae4846c6efccf548e67Serge Hallyndone:

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn talloc_free(tmp_ctx);

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn return ret;

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn}

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn

427bffc7a10c9015dc78ef52543f7b8cb9414359Serge Hallynad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *bectx,

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser const char *primary_servers,

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser const char *backup_servers,

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser struct ad_options *options,

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser struct ad_service **_service)

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser{

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser errno_t ret;

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn TALLOC_CTX *tmp_ctx;

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn struct ad_service *service;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn char *realm;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn tmp_ctx = talloc_new(mem_ctx);

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (!tmp_ctx) return ENOMEM;

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser service = talloc_zero(tmp_ctx, struct ad_service);

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser if (!service) {

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn ret = ENOMEM;

52c8f624b5f9ef665f33a7aa80e0aa18b91daa4aSerge Hallyn goto done;

52c8f624b5f9ef665f33a7aa80e0aa18b91daa4aSerge Hallyn }

52c8f624b5f9ef665f33a7aa80e0aa18b91daa4aSerge Hallyn

17abf2784de1047fb2904ff130ee5efe4ea7b598Elan Ruusamäe service->sdap = talloc_zero(service, struct sdap_service);

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (!service->sdap) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ret = ENOMEM;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser }

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser service->krb5_service = talloc_zero(service, struct krb5_service);

d46417540f61ffb93344f3d338340588bf118ab4Stéphane Graber if (!service->krb5_service) {

d46417540f61ffb93344f3d338340588bf118ab4Stéphane Graber ret = ENOMEM;

d46417540f61ffb93344f3d338340588bf118ab4Stéphane Graber goto done;

d46417540f61ffb93344f3d338340588bf118ab4Stéphane Graber }

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser ret = be_fo_add_service(bectx, AD_SERVICE_NAME);

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser if (ret != EOK) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to create failover service!\n"));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov }

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov

427bffc7a10c9015dc78ef52543f7b8cb9414359Serge Hallyn service->sdap->name = talloc_strdup(service, AD_SERVICE_NAME);

427bffc7a10c9015dc78ef52543f7b8cb9414359Serge Hallyn if (!service->sdap->name) {

427bffc7a10c9015dc78ef52543f7b8cb9414359Serge Hallyn ret = ENOMEM;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn service->krb5_service->name = talloc_strdup(service, AD_SERVICE_NAME);

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (!service->krb5_service->name) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ret = ENOMEM;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn service->sdap->kinit_service_name = service->krb5_service->name;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

1881820ae4ff9004beef1bf7f04553580840441dSerge Hallyn realm = dp_opt_get_string(options->basic, AD_KRB5_REALM);

1881820ae4ff9004beef1bf7f04553580840441dSerge Hallyn if (!realm) {

1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm set\n"));

1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn ret = EINVAL;

853d58fdf5af0960b7b6edc9dea0fadddb8535f1Elan Ruusamäe goto done;

1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn }

1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn service->krb5_service->realm =

1897e3bcd36af9f3fe6d3649910a9adb93e5e988Serge Hallyn talloc_strdup(service->krb5_service, realm);

1881820ae4ff9004beef1bf7f04553580840441dSerge Hallyn if (!service->krb5_service->realm) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ret = ENOMEM;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (!primary_servers) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn if (backup_servers) {

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser DEBUG(SSSDBG_TRACE_FUNC,

9cde0368fbbfa61add2e73f8ccd5b00c1b0f2e08Stéphane Graber ("No primary servers defined but backup are present, "

9cde0368fbbfa61add2e73f8ccd5b00c1b0f2e08Stéphane Graber "setting backup servers as primary\n"));

9cde0368fbbfa61add2e73f8ccd5b00c1b0f2e08Stéphane Graber primary_servers = backup_servers;

9cde0368fbbfa61add2e73f8ccd5b00c1b0f2e08Stéphane Graber backup_servers = NULL;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn } else {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn DEBUG(SSSDBG_TRACE_FUNC,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ("No primary or backup servers defined but backup are present, "

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov "setting backup servers as primary\n"));

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov primary_servers = BE_SRV_IDENTIFIER;

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov }

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov }

4b954f12173c382f7104a0e9464fa66dd3cade35Dimitri John Ledkov

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn ret = ad_servers_init(mem_ctx, bectx, primary_servers, options, true);

b942e67226af9e690bd63ac440b99aedb6becbb3Scott Moser if (ret != EOK) {

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn goto done;

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser }

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser if (backup_servers) {

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser ret = ad_servers_init(mem_ctx, bectx, backup_servers, options, false);

ad3f14ab58ec91ff11d0dcf2cbd5f47f02935344Scott Moser if (ret != EOK) {

b942e67226af9e690bd63ac440b99aedb6becbb3Scott Moser goto done;

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn }

4759162d078d86628956cae4846c6efccf548e67Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ret = be_fo_service_add_callback(mem_ctx, bectx, AD_SERVICE_NAME,

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn ad_resolve_callback, service);

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn if (ret != EOK) {

b942e67226af9e690bd63ac440b99aedb6becbb3Scott Moser DEBUG(SSSDBG_FATAL_FAILURE,

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn ("Failed to add failover callback! [%s]\n", strerror(ret)));

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn goto done;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn }

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn *_service = talloc_steal(mem_ctx, service);

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn ret = EOK;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyndone:

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn talloc_free(tmp_ctx);

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn return ret;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn}

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallynstatic void

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallynad_resolve_callback(void *private_data, struct fo_server *server)

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn{

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn errno_t ret;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn TALLOC_CTX *tmp_ctx;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn struct ad_service *service;

edd3810e951ec1b20af761955e6100ab75a66534Serge Hallyn struct resolv_hostent *srvaddr;

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn struct sockaddr_storage *sockaddr;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn char *address;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn const char *safe_address;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn char *new_uri;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn const char *srv_name;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn tmp_ctx = talloc_new(NULL);

9c3bc32c5789b76b8c42b75d7625377d61e052c1Stéphane Graber if (!tmp_ctx) {

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n"));

9c3bc32c5789b76b8c42b75d7625377d61e052c1Stéphane Graber return;

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn }

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn service = talloc_get_type(private_data, struct ad_service);

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn if (!service) {

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn ret = EINVAL;

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn goto done;

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn }

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn srvaddr = fo_get_server_hostent(server);

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn if (!srvaddr) {

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE,

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ("No hostent available for server (%s)\n",

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn fo_get_server_str_name(server)));

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn ret = EINVAL;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn if (sockaddr == NULL) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_sockaddr_address failed.\n"));

b942e67226af9e690bd63ac440b99aedb6becbb3Scott Moser ret = EIO;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn }

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn address = resolv_get_string_address(tmp_ctx, srvaddr);

f1ccde27c038e7fb7e538913505248b36ddd9e65Serge Hallyn if (address == NULL) {

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("resolv_get_string_address failed.\n"));

3eecde703e9ac3af788ac17357f378d6b6d7c658Serge Hallyn ret = EIO;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn srv_name = fo_get_server_name(server);

2b142295afb3cac8c4be2a233e51ab5a9f7e10e9Serge Hallyn if (srv_name == NULL) {

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("Could not get server host name\n"));

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn ret = EINVAL;

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn goto done;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn }

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn new_uri = talloc_asprintf(service, "ldap://%s", srv_name);

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn if (!new_uri) {

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to copy URI\n"));

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser ret = ENOMEM;

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn goto done;

17abf2784de1047fb2904ff130ee5efe4ea7b598Elan Ruusamäe }

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn DEBUG(SSSDBG_CONF_SETTINGS, ("Constructed uri '%s'\n", new_uri));

17abf2784de1047fb2904ff130ee5efe4ea7b598Elan Ruusamäe

1aad9e44d65e7c20dabc4c99f57bcf532db66c68Serge Hallyn /* free old one and replace with new one */

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn talloc_zfree(service->sdap->uri);

42ff5f0f8767114d060f5031055038a1a1c3759aSerge Hallyn service->sdap->uri = new_uri;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn talloc_zfree(service->sdap->sockaddr);

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser service->sdap->sockaddr = talloc_steal(service, sockaddr);

65d8ae9c4a66f5ca85289c02dc06d63261c84619Scott Moser

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn safe_address = sss_escape_ip_address(tmp_ctx,

c01c25fcdd1e0cacad8075bcfcef4c8e8d4b8cb6Stéphane Graber srvaddr->family,

c01c25fcdd1e0cacad8075bcfcef4c8e8d4b8cb6Stéphane Graber address);

c01c25fcdd1e0cacad8075bcfcef4c8e8d4b8cb6Stéphane Graber if (safe_address == NULL) {

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn DEBUG(SSSDBG_CRIT_FAILURE, ("sss_escape_ip_address failed.\n"));

57d116ab501594c2e50ab45f1cf2fae48c5eab09Serge Hallyn ret = ENOMEM;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn goto done;

d1458ac8d13880f83fa2d1e08623b97c50d311d7Serge Hallyn }

b942e67226af9e690bd63ac440b99aedb6becbb3Scott Moser

b942e67226af9e690bd63ac440b99aedb6becbb3Scott Moser ret = write_krb5info_file(service->krb5_service->realm, safe_address,

SSS_KRB5KDC_FO_SRV);

if (ret != EOK) {

DEBUG(SSSDBG_MINOR_FAILURE,

("write_krb5info_file failed, authentication might fail.\n"));

}

ret = EOK;

done:

if (ret != EOK) {

DEBUG(SSSDBG_CRIT_FAILURE,

("Error: [%s]\n", strerror(ret)));

}

talloc_free(tmp_ctx);

return;

}

ad_set_search_bases(struct sdap_options *id_opts);

ad_get_id_options(struct ad_options *ad_opts,

struct confdb_ctx *cdb,

const char *conf_path,

struct sdap_options **_opts)

{

errno_t ret;

TALLOC_CTX *tmp_ctx;

struct sdap_options *id_opts;

char *krb5_realm;

char *sasl_primary;

char *desired_primary;

char *sasl_realm;

char *desired_realm;

char *keytab_path;

bool primary_requested = true;

bool realm_requested = true;

tmp_ctx = talloc_new(NULL);

if (!tmp_ctx) return ENOMEM;

id_opts = talloc_zero(tmp_ctx, struct sdap_options);

if (!id_opts) {

ret = ENOMEM;

goto done;

}

ret = dp_get_options(id_opts, cdb, conf_path,

ad_def_ldap_opts,

SDAP_OPTS_BASIC,

&id_opts->basic);

if (ret != EOK) {

goto done;

}

/* Set up search bases if they were assigned explicitly */

ret = ad_set_search_bases(id_opts);

if (ret != EOK) goto done;

/* We only support Kerberos password policy with AD, so

ret = dp_opt_set_string(id_opts->basic,

SDAP_PWD_POLICY,

PWD_POL_OPT_MIT);

if (ret != EOK) {

DEBUG(SSSDBG_FATAL_FAILURE, ("Could not set password policy\n"));

goto done;

}

/* Set the Kerberos Realm for GSSAPI */

krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);

if (!krb5_realm) {

/* Should be impossible, this is set in ad_get_common_options() */

DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));

ret = EINVAL;

goto done;

}

ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_REALM, krb5_realm);

if (ret != EOK) goto done;

DEBUG(SSSDBG_CONF_SETTINGS,

("Option %s set to %s\n",

id_opts->basic[SDAP_KRB5_REALM].opt_name,

krb5_realm));

/* Configuration of SASL auth ID and realm */

desired_primary = dp_opt_get_string(id_opts->basic, SDAP_SASL_AUTHID);

if (!desired_primary) {

primary_requested = false;

desired_primary = dp_opt_get_string(ad_opts->basic, AD_HOSTNAME);

}

desired_realm = dp_opt_get_string(id_opts->basic, SDAP_SASL_REALM);

if (!desired_realm) {

realm_requested = false;

desired_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);

}

keytab_path = dp_opt_get_string(ad_opts->basic, AD_KEYTAB);

if (keytab_path) {

ret = dp_opt_set_string(id_opts->basic, SDAP_KRB5_KEYTAB,

keytab_path);

if (ret != EOK) goto done;

DEBUG(SSSDBG_CONF_SETTINGS,

("Option %s set to %s\n",

id_opts->basic[SDAP_KRB5_KEYTAB].opt_name,

keytab_path));

}

ret = select_principal_from_keytab(tmp_ctx,

desired_primary, desired_realm,

keytab_path, NULL,

&sasl_primary, &sasl_realm);

if (ret != EOK) goto done;

if ((primary_requested && strcmp(desired_primary, sasl_primary) != 0) ||

(realm_requested && strcmp(desired_realm, sasl_realm) != 0)) {

DEBUG(SSSDBG_FATAL_FAILURE,

("Configured SASL auth ID/realm not found in keytab.\n"));

ret = ENOENT;

goto done;

}

ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_AUTHID, sasl_primary);

if (ret != EOK) goto done;

DEBUG(SSSDBG_CONF_SETTINGS,

("Option %s set to %s\n",

id_opts->basic[SDAP_SASL_AUTHID].opt_name,

sasl_primary));

ret = dp_opt_set_string(id_opts->basic, SDAP_SASL_REALM, sasl_realm);

if (ret != EOK) goto done;

DEBUG(SSSDBG_CONF_SETTINGS,

("Option %s set to %s\n",

id_opts->basic[SDAP_SASL_REALM].opt_name,

sasl_realm));

/* fix schema to AD */

id_opts->schema_type = SDAP_SCHEMA_AD;

/* Get sdap option maps */

/* General Attribute Map */

ret = sdap_get_map(id_opts,

cdb, conf_path,

ad_2008r2_attr_map,

SDAP_AT_GENERAL,

&id_opts->gen_map);

if (ret != EOK) {

goto done;

}

/* User map */

ret = sdap_get_map(id_opts,

cdb, conf_path,

ad_2008r2_user_map,

SDAP_OPTS_USER,

&id_opts->user_map);

if (ret != EOK) {

goto done;

}

/* Group map */

ret = sdap_get_map(id_opts,

cdb, conf_path,

ad_2008r2_group_map,

SDAP_OPTS_GROUP,

&id_opts->group_map);

if (ret != EOK) {

goto done;

}

/* Netgroup map */

ret = sdap_get_map(id_opts,

cdb, conf_path,

ad_netgroup_map,

SDAP_OPTS_NETGROUP,

&id_opts->netgroup_map);

if (ret != EOK) {

goto done;

}

/* Services map */

ret = sdap_get_map(id_opts,

cdb, conf_path,

ad_service_map,

SDAP_OPTS_SERVICES,

&id_opts->service_map);

if (ret != EOK) {

goto done;

}

ad_opts->id = talloc_steal(ad_opts, id_opts);

*_opts = id_opts;

ret = EOK;

done:

talloc_free(tmp_ctx);

return ret;

}

ad_set_search_bases(struct sdap_options *id_opts)

{

errno_t ret;

char *default_search_base;

size_t o;

const int search_base_options[] = { SDAP_USER_SEARCH_BASE,

SDAP_GROUP_SEARCH_BASE,

SDAP_NETGROUP_SEARCH_BASE,

SDAP_SERVICE_SEARCH_BASE,

-1 };

/* AD servers provide defaultNamingContext, so we will

default_search_base =

dp_opt_get_string(id_opts->basic, SDAP_SEARCH_BASE);

if (default_search_base) {

/* set search bases if they are not */

for (o = 0; search_base_options[o] != -1; o++) {

if (NULL == dp_opt_get_string(id_opts->basic,

search_base_options[o])) {

ret = dp_opt_set_string(id_opts->basic,

search_base_options[o],

default_search_base);

if (ret != EOK) {

goto done;

}

DEBUG(SSSDBG_CONF_SETTINGS,

("Option %s set to %s\n",

id_opts->basic[search_base_options[o]].opt_name,

dp_opt_get_string(id_opts->basic,

search_base_options[o])));

}

}

} else {

DEBUG(SSSDBG_CONF_SETTINGS,

("Search base not set. SSSd will attempt to discover it later, "

"when connecting to the LDAP server.\n"));

}

/* Default search */

ret = sdap_parse_search_base(id_opts, id_opts->basic,

SDAP_SEARCH_BASE,

&id_opts->search_bases);

if (ret != EOK && ret != ENOENT) goto done;

/* User search */

ret = sdap_parse_search_base(id_opts, id_opts->basic,

SDAP_USER_SEARCH_BASE,

&id_opts->user_search_bases);

if (ret != EOK && ret != ENOENT) goto done;

/* Group search base */

ret = sdap_parse_search_base(id_opts, id_opts->basic,

SDAP_GROUP_SEARCH_BASE,

&id_opts->group_search_bases);

if (ret != EOK && ret != ENOENT) goto done;

/* Netgroup search */

ret = sdap_parse_search_base(id_opts, id_opts->basic,

SDAP_NETGROUP_SEARCH_BASE,

&id_opts->netgroup_search_bases);

if (ret != EOK && ret != ENOENT) goto done;

/* Service search */

ret = sdap_parse_search_base(id_opts, id_opts->basic,

SDAP_SERVICE_SEARCH_BASE,

&id_opts->service_search_bases);

if (ret != EOK && ret != ENOENT) goto done;

ret = EOK;

done:

return ret;

}

ad_get_auth_options(TALLOC_CTX *mem_ctx,

struct ad_options *ad_opts,

struct be_ctx *bectx,

struct dp_option **_opts)

{

errno_t ret;

struct dp_option *krb5_options;

const char *ad_servers;

const char *krb5_realm;

TALLOC_CTX *tmp_ctx = talloc_new(NULL);

if (!tmp_ctx) return ENOMEM;

/* Get krb5 options */

ret = dp_get_options(tmp_ctx, bectx->cdb, bectx->conf_path,

ad_def_krb5_opts, KRB5_OPTS,

&krb5_options);

if (ret != EOK) {

DEBUG(SSSDBG_CRIT_FAILURE,

("Could not read Kerberos options from the configuration\n"));

goto done;

}

ad_servers = dp_opt_get_string(ad_opts->basic, AD_SERVER);

/* Force the krb5_servers to match the ad_servers */

ret = dp_opt_set_string(krb5_options, KRB5_KDC, ad_servers);

if (ret != EOK) goto done;

DEBUG(SSSDBG_CONF_SETTINGS,

("Option %s set to %s\n",

krb5_options[KRB5_KDC].opt_name,

ad_servers));

/* Set krb5 realm */

/* Set the Kerberos Realm for GSSAPI */

krb5_realm = dp_opt_get_string(ad_opts->basic, AD_KRB5_REALM);

if (!krb5_realm) {

/* Should be impossible, this is set in ad_get_common_options() */

DEBUG(SSSDBG_FATAL_FAILURE, ("No Kerberos realm\n"));

ret = EINVAL;

goto done;

}

/* Force the kerberos realm to match the AD_KRB5_REALM (which may have

ret = dp_opt_set_string(krb5_options, KRB5_REALM, krb5_realm);

if (ret != EOK) goto done;

DEBUG(SSSDBG_CONF_SETTINGS,

("Option %s set to %s\n",

krb5_options[KRB5_REALM].opt_name,

krb5_realm));

*_opts = talloc_steal(mem_ctx, krb5_options);

ret = EOK;

done:

talloc_free(tmp_ctx);

return ret;

}