providers/ad/ad_init.c

effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher/*
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    SSSD
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    Authors:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher        Stephen Gallagher <sgallagh@redhat.com>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    Copyright (C) 2012 Red Hat
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    This program is free software; you can redistribute it and/or modify
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    it under the terms of the GNU General Public License as published by
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    the Free Software Foundation; either version 3 of the License, or
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    (at your option) any later version.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    This program is distributed in the hope that it will be useful,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    but WITHOUT ANY WARRANTY; without even the implied warranty of
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    GNU General Public License for more details.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    You should have received a copy of the GNU General Public License
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    along with this program.  If not, see <http://www.gnu.org/licenses/>.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher*/
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <sys/types.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <unistd.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <sys/stat.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <fcntl.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce#include <sasl/sasl.h>
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "util/util.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ad/ad_common.h"
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher#include "providers/ad/ad_access.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ldap/ldap_common.h"
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher#include "providers/ldap/sdap_access.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ldap/sdap_idmap.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/krb5/krb5_auth.h"
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher#include "providers/krb5/krb5_init_shared.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ad/ad_id.h"
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina#include "providers/ad/ad_srv.h"
892ddeb5190dd5c1ffa26a95142a10a0034fc5e3Pavel Březina#include "providers/be_dyndns.h"
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose#include "providers/ad/ad_subdomains.h"
31ad608192c24eb56cf7a8294f6bfc080893193cJakub Hrozek#include "providers/ad/ad_domain_info.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct ad_init_ctx {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_options *options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_id_ctx *id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct krb5_ctx *auth_ctx;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher};
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce#define AD_COMPAT_ON "1"
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorcestatic int ad_sasl_getopt(void *context, const char *plugin_name,
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce                          const char *option,
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce                          const char **result, unsigned *len)
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce{
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    if (!plugin_name || !result) {
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce        return SASL_FAIL;
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    }
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    if (strcmp(plugin_name, "GSSAPI") != 0) {
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce        return SASL_FAIL;
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    }
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    if (strcmp(option, "ad_compat") != 0) {
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce        return SASL_FAIL;
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    }
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    *result = AD_COMPAT_ON;
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    if (len) {
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce        *len = 2;
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    }
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    return SASL_OK;
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce}
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce
483728c1f9719e419830cce93b7e411370a5364bOndrej Kostypedef int (*sss_sasl_gen_cb_fn)(void);
483728c1f9719e419830cce93b7e411370a5364bOndrej Kos
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichlstatic int map_sasl2sssd_log_level(int sasl_level)
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl{
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    int sssd_level;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    switch(sasl_level) {
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    case SASL_LOG_ERR:       /* log unusual errors (default) */
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        sssd_level = SSSDBG_CRIT_FAILURE;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        break;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    case SASL_LOG_FAIL:      /* log all authentication failures */
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        sssd_level = SSSDBG_OP_FAILURE;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        break;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    case SASL_LOG_WARN:      /* log non-fatal warnings */
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        sssd_level = SSSDBG_MINOR_FAILURE;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        break;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    case SASL_LOG_NOTE:      /* more verbose than LOG_WARN */
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    case SASL_LOG_DEBUG:     /* more verbose than LOG_NOTE */
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    case SASL_LOG_TRACE:     /* traces of internal protocols */
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    case SASL_LOG_PASS:      /* traces of internal protocols, including */
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        sssd_level = SSSDBG_TRACE_ALL;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        break;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    default:
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        sssd_level = SSSDBG_TRACE_ALL;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        break;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    }
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    return sssd_level;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl}
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic int ad_sasl_log(void *context, int level, const char *message)
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl{
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    int sssd_level;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    if (level == SASL_LOG_ERR || level == SASL_LOG_FAIL) {
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl        sss_log(SSS_LOG_ERR, "%s\n", message);
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    }
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    sssd_level = map_sasl2sssd_log_level(level);
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    DEBUG(sssd_level, "SASL: %s\n", message);
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl    return SASL_OK;
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl}
bfa5e3869bb68213f08169efe55c45cb625e8fd0Pavel Reichl
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorcestatic const sasl_callback_t ad_sasl_callbacks[] = {
1b6965fd09e4e6a6b5ba76b8221ca3980bcc56b4Lukas Slebodnik    { SASL_CB_GETOPT, (sss_sasl_gen_cb_fn)(void *)ad_sasl_getopt, NULL },
1b6965fd09e4e6a6b5ba76b8221ca3980bcc56b4Lukas Slebodnik    { SASL_CB_LOG, (sss_sasl_gen_cb_fn)(void *)ad_sasl_log, NULL },
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    { SASL_CB_LIST_END, NULL, NULL }
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce};
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce/* This is quite a hack, we *try* to fool openldap libraries by initializing
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce * sasl first so we can pass in the SASL_CB_GETOPT callback we need to set some
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce * options. Should be removed as soon as openldap exposes a way to do that */
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorcestatic void ad_sasl_initialize(void)
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce{
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    /* NOTE: this may fail if soe other library in the system happens to
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce     * initialize and use openldap libraries or directly the cyrus-sasl
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce     * library as this initialization function can be called only once per
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce     * process */
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    (void)sasl_client_init(ad_sasl_callbacks);
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce}
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ad_init_options(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct ad_options **_ad_options)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_options *ad_options;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    char *ad_servers = NULL;
294e9a5521d327c5cdc49beeb9cb9e703b3134f1Jan Zeleny    char *ad_backup_servers = NULL;
59415636c92c6e9764ddc65a85ad61002310519dJakub Hrozek    char *ad_realm;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce    ad_sasl_initialize();
fb945a2cacc5506a2acb50349670f22078f1d4f5Simo Sorce
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    /* Get AD-specific options */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_get_common_options(mem_ctx, be_ctx->cdb, be_ctx->conf_path,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                be_ctx->domain, &ad_options);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Could not parse common options "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
294e9a5521d327c5cdc49beeb9cb9e703b3134f1Jan Zeleny    ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
59415636c92c6e9764ddc65a85ad61002310519dJakub Hrozek    ad_realm = dp_opt_get_string(ad_options->basic, AD_KRB5_REALM);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    /* Set up the failover service */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_failover_init(ad_options, be_ctx, ad_servers, ad_backup_servers,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                           ad_realm, AD_SERVICE_NAME, AD_GC_SERVICE_NAME,
59415636c92c6e9764ddc65a85ad61002310519dJakub Hrozek                           dp_opt_get_string(ad_options->basic, AD_DOMAIN),
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher                           &ad_options->service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Failed to init AD failover service: "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        talloc_free(ad_options);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_ad_options = ad_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ad_init_srv_plugin(struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                  struct ad_options *ad_options)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_srv_plugin_ctx *srv_ctx;
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina    const char *hostname;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina    const char *ad_domain;
e438fbf102c3d787902504bdae177e84230cbbc9Pavel Reichl    const char *ad_site_override;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    bool sites_enabled;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    sites_enabled = dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (!sites_enabled) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        ret = be_fo_set_dns_srv_lookup_plugin(be_ctx, hostname);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher        if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set SRV lookup plugin "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  "[%d]: %s\n", ret, sss_strerror(ret));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher            return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher        }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher        return EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
fb0431b13a9fcd8ac31e622503acbd10d2b73ac9Pavel Březina    srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx, be_ctx->be_res,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                     default_host_dbs, ad_options->id,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                     hostname, ad_domain,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                     ad_site_override);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (srv_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher        return ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    be_fo_set_srv_lookup_plugin(be_ctx, ad_srv_plugin_send,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                ad_srv_plugin_recv, srv_ctx, "AD");
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ad_init_sdap_access_ctx(struct ad_access_ctx *access_ctx)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct dp_option *options = access_ctx->ad_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct sdap_id_ctx *sdap_id_ctx = access_ctx->ad_id_ctx->sdap_id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct sdap_access_ctx *sdap_access_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    const char *filter;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    sdap_access_ctx = talloc_zero(access_ctx, struct sdap_access_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (sdap_access_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ENOMEM;
55d80b1301fe969fb4ba2b9481027887b9462dbbJakub Hrozek    }
55d80b1301fe969fb4ba2b9481027887b9462dbbJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    sdap_access_ctx->id_ctx = sdap_id_ctx;
008e1ee835602023891ac45408483d87f41e4d5cSumit Bose
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* If ad_access_filter is set, the value of ldap_acess_order is
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina     * expire, filter, otherwise only expire.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina     */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    sdap_access_ctx->access_rule[0] = LDAP_ACCESS_EXPIRE;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    filter = dp_opt_get_cstring(options, AD_ACCESS_FILTER);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (filter != NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        /* The processing of the extended filter is performed during the access
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina         * check itself.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina         */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        sdap_access_ctx->filter = talloc_strdup(sdap_access_ctx, filter);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        if (sdap_access_ctx->filter == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            talloc_free(sdap_access_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            return ENOMEM;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina        }
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        sdap_access_ctx->access_rule[1] = LDAP_ACCESS_FILTER;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        sdap_access_ctx->access_rule[2] = LDAP_ACCESS_EMPTY;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina    } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        sdap_access_ctx->access_rule[1] = LDAP_ACCESS_EMPTY;
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina    }
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    access_ctx->sdap_access_ctx = sdap_access_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t ad_gpo_parse_map_options(struct ad_access_ctx *access_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ad_init_gpo(struct ad_access_ctx *access_ctx)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct dp_option *options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    const char *gpo_access_control_mode;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    int gpo_cache_timeout;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    options = access_ctx->ad_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* GPO access control mode */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    gpo_access_control_mode = dp_opt_get_string(options, AD_GPO_ACCESS_CONTROL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (gpo_access_control_mode == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return EINVAL;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    } else if (strcasecmp(gpo_access_control_mode, "disabled") == 0) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        access_ctx->gpo_access_control_mode = GPO_ACCESS_CONTROL_DISABLED;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    } else if (strcasecmp(gpo_access_control_mode, "permissive") == 0) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        access_ctx->gpo_access_control_mode = GPO_ACCESS_CONTROL_PERMISSIVE;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    } else if (strcasecmp(gpo_access_control_mode, "enforcing") == 0) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        access_ctx->gpo_access_control_mode = GPO_ACCESS_CONTROL_ENFORCING;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized GPO access control mode: "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "%s\n", gpo_access_control_mode);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return EINVAL;
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina    }
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* GPO cache timeout */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    gpo_cache_timeout = dp_opt_get_int(options, AD_GPO_CACHE_TIMEOUT);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    access_ctx->gpo_cache_timeout = gpo_cache_timeout;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* GPO logon maps */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = sss_hash_create(access_ctx, 10, &access_ctx->gpo_map_options_table);
5f7cd30c865046a7ea69944f7e07c85b4c43465aSumit Bose    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Could not create gpo_map_options "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "hash table [%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
5f7cd30c865046a7ea69944f7e07c85b4c43465aSumit Bose    }
5f7cd30c865046a7ea69944f7e07c85b4c43465aSumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_gpo_parse_map_options(access_ctx);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Could not parse gpo_map_options "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "(invalid config) [%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        talloc_zfree(access_ctx->gpo_map_options_table);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher    }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ad_init_auth_ctx(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                struct ad_options *ad_options,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                struct krb5_ctx **_auth_ctx)
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct krb5_ctx *krb5_auth_ctx;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    errno_t ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    krb5_auth_ctx = talloc_zero(mem_ctx, struct krb5_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (krb5_auth_ctx == NULL) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher        ret = ENOMEM;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher        goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
48657b5de36a63b0c13ed5d53065871d59d8f10bJakub Hrozek    krb5_auth_ctx->config_type = K5C_GENERIC;
d380148b0a23dd1a04d1d0767ba41d3e76fb7d23Lukas Slebodnik    krb5_auth_ctx->sss_creds_password = true;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    krb5_auth_ctx->service = ad_options->service->krb5_service;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_get_auth_options(krb5_auth_ctx, ad_options, be_ctx,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher                              &krb5_auth_ctx->opts);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Could not determine Kerberos options\n");
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher        goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = krb5_child_init(krb5_auth_ctx, be_ctx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize krb5_child settings: "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "[%d]: %s\n", ret, sss_strerror(ret));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher        goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ad_options->auth_ctx = krb5_auth_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_auth_ctx = krb5_auth_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = EOK;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagherdone:
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    if (ret != EOK) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher        talloc_free(krb5_auth_ctx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    return ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher}
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ad_init_misc(struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct ad_options *ad_options,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct ad_id_ctx *ad_id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct sdap_id_ctx *sdap_id_ctx)
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher{
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    errno_t ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_dyndns_init(be_ctx, ad_options);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_MINOR_FAILURE,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "Failure setting up automatic DNS update\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        /* Continue without DNS updates */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = setup_tls_config(sdap_id_ctx->opts->basic);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get TLS options [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher    }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = sdap_idmap_init(sdap_id_ctx, sdap_id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          &sdap_id_ctx->opts->idmap_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "Could not initialize ID mapping. In case ID mapping properties "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "changed on the server, please remove the SSSD database\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = sdap_id_setup_tasks(be_ctx, sdap_id_ctx, sdap_id_ctx->opts->sdom,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                              ad_enumeration_send, ad_enumeration_recv,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                              ad_id_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup background tasks "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    sdap_id_ctx->opts->sdom->pvt = ad_id_ctx;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = sdap_setup_child();
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "sdap_setup_child() failed [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher    }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_init_srv_plugin(be_ctx, ad_options);
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup SRV plugin [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher    }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = sdap_refresh_init(be_ctx->refresh_ctx, sdap_id_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK && ret != EEXIST) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_MINOR_FAILURE, "Periodical refresh "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "will not work [%d]: %s\n", ret, sss_strerror(ret));
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher    }
efe6b4a9d374339cac2528cdeb43720957c6b7c9Jakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_machine_account_password_renewal_init(be_ctx, ad_options);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Cannot setup task for machine account "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                   "password renewal.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
efe6b4a9d374339cac2528cdeb43720957c6b7c9Jakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                     struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                     struct data_provider *provider,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                     const char *module_name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                     void **_module_data)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_init_ctx *init_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx = talloc_zero(mem_ctx, struct ad_init_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (init_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ENOMEM;
efe6b4a9d374339cac2528cdeb43720957c6b7c9Jakub Hrozek    }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* Always initialize options since it is needed everywhere. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_init_options(mem_ctx, be_ctx, &init_ctx->options);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to init AD options [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    }
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* Always initialize id_ctx since it is needed everywhere. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx->id_ctx = ad_id_ctx_init(init_ctx->options, be_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (init_ctx->id_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to initialize AD ID context\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
ff4b603cc14ea6ea15caaf89a03e927920124af4Yassir Elley
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx->options->id_ctx = init_ctx->id_ctx;
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley
d2633d922eeed68f92be4248b9172b928c189920Jakub Hrozek    ret = ad_get_id_options(init_ctx->options,
d2633d922eeed68f92be4248b9172b928c189920Jakub Hrozek                            be_ctx->cdb,
d2633d922eeed68f92be4248b9172b928c189920Jakub Hrozek                            be_ctx->conf_path,
d2633d922eeed68f92be4248b9172b928c189920Jakub Hrozek                            be_ctx->provider,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            &init_ctx->id_ctx->sdap_id_ctx->opts);
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to init AD id options\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley    }
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* Setup miscellaneous things. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_init_misc(be_ctx, init_ctx->options, init_ctx->id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                       init_ctx->id_ctx->sdap_id_ctx);
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to init AD module "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley    }
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* Initialize auth_ctx only if one of the target is enabled. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (dp_target_enabled(provider, module_name, DPT_AUTH, DPT_CHPASS)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        ret = ad_init_auth_ctx(init_ctx, be_ctx, init_ctx->options,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               &init_ctx->auth_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create auth context "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            return ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_module_data = init_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinadone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        talloc_free(init_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher    return ret;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher}
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_id_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                        struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                        void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                        struct dp_method *dp_methods)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_init_ctx *init_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_id_ctx *id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx = talloc_get_type(module_data, struct ad_init_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    id_ctx = init_ctx->id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    dp_set_method(dp_methods, DPM_ACCOUNT_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  ad_account_info_handler_send, ad_account_info_handler_recv, id_ctx,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina                  struct ad_id_ctx, struct dp_id_data, struct dp_reply_std);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    dp_set_method(dp_methods, DPM_CHECK_ONLINE,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  sdap_online_check_handler_send, sdap_online_check_handler_recv, id_ctx->sdap_id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  struct sdap_id_ctx, void, struct dp_reply_std);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
095844d6b48aef483c33e5a369a405ae686e044dJakub Hrozek                  ad_get_account_domain_send, ad_get_account_domain_recv, id_ctx,
095844d6b48aef483c33e5a369a405ae686e044dJakub Hrozek                  struct ad_id_ctx, struct dp_get_acct_domain_data, struct dp_reply_std);
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_auth_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          struct dp_method *dp_methods)
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_init_ctx *init_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct krb5_ctx *auth_ctx;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx = talloc_get_type(module_data, struct ad_init_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    auth_ctx = init_ctx->auth_ctx;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    dp_set_method(dp_methods, DPM_AUTH_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  krb5_pam_handler_send, krb5_pam_handler_recv, auth_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  struct krb5_ctx, struct pam_data, struct pam_data *);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_chpass_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct dp_method *dp_methods)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return sssm_ad_auth_init(mem_ctx, be_ctx, module_data, dp_methods);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_access_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct dp_method *dp_methods)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_init_ctx *init_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_access_ctx *access_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx = talloc_get_type(module_data, struct ad_init_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    access_ctx = talloc_zero(mem_ctx, struct ad_access_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (access_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ENOMEM;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose    }
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    access_ctx->ad_id_ctx = init_ctx->id_ctx;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = dp_copy_options(access_ctx, init_ctx->options->basic, AD_OPTS_BASIC,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          &access_ctx->ad_options);
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Could not initialize access provider "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "options [%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose    }
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_init_sdap_access_ctx(access_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Could not initialize sdap access context "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = ad_init_gpo(access_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Could not initialize GPO "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    dp_set_method(dp_methods, DPM_ACCESS_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  ad_pam_access_handler_send, ad_pam_access_handler_recv, access_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  struct ad_access_ctx, struct pam_data, struct pam_data *);
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = EOK;
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinadone:
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        talloc_free(access_ctx);
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose    }
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return ret;
61804568ce5ede3b1a699cda17c033dd6c23f0e3Sumit Bose}
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_autofs_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            struct dp_method *dp_methods)
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek{
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek#ifdef BUILD_AUTOFS
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_init_ctx *init_ctx;
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek    DEBUG(SSSDBG_TRACE_INTERNAL, "Initializing AD autofs handler\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx = talloc_get_type(module_data, struct ad_init_ctx);
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return ad_autofs_init(mem_ctx, be_ctx, init_ctx->id_ctx, dp_methods);
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek#else
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek    DEBUG(SSSDBG_MINOR_FAILURE, "Autofs init handler called but SSSD is "
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek                                "built without autofs support, ignoring\n");
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek    return EOK;
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek#endif
03b859510dc13a13a456ca4aa94c0561a0e9684cJakub Hrozek}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_subdomains_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                struct dp_method *dp_methods)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_init_ctx *init_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    DEBUG(SSSDBG_TRACE_INTERNAL, "Initializing AD subdomains handler\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx = talloc_get_type(module_data, struct ad_init_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return ad_subdomains_init(mem_ctx, be_ctx, init_ctx->id_ctx, dp_methods);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_ad_sudo_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          struct dp_method *dp_methods)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#ifdef BUILD_SUDO
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct ad_init_ctx *init_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    DEBUG(SSSDBG_TRACE_INTERNAL, "Initializing AD sudo handler\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    init_ctx = talloc_get_type(module_data, struct ad_init_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return ad_sudo_init(mem_ctx, be_ctx, init_ctx->id_ctx, dp_methods);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#else
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    DEBUG(SSSDBG_MINOR_FAILURE, "Sudo init handler called but SSSD is "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                "built without sudo support, ignoring\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#endif
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}