Cross Reference: /sssd-io/src/providers/ad/ad_init.c
ad_init.c revision ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher/*
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher SSSD
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Authors:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Stephen Gallagher <sgallagh@redhat.com>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher Copyright (C) 2012 Red Hat
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher This program is free software; you can redistribute it and/or modify
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher it under the terms of the GNU General Public License as published by
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher the Free Software Foundation; either version 3 of the License, or
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher (at your option) any later version.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher This program is distributed in the hope that it will be useful,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher GNU General Public License for more details.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher You should have received a copy of the GNU General Public License
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher*/
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <sys/types.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <unistd.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <sys/stat.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include <fcntl.h>
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "util/util.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ad/ad_common.h"
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher#include "providers/ad/ad_access.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ldap/ldap_common.h"
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher#include "providers/ldap/sdap_access.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ldap/sdap_idmap.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/krb5/krb5_auth.h"
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher#include "providers/krb5/krb5_init_shared.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher#include "providers/ad/ad_id.h"
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina#include "providers/ad/ad_srv.h"
74e95cfd9d3939dfe9417d79d2f6fc79b361405fJakub Hrozek#include "providers/dp_dyndns.h"
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose#include "providers/ad/ad_subdomains.h"
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstruct ad_options *ad_options = NULL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstatic void
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_shutdown(struct be_req *req);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstruct bet_ops ad_id_ops = {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher .handler = ad_account_info_handler,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher .finalize = ad_shutdown,
e523233315f44b8f77ab9c5143a3d80364ebf955Ondrej Kos .check_online = ad_check_online
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher};
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstruct bet_ops ad_auth_ops = {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher .handler = krb5_pam_handler,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher .finalize = NULL
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher};
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstruct bet_ops ad_chpass_ops = {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher .handler = krb5_pam_handler,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher .finalize = NULL
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher};
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagherstruct bet_ops ad_access_ops = {
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher .handler = ad_access_handler,
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher .finalize = NULL
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher};
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstatic errno_t
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallaghercommon_ad_init(struct be_ctx *bectx)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher char *ad_servers = NULL;
294e9a5521d327c5cdc49beeb9cb9e703b3134f1Jan Zeleny char *ad_backup_servers = NULL;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Get AD-specific options */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = ad_get_common_options(bectx, bectx->cdb,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher bectx->conf_path,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher bectx->domain,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &ad_options);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Could not parse common options: [%s]\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_servers = dp_opt_get_string(ad_options->basic, AD_SERVER);
294e9a5521d327c5cdc49beeb9cb9e703b3134f1Jan Zeleny ad_backup_servers = dp_opt_get_string(ad_options->basic, AD_BACKUP_SERVER);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* Set up the failover service */
294e9a5521d327c5cdc49beeb9cb9e703b3134f1Jan Zeleny ret = ad_failover_init(ad_options, bectx, ad_servers, ad_backup_servers, ad_options,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher &ad_options->service);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ("Failed to init AD failover service: [%s]\n",
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherdone:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherint
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallaghersssm_ad_id_init(struct be_ctx *bectx,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct bet_ops **ops,
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher void **pvt_data)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher errno_t ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher struct ad_id_ctx *ad_ctx;
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina const char *hostname;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina const char *ad_domain;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina struct ad_srv_plugin_ctx *srv_ctx;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (!ad_options) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = common_ad_init(bectx);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ad_options->id_ctx) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* already initialized */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *ops = &ad_id_ops;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *pvt_data = ad_options->id_ctx;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek ad_ctx = ad_id_ctx_init(ad_options, bectx);
e23f790d0e38a8dce04560e34c189208d146ddd8Jakub Hrozek if (ad_ctx == NULL) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ENOMEM;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ad_options->id_ctx = ad_ctx;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek ret = ad_dyndns_init(ad_ctx->sdap_id_ctx->be, ad_options);
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek if (ret != EOK) {
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE,
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek ("Failure setting up automatic DNS update\n"));
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek /* Continue without DNS updates */
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek }
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek ret = sdap_setup_child();
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek DEBUG(SSSDBG_FATAL_FAILURE,
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek ("setup_child failed [%d][%s].\n",
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek ret, strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek /* Set up various SDAP options */
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek ret = ad_get_id_options(ad_options, bectx->cdb,
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek bectx->conf_path,
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek &ad_ctx->sdap_id_ctx->opts);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek ret = sdap_id_setup_tasks(ad_ctx->sdap_id_ctx);
55d80b1301fe969fb4ba2b9481027887b9462dbbJakub Hrozek if (ret != EOK) {
55d80b1301fe969fb4ba2b9481027887b9462dbbJakub Hrozek goto done;
55d80b1301fe969fb4ba2b9481027887b9462dbbJakub Hrozek }
55d80b1301fe969fb4ba2b9481027887b9462dbbJakub Hrozek
2e4f8db631a10224dac20e8a472f751fef0e3fcdJakub Hrozek /* Set up the ID mapping object */
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek ret = sdap_idmap_init(ad_ctx->sdap_id_ctx, ad_ctx->sdap_id_ctx,
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek &ad_ctx->sdap_id_ctx->opts->idmap_ctx);
2e4f8db631a10224dac20e8a472f751fef0e3fcdJakub Hrozek if (ret != EOK) goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
74e95cfd9d3939dfe9417d79d2f6fc79b361405fJakub Hrozek
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek ret = setup_tls_config(ad_ctx->sdap_id_ctx->opts->basic);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE,
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek ("setup_tls_config failed [%s]\n", strerror(ret)));
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher goto done;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina /* setup SRV lookup plugin */
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina hostname = dp_opt_get_string(ad_options->basic, AD_HOSTNAME);
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina if (dp_opt_get_bool(ad_options->basic, AD_ENABLE_DNS_SITES)) {
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina /* use AD plugin */
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN);
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina srv_ctx = ad_srv_plugin_ctx_init(bectx, bectx->be_res,
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina default_host_dbs, ad_options->id,
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina hostname, ad_domain);
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina if (srv_ctx == NULL) {
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina DEBUG(SSSDBG_FATAL_FAILURE, ("Out of memory?\n"));
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina ret = ENOMEM;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina goto done;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina }
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina be_fo_set_srv_lookup_plugin(bectx, ad_srv_plugin_send,
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina ad_srv_plugin_recv, srv_ctx, "AD");
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina } else {
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina /* fall back to standard plugin */
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina ret = be_fo_set_dns_srv_lookup_plugin(bectx, hostname);
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina if (ret != EOK) {
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin "
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina "[%d]: %s\n", ret, strerror(ret)));
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina goto done;
a679f0167b646cffdae86546ed77e105576991b0Pavel Březina }
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina }
1abdf56dcda5f6bed7b144e544c00dbdd501b3fcPavel Březina
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina /* setup periodical refresh of expired records */
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS,
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina sdap_refresh_netgroups_send,
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina sdap_refresh_netgroups_recv,
ebc6ab564dc2a0a2b08c42d727fc403dde4a2dc9Jakub Hrozek ad_ctx->sdap_id_ctx);
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina if (ret != EOK && ret != EEXIST) {
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups "
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina "will not work [%d]: %s\n", ret, strerror(ret)));
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina }
7b5e7e539ae9312ab55d75aa94feaad549b2a708Pavel Březina
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *ops = &ad_id_ops;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher *pvt_data = ad_ctx;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherdone:
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher if (ret != EOK) {
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher talloc_zfree(ad_options->id_ctx);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher }
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher return ret;
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagherint
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallaghersssm_ad_auth_init(struct be_ctx *bectx,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher struct bet_ops **ops,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher void **pvt_data)
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher{
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher errno_t ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher struct krb5_ctx *krb5_auth_ctx = NULL;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (!ad_options) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = common_ad_init(bectx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher return ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ad_options->auth_ctx) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Already initialized */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *ops = &ad_auth_ops;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *pvt_data = ad_options->auth_ctx;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher return EOK;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher krb5_auth_ctx = talloc_zero(NULL, struct krb5_ctx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (!krb5_auth_ctx) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = ENOMEM;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher krb5_auth_ctx->service = ad_options->service->krb5_service;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = ad_get_auth_options(krb5_auth_ctx, ad_options, bectx,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher &krb5_auth_ctx->opts);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Could not determine Kerberos options\n"));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = krb5_child_init(krb5_auth_ctx, bectx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ("Could not initialize krb5_child settings: [%s]\n",
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher strerror(ret)));
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher goto done;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ad_options->auth_ctx = talloc_steal(ad_options, krb5_auth_ctx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *ops = &ad_auth_ops;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *pvt_data = ad_options->auth_ctx;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagherdone:
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher talloc_free(krb5_auth_ctx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher return ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher}
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagherint
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallaghersssm_ad_chpass_init(struct be_ctx *bectx,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher struct bet_ops **ops,
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher void **pvt_data)
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher{
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher errno_t ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (!ad_options) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = common_ad_init(bectx);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ret != EOK) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher return ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher if (ad_options->auth_ctx) {
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher /* Already initialized */
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *ops = &ad_chpass_ops;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *pvt_data = ad_options->auth_ctx;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher return EOK;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher }
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ret = sssm_ad_auth_init(bectx, ops, pvt_data);
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher *ops = &ad_chpass_ops;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher ad_options->auth_ctx = *pvt_data;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher return ret;
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher}
d92c50f6d75ae980b0d130134112a33e1584724cStephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagherint
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallaghersssm_ad_access_init(struct be_ctx *bectx,
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher struct bet_ops **ops,
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher void **pvt_data)
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher{
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher errno_t ret;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher struct ad_access_ctx *access_ctx;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher struct ad_id_ctx *ad_id_ctx;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher access_ctx = talloc_zero(bectx, struct ad_access_ctx);
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher if (!access_ctx) return ENOMEM;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher ret = sssm_ad_id_init(bectx, ops, (void **)&ad_id_ctx);
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher if (ret != EOK) {
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher goto fail;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher access_ctx->sdap_ctx = ad_id_ctx->sdap_id_ctx;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher ret = dp_copy_options(access_ctx, ad_options->basic, AD_OPTS_BASIC,
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher &access_ctx->ad_options);
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher if (ret != EOK) {
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher DEBUG(SSSDBG_FATAL_FAILURE,
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher ("Could not initialize access provider options: [%s]\n",
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher strerror(ret)));
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher goto fail;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher /* Set up an sdap_access_ctx for checking expired/locked accounts */
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher access_ctx->sdap_access_ctx =
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher talloc_zero(access_ctx, struct sdap_access_ctx);
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher if (!access_ctx->sdap_access_ctx) {
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher ret = ENOMEM;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher goto fail;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher }
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher access_ctx->sdap_access_ctx->id_ctx = access_ctx->sdap_ctx;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher access_ctx->sdap_access_ctx->access_rule[0] = LDAP_ACCESS_EXPIRE;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher access_ctx->sdap_access_ctx->access_rule[1] = LDAP_ACCESS_EMPTY;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher *ops = &ad_access_ops;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher *pvt_data = access_ctx;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher return EOK;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagherfail:
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher talloc_free(access_ctx);
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher return ret;
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher}
a4cce2c98eedecb5d3b47da62104634cae268434Stephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherstatic void
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagherad_shutdown(struct be_req *req)
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher{
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher /* TODO: Clean up any internal data */
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher sdap_handler_done(req, DP_ERR_OK, EOK, NULL);
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher}
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Boseint sssm_ad_subdomains_init(struct be_ctx *bectx,
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose struct bet_ops **ops,
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose void **pvt_data)
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose{
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose int ret;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose struct ad_id_ctx *id_ctx;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose const char *ad_domain;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose ret = sssm_ad_id_init(bectx, ops, (void **) &id_ctx);
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose if (ret != EOK) {
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ad_id_init failed.\n"));
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose return ret;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose }
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose if (ad_options == NULL) {
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, ("Global AD options not available.\n"));
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose return EINVAL;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose }
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose ad_domain = dp_opt_get_string(ad_options->basic, AD_DOMAIN);
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose ret = ad_subdom_init(bectx, id_ctx, ad_domain, ops, pvt_data);
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose if (ret != EOK) {
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, ("ad_subdom_init failed.\n"));
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose return ret;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose }
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose return EOK;
4cdaf239d4504966bed8ecd5e3fa07def74c7302Sumit Bose}