providers/ad/ad_subdomains.c

	ad_subdomains.c revision d19e343d3fcb0780300d69ba5813ca4762ca9b98
7cb128dc4cae2a03a742f63ba7afee23c78e3af0Phil Carmody/*
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    SSSD
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen    AD Subdomains Module
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    Authors:
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen        Sumit Bose <sbose@redhat.com>
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    Copyright (C) 2013 Red Hat
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    This program is free software; you can redistribute it and/or modify
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    it under the terms of the GNU General Public License as published by
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    the Free Software Foundation; either version 3 of the License, or
d758298b3b6f1ebcd494392c0f20b0e119a9e85eTimo Sirainen    (at your option) any later version.
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    This program is distributed in the hope that it will be useful,
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    but WITHOUT ANY WARRANTY; without even the implied warranty of
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    GNU General Public License for more details.
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen    You should have received a copy of the GNU General Public License
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    along with this program.  If not, see <http://www.gnu.org/licenses/>.
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen*/
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#include "providers/ldap/sdap_async.h"
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen#include "providers/ad/ad_subdomains.h"
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen#include "providers/ad/ad_domain_info.h"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#include "providers/ldap/sdap_idmap.h"
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen#include "util/util_sss_idmap.h"
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen#include <ctype.h>
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#include <ndr.h>
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen#include <ndr/ndr_nbt.h>
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define AD_AT_OBJECT_SID "objectSID"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define AD_AT_DNS_DOMAIN "DnsDomain"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define AD_AT_NT_VERSION "NtVer"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define AD_AT_NETLOGON "netlogon"
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen/* Attributes of AD trusted domains */
cd700cc7be045389dd1c948b2372b30ee99c5795Timo Sirainen#define AD_AT_FLATNAME      "flatName"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define AD_AT_SID           "securityIdentifier"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define AD_AT_TRUST_TYPE    "trustType"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define AD_AT_TRUST_PARTNER "trustPartner"
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen#define AD_AT_TRUST_ATTRS   "trustAttributes"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen#define MASTER_DOMAIN_SID_FILTER "objectclass=domain"
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen/* trustType=2 denotes uplevel (NT5 and later) trusted domains. See
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen * http://msdn.microsoft.com/en-us/library/windows/desktop/ms680342%28v=vs.85%29.aspx
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen * for example.
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen *
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen * The absence of msDS-TrustForestTrustInfo attribute denotes a domain from
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen * the same forest. See http://msdn.microsoft.com/en-us/library/cc223786.aspx
e48f289d2e5b2546a2c5dcc90f7ab624cc58cca2Stephan Bosch * for more information.
e48f289d2e5b2546a2c5dcc90f7ab624cc58cca2Stephan Bosch */
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen#define SLAVE_DOMAIN_FILTER "(&(objectclass=trustedDomain)(trustType=2)(!(msDS-TrustForestTrustInfo=*)))"
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen/* do not refresh more often than every 5 seconds for now */
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen#define AD_SUBDOMAIN_REFRESH_LIMIT 5
43d32cbe60fdaef2699d99f1ca259053e9350411Timo Sirainen
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainenstruct ad_subdomains_ctx {
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    struct be_ctx *be_ctx;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    struct sdap_id_ctx *sdap_id_ctx;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    struct sdap_domain *sdom;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    struct sdap_id_conn_ctx *ldap_ctx;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    struct sss_idmap_ctx *idmap_ctx;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    char *domain_name;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    time_t last_refreshed;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen    struct tevent_timer *timer_event;
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen};
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainenstruct ad_subdomains_req_ctx {
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    struct be_req *be_req;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    struct ad_subdomains_ctx *sd_ctx;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    struct sdap_id_op *sdap_op;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    char *current_filter;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    size_t base_iter;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    size_t reply_count;
869b0fa6ef7fc0326c9f75ae449e5a9f97a796e2Timo Sirainen    struct sysdb_attrs **reply;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen    char *master_sid;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    char *flat_name;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen};
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainenstatic errno_t
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainenads_store_sdap_subdom(struct ad_subdomains_ctx *ctx,
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen                      struct sss_domain_info *parent)
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen{
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    return sdap_domain_subdom_add(ctx->sdap_id_ctx, ctx->sdom, parent);
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen}
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainenstatic errno_t
9217571849eb99d1003e150e3165aedf06b07521Timo Sirainenad_subdom_store(struct ad_subdomains_ctx *ctx,
5ef75c870a01703df34ce44ab9a5324b2beabc78Timo Sirainen                struct sss_domain_info *domain,
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen                struct sysdb_attrs *subdom_attrs)
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen{
9217571849eb99d1003e150e3165aedf06b07521Timo Sirainen    TALLOC_CTX *tmp_ctx;
9217571849eb99d1003e150e3165aedf06b07521Timo Sirainen    const char *name;
9217571849eb99d1003e150e3165aedf06b07521Timo Sirainen    char *realm;
9217571849eb99d1003e150e3165aedf06b07521Timo Sirainen    const char *flat;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    errno_t ret;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    enum idmap_error_code err;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    struct ldb_message_element *el;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    char *sid_str;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    uint32_t trust_type;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    bool mpg;
9217571849eb99d1003e150e3165aedf06b07521Timo Sirainen
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    tmp_ctx = talloc_new(NULL);
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    if (tmp_ctx == NULL) {
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen        ret = ENOMEM;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen        goto done;
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    }
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen    ret = sysdb_attrs_get_uint32_t(subdom_attrs, AD_AT_TRUST_TYPE,
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen                                   &trust_type);
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen    if (ret != EOK) {
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_uint32_t failed.\n"));
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen        goto done;
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen    }
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen    ret = sysdb_attrs_get_string(subdom_attrs, AD_AT_TRUST_PARTNER, &name);
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen    if (ret != EOK) {
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("failed to get subdomain name\n"));
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen        goto done;
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen    }
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    realm = get_uppercase_realm(tmp_ctx, name);
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    if (!realm) {
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen        ret = ENOMEM;
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen        goto done;
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    }
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    ret = sysdb_attrs_get_string(subdom_attrs, AD_AT_FLATNAME, &flat);
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    if (ret) {
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("failed to get flat name of subdomain %s\n",
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen                                  name));
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen        goto done;
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    }
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    ret = sysdb_attrs_get_el(subdom_attrs, AD_AT_SID, &el);
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen    if (ret != EOK || el->num_values != 1) {
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("sdap_attrs_get_el failed.\n"));
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen        goto done;
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen    }
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen    err = sss_idmap_bin_sid_to_sid(ctx->idmap_ctx,
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen                                   el->values[0].data,
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen                                   el->values[0].length,
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen                                   &sid_str);
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen    if (err != IDMAP_SUCCESS) {
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen        DEBUG(SSSDBG_MINOR_FAILURE,
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen              ("Could not convert SID: [%s].\n", idmap_error_string(err)));
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen        ret = EFAULT;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen        goto done;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    }
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    mpg = sdap_idmap_domain_has_algorithmic_mapping(
8e0f89885f2ce60961da9ae2d96d71c7109e6032Timo Sirainen                                             ctx->sdap_id_ctx->opts->idmap_ctx,
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen                                             domain->name,
e95bc848767afa2e52cb988a6d3f5e5cc5933885Timo Sirainen                                             domain->domain_id);
1036d2db2b718bdc5b10f0773dd01d62638e9ba9Timo Sirainen
28a57cc7b6f29cc55a4a586c80902b21daf5d55bTimo Sirainen    /* AD subdomains are currently all mpg and do not enumerate */
546d3609e0811a147269ee9979eb90649445f5acTimo Sirainen    ret = sysdb_subdomain_store(domain->sysdb, name, realm, flat, sid_str,
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen                                mpg, false, NULL);
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    if (ret != EOK) {
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen        goto done;
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    }
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    ret = EOK;
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainendone:
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen    talloc_free(tmp_ctx);
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen    return ret;
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen}
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainenstatic errno_t ad_subdomains_refresh(struct ad_subdomains_ctx *ctx,
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen                                     int count, struct sysdb_attrs **reply,
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen                                     bool *changes)
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen{
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    struct sdap_domain *sdom;
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen    struct sss_domain_info *domain, *dom;
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen    bool handled[count];
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen    const char *value;
654b46078129456bda90c5eb18014fb2858c302eTimo Sirainen    int c, h;
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    int ret;
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    domain = ctx->be_ctx->domain;
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    memset(handled, 0, sizeof(bool) * count);
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen    h = 0;
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    /* check existing subdomains */
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    for (dom = get_next_domain(domain, true);
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen         dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen         dom = get_next_domain(dom, false)) {
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen        for (c = 0; c < count; c++) {
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen            if (handled[c]) {
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen                continue;
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen            }
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen            ret = sysdb_attrs_get_string(reply[c], AD_AT_TRUST_PARTNER, &value);
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen            if (ret != EOK) {
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen                DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen                goto done;
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen            }
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen            if (strcmp(value, dom->name) == 0) {
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen                break;
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            }
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen        }
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen        if (c >= count) {
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            /* ok this subdomain does not exist anymore, let's clean up */
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            dom->disabled = true;
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            ret = sysdb_subdomain_delete(dom->sysdb, dom->name);
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            if (ret != EOK) {
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen                goto done;
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            }
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            sdom = sdap_domain_get(ctx->sdap_id_ctx->opts, dom);
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            if (sdom == NULL) {
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen                DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: Domain does not exist?\n"));
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen                continue;
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            }
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            /* Remove the subdomain from the list of LDAP domains */
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            sdap_domain_remove(ctx->sdap_id_ctx->opts, dom);
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            /* terminate all requests for this subdomain so we can free it */
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            be_terminate_domain_requests(ctx->be_ctx, dom->name);
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            talloc_zfree(sdom);
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen        } else {
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            /* ok let's try to update it */
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            ret = ad_subdom_store(ctx, domain, reply[c]);
3fc62f5a9b1646f0e385f0708c652fbd8b944ba9Timo Sirainen            if (ret) {
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen                /* Nothing we can do about the error. Let's at least try
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen                 * to reuse the existing domains
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen                 */
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen                DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, "
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen                      "will try to use cached subdomain\n"));
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen            }
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen            handled[c] = true;
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen            h++;
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen        }
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    }
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    if (count == h) {
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen        /* all domains were already accounted for and have been updated */
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen        ret = EOK;
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen        goto done;
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    }
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    /* if we get here it means we have changes to the subdomains list */
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    *changes = true;
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    for (c = 0; c < count; c++) {
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen        if (handled[c]) {
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen            continue;
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen        }
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen        /* Nothing we can do about the error. Let's at least try
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen         * to reuse the existing domains.
55de1a4d11765e795ec96fddd4858b188be4b892Timo Sirainen         */
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen        ret = ad_subdom_store(ctx, domain, reply[c]);
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen        if (ret) {
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen            DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, "
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen                  "will try to use cached subdomain\n"));
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen        }
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    }
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    ret = EOK;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainendone:
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen    if (ret != EOK) {
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen        ctx->last_refreshed = 0;
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    } else {
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen        ctx->last_refreshed = time(NULL);
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen    }
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    return ret;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen}
55de1a4d11765e795ec96fddd4858b188be4b892Timo Sirainen
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainenstatic void ad_subdomains_get_conn_done(struct tevent_req *req);
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainenstatic void ad_subdomains_master_dom_done(struct tevent_req *req);
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainenstatic errno_t ad_subdomains_get_slave(struct ad_subdomains_req_ctx *ctx);
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainenstatic void ad_subdomains_retrieve(struct ad_subdomains_ctx *ctx,
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen                                   struct be_req *be_req)
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen{
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen    struct ad_subdomains_req_ctx *req_ctx = NULL;
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen    struct tevent_req *req;
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    int dp_error = DP_ERR_FATAL;
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    int ret;
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    req_ctx = talloc(be_req, struct ad_subdomains_req_ctx);
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen    if (req_ctx == NULL) {
55de1a4d11765e795ec96fddd4858b188be4b892Timo Sirainen        ret = ENOMEM;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen        goto done;
55de1a4d11765e795ec96fddd4858b188be4b892Timo Sirainen    }
55de1a4d11765e795ec96fddd4858b188be4b892Timo Sirainen
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    req_ctx->be_req = be_req;
55de1a4d11765e795ec96fddd4858b188be4b892Timo Sirainen    req_ctx->sd_ctx = ctx;
55de1a4d11765e795ec96fddd4858b188be4b892Timo Sirainen    req_ctx->current_filter = NULL;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    req_ctx->base_iter = 0;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    req_ctx->reply_count = 0;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    req_ctx->reply = NULL;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    req_ctx->sdap_op = sdap_id_op_create(req_ctx,
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen                                         ctx->ldap_ctx->conn_cache);
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    if (req_ctx->sdap_op == NULL) {
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n"));
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen        ret = ENOMEM;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen        goto done;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    }
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    req = sdap_id_op_connect_send(req_ctx->sdap_op, req_ctx, &ret);
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    if (req == NULL) {
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n",
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen                                  ret, strerror(ret)));
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen        goto done;
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    }
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    tevent_req_set_callback(req, ad_subdomains_get_conn_done, req_ctx);
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    return;
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainendone:
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    talloc_free(req_ctx);
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    if (ret == EOK) {
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen        dp_error = DP_ERR_OK;
927d3977d5598f12ae18d4fa3f22b9e913f7dd46Timo Sirainen    }
93794594bc682b12353d2d0db08d91ae3e7c56c6Timo Sirainen    be_req_terminate(be_req, dp_error, ret, NULL);
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen}
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainenstatic void ad_subdomains_get_conn_done(struct tevent_req *req)
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen{
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    int ret;
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    int dp_error = DP_ERR_FATAL;
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    struct ad_subdomains_req_ctx *ctx;
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    ret = sdap_id_op_connect_recv(req, &dp_error);
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    talloc_zfree(req);
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen    if (ret) {
3b94ff5951db4d4eddb7a80ed4e3f61207202635Timo Sirainen        if (dp_error == DP_ERR_OFFLINE) {
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen            DEBUG(SSSDBG_MINOR_FAILURE,
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen                  ("No AD server is available, cannot get the "
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen                   "subdomain list while offline\n"));
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen        } else {
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen            DEBUG(SSSDBG_OP_FAILURE,
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen                  ("Failed to connect to AD server: [%d](%s)\n",
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen                   ret, strerror(ret)));
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen        }
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen        goto fail;
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen    }
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen    req = ad_master_domain_send(ctx, ctx->sd_ctx->be_ctx->ev,
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen                                ctx->sd_ctx->ldap_ctx,
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen                                ctx->sdap_op,
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen                                ctx->sd_ctx->domain_name);
a40649829bce4c8de6210a2cb4a4b4cf5bb40da8Timo Sirainen    if (req == NULL) {
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("ad_master_domain_send failed.\n"));
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen        ret = ENOMEM;
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen        goto fail;
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    }
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    tevent_req_set_callback(req, ad_subdomains_master_dom_done, ctx);
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen    return;
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainenfail:
d35364f4d7d139b4150d290e14717e10f1ede4cdTimo Sirainen    be_req_terminate(ctx->be_req, dp_error, ret, NULL);
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen}
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainenstatic void ad_subdomains_master_dom_done(struct tevent_req *req)
bb979386852c7689dc66c0fce03319382f66d501Timo Sirainen{
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    struct ad_subdomains_req_ctx *ctx;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    errno_t ret;
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen    ret = ad_master_domain_recv(req, ctx,
4cb2599c5cdf27362a66ac475ce295409c093c92Timo Sirainen                                &ctx->flat_name, &ctx->master_sid);
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen    talloc_zfree(req);
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    if (ret != EOK) {
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n"));
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen        goto done;
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    }
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen
e130dc7c712a10215b1e6be56403bbb934826251Timo Sirainen    ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen                                       ctx->flat_name, ctx->master_sid);
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    if (ret != EOK) {
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n"));
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen        goto done;
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    }
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    ret = ad_subdomains_get_slave(ctx);
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    if (ret == EAGAIN) {
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen        return;
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    } else if (ret != EOK) {
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen        goto done;
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen    }
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainendone:
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    be_req_terminate(ctx->be_req, DP_ERR_FATAL, ret, NULL);
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen}
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainenstatic void ad_subdomains_get_slave_domain_done(struct tevent_req *req);
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainenstatic errno_t ad_subdomains_get_slave(struct ad_subdomains_req_ctx *ctx)
6eb191b58bc8553a516bd1c9b0eccaa696d0f41fTimo Sirainen{
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    struct tevent_req *req;
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen    struct sdap_search_base *base;
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen    const char *slave_dom_attrs[] = { AD_AT_FLATNAME, AD_AT_TRUST_PARTNER,
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen                                      AD_AT_SID, AD_AT_TRUST_TYPE,
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen                                      AD_AT_TRUST_ATTRS, NULL };
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    base = ctx->sd_ctx->sdap_id_ctx->opts->sdom->search_bases[ctx->base_iter];
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen    if (base == NULL) {
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen        return EOK;
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen    }
7cd08c67fde5371f662d8c95b30c341741950420Timo Sirainen
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen    req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev,
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                           ctx->sd_ctx->sdap_id_ctx->opts,
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                           sdap_id_op_handle(ctx->sdap_op),
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                           base->basedn, LDAP_SCOPE_SUBTREE,
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                           SLAVE_DOMAIN_FILTER, slave_dom_attrs,
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                           NULL, 0,
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                           dp_opt_get_int(ctx->sd_ctx->sdap_id_ctx->opts->basic,
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                                          SDAP_SEARCH_TIMEOUT),
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen                           false);
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    if (req == NULL) {
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen        return ENOMEM;
b58cb4b59ccd78ee1c3e0df0bc13c300d1bec380Timo Sirainen    }
ee3cb11d230d549367a1213aefe4598345796256Timo Sirainen
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen    tevent_req_set_callback(req, ad_subdomains_get_slave_domain_done, ctx);
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    return EAGAIN;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen}
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainenstatic void ad_subdomains_get_slave_domain_done(struct tevent_req *req)
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen{
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    int ret;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    size_t reply_count;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    struct sysdb_attrs **reply = NULL;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    struct ad_subdomains_req_ctx *ctx;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    int dp_error = DP_ERR_FATAL;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    bool refresh_has_changes = false;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    talloc_zfree(req);
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    if (ret != EOK) {
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen        goto done;
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    }
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    if (reply_count) {
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen        ctx->reply = talloc_realloc(ctx, ctx->reply, struct sysdb_attrs *,
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen                                    ctx->reply_count + reply_count);
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen        if (ctx->reply == NULL) {
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen            ret = ENOMEM;
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen            goto done;
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen        }
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen        memcpy(ctx->reply+ctx->reply_count, reply,
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen               reply_count * sizeof(struct sysdb_attrs *));
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen        ctx->reply_count += reply_count;
771178a5c5285aa596723591271c8936c4007f1bTimo Sirainen    }
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen
f77ffa31038d46ca9c6d24d93e3d76c9aa8d4d0cTimo Sirainen    ctx->base_iter++;
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen    ret = ad_subdomains_get_slave(ctx);
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen    if (ret == EAGAIN) {
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen        return;
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen    } else if (ret != EOK) {
5daf9fa081859b99c5082b680f3f8a70b82a76f0Timo Sirainen        goto done;
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen    }
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen    /* Got all the subdomains, let's process them */
4ee00532a265bdfb38539d811fcd12d51210ac35Timo Sirainen    ret = ad_subdomains_refresh(ctx->sd_ctx, ctx->reply_count, ctx->reply,
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen                                &refresh_has_changes);
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen    if (ret != EOK) {
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        DEBUG(SSSDBG_OP_FAILURE, ("Failed to refresh subdomains.\n"));
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        goto done;
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen    }
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen    if (refresh_has_changes) {
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        ret = sysdb_update_subdomains(ctx->sd_ctx->be_ctx->domain);
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        if (ret != EOK) {
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen            DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n"));
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen            goto done;
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        }
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        ret = ads_store_sdap_subdom(ctx->sd_ctx, ctx->sd_ctx->be_ctx->domain);
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        if (ret != EOK) {
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen            DEBUG(SSSDBG_OP_FAILURE, ("ads_store_sdap_subdom failed.\n"));
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen            goto done;
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        }
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen
31a574fda352ef4f71dbff9c30e15e4744e132c0Timo Sirainen        ret = sss_write_domain_mappings(ctx->sd_ctx->be_ctx->domain, false);
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen        if (ret != EOK) {
3e859421cc59d28d4ba99f32830e3d0531334813Timo Sirainen            DEBUG(SSSDBG_MINOR_FAILURE,
                  ("sss_krb5_write_mappings failed.\n"));
            /* Just continue */
        }
    }

    ret = EOK;
done:
    if (ret == EOK) {
        ctx->sd_ctx->last_refreshed = time(NULL);
        dp_error = DP_ERR_OK;
    }
    be_req_terminate(ctx->be_req, dp_error, ret, NULL);
}

static void ad_subdom_online_cb(void *pvt);

static void ad_subdom_timer_refresh(struct tevent_context *ev,
                                     struct tevent_timer *te,
                                     struct timeval current_time,
                                     void *pvt)
{
    ad_subdom_online_cb(pvt);
}

static void ad_subdom_be_req_callback(struct be_req *be_req,
                                       int dp_err, int dp_ret,
                                       const char *errstr)
{
    talloc_free(be_req);
}

static void ad_subdom_online_cb(void *pvt)
{
    struct ad_subdomains_ctx *ctx;
    struct be_req *be_req;
    struct timeval tv;
    uint32_t refresh_interval;

    ctx = talloc_get_type(pvt, struct ad_subdomains_ctx);
    if (!ctx) {
        DEBUG(SSSDBG_CRIT_FAILURE, ("Bad private pointer\n"));
        return;
    }

    refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval;

    be_req = be_req_create(ctx, NULL, ctx->be_ctx,
                           ad_subdom_be_req_callback, NULL);
    if (be_req == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, ("be_req_create() failed.\n"));
        return;
    }

    ad_subdomains_retrieve(ctx, be_req);

    tv = tevent_timeval_current_ofs(refresh_interval, 0);
    ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv,
                                        ad_subdom_timer_refresh, ctx);
    if (!ctx->timer_event) {
        DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom timer event\n"));
    }
}

static void ad_subdom_offline_cb(void *pvt)
{
    struct ad_subdomains_ctx *ctx;

    ctx = talloc_get_type(pvt, struct ad_subdomains_ctx);

    if (ctx) {
        talloc_zfree(ctx->timer_event);
    }
}

void ad_subdomains_handler(struct be_req *be_req)
{
    struct be_ctx *be_ctx = be_req_get_be_ctx(be_req);
    struct ad_subdomains_ctx *ctx;
    time_t now;

    ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data,
                          struct ad_subdomains_ctx);
    if (!ctx) {
        be_req_terminate(be_req, DP_ERR_FATAL, EINVAL, NULL);
        return;
    }

    now = time(NULL);

    if (ctx->last_refreshed > now - AD_SUBDOMAIN_REFRESH_LIMIT) {
        be_req_terminate(be_req, DP_ERR_OK, EOK, NULL);
        return;
    }

    ad_subdomains_retrieve(ctx, be_req);
}

struct bet_ops ad_subdomains_ops = {
    .handler = ad_subdomains_handler,
    .finalize = NULL
};

int ad_subdom_init(struct be_ctx *be_ctx,
                   struct ad_id_ctx *id_ctx,
                   const char *ad_domain,
                   struct bet_ops **ops,
                   void **pvt_data)
{
    struct ad_subdomains_ctx *ctx;
    int ret;
    enum idmap_error_code err;

    ctx = talloc_zero(id_ctx, struct ad_subdomains_ctx);
    if (ctx == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n"));
        return ENOMEM;
    }

    ctx->be_ctx = be_ctx;
    ctx->sdom = id_ctx->sdap_id_ctx->opts->sdom;
    ctx->ldap_ctx = id_ctx->ldap_ctx;
    ctx->sdap_id_ctx = id_ctx->sdap_id_ctx;
    ctx->domain_name = talloc_strdup(ctx, ad_domain);
    if (ctx->domain_name == NULL) {
        DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
        return ENOMEM;
    }
    *ops = &ad_subdomains_ops;
    *pvt_data = ctx;

    ret = be_add_online_cb(ctx, be_ctx, ad_subdom_online_cb, ctx, NULL);
    if (ret != EOK) {
        DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom online callback"));
    }

    ret = be_add_offline_cb(ctx, be_ctx, ad_subdom_offline_cb, ctx, NULL);
    if (ret != EOK) {
        DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom offline callback"));
    }

    err = sss_idmap_init(sss_idmap_talloc, ctx, sss_idmap_talloc_free,
                         &ctx->idmap_ctx);
    if (err != IDMAP_SUCCESS) {
        DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to initialize idmap context.\n"));
        return EFAULT;
    }

    return EOK;
}