ipa_common.c revision db15d9fc8252f05d705083b4798a492566284293
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen/*
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SSSD
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen IPA Provider Common Functions
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen Authors:
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen Simo Sorce <ssorce@redhat.com>
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen Copyright (C) 2009 Red Hat
06b0c3be9905099038964b068216bbed155701deTimo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen This program is free software; you can redistribute it and/or modify
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen it under the terms of the GNU General Public License as published by
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen the Free Software Foundation; either version 3 of the License, or
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen (at your option) any later version.
06b0c3be9905099038964b068216bbed155701deTimo Sirainen
06b0c3be9905099038964b068216bbed155701deTimo Sirainen This program is distributed in the hope that it will be useful,
06b0c3be9905099038964b068216bbed155701deTimo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen GNU General Public License for more details.
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen You should have received a copy of the GNU General Public License
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen*/
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen#include <netdb.h>
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen#include <ctype.h>
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen#include <arpa/inet.h>
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen#include "db/sysdb_selinux.h"
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen#include "providers/ipa/ipa_common.h"
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen#include "providers/ldap/sdap_async_private.h"
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen#include "util/sss_krb5.h"
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen#include "db/sysdb_services.h"
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen#include "db/sysdb_autofs.h"
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen#include "providers/ipa/ipa_opts.h"
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainenint ipa_get_options(TALLOC_CTX *memctx,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct confdb_ctx *cdb,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen const char *conf_path,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct sss_domain_info *dom,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct ipa_options **_opts)
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen{
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct ipa_options *opts;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen char *domain;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen char *server;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen char *realm;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen char *ipa_hostname;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen int ret;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen char hostname[HOST_NAME_MAX + 1];
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen opts = talloc_zero(memctx, struct ipa_options);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (!opts) return ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_get_options(opts, cdb, conf_path,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ipa_basic_opts,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen IPA_OPTS_BASIC,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &opts->basic);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen domain = dp_opt_get_string(opts->basic, IPA_DOMAIN);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (!domain) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = dp_opt_set_string(opts->basic, IPA_DOMAIN, dom->name);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen domain = dom->name;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen server = dp_opt_get_string(opts->basic, IPA_SERVER);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (!server) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(1, ("No ipa server set, will use service discovery!\n"));
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ipa_hostname == NULL) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = gethostname(hostname, HOST_NAME_MAX);
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(1, ("gethostname failed [%d][%s].\n", errno,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen strerror(errno)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = errno;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen hostname[HOST_NAME_MAX] = '\0';
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen DEBUG(9, ("Setting ipa_hostname to [%s].\n", hostname));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen /* First check whether the realm has been manually specified */
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen realm = dp_opt_get_string(opts->basic, IPA_KRB5_REALM);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (!realm) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen /* No explicit krb5_realm, use the IPA domain, transform to upper-case */
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen realm = get_uppercase_realm(opts, domain);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (!realm) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ret = ENOMEM;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ret = dp_opt_set_string(opts->basic, IPA_KRB5_REALM,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen realm);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ret = EOK;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen *_opts = opts;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
06b0c3be9905099038964b068216bbed155701deTimo Sirainendone:
06b0c3be9905099038964b068216bbed155701deTimo Sirainen if (ret != EOK) {
06b0c3be9905099038964b068216bbed155701deTimo Sirainen talloc_zfree(opts);
06b0c3be9905099038964b068216bbed155701deTimo Sirainen }
06b0c3be9905099038964b068216bbed155701deTimo Sirainen return ret;
06b0c3be9905099038964b068216bbed155701deTimo Sirainen}
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainenstatic errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct dp_option *opts, int class,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct sdap_search_base ***_search_bases)
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen{
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen const char *class_name;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen char *unparsed_base;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen *_search_bases = NULL;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen switch (class) {
200bedfb0a0472b74b2ec50c0a36bb167f39ea76Timo Sirainen case IPA_HBAC_SEARCH_BASE:
200bedfb0a0472b74b2ec50c0a36bb167f39ea76Timo Sirainen class_name = "IPA_HBAC";
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen break;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen case IPA_HOST_SEARCH_BASE:
200bedfb0a0472b74b2ec50c0a36bb167f39ea76Timo Sirainen class_name = "IPA_HOST";
200bedfb0a0472b74b2ec50c0a36bb167f39ea76Timo Sirainen break;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen case IPA_SELINUX_SEARCH_BASE:
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen class_name = "IPA_SELINUX";
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen break;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen case IPA_SUBDOMAINS_SEARCH_BASE:
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen class_name = "IPA_SUBDOMAINS";
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen break;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen case IPA_MASTER_DOMAIN_SEARCH_BASE:
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen class_name = "IPA_MASTER_DOMAIN";
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen break;
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen case IPA_RANGES_SEARCH_BASE:
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen class_name = "IPA_RANGES";
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen break;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen default:
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen DEBUG(SSSDBG_CONF_SETTINGS,
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen ("Unknown search base type: [%d]\n", class));
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen class_name = "UNKNOWN";
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen /* Non-fatal */
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen break;
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen }
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen unparsed_base = dp_opt_get_string(opts, class);
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen if (!unparsed_base || unparsed_base[0] == '\0') return ENOENT;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen return common_parse_search_base(mem_ctx, unparsed_base,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen class_name, NULL,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen _search_bases);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen}
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainenint ipa_get_id_options(struct ipa_options *ipa_opts,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct confdb_ctx *cdb,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen const char *conf_path,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen struct sdap_options **_opts)
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen{
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen TALLOC_CTX *tmpctx;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen char *basedn;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen char *realm;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen char *value;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen int ret;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen int i;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen tmpctx = talloc_new(ipa_opts);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (!tmpctx) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen return ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->id = talloc_zero(ipa_opts, struct sdap_options);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (!ipa_opts->id) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen /* get sdap options */
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_get_options(ipa_opts->id, cdb, conf_path,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_def_ldap_opts,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_OPTS_BASIC,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->basic);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = domain_to_basedn(tmpctx,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM),
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &basedn);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen /* FIXME: get values by querying IPA */
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen /* set search base */
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen value = talloc_asprintf(tmpctx, "cn=accounts,%s", basedn);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (!value) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_SEARCH_BASE, value);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(6, ("Option %s set to %s\n",
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen /* set krb realm */
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen value = talloc_strdup(tmpctx, realm);
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen if (value == NULL) {
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen DEBUG(1, ("talloc_strdup failed.\n"));
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen ret = ENOMEM;
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen goto done;
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen }
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic,
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen SDAP_KRB5_REALM, value);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen DEBUG(6, ("Option %s set to %s\n",
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
367c05967091a2cbfce59b7f274f55b1a0f9e8c9Timo Sirainen ret = sdap_set_sasl_options(ipa_opts->id,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_HOSTNAME),
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_KRB5_REALM),
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen dp_opt_get_string(ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_KRB5_KEYTAB));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(SSSDBG_OP_FAILURE, ("Cannot set the SASL-related options\n"));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen /* fix schema to IPAv1 for now */
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->id->schema_type = SDAP_SCHEMA_IPA_V1;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen /* set user/group search bases if they are not specified */
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic,
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen SDAP_USER_SEARCH_BASE)) {
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen dp_opt_get_string(ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_SEARCH_BASE));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen
ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen DEBUG(6, ("Option %s set to %s\n",
ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name,
ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen dp_opt_get_string(ipa_opts->id->basic,
ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen SDAP_USER_SEARCH_BASE)));
ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_USER_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->user_search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_GROUP_SEARCH_BASE)) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_SEARCH_BASE));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(6, ("Option %s set to %s\n",
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_GROUP_SEARCH_BASE)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_GROUP_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->group_search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_SUDO_SEARCH_BASE)) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen#if 0
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen dp_opt_get_string(ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_SEARCH_BASE));
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen goto done;
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen }
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen#else
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen /* We don't yet have support for the representation
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen * of sudo in IPA. For now, we need to point at the
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen * compat tree
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen */
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen value = talloc_asprintf(tmpctx, "ou=SUDOers,%s", basedn);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (!value) {
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen ret = ENOMEM;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6ef7e31619edfaa17ed044b45861d106a86191efTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_SUDO_SEARCH_BASE,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen value);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen#endif
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen DEBUG(6, ("Option %s set to %s\n",
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name,
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen dp_opt_get_string(ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_SUDO_SEARCH_BASE)));
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_SUDO_SEARCH_BASE,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen &ipa_opts->id->sudo_search_bases);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
5ab2ee0b9b7ad3867fcfd2a31fda0790370fbbbdTimo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_NETGROUP_SEARCH_BASE)) {
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen value = talloc_asprintf(tmpctx, "cn=ng,cn=alt,%s", basedn);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (!value) {
0546f051db6f510aa84d8c748cb46e584d3fcdfbTimo Sirainen ret = ENOMEM;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE,
13a8c553f293349248b161ff851743498916e26eTimo Sirainen value);
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen if (ret != EOK) {
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen goto done;
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen }
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen DEBUG(6, ("Option %s set to %s\n",
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen dp_opt_get_string(ipa_opts->id->basic,
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen SDAP_NETGROUP_SEARCH_BASE)));
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen }
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
8d80659e504ffb34bb0c6a633184fece35751b18Timo Sirainen SDAP_NETGROUP_SEARCH_BASE,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen &ipa_opts->id->netgroup_search_bases);
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen if (ret != EOK) goto done;
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->basic,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen IPA_HOST_SEARCH_BASE)) {
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen ret = dp_opt_set_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen dp_opt_get_string(ipa_opts->id->basic,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen SDAP_SEARCH_BASE));
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen if (ret != EOK) {
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen goto done;
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen }
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen ipa_opts->basic[IPA_HOST_SEARCH_BASE].opt_name,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen dp_opt_get_string(ipa_opts->basic,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen IPA_HOST_SEARCH_BASE)));
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen }
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen IPA_HOST_SEARCH_BASE,
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen &ipa_opts->host_search_bases);
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen if (ret != EOK) goto done;
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->basic,
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen IPA_HBAC_SEARCH_BASE)) {
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen value = talloc_asprintf(tmpctx, "cn=hbac,%s", basedn);
c95fc202215d2451372599db7092b16459f360a3Timo Sirainen if (!value) {
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen ret = ENOMEM;
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen goto done;
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen }
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE, value);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen DEBUG(6, ("Option %s set to %s\n",
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->basic,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen IPA_HBAC_SEARCH_BASE)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen IPA_HBAC_SEARCH_BASE,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen &ipa_opts->hbac_search_bases);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->basic,
eeea0a402bcd9533e9e359f2a2518e3216162151Timo Sirainen IPA_SELINUX_SEARCH_BASE)) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen value = talloc_asprintf(tmpctx, "cn=selinux,%s", basedn);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (!value) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = ENOMEM;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->basic, IPA_SELINUX_SEARCH_BASE, value);
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_opts->basic[IPA_SELINUX_SEARCH_BASE].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->basic,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen IPA_SELINUX_SEARCH_BASE)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen IPA_SELINUX_SEARCH_BASE,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen &ipa_opts->selinux_search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF);
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen if (value != NULL) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = deref_string_to_val(value, &i);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(1, ("Failed to verify ldap_deref option.\n"));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->id->basic,
0546f051db6f510aa84d8c748cb46e584d3fcdfbTimo Sirainen SDAP_SERVICE_SEARCH_BASE)) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen dp_opt_get_string(ipa_opts->id->basic,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen SDAP_SEARCH_BASE));
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen DEBUG(6, ("Option %s set to %s\n",
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen dp_opt_get_string(ipa_opts->id->basic,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen SDAP_GROUP_SEARCH_BASE)));
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_SERVICE_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->service_search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_SUBDOMAINS_SEARCH_BASE)) {
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen value = talloc_asprintf(tmpctx, "cn=trusts,%s", basedn);
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen if (value == NULL) {
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen ret = ENOMEM;
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen goto done;
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
a2550844936da8b78d7565b905a4dc5ffb3eef0eTimo Sirainen ret = dp_opt_set_string(ipa_opts->basic, IPA_SUBDOMAINS_SEARCH_BASE, value);
a2550844936da8b78d7565b905a4dc5ffb3eef0eTimo Sirainen if (ret != EOK) {
a2550844936da8b78d7565b905a4dc5ffb3eef0eTimo Sirainen goto done;
fedb73c7e918653877286ede0fe18029b3cce7d3Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->basic[IPA_SUBDOMAINS_SEARCH_BASE].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_SUBDOMAINS_SEARCH_BASE)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_SUBDOMAINS_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->subdomains_search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_MASTER_DOMAIN_SEARCH_BASE)) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen value = talloc_asprintf(tmpctx, "cn=ad,cn=etc,%s", basedn);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (value == NULL) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->basic, IPA_MASTER_DOMAIN_SEARCH_BASE, value);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->basic[IPA_MASTER_DOMAIN_SEARCH_BASE].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_MASTER_DOMAIN_SEARCH_BASE)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_MASTER_DOMAIN_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->master_domain_search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_RANGES_SEARCH_BASE)) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen value = talloc_asprintf(tmpctx, "cn=ranges,cn=etc,%s", basedn);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (value == NULL) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->basic, IPA_RANGES_SEARCH_BASE, value);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n",
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_opts->basic[IPA_RANGES_SEARCH_BASE].opt_name,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen dp_opt_get_string(ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_RANGES_SEARCH_BASE)));
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen IPA_RANGES_SEARCH_BASE,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->ranges_search_bases);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_attr_map,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_AT_GENERAL,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->gen_map);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = sdap_get_map(ipa_opts->id,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen cdb, conf_path,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_user_map,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen SDAP_OPTS_USER,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->user_map);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = sdap_get_map(ipa_opts->id,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen cdb, conf_path,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ipa_group_map,
6bca3405636e3ec95724350c3a10d6fcb737782aTimo Sirainen SDAP_OPTS_GROUP,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen &ipa_opts->id->group_map);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = sdap_get_map(ipa_opts->id,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen cdb, conf_path,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_netgroup_map,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen IPA_OPTS_NETGROUP,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen &ipa_opts->id->netgroup_map);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = sdap_get_map(ipa_opts->id,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen cdb, conf_path,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_host_map,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen IPA_OPTS_HOST,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen &ipa_opts->host_map);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = sdap_get_map(ipa_opts->id,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen cdb, conf_path,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_hostgroup_map,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen IPA_OPTS_HOSTGROUP,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen &ipa_opts->hostgroup_map);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = sdap_get_map(ipa_opts->id,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen cdb, conf_path,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_service_map,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen SDAP_OPTS_SERVICES,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen &ipa_opts->id->service_map);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = sdap_get_map(ipa_opts->id,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen cdb, conf_path,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_selinux_user_map,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen IPA_OPTS_SELINUX_USERMAP,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen &ipa_opts->selinuxuser_map);
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = EOK;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen *_opts = ipa_opts->id;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainendone:
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen talloc_zfree(tmpctx);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
d5cebe7f98e63d4e2822863ef2faa4971e8b3a5dTimo Sirainen talloc_zfree(ipa_opts->id);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen return ret;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen}
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainenint ipa_get_auth_options(struct ipa_options *ipa_opts,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen struct confdb_ctx *cdb,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen const char *conf_path,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen struct dp_option **_opts)
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen{
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen char *value;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen char *copy = NULL;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen int ret;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_opts->auth = talloc_zero(ipa_opts, struct dp_option);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ipa_opts->auth == NULL) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = ENOMEM;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen /* get krb5 options */
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = dp_get_options(ipa_opts, cdb, conf_path,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_def_krb5_opts,
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen KRB5_OPTS, &ipa_opts->auth);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen }
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen
ccffb125d94adff0ad776de5a96e22f864d6fb0aTimo Sirainen /* If there is no KDC, try the deprecated krb5_kdcip option, too */
a0b89f3b1df99b3a32f44623f13ad1893118825bTimo Sirainen /* FIXME - this can be removed in a future version */
24ce0c343cefe54af841871fa39dbc3464028b06Timo Sirainen ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen DEBUG(1, ("sss_krb5_try_kdcip failed.\n"));
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen goto done;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen /* set krb realm */
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (NULL == dp_opt_get_string(ipa_opts->auth, KRB5_REALM)) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen value = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM);
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen if (!value) {
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen copy = talloc_strdup(ipa_opts->auth, value);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (copy == NULL) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(1, ("talloc_strdup failed.\n"));
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ret = ENOMEM;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = dp_opt_set_string(ipa_opts->auth, KRB5_REALM, copy);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen goto done;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(6, ("Option %s set to %s\n",
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen ipa_opts->auth[KRB5_REALM].opt_name,
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen dp_opt_get_string(ipa_opts->auth, KRB5_REALM)));
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen *_opts = ipa_opts->auth;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen ret = EOK;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainendone:
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen talloc_free(copy);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen if (ret != EOK) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen talloc_zfree(ipa_opts->auth);
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen }
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen return ret;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen}
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainenstatic void ipa_resolve_callback(void *private_data, struct fo_server *server)
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen{
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen TALLOC_CTX *tmp_ctx = NULL;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen struct ipa_service *service;
dc9de21d4375faeedbe5b7e941502ac578650da9Timo Sirainen struct resolv_hostent *srvaddr;
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen struct sockaddr_storage *sockaddr;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen char *address;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen const char *safe_address;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen char *new_uri;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen const char *srv_name;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen int ret;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen tmp_ctx = talloc_new(NULL);
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen if (tmp_ctx == NULL) {
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen DEBUG(1, ("talloc_new failed\n"));
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen return;
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen }
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen service = talloc_get_type(private_data, struct ipa_service);
0371406d952fe51367c7be91703e5634b7d9d225Timo Sirainen if (!service) {
6c2c5f20760b06bfb4a40b0ee2ef5ab016bc41f0Timo Sirainen DEBUG(1, ("FATAL: Bad private_data\n"));
talloc_free(tmp_ctx);
return;
}
srvaddr = fo_get_server_hostent(server);
if (!srvaddr) {
DEBUG(1, ("FATAL: No hostent available for server (%s)\n",
fo_get_server_str_name(server)));
talloc_free(tmp_ctx);
return;
}
sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
if (sockaddr == NULL) {
DEBUG(1, ("resolv_get_sockaddr_address failed.\n"));
talloc_free(tmp_ctx);
return;
}
address = resolv_get_string_address(tmp_ctx, srvaddr);
if (address == NULL) {
DEBUG(1, ("resolv_get_string_address failed.\n"));
talloc_free(tmp_ctx);
return;
}
srv_name = fo_get_server_name(server);
if (srv_name == NULL) {
DEBUG(1, ("Could not get server host name\n"));
talloc_free(tmp_ctx);
return;
}
new_uri = talloc_asprintf(service, "ldap://%s", srv_name);
if (!new_uri) {
DEBUG(2, ("Failed to copy URI ...\n"));
talloc_free(tmp_ctx);
return;
}
DEBUG(6, ("Constructed uri '%s'\n", new_uri));
/* free old one and replace with new one */
talloc_zfree(service->sdap->uri);
service->sdap->uri = new_uri;
talloc_zfree(service->sdap->sockaddr);
service->sdap->sockaddr = talloc_steal(service, sockaddr);
safe_address = sss_escape_ip_address(tmp_ctx,
srvaddr->family,
address);
if (safe_address == NULL) {
DEBUG(1, ("sss_escape_ip_address failed.\n"));
talloc_free(tmp_ctx);
return;
}
ret = write_krb5info_file(service->krb5_service->realm, safe_address,
SSS_KRB5KDC_FO_SRV);
if (ret != EOK) {
DEBUG(2, ("write_krb5info_file failed, authentication might fail.\n"));
}
talloc_free(tmp_ctx);
}
errno_t ipa_servers_init(struct be_ctx *ctx,
struct ipa_service *service,
struct ipa_options *options,
const char *servers,
bool primary)
{
TALLOC_CTX *tmp_ctx;
char **list = NULL;
char *ipa_domain;
int ret = 0;
int i;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
/* split server parm into a list */
ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
goto done;
}
/* now for each one add a new server to the failover service */
for (i = 0; list[i]; i++) {
talloc_steal(service, list[i]);
if (be_fo_is_srv_identifier(list[i])) {
if (!primary) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to add server [%s] to failover service: "
"SRV resolution only allowed for primary servers!\n",
list[i]));
continue;
}
ipa_domain = dp_opt_get_string(options->basic, IPA_DOMAIN);
ret = be_fo_add_srv_server(ctx, "IPA", "ldap", ipa_domain,
BE_FO_PROTO_TCP, false, NULL);
if (ret) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup for service IPA\n"));
continue;
}
/* It could be ipv6 address in square brackets. Remove
* the brackets if needed. */
ret = remove_ipv6_brackets(list[i]);
if (ret != EOK) {
goto done;
}
ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL, primary);
if (ret && ret != EEXIST) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i]));
}
done:
talloc_free(tmp_ctx);
return ret;
}
static int ipa_user_data_cmp(void *ud1, void *ud2)
{
return strcasecmp((char*) ud1, (char*) ud2);
}
int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
const char *primary_servers,
const char *backup_servers,
struct ipa_options *options,
struct ipa_service **_service)
{
TALLOC_CTX *tmp_ctx;
struct ipa_service *service;
char *realm;
int ret;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
service = talloc_zero(tmp_ctx, struct ipa_service);
if (!service) {
ret = ENOMEM;
goto done;
}
service->sdap = talloc_zero(service, struct sdap_service);
if (!service->sdap) {
ret = ENOMEM;
goto done;
}
service->krb5_service = talloc_zero(service, struct krb5_service);
if (!service->krb5_service) {
ret = ENOMEM;
goto done;
}
ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp);
if (ret != EOK) {
DEBUG(1, ("Failed to create failover service!\n"));
goto done;
}
service->sdap->name = talloc_strdup(service, "IPA");
if (!service->sdap->name) {
ret = ENOMEM;
goto done;
}
service->krb5_service->name = talloc_strdup(service, "IPA");
if (!service->krb5_service->name) {
ret = ENOMEM;
goto done;
}
service->sdap->kinit_service_name = service->krb5_service->name;
realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM);
if (!realm) {
DEBUG(1, ("No Kerberos realm set\n"));
ret = EINVAL;
goto done;
}
service->krb5_service->realm =
talloc_strdup(service->krb5_service, realm);
if (!service->krb5_service->realm) {
ret = ENOMEM;
goto done;
}
if (!primary_servers) {
DEBUG(SSSDBG_CONF_SETTINGS,
("No primary servers defined, using service discovery\n"));
primary_servers = BE_SRV_IDENTIFIER;
}
ret = ipa_servers_init(ctx, service, options, primary_servers, true);
if (ret != EOK) {
goto done;
}
if (backup_servers) {
ret = ipa_servers_init(ctx, service, options, backup_servers, false);
if (ret != EOK) {
goto done;
}
}
ret = be_fo_service_add_callback(memctx, ctx, "IPA",
ipa_resolve_callback, service);
if (ret != EOK) {
DEBUG(1, ("Failed to add failover callback!\n"));
goto done;
}
ret = EOK;
done:
if (ret == EOK) {
*_service = talloc_steal(memctx, service);
}
talloc_zfree(tmp_ctx);
return ret;
}
int ipa_get_autofs_options(struct ipa_options *ipa_opts,
struct confdb_ctx *cdb,
const char *conf_path,
struct sdap_options **_opts)
{
TALLOC_CTX *tmp_ctx;
char *basedn;
char *autofs_base;
errno_t ret;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
ret = domain_to_basedn(tmp_ctx,
dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM),
&basedn);
if (ret != EOK) {
goto done;
}
if (NULL == dp_opt_get_string(ipa_opts->id->basic,
SDAP_AUTOFS_SEARCH_BASE)) {
autofs_base = talloc_asprintf(tmp_ctx, "cn=%s,cn=automount,%s",
dp_opt_get_string(ipa_opts->basic,
IPA_AUTOMOUNT_LOCATION),
basedn);
if (!autofs_base) {
ret = ENOMEM;
goto done;
}
ret = dp_opt_set_string(ipa_opts->id->basic,
SDAP_AUTOFS_SEARCH_BASE,
autofs_base);
if (ret != EOK) {
goto done;
}
DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n",
ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name,
dp_opt_get_string(ipa_opts->id->basic,
SDAP_AUTOFS_SEARCH_BASE)));
}
ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
SDAP_AUTOFS_SEARCH_BASE,
&ipa_opts->id->autofs_search_bases);
if (ret != EOK && ret != ENOENT) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n"));
goto done;
}
ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
ipa_autofs_mobject_map,
SDAP_OPTS_AUTOFS_MAP,
&ipa_opts->id->autofs_mobject_map);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
("Could not get autofs map object attribute map\n"));
goto done;
}
ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
ipa_autofs_entry_map,
SDAP_OPTS_AUTOFS_ENTRY,
&ipa_opts->id->autofs_entry_map);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
("Could not get autofs entry object attribute map\n"));
goto done;
}
*_opts = ipa_opts->id;
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}