f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio Fabiano Fidêncio <fidencio@redhat.com>
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio Copyright (C) 2017 Red Hat
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio This program is free software; you can redistribute it and/or modify
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio it under the terms of the GNU General Public License as published by
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio the Free Software Foundation; either version 3 of the License, or
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio (at your option) any later version.
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio This program is distributed in the hope that it will be useful,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio but WITHOUT ANY WARRANTY; without even the implied warranty of
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio GNU General Public License for more details.
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio You should have received a copy of the GNU General Public License
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio along with this program. If not, see <http://www.gnu.org/licenses/>.
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio#include "providers/ldap/sdap_async_private.h"
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio#include "providers/ipa/ipa_deskprofile_private.h"
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio#include "providers/ipa/ipa_deskprofile_rules.h"
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio#include "providers/ipa/ipa_deskprofile_rules_util.h"
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncioipa_deskprofile_rule_info_next(struct tevent_req *req,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncioipa_deskprofile_rule_info_done(struct tevent_req *subreq);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncioipa_deskprofile_rule_info_send(TALLOC_CTX *mem_ctx,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio req = tevent_req_create(mem_ctx, &state, struct ipa_deskprofile_rule_state);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create failed.\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "Missing host\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = sysdb_attrs_get_string(ipa_host, SYSDB_ORIG_DN, &host_dn);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify IPA hostname\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = sss_filter_sanitize(state, host_dn, &host_dn_clean);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio state->attrs = deskprofile_get_attrs_to_get_cached_rules(state);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "deskprofile_get_attrs_get_cached_rules() failed\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "(&(objectclass=%s)"
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "(|(%s=%s)(%s=%s)(%s=%s)",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio /* Add all parent groups of ipa_hostname to the filter */
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = sysdb_attrs_get_string_array(ipa_host, SYSDB_ORIG_MEMBEROF,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "Could not identify.\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio /* This host is not a member of any hostgroups */
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio memberof_list = talloc_array(state, const char *, 1);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio for (size_t i = 0; memberof_list[i] != NULL; i++) {
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "sss_filter_sanitize() failed [%d]: %s\n",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio rule_filter = talloc_asprintf_append(rule_filter, "(%s=%s)",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio /* Add the username to the filter */
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = sss_parse_internal_fqname(state, username, &user, NULL);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "sss_parse_internal_fqname() failed [%d]: %s\n",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio rule_filter = talloc_asprintf_append(rule_filter, "(%s=%s)",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio /* Add all parent groups of `username` to the filter */
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = get_sysdb_grouplist(state, domain->sysdb, domain, username,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "get_sysdb_grouplist() failed [%d]: %s\n",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio for (size_t i = 0; groups_list[i] != NULL; i++) {
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = sss_filter_sanitize(state, groups_list[i], &group_clean);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "sss_filter_sanitize() failed [%d]: %s\n",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = sss_parse_internal_fqname(state, group_clean, &group, NULL);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "sss_parse_internal_fqname() failed [%d]: %s\n",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio rule_filter = talloc_asprintf_append(rule_filter, "(%s=%s)",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio rule_filter = talloc_asprintf_append(rule_filter, "))");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio state->rules_filter = talloc_steal(state, rule_filter);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = ipa_deskprofile_rule_info_next(req, state);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio /* ipa_deskprofile_rule_info_next should always have a search base
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio * when called for the first time.
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio * For the subsequent iterations, not finding any more search bases
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio * is fine though (thus the function returns EOK).
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio * As, here, it's the first case happening, let's return EINVAL.
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "No search base found\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncioipa_deskprofile_rule_info_next(struct tevent_req *req,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio base = state->search_bases[state->search_base_iter];
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio state->cur_filter = sdap_combine_filters(state, state->rules_filter,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "Sending request for next search base: [%s][%d][%s]\n",
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio base->basedn, base->scope, state->cur_filter);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "sdap_get_generic_send failed.\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio tevent_req_set_callback(subreq, ipa_deskprofile_rule_info_done, req);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncioipa_deskprofile_rule_info_done(struct tevent_req *subreq)
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio req = tevent_req_callback_data(subreq, struct tevent_req);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio state = tevent_req_data(req, struct ipa_deskprofile_rule_state);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio "Could not retrieve Desktop Profile rules\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio total_count = rule_count + state->rule_count;
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio state->rules = talloc_realloc(state, state->rules,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio *target = talloc_steal(state->rules, rules[i]);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio ret = ipa_deskprofile_rule_info_next(req, state);
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio } else if (ret == EOK && state->rule_count == 0) {
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio DEBUG(SSSDBG_TRACE_FUNC, "No rules apply to this host\n");
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio /* We went through all search bases and we have some results */
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncioipa_deskprofile_rule_info_recv(struct tevent_req *req,
f982039c75ec064894deb676ae53ee57de868590Fabiano Fidêncio state = tevent_req_data(req, struct ipa_deskprofile_rule_state);