/*
SSSD
IPA Identity Backend Module
Authors:
Jan Zeleny <jzeleny@redhat.com>
Copyright (C) 2011 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <errno.h>
#include "providers/ldap/ldap_common.h"
#include "providers/ldap/sdap_async.h"
static struct tevent_req *
struct ipa_id_ctx *ipa_ctx,
struct dp_id_data *ar);
{
bool ret = false;
case BE_REQ_USER:
case BE_REQ_GROUP:
case BE_REQ_INITGROUPS:
case BE_REQ_BY_SECID:
case BE_REQ_USER_AND_GROUP:
case BE_REQ_BY_UUID:
case BE_REQ_BY_CERT:
ret = true;
break;
default:
break;
}
return ret;
}
struct ipa_resolve_user_list_state {
const char *domain_name;
int dp_error;
};
struct tevent_req *
struct ipa_id_ctx *ipa_ctx,
const char *domain_name,
struct ldb_message_element *users)
{
int ret;
struct ipa_resolve_user_list_state);
return NULL;
}
state->domain_name, true);
return req;
} else {
"ipa_resolve_user_list_get_user_step failed.\n");
}
return req;
}
{
int ret;
struct ipa_resolve_user_list_state);
return EOK;
}
return ret;
}
ar->filter_value, true);
/* Use provided domain as fallback because no known domain was found in the
* user name. */
}
ar);
} else {
ar);
}
return ENOMEM;
}
return EAGAIN;
}
{
struct tevent_req);
struct ipa_resolve_user_list_state);
int ret;
} else {
}
goto done;
}
return;
}
"ipa_resolve_user_list_get_user_step failed.\n");
}
done:
} else {
}
}
return;
}
{
struct ipa_resolve_user_list_state);
if (dp_error) {
}
return EOK;
}
struct ipa_initgr_get_overrides_state {
const char *realm;
const char *groups_id_attr;
int dp_error;
};
struct tevent_req *
struct tevent_context *ev,
struct ipa_id_ctx *ipa_ctx,
struct sss_domain_info *user_dom,
struct ldb_message **groups,
const char *groups_id_attr)
{
int ret;
struct ipa_initgr_get_overrides_state);
return NULL;
}
goto done;
}
goto done;
}
done:
}
return req;
}
{
int ret;
const char *ipa_uuid;
struct ipa_initgr_get_overrides_state);
return EOK;
}
/* This should never happen, the search filter used to get the list
* of groups includes "uuid=*"
*/
"The group %s has no UUID attribute %s, error!\n",
return EINVAL;
}
return ret;
}
return ret;
}
} else {
return EINVAL;
}
return ENOMEM;
}
return EAGAIN;
}
{
struct tevent_req);
struct ipa_initgr_get_overrides_state);
int ret;
return;
}
} else {
}
return;
}
return;
return;
}
}
{
struct ipa_initgr_get_overrides_state);
if (dp_error) {
}
return EOK;
}
/* Given a user name, retrieve an array of group UUIDs of groups that have
* no overrideDN attribute but do have an UUID attribute.
*/
struct ldb_message ***_msgs)
{
const char *filter;
return ENOMEM;
}
"(&(%s=%s)(!(%s=*))(%s=*))",
goto done;
}
goto done;
}
&msgs_count, &msgs);
"No groups without %s in sysdb\n", SYSDB_OVERRIDE_DN);
goto done;
goto done;
}
goto done;
}
done:
return ret;
}
struct ipa_id_get_account_info_state {
const char *realm;
int dp_error;
};
struct dp_id_data *ar);
static struct tevent_req *
struct ipa_id_ctx *ipa_ctx,
struct dp_id_data *ar)
{
int ret;
struct ipa_id_get_account_info_state);
return NULL;
}
goto fail;
}
goto fail;
}
goto fail;
}
/* We can skip the override lookup and go directly to the original object
* if
* - the lookup is by SID
* - there is no view set of it is the default view
* - if the EXTRA_INPUT_MAYBE_WITH_VIEW flag is not set
*/
"ipa_subdomain_account_get_original_step failed.\n");
goto fail;
}
} else {
goto fail;
}
}
return req;
fail:
return req;
}
{
struct tevent_req);
struct ipa_id_get_account_info_state);
int ret;
goto fail;
}
goto fail;
}
return;
fail:
return;
}
{
struct tevent_req);
struct ipa_id_get_account_info_state);
int ret;
char *anchor_domain;
char *ipa_uuid;
&state->override_attrs);
goto fail;
}
&anchor);
goto fail;
}
"Unsupported override anchor [%s].\n", anchor);
goto fail;
}
goto fail;
}
== BE_REQ_INITGROUPS) {
"Switching back to BE_REQ_INITGROUPS.\n");
}
} else {
"Anchor from a different domain [%s], expected [%s]. " \
"This is currently not supported, continue lookup in " \
"local IPA domain.\n",
}
}
"ipa_subdomain_account_get_original_step failed.\n");
goto fail;
}
return;
fail:
return;
}
struct dp_id_data *ar)
{
struct ipa_id_get_account_info_state);
return ENOMEM;
}
return EOK;
}
{
struct tevent_req);
struct ipa_id_get_account_info_state);
int ret;
NULL };
goto fail;
}
return;
}
/* Lookups by certificate can return muliple results and need special
* handling because get_object_from_cache() expects a unique match */
"Failed to make request to our cache: [%d]: [%s]\n",
goto fail;
}
goto fail;
}
/* Just process the unique result, no need to iterate */
}
} else {
return;
goto fail;
}
}
return;
goto fail;
}
return;
fail:
return;
}
{
int ret;
const char *uuid;
const char *class;
struct ipa_id_get_account_info_state);
NULL);
goto done;
}
/* check for ghost members because ghost members are not allowed
* if a view other than the default view is applied.*/
/* Get UUID list of groups that have no overrideDN set. */
&state->user_groups);
goto done;
}
}
}
goto done;
}
goto done;
}
goto done;
}
goto done;
} else {
} else {
}
type,
goto done;
}
}
/* Resolve ghost members */
goto done;
}
goto done;
}
goto done;
}
goto done;
}
done:
}
return ret;
}
{
struct tevent_req);
struct ipa_id_get_account_info_state);
int ret;
const char *class;
&state->override_attrs);
goto fail;
}
NULL);
goto fail;
}
} else {
}
type,
goto fail;
}
/* Resolve ghost members */
goto fail;
}
return;
}
goto fail;
}
return;
}
return;
"ipa_id_get_account_info_post_proc_step failed.\n");
goto fail;
}
}
return;
fail:
return;
}
{
struct tevent_req);
struct ipa_id_get_account_info_state);
int ret;
goto fail;
}
return;
"ipa_id_get_account_info_post_proc_step failed.\n");
goto fail;
}
}
return;
fail:
return;
}
{
struct tevent_req);
struct ipa_id_get_account_info_state);
int ret;
goto fail;
}
return;
"ipa_id_get_account_info_post_proc_step failed.\n");
goto fail;
}
}
return;
fail:
return;
}
{
struct ipa_id_get_account_info_state);
if (dp_error) {
}
return EOK;
}
/* Request for netgroups
* - first start here and then go to ipa_netgroups.c
*/
struct ipa_id_get_netgroup_state {
const char *name;
int timeout;
char *filter;
const char **attrs;
int dp_error;
};
struct tevent_context *ev,
struct ipa_id_ctx *ipa_ctx,
const char *name)
{
char *clean_name;
int ret;
goto fail;
}
goto fail;
}
goto fail;
}
if (!subreq) {
goto fail;
}
return req;
fail:
return req;
}
{
int ret;
return;
}
if (!subreq) {
return;
}
return;
}
{
int ret;
/* retry */
if (!subreq) {
return;
}
return;
}
return;
}
"Found more than one netgroup with the name [%s].\n",
return;
}
return;
}
}
return;
}
{
if (dp_error) {
}
return EOK;
}
enum ipa_account_info_type {
};
static enum ipa_account_info_type
{
return IPA_ACCOUNT_INFO_SUBDOMAIN;
return IPA_ACCOUNT_INFO_NETGROUP;
}
return IPA_ACCOUNT_INFO_OTHER;
}
struct ipa_account_info_handler_state {
};
struct tevent_req *
struct ipa_id_ctx *id_ctx,
struct dp_id_data *data,
struct dp_req_params *params)
{
struct ipa_account_info_handler_state);
return NULL;
}
if (sdap_is_enum_request(data)) {
goto immediately;
}
/* Subdomain lookups are handled differently on server and client. */
break;
goto immediately;
}
data->filter_value);
break;
case IPA_ACCOUNT_INFO_OTHER:
break;
}
goto immediately;
}
return req;
/* TODO For backward compatibility we always return EOK to DP now. */
return req;
}
{
int dp_error;
break;
break;
case IPA_ACCOUNT_INFO_OTHER:
break;
}
/* TODO For backward compatibility we always return EOK to DP now. */
}
struct tevent_req *req,
struct dp_reply_std *data)
{
return EOK;
}