8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny IPA Identity Backend Module
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny Jan Zeleny <jzeleny@redhat.com>
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny Copyright (C) 2011 Red Hat
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny This program is free software; you can redistribute it and/or modify
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny it under the terms of the GNU General Public License as published by
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny the Free Software Foundation; either version 3 of the License, or
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny (at your option) any later version.
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny This program is distributed in the hope that it will be useful,
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny GNU General Public License for more details.
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny You should have received a copy of the GNU General Public License
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_id_get_account_info_send(TALLOC_CTX *memctx, struct tevent_context *ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic int ipa_id_get_account_info_recv(struct tevent_req *req, int *dp_error);
3d29430867cf92b2d71afa95abb679711231117cPavel Březinastatic bool is_object_overridable(struct dp_id_data *ar)
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bosestatic errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req);
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bosestatic void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq);
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Boseipa_resolve_user_list_send(TALLOC_CTX *memctx, struct tevent_context *ev,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
7988988aab5bd0249476671b850eb3909aa753f8Sumit Bose state->domain = find_domain_by_name(state->ipa_ctx->sdap_id_ctx->be->domain,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose "ipa_resolve_user_list_get_user_step failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bosestatic errno_t ipa_resolve_user_list_get_user_step(struct tevent_req *req)
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose struct ipa_resolve_user_list_state *state = tevent_req_data(req,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose if (state->user_idx >= state->users->num_values) {
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose (char *) state->users->values[state->user_idx].data,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_user_name failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Trying to resolve user [%s].\n", ar->filter_value);
7988988aab5bd0249476671b850eb3909aa753f8Sumit Bose state->user_domain = find_domain_by_object_name_ex(
4a9c1047354dbe5a4ed41e5951ae623e3772e113René Genz /* Use provided domain as fallback because no known domain was found in the
7988988aab5bd0249476671b850eb3909aa753f8Sumit Bose * user name. */
7988988aab5bd0249476671b850eb3909aa753f8Sumit Bose if (state->user_domain != state->ipa_ctx->sdap_id_ctx->be->domain) {
f2e8a7c3230fac11175c0bd17c14c66a8e9b25adSumit Bose subreq = ipa_subdomain_account_send(state, state->ev, state->ipa_ctx,
f2e8a7c3230fac11175c0bd17c14c66a8e9b25adSumit Bose subreq = ipa_id_get_account_info_send(state, state->ev, state->ipa_ctx,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct_req_send failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose tevent_req_set_callback(subreq, ipa_resolve_user_list_get_user_done, req);
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bosestatic void ipa_resolve_user_list_get_user_done(struct tevent_req *subreq)
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose struct ipa_resolve_user_list_state *state = tevent_req_data(req,
7988988aab5bd0249476671b850eb3909aa753f8Sumit Bose if (state->user_domain != state->ipa_ctx->sdap_id_ctx->be->domain) {
f2e8a7c3230fac11175c0bd17c14c66a8e9b25adSumit Bose ret = ipa_subdomain_account_recv(subreq, &state->dp_error);
f2e8a7c3230fac11175c0bd17c14c66a8e9b25adSumit Bose ret = ipa_id_get_account_info_recv(subreq, &state->dp_error);
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct request failed: %d\n", ret);
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose "ipa_resolve_user_list_get_user_step failed.\n");
f2e8a7c3230fac11175c0bd17c14c66a8e9b25adSumit Boseint ipa_resolve_user_list_recv(struct tevent_req *req, int *dp_error)
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose struct ipa_resolve_user_list_state *state = tevent_req_data(req,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekstatic int ipa_initgr_get_overrides_step(struct tevent_req *req);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekipa_initgr_get_overrides_send(TALLOC_CTX *memctx,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek state->realm = dp_opt_get_string(state->ipa_ctx->ipa_options->basic,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm for IPA?\n");
145578006684481434ced78461ab8d1c3570f478Sumit Bose state->groups_id_attr = talloc_strdup(state, groups_id_attr);
145578006684481434ced78461ab8d1c3570f478Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekstatic void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekstatic int ipa_initgr_get_overrides_step(struct tevent_req *req)
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek struct ipa_initgr_get_overrides_state *state = tevent_req_data(req,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek "Processing group %zu/%zu\n", state->group_idx, state->group_count);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek ipa_uuid = ldb_msg_find_attr_as_string(state->groups[state->group_idx],
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek /* This should never happen, the search filter used to get the list
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek * of groups includes "uuid=*"
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek "The group %s has no UUID attribute %s, error!\n",
e2d96566aeb881bd89e5c9236d663f6a9a88019aJakub Hrozek ldb_dn_get_linearized(state->groups[state->group_idx]->dn),
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek talloc_free(state->ar); /* Avoid spiking memory with many groups */
145578006684481434ced78461ab8d1c3570f478Sumit Bose if (strcmp(state->groups_id_attr, SYSDB_UUID) == 0) {
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ret = get_dp_id_data_for_uuid(state, ipa_uuid,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n");
145578006684481434ced78461ab8d1c3570f478Sumit Bose } else if (strcmp(state->groups_id_attr, SYSDB_SID_STR) == 0) {
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n");
145578006684481434ced78461ab8d1c3570f478Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported groups ID type [%s].\n",
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_TRACE_LIBS, "Fetching group %s\n", ipa_uuid);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek subreq = ipa_get_ad_override_send(state, state->ev,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n");
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekstatic void ipa_initgr_get_overrides_override_done(struct tevent_req *subreq)
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek struct ipa_initgr_get_overrides_state *state = tevent_req_data(req,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek ret = ipa_get_ad_override_recv(subreq, &state->dp_error, state,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
9ac2a33f4cdc4941fa63118dcffe8058854f33c4Michal Židek if (is_default_view(state->ipa_ctx->view_name)) {
145578006684481434ced78461ab8d1c3570f478Sumit Bose ret = sysdb_apply_default_override(state->user_dom, override_attrs,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_override failed.\n");
145578006684481434ced78461ab8d1c3570f478Sumit Boseint ipa_initgr_get_overrides_recv(struct tevent_req *req, int *dp_error)
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek struct ipa_initgr_get_overrides_state *state = tevent_req_data(req,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek/* Given a user name, retrieve an array of group UUIDs of groups that have
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek * no overrideDN attribute but do have an UUID attribute.
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekstatic errno_t ipa_id_get_group_uuids(TALLOC_CTX *mem_ctx,
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose "(&(%s=%s)(!(%s=*))(%s=*))",
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek "No groups without %s in sysdb\n", SYSDB_OVERRIDE_DN);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek uuid_list = talloc_zero_array(tmp_ctx, char *, msgs_count);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_connected(struct tevent_req *subreq);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_got_override(struct tevent_req *subreq);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic errno_t ipa_id_get_account_info_get_original_step(struct tevent_req *req,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_orig_done(struct tevent_req *subreq);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_done(struct tevent_req *subreq);
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bosestatic void ipa_id_get_user_list_done(struct tevent_req *subreq);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic struct tevent_req *
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Boseipa_id_get_account_info_send(TALLOC_CTX *memctx, struct tevent_context *ev,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose state->op = sdap_id_op_create(state, state->ctx->conn->conn_cache);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose state->domain = find_domain_by_name(state->ctx->be->domain,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_name failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose state->realm = dp_opt_get_string(state->ipa_ctx->ipa_options->basic,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm for IPA?\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose /* We can skip the override lookup and go directly to the original object
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose * - the lookup is by SID
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose * - there is no view set of it is the default view
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose * - if the EXTRA_INPUT_MAYBE_WITH_VIEW flag is not set
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = ipa_id_get_account_info_get_original_step(req, ar);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose "ipa_subdomain_account_get_original_step failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose subreq = sdap_id_op_connect_send(state->op, state, &ret);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_connect_send failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose tevent_req_set_callback(subreq, ipa_id_get_account_info_connected, req);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_connected(struct tevent_req *subreq)
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = sdap_id_op_connect_recv(subreq, &dp_error);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_connect request failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose subreq = ipa_get_ad_override_send(state, state->ev, state->ctx,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose tevent_req_set_callback(subreq, ipa_id_get_account_info_got_override, req);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_got_override(struct tevent_req *subreq)
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = ipa_get_ad_override_recv(subreq, &dp_error, state,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = sysdb_attrs_get_string(state->override_attrs,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = split_ipa_anchor(state, anchor, &anchor_domain, &ipa_uuid);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose if (strcmp(state->ar->domain, anchor_domain) == 0) {
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ret = get_dp_id_data_for_uuid(state, ipa_uuid,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_uuid failed.\n");
0f9c28eb52d2b45c8a97f709308dc11377831b8cSumit Bose if ((state->orig_ar->entry_type & BE_REQ_TYPE_MASK)
0f9c28eb52d2b45c8a97f709308dc11377831b8cSumit Bose "Switching back to BE_REQ_INITGROUPS.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose "Anchor from a different domain [%s], expected [%s]. " \
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose "This is currently not supported, continue lookup in " \
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose "local IPA domain.\n",
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = ipa_id_get_account_info_get_original_step(req, state->ar);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose "ipa_subdomain_account_get_original_step failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic errno_t ipa_id_get_account_info_get_original_step(struct tevent_req *req,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
a849d848d53f305a90613a74c1767a42b250dedaPavel Březina subreq = sdap_handle_acct_req_send(state, state->ctx->be, ar,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct_req_send failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose tevent_req_set_callback(subreq, ipa_id_get_account_info_orig_done, req);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bosestatic int ipa_id_get_account_info_post_proc_step(struct tevent_req *req);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekstatic void ipa_id_get_user_groups_done(struct tevent_req *subreq);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_orig_done(struct tevent_req *subreq)
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = sdap_handle_acct_req_recv(subreq, &dp_error, NULL, NULL);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_handle_acct request failed: %d\n", ret);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose /* Lookups by certificate can return muliple results and need special
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose * handling because get_object_from_cache() expects a unique match */
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose ret = sysdb_search_object_by_cert(state, state->domain,
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose "Failed to make request to our cache: [%d]: [%s]\n",
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "Object not found in our cache.\n");
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose /* Just process the unique result, no need to iterate */
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose ret = get_object_from_cache(state, state->domain, state->ar,
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose DEBUG(SSSDBG_MINOR_FAILURE, "Object not found, ending request\n");
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "get_object_from_cache failed.\n");
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose ret = ipa_id_get_account_info_post_proc_step(req);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_id_get_account_info_post_proc_step failed.\n");
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bosestatic int ipa_id_get_account_info_post_proc_step(struct tevent_req *req)
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose class = ldb_msg_find_attr_as_string(state->obj_msg, SYSDB_OBJECTCATEGORY,
605dc7fcc848dffb7c9d270c864c70e6dff1242eSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Cannot find an objectclass.\n");
9ac2a33f4cdc4941fa63118dcffe8058854f33c4Michal Židek if (!is_default_view(state->ipa_ctx->view_name)) {
605dc7fcc848dffb7c9d270c864c70e6dff1242eSumit Bose if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_GROUP
605dc7fcc848dffb7c9d270c864c70e6dff1242eSumit Bose || ((state->ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_BY_UUID
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek /* check for ghost members because ghost members are not allowed
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek * if a view other than the default view is applied.*/
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek state->ghosts = ldb_msg_find_element(state->obj_msg, SYSDB_GHOST);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek } else if ((state->ar->entry_type & BE_REQ_TYPE_MASK) == \
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek /* Get UUID list of groups that have no overrideDN set. */
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek ret = ipa_id_get_group_uuids(state, state->sysdb,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Cannot get UUID list: %d\n", ret);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose uuid = ldb_msg_find_attr_as_string(state->obj_msg, SYSDB_UUID, NULL);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Cannot find a UUID.\n");
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ret = get_dp_id_data_for_uuid(state, uuid, state->domain->name,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose subreq = ipa_get_ad_override_send(state, state->ev,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose tevent_req_set_callback(subreq, ipa_id_get_account_info_done, req);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = sysdb_store_override(state->domain, state->ipa_ctx->view_name,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_override failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose /* Resolve ghost members */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_resolve_user_list_send(state, state->ev,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose tevent_req_set_callback(subreq, ipa_id_get_user_list_done, req);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek tevent_req_set_callback(subreq, ipa_id_get_user_groups_done, req);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose state->obj_msg = state->res->msgs[state->res_index];
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose ret = ipa_id_get_account_info_post_proc_step(req);
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic void ipa_id_get_account_info_done(struct tevent_req *subreq)
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = ipa_get_ad_override_recv(subreq, &dp_error, state,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
0e238c259c066cf997aaa940d33d6bda96c15925Sumit Bose class = ldb_msg_find_attr_as_string(state->obj_msg, SYSDB_OBJECTCATEGORY,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Cannot find an objectclass.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ret = sysdb_store_override(state->domain, state->ipa_ctx->view_name,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_override failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose /* Resolve ghost members */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_resolve_user_list_send(state, state->ev,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose tevent_req_set_callback(subreq, ipa_id_get_user_list_done, req);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek subreq = ipa_initgr_get_overrides_send(state, state->ev, state->ipa_ctx,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "ipa_resolve_user_list_send failed.\n");
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek tevent_req_set_callback(subreq, ipa_id_get_user_groups_done, req);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose if (state->res != NULL && ++state->res_index < state->res->count) {
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose state->obj_msg = state->res->msgs[state->res_index];
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose ret = ipa_id_get_account_info_post_proc_step(req);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose "ipa_id_get_account_info_post_proc_step failed.\n");
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bosestatic void ipa_id_get_user_list_done(struct tevent_req *subreq)
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose ret = ipa_resolve_user_list_recv(subreq, &dp_error);
765d9075bb1e10ae0f09b6c2701bfd50aeb423d4Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "IPA resolve user list %d\n", ret);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose if (state->res != NULL && ++state->res_index < state->res->count) {
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose state->obj_msg = state->res->msgs[state->res_index];
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose ret = ipa_id_get_account_info_post_proc_step(req);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose "ipa_id_get_account_info_post_proc_step failed.\n");
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozekstatic void ipa_id_get_user_groups_done(struct tevent_req *subreq)
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek struct tevent_req *req = tevent_req_callback_data(subreq,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek struct ipa_id_get_account_info_state *state = tevent_req_data(req,
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek ret = ipa_initgr_get_overrides_recv(subreq, &dp_error);
b2c3722b9a1eaf265f6b102043958f6d4378788cJakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "IPA resolve user groups %d\n", ret);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose if (state->res != NULL && ++state->res_index < state->res->count) {
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose state->obj_msg = state->res->msgs[state->res_index];
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose ret = ipa_id_get_account_info_post_proc_step(req);
3fd8ea55d59f29725ab32bdaf5b98ffaae7fbf9dSumit Bose "ipa_id_get_account_info_post_proc_step failed.\n");
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bosestatic int ipa_id_get_account_info_recv(struct tevent_req *req, int *dp_error)
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose struct ipa_id_get_account_info_state *state = tevent_req_data(req,
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny/* Request for netgroups
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny * - first start here and then go to ipa_netgroups.c
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorcestatic void ipa_id_get_netgroup_connected(struct tevent_req *subreq);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorcestatic void ipa_id_get_netgroup_done(struct tevent_req *subreq);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorcestatic struct tevent_req *ipa_id_get_netgroup_send(TALLOC_CTX *memctx,
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce const char *name)
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce req = tevent_req_create(memctx, &state, struct ipa_id_get_netgroup_state);
dcb44c39dda9699cdd6488fd116a51ced0687de3Jakub Hrozek state->op = sdap_id_op_create(state, ctx->conn->conn_cache);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny state->timeout = dp_opt_get_int(ctx->opts->basic, SDAP_SEARCH_TIMEOUT);
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny ret = sss_filter_sanitize(state, name, &clean_name);
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))",
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny ctx->opts->netgroup_map[IPA_AT_NETGROUP_NAME].name,
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n");
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny ret = build_attrs_from_map(state, ctx->opts->netgroup_map,
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce subreq = sdap_id_op_connect_send(state->op, state, &ret);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_set_callback(subreq, ipa_id_get_netgroup_connected, req);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorcestatic void ipa_id_get_netgroup_connected(struct tevent_req *subreq)
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_callback_data(subreq, struct tevent_req);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_data(req, struct ipa_id_get_netgroup_state);
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny struct sdap_id_ctx *sdap_ctx = state->ctx->sdap_id_ctx;
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny ret = sdap_id_op_connect_recv(subreq, &dp_error);
bd92e8ee315d4da9350b9ef0358c88a7b54aeebeStephen Gallagher subreq = ipa_get_netgroups_send(state, state->ev, state->sysdb,
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_set_callback(subreq, ipa_id_get_netgroup_done, req);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorcestatic void ipa_id_get_netgroup_done(struct tevent_req *subreq)
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_callback_data(subreq, struct tevent_req);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_data(req, struct ipa_id_get_netgroup_state);
8b1f2574ce7a964965a18ab047ab09c4694380c4Jan Zeleny ret = sdap_id_op_done(state->op, ret, &dp_error);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce subreq = sdap_id_op_connect_send(state->op, state, &ret);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_set_callback(subreq, ipa_id_get_netgroup_connected, req);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "Found more than one netgroup with the name [%s].\n",
d115f40c7a3999e3cbe705a2ff9cf0fd493f80fbMichal Zidek ret = sysdb_delete_netgroup(state->domain, state->name);
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorcestatic int ipa_id_get_netgroup_recv(struct tevent_req *req, int *dp_error)
39be7dbfa25a1cae78741a1c6c8c744e8c87e38fSimo Sorce tevent_req_data(req, struct ipa_id_get_netgroup_state);
3d29430867cf92b2d71afa95abb679711231117cPavel Březinaipa_decide_account_info_type(struct dp_id_data *data, struct be_ctx *be_ctx)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (strcasecmp(data->domain, be_ctx->domain->name) != 0) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else if ((data->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_NETGROUP) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_account_info_handler_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_account_info_handler_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->type = ipa_decide_account_info_type(data, params->be_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_LIBS, "Skipping enumeration on demand\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Subdomain lookups are handled differently on server and client. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_subdomain_account_send(state, params->ev, id_ctx, data);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_id_get_netgroup_send(state, params->ev, id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_id_get_account_info_send(state, params->ev, id_ctx, data);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_account_info_handler_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&state->reply, DP_ERR_DECIDE, ret, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* TODO For backward compatibility we always return EOK to DP now. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_account_info_handler_done(struct tevent_req *subreq)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_account_info_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomain_account_recv(subreq, &dp_error);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_id_get_netgroup_recv(subreq, &dp_error);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_id_get_account_info_recv(subreq, &dp_error);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* TODO For backward compatibility we always return EOK to DP now. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&state->reply, dp_error, ret, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t ipa_account_info_handler_recv(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_account_info_handler_state *state = NULL;