36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose IPA Helper routines - external users and groups with s2n plugin
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose Copyright (C) Sumit Bose <sbose@redhat.com> - 2011
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose This program is free software; you can redistribute it and/or modify
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose it under the terms of the GNU General Public License as published by
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose the Free Software Foundation; either version 3 of the License, or
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose (at your option) any later version.
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose This program is distributed in the hope that it will be useful,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose GNU General Public License for more details.
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose You should have received a copy of the GNU General Public License
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose/* ==Sid2Name Extended Operation============================================= */
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestatic struct tevent_req *ipa_s2n_exop_send(TALLOC_CTX *mem_ctx,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose req = tevent_req_create(mem_ctx, &state, struct ipa_s2n_exop_state);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Executing extended operation\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose is_v1 ? EXOP_SID2NAME_V1_OID : EXOP_SID2NAME_OID,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "ldap_extended_operation failed\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_TRACE_INTERNAL, "ldap_extended_operation sent, msgid = %d\n",
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose ret = sdap_op_add(state, ev, state->sh, msgid, ipa_s2n_exop_done, req,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to set up operation!\n");
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose struct ipa_s2n_exop_state *state = tevent_req_data(req,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose ret = ldap_parse_result(state->sh->ldap, reply->msg,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldap_parse_result failed (%d)\n",
bc85b7e2b7b1569e64d8832c52cab9ad165e6fc1Sumit Bose DEBUG(result == LDAP_SUCCESS ? SSSDBG_TRACE_FUNC : SSSDBG_OP_FAILURE,
bc85b7e2b7b1569e64d8832c52cab9ad165e6fc1Sumit Bose "ldap_extended_operation result: %s(%d), %s.\n",
3e9712c2fdbba8f9cd25886943331e76e0b2ceddSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldap_extended_operation failed, server " \
3e9712c2fdbba8f9cd25886943331e76e0b2ceddSumit Bose "logs might contain more details.\n");
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose ret = ldap_parse_extended_result(state->sh->ldap, reply->msg,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldap_parse_extendend_result failed (%d)\n",
7ee9ac32485483beece872d6fcb3096fa77a004bSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Missing exop result data.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc failed.\n");
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose state->retdata->bv_val = talloc_memdup(state->retdata, retdata->bv_val,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_memdup failed.\n");
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestatic int ipa_s2n_exop_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose struct ipa_s2n_exop_state *state = tevent_req_data(req,
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce *retdata = talloc_steal(mem_ctx, state->retdata);
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestatic errno_t talloc_ber_flatten(TALLOC_CTX *mem_ctx, BerElement *ber,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose tbv->bv_val = talloc_memdup(tbv, bv->bv_val, bv->bv_len);
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose/* The extended operation expect the following ASN.1 encoded request data:
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * ExtdomRequestValue ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * inputType ENUMERATED {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * posix uid (3),
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * posix gid (3)
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * requestType ENUMERATED {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * simple (1),
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * full_with_members (3)
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * data InputData
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * InputData ::= CHOICE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * sid OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * name NameDomainData
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * uid PosixUid,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * gid PosixGid
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * NameDomainData ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * domain_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * object_name OCTET STRING
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * PosixUid ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * domain_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * uid INTEGER
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * PosixGid ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * domain_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * gid INTEGER
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestatic errno_t s2n_encode_request(TALLOC_CTX *mem_ctx,
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose case BE_REQ_USER_AND_GROUP: /* the extdom exop does not care if the
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose ID belongs to a user or a group */
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose ret = ber_printf(ber, "{ee{ss}}", INP_NAME, request_type,
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose ret = ber_printf(ber, "{ee{si}}", INP_POSIX_UID, request_type,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unexpected input type [%d].\n",
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose ret = ber_printf(ber, "{ee{ss}}", INP_NAME, request_type,
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose ret = ber_printf(ber, "{ee{si}}", INP_POSIX_GID, request_type,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unexpected input type [%d].\n",
21513e51a4a2eb08f245333bf8f223713a3d7cb3Sumit Bose ret = ber_printf(ber, "{ees}", INP_SID, request_type,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unexpected input type [%d].\n",
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose ret = ber_printf(ber, "{ees}", INP_CERT, request_type,
21513e51a4a2eb08f245333bf8f223713a3d7cb3Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Unexpected input type [%d].\n",
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose/* If the extendend operation is successful it returns the following ASN.1
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * encoded response:
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * ExtdomResponseValue ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * responseType ENUMERATED {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * posix_user (3),
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * posix_group (4),
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * posix_user_grouplist (5),
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * posix_group_members (6)
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * data OutputData
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * OutputData ::= CHOICE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * sid OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * name NameDomainData,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * user PosixUser,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * group PosixGroup,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * usergrouplist PosixUserGrouplist,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * groupmembers PosixGroupMembers
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * NameDomainData ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * domain_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * object_name OCTET STRING
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * PosixUser ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * domain_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * user_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * uid INTEGER
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * gid INTEGER
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * PosixGroup ::= SEQUENCE {
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * domain_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * group_name OCTET STRING,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose * gid INTEGER
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * PosixUserGrouplist ::= SEQUENCE {
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * domain_name OCTET STRING,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * user_name OCTET STRING,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * uid INTEGER,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * gid INTEGER,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * gecos OCTET STRING,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * home_directory OCTET STRING,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * shell OCTET STRING,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * grouplist GroupNameList
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * GroupNameList ::= SEQUENCE OF OCTET STRING
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * PosixGroupMembers ::= SEQUENCE {
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * domain_name OCTET STRING,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * group_name OCTET STRING,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * gid INTEGER,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * members GroupMemberList
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose * GroupMemberList ::= SEQUENCE OF OCTET STRING
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bosestatic errno_t get_extra_attrs(BerElement *ber, struct resp_attrs *resp_attrs)
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose resp_attrs->sysdb_attrs = sysdb_new_attrs(resp_attrs);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Found new sequence.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose for (tag = ber_first_element(ber, &ber_len, &ber_cookie);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose tag = ber_next_element(ber, &ber_len, ber_cookie)) {
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Extra attribute [%s].\n", name);
cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6Sumit Bose if (values[c]->bv_val[values[c]->bv_len] != '\0') {
cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6Sumit Bose "base64 encoded certificate not 0-terminated.\n");
cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6Sumit Bose v.data = sss_base64_decode(NULL, values[c]->bv_val, &v.length);
cf89f552f06b95bd69d8c61aaa55a330a5d9f6e6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose ret = sysdb_attrs_add_val(resp_attrs->sysdb_attrs, name, &v);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_val failed.\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozekstatic errno_t add_v1_user_data(struct sss_domain_info *dom,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose tag = ber_scanf(ber, "aaa", &gecos, &homedir, &shell);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose attrs->a.user.pw_gecos = talloc_strdup(attrs, gecos);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose attrs->a.user.pw_dir = talloc_strdup(attrs, homedir);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose attrs->a.user.pw_shell = talloc_strdup(attrs, shell);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose for (attrs->ngroups = 0; list[attrs->ngroups] != NULL;
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose attrs->groups = talloc_zero_array(attrs, char *, attrs->ngroups + 1);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = sss_parse_name(attrs, dom->names, list[c],
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek obj_domain = find_domain_by_name(parent_domain, domain, true);
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_name failed.\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek attrs->groups[gc] = sss_create_internal_fqname(attrs->groups,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "BER tag is [%d]\n", (int) tag);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "get_extra_attrs failed.\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozekstatic errno_t add_v1_group_data(BerElement *ber,
abee3216261e3378430e472f0c992470b33976f0Sumit Bose for (attrs->ngroups = 0; list[attrs->ngroups] != NULL;
abee3216261e3378430e472f0c992470b33976f0Sumit Bose attrs->a.group.gr_mem = talloc_zero_array(attrs, char *,
abee3216261e3378430e472f0c992470b33976f0Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = sss_parse_name(attrs, dom->names, list[c],
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek sss_create_internal_fqname(attrs->a.group.gr_mem,
abee3216261e3378430e472f0c992470b33976f0Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
abee3216261e3378430e472f0c992470b33976f0Sumit Bose attrs->a.group.gr_mem = talloc_zero_array(attrs, char *, 1);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "BER tag is [%d]\n", (int) tag);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "get_extra_attrs failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bosestatic errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestatic errno_t s2n_response_to_attrs(TALLOC_CTX *mem_ctx,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Missing OID or data.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose } else if (strcmp(retoid, EXOP_SID2NAME_OID) == 0) {
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose "Result has wrong OID, expected [%s] or [%s], got [%s].\n",
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose EXOP_SID2NAME_OID, EXOP_SID2NAME_V1_OID, retoid);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ber_init failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ber_scanf failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose tag = ber_scanf(ber, "{aaii", &domain_name, &name, &uid, &gid);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ber_scanf failed.\n");
ac7a7ee3d1e138818a1ed78758f7dd3c3306a56bSumit Bose /* Winbind is not consistent with the case of the returned user
ac7a7ee3d1e138818a1ed78758f7dd3c3306a56bSumit Bose * name. In general all names should be lower case but there are
ac7a7ee3d1e138818a1ed78758f7dd3c3306a56bSumit Bose * bug in some version of winbind which might lead to upper case
ac7a7ee3d1e138818a1ed78758f7dd3c3306a56bSumit Bose * letters in the name. To be on the safe side we explicitly
ac7a7ee3d1e138818a1ed78758f7dd3c3306a56bSumit Bose * lowercase the name. */
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek lc_name = sss_tc_utf8_str_tolower(attrs, name);
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek attrs->a.user.pw_name = sss_create_internal_fqname(attrs,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "add_v1_user_data failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose tag = ber_scanf(ber, "{aai", &domain_name, &name, &gid);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ber_scanf failed.\n");
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose /* Winbind is not consistent with the case of the returned user
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose * name. In general all names should be lower case but there are
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose * bug in some version of winbind which might lead to upper case
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose * letters in the name. To be on the safe side we explicitly
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose * lowercase the name. */
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek lc_name = sss_tc_utf8_str_tolower(attrs, name);
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek attrs->a.group.gr_name = sss_create_internal_fqname(attrs,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "add_v1_group_data failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ber_scanf failed.\n");
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose attrs->a.sid_str = talloc_strdup(attrs, sid_str);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose tag = ber_scanf(ber, "{aa}", &domain_name, &name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ber_scanf failed.\n");
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose attrs->a.name = sss_tc_utf8_str_tolower(attrs, name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sss_tc_utf8_str_tolower failed.\n");
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose while (ber_peek_tag(ber, &ber_len) == LBER_SEQUENCE) {
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose tag = ber_scanf(ber, "{aa}", &domain_name, &name);
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose fq_name = sss_create_internal_fqname(attrs, name, domain_name);
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose "sss_create_internal_fqname failed.\n");
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "[%s][%s][%s].\n", domain_name, name,
eb7095099b2dd0afb1d028dbc15d8c5a897d90f8Sumit Bose if (strcasecmp(root_domain->name, domain_name) != 0) {
eb7095099b2dd0afb1d028dbc15d8c5a897d90f8Sumit Bose ret = add_string_to_list(attrs, fq_name, &name_list);
3e3034199b44e01899ec7ba8152fef3738a0e093Jakub Hrozek ret = EOK; /* Free resources and continue in the loop */
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "add_to_name_list failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unexpected response type [%d].\n",
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose if (type != RESP_SID && type != RESP_NAME_LIST) {
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose attrs->domain_name = talloc_strdup(attrs, domain_name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
a04bef313508c423ed06cc54805a3b8106ab90cdJustin Stephensonstatic const char *ipa_s2n_reqtype2str(enum request_types request_type)
a04bef313508c423ed06cc54805a3b8106ab90cdJustin Stephenson return "REQ_SIMPLE";
a04bef313508c423ed06cc54805a3b8106ab90cdJustin Stephenson return "REQ_FULL";
a04bef313508c423ed06cc54805a3b8106ab90cdJustin Stephenson return "REQ_FULL_WITH_MEMBERS";
a04bef313508c423ed06cc54805a3b8106ab90cdJustin Stephenson return "Unknown request type";
b07bcd8b99590bd404733fa7ff1add37c55126bcPavel Březinastatic const char *ipa_s2n_reqinp2str(TALLOC_CTX *mem_ctx,
b07bcd8b99590bd404733fa7ff1add37c55126bcPavel Březina str = talloc_strdup(mem_ctx, req_input->inp.name);
b07bcd8b99590bd404733fa7ff1add37c55126bcPavel Březina str = talloc_strdup(mem_ctx, req_input->inp.secid);
b07bcd8b99590bd404733fa7ff1add37c55126bcPavel Březina str = talloc_strdup(mem_ctx, req_input->inp.cert);
b07bcd8b99590bd404733fa7ff1add37c55126bcPavel Březina str = talloc_asprintf(mem_ctx, "%u", req_input->inp.id);
b07bcd8b99590bd404733fa7ff1add37c55126bcPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic errno_t ipa_s2n_get_list_step(struct tevent_req *req);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic void ipa_s2n_get_list_get_override_done(struct tevent_req *subreq);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic void ipa_s2n_get_list_next(struct tevent_req *subreq);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic errno_t ipa_s2n_get_list_save_step(struct tevent_req *req);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic struct tevent_req *ipa_s2n_get_list_send(TALLOC_CTX *mem_ctx,
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose req = tevent_req_create(mem_ctx, &state, struct ipa_s2n_get_list_state);
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose if ((entry_type == BE_REQ_BY_SECID && list_type != REQ_INP_SECID)
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose || (entry_type != BE_REQ_BY_SECID && list_type == REQ_INP_SECID)) {
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose DEBUG(SSSDBG_OP_FAILURE, "Invalid parameter combination [%d][%d].\n",
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_step failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic errno_t ipa_s2n_get_list_step(struct tevent_req *req)
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose struct ipa_s2n_get_list_state *state = tevent_req_data(req,
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = sss_parse_name(state, state->dom->names, state->list[state->list_idx],
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name '%s' [%d]: %s\n",
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose state->obj_domain = find_domain_by_name(parent_domain,
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_name failed.\n");
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose id = strtouint32(state->list[state->list_idx], &endptr, 10);
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose DEBUG(SSSDBG_OP_FAILURE, "strtouint32 failed.\n");
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose state->req_input.inp.secid = state->list[state->list_idx];
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose state->obj_domain = find_domain_by_sid(parent_domain,
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose "find_domain_by_sid failed for SID [%s].\n",
eb7095099b2dd0afb1d028dbc15d8c5a897d90f8Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Unexpected input type [%d].\n",
3cd287313d93e29f9754feb46017dba2a039affdSumit Bose ret = s2n_encode_request(state, state->obj_domain->name, state->entry_type,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "s2n_encode_request failed.\n");
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose if (state->request_type == REQ_FULL_WITH_MEMBERS) {
eb7095099b2dd0afb1d028dbc15d8c5a897d90f8Sumit Bose "Sending request_type: [%s] for object [%s].\n",
1df6751f81f7d9c225463f76b9789b0cc7a0de8bSumit Bose subreq = ipa_s2n_exop_send(state, state->ev, state->sh, need_v1,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_exop_send failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_list_next, req);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic void ipa_s2n_get_list_next(struct tevent_req *subreq)
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose struct ipa_s2n_get_list_state *state = tevent_req_data(req,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose ret = ipa_s2n_exop_recv(subreq, state, &retoid, &retdata);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "s2n exop request failed.\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = s2n_response_to_attrs(state, state->dom, retoid, retdata,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "s2n_response_to_attrs failed.\n");
cd83aead3c9799ac05d8f8977dbb92bbd399c6d5Justin Stephenson DEBUG(SSSDBG_TRACE_FUNC, "Received [%s] attributes from IPA server.\n",
9ac2a33f4cdc4941fa63118dcffe8058854f33c4Michal Židek if (is_default_view(state->ipa_ctx->view_name)) {
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_save_step failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_get_string(state->attrs->sysdb_attrs, SYSDB_SID_STR,
ef019268d2d112ebff3577e551cd19478d73d93bJakub Hrozek "Object [%s] has no SID, please check the "
ef019268d2d112ebff3577e551cd19478d73d93bJakub Hrozek "ipaNTSecurityIdentifier attribute on the server-side",
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ret = get_dp_id_data_for_sid(state, sid_str, state->obj_domain->name, &ar);
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose subreq = ipa_get_ad_override_send(state, state->ev,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose dp_opt_get_string(state->ipa_ctx->ipa_options->basic,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_list_get_override_done, req);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic void ipa_s2n_get_list_get_override_done(struct tevent_req *subreq)
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose struct ipa_s2n_get_list_state *state = tevent_req_data(req,
d8ceb194023a2cdc8bc183acc322e9a7fb6fe2b1Sumit Bose ret = ipa_get_ad_override_recv(subreq, NULL, state, &state->override_attrs);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_save_step failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic errno_t ipa_s2n_get_list_save_step(struct tevent_req *req)
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose struct ipa_s2n_get_list_state *state = tevent_req_data(req,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = ipa_s2n_save_objects(state->dom, &state->req_input, state->attrs,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_step failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic int ipa_s2n_get_list_recv(struct tevent_req *req)
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestatic void ipa_s2n_get_user_done(struct tevent_req *subreq);
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestruct tevent_req *ipa_s2n_get_acct_info_send(TALLOC_CTX *mem_ctx,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose req = tevent_req_create(mem_ctx, &state, struct ipa_s2n_get_user_state);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose state->exop_timeout = dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose if (sdap_is_extension_supported(sh, EXOP_SID2NAME_V1_OID)) {
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose } else if (sdap_is_extension_supported(sh, EXOP_SID2NAME_OID)) {
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Extdom not supported on the server, "
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose "cannot resolve objects from trusted domains.\n");
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose /* Only REQ_SIMPLE is supported for BE_REQ_BY_CERT */
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose ret = s2n_encode_request(state, dom->name, entry_type, state->request_type,
b07bcd8b99590bd404733fa7ff1add37c55126bcPavel Březina "Sending request_type: [%s] for trust user [%s] to IPA server\n",
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose subreq = ipa_s2n_exop_send(state, state->ev, state->sh, is_v1,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_exop_send failed.\n");
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_user_done, req);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bosestatic errno_t process_members(struct sss_domain_info *domain,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose const char *attrs[] = {SYSDB_NAME, SYSDB_OVERRIDE_DN, NULL};
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
942ebb62c8df766a22271103abd518ddae02ea3aSumit Bose if (_missing_members != NULL && mem_ctx != NULL) {
942ebb62c8df766a22271103abd518ddae02ea3aSumit Bose /* count members */
942ebb62c8df766a22271103abd518ddae02ea3aSumit Bose missing_members = talloc_zero_array(tmp_ctx, char *, c + 1);
942ebb62c8df766a22271103abd518ddae02ea3aSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_array_zero failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose obj_domain = find_domain_by_object_name(parent_domain, members[c]);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n");
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose ret = sysdb_search_user_by_name(tmp_ctx, obj_domain, members[c], attrs,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose && ldb_msg_find_attr_as_string(msg, SYSDB_OVERRIDE_DN,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose /* only add ghost if the member is really missing */
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Adding ghost member [%s]\n",
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose /* There were cases where the server returned the same user
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose * multiple times */
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose ret = sysdb_attrs_add_string_safe(group_attrs, SYSDB_GHOST,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose "sysdb_attrs_add_string failed.\n");
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose missing_members[miss_count] = talloc_strdup(missing_members,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_get_linearized failed.\n");
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "Adding member [%s][%s]\n",
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose ret = sysdb_attrs_add_string_safe(group_attrs, SYSDB_MEMBER,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose "sysdb_attrs_add_string_safe failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_user_by_name failed.\n");
942ebb62c8df766a22271103abd518ddae02ea3aSumit Bose *_missing_members = talloc_steal(mem_ctx, missing_members);
942ebb62c8df766a22271103abd518ddae02ea3aSumit Bose "Missing memory context for missing members list.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bosestatic errno_t get_group_dn_list(TALLOC_CTX *mem_ctx,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose const char *attrs[] = {SYSDB_NAME, SYSDB_OVERRIDE_DN, NULL};
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose dn_list = talloc_zero_array(tmp_ctx, struct ldb_dn *, ngroups + 1);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose missing_groups = talloc_zero_array(tmp_ctx, char *, ngroups + 1);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_array_zero failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose parent_domain = (dom->parent == NULL) ? dom : dom->parent;
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose for (c = 0; c < ngroups; c++) {
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose obj_domain = find_domain_by_object_name(parent_domain, groups[c]);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "find_domain_by_object_name failed.\n");
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose ret = sysdb_search_group_by_name(tmp_ctx, obj_domain, groups[c], attrs,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose && ldb_msg_find_attr_as_string(msg, SYSDB_OVERRIDE_DN,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose missing_groups[n_missing] = talloc_strdup(missing_groups,
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_copy failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_search_group_by_name failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose *_missing_groups = talloc_steal(mem_ctx, missing_groups);
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic void ipa_s2n_get_list_done(struct tevent_req *subreq);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bosestatic void ipa_s2n_get_user_get_override_done(struct tevent_req *subreq);
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bosestatic void ipa_s2n_get_user_done(struct tevent_req *subreq)
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Bose struct ipa_s2n_get_user_state *state = tevent_req_data(req,
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce ret = ipa_s2n_exop_recv(subreq, state, &retoid, &retdata);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "s2n exop request failed.\n");
21513e51a4a2eb08f245333bf8f223713a3d7cb3Sumit Bose "Maybe the server does not support lookups by "
21513e51a4a2eb08f245333bf8f223713a3d7cb3Sumit Bose "certificates.\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = s2n_response_to_attrs(state, state->dom, retoid, retdata,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "s2n_response_to_attrs failed.\n");
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose if (!(strcasecmp(state->dom->name, attrs->domain_name) == 0 ||
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose strcasecmp(state->dom->flat_name, attrs->domain_name) == 0))) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unexpected domain name returned, "
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose "expected [%s] or [%s], got [%s].\n",
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose if (attrs->response_type == RESP_USER_GROUPLIST) {
cd83aead3c9799ac05d8f8977dbb92bbd399c6d5Justin Stephenson DEBUG(SSSDBG_TRACE_FUNC, "Received [%zu] groups in group list "
cd83aead3c9799ac05d8f8977dbb92bbd399c6d5Justin Stephenson DEBUG(SSSDBG_TRACE_FUNC, "[%s].\n", attrs->groups[c]);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "get_group_dn_list failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose "ipa_s2n_get_list_send failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_list_done,
3cd287313d93e29f9754feb46017dba2a039affdSumit Bose } else if (attrs->response_type == RESP_GROUP_MEMBERS) {
3cd287313d93e29f9754feb46017dba2a039affdSumit Bose DEBUG(SSSDBG_OP_FAILURE, "process_members failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose "ipa_s2n_get_list_send failed.\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_list_done,
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose /* We already know the SID, we do not have to read it. */
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose ret = s2n_encode_request(state, state->dom->name, state->entry_type,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose subreq = ipa_s2n_exop_send(state, state->ev, state->sh, false,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_exop_send failed.\n");
e2f6326ea56217afab7623c542a237ee84eb74daSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_user_done, req);
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = s2n_response_to_attrs(state, state->dom, retoid, retdata,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "s2n_response_to_attrs failed.\n");
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose if (state->simple_attrs->response_type == RESP_NAME_LIST
eb7095099b2dd0afb1d028dbc15d8c5a897d90f8Sumit Bose /* No results from sub-domains, nothing to do */
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose ret = sysdb_attrs_add_base64_blob(state->mapped_attrs,
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_add_base64_blob failed.\n");
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose "ipa_s2n_get_list_send failed.\n");
2cf7becc05996eb6d8a3352d3d7b97c75652e590Sumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_list_done,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected request type.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Missing data of full request.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose && state->simple_attrs->response_type == RESP_SID) {
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_get_string(state->attrs->sysdb_attrs, SYSDB_SID_STR,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose } else if (state->req_input->type == REQ_INP_SECID) {
9ac2a33f4cdc4941fa63118dcffe8058854f33c4Michal Židek if (ret == ENOENT || is_default_view(state->ipa_ctx->view_name)) {
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ret = get_dp_id_data_for_sid(state, sid_str, state->dom->name, &ar);
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose subreq = ipa_get_ad_override_send(state, state->ev,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose dp_opt_get_string(state->ipa_ctx->ipa_options->basic,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_user_get_override_done,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bosestatic errno_t get_groups_dns(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom,
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose /* To handle cross-domain memberships we have to check the domain for
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose * each group the member should be added or deleted. Since sub-domains
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose * use fully-qualified names by default any short name can only belong
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose * to the root/head domain. find_domain_by_object_name() will return
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose * the domain given in the first argument if the second argument is a
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose * a short name hence we always use root_domain as first argument. */
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose "Root domain uses fully-qualified names, " \
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose "objects might not be correctly added to groups with " \
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose "short names.\n");
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose dn_list = talloc_zero_array(tmp_ctx, char *, c + 1);
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_zero_array failed.\n");
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose dom = find_domain_by_object_name(root_domain, name_list[c]);
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose /* If the group name is overridden in the default view we have to
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose * search for the name and cannot construct it because the extdom
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose * plugin will return the overridden name but the DN of the related
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose * group object in the cache will contain the original name. */
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose ret = sysdb_search_group_by_name(tmp_ctx, dom, name_list[c], NULL,
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose dn_list[c] = ldb_dn_alloc_linearized(dn_list, msg->dn);
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose /* best effort, try to construct the DN */
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose "sysdb_search_group_by_name failed with [%d], "
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose "generating DN for [%s] in domain [%s].\n",
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose dn_list[c] = sysdb_group_strdn(dn_list, dom->name, name_list[c]);
f29040342a6d69e170f4543662621f2e27221f91Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ldb_dn_alloc_linearized failed.\n");
3fe2e555edd3963d72483600e5d9616873afd00aSumit Bose DEBUG(SSSDBG_TRACE_ALL, "Added [%s][%s].\n", name_list[c], dn_list[c]);
9a310913d696d190db14c625080678db853a33fdSumit Bosestatic errno_t add_emails_to_aliases(struct sysdb_attrs *attrs,
9a310913d696d190db14c625080678db853a33fdSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
9a310913d696d190db14c625080678db853a33fdSumit Bose ret = sysdb_attrs_get_string_array(attrs, SYSDB_USER_EMAIL, tmp_ctx,
9a310913d696d190db14c625080678db853a33fdSumit Bose ret = sysdb_attrs_add_lc_name_alias_safe(attrs, emails[c]);
9a310913d696d190db14c625080678db853a33fdSumit Bose "Failed to add lower-cased version of email [%s] "
9a310913d696d190db14c625080678db853a33fdSumit Bose DEBUG(SSSDBG_TRACE_ALL, "No email addresses available.\n");
9a310913d696d190db14c625080678db853a33fdSumit Bose "sysdb_attrs_get_string_array failed, skipping ...\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bosestatic errno_t ipa_s2n_save_objects(struct sss_domain_info *dom,
56f015ef6a161e01681f79e4ea0d1b642f9737b4Fabiano Fidêncio /* The list of elements that might be missing are:
56f015ef6a161e01681f79e4ea0d1b642f9737b4Fabiano Fidêncio * - SYSDB_ORIG_MEMBEROF
56f015ef6a161e01681f79e4ea0d1b642f9737b4Fabiano Fidêncio * - SYSDB_SSH_PUBKEY
43003851129556acea15539a1dc0d4350d54cac8Sumit Bose * - SYSDB_USER_CERT
56f015ef6a161e01681f79e4ea0d1b642f9737b4Fabiano Fidêncio * Note that the list includes the trailing NULL at the end. */
43003851129556acea15539a1dc0d4350d54cac8Sumit Bose const char *missing[] = {NULL, NULL, NULL, NULL};
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_new_attrs failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_TRACE_ALL, "Found original AD name [%s].\n", name);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
aedc71fe8360a51785933523f14bb5c4e7e2c38bSumit Bose ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs,
aedc71fe8360a51785933523f14bb5c4e7e2c38bSumit Bose "sysdb_attrs_add_lc_name_alias_safe failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_get_string(attrs->sysdb_attrs, SYSDB_UPN, &tmp_str);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_TRACE_ALL, "Found original AD upn [%s].\n", upn);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
b2c5e98def89a0c3d16f5cf7e07ce2020338b540Jakub Hrozek if (strcmp(dom->name, attrs->domain_name) != 0) {
b2c5e98def89a0c3d16f5cf7e07ce2020338b540Jakub Hrozek dom = find_domain_by_name(get_domains_head(dom),
b2c5e98def89a0c3d16f5cf7e07ce2020338b540Jakub Hrozek "Cannot find domain: [%s]\n", attrs->domain_name);
5cd660aaa885bca95ac3dca660bb77e5786d5f8eLukas Slebodnik homedir_ctx.username = attrs->a.user.pw_name;
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose homedir_ctx.config_homedir_substr = dom->homedir_substr;
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose attrs->a.user.pw_dir = expand_homedir_template(attrs,
aedc71fe8360a51785933523f14bb5c4e7e2c38bSumit Bose ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name);
aedc71fe8360a51785933523f14bb5c4e7e2c38bSumit Bose "sysdb_attrs_add_lc_name_alias_safe failed.\n");
9a310913d696d190db14c625080678db853a33fdSumit Bose ret = add_emails_to_aliases(attrs->sysdb_attrs, dom);
9a310913d696d190db14c625080678db853a33fdSumit Bose "add_emails_to_aliases failed, skipping ...\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose /* We also have to store a fake UPN here, because otherwise the
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose * krb5 child later won't be able to properly construct one as
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose * the username is fully qualified but the child doesn't have
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose * access to the regex to deconstruct it */
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose /* FIXME: The real UPN is available from the PAC, we should get
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose * it from there. */
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "failed to get realm.\n");
0302e3e7b3b06b809bd63c7911a42ab3e0a7ebf9Jakub Hrozek ret = sss_parse_internal_fqname(tmp_ctx, attrs->a.user.pw_name,
0302e3e7b3b06b809bd63c7911a42ab3e0a7ebf9Jakub Hrozek "Cannot parse internal name %s\n",
0302e3e7b3b06b809bd63c7911a42ab3e0a7ebf9Jakub Hrozek upn = talloc_asprintf(tmp_ctx, "%s@%s", short_name, realm);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "failed to format UPN.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose /* We might already have the SID or the UPN from other sources
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose * hence sysdb_attrs_add_string_safe is used to avoid double
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose * entries. */
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_add_string_safe(attrs->sysdb_attrs, SYSDB_UPN,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose "sysdb_attrs_add_string failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_add_string_safe(attrs->sysdb_attrs,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose "sysdb_attrs_add_string failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_add_string_safe(attrs->sysdb_attrs,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose "sysdb_attrs_add_string failed.\n");
62d919aea98edd1095f6a22241903d4c045b46edSumit Bose /* Since RESP_USER_GROUPLIST contains all group memberships it
62d919aea98edd1095f6a22241903d4c045b46edSumit Bose * is effectively an initgroups request hence
62d919aea98edd1095f6a22241903d4c045b46edSumit Bose * SYSDB_INITGR_EXPIRE will be set.*/
62d919aea98edd1095f6a22241903d4c045b46edSumit Bose "sysdb_attrs_add_time_t failed.\n");
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose /* The extdom plugin always returns the objects with the
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose * default view applied. Since the GID is handled specially
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose * for MPG domains we have add any overridden GID separately.
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose ret = sysdb_attrs_get_uint32_t(attrs->sysdb_attrs,
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose if ((orig_gid != 0 && orig_gid != attrs->a.user.pw_gid)
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose || attrs->a.user.pw_uid != attrs->a.user.pw_gid) {
ba818cc39dfe94c2b8613f4badf7912811f0f737Sumit Bose "sysdb_new_attrs failed.\n");
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose "sysdb_attrs_add_uint32 failed.\n");
034dcabb40e654a95f3714d871db471ff7bf97f8Sumit Bose "sysdb_attrs_get_uint32_t failed.\n");
56f015ef6a161e01681f79e4ea0d1b642f9737b4Fabiano Fidêncio missing[missing_count++] = SYSDB_ORIG_MEMBEROF;
56f015ef6a161e01681f79e4ea0d1b642f9737b4Fabiano Fidêncio ret = sysdb_attrs_get_el_ext(attrs->sysdb_attrs,
56f015ef6a161e01681f79e4ea0d1b642f9737b4Fabiano Fidêncio missing[missing_count++] = SYSDB_SSH_PUBKEY;
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek /* This handles the case where getgrgid() was called for
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek * this user, so a group was created in the cache
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek ret = sysdb_search_group_by_name(tmp_ctx, dom, name, NULL, &msg);
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek /* Fail even on ENOENT, the group must be around */
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek "Could not delete MPG group [%d]: %s\n",
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek ret = sysdb_delete_group(dom, NULL, attrs->a.user.pw_uid);
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek "sysdb_delete_group failed for MPG group [%d]: %s\n",
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek "sysdb_store_user failed for MPG user [%d]: %s\n",
6fe057efb981ee4b45dcadf131c03f8501fce28dJakub Hrozek "sysdb_store_user failed [%d]: %s\n",
415d93196533a6fcd90889c67396ef5af5bf791aSumit Bose ret = sysdb_set_user_attr(dom, name, mapped_attrs,
415d93196533a6fcd90889c67396ef5af5bf791aSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_user_attr failed.\n");
ba818cc39dfe94c2b8613f4badf7912811f0f737Sumit Bose ret = sysdb_set_user_attr(dom, name, gid_override_attrs,
ba818cc39dfe94c2b8613f4badf7912811f0f737Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_set_user_attr failed.\n");
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose if (attrs->response_type == RESP_USER_GROUPLIST) {
a52226c651308a0a7732544b492eb4db56b84f1dSumit Bose ret = get_sysdb_grouplist_dn(tmp_ctx, dom->sysdb, dom, name,
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "get_sysdb_grouplist failed.\n");
a52226c651308a0a7732544b492eb4db56b84f1dSumit Bose ret = get_groups_dns(tmp_ctx, dom, attrs->groups, &groups_dns);
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "get_groups_dns failed.\n");
a52226c651308a0a7732544b492eb4db56b84f1dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "diff_string_lists failed.\n");
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_TRACE_INTERNAL, "Updating memberships for %s\n",
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose ret = sysdb_update_members_dn(dom, name, SYSDB_MEMBER_USER,
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose (const char *const *) add_groups_dns,
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose (const char *const *) del_groups_dns);
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Membership update failed [%d]: %s\n",
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
35863245aa8b8404caedfc95e68b3aa5af14542eJakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, "Processing group %s\n", name);
aedc71fe8360a51785933523f14bb5c4e7e2c38bSumit Bose ret = sysdb_attrs_add_lc_name_alias_safe(attrs->sysdb_attrs, name);
aedc71fe8360a51785933523f14bb5c4e7e2c38bSumit Bose "sysdb_attrs_add_lc_name_alias_safe failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose /* We might already have the SID from other sources hence
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose * sysdb_attrs_add_string_safe is used to avoid double entries. */
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_add_string_safe(attrs->sysdb_attrs,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose "sysdb_attrs_add_string failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_add_string_safe(attrs->sysdb_attrs,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose "sysdb_attrs_add_string failed.\n");
919b5d76057d31877e0c25ca495711ff76c713d6Sumit Bose ret = process_members(dom, is_default_view(view_name),
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "process_members failed.\n");
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose ret = sysdb_store_group(dom, name, attrs->a.group.gr_gid,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_group failed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unexpected response type [%d].\n",
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_get_string(attrs->sysdb_attrs, SYSDB_SID_STR, &sid_str);
0c5f463e9629ac08d647c70cffb30bccdd57ae96Justin Stephenson "Cannot find SID of object.\n");
0c5f463e9629ac08d647c70cffb30bccdd57ae96Justin Stephenson "Object [%s] has no SID, please check the "
0c5f463e9629ac08d647c70cffb30bccdd57ae96Justin Stephenson "ipaNTSecurityIdentifier attribute on the server-side.\n",
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_search_object_by_sid(tmp_ctx, dom, sid_str, NULL, &res);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose "Cannot find object with override with SID [%s].\n", sid_str);
2ab9a4538eb2e1a255e645f7efdcfd6bb722d265Sumit Bose /* For the default view the data return by the extdom plugin already
2ab9a4538eb2e1a255e645f7efdcfd6bb722d265Sumit Bose * contains all needed data and it is not expected to have a separate
2ab9a4538eb2e1a255e645f7efdcfd6bb722d265Sumit Bose * override object. */
2ab9a4538eb2e1a255e645f7efdcfd6bb722d265Sumit Bose ret = sysdb_store_override(dom, view_name, type, override_attrs,
2ab9a4538eb2e1a255e645f7efdcfd6bb722d265Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_store_override failed.\n");
ad463501d3bdea4c24c17d792efc1c3e65c08c19Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
aa0f39c7c09a55efc8d2282ca56e0e93e220aebaSumit Bosestatic void ipa_s2n_get_list_done(struct tevent_req *subreq)
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose struct ipa_s2n_get_user_state *state = tevent_req_data(req,
f1f22df95996390f63266ebacb624e521d934592Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "s2n get_fqlist request failed.\n");
eb7095099b2dd0afb1d028dbc15d8c5a897d90f8Sumit Bose /* If this is a request by certificate we are done */
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = sysdb_attrs_get_string(state->attrs->sysdb_attrs, SYSDB_SID_STR,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ret = get_dp_id_data_for_sid(state, sid_str, state->dom->name, &ar);
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "get_dp_id_data_for_sid failed.\n");
9ac2a33f4cdc4941fa63118dcffe8058854f33c4Michal Židek && !is_default_view(state->ipa_ctx->view_name)) {
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose subreq = ipa_get_ad_override_send(state, state->ev,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose dp_opt_get_string(state->ipa_ctx->ipa_options->basic,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override_send failed.\n");
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose tevent_req_set_callback(subreq, ipa_s2n_get_user_get_override_done,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bosestatic void ipa_s2n_get_user_get_override_done(struct tevent_req *subreq)
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose struct ipa_s2n_get_user_state *state = tevent_req_data(req,
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose ret = ipa_get_ad_override_recv(subreq, NULL, state, &override_attrs);
9c8db0a17a66c58c36966b17d004142a4aaace8dSumit Bose DEBUG(SSSDBG_OP_FAILURE, "IPA override lookup failed: %d\n", ret);
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose ret = ipa_s2n_save_objects(state->dom, state->req_input, state->attrs,
28c70f003c7b330ab1d998a4eff1248d272a6ba9Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_save_objects failed.\n");
36a12aea020a935ffa40505fa02860c3d921ad0cSumit Boseint ipa_s2n_get_acct_info_recv(struct tevent_req *req)
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bosestatic void ipa_get_subdom_acct_process_pac_done(struct tevent_req *subreq);
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bosestruct tevent_req *ipa_get_subdom_acct_process_pac_send(TALLOC_CTX *mem_ctx,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose struct ipa_get_subdom_acct_process_pac_state *state;
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose ret = ad_get_pac_data_from_user_entry(state, user_msg,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ad_get_pac_data_from_user_entry failed.\n");
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose ret = sdap_ad_tokengroups_get_posix_members(state, state->dom,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose "sdap_ad_tokengroups_get_posix_members failed.\n");
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose ret = sdap_ad_tokengroups_update_members(state->username,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose DEBUG(SSSDBG_MINOR_FAILURE, "Membership update failed [%d]: %s\n",
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose subreq = ipa_s2n_get_list_send(state, state->ev, ipa_ctx, state->dom,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose dp_opt_get_int(ipa_ctx->sdap_id_ctx->opts->basic,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_s2n_get_list_send failed.\n");
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose tevent_req_set_callback(subreq, ipa_get_subdom_acct_process_pac_done, req);
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bosestatic void ipa_get_subdom_acct_process_pac_done(struct tevent_req *subreq)
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose struct ipa_get_subdom_acct_process_pac_state *state = tevent_req_data(req,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "s2n get_fqlist request failed.\n");
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose ret = sdap_ad_tokengroups_get_posix_members(state, state->dom,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose "sdap_ad_tokengroups_get_posix_members failed [%d]: %s\n",
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose state->cached_groups = concatenate_string_array(state,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose /* update membership of existing groups */
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose ret = sdap_ad_tokengroups_update_members(state->username,
c371993cce13edb9185a5f0db76fbee03f0edc04Sumit Bose DEBUG(SSSDBG_MINOR_FAILURE, "Membership update failed [%d]: %s\n",