0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose IPA Identity Backend Module for views and overrides
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose Sumit Bose <sbose@redhat.com>
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose Copyright (C) 2014 Red Hat
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose This program is free software; you can redistribute it and/or modify
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose it under the terms of the GNU General Public License as published by
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose the Free Software Foundation; either version 3 of the License, or
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose (at your option) any later version.
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose This program is distributed in the hope that it will be useful,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose GNU General Public License for more details.
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose You should have received a copy of the GNU General Public License
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
3d29430867cf92b2d71afa95abb679711231117cPavel Březinastatic errno_t dp_id_data_to_override_filter(TALLOC_CTX *mem_ctx,
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = sss_parse_internal_fqname(mem_ctx, ar->filter_value,
c2dec0dc740ba426f26563563c0aea3a38f3c3c1Sumit Bose ret = sss_filter_sanitize(mem_ctx, shortname, &sanitized_name);
c2dec0dc740ba426f26563563c0aea3a38f3c3c1Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sss_filter_sanitize failed.\n");
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_USER_NAME].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%s))",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_NAME].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(|(%s=%s)(%s=%s)))",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_USER_NAME].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_NAME].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected entry type [%d] for name filter.\n",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose if (errno != 0|| *endptr != '\0' || (ar->filter_value == endptr)) {
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Invalid id value [%s].\n",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=%"PRIu32"))",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_UID_NUMBER].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_OC_OVERRIDE_GROUP].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_GID_NUMBER].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose "(&(objectClass=%s)(|(%s=%"PRIu32")(%s=%"PRIu32")))",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_UID_NUMBER].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_GROUP_GID_NUMBER].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose "Unexpected entry type [%d] for id filter.\n",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_BY_SECID) {
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=:SID:%s))",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_ANCHOR_UUID].name,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose "Unexpected entry type [%d] for SID filter.\n",
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_BY_UUID) {
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)(%s=:IPA:%s:%s))",
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_ANCHOR_UUID].name,
acebf94a16c91b17c7c082538ab3083ee26aa992Sumit Bose "Unexpected entry type [%d] for UUID filter.\n",
a1210c8db81a1cc0b45eb62a8450abcdea3afc7bSumit Bose if ((ar->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_BY_CERT) {
a1210c8db81a1cc0b45eb62a8450abcdea3afc7bSumit Bose ret = sss_cert_derb64_to_ldap_filter(mem_ctx, ar->filter_value,
a1210c8db81a1cc0b45eb62a8450abcdea3afc7bSumit Bose ipa_opts->override_map[IPA_AT_OVERRIDE_USER_CERT].name,
a1210c8db81a1cc0b45eb62a8450abcdea3afc7bSumit Bose "sss_cert_derb64_to_ldap_filter failed.\n");
a1210c8db81a1cc0b45eb62a8450abcdea3afc7bSumit Bose filter = talloc_asprintf(mem_ctx, "(&(objectClass=%s)%s)",
a1210c8db81a1cc0b45eb62a8450abcdea3afc7bSumit Bose ipa_opts->override_map[IPA_OC_OVERRIDE_USER].name,
a1210c8db81a1cc0b45eb62a8450abcdea3afc7bSumit Bose "Unexpected entry type [%d] for certificate filter.\n",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_OP_FAILURE, "Invalid sub-domain filter type.\n");
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
3d29430867cf92b2d71afa95abb679711231117cPavel Březinastatic errno_t get_dp_id_data_for_xyz(TALLOC_CTX *mem_ctx, const char *val,
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
1c82a31a254c2fca6dfa3e3b52986b75221d8742Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported request type [%d].\n", type);
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose if (ar->filter_value == NULL || ar->domain == NULL) {
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
3d29430867cf92b2d71afa95abb679711231117cPavel Březinaerrno_t get_dp_id_data_for_sid(TALLOC_CTX *mem_ctx, const char *sid,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina return get_dp_id_data_for_xyz(mem_ctx, sid, domain_name, BE_REQ_BY_SECID,
3d29430867cf92b2d71afa95abb679711231117cPavel Březinaerrno_t get_dp_id_data_for_uuid(TALLOC_CTX *mem_ctx, const char *uuid,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina return get_dp_id_data_for_xyz(mem_ctx, uuid, domain_name, BE_REQ_BY_UUID,
3d29430867cf92b2d71afa95abb679711231117cPavel Březinaerrno_t get_dp_id_data_for_user_name(TALLOC_CTX *mem_ctx,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina return get_dp_id_data_for_xyz(mem_ctx, user_name, domain_name, BE_REQ_USER,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bosestatic void ipa_get_ad_override_connect_done(struct tevent_req *subreq);
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozekstatic errno_t ipa_get_ad_override_qualify_name(
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bosestatic void ipa_get_ad_override_done(struct tevent_req *subreq);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bosestruct tevent_req *ipa_get_ad_override_send(TALLOC_CTX *mem_ctx,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose req = tevent_req_create(mem_ctx, &state, struct ipa_get_ad_override_state);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "tevent_req_create failed.\n");
44329653f423c632b027065a9c0ea0bf4199396aSumit Bose DEBUG(SSSDBG_TRACE_ALL, "View not defined, nothing to do.\n");
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create failed\n");
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_connect_send failed: %d(%s).\n",
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose tevent_req_set_callback(subreq, ipa_get_ad_override_connect_done, req);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bosestatic void ipa_get_ad_override_connect_done(struct tevent_req *subreq)
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose struct ipa_get_ad_override_state *state = tevent_req_data(req,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose struct ipa_options *ipa_opts = state->ipa_options;
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose ret = sdap_id_op_connect_recv(subreq, &state->dp_error);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose "No IPA server is available, going offline\n");
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose "Failed to connect to IPA server: [%d](%s)\n",
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose ret = domain_to_basedn(state, state->ipa_realm, &basedn);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "domain_to_basedn failed.\n");
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose search_base = talloc_asprintf(state, "cn=%s,%s", state->ipa_view_name,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
3d29430867cf92b2d71afa95abb679711231117cPavel Březina ret = dp_id_data_to_override_filter(state, state->ipa_options, state->ar,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina DEBUG(SSSDBG_OP_FAILURE, "dp_id_data_to_override_filter failed.\n");
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose "Searching for overrides in view [%s] with filter [%s].\n",
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose subreq = sdap_get_generic_send(state, state->ev, state->sdap_id_ctx->opts,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "sdap_get_generic_send failed.\n");
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose tevent_req_set_callback(subreq, ipa_get_ad_override_done, req);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bosestatic void ipa_get_ad_override_done(struct tevent_req *subreq)
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose struct tevent_req *req = tevent_req_callback_data(subreq,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose struct ipa_get_ad_override_state *state = tevent_req_data(req,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_get_ad_override request failed.\n");
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_TRACE_ALL, "No override found with filter [%s].\n",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose "Found [%zu] overrides with filter [%s], expected only 1.\n",
ed4a9bd4d0f7fb359bed66a8d63a92e7be633aaeSumit Bose DEBUG(SSSDBG_TRACE_ALL, "Found override for object with filter [%s].\n",
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Cannot qualify object name\n");
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozekstatic errno_t ipa_get_ad_override_qualify_name(
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek ret = sysdb_attrs_get_el_ext(state->override_attrs, SYSDB_NAME,
c125e741d3111e2f9b56866ba00835ca05c6f349Jakub Hrozek fqdn = sss_create_internal_fqname(name->values,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Boseerrno_t ipa_get_ad_override_recv(struct tevent_req *req, int *dp_error_out,
0f3df54840ec9a050cc0b1b68269c3f28c859e64Sumit Bose struct ipa_get_ad_override_state *state = tevent_req_data(req,