providers/ldap/ldap_common.h

	ldap_common.h revision 41be4e3976cf66823ad2c6880671ac7fbafdc640
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce/*
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    SSSD
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    LDAP Common utility code
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    Copyright (C) Simo Sorce <ssorce@redhat.com> 2009
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    This program is free software; you can redistribute it and/or modify
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    it under the terms of the GNU General Public License as published by
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    the Free Software Foundation; either version 3 of the License, or
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    (at your option) any later version.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    This program is distributed in the hope that it will be useful,
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    but WITHOUT ANY WARRANTY; without even the implied warranty of
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    GNU General Public License for more details.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    You should have received a copy of the GNU General Public License
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce    along with this program.  If not, see <http://www.gnu.org/licenses/>.
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce*/
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce#ifndef _LDAP_COMMON_H_
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce#define _LDAP_COMMON_H_
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce#include "providers/dp_backend.h"
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce#include "providers/ldap/sdap.h"
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce#include "providers/ldap/sdap_id_op.h"
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce#include "providers/fail_over.h"
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce#include "providers/krb5/krb5_common.h"
edaadf8de0c86a2cfff2d29215775d42919476f3Pavel Březina#include "lib/idmap/sss_idmap.h"
edaadf8de0c86a2cfff2d29215775d42919476f3Pavel Březina
4ebab24f65b54720a6672898b76185462015ababPavel Březina#define PWD_POL_OPT_NONE "none"
75d66aea7accc842e68c88f085f9053112b20eccPavel Březina#define PWD_POL_OPT_SHADOW "shadow"
c1058e96679c7ed1372825bf5226ce7d28a8e6ffPavel Březina#define PWD_POL_OPT_MIT "mit_kerberos"
dee7a89098b698e756f63e4041734d7322ad8b1ePavel Březina
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce#define SSS_LDAP_SRV_NAME "ldap"
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce#define LDAP_STANDARD_URI "ldap://"
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce#define LDAP_SSL_URI "ldaps://"
2745b0156f12df7a7eb93d57716233243658e4d9Jakub Hrozek#define LDAP_LDAPI_URI "ldapi://"
22a21e910fd216ec1468fe769dcc29f1621a52a4Ondrej Kos
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce/* a fd the child process would log into */
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozekextern int ldap_child_debug_fd;
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorce
ab967283b710dfa05d11ee5b30c7ac916486ceecSimo Sorcestruct sdap_id_ctx {
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce    struct be_ctx *be;
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce    struct sdap_options *opts;
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce    struct fo_service *fo_service;
c6872e79e8496fd075e20aec0343ade99cca725cSimo Sorce    struct sdap_service *service;
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce
233a3c6c48972b177e60d6ef4cecfacd3cf31659Simo Sorce    /* If using GSSAPI */
7c69221077c780e62f6c536e78675f2dc1c131bcMichal Zidek    struct krb5_service *krb5_service;
7c69221077c780e62f6c536e78675f2dc1c131bcMichal Zidek
7c69221077c780e62f6c536e78675f2dc1c131bcMichal Zidek    /* LDAP connection cache */
aa7202c8ae677becd6c91d6a27a607fe0f3995eePavel Březina    struct sdap_id_conn_cache *conn_cache;
f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina
f9961e5f82e0ef474d6492371bfdf9e74e208a99Pavel Březina    /* enumeration loop timer */
7a4e3e29196e3abc1746714fcf93624edae89f93Lukas Slebodnik    struct timeval last_enum;
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek    /* cleanup loop timer */
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek    struct timeval last_purge;
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek
7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub Hrozek    struct sdap_server_opts *srv_opts;
dcc6877aa2e2dd63a9dc9c411a9c58feaeb36b9aStephen Gallagher};
bc30ce9b7d588a17e58012e699986f0d6898b791Pavel Březina
2a96981a0ac781d01e5bba473409ed2bdf4cd4e0Jakub Hrozekstruct sdap_auth_ctx {
e81deec535d11912b87954c81a1edd768c1386c9Jakub Hrozek    struct be_ctx *be;
4dd38025efda88f123eac672f87d3cda12f050c8Jakub Hrozek    struct sdap_options *opts;
4dd38025efda88f123eac672f87d3cda12f050c8Jakub Hrozek    struct sdap_service *service;
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozek    struct sdap_service *chpass_service;
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozek};
7a4e3e29196e3abc1746714fcf93624edae89f93Lukas Slebodnik
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elleyint sssm_ldap_id_init(struct be_ctx *bectx,
1319e71fd1680ca4864afe0b1aca2b8c8e4a1ee4Stef Walter                      struct bet_ops **ops,
0c1d65998907930678da2d091789446f2c344d5dJakub Hrozek                      void **pvt_data);
a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2Jakub Hrozek
f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozekvoid sdap_check_online(struct be_req *breq);
78a08d30b5fbf6e1e3b589e0cf67022e0c1faa33Michal Židekvoid sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx);
8394eddba54b5d3e3fda868145e3751247bdbdb2Michal Zidek
5a5c5cdeb92f4012fc75fd717bfea06598f68f12Pavel Reichlstruct tevent_req* sdap_reinit_cleanup_send(TALLOC_CTX *mem_ctx,
7a4e3e29196e3abc1746714fcf93624edae89f93Lukas Slebodnik                                            struct be_ctx *be_ctx,
1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek                                            struct sdap_id_ctx *id_ctx);
1243e093fd31c5660adf1bb3dd477d6935a755beJakub Hrozek
7a4e3e29196e3abc1746714fcf93624edae89f93Lukas Slebodnikerrno_t sdap_reinit_cleanup_recv(struct tevent_req *req);
979e8d8d6ed444007eeff6be5269e8dc5d2bdf68Pavel Reichl
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek/* id */
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozekvoid sdap_account_info_handler(struct be_req *breq);
64ea4127f463798410a2c20e0261c6b15f60257fJakub Hrozekvoid sdap_handle_account_info(struct be_req *breq, struct sdap_id_ctx *ctx);
a8d887323f83984679a7d9b827a70146656bb7b2Sumit Boseint sdap_id_setup_tasks(struct sdap_id_ctx *ctx);
b42bf6c0c01db08208fb81d8295a2909d307284aPavel Reichl
9118a539a5d59f669f551114f880fe91d6bb8741Jakub Hrozek/* auth */
b5825c74b6bf7a99ae2172392dbecb51179013a6Jakub Hrozekvoid sdap_pam_auth_handler(struct be_req *breq);
19e44537c28f6d5f011cd7ac885c74c1e892605fSimo Sorce
5f7cd30c865046a7ea69944f7e07c85b4c43465aSumit Bose/* chpass */
c30b7a1931211fdcae0564551a7625cc4f6dee9fJakub Hrozekvoid sdap_pam_chpass_handler(struct be_req *breq);
e732d23f3ec986a463d757781a334040e03d1f59Jakub Hrozek
e732d23f3ec986a463d757781a334040e03d1f59Jakub Hrozek/* access */
dd285415d7a8d8376207960cfa3e977524c3b98cJakub Hrozekvoid sdap_pam_access_handler(struct be_req *breq);
dd285415d7a8d8376207960cfa3e977524c3b98cJakub Hrozek
beec1ee5799570f34a51ea57674c7291c15f7022Jakub Hrozek/* autofs */
fcbcfa69f9291936f01f24b5fcb5a7672dca46f3Jakub Hrozekvoid sdap_autofs_handler(struct be_req *breq);
4714118890e51b365fbce543d0a042b4b59b2b25Michal Zidek
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidênciovoid sdap_handler_done(struct be_req *req, int dp_err,
41cd6072648bb7a9e14e56ed38004a2947f67657Jakub Hrozek                       int error, const char *errstr);
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncioint sdap_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
d4757440418c7b73bbecec7e40baf6dfe8cc9460Sumit Bose                      const char *service_name, const char *dns_service_name,
d4757440418c7b73bbecec7e40baf6dfe8cc9460Sumit Bose                      const char *urls, const char *backup_urls,
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek                      struct sdap_service **_service);
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozekint sdap_gssapi_init(TALLOC_CTX *mem_ctx,
b9c563c29243291f40489bb0dcbf3946fca72d58Jakub Hrozek                     struct dp_option *opts,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek                     struct be_ctx *bectx,
cac0db2f8004ae88b9263dc3888a11a2d3d3d114Jakub Hrozek                     struct sdap_service *sdap_service,
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina                     struct krb5_service **krb5_service);
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březinaerrno_t sdap_install_offline_callback(TALLOC_CTX *mem_ctx,
300b9e9217ee1ed8d845ed2370c5ccf5c87afb36Pavel Březina                                      struct be_ctx *be_ctx,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek                                      const char *realm,
0a0b34f5fbe8f4a8c533a7d65f0f2961ee264054Jakub Hrozek                                      const char *service_name);
2af80640f18966d65cf82106059ce3c060df93bfamitkuma
ccd349f0274217e1f0cc118e3a6045e2235ce420Fabiano Fidêncioerrno_t sdap_install_sigterm_handler(TALLOC_CTX *mem_ctx,
7650ded4ffa87fcf7ce5adf00920fecf89cffcf5Michal Zidek                                     struct tevent_context *ev,
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce                                     const char *realm);
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorcevoid sdap_remove_kdcinfo_files_callback(void *pvt);
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce/* options parser */
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorceint ldap_get_options(TALLOC_CTX *memctx,
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce                     struct confdb_ctx *cdb,
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce                     const char *conf_path,
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce                     struct sdap_options **_opts);
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorceint ldap_get_sudo_options(TALLOC_CTX *memctx,
8bcabb97d988d1602882a1f036aac2eaf5e09234Simo Sorce                          struct confdb_ctx *cdb,
                          const char *conf_path,
                          struct sdap_options *opts,
                          bool *use_host_filter,
                          bool *include_regexp,
                          bool *include_netgroups);

int ldap_get_autofs_options(TALLOC_CTX *memctx,
                            struct confdb_ctx *cdb,
                            const char *conf_path,
                            struct sdap_options *opts);

int ldap_id_enumerate_set_timer(struct sdap_id_ctx *ctx, struct timeval tv);
int ldap_id_cleanup_set_timer(struct sdap_id_ctx *ctx, struct timeval tv);

struct tevent_req *ldap_id_enumerate_send(struct tevent_context *ev,
                                          struct sdap_id_ctx *ctx);

void sdap_mark_offline(struct sdap_id_ctx *ctx);

struct tevent_req *users_get_send(TALLOC_CTX *memctx,
                                  struct tevent_context *ev,
                                  struct sdap_id_ctx *ctx,
                                  const char *name,
                                  int filter_type,
                                  int attrs_type);
int users_get_recv(struct tevent_req *req, int *dp_error_out);

struct tevent_req *groups_get_send(TALLOC_CTX *memctx,
                                   struct tevent_context *ev,
                                   struct sdap_id_ctx *ctx,
                                   const char *name,
                                   int filter_type,
                                   int attrs_type);
int groups_get_recv(struct tevent_req *req, int *dp_error_out);


struct tevent_req *ldap_netgroup_get_send(TALLOC_CTX *memctx,
                                          struct tevent_context *ev,
                                          struct sdap_id_ctx *ctx,
                                          const char *name);
int ldap_netgroup_get_recv(struct tevent_req *req, int *dp_error_out);

struct tevent_req *
services_get_send(TALLOC_CTX *mem_ctx,
                  struct tevent_context *ev,
                  struct sdap_id_ctx *id_ctx,
                  const char *name,
                  const char *protocol,
                  int filter_type);

errno_t
services_get_recv(struct tevent_req *req, int *dp_error_out);

/* setup child logging */
int setup_child(struct sdap_id_ctx *ctx);


errno_t string_to_shadowpw_days(const char *s, long *d);

errno_t get_sysdb_attr_name(TALLOC_CTX *mem_ctx,
                            struct sdap_attr_map *map,
                            size_t map_size,
                            const char *ldap_name,
                            char **sysdb_name);

errno_t list_missing_attrs(TALLOC_CTX *mem_ctx,
                           struct sdap_attr_map *map,
                           size_t map_size,
                           struct sysdb_attrs *recvd_attrs,
                           char ***missing_attrs);

bool sdap_is_secure_uri(const char *uri);

char *sdap_get_id_specific_filter(TALLOC_CTX *mem_ctx,
                                  const char *base_filter,
                                  const char *extra_filter);

errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count,
                         struct ldb_message **msgs,
                         struct sysdb_attrs ***attrs);

errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
                               struct dp_option *opts, int class,
                               struct sdap_search_base ***_search_bases);
errno_t common_parse_search_base(TALLOC_CTX *mem_ctx,
                                 const char *unparsed_base,
                                 const char *class_name,
                                 const char *old_filter,
                                 struct sdap_search_base ***_search_bases);

errno_t
sdap_attrs_get_sid_str(TALLOC_CTX *mem_ctx,
                       struct sdap_idmap_ctx *idmap_ctx,
                       struct sysdb_attrs *sysdb_attrs,
                       const char *sid_attr,
                       char **_sid_str);
#endif /* _LDAP_COMMON_H_ */