sdap.c revision 10b6b1fc57bb7c2edb4cfd0a0038303bd33722bc
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek/*
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek SSSD
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik LDAP Helper routines
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek Copyright (C) Simo Sorce <ssorce@redhat.com>
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek This program is free software; you can redistribute it and/or modify
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik it under the terms of the GNU General Public License as published by
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik the Free Software Foundation; either version 3 of the License, or
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek (at your option) any later version.
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek This program is distributed in the hope that it will be useful,
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek GNU General Public License for more details.
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik You should have received a copy of the GNU General Public License
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik along with this program. If not, see <http://www.gnu.org/licenses/>.
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik*/
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#include "util/util.h"
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek#include "confdb/confdb.h"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#include "providers/ldap/ldap_common.h"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik#include "providers/ldap/sdap.h"
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek/* =Retrieve-Options====================================================== */
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekint sdap_get_map(TALLOC_CTX *memctx,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek struct confdb_ctx *cdb,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek const char *conf_path,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek struct sdap_attr_map *def_map,
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek int num_entries,
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek struct sdap_attr_map **_map)
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sdap_attr_map *map;
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek char *name;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int i, ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik map = talloc_array(memctx, struct sdap_attr_map, num_entries);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!map) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek for (i = 0; i < num_entries; i++) {
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek map[i].opt_name = def_map[i].opt_name;
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek map[i].def_name = def_map[i].def_name;
261cdde02b40aa8dabb3d69e43586a5a220647e9Jakub Hrozek map[i].sys_name = def_map[i].sys_name;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = confdb_get_string(cdb, map, conf_path,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik map[i].opt_name,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik map[i].def_name,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik &name);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != EOK) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(0, ("Failed to retrieve value for %s\n", map[i].opt_name));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik talloc_zfree(map);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EINVAL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (name) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sss_filter_sanitize(map, name, &map[i].name);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != EOK) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("Could not sanitize attribute [%s]\n", name));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik talloc_zfree(map);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EINVAL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik talloc_zfree(name);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik map[i].name = NULL;
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (map[i].def_name && !map[i].name) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek DEBUG(0, ("Failed to retrieve value for %s\n", map[i].opt_name));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (ret != EOK) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek talloc_zfree(map);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek return EINVAL;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(5, ("Option %s has value %s\n", map[i].opt_name, map[i].name));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik *_map = map;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EOK;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik/* =Parse-msg============================================================= */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikint sdap_parse_entry(TALLOC_CTX *memctx,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sdap_handle *sh, struct sdap_msg *sm,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sdap_attr_map *map, int attrs_num,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sysdb_attrs **_attrs, char **_dn)
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sysdb_attrs *attrs;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik BerElement *ber = NULL;
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek struct berval **vals;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek struct ldb_val v;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik char *str;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int lerrno;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int a, i, ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik const char *name;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik bool store;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik lerrno = 0;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != LDAP_OPT_SUCCESS) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("ldap_set_option failed [%s], ignored.\n",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik sss_ldap_err2string(ret)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik attrs = sysdb_new_attrs(memctx);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!attrs) return ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik str = ldap_get_dn(sh->ldap, sm->msg);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!str) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("ldap_get_dn failed: %d(%s)\n",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik lerrno, sss_ldap_err2string(lerrno)));
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek ret = EIO;
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(9, ("OriginalDN: [%s].\n", str));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sysdb_attrs_add_string(attrs, SYSDB_ORIG_DN, str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret) goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (_dn) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik *_dn = talloc_strdup(memctx, str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!*_dn) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_memfree(str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_memfree(str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (map) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik vals = ldap_get_values_len(sh->ldap, sm->msg, "objectClass");
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!vals) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("Unknown entry type, no objectClasses found!\n"));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = EINVAL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (i = 0; vals[i]; i++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* the objectclass is always the first name in the map */
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (strncasecmp(map[0].name,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek vals[i]->bv_val, vals[i]->bv_len) == 0) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek /* ok it's an entry of the right type */
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!vals[i]) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("objectClass not matching: %s\n",
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek map[0].name));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ldap_value_free_len(vals);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = EINVAL;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_value_free_len(vals);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek str = ldap_first_attribute(sh->ldap, sm->msg, &ber);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!str) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("Entry has no attributes [%d(%s)]!?\n",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik lerrno, sss_ldap_err2string(lerrno)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (map) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = EINVAL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik while (str) {
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek if (map) {
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek for (a = 1; a < attrs_num; a++) {
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek /* check if this attr is valid with the chosen schema */
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek if (!map[a].name) continue;
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek /* check if it is an attr we are interested in */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (strcasecmp(str, map[a].name) == 0) break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* interesting attr */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (a < attrs_num) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik store = true;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik name = map[a].sys_name;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik store = false;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik name = NULL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik name = str;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik store = true;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (strstr(str, ";range=") != NULL) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("Attribute [%s] has range sub-attribute "
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik "which is currently not supported, skipping.\n", str));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik store = false;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (store) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik vals = ldap_get_values_len(sh->ldap, sm->msg, str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!vals) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (lerrno != LDAP_SUCCESS) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("LDAP Library error: %d(%s)",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik lerrno, sss_ldap_err2string(lerrno)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = EIO;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(5, ("Attribute [%s] has no values, skipping.\n", str));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!vals[0]) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("Missing value after ldap_get_values() ??\n"));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = EINVAL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (i = 0; vals[i]; i++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik v.data = (uint8_t *)vals[i]->bv_val;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik v.length = vals[i]->bv_len;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sysdb_attrs_add_val(attrs, name, &v);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret) goto fail;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_value_free_len(vals);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_memfree(str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik str = ldap_next_attribute(sh->ldap, sm->msg, ber);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ber_free(ber, 0);
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek if (lerrno) {
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek DEBUG(1, ("LDAP Library error: %d(%s)",
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek lerrno, sss_ldap_err2string(lerrno)));
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek ret = EIO;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek goto fail;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek }
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek *_attrs = attrs;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek return EOK;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekfail:
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek if (ber) ber_free(ber, 0);
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek talloc_free(attrs);
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek return ret;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek}
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek/* This function converts an ldap message into a sysdb_attrs structure.
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek * It converts only known user attributes, the rest are ignored.
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek * If the entry is not that of an user an error is returned.
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek * The original DN is stored as an attribute named originalDN */
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekint sdap_parse_user(TALLOC_CTX *memctx, struct sdap_options *opts,
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek struct sdap_handle *sh, struct sdap_msg *sm,
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek struct sysdb_attrs **_attrs, char **_dn)
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek{
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek return sdap_parse_entry(memctx, sh, sm, opts->user_map,
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek SDAP_OPTS_USER, _attrs, _dn);
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek}
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek/* This function converts an ldap message into a sysdb_attrs structure.
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek * It converts only known group attributes, the rest are ignored.
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek * If the entry is not that of an user an error is returned.
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek * The original DN is stored as an attribute named originalDN */
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekint sdap_parse_group(TALLOC_CTX *memctx, struct sdap_options *opts,
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek struct sdap_handle *sh, struct sdap_msg *sm,
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek struct sysdb_attrs **_attrs, char **_dn)
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek{
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek return sdap_parse_entry(memctx, sh, sm, opts->group_map,
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek SDAP_OPTS_GROUP, _attrs, _dn);
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek}
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek/* Parses an LDAPDerefRes into sdap_deref_attrs structure */
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozekerrno_t sdap_parse_deref(TALLOC_CTX *mem_ctx,
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek struct sdap_attr_map_info *minfo,
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek size_t num_maps,
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek LDAPDerefRes *dref,
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek struct sdap_deref_attrs ***_res)
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek{
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek TALLOC_CTX *tmp_ctx;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek LDAPDerefVal *dval;
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek const char *orig_dn;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek const char **ocs;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek struct sdap_attr_map *map;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek int num_attrs;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek struct ldb_val v;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek int ret, i, a, mi;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek const char *name;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek size_t len;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek struct sdap_deref_attrs **res;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!dref || !minfo) return EINVAL;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek tmp_ctx = talloc_new(NULL);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!tmp_ctx) return ENOMEM;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek res = talloc_array(tmp_ctx, struct sdap_deref_attrs *, num_maps);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!res) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek ret = ENOMEM;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek goto done;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek }
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek for (i=0; i < num_maps; i++) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek res[i] = talloc_zero(res, struct sdap_deref_attrs);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!res[i]) {
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek ret = ENOMEM;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek goto done;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek res[i]->map = minfo[i].map;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek }
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek if (!dref->derefVal.bv_val) {
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek DEBUG(2, ("Entry has no DN?\n"));
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek ret = EINVAL;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek goto done;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!dref->attrVals) {
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek DEBUG(2, ("Dereferenced entry has no attributes\n"));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = EINVAL;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek goto done;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek orig_dn = dref->derefVal.bv_val;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek DEBUG(7, ("Dereferenced DN: %s\n", orig_dn));
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek ocs = NULL;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek for (dval = dref->attrVals; dval != NULL; dval = dval->next) {
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if (strcasecmp("objectClass", dval->type) == 0) {
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if (dval->vals == NULL) {
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek DEBUG(4, ("No value for objectClass, skipping\n"));
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek continue;
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek }
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek for(len=0; dval->vals[len].bv_val; len++);
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek ocs = talloc_array(tmp_ctx, const char *, len+1);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!ocs) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = ENOMEM;
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek goto done;
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
4c9419d98b89a6161a3dde11f9f80be39d12e72aJakub Hrozek for (i=0; i<len; i++) {
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek DEBUG(9, ("Dereferenced objectClass value: %s\n",
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek dval->vals[i].bv_val));
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek ocs[i] = talloc_strdup(ocs, dval->vals[i].bv_val);
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if (!ocs[i]) {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek ret = ENOMEM;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek goto done;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek ocs[i] = NULL;
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek break;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if (!ocs) {
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek DEBUG(1, ("Unknown entry type, no objectClasses found!\n"));
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek ret = EINVAL;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek goto done;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek for (mi = 0; mi < num_maps; mi++) {
d25fa6f2608d5fe0617ada47f9d426f45deb96ffJakub Hrozek map = NULL;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek for (i=0; ocs[i]; i++) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek /* the objectclass is always the first name in the map */
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (strcasecmp(minfo[mi].map[0].name, ocs[i]) == 0) {
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek DEBUG(9, ("Found map for objectclass '%s'\n", ocs[i]));
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek map = minfo[mi].map;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek num_attrs = minfo[mi].num_attrs;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek break;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek if (!map) continue;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek res[mi]->attrs = sysdb_new_attrs(res[mi]);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!res[mi]->attrs) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = ENOMEM;
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek goto done;
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek }
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek ret = sysdb_attrs_add_string(res[mi]->attrs, SYSDB_ORIG_DN,
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozek orig_dn);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (ret) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik goto done;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (dval = dref->attrVals; dval != NULL; dval = dval->next) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek DEBUG(8, ("Dereferenced attribute: %s\n", dval->type));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (a = 1; a < num_attrs; a++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* check if this attr is valid with the chosen schema */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!map[a].name) continue;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek /* check if it is an attr we are interested in */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (strcasecmp(dval->type, map[a].name) == 0) break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* interesting attr */
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (a < num_attrs) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik name = map[a].sys_name;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik continue;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (dval->vals == NULL) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(4, ("No value for attribute %s, skipping\n", name));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik continue;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (i=0; dval->vals[i].bv_val; i++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(9, ("Dereferenced attribute value: %s\n",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik dval->vals[i].bv_val));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek v.data = (uint8_t *) dval->vals[i].bv_val;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik v.length = dval->vals[i].bv_len;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sysdb_attrs_add_val(res[mi]->attrs, name, &v);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret) goto done;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek }
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek *_res = talloc_steal(mem_ctx, res);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = EOK;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikdone:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik talloc_zfree(tmp_ctx);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek return ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik/* =Get-DN-from-message=================================================== */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
a23014d69b56cbdf48ad05229c334648b5309d8fJakub Hrozekint sdap_get_msg_dn(TALLOC_CTX *memctx, struct sdap_handle *sh,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sdap_msg *sm, char **_dn)
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek{
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek char *str;
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek int lerrno;
06c1952db1ab5598e3d68132f9c846bc59c94ef7Jakub Hrozek int ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek lerrno = 0;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = ldap_set_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek if (ret != LDAP_OPT_SUCCESS) {
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek DEBUG(1, ("ldap_set_option failed [%s], ignored.\n",
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek sss_ldap_err2string(ret)));
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek }
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek str = ldap_get_dn(sh->ldap, sm->msg);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!str) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ldap_get_option(sh->ldap, LDAP_OPT_RESULT_CODE, &lerrno);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("ldap_get_dn failed: %d(%s)\n",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik lerrno, sss_ldap_err2string(lerrno)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EIO;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik *_dn = talloc_strdup(memctx, str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_memfree(str);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!*_dn) return ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EOK;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikerrno_t setup_tls_config(struct dp_option *basic_opts)
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik{
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek int ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int ldap_opt_x_tls_require_cert;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik const char *tls_opt;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_REQCERT);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (tls_opt) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (strcasecmp(tls_opt, "never") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_NEVER;
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik else if (strcasecmp(tls_opt, "allow") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_ALLOW;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik else if (strcasecmp(tls_opt, "try") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_TRY;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek else if (strcasecmp(tls_opt, "demand") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_DEMAND;
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik else if (strcasecmp(tls_opt, "hard") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ldap_opt_x_tls_require_cert = LDAP_OPT_X_TLS_HARD;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("Unknown value for tls_reqcert.\n"));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EINVAL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* LDAP_OPT_X_TLS_REQUIRE_CERT has to be set as a global option,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek * because the SSL/TLS context is initialized from this value. */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_REQUIRE_CERT,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik &ldap_opt_x_tls_require_cert);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != LDAP_OPT_SUCCESS) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EIO;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CACERT);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (tls_opt) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTFILE, tls_opt);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (ret != LDAP_OPT_SUCCESS) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek return EIO;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CACERTDIR);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (tls_opt) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CACERTDIR, tls_opt);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != LDAP_OPT_SUCCESS) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EIO;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CERT);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (tls_opt) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CERTFILE, tls_opt);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != LDAP_OPT_SUCCESS) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek return EIO;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_KEY);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (tls_opt) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_KEYFILE, tls_opt);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != LDAP_OPT_SUCCESS) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EIO;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik tls_opt = dp_opt_get_string(basic_opts, SDAP_TLS_CIPHER_SUITE);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (tls_opt) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = ldap_set_option(NULL, LDAP_OPT_X_TLS_CIPHER_SUITE, tls_opt);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != LDAP_OPT_SUCCESS) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek DEBUG(1, ("ldap_set_option failed: %s\n", sss_ldap_err2string(ret)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EIO;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek return EOK;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikbool sdap_check_sup_list(struct sup_list *l, const char *val)
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int i;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!val) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return false;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (i = 0; i < l->num_vals; i++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (strcasecmp(val, (char *)l->vals[i])) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik continue;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return true;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return false;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikstatic int sdap_init_sup_list(TALLOC_CTX *memctx,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sup_list *list,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek int num, struct ldb_val *vals)
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int i;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik list->vals = talloc_array(memctx, char *, num);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!list->vals) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek for (i = 0; i < num; i++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik list->vals[i] = talloc_strndup(list->vals,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik (char *)vals[i].data, vals[i].length);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!list->vals[i]) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik list->num_vals = num;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek return EOK;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikint sdap_set_rootdse_supported_lists(struct sysdb_attrs *rootdse,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sdap_handle *sh)
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct ldb_message_element *el = NULL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int i;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (i = 0; i < rootdse->num; i++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik el = &rootdse->a[i];
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (strcasecmp(el->name, "supportedControl") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sdap_init_sup_list(sh, &sh->supported_controls,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik el->num_values, el->values);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek } else if (strcasecmp(el->name, "supportedExtension") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sdap_init_sup_list(sh, &sh->supported_extensions,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik el->num_values, el->values);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else if (strcasecmp(el->name, "supportedSASLMechanisms") == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sdap_init_sup_list(sh, &sh->supported_saslmechs,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik el->num_values, el->values);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (ret) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EOK;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikstatic char *get_single_value_as_string(TALLOC_CTX *mem_ctx,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct ldb_message_element *el)
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik char *str = NULL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (el->num_values == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(3, ("Missing value.\n"));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else if (el->num_values == 1) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek str = talloc_strndup(mem_ctx, (char *) el->values[0].data,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik el->values[0].length);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (str == NULL) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("talloc_strndup failed.\n"));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek } else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(3, ("More than one value found.\n"));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return str;
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek}
a7797068c4deb6ce2bdbcda27c45ff1bbb4a8e78Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikstatic char *get_naming_context(TALLOC_CTX *mem_ctx,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sysdb_attrs *rootdse)
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct ldb_message_element *nc = NULL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct ldb_message_element *dnc = NULL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int i;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik char *naming_context = NULL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (i = 0; i < rootdse->num; i++) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (strcasecmp(rootdse->a[i].name,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS) == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik nc = &rootdse->a[i];
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek } else if (strcasecmp(rootdse->a[i].name,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT) == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik dnc = &rootdse->a[i];
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (dnc == NULL && nc == NULL) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(3, ("No attributes [%s] or [%s] found in rootDSE.\n",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT));
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek } else {
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek if (dnc != NULL) {
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek DEBUG(5, ("Using value from [%s] as naming context.\n",
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek SDAP_ROOTDSE_ATTR_DEFAULT_NAMING_CONTEXT));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek naming_context = get_single_value_as_string(mem_ctx, dnc);
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek }
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek if (naming_context == NULL && nc != NULL) {
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek DEBUG(5, ("Using value from [%s] as naming context.\n",
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek SDAP_ROOTDSE_ATTR_NAMING_CONTEXTS));
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek naming_context = get_single_value_as_string(mem_ctx, nc);
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek }
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek }
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek return naming_context;
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek}
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekstatic errno_t sdap_set_search_base(struct sdap_options *opts,
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek enum sdap_basic_opt class,
531661c7bb54eb71853977a64cb30f80c20b963eJakub Hrozek char *naming_context)
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek{
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek errno_t ret;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek struct sdap_search_base ***bases;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik switch(class) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik case SDAP_SEARCH_BASE:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik bases = &opts->search_bases;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik case SDAP_USER_SEARCH_BASE:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik bases = &opts->user_search_bases;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik case SDAP_GROUP_SEARCH_BASE:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik bases = &opts->group_search_bases;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik case SDAP_NETGROUP_SEARCH_BASE:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik bases = &opts->netgroup_search_bases;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik case SDAP_SUDO_SEARCH_BASE:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik bases = &opts->sudo_search_bases;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik break;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik default:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EINVAL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(SSSDBG_CONF_SETTINGS,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ("Setting option [%s] to [%s].\n",
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek opts->basic[class].opt_name, naming_context));
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek ret = dp_opt_set_string(opts->basic, class, naming_context);
be5cc3c013ece0c957f2f8c28a217052227dfd07Jakub Hrozek if (ret != EOK) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("dp_opt_set_string failed.\n"));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik goto done;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
36b56482ca1e53d832accef0354124fd79711172Jakub Hrozek ret = sdap_parse_search_base(opts, opts->basic, class, bases);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (ret != EOK) goto done;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = EOK;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekdone:
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozekerrno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek struct sdap_options *opts)
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek{
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek int ret;
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek char *naming_context = NULL;
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!opts->search_bases
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek ||!opts->user_search_bases
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek || !opts->group_search_bases
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek || !opts->netgroup_search_bases
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek || !opts->sudo_search_bases) {
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek naming_context = get_naming_context(opts->basic, rootdse);
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek if (naming_context == NULL) {
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek DEBUG(1, ("get_naming_context failed.\n"));
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek ret = EINVAL;
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek goto done;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek }
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek /* Default */
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek if (!opts->search_bases) {
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek ret = sdap_set_search_base(opts,
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek SDAP_SEARCH_BASE,
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek naming_context);
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek if (ret != EOK) goto done;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek
481ec0e1eb0058195732cb320845b41f6f4d43ebJakub Hrozek /* Users */
5ee3fba0bd812242a1ffe189f5ddf2689e6e6811Jakub Hrozek if (!opts->user_search_bases) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek ret = sdap_set_search_base(opts,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek SDAP_USER_SEARCH_BASE,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek naming_context);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (ret != EOK) goto done;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek }
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek /* Groups */
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!opts->group_search_bases) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek ret = sdap_set_search_base(opts,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek SDAP_GROUP_SEARCH_BASE,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek naming_context);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (ret != EOK) goto done;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek /* Netgroups */
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!opts->netgroup_search_bases) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek ret = sdap_set_search_base(opts,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek SDAP_NETGROUP_SEARCH_BASE,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek naming_context);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (ret != EOK) goto done;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek /* Sudo */
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!opts->sudo_search_bases) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek ret = sdap_set_search_base(opts,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek SDAP_SUDO_SEARCH_BASE,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek naming_context);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (ret != EOK) goto done;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek }
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek ret = EOK;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekdone:
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek talloc_free(naming_context);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek return ret;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek}
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozekint sdap_get_server_opts_from_rootdse(TALLOC_CTX *memctx,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek const char *server,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek struct sysdb_attrs *rootdse,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek struct sdap_options *opts,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek struct sdap_server_opts **srv_opts)
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek{
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek struct sdap_server_opts *so;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek struct {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek const char *last_name;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek const char *entry_name;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek } usn_attrs[] = { { SDAP_IPA_LAST_USN, SDAP_IPA_USN },
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek { SDAP_AD_LAST_USN, SDAP_AD_USN },
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek { NULL, NULL } };
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek const char *last_usn_name;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek const char *last_usn_value;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek const char *entry_usn_name;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek char *endptr = NULL;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek int ret;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek int i;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek so = talloc_zero(memctx, struct sdap_server_opts);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!so) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek return ENOMEM;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek so->server_id = talloc_strdup(so, server);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (!so->server_id) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek talloc_zfree(so);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek return ENOMEM;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek last_usn_name = opts->gen_map[SDAP_AT_LAST_USN].name;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek entry_usn_name = opts->gen_map[SDAP_AT_ENTRY_USN].name;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (rootdse) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (last_usn_name) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek ret = sysdb_attrs_get_string(rootdse,
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek last_usn_name, &last_usn_value);
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek if (ret != EOK) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek switch (ret) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek case ENOENT:
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek DEBUG(1, ("%s configured but not found in rootdse!\n",
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek opts->gen_map[SDAP_AT_LAST_USN].opt_name));
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek break;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek case ERANGE:
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek DEBUG(1, ("Multiple values of %s found in rootdse!\n",
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek opts->gen_map[SDAP_AT_LAST_USN].opt_name));
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek break;
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek default:
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek DEBUG(1, ("Unkown error (%d) checking rootdse!\n", ret));
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek }
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek } else {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!entry_usn_name) {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek DEBUG(1, ("%s found in rootdse but %s is not set!\n",
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek last_usn_name,
ad805face83ba7d67b1cf2067a1982c7e63d1060Jakub Hrozek opts->gen_map[SDAP_AT_ENTRY_USN].opt_name));
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek } else {
f45a20d6ba9e8d695ec3ab707f0cc082999aa4a3Jakub Hrozek so->supports_usn = true;
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek so->last_usn = strtoul(last_usn_value, &endptr, 10);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek DEBUG(3, ("USN is not valid (value: %s)\n", last_usn_value));
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek so->last_usn = 0;
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek } else {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek DEBUG(9, ("USN value: %s (int: %lu)\n", last_usn_value, so->last_usn));
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek }
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek } else {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek /* no usn option configure, let's try to autodetect. */
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek for (i = 0; usn_attrs[i].last_name; i++) {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek ret = sysdb_attrs_get_string(rootdse,
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek usn_attrs[i].last_name,
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek &last_usn_value);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (ret == EOK) {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek /* Fixate discovered configuration */
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek opts->gen_map[SDAP_AT_LAST_USN].name =
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek talloc_strdup(opts->gen_map, usn_attrs[i].last_name);
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek opts->gen_map[SDAP_AT_ENTRY_USN].name =
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek talloc_strdup(opts->gen_map, usn_attrs[i].entry_name);
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek so->supports_usn = true;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek so->last_usn = strtoul(last_usn_value, &endptr, 10);
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek if (endptr != NULL && (*endptr != '\0' || endptr == last_usn_value)) {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek DEBUG(3, ("USN is not valid (value: %s)\n", last_usn_value));
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek so->last_usn = 0;
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek } else {
0142e7e2558a887992b1c5d4dc3051178e377687Jakub Hrozek DEBUG(9, ("USN value: %s (int: %lu)\n", last_usn_value, so->last_usn));
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek last_usn_name = usn_attrs[i].last_name;
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek break;
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek }
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek }
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek }
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek }
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!last_usn_name) {
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek DEBUG(5, ("No known USN scheme is supported by this server!\n"));
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek if (!entry_usn_name) {
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek DEBUG(5, ("Will use modification timestamp as usn!\n"));
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek opts->gen_map[SDAP_AT_ENTRY_USN].name =
f10ebaa51ecdcbbd10f171d19fe8e680e5bc74aaJakub Hrozek talloc_strdup(opts->gen_map, "modifyTimestamp");
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!opts->user_map[SDAP_AT_USER_USN].name) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek opts->user_map[SDAP_AT_USER_USN].name =
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek talloc_strdup(opts->user_map,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek opts->gen_map[SDAP_AT_ENTRY_USN].name);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!opts->group_map[SDAP_AT_GROUP_USN].name) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek opts->group_map[SDAP_AT_GROUP_USN].name =
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek talloc_strdup(opts->group_map,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek opts->gen_map[SDAP_AT_ENTRY_USN].name);
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek *srv_opts = so;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek return EOK;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek}
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozekvoid sdap_steal_server_opts(struct sdap_id_ctx *id_ctx,
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek struct sdap_server_opts **srv_opts)
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek{
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (!id_ctx || !srv_opts || !*srv_opts) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!id_ctx->srv_opts) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik id_ctx->srv_opts = talloc_move(id_ctx, srv_opts);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* discard if same as previous so we do not reset max usn values
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik * unnecessarily */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (strcmp(id_ctx->srv_opts->server_id, (*srv_opts)->server_id) == 0) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik talloc_zfree(*srv_opts);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik talloc_zfree(id_ctx->srv_opts);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik id_ctx->srv_opts = talloc_move(id_ctx, srv_opts);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikint build_attrs_from_map(TALLOC_CTX *memctx,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct sdap_attr_map *map,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik size_t size, const char ***_attrs)
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek{
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik const char **attrs;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik int i, j;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik attrs = talloc_array(memctx, const char *, size + 1);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!attrs) return ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* first attribute is "objectclass" not the specifc one */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik attrs[0] = talloc_strdup(memctx, "objectClass");
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (!attrs[0]) return ENOMEM;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik /* add the others */
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik for (i = j = 1; i < size; i++) {
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek if (map[i].name) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik attrs[j] = map[i].name;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik j++;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek attrs[j] = NULL;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik *_attrs = attrs;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return EOK;
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnikint sdap_control_create(struct sdap_handle *sh, const char *oid, int iscritical,
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik struct berval *value, int dupval, LDAPControl **ctrlp)
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik{
b47fd11a259c50e63cd674c7cba0da3f2549cae0Jakub Hrozek int ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (sdap_is_control_supported(sh, oid)) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = sss_ldap_control_create(oid, iscritical, value, dupval, ctrlp);
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik if (ret != LDAP_SUCCESS) {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(1, ("sss_ldap_control_create failed [%d][%s].\n",
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret, sss_ldap_err2string(ret)));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik } else {
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik DEBUG(3, ("Server does not support the requested control [%s].\n", oid));
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik ret = LDAP_NOT_SUPPORTED;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik }
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik return ret;
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik}
ad73be9b4d8712dfd9c14da4b984e63eaa8f2499Lukas Slebodnik