providers/ldap/sdap_certmap.c

f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose/*
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    SSSD
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    Authors:
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        Sumit Bose <sbose@redhat.com>
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    Copyright (C) 2017 Red Hat
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    This program is free software; you can redistribute it and/or modify
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    it under the terms of the GNU General Public License as published by
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    the Free Software Foundation; either version 3 of the License, or
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    (at your option) any later version.
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    This program is distributed in the hope that it will be useful,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    but WITHOUT ANY WARRANTY; without even the implied warranty of
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    GNU General Public License for more details.
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    You should have received a copy of the GNU General Public License
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    along with this program.  If not, see <http://www.gnu.org/licenses/>.
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose*/
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose#include "util/util.h"
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose#include "lib/certmap/sss_certmap.h"
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose#include "providers/ldap/ldap_common.h"
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bosestruct sdap_certmap_ctx {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    struct sss_certmap_ctx *certmap_ctx;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose};
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bosestruct priv_sss_debug {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    int level;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose};
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bosestatic void ext_debug(void *private, const char *file, long line,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                      const char *function, const char *format, ...)
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose{
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    va_list ap;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    struct priv_sss_debug *data = private;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    int level = SSSDBG_OP_FAILURE;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (data != NULL) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        level = data->level;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (DEBUG_IS_SET(level)) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        va_start(ap, format);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        sss_vdebug_fn(file, line, function, level, APPEND_LINE_FEED,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                      format, ap);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        va_end(ap);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose}
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bosestruct sss_certmap_ctx *sdap_get_sss_certmap(struct sdap_certmap_ctx *ctx)
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose{
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    return ctx == NULL ? NULL : ctx->certmap_ctx;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose}
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Boseerrno_t sdap_setup_certmap(struct sdap_certmap_ctx *sdap_certmap_ctx,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                           struct certmap_info **certmap_list)
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose{
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    int ret;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    struct sss_certmap_ctx *sss_certmap_ctx = NULL;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    size_t c;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (sdap_certmap_ctx == NULL) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        DEBUG(SSSDBG_CRIT_FAILURE, "Missing sdap_certmap_ctx.\n");
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        return EINVAL;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (certmap_list == NULL || *certmap_list == NULL) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        DEBUG(SSSDBG_TRACE_ALL, "No certmap data, nothing to do.\n");
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        ret = EOK;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        goto done;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    ret = sss_certmap_init(sdap_certmap_ctx, ext_debug, NULL, &sss_certmap_ctx);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (ret != EOK) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sss_certmap_init failed.\n");
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        goto done;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    for (c = 0; certmap_list[c] != NULL; c++) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        DEBUG(SSSDBG_TRACE_ALL, "Trying to add rule [%s][%d][%s][%s].\n",
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                certmap_list[c]->name,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                certmap_list[c]->priority,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                certmap_list[c]->match_rule,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                certmap_list[c]->map_rule);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        ret = sss_certmap_add_rule(sss_certmap_ctx, certmap_list[c]->priority,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                   certmap_list[c]->match_rule,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                   certmap_list[c]->map_rule,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                   certmap_list[c]->domains);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        if (ret != 0) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose            DEBUG(SSSDBG_CRIT_FAILURE,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                  "sss_certmap_add_rule failed for rule [%s] "
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                  "with error [%d][%s], skipping. "
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                  "Please check for typos and if rule syntax is supported.\n",
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                  certmap_list[c]->name, ret, sss_strerror(ret));
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose            continue;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    ret = EOK;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bosedone:
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (ret == EOK) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        sss_certmap_free_ctx(sdap_certmap_ctx->certmap_ctx);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        sdap_certmap_ctx->certmap_ctx = sss_certmap_ctx;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    } else {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        sss_certmap_free_ctx(sss_certmap_ctx);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    return ret;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose}
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Boseerrno_t sdap_init_certmap(TALLOC_CTX *mem_ctx, struct sdap_id_ctx *id_ctx)
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose{
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    int ret;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    bool hint;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    struct certmap_info **certmap_list = NULL;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (id_ctx->opts->sdap_certmap_ctx == NULL) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        id_ctx->opts->sdap_certmap_ctx = talloc_zero(mem_ctx,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                                                     struct sdap_certmap_ctx);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        if (id_ctx->opts->sdap_certmap_ctx == NULL) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose            return ENOMEM;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    ret = sysdb_get_certmap(mem_ctx, id_ctx->be->domain->sysdb,
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose                            &certmap_list, &hint);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (ret != EOK) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        DEBUG(SSSDBG_OP_FAILURE, "sysdb_get_certmap failed.\n");
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose        goto done;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    ret = sdap_setup_certmap(id_ctx->opts->sdap_certmap_ctx, certmap_list);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    if (ret != EOK) {
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose            DEBUG(SSSDBG_OP_FAILURE, "sdap_setup_certmap failed.\n");
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose            goto done;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    }
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    ret = EOK;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bosedone:
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    talloc_free(certmap_list);
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose    return ret;
f2e70ec742cd7aab82b74d7e4b424ba3258da7aaSumit Bose}