82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina/*
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina Authors:
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina Simo Sorce <ssorce@redhat.com>
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina Copyright (C) 2008-2010 Red Hat
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina This program is free software; you can redistribute it and/or modify
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina it under the terms of the GNU General Public License as published by
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina the Free Software Foundation; either version 3 of the License, or
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina (at your option) any later version.
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina This program is distributed in the hope that it will be useful,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina GNU General Public License for more details.
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina You should have received a copy of the GNU General Public License
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina*/
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina#include "providers/ldap/ldap_common.h"
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinaint
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinasdap_domain_destructor(void *mem)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina{
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *dom =
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina talloc_get_type(mem, struct sdap_domain);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DLIST_REMOVE(*(dom->head), dom);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return 0;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina}
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinastruct sdap_domain *
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinasdap_domain_get(struct sdap_options *opts,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sss_domain_info *dom)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina{
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *sditer = NULL;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DLIST_FOR_EACH(sditer, opts->sdom) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (sditer->dom == dom) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina break;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return sditer;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina}
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinastruct sdap_domain *
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinasdap_domain_get_by_dn(struct sdap_options *opts,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina const char *dn)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina{
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *sditer = NULL;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *sdmatch = NULL;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina TALLOC_CTX *tmp_ctx = NULL;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina int match_len;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina int best_match_len = 0;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina tmp_ctx = talloc_new(NULL);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (tmp_ctx == NULL) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return NULL;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DLIST_FOR_EACH(sditer, opts->sdom) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->search_bases,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina NULL, &match_len)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sditer->user_search_bases, NULL, &match_len)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sditer->group_search_bases, NULL, &match_len)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sditer->netgroup_search_bases, NULL, &match_len)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sditer->sudo_search_bases, NULL, &match_len)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sditer->service_search_bases, NULL, &match_len)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sditer->autofs_search_bases, NULL, &match_len)) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (best_match_len < match_len) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina /*this is a longer match*/
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina best_match_len = match_len;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdmatch = sditer;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina talloc_free(tmp_ctx);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return sdmatch;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina}
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinaerrno_t
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinasdap_domain_add(struct sdap_options *opts,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sss_domain_info *dom,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain **_sdom)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina{
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *sdom;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina errno_t ret;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom = talloc_zero(opts, struct sdap_domain);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (sdom == NULL) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return ENOMEM;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->dom = dom;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->head = &opts->sdom;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina /* Convert the domain name into search base */
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina ret = domain_to_basedn(sdom, sdom->dom->name, &sdom->basedn);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (ret != EOK) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DEBUG(SSSDBG_OP_FAILURE,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina "Cannot convert domain name [%s] to base DN [%d]: %s\n",
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina dom->name, ret, strerror(ret));
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina goto done;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina talloc_set_destructor((TALLOC_CTX *)sdom, sdap_domain_destructor);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DLIST_ADD_END(opts->sdom, sdom, struct sdap_domain *);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (_sdom) *_sdom = sdom;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina ret = EOK;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinadone:
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (ret != EOK) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina talloc_free(sdom);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return ret;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina}
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinaerrno_t
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinasdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *sdom_list,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sss_domain_info *parent)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina{
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sss_domain_info *dom;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *sdom, *sditer;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina errno_t ret;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (dom = get_next_domain(parent, SSS_GND_DESCEND);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek dom = get_next_domain(dom, 0)) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DLIST_FOR_EACH(sditer, sdom_list) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (sditer->dom == dom) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina break;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (sditer == NULL) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina /* New sdap domain */
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "subdomain %s is a new one, will "
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina "create a new sdap domain object\n", dom->name);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina ret = sdap_domain_add(sdap_id_ctx->opts, dom, &sdom);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (ret != EOK) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DEBUG(SSSDBG_OP_FAILURE,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina "Cannot add new sdap domain for domain %s [%d]: %s\n",
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina parent->name, ret, strerror(ret));
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return ret;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
c4ddb9ccab670f9c0d0377680237b62f9f91c496Michal Židek } else if (sditer->search_bases != NULL) {
c4ddb9ccab670f9c0d0377680237b62f9f91c496Michal Židek DEBUG(SSSDBG_TRACE_FUNC,
c4ddb9ccab670f9c0d0377680237b62f9f91c496Michal Židek "subdomain %s has already initialized search bases\n",
c4ddb9ccab670f9c0d0377680237b62f9f91c496Michal Židek dom->name);
c4ddb9ccab670f9c0d0377680237b62f9f91c496Michal Židek continue;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina } else {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom = sditer;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina /* Update search bases */
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina talloc_zfree(sdom->search_bases);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->search_bases = talloc_array(sdom, struct sdap_search_base *, 2);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (sdom->search_bases == NULL) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return ENOMEM;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->search_bases[1] = NULL;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina ret = sdap_create_search_base(sdom, sdom->basedn, LDAP_SCOPE_SUBTREE,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina NULL, &sdom->search_bases[0]);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (ret) {
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Cannot create new sdap search base\n");
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return ret;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->user_search_bases = sdom->search_bases;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->group_search_bases = sdom->search_bases;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->netgroup_search_bases = sdom->search_bases;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->sudo_search_bases = sdom->search_bases;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->service_search_bases = sdom->search_bases;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom->autofs_search_bases = sdom->search_bases;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina }
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina return EOK;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina}
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinavoid
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březinasdap_domain_remove(struct sdap_options *opts,
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sss_domain_info *dom)
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina{
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina struct sdap_domain *sdom;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina sdom = sdap_domain_get(opts, dom);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina if (sdom == NULL) return;
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina DLIST_REMOVE(*(sdom->head), sdom);
82a4f022ec1cbb9530ffa21d95474152b24acf50Pavel Březina}