domain_info_utils.c revision 939246537b0b9a4af6862c513d3919501ad57d92
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny Sumit Bose <sbose@redhat.com>
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny Copyright (C) 2012 Red Hat
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny This program is free software; you can redistribute it and/or modify
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny it under the terms of the GNU General Public License as published by
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny the Free Software Foundation; either version 3 of the License, or
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny (at your option) any later version.
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny This program is distributed in the hope that it will be useful,
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny GNU General Public License for more details.
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny You should have received a copy of the GNU General Public License
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek/* the directory domain - realm mappings are written to */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek#define KRB5_MAPPING_DIR PUBCONF_PATH"/krb5.include.d"
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březinastruct sss_domain_info *get_domains_head(struct sss_domain_info *domain)
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina /* get to the top level domain */
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina for (dom = domain; dom->parent != NULL; dom = dom->parent);
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina /* proceed to the list head */
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorcestruct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
07b92f78d1751d8a2a538a440e1fdb24c59021e0Pavel Březina } else if (descend && IS_SUBDOMAIN(dom) && dom->parent->next) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozekbool subdomain_enumerates(struct sss_domain_info *parent,
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek ("Subdomain_enumerate not set\n"));
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return false;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek if (strcasecmp(parent->sd_enumerate[0], "all") == 0) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return true;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek } else if (strcasecmp(parent->sd_enumerate[0], "none") == 0) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return false;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek if (strcasecmp(parent->sd_enumerate[i], sd_name) == 0) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return true;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return false;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorcestruct sss_domain_info *find_subdomain_by_name(struct sss_domain_info *domain,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce const char *name,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce ((match_any == true) && (dom->flat_name != NULL) &&
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březinastruct sss_domain_info *find_subdomain_by_sid(struct sss_domain_info *domain,
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina const char *sid)
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose if (strncasecmp(dom->domain_id, sid, dom_sid_len) == 0) {
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose /* sid is domain sid */
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose /* sid is object sid, check if domain sid is align with
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose * sid first subauthority component */
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březinafind_subdomain_by_object_name(struct sss_domain_info *domain,
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n"));
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina ret = sss_parse_name(tmp_ctx, domain->names, object_name,
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to parse name '%s' [%d]: %s\n",
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina dom = find_subdomain_by_name(domain, domainname, true);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zelenystruct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny const char *name,
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce const char *realm,
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose const char *id,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose const char *forest)
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce ("Creating [%s] as subdomain of [%s]!\n", name, parent->name));
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom = talloc_zero(mem_ctx, struct sss_domain_info);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n"));
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy domain name.\n"));
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->provider = talloc_strdup(dom, parent->provider);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy provider name.\n"));
d3f2fd9cb21cc10dce663a2f7d0deda07074e44eJan Zeleny dom->conn_name = talloc_strdup(dom, parent->conn_name);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy connection name.\n"));
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy realm name.\n"));
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy flat name.\n"));
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy id.\n"));
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy forest.\n"));
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek /* If the parent domain explicitly limits ID ranges, the subdomain
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek * should honour the limits as well.
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek dom->id_min = parent->id_min ? parent->id_min : 0;
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek dom->id_max = parent->id_max ? parent->id_max : 0xffffffff;
bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11Jan Zeleny dom->pwd_expiration_warning = parent->pwd_expiration_warning;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->cache_credentials = parent->cache_credentials;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->netgroup_timeout = parent->netgroup_timeout;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->override_homedir = parent->override_homedir;
8ccb0de226ccb9330f5a6865de487d6f0313902dJan Zeleny dom->subdomain_homedir = parent->subdomain_homedir;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny DEBUG(SSSDBG_OP_FAILURE, ("Missing sysdb context in parent domain.\n"));
234958be042980242fff6da936af674da877c5efSimo Sorce DEBUG(SSSDBG_OP_FAILURE, ("Error retrieving domain configuration.\n"));
234958be042980242fff6da936af674da877c5efSimo Sorce DEBUG(SSSDBG_OP_FAILURE, ("Sysdb context already initialized.\n"));
234958be042980242fff6da936af674da877c5efSimo Sorce ret = sysdb_domain_init(mem_ctx, dom, db_path, &sysdb);
234958be042980242fff6da936af674da877c5efSimo Sorce DEBUG(SSSDBG_OP_FAILURE, ("Error opening cache database.\n"));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" "
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bosesss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths)
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n"));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* only alpha-numeric chars, dashes and underscores are allowed in
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek * krb5 include directory */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek for (i = 0; sanitized_domain[i] != '\0'; i++) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n",
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file [%s] for domain-realm "
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("fdopen failed [%d]: %s\n",
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ("fclose failed [%d][%s].\n", ret, strerror(ret)));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* Nothing to do here, just report the failure */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("fprintf failed\n"));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("fprintf failed\n"));
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name);
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n"));
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose uc_forest = get_uppercase_realm(tmp_ctx, dom->forest);
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose DEBUG(SSSDBG_OP_FAILURE, ("get_uppercase_realm failed.\n"));
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose ret = fprintf(fstream, "%s = {\n %s = %s\n}\n%s = {\n %s = %s\n}\n",
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, ("fprintf failed\n"));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ("fclose failed [%d][%s].\n", ret, strerror(ret)));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ("rename failed [%d][%s].\n", ret, strerror(ret)));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ("fchmod failed [%d][%s].\n", ret, strerror(ret)));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time "
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek "of krb5.conf. Created mappings may not be loaded.\n"));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* Ignore */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ("fclose failed [%d][%s].\n", err, strerror(err)));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* Nothing to do here, just report the failure */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ("Could not remove file [%s]: [%d]: %s",