domain_info_utils.c revision 9ca0071db0e226e4e65b2a80fdeddd5048ca8990
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny/*
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny Authors:
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny Sumit Bose <sbose@redhat.com>
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny Copyright (C) 2012 Red Hat
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny This program is free software; you can redistribute it and/or modify
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny it under the terms of the GNU General Public License as published by
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny the Free Software Foundation; either version 3 of the License, or
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny (at your option) any later version.
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny This program is distributed in the hope that it will be useful,
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny GNU General Public License for more details.
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny You should have received a copy of the GNU General Public License
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny*/
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek#include <utime.h>
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny#include "confdb/confdb.h"
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny#include "db/sysdb.h"
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny#include "util/util.h"
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek/* the directory domain - realm mappings are written to */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek#define KRB5_MAPPING_DIR PUBCONF_PATH"/krb5.include.d"
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březinastruct sss_domain_info *get_domains_head(struct sss_domain_info *domain)
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina{
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina struct sss_domain_info *dom = NULL;
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina /* get to the top level domain */
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina for (dom = domain; dom->parent != NULL; dom = dom->parent);
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina /* proceed to the list head */
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina for (; dom->prev != NULL; dom = dom->prev);
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina return dom;
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina}
cf1a8af5556b1d8eab68802918c881ae1a0b89ebPavel Březina
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorcestruct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce bool descend)
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce{
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce struct sss_domain_info *dom;
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce dom = domain;
1f800ebb0f190854b8296146174f3d696a426333Simo Sorce while (dom) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce if (descend && dom->subdomains) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce dom = dom->subdomains;
1f800ebb0f190854b8296146174f3d696a426333Simo Sorce } else if (dom->next) {
1f800ebb0f190854b8296146174f3d696a426333Simo Sorce dom = dom->next;
07b92f78d1751d8a2a538a440e1fdb24c59021e0Pavel Březina } else if (descend && IS_SUBDOMAIN(dom) && dom->parent->next) {
1f800ebb0f190854b8296146174f3d696a426333Simo Sorce dom = dom->parent->next;
1f800ebb0f190854b8296146174f3d696a426333Simo Sorce } else {
850ca620611f65115ee95e1d919be8443f95c14cLukas Slebodnik dom = NULL;
1f800ebb0f190854b8296146174f3d696a426333Simo Sorce }
850ca620611f65115ee95e1d919be8443f95c14cLukas Slebodnik if (dom && !dom->disabled) break;
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce }
1f800ebb0f190854b8296146174f3d696a426333Simo Sorce
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce return dom;
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce}
0232747f04b650796db56fd7b487aee8a96fab03Simo Sorce
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozekbool subdomain_enumerates(struct sss_domain_info *parent,
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek const char *sd_name)
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek{
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek if (parent->sd_enumerate == NULL
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek || parent->sd_enumerate[0] == NULL) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Subdomain_enumerate not set\n");
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return false;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek }
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek if (strcasecmp(parent->sd_enumerate[0], "all") == 0) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return true;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek } else if (strcasecmp(parent->sd_enumerate[0], "none") == 0) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return false;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek } else {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek for (int i=0; parent->sd_enumerate[i]; i++) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek if (strcasecmp(parent->sd_enumerate[i], sd_name) == 0) {
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return true;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek }
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek }
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek }
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek return false;
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek}
33c865412732554ef255e93c4e7a58b0bce963c6Jakub Hrozek
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorcestruct sss_domain_info *find_subdomain_by_name(struct sss_domain_info *domain,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce const char *name,
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce bool match_any)
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce{
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce struct sss_domain_info *dom = domain;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce
ec7732b91c7ca5367e2ae62a237d975ed1b9763fSumit Bose if (name == NULL) {
ec7732b91c7ca5367e2ae62a237d975ed1b9763fSumit Bose return NULL;
ec7732b91c7ca5367e2ae62a237d975ed1b9763fSumit Bose }
ec7732b91c7ca5367e2ae62a237d975ed1b9763fSumit Bose
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce while (dom && dom->disabled) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce dom = get_next_domain(dom, true);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce }
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce while (dom) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce if (strcasecmp(dom->name, name) == 0 ||
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce ((match_any == true) && (dom->flat_name != NULL) &&
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce (strcasecmp(dom->flat_name, name) == 0))) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce return dom;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce }
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce dom = get_next_domain(dom, true);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce }
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce return NULL;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce}
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce
9ca0071db0e226e4e65b2a80fdeddd5048ca8990Pavel Reichlstruct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina const char *sid)
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina{
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina struct sss_domain_info *dom = domain;
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose size_t sid_len;
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina size_t dom_sid_len;
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose if (sid == NULL) {
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose return NULL;
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose }
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose sid_len = strlen(sid);
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina while (dom && dom->disabled) {
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina dom = get_next_domain(dom, true);
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina }
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina while (dom) {
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose if (dom->domain_id != NULL) {
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose dom_sid_len = strlen(dom->domain_id);
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose if (strncasecmp(dom->domain_id, sid, dom_sid_len) == 0) {
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose if (dom_sid_len == sid_len) {
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose /* sid is domain sid */
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose return dom;
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose }
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose /* sid is object sid, check if domain sid is align with
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose * sid first subauthority component */
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose if (sid[dom_sid_len] == '-') {
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose return dom;
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose }
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina }
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina }
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina dom = get_next_domain(dom, true);
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina }
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina return NULL;
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina}
e1f68731525116ce686ffcdc07ad3a14e4fb1cd7Pavel Březina
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichlstruct sss_domain_info*
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichlsss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl const char* sid)
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl{
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl /* LDAP provider doesn't know about sub-domains and hence can only
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl * have one configured domain
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl */
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl if (strcmp(domain->provider, "ldap") == 0) {
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl return domain;
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl } else {
9ca0071db0e226e4e65b2a80fdeddd5048ca8990Pavel Reichl return find_domain_by_sid(get_domains_head(domain), sid);
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl }
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl}
b12e2500237f33c44807d7e5b377ec06007c7252Pavel Reichl
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březinastruct sss_domain_info *
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březinafind_subdomain_by_object_name(struct sss_domain_info *domain,
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina const char *object_name)
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina{
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina TALLOC_CTX *tmp_ctx;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina struct sss_domain_info *dom = NULL;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina char *domainname = NULL;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina errno_t ret;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina tmp_ctx = talloc_new(NULL);
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina if (tmp_ctx == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina return NULL;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina }
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina ret = sss_parse_name(tmp_ctx, domain->names, object_name,
40dd828529cf01291daf0f075b850783409e8c05Pavel Reichl &domainname, NULL);
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name '%s' [%d]: %s\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov object_name, ret, sss_strerror(ret));
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina goto done;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina }
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina if (domainname == NULL) {
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina dom = domain;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina } else {
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina dom = find_subdomain_by_name(domain, domainname, true);
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina }
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březinadone:
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina talloc_free(tmp_ctx);
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina return dom;
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina}
0b81cc5d41ec6a1c58e610f402fd93a1fbda4affPavel Březina
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zelenystruct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny struct sss_domain_info *parent,
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny const char *name,
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce const char *realm,
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny const char *flat_name,
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose const char *id,
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek bool mpg,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose bool enumerate,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose const char *forest)
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny{
f91e4aacb78d33791efcd744000597d5254dac4bSimo Sorce struct sss_domain_info *dom;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce DEBUG(SSSDBG_TRACE_FUNC,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Creating [%s] as subdomain of [%s]!\n", name, parent->name);
aab938c5975f0e3b85c7c79a5d718e5fefed7217Simo Sorce
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom = talloc_zero(mem_ctx, struct sss_domain_info);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (dom == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny return NULL;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->parent = parent;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->name = talloc_strdup(dom, name);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (dom->name == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to copy domain name.\n");
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny goto fail;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->provider = talloc_strdup(dom, parent->provider);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (dom->provider == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to copy provider name.\n");
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny goto fail;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
d3f2fd9cb21cc10dce663a2f7d0deda07074e44eJan Zeleny dom->conn_name = talloc_strdup(dom, parent->conn_name);
d3f2fd9cb21cc10dce663a2f7d0deda07074e44eJan Zeleny if (dom->conn_name == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to copy connection name.\n");
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny goto fail;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce if (realm != NULL) {
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce dom->realm = talloc_strdup(dom, realm);
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce if (dom->realm == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to copy realm name.\n");
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce goto fail;
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce }
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce }
b8dcd1216e5ea7065213c750a92dabfe01fa3b70Simo Sorce
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (flat_name != NULL) {
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->flat_name = talloc_strdup(dom, flat_name);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (dom->flat_name == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to copy flat name.\n");
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny goto fail;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (id != NULL) {
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->domain_id = talloc_strdup(dom, id);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (dom->domain_id == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to copy id.\n");
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny goto fail;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (forest != NULL) {
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose dom->forest = talloc_strdup(dom, forest);
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (dom->forest == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to copy forest.\n");
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose goto fail;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose }
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose }
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
a6cca9c284724fafd670a3163812f248ba53ad97Jakub Hrozek dom->enumerate = enumerate;
58fd3aa25c5292bc67432647ab7e5059439fcc6dSimo Sorce dom->fqnames = true;
9822d4d468ec74e4e173f5adf0db12d02974cd18Sumit Bose dom->mpg = mpg;
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek /* If the parent domain explicitly limits ID ranges, the subdomain
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek * should honour the limits as well.
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek */
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek dom->id_min = parent->id_min ? parent->id_min : 0;
e4a731167c210a6e57e68f451361f270337b1eedJakub Hrozek dom->id_max = parent->id_max ? parent->id_max : 0xffffffff;
bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11Jan Zeleny dom->pwd_expiration_warning = parent->pwd_expiration_warning;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->cache_credentials = parent->cache_credentials;
ac7a7ee3d1e138818a1ed78758f7dd3c3306a56bSumit Bose dom->case_sensitive = false;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->user_timeout = parent->user_timeout;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->group_timeout = parent->group_timeout;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->netgroup_timeout = parent->netgroup_timeout;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny dom->service_timeout = parent->service_timeout;
3c60433641ce2e86b9b04778c8f8652ef0d097e4Stef Walter dom->names = parent->names;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
c373732505c9a73a9a8b17533dafc618c95ea331Jakub Hrozek dom->override_homedir = parent->override_homedir;
c373732505c9a73a9a8b17533dafc618c95ea331Jakub Hrozek dom->fallback_homedir = parent->fallback_homedir;
8ccb0de226ccb9330f5a6865de487d6f0313902dJan Zeleny dom->subdomain_homedir = parent->subdomain_homedir;
c373732505c9a73a9a8b17533dafc618c95ea331Jakub Hrozek dom->override_shell = parent->override_shell;
c373732505c9a73a9a8b17533dafc618c95ea331Jakub Hrozek dom->default_shell = parent->default_shell;
ae0a5011e2644eaa482ea1b9e1451eff05c676b9Lukas Slebodnik dom->homedir_substr = parent->homedir_substr;
8ccb0de226ccb9330f5a6865de487d6f0313902dJan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny if (parent->sysdb == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Missing sysdb context in parent domain.\n");
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny goto fail;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny }
f91e4aacb78d33791efcd744000597d5254dac4bSimo Sorce dom->sysdb = parent->sysdb;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny return dom;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zelenyfail:
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny talloc_free(dom);
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny return NULL;
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny}
20d0bc6d587f346238062df4da5edfde815e59b1Jan Zeleny
234958be042980242fff6da936af674da877c5efSimo Sorceerrno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
234958be042980242fff6da936af674da877c5efSimo Sorce struct confdb_ctx *cdb,
234958be042980242fff6da936af674da877c5efSimo Sorce const char *domain_name,
234958be042980242fff6da936af674da877c5efSimo Sorce const char *db_path,
234958be042980242fff6da936af674da877c5efSimo Sorce struct sss_domain_info **_domain)
234958be042980242fff6da936af674da877c5efSimo Sorce{
234958be042980242fff6da936af674da877c5efSimo Sorce int ret;
234958be042980242fff6da936af674da877c5efSimo Sorce struct sss_domain_info *dom;
234958be042980242fff6da936af674da877c5efSimo Sorce struct sysdb_ctx *sysdb;
234958be042980242fff6da936af674da877c5efSimo Sorce
234958be042980242fff6da936af674da877c5efSimo Sorce ret = confdb_get_domain(cdb, domain_name, &dom);
234958be042980242fff6da936af674da877c5efSimo Sorce if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Error retrieving domain configuration.\n");
234958be042980242fff6da936af674da877c5efSimo Sorce return ret;
234958be042980242fff6da936af674da877c5efSimo Sorce }
234958be042980242fff6da936af674da877c5efSimo Sorce
234958be042980242fff6da936af674da877c5efSimo Sorce if (dom->sysdb != NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Sysdb context already initialized.\n");
234958be042980242fff6da936af674da877c5efSimo Sorce return EEXIST;
234958be042980242fff6da936af674da877c5efSimo Sorce }
234958be042980242fff6da936af674da877c5efSimo Sorce
234958be042980242fff6da936af674da877c5efSimo Sorce ret = sysdb_domain_init(mem_ctx, dom, db_path, &sysdb);
234958be042980242fff6da936af674da877c5efSimo Sorce if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Error opening cache database.\n");
234958be042980242fff6da936af674da877c5efSimo Sorce return ret;
234958be042980242fff6da936af674da877c5efSimo Sorce }
234958be042980242fff6da936af674da877c5efSimo Sorce
234958be042980242fff6da936af674da877c5efSimo Sorce dom->sysdb = talloc_steal(dom, sysdb);
234958be042980242fff6da936af674da877c5efSimo Sorce
234958be042980242fff6da936af674da877c5efSimo Sorce *_domain = dom;
234958be042980242fff6da936af674da877c5efSimo Sorce
234958be042980242fff6da936af674da877c5efSimo Sorce return EOK;
234958be042980242fff6da936af674da877c5efSimo Sorce}
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozekstatic errno_t
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozeksss_krb5_touch_config(void)
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek{
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek const char *config = NULL;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek errno_t ret;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek config = getenv("KRB5_CONFIG");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (config == NULL) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek config = KRB5_CONF_PATH;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = utime(config, NULL);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (ret == -1) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = errno;
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unable to change mtime of \"%s\" "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "[%d]: %s\n", config, ret, strerror(ret));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek return ret;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek return EOK;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek}
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozekerrno_t
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bosesss_write_domain_mappings(struct sss_domain_info *domain, bool add_capaths)
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek{
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek struct sss_domain_info *dom;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose struct sss_domain_info *parent_dom;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek errno_t ret;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek errno_t err;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek TALLOC_CTX *tmp_ctx;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek const char *mapping_file;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek char *sanitized_domain;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek char *tmp_file = NULL;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek int fd = -1;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek mode_t old_mode;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek FILE *fstream = NULL;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek int i;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose bool capaths_started;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose char *uc_forest;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose char *uc_parent;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (domain == NULL || domain->name == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "No domain name provided\n");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek return EINVAL;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek tmp_ctx = talloc_new(NULL);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (!tmp_ctx) return ENOMEM;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (sanitized_domain == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek return ENOMEM;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* only alpha-numeric chars, dashes and underscores are allowed in
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek * krb5 include directory */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek for (i = 0; sanitized_domain[i] != '\0'; i++) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (!isalnum(sanitized_domain[i])
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek sanitized_domain[i] = '_';
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek KRB5_MAPPING_DIR, sanitized_domain);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (!mapping_file) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = ENOMEM;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "Mapping file for domain [%s] is [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov domain->name, mapping_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (tmp_file == NULL) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = ENOMEM;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek old_mode = umask(077);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek fd = mkstemp(tmp_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek umask(old_mode);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (fd < 0) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "creating the temp file [%s] for domain-realm "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "mappings failed.", tmp_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = EIO;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek talloc_zfree(tmp_ctx);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek fstream = fdopen(fd, "a");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (!fstream) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = errno;
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "fdopen failed [%d]: %s\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov ret, strerror(ret));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = close(fd);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (ret != 0) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = errno;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "fclose failed [%d][%s].\n", ret, strerror(ret));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* Nothing to do here, just report the failure */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = EIO;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = fprintf(fstream, "[domain_realm]\n");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (ret < 0) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "fprintf failed\n");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = EIO;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek for (dom = get_next_domain(domain, true);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek dom = get_next_domain(dom, false)) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = fprintf(fstream, ".%s = %s\n%s = %s\n",
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek dom->name, dom->realm, dom->name, dom->realm);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (ret < 0) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose if (add_capaths) {
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose capaths_started = false;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose parent_dom = domain;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name);
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose if (uc_parent == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "get_uppercase_realm failed.\n");
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose ret = ENOMEM;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose goto done;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose for (dom = get_next_domain(domain, true);
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose dom = get_next_domain(dom, false)) {
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose if (dom->forest == NULL) {
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose continue;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose uc_forest = get_uppercase_realm(tmp_ctx, dom->forest);
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose if (uc_forest == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "get_uppercase_realm failed.\n");
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose ret = ENOMEM;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose goto done;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose if (!capaths_started) {
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose ret = fprintf(fstream, "[capaths]\n");
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose if (ret < 0) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "fprintf failed\n");
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose ret = EIO;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose goto done;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose capaths_started = true;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose ret = fprintf(fstream, "%s = {\n %s = %s\n}\n%s = {\n %s = %s\n}\n",
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose dom->realm, uc_parent, uc_forest,
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose uc_parent, dom->realm, uc_forest);
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose if (ret < 0) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose goto done;
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose }
bbd43fbcd8f70eedeac4e4ce01c36256cde82ab1Sumit Bose
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = fclose(fstream);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek fstream = NULL;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (ret != 0) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = errno;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "fclose failed [%d][%s].\n", ret, strerror(ret));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = rename(tmp_file, mapping_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (ret == -1) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = errno;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "rename failed [%d][%s].\n", ret, strerror(ret));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek talloc_zfree(tmp_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = chmod(mapping_file, 0644);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (ret == -1) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = errno;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "fchmod failed [%d][%s].\n", ret, strerror(ret));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek goto done;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek ret = EOK;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozekdone:
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek err = sss_krb5_touch_config();
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (err != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unable to change last modification time "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "of krb5.conf. Created mappings may not be loaded.\n");
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* Ignore */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (fstream) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek err = fclose(fstream);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (err != 0) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek err = errno;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "fclose failed [%d][%s].\n", err, strerror(err));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek /* Nothing to do here, just report the failure */
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (tmp_file) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek err = unlink(tmp_file);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek if (err < 0) {
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek err = errno;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Could not remove file [%s]: [%d]: %s",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov tmp_file, err, strerror(err));
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek }
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek talloc_free(tmp_ctx);
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek return ret;
58dd26b1c5b60ee992dd5d1214bb168aebb42d54Jakub Hrozek}