ad_init.c revision f8407faaeb6726bef6463d84f183f2b0ad1f99d4
/*
SSSD
Authors:
Stephen Gallagher <sgallagh@redhat.com>
Copyright (C) 2012 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include <unistd.h>
#include <fcntl.h>
#include "providers/ad/ad_common.h"
#include "providers/ad/ad_access.h"
#include "providers/ldap/ldap_common.h"
#include "providers/ldap/sdap_access.h"
#include "providers/ldap/sdap_idmap.h"
#include "providers/krb5/krb5_auth.h"
#include "providers/krb5/krb5_init_shared.h"
#include "providers/dp_dyndns.h"
#include "providers/ad/ad_subdomains.h"
#include "providers/ad/ad_domain_info.h"
static void
.finalize = ad_shutdown,
};
struct bet_ops ad_auth_ops = {
};
struct bet_ops ad_chpass_ops = {
};
struct bet_ops ad_access_ops = {
};
#define AD_COMPAT_ON "1"
const char *option,
{
if (!plugin_name || !result) {
return SASL_FAIL;
}
return SASL_FAIL;
}
return SASL_FAIL;
}
*result = AD_COMPAT_ON;
if (len) {
*len = 2;
}
return SASL_OK;
}
typedef int (*sss_sasl_gen_cb_fn)(void);
static const sasl_callback_t ad_sasl_callbacks[] = {
};
/* This is quite a hack, we *try* to fool openldap libraries by initializing
* sasl first so we can pass in the SASL_CB_GETOPT callback we need to set some
* options. Should be removed as soon as openldap exposes a way to do that */
static void ad_sasl_initialize(void)
{
/* NOTE: this may fail if soe other library in the system happens to
* initialize and use openldap libraries or directly the cyrus-sasl
* library as this initialization function can be called only once per
* process */
(void)sasl_client_init(ad_sasl_callbacks);
}
static errno_t
{
char *ad_servers = NULL;
char *ad_backup_servers = NULL;
char *ad_realm;
/* Get AD-specific options */
&ad_options);
("Could not parse common options: [%s]\n",
goto done;
}
/* Set up the failover service */
&ad_options->service);
("Failed to init AD failover service: [%s]\n",
goto done;
}
done:
return ret;
}
int
void **pvt_data)
{
const char *hostname;
const char *ad_domain;
struct ad_srv_plugin_ctx *srv_ctx;
if (!ad_options) {
return ret;
}
}
if (ad_options->id_ctx) {
/* already initialized */
return EOK;
}
return ENOMEM;
}
("Failure setting up automatic DNS update\n"));
/* Continue without DNS updates */
}
ret = sdap_setup_child();
("setup_child failed [%d][%s].\n",
goto done;
}
/* Set up various SDAP options */
goto done;
}
ad_ctx);
goto done;
}
/* Set up the ID mapping object */
goto done;
}
/* setup SRV lookup plugin */
/* use AD plugin */
goto done;
}
} else {
/* fall back to standard plugin */
goto done;
}
}
/* setup periodical refresh of expired records */
}
done:
}
return ret;
}
int
void **pvt_data)
{
if (!ad_options) {
return ret;
}
}
if (ad_options->auth_ctx) {
/* Already initialized */
*ops = &ad_auth_ops;
return EOK;
}
if (!krb5_auth_ctx) {
goto done;
}
&krb5_auth_ctx->opts);
("Could not determine Kerberos options\n"));
goto done;
}
("Could not initialize krb5_child settings: [%s]\n",
goto done;
}
*ops = &ad_auth_ops;
done:
}
return ret;
}
int
void **pvt_data)
{
if (!ad_options) {
return ret;
}
}
if (ad_options->auth_ctx) {
/* Already initialized */
*ops = &ad_chpass_ops;
return EOK;
}
*ops = &ad_chpass_ops;
return ret;
}
int
void **pvt_data)
{
struct ad_access_ctx *access_ctx;
const char *filter;
if (!access_ctx) return ENOMEM;
goto fail;
}
&access_ctx->ad_options);
("Could not initialize access provider options: [%s]\n",
goto fail;
}
if (!access_ctx->sdap_access_ctx) {
goto fail;
}
/* If ad_access_filter is set, the value of ldap_acess_order is
* expire, filter, otherwise only expire
*/
/* The processing of the extended filter is performed during the access
* check itself
*/
filter);
goto fail;
}
} else {
}
*ops = &ad_access_ops;
*pvt_data = access_ctx;
return EOK;
fail:
return ret;
}
static void
{
/* TODO: Clean up any internal data */
}
void **pvt_data)
{
int ret;
const char *ad_domain;
return ret;
}
if (ad_options == NULL) {
return EINVAL;
}
return ret;
}
return EOK;
}