81165faf5d951aca69f410713730c26ff048ec44Sumit Bose/*
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose SSSD
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose IPA Subdomains Module
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose Authors:
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose Sumit Bose <sbose@redhat.com>
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose Copyright (C) 2011 Red Hat
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose This program is free software; you can redistribute it and/or modify
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose it under the terms of the GNU General Public License as published by
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose the Free Software Foundation; either version 3 of the License, or
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose (at your option) any later version.
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose This program is distributed in the hope that it will be useful,
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose but WITHOUT ANY WARRANTY; without even the implied warranty of
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose GNU General Public License for more details.
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose You should have received a copy of the GNU General Public License
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose along with this program. If not, see <http://www.gnu.org/licenses/>.
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose*/
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#include "providers/ldap/sdap_async.h"
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose#include "providers/ldap/sdap_idmap.h"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#include "providers/ldap/sdap_ops.h"
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#include "providers/ipa/ipa_subdomains.h"
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#include "providers/ipa/ipa_common.h"
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose#include "providers/ipa/ipa_id.h"
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose#include "providers/ipa/ipa_opts.h"
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce#include <ctype.h>
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#define SUBDOMAINS_FILTER "objectclass=ipaNTTrustedDomain"
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny#define MASTER_DOMAIN_FILTER "objectclass=ipaNTDomainAttrs"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define RANGE_FILTER "objectclass=ipaIDRange"
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#define IPA_CN "cn"
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose#define IPA_FLATNAME "ipaNTFlatName"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define IPA_SID "ipaNTSecurityIdentifier"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define IPA_TRUSTED_DOMAIN_SID "ipaNTTrustedDomainSID"
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose#define IPA_RANGE_TYPE "ipaRangeType"
39f21d2b61685362642d42bc2f94f829671cd5efSumit Bose#define IPA_ADDITIONAL_SUFFIXES "ipaNTAdditionalSuffixes"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define IPA_BASE_ID "ipaBaseID"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define IPA_ID_RANGE_SIZE "ipaIDRangeSize"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define IPA_BASE_RID "ipaBaseRID"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define IPA_SECONDARY_BASE_RID "ipaSecondaryBaseRID"
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose#define OBJECTCLASS "objectClass"
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose#define IPA_ASSIGNED_ID_VIEW "ipaAssignedIDView"
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce/* do not refresh more often than every 5 seconds for now */
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce#define IPA_SUBDOMAIN_REFRESH_LIMIT 5
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose#define IPA_SUBDOMAIN_DISABLED_PERIOD 3600
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorcestruct ipa_subdomains_ctx {
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce struct be_ctx *be_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_id_ctx *ipa_id_ctx;
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce struct sdap_id_ctx *sdap_id_ctx;
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce struct sdap_search_base **search_bases;
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce struct sdap_search_base **master_search_bases;
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce struct sdap_search_base **ranges_search_bases;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose struct sdap_search_base **host_search_bases;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce time_t last_refreshed;
cd5033e86bb4065d75188e2b6ef287a4421344c8Sumit Bose bool view_read_at_init;
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce};
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozekstatic errno_t
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozekipa_subdom_reinit(struct ipa_subdomains_ctx *ctx)
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek{
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek errno_t ret;
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose bool canonicalize = false;
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL,
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek "Re-initializing domain %s\n", ctx->be_ctx->domain->name);
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose if (ctx->ipa_id_ctx->ipa_options->auth_ctx != NULL
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose && ctx->ipa_id_ctx->ipa_options->auth_ctx->krb5_auth_ctx != NULL
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose && ctx->ipa_id_ctx->ipa_options->auth_ctx->krb5_auth_ctx->opts != NULL
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose ) {
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose canonicalize = dp_opt_get_bool(
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose ctx->ipa_id_ctx->ipa_options->auth_ctx->krb5_auth_ctx->opts,
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose KRB5_CANONICALIZE);
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose } else {
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose DEBUG(SSSDBG_CONF_SETTINGS, "Auth provider data is not available, "
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose "most probably because the auth provider "
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose "is not 'ipa'. Kerberos configuration "
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose "snippet to set the 'canonicalize' option "
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose "will not be created.\n");
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose }
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose
4fa184e2c60b377fd71e0115a618bd68dc73627dSumit Bose ret = sss_write_krb5_conf_snippet(
e6b6b9fa79c67d7d2698bc7e33d2e2f6bb53d483Sumit Bose dp_opt_get_string(ctx->ipa_id_ctx->ipa_options->basic,
e6b6b9fa79c67d7d2698bc7e33d2e2f6bb53d483Sumit Bose IPA_KRB5_CONFD_PATH),
ea11ed3ea6291488dd762033246edc4ce3951aebSumit Bose canonicalize);
4fa184e2c60b377fd71e0115a618bd68dc73627dSumit Bose if (ret != EOK) {
4fa184e2c60b377fd71e0115a618bd68dc73627dSumit Bose DEBUG(SSSDBG_MINOR_FAILURE, "sss_write_krb5_conf_snippet failed.\n");
4fa184e2c60b377fd71e0115a618bd68dc73627dSumit Bose /* Just continue */
4fa184e2c60b377fd71e0115a618bd68dc73627dSumit Bose }
4fa184e2c60b377fd71e0115a618bd68dc73627dSumit Bose
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek ret = sysdb_master_domain_update(ctx->be_ctx->domain);
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek if (ret != EOK) {
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "sysdb_master_domain_update failed.\n");
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek return ret;
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek }
c3243e3212f91b69ef9990e2cb4c9339bf2f7888Jakub Hrozek
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek ret = sysdb_update_subdomains(ctx->be_ctx->domain);
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed.\n");
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek return ret;
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek }
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek
06424c5ac5ffb871476208155762bb5b73e0b665Jakub Hrozek ret = sss_write_domain_mappings(ctx->be_ctx->domain);
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek if (ret != EOK) {
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "sss_krb5_write_mappings failed.\n");
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek /* Just continue */
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek }
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek return EOK;
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek}
d2a8b08561e6700bdd4feb988becae4e8f5368ddJakub Hrozek
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bosestatic errno_t ipa_ranges_parse_results(TALLOC_CTX *mem_ctx,
096a9678919fae460342469989b97fd47d812823Sumit Bose char *domain_name,
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose size_t count,
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose struct sysdb_attrs **reply,
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose struct range_info ***_range_list)
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose{
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose struct range_info **range_list = NULL;
096a9678919fae460342469989b97fd47d812823Sumit Bose struct range_info *r;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose const char *value;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose size_t c;
096a9678919fae460342469989b97fd47d812823Sumit Bose size_t d;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose int ret;
096a9678919fae460342469989b97fd47d812823Sumit Bose enum idmap_error_code err;
096a9678919fae460342469989b97fd47d812823Sumit Bose char *name1;
096a9678919fae460342469989b97fd47d812823Sumit Bose char *name2;
096a9678919fae460342469989b97fd47d812823Sumit Bose char *sid1;
096a9678919fae460342469989b97fd47d812823Sumit Bose char *sid2;
096a9678919fae460342469989b97fd47d812823Sumit Bose uint32_t rid1;
096a9678919fae460342469989b97fd47d812823Sumit Bose uint32_t rid2;
096a9678919fae460342469989b97fd47d812823Sumit Bose struct sss_idmap_range range1;
096a9678919fae460342469989b97fd47d812823Sumit Bose struct sss_idmap_range range2;
096a9678919fae460342469989b97fd47d812823Sumit Bose bool mapping1;
096a9678919fae460342469989b97fd47d812823Sumit Bose bool mapping2;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose range_list = talloc_array(mem_ctx, struct range_info *, count + 1);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (range_list == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose return ENOMEM;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose for (c = 0; c < count; c++) {
096a9678919fae460342469989b97fd47d812823Sumit Bose r = talloc_zero(range_list, struct range_info);
096a9678919fae460342469989b97fd47d812823Sumit Bose if (r == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_zero failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = ENOMEM;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = sysdb_attrs_get_string(reply[c], IPA_CN, &value);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose
096a9678919fae460342469989b97fd47d812823Sumit Bose r->name = talloc_strdup(r, value);
096a9678919fae460342469989b97fd47d812823Sumit Bose if (r->name == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = ENOMEM;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = sysdb_attrs_get_string(reply[c], IPA_TRUSTED_DOMAIN_SID, &value);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (ret == EOK) {
096a9678919fae460342469989b97fd47d812823Sumit Bose r->trusted_dom_sid = talloc_strdup(r, value);
096a9678919fae460342469989b97fd47d812823Sumit Bose if (r->trusted_dom_sid == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = ENOMEM;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose } else if (ret != ENOENT) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = sysdb_attrs_get_uint32_t(reply[c], IPA_BASE_ID,
096a9678919fae460342469989b97fd47d812823Sumit Bose &r->base_id);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (ret != EOK && ret != ENOENT) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = sysdb_attrs_get_uint32_t(reply[c], IPA_ID_RANGE_SIZE,
096a9678919fae460342469989b97fd47d812823Sumit Bose &r->id_range_size);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (ret != EOK && ret != ENOENT) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = sysdb_attrs_get_uint32_t(reply[c], IPA_BASE_RID,
096a9678919fae460342469989b97fd47d812823Sumit Bose &r->base_rid);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (ret != EOK && ret != ENOENT) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = sysdb_attrs_get_uint32_t(reply[c], IPA_SECONDARY_BASE_RID,
096a9678919fae460342469989b97fd47d812823Sumit Bose &r->secondary_base_rid);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (ret != EOK && ret != ENOENT) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose goto done;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose ret = sysdb_attrs_get_string(reply[c], IPA_RANGE_TYPE, &value);
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose if (ret == EOK) {
096a9678919fae460342469989b97fd47d812823Sumit Bose r->range_type = talloc_strdup(r, value);
096a9678919fae460342469989b97fd47d812823Sumit Bose if (r->range_type == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose ret = ENOMEM;
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose goto done;
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose }
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose } else if (ret == ENOENT) {
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose /* Older IPA servers might not have the range_type attribute, but
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose * only support local ranges and trusts with algorithmic mapping. */
096a9678919fae460342469989b97fd47d812823Sumit Bose if (r->trusted_dom_sid == NULL) {
096a9678919fae460342469989b97fd47d812823Sumit Bose r->range_type = talloc_strdup(r, IPA_RANGE_LOCAL);
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose } else {
096a9678919fae460342469989b97fd47d812823Sumit Bose r->range_type = talloc_strdup(r, IPA_RANGE_AD_TRUST);
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose }
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose } else {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose goto done;
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose if (r->range_type == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose ret = ENOMEM;
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose goto done;
5e60c73cb91d1659755fb5ea829837db68d46163Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose
096a9678919fae460342469989b97fd47d812823Sumit Bose ret = get_idmap_data_from_range(r, domain_name, &name1, &sid1, &rid1,
096a9678919fae460342469989b97fd47d812823Sumit Bose &range1, &mapping1);
096a9678919fae460342469989b97fd47d812823Sumit Bose if (ret != EOK) {
db5f9ab3feb85aa444eab20428ca2b98801b6783Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "get_idmap_data_from_range failed.\n");
096a9678919fae460342469989b97fd47d812823Sumit Bose goto done;
096a9678919fae460342469989b97fd47d812823Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose for (d = 0; d < c; d++) {
096a9678919fae460342469989b97fd47d812823Sumit Bose ret = get_idmap_data_from_range(range_list[d], domain_name, &name2,
096a9678919fae460342469989b97fd47d812823Sumit Bose &sid2, &rid2, &range2, &mapping2);
096a9678919fae460342469989b97fd47d812823Sumit Bose if (ret != EOK) {
096a9678919fae460342469989b97fd47d812823Sumit Bose DEBUG(SSSDBG_OP_FAILURE,
db5f9ab3feb85aa444eab20428ca2b98801b6783Jakub Hrozek "get_idmap_data_from_range failed.\n");
096a9678919fae460342469989b97fd47d812823Sumit Bose goto done;
096a9678919fae460342469989b97fd47d812823Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose
096a9678919fae460342469989b97fd47d812823Sumit Bose err = sss_idmap_check_collision_ex(name1, sid1, &range1, rid1,
096a9678919fae460342469989b97fd47d812823Sumit Bose r->name, mapping1,
096a9678919fae460342469989b97fd47d812823Sumit Bose name2, sid2, &range2, rid2,
096a9678919fae460342469989b97fd47d812823Sumit Bose range_list[d]->name, mapping2);
096a9678919fae460342469989b97fd47d812823Sumit Bose if (err != IDMAP_SUCCESS) {
096a9678919fae460342469989b97fd47d812823Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE,
096a9678919fae460342469989b97fd47d812823Sumit Bose "Collision of ranges [%s] and [%s] detected.\n",
096a9678919fae460342469989b97fd47d812823Sumit Bose r->name, range_list[d]->name);
096a9678919fae460342469989b97fd47d812823Sumit Bose ret = EINVAL;
096a9678919fae460342469989b97fd47d812823Sumit Bose goto done;
096a9678919fae460342469989b97fd47d812823Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose
096a9678919fae460342469989b97fd47d812823Sumit Bose range_list[c] = r;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
096a9678919fae460342469989b97fd47d812823Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose range_list[c] = NULL;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose *_range_list = range_list;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose ret = EOK;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bosedone:
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose if (ret != EOK) {
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose talloc_free(range_list);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose return ret;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose}
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozekstatic errno_t ipa_subdom_enumerates(struct sss_domain_info *parent,
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek struct sysdb_attrs *attrs,
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek bool *_enumerates)
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek{
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek errno_t ret;
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek const char *name;
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek ret = sysdb_attrs_get_string(attrs, IPA_CN, &name);
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek return ret;
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek }
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek *_enumerates = subdomain_enumerates(parent, name);
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek return EOK;
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek}
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bosestatic errno_t ipa_subdom_get_forest(TALLOC_CTX *mem_ctx,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose struct ldb_context *ldb_ctx,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose struct sysdb_attrs *attrs,
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose char **_forest)
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose{
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose int ret;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose struct ldb_dn *dn = NULL;
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek const char *name;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose const struct ldb_val *val;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose char *forest = NULL;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek dn = ipa_subdom_ldb_dn(mem_ctx, ldb_ctx, attrs);
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (dn == NULL) {
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "ipa_subdom_ldb_dn failed.\n");
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek ret = EIO;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose goto done;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose }
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek if (ipa_subdom_is_member_dom(dn) == false) {
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek ret = sysdb_attrs_get_string(attrs, IPA_CN, &name);
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek if (ret) {
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek goto done;
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek }
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek forest = talloc_strdup(mem_ctx, name);
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek if (forest == NULL) {
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek ret = ENOMEM;
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek goto done;
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek }
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek
10bf907b6d463a5cd776a056cb182bc9f8765bf4Jakub Hrozek DEBUG(SSSDBG_TRACE_INTERNAL, "The forest name is %s\n", forest);
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose ret = EOK;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose goto done;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose }
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose val = ldb_dn_get_component_val(dn, 1);
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose forest = talloc_strndup(mem_ctx, (const char *) val->data, val->length);
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (forest == NULL) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "talloc_strndup failed.\n");
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose ret = ENOMEM;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose goto done;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose }
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek ret = EOK;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bosedone:
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose talloc_free(dn);
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (ret == EOK) {
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose *_forest = forest;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose }
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose return ret;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose}
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozekstatic errno_t ipa_get_sd_trust_direction(struct sysdb_attrs *sd,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek struct ipa_id_ctx *id_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek struct ldb_context *ldb_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek uint32_t *_direction)
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek{
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek if (id_ctx->server_mode != NULL) {
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek return ipa_server_get_trust_direction(sd, ldb_ctx, _direction);
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek } else {
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek /* Clients do not have access to the trust objects's trust direction
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek * and don't generally care
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek */
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek *_direction = 0;
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek return EOK;
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek }
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek}
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozekstatic errno_t ipa_subdom_store(struct sss_domain_info *parent,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek struct ipa_id_ctx *id_ctx,
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose struct sdap_idmap_ctx *sdap_idmap_ctx,
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek struct sysdb_attrs *attrs)
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose{
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce TALLOC_CTX *tmp_ctx;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce const char *name;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce char *realm;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce const char *flat;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce const char *id;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose char *forest = NULL;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose int ret;
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose bool mpg;
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek bool enumerate;
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek uint32_t direction;
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose struct ldb_message_element *alternative_domain_suffixes = NULL;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek tmp_ctx = talloc_new(parent);
5627532b81802c2654ced8edac07f420bd677930Jakub Hrozek if (tmp_ctx == NULL) {
5627532b81802c2654ced8edac07f420bd677930Jakub Hrozek return ENOMEM;
5627532b81802c2654ced8edac07f420bd677930Jakub Hrozek }
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce ret = sysdb_attrs_get_string(attrs, IPA_CN, &name);
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce goto done;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce realm = get_uppercase_realm(tmp_ctx, name);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce if (!realm) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce ret = ENOMEM;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce goto done;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce ret = sysdb_attrs_get_string(attrs, IPA_FLATNAME, &flat);
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (ret) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce goto done;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce ret = sysdb_attrs_get_string(attrs, IPA_TRUSTED_DOMAIN_SID, &id);
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (ret) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce goto done;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose ret = sysdb_attrs_get_el_ext(attrs, IPA_ADDITIONAL_SUFFIXES, false,
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose &alternative_domain_suffixes);
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose if (ret != EOK && ret != ENOENT) {
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose goto done;
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose }
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose
fdda4b659fa3be3027df91a2b053835186ec2c59Sumit Bose mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, name, id);
09d7c105839bfc7447ea0f766413ed86675ca075Sumit Bose
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb),
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose attrs, &forest);
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose if (ret != EOK) {
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose goto done;
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose }
c5711b0279ea85d69fe3c77dfb194360c346e1d7Sumit Bose
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek ret = ipa_subdom_enumerates(parent, attrs, &enumerate);
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek if (ret != EOK) {
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek goto done;
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek }
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek ret = ipa_get_sd_trust_direction(attrs, id_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek sysdb_ctx_get_ldb(parent->sysdb),
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek &direction);
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek if (ret != EOK) {
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek "ipa_get_sd_trust_direction failed: %d\n", ret);
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek goto done;
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek }
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek
2427b40566cf63880f3650b26a2fee91cb28de24Petr Cech if (id_ctx->server_mode != NULL) {
2427b40566cf63880f3650b26a2fee91cb28de24Petr Cech DEBUG(SSSDBG_FUNC_DATA,
2427b40566cf63880f3650b26a2fee91cb28de24Petr Cech "Trust type of [%s]: %s\n", name, ipa_trust_dir2str(direction));
2427b40566cf63880f3650b26a2fee91cb28de24Petr Cech }
2427b40566cf63880f3650b26a2fee91cb28de24Petr Cech
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek id, mpg, enumerate, forest,
20348a30feb4be619b3b691c24c9be8131507c46Sumit Bose direction, alternative_domain_suffixes);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce if (ret) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_subdomain_store failed.\n");
0fcdef99980260d2da308c2c26861492ab983e3dJakub Hrozek goto done;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
204cfc89a076fd32bf34f2abb3f809304aaa88abSimo Sorce
0fcdef99980260d2da308c2c26861492ab983e3dJakub Hrozek ret = EOK;
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorcedone:
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce talloc_free(tmp_ctx);
0fcdef99980260d2da308c2c26861492ab983e3dJakub Hrozek return ret;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce}
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozekstatic void ipa_subdom_store_step(struct sss_domain_info *parent,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek struct ipa_id_ctx *id_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek struct sdap_idmap_ctx *sdap_idmap_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek struct sysdb_attrs *attrs)
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek{
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek int ret;
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek ret = ipa_subdom_store(parent, id_ctx, sdap_idmap_ctx, attrs);
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek if (ret == ERR_TRUST_NOT_SUPPORTED) {
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "Unsupported trust type, skipping\n");
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek } else if (ret) {
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek /* Nothing we can do about the error. */
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek DEBUG(SSSDBG_MINOR_FAILURE, "Failed to parse subdom data, "
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek "will try to use cached subdomain\n");
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek }
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek}
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorcestatic errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce int count, struct sysdb_attrs **reply,
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce bool *changes)
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce{
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek struct sss_domain_info *parent, *dom;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce bool handled[count];
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce const char *value;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce int c, h;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce int ret;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
31dd31b00ad759f256282ef0f7054e60672161ceJakub Hrozek parent = ctx->be_ctx->domain;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce memset(handled, 0, sizeof(bool) * count);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce h = 0;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
7b07f50dfdfa1e94c82d86a957ee7c9852d7a322Jakub Hrozek if (changes == NULL) {
7b07f50dfdfa1e94c82d86a957ee7c9852d7a322Jakub Hrozek return EINVAL;
7b07f50dfdfa1e94c82d86a957ee7c9852d7a322Jakub Hrozek }
7b07f50dfdfa1e94c82d86a957ee7c9852d7a322Jakub Hrozek *changes = false;
7b07f50dfdfa1e94c82d86a957ee7c9852d7a322Jakub Hrozek
95e94691178297f2b8225a83d43ae388cab04b45Simo Sorce /* check existing subdomains */
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek for (dom = get_next_domain(parent, SSS_GND_DESCEND);
4f118e3e6a25762f40a43e6dbefb09f44adbef32Simo Sorce dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
877b92e80bde510d5cd9f03dbf01e2bcf73ab072Michal Židek dom = get_next_domain(dom, 0)) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce for (c = 0; c < count; c++) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (handled[c]) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce continue;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce ret = sysdb_attrs_get_string(reply[c], IPA_CN, &value);
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose goto done;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce if (strcmp(value, dom->name) == 0) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce break;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (c >= count) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce /* ok this subdomain does not exist anymore, let's clean up */
b5825c74b6bf7a99ae2172392dbecb51179013a6Jakub Hrozek sss_domain_set_state(dom, DOM_DISABLED);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce ret = sysdb_subdomain_delete(dom->sysdb, dom->name);
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce if (ret != EOK) {
bba1a5fd62cffcae076d1351df5a83fbc4a6ec17Simo Sorce goto done;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
418e6ccd116eced7ccc75aca999a4c37c67289baJakub Hrozek
418e6ccd116eced7ccc75aca999a4c37c67289baJakub Hrozek /* Remove the AD ID ctx from the list of LDAP domains */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_ad_subdom_remove(ctx->be_ctx, ctx->ipa_id_ctx, dom);
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce } else {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce /* ok let's try to update it */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_subdom_store_step(parent, ctx->ipa_id_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek ctx->sdap_id_ctx->opts->idmap_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek reply[c]);
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce handled[c] = true;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce h++;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (count == h) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce /* all domains were already accounted for and have been updated */
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce ret = EOK;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce goto done;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce /* if we get here it means we have changes to the subdomains list */
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce *changes = true;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce for (c = 0; c < count; c++) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (handled[c]) {
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce continue;
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce }
9b7762729da24a901388ea53da29448f23e0f77bJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_subdom_store_step(parent, ctx->ipa_id_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek ctx->sdap_id_ctx->opts->idmap_ctx,
05d935cc9d04f03522d0bb44598d22d99b085926Jakub Hrozek reply[c]);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose ret = EOK;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bosedone:
efea50efda58be66638e5d38c8e57fdf9992f204Simo Sorce if (ret != EOK) {
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce ctx->last_refreshed = 0;
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce } else {
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce ctx->last_refreshed = time(NULL);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose return ret;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose}
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_apply_view(struct sss_domain_info *domain,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_id_ctx *ipa_id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *view_name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina bool read_at_init)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *current = ipa_id_ctx->view_name;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sysdb_ctx *sysdb = domain->sysdb;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina bool in_transaction = false;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t sret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_ALL, "read_at_init [%s] current view [%s]\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina read_at_init ? "true" : "false", ipa_id_ctx->view_name);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (current != NULL && strcmp(current, view_name) != 0 && read_at_init) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "View name changed, this is not supported "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "at runtime. Please restart SSSD to get the new view applied.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (current != NULL && strcmp(current, view_name) == 0) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "View name did not change.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EOK;
5ea449b18d2597f2581627de80bcaf2bc70b0fd3Simo Sorce }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "View name changed to [%s].\n", view_name);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* View name changed. If there was a non-default non-local view
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * was used the tree in cache containing the override values is
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * removed. In all cases sysdb_invalidate_overrides() is called to
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * remove the override attribute from the cached user objects.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * Typically ctx->sd_ctx->id_ctx->view_name == NULL means that the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * cache was empty but there was a bug in with caused that the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * view name was not written to the cache at all. In this case the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * cache must be invalidated if the new view is not the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * default-view as well. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (current != NULL || !is_default_view(view_name)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_transaction_start(sysdb);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Unable to start transaction "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina in_transaction = true;
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (!is_default_view(current) && !is_local_view(current)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Old view was not the default view, delete view tree */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_delete_view_tree(sysdb, current);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Unable to delete old view tree "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_invalidate_overrides(sysdb);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, " Unable to invalidate overrides "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_transaction_commit(sysdb);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Unable to commint transaction "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina in_transaction = false;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_update_view_name(sysdb, view_name);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Cannot update view name "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce goto done;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_free(ipa_id_ctx->view_name);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_id_ctx->view_name = talloc_strdup(ipa_id_ctx, view_name);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ipa_id_ctx->view_name == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Cannot copy view name.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce goto done;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (!read_at_init) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* refresh view data of all domains at startup */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_master_domain_update(domain);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sysdb_master_domain_update failed "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_update_subdomains(domain);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sysdb_update_subdomains failed "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorcedone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (in_transaction) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sret = sysdb_transaction_cancel(sysdb);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (sret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not cancel transaction\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
4c20fe34346919cf676c3e1b54b7701069e2aac6Simo Sorce }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return ret;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose}
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct ipa_subdomains_ranges_state {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sss_domain_info *domain;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina};
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_ranges_done(struct tevent_req *subreq);
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_ranges_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_context *ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sdap_handle *sh)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ranges_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *subreq;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *attrs[] = { OBJECTCLASS, IPA_CN,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina IPA_BASE_ID, IPA_BASE_RID, IPA_SECONDARY_BASE_RID,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina IPA_ID_RANGE_SIZE, IPA_TRUSTED_DOMAIN_SID,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina IPA_RANGE_TYPE, NULL };
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_create(mem_ctx, &state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ranges_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (req == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return NULL;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (sd_ctx->ranges_search_bases == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "No search base is set\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->domain = sd_ctx->be_ctx->domain;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = sdap_search_bases_send(state, ev, sd_ctx->sdap_id_ctx->opts, sh,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->ranges_search_bases, NULL, false,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina 0, RANGE_FILTER, attrs);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_ranges_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaimmediately:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret == EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_post(req, ev);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose}
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_ranges_done(struct tevent_req *subreq)
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ranges_state *state;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct range_info **range_list;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sysdb_attrs **reply;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina size_t reply_count;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_ranges_state);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sdap_search_bases_recv(subreq, state, &reply_count, &reply);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get data from LDAP [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_ranges_parse_results(state, state->domain->name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina reply_count, reply, &range_list);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Unable to parse range resulg [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_update_ranges(state->domain->sysdb, range_list);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_free(range_list);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Unable to update ranges [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinadone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose}
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_ranges_recv(struct tevent_req *req)
ad9ca94d0c793c2e30e77f4cc385bf10e42e382fJakub Hrozek{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina TEVENT_REQ_RETURN_ON_ERROR(req);
ad9ca94d0c793c2e30e77f4cc385bf10e42e382fJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EOK;
ad9ca94d0c793c2e30e77f4cc385bf10e42e382fJakub Hrozek}
ad9ca94d0c793c2e30e77f4cc385bf10e42e382fJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct ipa_subdomains_master_state {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sss_domain_info *domain;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_options *ipa_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina};
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_master_done(struct tevent_req *subreq);
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_master_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_context *ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sdap_handle *sh)
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_master_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sss_domain_info *domain;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *subreq;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
39f21d2b61685362642d42bc2f94f829671cd5efSumit Bose const char *attrs[] = { IPA_CN, IPA_FLATNAME, IPA_SID,
39f21d2b61685362642d42bc2f94f829671cd5efSumit Bose IPA_ADDITIONAL_SUFFIXES, NULL };
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_create(mem_ctx, &state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_master_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (req == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return NULL;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (sd_ctx->master_search_bases == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "No search base is set\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->domain = domain = sd_ctx->be_ctx->domain;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->ipa_options = sd_ctx->ipa_id_ctx->ipa_options;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_master_domain_update(domain);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to update master domain [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (domain->flat_name != NULL && domain->domain_id != NULL
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina && domain->realm != NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Master record is up to date.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = sdap_search_bases_return_first_send(state, ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->sdap_id_ctx->opts, sh,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->master_search_bases, NULL, false,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina 0, MASTER_DOMAIN_FILTER, attrs);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_master_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaimmediately:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret == EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_post(req, ev);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose}
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_master_done(struct tevent_req *subreq)
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_master_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sysdb_attrs **reply;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose size_t reply_count;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *flat = NULL;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *id = NULL;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *realm = NULL;
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose struct ldb_message_element *alternative_domain_suffixes = NULL;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_master_state);
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sdap_search_bases_return_first_recv(subreq, state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &reply_count, &reply);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get data from LDAP [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (reply_count > 0) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_attrs_get_string(reply[0], IPA_FLATNAME, &flat);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_attrs_get_string(reply[0], IPA_SID, &id);
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose if (ret != EOK) {
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose ret = sysdb_attrs_get_el_ext(reply[0], IPA_ADDITIONAL_SUFFIXES, false,
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose &alternative_domain_suffixes);
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose if (ret != EOK && ret != ENOENT) {
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose goto done;
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* All search paths are searched and no master domain record was
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * found.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * A default IPA installation will not have a master domain record,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * this is only created by ipa-adtrust-install. Nevertheless we should
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * continue to read other data like the idview on IPA clients. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_INTERNAL, "Master domain record not found!\n");
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina realm = dp_opt_get_string(state->ipa_options->basic, IPA_KRB5_REALM);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (realm == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm for IPA?\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EINVAL;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose ret = sysdb_master_domain_add_info(state->domain, realm, flat, id, NULL,
132b31fd5fb74a7627896cdceaf29c7601ed4795Sumit Bose alternative_domain_suffixes);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to add master domain info "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757Jakub Hrozek ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bosedone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose}
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_master_recv(struct tevent_req *req)
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina TEVENT_REQ_RETURN_ON_ERROR(req);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct ipa_subdomains_slave_state {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct be_ctx *be_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_id_ctx *ipa_id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina};
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_slave_search_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_slave_trusts_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_slave_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_context *ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sdap_handle *sh)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_slave_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *subreq;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *attrs[] = { IPA_CN, IPA_FLATNAME, IPA_TRUSTED_DOMAIN_SID,
39f21d2b61685362642d42bc2f94f829671cd5efSumit Bose IPA_TRUST_DIRECTION, IPA_ADDITIONAL_SUFFIXES,
39f21d2b61685362642d42bc2f94f829671cd5efSumit Bose NULL };
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_create(mem_ctx, &state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_slave_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (req == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return NULL;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (sd_ctx->search_bases == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "No search base is set\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->sd_ctx = sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->be_ctx = sd_ctx->be_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->ipa_id_ctx = sd_ctx->ipa_id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = sdap_search_bases_send(state, ev, sd_ctx->sdap_id_ctx->opts, sh,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->search_bases, NULL, false,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina 0, SUBDOMAINS_FILTER, attrs);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_slave_search_done, req);
b17b51c2779906bf3a5e4aecbb9ef8bfbfc2ebabJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaimmediately:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret == EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_post(req, ev);
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bosestatic errno_t ipa_enable_enterprise_principals(struct be_ctx *be_ctx)
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose{
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose int ret;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose struct sss_domain_info *d;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose TALLOC_CTX *tmp_ctx;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose char **vals = NULL;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose struct dp_module *auth;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose struct krb5_ctx *krb5_auth_ctx;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose d = get_domains_head(be_ctx->domain);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose while (d != NULL) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_TRACE_ALL, "checking [%s].\n", d->name);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (d->upn_suffixes != NULL) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose break;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose d = get_next_domain(d, SSS_GND_DESCEND);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (d == NULL) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_TRACE_ALL,
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose "No UPN suffixes found, "
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose "no need to enable enterprise principals.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose return EOK;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose tmp_ctx = talloc_new(NULL);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (tmp_ctx == NULL) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose return ENOMEM;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ret = confdb_get_param(be_ctx->cdb, tmp_ctx, be_ctx->conf_path,
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ipa_def_krb5_opts[KRB5_USE_ENTERPRISE_PRINCIPAL].opt_name,
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose &vals);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (ret != EOK) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "confdb_get_param failed.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose goto done;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (vals[0]) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_CONF_SETTINGS,
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose "Parameter [%s] set in config file and will not be changed.\n",
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ipa_def_krb5_opts[KRB5_USE_ENTERPRISE_PRINCIPAL].opt_name);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose return EOK;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose auth = dp_target_module(be_ctx->provider, DPT_AUTH);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (auth == NULL) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Unable to find auth proivder.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ret = EINVAL;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose goto done;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose krb5_auth_ctx = ipa_init_get_krb5_auth_ctx(dp_get_module_data(auth));
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (krb5_auth_ctx == NULL) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Unable to find auth proivder data.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ret = EINVAL;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose goto done;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ret = dp_opt_set_bool(krb5_auth_ctx->opts,
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose KRB5_USE_ENTERPRISE_PRINCIPAL, true);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (ret != EOK) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "dp_opt_set_bool failed.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose goto done;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_CONF_SETTINGS, "Enterprise principals enabled.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ret = EOK;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bosedone:
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose talloc_free(tmp_ctx);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose return ret;
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose}
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_slave_search_done(struct tevent_req *subreq)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_slave_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sysdb_attrs **reply;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina size_t reply_count;
7b07f50dfdfa1e94c82d86a957ee7c9852d7a322Jakub Hrozek bool has_changes = false;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_slave_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sdap_search_bases_recv(subreq, state, &reply_count, &reply);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get data from LDAP [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_refresh(state->sd_ctx, reply_count, reply,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &has_changes);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Failed to refresh subdomains.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (!has_changes) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose }
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdom_reinit(state->sd_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not reinitialize subdomains\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose ret = ipa_enable_enterprise_principals(state->sd_ctx->be_ctx);
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose if (ret != EOK) {
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "ipa_enable_enterprise_principals failed. "
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose "Enterprise principals might not work as "
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose "expected.\n");
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose }
70673115c03c37ddc64c951b53d92df9d3310762Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (state->sd_ctx->ipa_id_ctx->server_mode == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_server_create_trusts_send(state, state->be_ctx->ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->be_ctx, state->ipa_id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->be_ctx->domain);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_slave_trusts_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinadone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek }
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek}
298e22fc97a99994e025c0d507737d88fe6fafefJakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_slave_trusts_done(struct tevent_req *subreq)
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_server_create_trusts_recv(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
20ccfd63a17dc15dd24e6543424d86913d511c4bSumit Bose if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create trusts [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
20ccfd63a17dc15dd24e6543424d86913d511c4bSumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_slave_recv(struct tevent_req *req)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina TEVENT_REQ_RETURN_ON_ERROR(req);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
08ab0d4ede41a1749e0bc26f78a37a4d10c20db8Sumit Bose return EOK;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose}
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct ipa_subdomains_view_name_state {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina};
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_view_name_done(struct tevent_req *subreq);
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_view_name_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_context *ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sdap_handle *sh)
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_view_name_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sdap_attr_map_info *maps;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *subreq;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_options *ipa_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *filter;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *attrs[] = {IPA_CN, OBJECTCLASS, NULL};
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose errno_t ret;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_create(mem_ctx, &state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_view_name_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (req == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return NULL;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (sd_ctx->ipa_id_ctx->server_mode != NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Only get view on clients, on servers it is always 'default'. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->sd_ctx = sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_options = sd_ctx->ipa_id_ctx->ipa_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina maps = talloc_zero_array(state, struct sdap_attr_map_info, 2);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (maps == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "talloc_zero() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina maps[0].map = ipa_options->view_map;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina maps->num_attrs = IPA_OPTS_VIEW;
386a66b1aa18a176e6a06fa126556c9590c373b6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina filter = talloc_asprintf(state, "(&(objectClass=%s)(%s=%s))",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_options->host_map[IPA_OC_HOST].name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_options->host_map[IPA_AT_HOST_FQDN].name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_opt_get_string(ipa_options->basic, IPA_HOSTNAME));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (filter == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757Jakub Hrozek }
5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757Jakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* We add SDAP_DEREF_FLG_SILENT because old IPA servers don't have
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * the attribute we dereference, causing the deref call to fail. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = sdap_deref_bases_return_first_send(state, ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->sdap_id_ctx->opts, sh, sd_ctx->host_search_bases,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina maps, filter, attrs, IPA_ASSIGNED_ID_VIEW,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina SDAP_DEREF_FLG_SILENT, 0);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny }
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_view_name_done, req);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaimmediately:
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce if (ret == EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_post(req, ev);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny}
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_view_name_done(struct tevent_req *subreq)
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_view_name_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina size_t reply_count;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sdap_deref_attrs **reply;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *view_name;
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny errno_t ret;
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_view_name_state);
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sdap_deref_bases_return_first_recv(subreq, state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &reply_count, &reply);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Depending on the version 389ds return a different error code if the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * search for the view name failed because our dereference attribute
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * ipaAssignedIDView is not known. Newer version return
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * LDAP_UNAVAILABLE_CRITICAL_EXTENSION(12) which is translated to
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * EOPNOTSUPP and older versions return LDAP_PROTOCOL_ERROR(2) which
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * is returned as EIO. In both cases we have to assume that the server
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * is not view aware and keep the view name unset. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret == EOPNOTSUPP || ret == EIO) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Unable to get view name, looks " \
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "like server does not support views.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce goto done;
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce }
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "Unable to get view name [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (reply_count == 0) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "No view found, using default.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina view_name = SYSDB_DEFAULT_VIEW_NAME;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else if (reply_count == 1) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_attrs_get_string(reply[0]->attrs, SYSDB_VIEW_NAME,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina &view_name);
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sysdb_attrs_get_string failed.\n");
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny goto done;
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny }
84c611c1b7c04cc7735ab54d4e5f48284b79e6fbJan Zeleny } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "More than one object returned.\n");
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose ret = EINVAL;
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose goto done;
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose }
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_apply_view(state->sd_ctx->be_ctx->domain,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->sd_ctx->ipa_id_ctx, view_name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->sd_ctx->view_read_at_init);
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to set view [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose goto done;
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose }
b25d33b0a775e2337014a334699156ac56b08f9bSumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->sd_ctx->view_read_at_init = true;
81165faf5d951aca69f410713730c26ff048ec44Sumit Bose
81165faf5d951aca69f410713730c26ff048ec44Sumit Bosedone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
21f19d573047e70ee8ec0119ec00c1ed1af9ec04Simo Sorce }
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_view_name_recv(struct tevent_req *req)
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina TEVENT_REQ_RETURN_ON_ERROR(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EOK;
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce}
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct ipa_subdomains_refresh_state {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_context *ev;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct sdap_id_op *sdap_op;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina};
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_refresh_retry(struct tevent_req *req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_connect_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_ranges_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_master_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_slave_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_view_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_refresh_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_context *ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx)
d6d8287a9b8a240e068a26769dc6ce4582604850Simo Sorce{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_create(mem_ctx, &state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (req == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return NULL;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->ev = ev;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->sd_ctx = sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->sdap_op = sdap_id_op_create(state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->sdap_id_ctx->conn->conn_cache);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (state->sdap_op == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_OP_FAILURE, "sdap_id_op_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_refresh_retry(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret == EAGAIN) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* asynchronous processing */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaimmediately:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret == EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_post(req, ev);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
d6d8287a9b8a240e068a26769dc6ce4582604850Simo Sorce}
d6d8287a9b8a240e068a26769dc6ce4582604850Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_refresh_retry(struct tevent_req *req)
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *subreq;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina int ret;
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_refresh_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "sdap_id_op_connect_send() failed "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return ret;
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose }
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_refresh_connect_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EAGAIN;
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose}
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_connect_done(struct tevent_req *subreq)
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina int dp_error;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_refresh_state);
d6d8287a9b8a240e068a26769dc6ce4582604850Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sdap_id_op_connect_recv(subreq, &dp_error);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
cd4cc8d8829f1ea5257bf874b91980368114275fPavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to connect to LDAP "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (dp_error == DP_ERR_OFFLINE) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, "No IPA server is available, "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "cannot get the subdomain list while offline\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ERR_OFFLINE;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
44af0057c1fd52f6252f82ca73a06acfcac6c5e3Michal Zidek return;
44af0057c1fd52f6252f82ca73a06acfcac6c5e3Michal Zidek }
d6d8287a9b8a240e068a26769dc6ce4582604850Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_subdomains_ranges_send(state, state->ev, state->sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sdap_id_op_handle(state->sdap_op));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ENOMEM);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_refresh_ranges_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce}
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_ranges_done(struct tevent_req *subreq)
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_refresh_state);
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_ranges_recv(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get IPA ranges "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_subdomains_master_send(state, state->ev, state->sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sdap_id_op_handle(state->sdap_op));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ENOMEM);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_refresh_master_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce}
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_master_done(struct tevent_req *subreq)
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_refresh_state);
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_master_recv(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get master domain "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose }
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_subdomains_slave_send(state, state->ev, state->sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sdap_id_op_handle(state->sdap_op));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ENOMEM);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose }
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_refresh_slave_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_slave_done(struct tevent_req *subreq)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_refresh_state);
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_slave_recv(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get subdomains "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_subdomains_view_name_send(state, state->ev, state->sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sdap_id_op_handle(state->sdap_op));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ENOMEM);
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce return;
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce }
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_refresh_view_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_refresh_view_done(struct tevent_req *subreq)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_refresh_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina int dp_error;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_refresh_state);
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_view_name_recv(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sdap_id_op_done(state->sdap_op, ret, &dp_error);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (dp_error == DP_ERR_OK && ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* retry */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_refresh_retry(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose return;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else if (dp_error == DP_ERR_OFFLINE) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ERR_OFFLINE;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } else if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get view name "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto done;
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose }
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinadone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Unable to refresh subdomains [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_error(req, ret);
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce return;
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce }
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Subdomains refreshed.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_refresh_recv(struct tevent_req *req)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina TEVENT_REQ_RETURN_ON_ERROR(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EOK;
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce}
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct ipa_subdomains_handler_state {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct dp_reply_std reply;
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce};
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_handler_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_handler_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct dp_subdomains_data *data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct dp_req_params *params)
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_handler_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *subreq;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_create(mem_ctx, &state,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (req == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return NULL;
5063dcc5ab685dce325b13b9c1e93cee2a673e60Sumit Bose }
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (sd_ctx->last_refreshed > time(NULL) - IPA_SUBDOMAIN_REFRESH_LIMIT) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Subdomains were recently refreshed, "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "nothing to do\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce }
87ed72b47859e673b636c85f35b85f1546c7ed3dSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_subdomains_refresh_send(state, params->ev, sd_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (subreq == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina goto immediately;
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose }
fab48878db202d620f43c9da23e375866d1db2c6Sumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_subdomains_handler_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaimmediately:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&state->reply, DP_ERR_DECIDE, ret, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* TODO For backward compatibility we always return EOK to DP now. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_post(req, params->ev);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_subdomains_handler_done(struct tevent_req *subreq)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_handler_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdomains_refresh_recv(subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina talloc_zfree(subreq);
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to refresh subdomains [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret, sss_strerror(ret));
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce }
6a81cb8c3424dbe9f764af3738299cbbe5874a15Simo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* TODO For backward compatibility we always return EOK to DP now. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&state->reply, DP_ERR_DECIDE, ret, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_done(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t ipa_subdomains_handler_recv(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_req *req,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct dp_reply_std *data)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_handler_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_subdomains_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina TEVENT_REQ_RETURN_ON_ERROR(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina *data = state->reply;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_ptask_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct tevent_context *ev,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct be_ptask *be_ptask,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina void *pvt)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx = talloc_get_type(pvt, struct ipa_subdomains_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return ipa_subdomains_refresh_send(mem_ctx, ev, sd_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaipa_subdomains_ptask_recv(struct tevent_req *req)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return ipa_subdomains_refresh_recv(req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t ipa_subdomains_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_id_ctx *ipa_id_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct dp_method *dp_methods)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx *sd_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_options *ipa_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina time_t period;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_options = ipa_id_ctx->ipa_options;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx = talloc_zero(mem_ctx, struct ipa_subdomains_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (sd_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero failed.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return ENOMEM;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->be_ctx = be_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->ipa_id_ctx = ipa_id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->sdap_id_ctx = ipa_id_ctx->sdap_id_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->search_bases = ipa_options->subdomains_search_bases;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->master_search_bases = ipa_options->master_domain_search_bases;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->ranges_search_bases = ipa_options->ranges_search_bases;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sd_ctx->host_search_bases = ipa_options->host_search_bases;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_set_method(dp_methods, DPM_DOMAINS_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_subdomains_handler_send, ipa_subdomains_handler_recv, sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_subdomains_ctx, struct dp_subdomains_data, struct dp_reply_std);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina period = be_ctx->domain->subdomain_refresh_interval;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = be_ptask_create(sd_ctx, be_ctx, period, 0, 0, 0, period,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina BE_PTASK_OFFLINE_DISABLE, 0,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_subdomains_ptask_send, ipa_subdomains_ptask_recv, sd_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Subdomains Refresh", NULL);
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup ptask "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "[%d]: %s\n", ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Ignore, responders will trigger refresh from time to time. */
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce }
3b533d57a737e2de1b3e85b073b14d3bfb49dafcSimo Sorce
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_subdom_reinit(sd_ctx);
2b4b6b829f197493b4901bec96fefaadbc7a2464Jakub Hrozek if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, "Could not reinitialize subdomains. "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Users from trusted domains might not be resolved correctly\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Ignore this error and try to discover the subdomains later */
2b4b6b829f197493b4901bec96fefaadbc7a2464Jakub Hrozek }
2b4b6b829f197493b4901bec96fefaadbc7a2464Jakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_ad_subdom_init(be_ctx, ipa_id_ctx);
b17b51c2779906bf3a5e4aecbb9ef8bfbfc2ebabJakub Hrozek if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "ipa_ad_subdom_init() failed.\n");
b17b51c2779906bf3a5e4aecbb9ef8bfbfc2ebabJakub Hrozek return ret;
b17b51c2779906bf3a5e4aecbb9ef8bfbfc2ebabJakub Hrozek }
b17b51c2779906bf3a5e4aecbb9ef8bfbfc2ebabJakub Hrozek
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek return EOK;
f8a4a5f6240156809e1b5ef03816f673281e3fa0Jakub Hrozek}