/*
SSSD
LDAP Provider Common Functions
Authors:
Simo Sorce <ssorce@redhat.com>
Copyright (C) 2008-2010 Red Hat
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
#include "providers/ldap/ldap_common.h"
#include "providers/fail_over.h"
#include "providers/ldap/sdap_async_private.h"
#include "providers/krb5/krb5_common.h"
#include "db/sysdb_sudo.h"
#include "db/sysdb_services.h"
#include "db/sysdb_autofs.h"
#include "util/sss_krb5.h"
#include "util/crypto/sss_crypto.h"
#include "providers/ldap/sdap_idmap.h"
/* a fd the child process would log into */
{
ctx);
}
struct sdap_id_ctx *ctx,
struct sdap_domain *sdom,
void *pvt)
{
int ret;
/* set up enumeration task */
} else {
/* the enumeration task, runs the cleanup process by itself,
* but if enumeration is not running we need to schedule it */
}
return ret;
}
{
const char *tmp;
const char *srv_name;
char *new_uri;
return;
}
if (!service) {
return;
}
if (!srvaddr) {
"FATAL: No hostent available for server (%s)\n",
return;
}
return;
}
if (fo_is_srv_lookup(server)) {
if (!tmp) {
}
return;
}
} else {
}
if (!new_uri) {
return;
}
/* free old one and replace with new one */
}
struct tevent_signal *se,
int signum,
int count,
void *siginfo,
void *private_data)
{
int ret;
}
orderly_shutdown(0);
}
struct tevent_context *ev,
const char *realm)
{
char *sig_realm;
BlockSignals(false, SIGTERM);
return ENOMEM;
}
return ENOMEM;
}
return EOK;
}
{
int ret;
struct remove_info_files_ctx);
"be_fo_run_callbacks_at_next_request failed, "
"krb5 info files will not be removed, because "
"it is unclear if they will be recreated properly.\n");
return;
}
"talloc_new failed, cannot remove krb5 info files.\n");
return;
}
}
}
const char *realm,
const char *service_name)
{
int ret;
return ENOMEM;
}
goto done;
}
goto done;
}
done:
}
return ret;
}
char *default_primary,
char *default_realm,
const char *keytab_path)
{
char *sasl_primary;
char *desired_primary;
char *primary_realm;
char *sasl_realm;
char *desired_realm;
bool primary_requested = true;
bool realm_requested = true;
/* Configuration of SASL auth ID and realm */
if (!desired_primary) {
primary_requested = false;
}
*primary_realm = '\0';
"authid contains realm [%s]\n", desired_realm);
} else {
if (!desired_realm) {
realm_requested = false;
}
}
goto done;
}
"Configured SASL auth ID not found in keytab. "
}
"Configured SASL realm not found in keytab. "
}
goto done;
}
goto done;
}
done:
return ret;
}
static const char *
{
if (krberr) {
goto done;
}
if (krberr) {
goto done;
}
if (!realm) {
goto done;
}
done:
return realm;
}
{
const char *realm;
if (!realm) {
}
return realm;
}
struct sdap_service *sdap_service,
struct krb5_service **krb5_service)
{
int ret;
const char *krb5_servers;
const char *krb5_backup_servers;
const char *krb5_realm;
const char *krb5_opt_realm;
if (krb5_opt_realm == NULL) {
"Missing krb5_realm option, will use libkrb default\n");
if (krb5_realm == NULL) {
"Cannot determine the Kerberos realm, aborting\n");
goto done;
}
} else {
if (krb5_realm == NULL) {
goto done;
}
}
&service);
goto done;
}
goto done;
}
goto done;
}
goto done;
}
*krb5_service = service;
done:
return ret;
}
struct sdap_service *service,
const char *service_name,
const char *dns_service_name,
const char *urls,
bool primary)
{
char *srv_user_data;
int i;
if (!tmp_ctx) {
return ENOMEM;
}
/* split server parm into a list */
goto done;
}
/* now for each URI add a new server to the failover service */
for (i = 0; list[i]; i++) {
if (be_fo_is_srv_identifier(list[i])) {
if (!primary) {
"Failed to add server [%s] to failover service: "
"SRV resolution only allowed for primary servers!\n",
list[i]);
continue;
}
if (!dns_service_name) {
"Missing DNS service name for service [%s].\n",
goto done;
}
if (!srv_user_data) {
goto done;
}
BE_FO_PROTO_TCP, false, srv_user_data);
if (ret) {
goto done;
}
continue;
}
if (ret != LDAP_SUCCESS) {
"Failed to parse ldap URI (%s)!\n", list[i]);
goto done;
}
"The LDAP URI (%s) did not contain a host name\n",
list[i]);
continue;
}
/* It could be ipv6 address in square brackets. Remove
* the brackets if needed. */
goto done;
}
if (ret) {
goto done;
}
}
done:
return ret;
}
static inline errno_t
const char *service_name, const char *dns_service_name,
const char *urls)
{
dns_service_name, urls, true);
}
static inline errno_t
const char *service_name, const char *dns_service_name,
const char *urls)
{
dns_service_name, urls, false);
}
{
}
const char *service_name, const char *dns_service_name,
const char *urls, const char *backup_urls,
struct sdap_service **_service)
{
int ret;
if (!tmp_ctx) {
return ENOMEM;
}
if (!service) {
goto done;
}
goto done;
}
goto done;
}
if (!urls) {
"No primary servers defined, using service discovery\n");
}
urls);
goto done;
}
if (backup_urls) {
goto done;
}
}
goto done;
}
done:
}
return ret;
}
{
long l;
char *endptr;
if (s == NULL || *s == '\0') {
*d = -1;
return EOK;
}
errno = 0;
if (errno != 0) {
return errno;
}
if (*endptr != '\0') {
return EINVAL;
}
if (l < -1) {
"Input string contains not allowed negative value [%ld].\n",
l);
return EINVAL;
}
*d = l;
return EOK;
}
struct sdap_attr_map *map,
const char *ldap_name,
char **sysdb_name)
{
size_t i;
for (i = 0; i < map_size; i++) {
/* Skip map entries with no name (may depend on
* schema selected)
*/
/* Check if it is a mapped attribute */
}
if (i < map_size) {
/* We found a mapped name, return that */
} else {
/* Not mapped, use the same name */
}
if (!*sysdb_name) {
return ENOMEM;
}
return EOK;
}
struct sdap_attr_map *map,
struct sysdb_attrs *recvd_attrs,
char ***missing_attrs)
{
size_t i, j, k;
const char **expected_attrs;
char *sysdb_name;
if (!recvd_attrs || !missing_attrs) {
return EINVAL;
}
if (!tmp_ctx) {
return ENOMEM;
}
&expected_attrs, &attr_count);
goto done;
}
/* Allocate the maximum possible values for missing_attrs, to
* be on the safe side
*/
if (!missing) {
goto done;
}
k = 0;
/* Check for each expected attribute */
for (i = 0; i < attr_count; i++) {
expected_attrs[i],
&sysdb_name);
goto done;
}
/* objectClass is a special-case and we need to
* check for it explicitly.
*/
continue;
}
/* GECOS is another special case. Its value can come
* either from the 'gecos' attribute or the 'cn'
* attribute. It's best if we just never remove it.
*/
continue;
}
for (j = 0; j < recvd_attrs->num; j++) {
/* Check whether this expected attribute appeared in the
* received attributes and had a non-zero number of
* values.
*/
(recvd_attrs->a[j].num_values > 0)) {
break;
}
}
if (j < recvd_attrs->num) {
/* Attribute was found, therefore not missing */
} else {
/* Attribute could not be found. Add to the missing list */
k++;
/* Remove originalMemberOf as well if MemberOf is missing */
k++;
}
}
}
if (k == 0) {
*missing_attrs = NULL;
} else {
/* Terminate the list */
}
done:
return ret;
}
{
/* LDAPS URI's are secure channels */
return true;
}
return false;
}
const char *base_filter)
{
if (base_filter[0] == '(') {
/* This filter is wrapped in parentheses.
* Pass it as-is to the openldap libraries.
*/
} else {
}
return filter;
}
struct sdap_idmap_ctx *idmap_ctx,
struct sysdb_attrs *sysdb_attrs,
const char *sid_attr,
char **_sid_str)
{
char *sid_str;
"No [%s] attribute. [%d][%s]\n",
return ENOENT;
}
return ENOMEM;
}
} else {
&sid_str);
if (err != IDMAP_SUCCESS) {
"Could not convert SID: [%s]\n",
return EIO;
}
}
return EOK;
}
struct sdap_id_conn_ctx *
struct sdap_service *sdap_service)
{
return NULL;
}
/* Create a connection cache */
return NULL;
}
return conn;
}
struct sdap_id_ctx *
struct sdap_service *sdap_service)
{
return NULL;
}
/* There should be at least one connection context */
return NULL;
}
return sdap_ctx;
}