providers/ldap/ldap_init.c

	ldap_init.c revision 1abdf56dcda5f6bed7b144e544c00dbdd501b3fc
842ae4bd224140319ae7feec1872b93dfd491143fielding/*
842ae4bd224140319ae7feec1872b93dfd491143fielding    SSSD
842ae4bd224140319ae7feec1872b93dfd491143fielding
842ae4bd224140319ae7feec1872b93dfd491143fielding    LDAP Provider Initialization functions
842ae4bd224140319ae7feec1872b93dfd491143fielding
842ae4bd224140319ae7feec1872b93dfd491143fielding    Authors:
2d2eda71267231c2526be701fe655db125852c1ffielding        Simo Sorce <ssorce@redhat.com>
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd
2d2eda71267231c2526be701fe655db125852c1ffielding    Copyright (C) 2009 Red Hat
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd    This program is free software; you can redistribute it and/or modify
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd    it under the terms of the GNU General Public License as published by
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd    the Free Software Foundation; either version 3 of the License, or
ce9621257ef9e54c1bbe5ad8a5f445a1f211c2dcnd    (at your option) any later version.
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffielding    This program is distributed in the hope that it will be useful,
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    but WITHOUT ANY WARRANTY; without even the implied warranty of
0432a26b69eedfb9ca5f34fba590236378a24851ben    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
0432a26b69eedfb9ca5f34fba590236378a24851ben    GNU General Public License for more details.
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    You should have received a copy of the GNU General Public License
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    along with this program.  If not, see <http://www.gnu.org/licenses/>.
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh*/
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "util/child_common.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "providers/ldap/ldap_common.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "providers/ldap/sdap_async_private.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "providers/ldap/sdap_access.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "providers/ldap/sdap_sudo.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "providers/ldap/sdap_autofs.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "providers/ldap/sdap_idmap.h"
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh#include "providers/fail_over_srv.h"
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffieldingstatic void sdap_shutdown(struct be_req *req);
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh/* Id Handler */
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianhstruct bet_ops sdap_id_ops = {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    .handler = sdap_account_info_handler,
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    .finalize = sdap_shutdown,
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    .check_online = sdap_check_online
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb};
2d2eda71267231c2526be701fe655db125852c1ffielding
30c289e6bc6d28d210b21edd800ab2cfc78a8381wrowe/* Auth Handler */
cccd31fa4a72fe23cc3249c06db181b274a55a69gsteinstruct bet_ops sdap_auth_ops = {
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein    .handler = sdap_pam_auth_handler,
cd39d2139743ca0ef899953c6496dcf99e9c791atrawick    .finalize = sdap_shutdown
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein};
a261b81a1044c0e2ea3f21cf9b7019297bad16aajorton
b627048681b27fe30f979ba471b523be3a6a22adrbb/* Chpass Handler */
cccd31fa4a72fe23cc3249c06db181b274a55a69gsteinstruct bet_ops sdap_chpass_ops = {
cccd31fa4a72fe23cc3249c06db181b274a55a69gstein    .handler = sdap_pam_chpass_handler,
44c46ef733836b32585d135d2d90856e7cfd9929rbb    .finalize = sdap_shutdown
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb};
e6cc28a5eb3371ba0c38e941855e71ff0054f50erbb
d9039a9aaeaa1359c1147af66c09aeac56ae3ee0pquerna/* Access Handler */
cdccf2ac94172d1a4a54bc2e17324e1ef682ccf3pquernastruct bet_ops sdap_access_ops = {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    .handler = sdap_pam_access_handler,
9cfc48b742c224c1fbc2c26a4119a3266192c7d2wrowe    .finalize = sdap_shutdown
9cfc48b742c224c1fbc2c26a4119a3266192c7d2wrowe};
ef5650b61a8e35f3cc93ec07e73efc17ea329894jorton
7c7372abe2484e7fcf81937b93496d1246e5b816gstein/* Please use this only for short lists */
a261b81a1044c0e2ea3f21cf9b7019297bad16aajortonerrno_t check_order_list_for_duplicates(char **list,
a261b81a1044c0e2ea3f21cf9b7019297bad16aajorton                                        bool case_sensitive)
a261b81a1044c0e2ea3f21cf9b7019297bad16aajorton{
a261b81a1044c0e2ea3f21cf9b7019297bad16aajorton    size_t c;
d71fd7cd9c4815d0647425f21ba3a803919a9148jorton    size_t d;
7c7372abe2484e7fcf81937b93496d1246e5b816gstein    int cmp;
7c7372abe2484e7fcf81937b93496d1246e5b816gstein
7c7372abe2484e7fcf81937b93496d1246e5b816gstein    for (c = 0; list[c] != NULL; c++) {
7c7372abe2484e7fcf81937b93496d1246e5b816gstein        for (d = c + 1; list[d] != NULL; d++) {
7c7372abe2484e7fcf81937b93496d1246e5b816gstein            if (case_sensitive) {
2d2eda71267231c2526be701fe655db125852c1ffielding                cmp = strcmp(list[c], list[d]);
2d2eda71267231c2526be701fe655db125852c1ffielding            } else {
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh                cmp = strcasecmp(list[c], list[d]);
2d2eda71267231c2526be701fe655db125852c1ffielding            }
2d2eda71267231c2526be701fe655db125852c1ffielding            if (cmp == 0) {
2d2eda71267231c2526be701fe655db125852c1ffielding                DEBUG(1, ("Duplicate string [%s] found.\n", list[c]));
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh                return EINVAL;
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh            }
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh        }
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh    }
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
2d2eda71267231c2526be701fe655db125852c1ffielding    return EOK;
dd5cbadf2df719db2f3c769d03ec847da25854e6bnicholes}
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
dd5cbadf2df719db2f3c769d03ec847da25854e6bnicholesint sssm_ldap_id_init(struct be_ctx *bectx,
2d2eda71267231c2526be701fe655db125852c1ffielding                      struct bet_ops **ops,
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh                      void **pvt_data)
2d2eda71267231c2526be701fe655db125852c1ffielding{
2d2eda71267231c2526be701fe655db125852c1ffielding    struct sdap_id_ctx *ctx;
2d2eda71267231c2526be701fe655db125852c1ffielding    const char *urls;
2d2eda71267231c2526be701fe655db125852c1ffielding    const char *backup_urls;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    const char *dns_service_name;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    const char *sasl_mech;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    int ret;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
72a4ef8eac1adef882246c5bfb9b8bbd82d613c4coar    /* If we're already set up, just return that */
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    if(bectx->bet_info[BET_ID].mod_name &&
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb       strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        DEBUG(8, ("Re-using sdap_id_ctx for this provider\n"));
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh        *ops = bectx->bet_info[BET_ID].bet_ops;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh        *pvt_data = bectx->bet_info[BET_ID].pvt_bet_data;
2d2eda71267231c2526be701fe655db125852c1ffielding        return EOK;
2d2eda71267231c2526be701fe655db125852c1ffielding    }
2d2eda71267231c2526be701fe655db125852c1ffielding
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh    ctx = talloc_zero(bectx, struct sdap_id_ctx);
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh    if (!ctx) return ENOMEM;
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh    ctx->be = bectx;
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh
2d2eda71267231c2526be701fe655db125852c1ffielding    ret = ldap_get_options(ctx, bectx->cdb,
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh                           bectx->conf_path, &ctx->opts);
2d2eda71267231c2526be701fe655db125852c1ffielding    if (ret != EOK) {
2d2eda71267231c2526be701fe655db125852c1ffielding        goto done;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    }
2d2eda71267231c2526be701fe655db125852c1ffielding
a0bd5cdd79004f4b7b1b441e38133519d3e20a1fsf    dns_service_name = dp_opt_get_string(ctx->opts->basic,
2d2eda71267231c2526be701fe655db125852c1ffielding                                         SDAP_DNS_SERVICE_NAME);
2d2eda71267231c2526be701fe655db125852c1ffielding    DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name));
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
2d2eda71267231c2526be701fe655db125852c1ffielding    urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI);
2d2eda71267231c2526be701fe655db125852c1ffielding    backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_BACKUP_URI);
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
2d2eda71267231c2526be701fe655db125852c1ffielding    ret = sdap_service_init(ctx, ctx->be, "LDAP",
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh                            dns_service_name, urls, backup_urls,
2d2eda71267231c2526be701fe655db125852c1ffielding                            &ctx->service);
2d2eda71267231c2526be701fe655db125852c1ffielding    if (ret != EOK) {
2d2eda71267231c2526be701fe655db125852c1ffielding        DEBUG(1, ("Failed to initialize failover service!\n"));
2d2eda71267231c2526be701fe655db125852c1ffielding        goto done;
2d2eda71267231c2526be701fe655db125852c1ffielding    }
2d2eda71267231c2526be701fe655db125852c1ffielding
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH);
2d2eda71267231c2526be701fe655db125852c1ffielding    if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) {
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh        if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) {
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh            ret = sdap_gssapi_init(ctx, ctx->opts->basic,
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh                                   ctx->be, ctx->service,
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh                                   &ctx->krb5_service);
2d2eda71267231c2526be701fe655db125852c1ffielding            if (ret !=  EOK) {
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh                DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding                            ret, strerror(ret)));
2d2eda71267231c2526be701fe655db125852c1ffielding                goto done;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh            }
2d2eda71267231c2526be701fe655db125852c1ffielding        }
2d2eda71267231c2526be701fe655db125852c1ffielding    }
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffielding    ret = setup_tls_config(ctx->opts->basic);
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    if (ret != EOK) {
2d2eda71267231c2526be701fe655db125852c1ffielding        DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
2d2eda71267231c2526be701fe655db125852c1ffielding                  ret, strerror(ret)));
2d2eda71267231c2526be701fe655db125852c1ffielding        goto done;
2d2eda71267231c2526be701fe655db125852c1ffielding    }
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
2d2eda71267231c2526be701fe655db125852c1ffielding    ret = sdap_id_conn_cache_create(ctx, ctx, &ctx->conn_cache);
dbbf1b4183ae16353011a5269b37899f02b97d81gregames    if (ret != EOK) {
2d2eda71267231c2526be701fe655db125852c1ffielding        goto done;
2d2eda71267231c2526be701fe655db125852c1ffielding    }
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
2d2eda71267231c2526be701fe655db125852c1ffielding    if (dp_opt_get_bool(ctx->opts->basic, SDAP_ID_MAPPING)) {
e44e11f9fece12c783f18d033923bfc0d6b4289aake        /* Set up the ID mapping object */
2d2eda71267231c2526be701fe655db125852c1ffielding        ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx);
2d2eda71267231c2526be701fe655db125852c1ffielding        if (ret != EOK) goto done;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    }
2d2eda71267231c2526be701fe655db125852c1ffielding
ee1af2aeb57527f33baa4737aa431e4aef997855rbowen    ret = sdap_id_setup_tasks(ctx);
2d2eda71267231c2526be701fe655db125852c1ffielding    if (ret != EOK) {
2d2eda71267231c2526be701fe655db125852c1ffielding        goto done;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    }
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffielding    ret = setup_child(ctx);
2d2eda71267231c2526be701fe655db125852c1ffielding    if (ret != EOK) {
2d2eda71267231c2526be701fe655db125852c1ffielding        DEBUG(1, ("setup_child failed [%d][%s].\n",
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh                  ret, strerror(ret)));
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh        goto done;
2d2eda71267231c2526be701fe655db125852c1ffielding    }
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffielding    /* setup SRV lookup plugin */
2d2eda71267231c2526be701fe655db125852c1ffielding    ret = be_fo_set_dns_srv_lookup_plugin(bectx, NULL);
2d2eda71267231c2526be701fe655db125852c1ffielding    if (ret != EOK) {
2d2eda71267231c2526be701fe655db125852c1ffielding        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin "
2d2eda71267231c2526be701fe655db125852c1ffielding                                    "[%d]: %s\n", ret, strerror(ret)));
2d2eda71267231c2526be701fe655db125852c1ffielding        goto done;
2d2eda71267231c2526be701fe655db125852c1ffielding    }
ee7882748b83255e50ea6bc3b3fdc8ee0949e2e3jorton
2d2eda71267231c2526be701fe655db125852c1ffielding    *ops = &sdap_id_ops;
2d2eda71267231c2526be701fe655db125852c1ffielding    *pvt_data = ctx;
2d2eda71267231c2526be701fe655db125852c1ffielding    ret = EOK;
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffieldingdone:
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    if (ret != EOK) {
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh        talloc_free(ctx);
2d2eda71267231c2526be701fe655db125852c1ffielding    }
2d2eda71267231c2526be701fe655db125852c1ffielding    return ret;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh}
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh
2d2eda71267231c2526be701fe655db125852c1ffieldingint sssm_ldap_auth_init(struct be_ctx *bectx,
2d2eda71267231c2526be701fe655db125852c1ffielding                        struct bet_ops **ops,
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh                        void **pvt_data)
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh{
2d2eda71267231c2526be701fe655db125852c1ffielding    void *data;
2d2eda71267231c2526be701fe655db125852c1ffielding    struct sdap_id_ctx *id_ctx;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    struct sdap_auth_ctx *ctx;
2efb935ae8fe12d5192a3bf2c52c28461b6c68afdgaudet    int ret;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh
2efb935ae8fe12d5192a3bf2c52c28461b6c68afdgaudet    ret = sssm_ldap_id_init(bectx, ops, &data);
2efb935ae8fe12d5192a3bf2c52c28461b6c68afdgaudet    if (ret == EOK) {
2efb935ae8fe12d5192a3bf2c52c28461b6c68afdgaudet        id_ctx = talloc_get_type(data, struct sdap_id_ctx);
2efb935ae8fe12d5192a3bf2c52c28461b6c68afdgaudet
2efb935ae8fe12d5192a3bf2c52c28461b6c68afdgaudet        ctx = talloc(bectx, struct sdap_auth_ctx);
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        if (!ctx) return ENOMEM;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        ctx->be = bectx;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        ctx->opts = id_ctx->opts;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        ctx->service = id_ctx->service;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        ctx->chpass_service = NULL;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        *ops = &sdap_auth_ops;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        *pvt_data = ctx;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    }
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    return ret;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb}
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbbint sssm_ldap_chpass_init(struct be_ctx *bectx,
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb                          struct bet_ops **ops,
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb                          void **pvt_data)
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb{
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    int ret;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    void *data;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    struct sdap_auth_ctx *ctx = NULL;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    const char *urls;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    const char *backup_urls;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    const char *dns_service_name;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    ret = sssm_ldap_auth_init(bectx, ops, &data);
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    if (ret != EOK) {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        DEBUG(1, ("sssm_ldap_auth_init failed.\n"));
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        goto done;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    }
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    ctx = talloc_get_type(data, struct sdap_auth_ctx);
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    dns_service_name = dp_opt_get_string(ctx->opts->basic,
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb                                         SDAP_CHPASS_DNS_SERVICE_NAME);
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    if (dns_service_name) {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        DEBUG(7, ("Service name for chpass discovery set to %s\n",
99d6d3207e24ba1f8eba77ef903948d738886cf5nd                  dns_service_name));
99d6d3207e24ba1f8eba77ef903948d738886cf5nd    }
99d6d3207e24ba1f8eba77ef903948d738886cf5nd
99d6d3207e24ba1f8eba77ef903948d738886cf5nd    urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_URI);
99d6d3207e24ba1f8eba77ef903948d738886cf5nd    backup_urls = dp_opt_get_string(ctx->opts->basic, SDAP_CHPASS_BACKUP_URI);
99d6d3207e24ba1f8eba77ef903948d738886cf5nd    if (!urls && !backup_urls && !dns_service_name) {
99d6d3207e24ba1f8eba77ef903948d738886cf5nd        DEBUG(9, ("ldap_chpass_uri and ldap_chpass_dns_service_name not set, "
99d6d3207e24ba1f8eba77ef903948d738886cf5nd                  "using ldap_uri.\n"));
99d6d3207e24ba1f8eba77ef903948d738886cf5nd        ctx->chpass_service = NULL;
99d6d3207e24ba1f8eba77ef903948d738886cf5nd    } else {
99d6d3207e24ba1f8eba77ef903948d738886cf5nd        ret = sdap_service_init(ctx, ctx->be, "LDAP_CHPASS", dns_service_name,
99d6d3207e24ba1f8eba77ef903948d738886cf5nd                                urls, backup_urls, &ctx->chpass_service);
99d6d3207e24ba1f8eba77ef903948d738886cf5nd        if (ret != EOK) {
99d6d3207e24ba1f8eba77ef903948d738886cf5nd            DEBUG(1, ("Failed to initialize failover service!\n"));
99d6d3207e24ba1f8eba77ef903948d738886cf5nd            goto done;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        }
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    }
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    *ops = &sdap_chpass_ops;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    *pvt_data = ctx;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    ret = EOK;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbbdone:
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    if (ret != EOK) {
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        talloc_free(ctx);
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    }
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    return ret;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb}
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben
759f4a24d09e28c4eaca9f97311b497fc15cb5c7benint sssm_ldap_access_init(struct be_ctx *bectx,
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                          struct bet_ops **ops,
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                          void **pvt_data)
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben{
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    int ret;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    struct sdap_access_ctx *access_ctx;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    const char *filter;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    const char *order;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    char **order_list;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    int order_list_len;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    size_t c;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    const char *dummy;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    access_ctx = talloc_zero(bectx, struct sdap_access_ctx);
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    if(access_ctx == NULL) {
7b6ba9c468f26bdb3492d5e8cb79628a3b04e8c8wrowe        ret = ENOMEM;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        goto done;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    }
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    ret = sssm_ldap_id_init(bectx, ops, (void **)&access_ctx->id_ctx);
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh    if (ret != EOK) {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        DEBUG(1, ("sssm_ldap_id_init failed.\n"));
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        goto done;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    }
1374444b4fab1475091e12a81663f379b73005efrbb
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    order = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
bbe046d7cbb950ab3e372e4119ae001a5fe52ed4striker                               SDAP_ACCESS_ORDER);
bbe046d7cbb950ab3e372e4119ae001a5fe52ed4striker    if (order == NULL) {
bbe046d7cbb950ab3e372e4119ae001a5fe52ed4striker        DEBUG(1, ("ldap_access_order not given, using 'filter'.\n"));
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        order = "filter";
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    }
c8aa00ee0cfc17b5fa08fb8a2b08d30dc9e4f1b1wrowe
c8aa00ee0cfc17b5fa08fb8a2b08d30dc9e4f1b1wrowe    ret = split_on_separator(access_ctx, order, ',', true, true,
4542d057c4bde23857f31d449fa3108561206139wrowe                             &order_list, &order_list_len);
c8aa00ee0cfc17b5fa08fb8a2b08d30dc9e4f1b1wrowe    if (ret != EOK) {
4542d057c4bde23857f31d449fa3108561206139wrowe        DEBUG(1, ("split_on_separator failed.\n"));
c8aa00ee0cfc17b5fa08fb8a2b08d30dc9e4f1b1wrowe        goto done;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    }
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    ret = check_order_list_for_duplicates(order_list, false);
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    if (ret != EOK) {
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        DEBUG(1, ("check_order_list_for_duplicates failed.\n"));
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        goto done;
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    }
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb    if (order_list_len > LDAP_ACCESS_LAST) {
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        DEBUG(1, ("Currently only [%d] different access rules are supported.\n"));
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb        ret = EINVAL;
6d74c65f131583f6832b04424c1a9e1e7cc72c8egregames        goto done;
6d74c65f131583f6832b04424c1a9e1e7cc72c8egregames    }
6d74c65f131583f6832b04424c1a9e1e7cc72c8egregames
6d74c65f131583f6832b04424c1a9e1e7cc72c8egregames    for (c = 0; order_list[c] != NULL; c++) {
6d74c65f131583f6832b04424c1a9e1e7cc72c8egregames        if (strcasecmp(order_list[c], LDAP_ACCESS_FILTER_NAME) == 0) {
6d74c65f131583f6832b04424c1a9e1e7cc72c8egregames            access_ctx->access_rule[c] = LDAP_ACCESS_FILTER;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh            filter = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh                                                    SDAP_ACCESS_FILTER);
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh            if (filter == NULL) {
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh                /* It's okay if this is NULL. In that case we will simply act
b0f20a4a26bcfa85724b1c2e5ec6a077f12ef44crbb                 * like the 'deny' provider.
2e123e8beedc9f921448c113e2d6823a92fd5261fielding                 */
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                DEBUG(0, ("Warning: LDAP access rule 'filter' is set, "
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                          "but no ldap_access_filter configured. "
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                          "All domain users will be denied access.\n"));
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben            }
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben            else {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                if (filter[0] == '(') {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    /* This filter is wrapped in parentheses.
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                     * Pass it as-is to the openldap libraries.
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                     */
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    access_ctx->filter = filter;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                }
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                else {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    /* Add parentheses around the filter */
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    access_ctx->filter = talloc_asprintf(access_ctx, "(%s)", filter);
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    if (access_ctx->filter == NULL) {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                        ret = ENOMEM;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                        goto done;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    }
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                }
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe            }
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe        } else if (strcasecmp(order_list[c], LDAP_ACCESS_EXPIRE_NAME) == 0) {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben            access_ctx->access_rule[c] = LDAP_ACCESS_EXPIRE;
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe            dummy = dp_opt_get_cstring(access_ctx->id_ctx->opts->basic,
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe                                       SDAP_ACCOUNT_EXPIRE_POLICY);
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe            if (dummy == NULL) {
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe                DEBUG(0, ("Warning: LDAP access rule 'expire' is set, "
64b9fa4bc3e79b0eefb2d93fb56eae40d88e0f06wrowe                          "but no ldap_account_expire_policy configured. "
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                          "All domain users will be denied access.\n"));
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben            } else {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                if (strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_SHADOW) != 0 &&
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_AD) != 0 &&
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh                    strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_NDS) != 0 &&
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh                    strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_RHDS) != 0 &&
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh                    strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_IPA) != 0 &&
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh                    strcasecmp(dummy, LDAP_ACCOUNT_EXPIRE_389DS) != 0) {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    DEBUG(1, ("Unsupported LDAP account expire policy [%s].\n",
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                              dummy));
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben                    ret = EINVAL;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh                    goto done;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh                }
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh            }
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh        } else if (strcasecmp(order_list[c], LDAP_ACCESS_SERVICE_NAME) == 0) {
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh            access_ctx->access_rule[c] = LDAP_ACCESS_SERVICE;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        } else if (strcasecmp(order_list[c], LDAP_ACCESS_HOST_NAME) == 0) {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben            access_ctx->access_rule[c] = LDAP_ACCESS_HOST;
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben        } else {
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben            DEBUG(1, ("Unexpected access rule name [%s].\n", order_list[c]));
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben            ret = EINVAL;
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd            goto done;
9d129b55f5a43abf43865c6b0eb6dd19bc22aba8ianh        }
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    }
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    access_ctx->access_rule[c] = LDAP_ACCESS_EMPTY;
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    if (c == 0) {
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd        DEBUG(0, ("Warning: access_provider=ldap set, "
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd                  "but ldap_access_order is empty. "
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd                  "All domain users will be denied access.\n"));
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    }
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    *ops = &sdap_access_ops;
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    *pvt_data = access_ctx;
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    ret = EOK;
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nddone:
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    if (ret != EOK) {
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd        talloc_free(access_ctx);
d11bf78168abbb07d8ed9f54d7ea0953d46aad83nd    }
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb    return ret;
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick}
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawickint sssm_ldap_sudo_init(struct be_ctx *be_ctx,
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick                        struct bet_ops **ops,
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb                        void **pvt_data)
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick{
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb#ifdef BUILD_SUDO
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb    struct sdap_id_ctx *id_ctx;
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick    void *data;
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick    int ret;
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick    ret = sssm_ldap_id_init(be_ctx, ops, &data);
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick    if (ret != EOK) {
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick        DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n",
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick                                    ret, strerror(ret)));
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick        return ret;
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick    }
1ce78cf71b5baaf2c1ab48e818cb1f2397df5010trawick
759f4a24d09e28c4eaca9f97311b497fc15cb5c7ben    id_ctx = talloc_get_type(data, struct sdap_id_ctx);
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb    if (!id_ctx) {
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb        DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n"));
3d96ee83babeec32482c9082c9426340cee8c44dwrowe        return EIO;
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb    }
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb    return sdap_sudo_init(be_ctx, id_ctx, ops, pvt_data);
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb#else
a520b923984f45daeaf0741d5c7e3de1f2d24509rbb    DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is "
3d96ee83babeec32482c9082c9426340cee8c44dwrowe                                 "built without sudo support, ignoring\n"));
2d2eda71267231c2526be701fe655db125852c1ffielding    return EOK;
4e2c23ca8bd7b207f6e9c396759c1e2171370990trawick#endif
ceb14f8ba57a8086c9a68ad264efbe2433134382covener}
ceb14f8ba57a8086c9a68ad264efbe2433134382covener
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianhint sssm_ldap_autofs_init(struct be_ctx *be_ctx,
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh                          struct bet_ops **ops,
2d2eda71267231c2526be701fe655db125852c1ffielding                          void **pvt_data)
2d2eda71267231c2526be701fe655db125852c1ffielding{
b0d8a6d437db6f4c222173f27ef81c98622fbd02pquerna#ifdef BUILD_AUTOFS
b0d8a6d437db6f4c222173f27ef81c98622fbd02pquerna    struct sdap_id_ctx *id_ctx;
2d2eda71267231c2526be701fe655db125852c1ffielding    void *data;
ceb14f8ba57a8086c9a68ad264efbe2433134382covener    int ret;
ceb14f8ba57a8086c9a68ad264efbe2433134382covener
ceb14f8ba57a8086c9a68ad264efbe2433134382covener    ret = sssm_ldap_id_init(be_ctx, ops, &data);
ceb14f8ba57a8086c9a68ad264efbe2433134382covener    if (ret != EOK) {
ceb14f8ba57a8086c9a68ad264efbe2433134382covener        DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n",
ceb14f8ba57a8086c9a68ad264efbe2433134382covener                                    ret, strerror(ret)));
ceb14f8ba57a8086c9a68ad264efbe2433134382covener        return ret;
ceb14f8ba57a8086c9a68ad264efbe2433134382covener    }
ceb14f8ba57a8086c9a68ad264efbe2433134382covener
ceb14f8ba57a8086c9a68ad264efbe2433134382covener    id_ctx = talloc_get_type(data, struct sdap_id_ctx);
2d2eda71267231c2526be701fe655db125852c1ffielding    if (!id_ctx) {
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n"));
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh        return EIO;
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    }
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh    return sdap_autofs_init(be_ctx, id_ctx, ops, pvt_data);
3d0bdf16bc410722e6c42aa2ceb0677b0ae29b90ianh#else
2d2eda71267231c2526be701fe655db125852c1ffielding    DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs init handler called but SSSD is "
1ccd992d37d62c8cb2056126f2234f64ec189bfddougm                                 "built without autofs support, ignoring\n"));
2d2eda71267231c2526be701fe655db125852c1ffielding    return EOK;
cf35a54aa4b61245bf315cc594f8809c1cf31729geoff#endif
2d2eda71267231c2526be701fe655db125852c1ffielding}
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffieldingstatic void sdap_shutdown(struct be_req *req)
2d2eda71267231c2526be701fe655db125852c1ffielding{
2d2eda71267231c2526be701fe655db125852c1ffielding    /* TODO: Clean up any internal data */
2d2eda71267231c2526be701fe655db125852c1ffielding    sdap_handler_done(req, DP_ERR_OK, EOK, NULL);
2d2eda71267231c2526be701fe655db125852c1ffielding}
2d2eda71267231c2526be701fe655db125852c1ffielding
2d2eda71267231c2526be701fe655db125852c1ffielding