sdap_async_initgroups.c revision 2ce00e0d3896bb42db169d1e79553a81ca837a22
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher Async LDAP Helper routines - initgroups operation
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher Copyright (C) Simo Sorce <ssorce@redhat.com> - 2009
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher Copyright (C) 2010, Ralf Haferkamp <rhafer@suse.de>, Novell Inc.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher Copyright (C) Jan Zeleny <jzeleny@redhat.com> - 2011
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher This program is free software; you can redistribute it and/or modify
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher it under the terms of the GNU General Public License as published by
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher the Free Software Foundation; either version 3 of the License, or
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher (at your option) any later version.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher This program is distributed in the hope that it will be useful,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher GNU General Public License for more details.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher You should have received a copy of the GNU General Public License
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#include "providers/ldap/sdap_async_private.h"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/* ==Save-fake-group-list=====================================*/
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstatic errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher bool use_id_mapping = dp_opt_get_bool(opts->basic, SDAP_ID_MAPPING);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* There are no groups in LDAP but we should add user to groups ?? */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher missing = talloc_array(tmp_ctx, char *, ldap_groups_count+1);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher for (i=0; groupnames[i]; i++) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_search_group_by_name(tmp_ctx, sysdb, groupnames[i], NULL, &msg);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(7, ("Group #%d [%s] is not cached, need to add a fake entry\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("search for group failed [%d]: %s\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* All groups are cached, nothing to do */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ("Cannot start sysdb transaction [%d]: %s\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher for (i=0; missing[i]; i++) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* The group is not in sysdb, need to add a fake entry */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher for (ai=0; ai < ldap_groups_count; ai++) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_primary_name(sysdb, ldap_groups[ai],
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("The group has no name attribute\n"));
21d485184df986e1a123f70c689517386e51a5ceMichal Zidek ("Mapping group [%s] objectSID to unix ID\n", name));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher opts->group_map[SDAP_AT_GROUP_OBJECTSID].sys_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ("Group [%s] has objectSID [%s]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Convert the SID into a UNIX group ID */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sdap_idmap_sid_to_unix(opts->idmap_ctx, sid_str,
e0404de84c31d2387bb244d018a5cac8d01f8b19Simo Sorce ("Group [%s] has mapped gid [%lu]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ("Group [%s] cannot be mapped. "
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher "Treating as a non-POSIX group\n",
21d485184df986e1a123f70c689517386e51a5ceMichal Zidek ret = sysdb_attrs_get_uint32_t(ldap_groups[ai],
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher if (ret == ENOENT || (ret == EOK && gid == 0)) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(8, ("Marking group %s as non-posix and setting GID=0!\n", name));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher } else if (ret) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("The GID attribute is malformed\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_get_string(ldap_groups[ai],
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(5, ("The group has no name original DN\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(8, ("Adding fake group %s to sysdb\n", name));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_add_incomplete_group(sysdb, name, gid, original_dn,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(2, ("Group %s not present in LDAP\n", missing[i]));
3d8a87081a6cd197acbd355b5a39111669ec2aa6Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_transaction_commit failed.\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherint sdap_initgr_common_store(struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* No groups for this user in LDAP.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * We need to ensure that there are no groups
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * in the sysdb either.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Find the differences between the sysdb and LDAP lists
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * Groups in the sysdb only must be removed.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_grouplist,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Failed to start transaction\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Add fake entries for any groups the user should be added as
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * member of but that are not cached in sysdb
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sdap_add_incomplete_groups(sysdb, opts,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Adding incomplete users failed\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(8, ("Updating memberships for %s\n", name));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_update_members(sysdb, name, type,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher (const char *const *) add_groups,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher (const char *const *) del_groups);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Membership update failed [%d]: %s\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Failed to commit transaction\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Failed to cancel transaction\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/* ==Initgr-call-(groups-a-user-is-member-of)-RFC2307===================== */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstatic errno_t sdap_initgr_rfc2307_next_base(struct tevent_req *req);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstatic void sdap_initgr_rfc2307_process(struct tevent_req *subreq);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstruct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state);
6fb75e297bf7fc83e3db1f5ae8560624656ef319Jan Zeleny state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->search_bases = opts->group_search_bases;
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ("Initgroups lookup request without a group search base\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher attr_filter = talloc_array(state, const char *, 2);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher attr_filter[0] = opts->group_map[SDAP_AT_GROUP_MEMBER].name;
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sss_filter_sanitize(state, name, &clean_name);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->base_filter = talloc_asprintf(state,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher opts->group_map[SDAP_AT_GROUP_MEMBER].name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstatic errno_t sdap_initgr_rfc2307_next_base(struct tevent_req *req)
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state = tevent_req_data(req, struct sdap_initgr_rfc2307_state);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->filter = sdap_get_id_specific_filter(
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->search_bases[state->base_iter]->filter);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ("Searching for groups with base [%s]\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->search_bases[state->base_iter]->scope,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher tevent_req_set_callback(subreq, sdap_initgr_rfc2307_process, req);
94a66f84bd3c28fcabffeb84c682dccf89d89c2bSumit Bosestatic void sdap_initgr_rfc2307_process(struct tevent_req *subreq)
b860f8b6b6b03982c80268e9f6fd35f6455b6b37Simo Sorce req = tevent_req_callback_data(subreq, struct tevent_req);
94a66f84bd3c28fcabffeb84c682dccf89d89c2bSumit Bose state = tevent_req_data(req, struct sdap_initgr_rfc2307_state);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sdap_get_generic_recv(subreq, state, &count, &ldap_groups);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Add this batch of groups to the list */
b860f8b6b6b03982c80268e9f6fd35f6455b6b37Simo Sorce /* Copy the new groups into the list.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher for (i = 0; i < count; i++) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->ldap_groups[state->ldap_groups_count + i] =
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher talloc_steal(state->ldap_groups, ldap_groups[i]);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->ldap_groups[state->ldap_groups_count] = NULL;
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Check for additional search bases, and iterate
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * through again.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher if (state->search_bases[state->base_iter] != NULL) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* Search for all groups for which this user is a member */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = get_sysdb_grouplist(state, state->sysdb, state->domain,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* There are no nested groups here so we can just update the
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * memberships */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sdap_initgr_common_store(state->sysdb, state->opts,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstatic int sdap_initgr_rfc2307_recv(struct tevent_req *req)
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/* ==Common code for pure RFC2307bis and IPA/AD========================= */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher unsigned long count)
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_primary_name_list(sysdb, tmp_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(3, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Failed to start transaction\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sdap_add_incomplete_groups(sysdb, opts, groupnamelist,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(6, ("Could not add incomplete groups [%d]: %s\n",
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Failed to commit transaction\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("Failed to cancel transaction\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherbuild_membership_diff(TALLOC_CTX *mem_ctx, const char *name,
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher char **ldap_parent_names, char **sysdb_parent_names,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher mdiff = talloc_zero(tmp_ctx, struct membership_diff);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher /* Find the differences between the sysdb and ldap lists
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher * Groups in ldap only must be added to the sysdb;
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher * groups in the sysdb only must be removed.
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher mdiff->add = talloc_steal(mdiff, add_groups);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher mdiff->del = talloc_steal(mdiff, del_groups);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher/* ==Initgr-call-(groups-a-user-is-member-of)-nested-groups=============== */
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagherstatic errno_t sdap_initgr_nested_deref_search(struct tevent_req *req);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagherstatic errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagherstatic void sdap_initgr_nested_search(struct tevent_req *subreq);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstatic void sdap_initgr_nested_store(struct tevent_req *req);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagherstatic struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher req = tevent_req_create(memctx, &state, struct sdap_initgr_nested_state);
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher ret = sysdb_attrs_primary_name(sysdb, user,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(1, ("User entry had no username\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher ret = sysdb_attrs_get_el(state->user, SYSDB_MEMBEROF, &state->memberof);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher if (ret || !state->memberof || state->memberof->num_values == 0) {
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher DEBUG(4, ("User entry lacks original memberof ?\n"));
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher /* We can't find any groups for this user, so we'll
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * have to assume there aren't any. Just return
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher * success here.
9b72b00ebcfd6225a4e139619c8e18d44a448f87Stephen Gallagher state->groups = talloc_zero_array(state, struct sysdb_attrs *,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher deref_threshold = dp_opt_get_int(state->opts->basic,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher if (sdap_has_deref_support(state->sh, state->opts) &&
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher deref_threshold < state->memberof->num_values) {
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher ret = sysdb_attrs_get_string(user, SYSDB_ORIG_DN,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher ret = sdap_initgr_nested_deref_search(req);
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher ret = sdap_initgr_nested_noderef_search(req);
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagherstatic errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req)
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher state = tevent_req_data(req, struct sdap_initgr_nested_state);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher state->group_dns = talloc_array(state, char *,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher for (i = 0; i < state->memberof->num_values; i++) {
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher state->group_dns[i] = talloc_strdup(state->group_dns,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher state->group_dns[i] = NULL; /* terminate */
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*))",
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher state->opts->group_map[SDAP_OC_GROUP].name,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher state->opts->group_map[SDAP_AT_GROUP_NAME].name);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
return ENOMEM;
return EAGAIN;
const char **sdap_attrs;
int timeout;
if (!subreq) {
goto fail;
return EAGAIN;
fail:
return ret;
size_t i;
&deref_result);
for (i=0; i < num_results; i++) {
int ret;
if (ret) {
groups[0]);
if (!subreq) {
static errno_t
static errno_t
static errno_t
bool in_transaction = false;
goto fail;
in_transaction = true;
goto fail;
goto fail;
goto fail;
goto fail;
in_transaction = false;
fail:
if (in_transaction) {
static errno_t
static errno_t
int groups_count,
int ngroups,
int *_ndirect);
static errno_t
int i, tret;
bool in_transaction = false;
&miter);
if (ret) {
goto done;
goto done;
in_transaction = true;
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
static errno_t
int tret;
const char *orig_dn;
int nparents;
int i, mi;
char **add_groups;
char **del_groups;
bool in_transaction = false;
if (!tmp_ctx) {
goto done;
goto done;
if (!ldap_parentlist) {
goto done;
nparents = 0;
if (ret) {
goto done;
nparents++;
if (nparents == 0) {
goto done;
if (ret) {
goto done;
goto done;
goto done;
in_transaction = true;
(const char *const *) add_groups,
(const char *const *) del_groups);
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
static errno_t
int groups_count,
const char *group_name;
int parents_count;
if (!tmp_ctx) {
goto done;
&group_name);
goto done;
if (ret) {
goto done;
goto done;
if (parents_count > 0) {
goto done;
goto done;
done:
return ret;
int ngroups,
int *_ndirect)
int i, mi;
int ret;
const char *orig_dn;
int ndirect;
if (!direct_groups) {
goto done;
ndirect = 0;
goto done;
for (i=0; i < ngroups; i++) {
if (ret) {
ndirect++;
done:
return ret;
return EOK;
struct sdap_initgr_rfc2307bis_state {
const char *name;
const char *base_filter;
char *filter;
const char **attrs;
const char *orig_dn;
int timeout;
struct sdap_nested_group {
const char *name,
const char *orig_dn)
const char **attr_filter;
char *clean_orig_dn;
goto done;
return NULL;
if (!attr_filter) {
goto done;
goto done;
done:
return req;
return ENOMEM;
if (!subreq) {
return ENOMEM;
return EOK;
size_t i;
int ret;
&count,
&ldap_groups);
if (ret) {
if (count > 0) {
struct sysdb_attrs *,
for (i = 0; i < count; i++) {
if (!subreq) {
static errno_t
static errno_t
bool in_transaction = false;
goto fail;
in_transaction = true;
goto fail;
goto fail;
goto fail;
goto fail;
in_transaction = false;
fail:
if (in_transaction) {
return EOK;
struct rfc2307bis_group_memberships_state {
int ret;
static errno_t
unsigned long count;
int hret, i;
goto done;
if (!groups) {
goto done;
for (i = 0; i < count; i++) {
struct sdap_nested_group);
goto done;
done:
return ret;
static errno_t
int hret;
bool in_transaction = false;
int num_added;
int grp_count;
int grp_count_old = 0;
struct rfc2307bis_group_memberships_state);
if (!membership_state) {
goto done;
goto done;
goto done;
in_transaction = true;
goto done;
num_added = 0;
for (i = 0; i < grp_count; i++) {
num_added++;
if (num_added == 0) {
(const char *const *) add,
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
char *group_name;
char **sysdb_parents_names_list;
if (!tmp_ctx) {
goto done;
if (ret) {
goto done;
goto done;
goto done;
done:
char **ldap_grouplist;
char **sysdb_parent_name_list;
char **add_groups;
char **del_groups;
bool in_transaction = false;
if(!tmp_ctx) {
return ENOMEM;
goto error;
in_transaction = true;
if (ret) {
goto error;
goto error;
goto error;
(const char *const *)add_groups,
(const char *const *)del_groups);
goto error;
goto error;
in_transaction = false;
return EOK;
if (in_transaction) {
return ret;
struct sdap_rfc2307bis_nested_ctx {
int timeout;
const char *base_filter;
char *filter;
const char *orig_dn;
const char **attrs;
const char *primary_name;
struct sdap_rfc2307bis_nested_ctx);
if ((num_groups == 0) ||
goto done;
goto done;
struct sdap_nested_group *,
goto done;
goto done;
done:
return req;
const char **attr_filter;
char *clean_orig_dn;
if (!tmp_ctx) {
goto done;
goto done;
goto done;
goto done;
goto done;
goto done;
if (!attr_filter) {
goto done;
goto done;
goto done;
goto done;
done:
return ret;
return ENOMEM;
if (!subreq) {
return ENOMEM;
req);
return EOK;
size_t i;
int hret;
&count,
&ldap_groups);
if (ret) {
if (count > 0) {
struct sysdb_attrs *,
for (i = 0; i < count; i++) {
if (!subreq) {
return EOK;
struct sdap_get_initgr_state {
const char *name;
const char **grp_attrs;
const char **user_attrs;
const char *user_base_filter;
char *filter;
int timeout;
const char *name,
const char **grp_attrs)
int ret;
char *clean_name;
goto done;
return NULL;
return NULL;
if (ret) {
return NULL;
done:
return req;
return ENOMEM;
if (!subreq) {
return ENOMEM;
return EOK;
const char *name,
const char *orig_dn);
struct tevent_req);
struct sdap_get_initgr_state);
int ret;
const char *orig_dn;
const char *cname;
bool in_transaction = false;
bool use_id_mapping =
if (ret) {
if (count == 0) {
if (ret) {
goto fail;
in_transaction = true;
true, NULL, 0);
if (ret) {
goto fail;
if (ret) {
goto fail;
in_transaction = false;
case SDAP_SCHEMA_RFC2307:
cname);
if (!subreq) {
case SDAP_SCHEMA_RFC2307BIS:
case SDAP_SCHEMA_AD:
&orig_dn);
if (use_id_mapping
if (!subreq) {
case SDAP_SCHEMA_IPA_V1:
if (!subreq) {
fail:
if (in_transaction) {
struct tevent_req);
struct sdap_get_initgr_state);
int ret;
char *gid;
char *sid_str;
char *dom_sid_str;
char *group_sid_str;
if (!tmp_ctx) {
case SDAP_SCHEMA_RFC2307:
case SDAP_SCHEMA_RFC2307BIS:
case SDAP_SCHEMA_AD:
if (use_id_mapping
case SDAP_SCHEMA_IPA_V1:
if (ret) {
goto fail;
if (use_id_mapping) {
&sid_str);
&dom_sid_str);
goto fail;
&primary_gid);
goto fail;
(unsigned long)primary_gid);
if (!group_sid_str) {
goto fail;
&primary_gid);
goto fail;
goto fail;
if (!subreq) {
goto fail;
fail:
return EOK;
const char *name,
char ***grouplist)
goto done;
if (!sysdb_grouplist) {
goto done;
&sysdb_grouplist[i]);
goto done;
done:
return ret;