sdap_async_initgroups.c revision fdda4b659fa3be3027df91a2b053835186ec2c59
842ae4bd224140319ae7feec1872b93dfd491143fielding Async LDAP Helper routines - initgroups operation
842ae4bd224140319ae7feec1872b93dfd491143fielding Copyright (C) Simo Sorce <ssorce@redhat.com> - 2009
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding Copyright (C) 2010, Ralf Haferkamp <rhafer@suse.de>, Novell Inc.
04891cf70e0bfc38bfb027541dc821f04c754ff7nd Copyright (C) Jan Zeleny <jzeleny@redhat.com> - 2011
04891cf70e0bfc38bfb027541dc821f04c754ff7nd This program is free software; you can redistribute it and/or modify
04891cf70e0bfc38bfb027541dc821f04c754ff7nd it under the terms of the GNU General Public License as published by
04891cf70e0bfc38bfb027541dc821f04c754ff7nd the Free Software Foundation; either version 3 of the License, or
04891cf70e0bfc38bfb027541dc821f04c754ff7nd (at your option) any later version.
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding This program is distributed in the hope that it will be useful,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding but WITHOUT ANY WARRANTY; without even the implied warranty of
3568de757bac0b47256647504c186d17ca272f85rbb MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3568de757bac0b47256647504c186d17ca272f85rbb GNU General Public License for more details.
3568de757bac0b47256647504c186d17ca272f85rbb You should have received a copy of the GNU General Public License
3568de757bac0b47256647504c186d17ca272f85rbb along with this program. If not, see <http://www.gnu.org/licenses/>.
3568de757bac0b47256647504c186d17ca272f85rbb/* ==Save-fake-group-list=====================================*/
3568de757bac0b47256647504c186d17ca272f85rbbstatic errno_t sdap_add_incomplete_groups(struct sysdb_ctx *sysdb,
3568de757bac0b47256647504c186d17ca272f85rbb const char *groupname;
3568de757bac0b47256647504c186d17ca272f85rbb const char *original_dn;
3568de757bac0b47256647504c186d17ca272f85rbb bool in_transaction = false;
3568de757bac0b47256647504c186d17ca272f85rbb /* There are no groups in LDAP but we should add user to groups ?? */
3568de757bac0b47256647504c186d17ca272f85rbb missing = talloc_array(tmp_ctx, char *, ldap_groups_count+1);
db12cd62083041bf90945eeb90cc40fbd2340797trawick for (i=0; groupnames[i]; i++) {
db12cd62083041bf90945eeb90cc40fbd2340797trawick tmp_name = sss_get_domain_name(tmp_ctx, groupnames[i], domain);
333eac96e4fb7d6901cb75e6ca7bb22b2ccb84cetrawick ("Failed to format original name [%s]\n", groupnames[i]));
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ret = sysdb_search_group_by_name(tmp_ctx, sysdb, domain,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding "need to add a fake entry\n",
f0e395a55abfcad3d2bd7c63470003b08a93d567nd /* All groups are cached, nothing to do */
98fb535f829e2a95aabd82420931f476661fa8e3jorton if (mi == 0) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawick use_id_mapping = sdap_idmap_domain_has_algorithmic_mapping(opts->idmap_ctx,
3568de757bac0b47256647504c186d17ca272f85rbb ("Cannot start sysdb transaction [%d]: %s\n",
3568de757bac0b47256647504c186d17ca272f85rbb for (i=0; missing[i]; i++) {
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* The group is not in sysdb, need to add a fake entry */
3568de757bac0b47256647504c186d17ca272f85rbb ret = sdap_get_group_primary_name(tmp_ctx, opts, ldap_groups[ai],
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ("The group has no name attribute\n"));
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz DEBUG(SSSDBG_MINOR_FAILURE, ("No SID for group [%s] " \
3568de757bac0b47256647504c186d17ca272f85rbb "while id-mapping.\n",
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ("Mapping group [%s] objectSID to unix ID\n", groupname));
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ("Group [%s] has objectSID [%s]\n",
3568de757bac0b47256647504c186d17ca272f85rbb /* Convert the SID into a UNIX group ID */
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ("Group [%s] has mapped gid [%lu]\n",
3568de757bac0b47256647504c186d17ca272f85rbb ("Group [%s] cannot be mapped. "
3568de757bac0b47256647504c186d17ca272f85rbb "Treating as a non-POSIX group\n",
397df70abe0bdd78a84fb6c38c02641bcfeadceasf ("Marking group %s as non-posix and setting GID=0!\n",
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding } else if (ret) {
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm ret = sysdb_add_incomplete_group(sysdb, domain, groupname, gid,
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding DEBUG(2, ("Group %s not present in LDAP\n", missing[i]));
d90b36a9e6f6ea9a583694f4db5e5edd54a750b3minfrin DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_transaction_commit failed.\n"));
6653a33e820463abd4f81915b7a1eba0f602e200brianp DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction\n"));
cd8f8c995d415473f3bfb0b329b2450f2a722c3atrawick const char *name,
185aa71728867671e105178b4c66fbc22b65ae26sf bool in_transaction = false;
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding /* No groups for this user in LDAP.
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * We need to ensure that there are no groups
0f081398cf0eef8cc7c66a535d450110a92dc8aefielding * in the sysdb either.
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz DEBUG(1, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem /* Find the differences between the sysdb and LDAP lists
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem * Groups in the sysdb only must be removed.
9f979f5c8061f6f6f560d1824e0e378ff5b91931rpluem ret = diff_string_lists(tmp_ctx, ldap_grouplist, sysdb_grouplist,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard /* Add fake entries for any groups the user should be added as
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard * member of but that are not cached in sysdb
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ret = sdap_add_incomplete_groups(sysdb, domain, opts,
98cd3186185bb28ae6c95a3f159899fcf56a663ftrawick (const char *const *) add_groups,
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf (const char *const *) del_groups);
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf/* ==Initgr-call-(groups-a-user-is-member-of)-RFC2307===================== */
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf const char **attrs;
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames const char *name;
5a0f707b48da7703cbe6bc087f13a6735b1c742dgregames const char *orig_dn;
7cd5419264796cfeaf8215383cf0f89130a81fectrawickstatic errno_t sdap_initgr_rfc2307_next_base(struct tevent_req *req);
7cd5419264796cfeaf8215383cf0f89130a81fectrawickstatic void sdap_initgr_rfc2307_process(struct tevent_req *subreq);
7cd5419264796cfeaf8215383cf0f89130a81fectrawickstruct tevent_req *sdap_initgr_rfc2307_send(TALLOC_CTX *memctx,
7cd5419264796cfeaf8215383cf0f89130a81fectrawick const char *name)
7cd5419264796cfeaf8215383cf0f89130a81fectrawick const char **attr_filter;
7cd5419264796cfeaf8215383cf0f89130a81fectrawick req = tevent_req_create(memctx, &state, struct sdap_initgr_rfc2307_state);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard state->timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
7cd5419264796cfeaf8215383cf0f89130a81fectrawick ("Initgroups lookup request without a group search base\n"));
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard attr_filter = talloc_array(state, const char *, 2);
b5ffe4f30780fb159db08bd9f628980d2a092711sf attr_filter[0] = opts->group_map[SDAP_AT_GROUP_MEMBER].name;
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ret = build_attrs_from_map(state, opts->group_map, SDAP_OPTS_GROUP,
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ret = sss_filter_sanitize(state, name, &clean_name);
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard "(&(%s=%s)(objectclass=%s)(%s=*)(&(%s=*)(!(%s=0))))",
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddardstatic errno_t sdap_initgr_rfc2307_next_base(struct tevent_req *req)
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard state = tevent_req_data(req, struct sdap_initgr_rfc2307_state);
4a13940dc2990df0a798718d3a3f9cf1566c2217bjh ("Searching for groups with base [%s]\n",
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard tevent_req_set_callback(subreq, sdap_initgr_rfc2307_process, req);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzstatic void sdap_initgr_rfc2307_process(struct tevent_req *subreq)
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf req = tevent_req_callback_data(subreq, struct tevent_req);
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf state = tevent_req_data(req, struct sdap_initgr_rfc2307_state);
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf ret = sdap_get_generic_recv(subreq, state, &count, &ldap_groups);
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* Add this batch of groups to the list */
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf if (count > 0) {
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* Copy the new groups into the list.
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf for (i = 0; i < count; i++) {
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* Check for additional search bases, and iterate
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf * through again.
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* Search for all groups for which this user is a member */
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf ret = get_sysdb_grouplist(state, state->sysdb, state->domain,
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf /* There are no nested groups here so we can just update the
49aa87d735a13ae3d04012ee0df91ddb51f7c36esf * memberships */
d69e1ed15b5db3d832c1f6c8c403ef397248857atrawickstatic int sdap_initgr_rfc2307_recv(struct tevent_req *req)
3568de757bac0b47256647504c186d17ca272f85rbb/* ==Common code for pure RFC2307bis and IPA/AD========================= */
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf unsigned long count)
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf bool in_transaction = false;
8dfa8c6f60f12e0b65eebbb652b629f911f0f84bsf if (count > 0) {
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ret = sysdb_attrs_primary_name_list(sysdb, tmp_ctx,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard DEBUG(3, ("sysdb_attrs_primary_name_list failed [%d]: %s\n",
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard ret = sdap_add_incomplete_groups(sysdb, domain, opts, groupnamelist,
c0659e61002e9d6ff77b2dca72540e0af1b2ca64stoddard DEBUG(6, ("Could not add incomplete groups [%d]: %s\n",
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick const char *name;
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantzbuild_membership_diff(TALLOC_CTX *mem_ctx, const char *name,
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz char **ldap_parent_names, char **sysdb_parent_names,
36c8049de63c446926139936c3d195330a0539cetrawick mdiff = talloc_zero(tmp_ctx, struct membership_diff);
36c8049de63c446926139936c3d195330a0539cetrawick /* Find the differences between the sysdb and ldap lists
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * Groups in ldap only must be added to the sysdb;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * groups in the sysdb only must be removed.
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick/* ==Initgr-call-(groups-a-user-is-member-of)-nested-groups=============== */
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick const char *username;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick const char *orig_dn;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick const char **grp_attrs;
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickstatic errno_t sdap_initgr_nested_deref_search(struct tevent_req *req);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickstatic errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req);
e8f95a682820a599fe41b22977010636be5c2717jimstatic void sdap_initgr_nested_search(struct tevent_req *subreq);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickstatic void sdap_initgr_nested_store(struct tevent_req *req);
f886987cd0bd4220c14043c4d9be77ec22902e73trawickstatic struct tevent_req *sdap_initgr_nested_send(TALLOC_CTX *memctx,
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm const char **grp_attrs)
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick req = tevent_req_create(memctx, &state, struct sdap_initgr_nested_state);
f2e009134c7e279f99dfca5bd421f721bf1f7840jorton ret = sdap_get_user_primary_name(memctx, opts, user, dom, &state->username);
64c351fd973428b5bb4c28e983fa86875ea4e60fdougm DEBUG(SSSDBG_CRIT_FAILURE, ("User entry had no username\n"));
2e7f1d7da527c09e717251e186deffe55e6fbd0ftrawick ret = sysdb_attrs_get_el(state->user, SYSDB_MEMBEROF, &state->memberof);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (ret || !state->memberof || state->memberof->num_values == 0) {
36c8049de63c446926139936c3d195330a0539cetrawick DEBUG(4, ("User entry lacks original memberof ?\n"));
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick /* We can't find any groups for this user, so we'll
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick * have to assume there aren't any. Just return
f886987cd0bd4220c14043c4d9be77ec22902e73trawick * success here.
36c8049de63c446926139936c3d195330a0539cetrawick state->groups = talloc_zero_array(state, struct sysdb_attrs *,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick deref_threshold = dp_opt_get_int(state->opts->basic,
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick if (sdap_has_deref_support(state->sh, state->opts) &&
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawickstatic errno_t sdap_initgr_nested_noderef_search(struct tevent_req *req)
e8f95a682820a599fe41b22977010636be5c2717jim state = tevent_req_data(req, struct sdap_initgr_nested_state);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick state->filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=*))",
44d2e75323651320b480d8bc2f098448a08de4fcwrowe subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz tevent_req_set_callback(subreq, sdap_initgr_nested_search, req);
1ec8bd0373f11c07688ec9afbbf778cf78a0bc52wrowestatic void sdap_initgr_nested_deref_done(struct tevent_req *subreq);
f886987cd0bd4220c14043c4d9be77ec22902e73trawickstatic errno_t sdap_initgr_nested_deref_search(struct tevent_req *req)
f886987cd0bd4220c14043c4d9be77ec22902e73trawick const char **sdap_attrs;
3568de757bac0b47256647504c186d17ca272f85rbb state = tevent_req_data(req, struct sdap_initgr_nested_state);
8bfe865d8d61be4ba4a89e45427a3c4211ebabdctrawick maps = talloc_array(state, struct sdap_attr_map_info, num_maps+1);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ret = build_attrs_from_map(state, state->opts->group_map, SDAP_OPTS_GROUP,
98fb535f829e2a95aabd82420931f476661fa8e3jorton timeout = dp_opt_get_int(state->opts->basic, SDAP_SEARCH_TIMEOUT);
e8f95a682820a599fe41b22977010636be5c2717jim subreq = sdap_deref_search_send(state, state->ev, state->opts,
3568de757bac0b47256647504c186d17ca272f85rbb tevent_req_set_callback(subreq, sdap_initgr_nested_deref_done, req);
0cb6873985efbf0cc9644114925df6baa4b32d5awrowestatic void sdap_initgr_nested_deref_done(struct tevent_req *subreq)
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz req = tevent_req_callback_data(subreq, struct tevent_req);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz state = tevent_req_data(req, struct sdap_initgr_nested_state);
3568de757bac0b47256647504c186d17ca272f85rbb /* Nothing could be dereferenced. Done. */
7cd5419264796cfeaf8215383cf0f89130a81fectrawick for (i=0; i < num_results; i++) {
7cd5419264796cfeaf8215383cf0f89130a81fectrawickstatic void sdap_initgr_nested_search(struct tevent_req *subreq)
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz req = tevent_req_callback_data(subreq, struct tevent_req);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz state = tevent_req_data(req, struct sdap_initgr_nested_state);
28c170ac8e99644de58cad454c6e0f9b4b359be6jerenkrantz ret = sdap_get_generic_recv(subreq, state, &count, &groups);
groups[0]);
if (!subreq) {
static errno_t
static errno_t
static errno_t
bool in_transaction = false;
goto fail;
in_transaction = true;
goto fail;
goto fail;
goto fail;
goto fail;
in_transaction = false;
fail:
if (in_transaction) {
static errno_t
static errno_t
int groups_count,
int ngroups,
int *_ndirect);
static errno_t
int i, tret;
bool in_transaction = false;
&miter);
if (ret) {
goto done;
goto done;
in_transaction = true;
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
static errno_t
int tret;
const char *orig_dn;
int nparents;
int i, mi;
char **add_groups;
char **del_groups;
bool in_transaction = false;
if (!tmp_ctx) {
goto done;
goto done;
if (!ldap_parentlist) {
goto done;
nparents = 0;
if (ret) {
goto done;
nparents++;
if (nparents == 0) {
goto done;
if (ret) {
goto done;
goto done;
goto done;
in_transaction = true;
(const char *const *) add_groups,
(const char *const *) del_groups);
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
static errno_t
int groups_count,
const char *group_name;
int parents_count;
if (!tmp_ctx) {
goto done;
goto done;
if (ret) {
goto done;
goto done;
if (parents_count > 0) {
goto done;
goto done;
done:
return ret;
int ngroups,
int *_ndirect)
int i, mi;
int ret;
const char *orig_dn;
int ndirect;
if (!direct_groups) {
goto done;
ndirect = 0;
goto done;
for (i=0; i < ngroups; i++) {
if (ret) {
ndirect++;
done:
return ret;
return EOK;
struct sdap_initgr_rfc2307bis_state {
const char *name;
char *base_filter;
char *filter;
const char **attrs;
const char *orig_dn;
int timeout;
struct sdap_nested_group {
const char *name,
const char *orig_dn)
const char **attr_filter;
char *clean_orig_dn;
bool use_id_mapping;
goto done;
return NULL;
if (!attr_filter) {
goto done;
goto done;
if (use_id_mapping) {
return NULL;
done:
return req;
return ENOMEM;
if (!subreq) {
return ENOMEM;
return EOK;
size_t i;
int ret;
&count,
&ldap_groups);
if (ret) {
if (count > 0) {
struct sysdb_attrs *,
for (i = 0; i < count; i++) {
if (!subreq) {
static errno_t
static errno_t
bool in_transaction = false;
goto fail;
in_transaction = true;
goto fail;
goto fail;
goto fail;
goto fail;
in_transaction = false;
fail:
if (in_transaction) {
return EOK;
struct rfc2307bis_group_memberships_state {
int ret;
static errno_t
unsigned long count;
int hret, i;
goto done;
if (!groups) {
goto done;
for (i = 0; i < count; i++) {
struct sdap_nested_group);
goto done;
done:
return ret;
static errno_t
int hret;
bool in_transaction = false;
int num_added;
int grp_count;
struct rfc2307bis_group_memberships_state);
if (!membership_state) {
goto done;
goto done;
goto done;
in_transaction = true;
goto done;
num_added = 0;
for (i = 0; i < grp_count; i++) {
num_added++;
if (num_added == 0) {
(const char *const *) add,
goto done;
goto done;
in_transaction = false;
done:
if (in_transaction) {
return ret;
char *group_name;
char **sysdb_parents_names_list;
if (!tmp_ctx) {
goto done;
if (ret) {
goto done;
goto done;
goto done;
done:
char **ldap_grouplist;
char **sysdb_parent_name_list;
char **add_groups;
char **del_groups;
bool in_transaction = false;
size_t c;
char *tmp_str;
if(!tmp_ctx) {
return ENOMEM;
goto error;
in_transaction = true;
if (ret) {
goto error;
goto error;
goto error;
goto error;
(const char *const *)add_groups,
(const char *const *)del_groups);
goto error;
goto error;
in_transaction = false;
return EOK;
if (in_transaction) {
return ret;
struct sdap_rfc2307bis_nested_ctx {
int timeout;
const char *base_filter;
char *filter;
const char *orig_dn;
const char **attrs;
const char *primary_name;
struct sdap_rfc2307bis_nested_ctx);
if ((num_groups == 0) ||
goto done;
goto done;
struct sdap_nested_group *,
goto done;
goto done;
done:
return req;
const char **attr_filter;
char *clean_orig_dn;
if (!tmp_ctx) {
goto done;
goto done;
goto done;
goto done;
goto done;
goto done;
if (!attr_filter) {
goto done;
goto done;
goto done;
goto done;
done:
return ret;
return ENOMEM;
if (!subreq) {
return ENOMEM;
req);
return EOK;
size_t i;
int hret;
&count,
&ldap_groups);
if (ret) {
if (count > 0) {
struct sysdb_attrs *,
for (i = 0; i < count; i++) {
if (!subreq) {
return EOK;
struct sdap_get_initgr_state {
const char *name;
const char **grp_attrs;
const char **user_attrs;
char *user_base_filter;
char *filter;
int timeout;
bool use_id_mapping;
const char *name,
const char **grp_attrs)
int ret;
char *clean_name;
bool use_id_mapping;
goto done;
return NULL;
return NULL;
if (use_id_mapping) {
return NULL;
if (ret) {
return NULL;
done:
return req;
return ENOMEM;
if (!subreq) {
return ENOMEM;
return EOK;
struct tevent_req);
struct sdap_get_initgr_state);
int ret;
const char *orig_dn;
const char *cname;
bool in_transaction = false;
if (ret) {
if (count == 0) {
SDAP_RFC2307_FALLBACK_TO_LOCAL_USERS) == true)) {
if (ret) {
goto fail;
in_transaction = true;
true, NULL, 0);
if (ret) {
goto fail;
if (ret) {
goto fail;
in_transaction = false;
case SDAP_SCHEMA_RFC2307:
cname);
if (!subreq) {
case SDAP_SCHEMA_RFC2307BIS:
case SDAP_SCHEMA_AD:
&orig_dn);
if (!subreq) {
case SDAP_SCHEMA_IPA_V1:
if (!subreq) {
fail:
if (in_transaction) {
struct tevent_req);
struct sdap_get_initgr_state);
int ret;
char *gid;
char *sid_str;
char *dom_sid_str;
char *group_sid_str;
if (!tmp_ctx) {
case SDAP_SCHEMA_RFC2307:
case SDAP_SCHEMA_RFC2307BIS:
case SDAP_SCHEMA_AD:
case SDAP_SCHEMA_IPA_V1:
if (ret) {
goto fail;
&sid_str);
&dom_sid_str);
goto fail;
&primary_gid);
goto fail;
(unsigned long)primary_gid);
if (!group_sid_str) {
goto fail;
&primary_gid);
&primary_gid);
goto fail;
goto fail;
if (!subreq) {
goto fail;
fail:
return EOK;
const char *name,
char ***grouplist,
bool get_dn)
goto done;
if (!sysdb_grouplist) {
goto done;
if (get_dn) {
goto done;
&sysdb_grouplist[i]);
goto done;
done:
return ret;
const char *name,
char ***grouplist)
const char *name,
char ***grouplist)