ipa_subdomains.c revision 66fa032b86f730315b30d62ed58ab17ad065e5ff
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive IPA Subdomains Module
fe64b2ba25510d8c9dba5560a2d537763566cf40nd Sumit Bose <sbose@redhat.com>
fe64b2ba25510d8c9dba5560a2d537763566cf40nd Copyright (C) 2011 Red Hat
fe64b2ba25510d8c9dba5560a2d537763566cf40nd This program is free software; you can redistribute it and/or modify
fe64b2ba25510d8c9dba5560a2d537763566cf40nd it under the terms of the GNU General Public License as published by
fe64b2ba25510d8c9dba5560a2d537763566cf40nd the Free Software Foundation; either version 3 of the License, or
fe64b2ba25510d8c9dba5560a2d537763566cf40nd (at your option) any later version.
fe64b2ba25510d8c9dba5560a2d537763566cf40nd This program is distributed in the hope that it will be useful,
fe64b2ba25510d8c9dba5560a2d537763566cf40nd but WITHOUT ANY WARRANTY; without even the implied warranty of
fe64b2ba25510d8c9dba5560a2d537763566cf40nd MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
fe64b2ba25510d8c9dba5560a2d537763566cf40nd GNU General Public License for more details.
fe64b2ba25510d8c9dba5560a2d537763566cf40nd You should have received a copy of the GNU General Public License
a63f0ab647ad2ab72efc9bea7a66e24e9ebc5cc2nd along with this program. If not, see <http://www.gnu.org/licenses/>.
fe64b2ba25510d8c9dba5560a2d537763566cf40nd#define SUBDOMAINS_FILTER "objectclass=ipaNTTrustedDomain"
fe64b2ba25510d8c9dba5560a2d537763566cf40nd#define MASTER_DOMAIN_FILTER "objectclass=ipaNTDomainAttrs"
117c1f888a14e73cdd821dc6c23eb0411144a41cnd/* do not refresh more often than every 5 seconds for now */
117c1f888a14e73cdd821dc6c23eb0411144a41cnd const char *filter;
117c1f888a14e73cdd821dc6c23eb0411144a41cndstruct be_ctx *ipa_get_subdomains_be_ctx(struct be_ctx *be_ctx)
117c1f888a14e73cdd821dc6c23eb0411144a41cnd subdom_ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data,
117c1f888a14e73cdd821dc6c23eb0411144a41cnd DEBUG(SSSDBG_TRACE_ALL, ("Subdomains are not configured.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ad_options = ad_create_default_options(id_ctx, id_ctx->server_mode->realm,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD options\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = dp_opt_set_string(ad_options->basic, AD_DOMAIN, ad_domain);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = dp_opt_set_string(ad_options->basic, AD_KRB5_REALM,
fb77c505254b6e9c925e23e734463e87574f8f40kess gc_service_name = talloc_asprintf(ad_options, "%s%s", "gc_", subdom->name);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive /* Set KRB5 realm to same as the one of IPA when IPA
fb77c505254b6e9c925e23e734463e87574f8f40kess * is able to attach PAC. For testing, use hardcoded. */
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize AD failover\n"));
ef8e89e090461194ecadd31e8796a2c51e0531a2kess /* use AD plugin */
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess DEBUG(SSSDBG_OP_FAILURE, ("Cannot initialize sdap domain\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive sdom = sdap_domain_get(ad_id_ctx->sdap_id_ctx->opts, subdom);
130d299c4b2b15be45532a176604c71fdc7bea5bnd /* Set up the ID mapping object */
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ret = ipa_ad_ctx_new(be_ctx, id_ctx, subdom, &ad_id_ctx);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ("Cannot create ad_id_ctx for subdomain %s\n", subdom->name));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive trust_ctx = talloc(id_ctx->server_mode, struct ipa_ad_server_ctx);
c985aca104389df30d6ec0a637ce0ccaac904362nd dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
58699879a562774640b95e9eedfd891f336e38c2nd /* Check if we already have an ID context for this subdomain */
58699879a562774640b95e9eedfd891f336e38c2nd DLIST_FOR_EACH(trust_iter, id_ctx->server_mode->trusts) {
58699879a562774640b95e9eedfd891f336e38c2nd /* Newly detected trust */
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess ("Cannot create ad_id_ctx for subdomain %s\n",
58699879a562774640b95e9eedfd891f336e38c2ndstatic void
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess DLIST_FOR_EACH(iter, ctx->id_ctx->server_mode->trusts) {
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd DEBUG(SSSDBG_CRIT_FAILURE, ("No IPA-AD context for subdomain %s\n",
4a7affccb2f1f5b94cab395e1bf3825aed715ebcnd sdom = sdap_domain_get(iter->ad_id_ctx->sdap_id_ctx->opts, subdom);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd sdap_domain_remove(iter->ad_id_ctx->sdap_id_ctx->opts, subdom);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd /* terminate all requests for this subdomain so we can free it */
4335f1cbf345c91bb996eec540c11ba8ce5d4268ndconst char *get_flat_name_from_subdomain_name(struct be_ctx *be_ctx,
9583adab6bc4b3758e41963c905d9dad9f067131nd const char *name)
4335f1cbf345c91bb996eec540c11ba8ce5d4268nd ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data,
4335f1cbf345c91bb996eec540c11ba8ce5d4268nd DEBUG(SSSDBG_TRACE_ALL, ("Subdomains are not configured.\n"));
4335f1cbf345c91bb996eec540c11ba8ce5d4268nd dom = find_subdomain_by_name(ctx->be_ctx->domain, name, true);
4335f1cbf345c91bb996eec540c11ba8ce5d4268ndstatic errno_t ipa_ranges_parse_results(TALLOC_CTX *mem_ctx,
4335f1cbf345c91bb996eec540c11ba8ce5d4268nd const char *value;
fe64b2ba25510d8c9dba5560a2d537763566cf40nd range_list = talloc_array(mem_ctx, struct range_info *, count + 1);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd for (c = 0; c < count; c++) {
fe64b2ba25510d8c9dba5560a2d537763566cf40nd range_list[c] = talloc_zero(range_list, struct range_info);
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess ret = sysdb_attrs_get_string(reply[c], IPA_CN, &value);
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
f4f4505fedd39d92f787066b0ba8ec912e778784nd range_list[c]->name = talloc_strdup(range_list[c], value);
10673857794a4b3d9568ca2d983722a87ed352f1rbowen DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = sysdb_attrs_get_string(reply[c], IPA_TRUSTED_DOMAIN_SID, &value);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive range_list[c]->trusted_dom_sid = talloc_strdup(range_list[c],
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz ret = sysdb_attrs_get_uint32_t(reply[c], IPA_BASE_ID,
1f53e295ebd19aed1767d12da7abfab9936c148cjerenkrantz DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = sysdb_attrs_get_uint32_t(reply[c], IPA_ID_RANGE_SIZE,
97a9a944b5887e91042b019776c41d5dd74557aferikabele DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = sysdb_attrs_get_uint32_t(reply[c], IPA_BASE_RID,
97a9a944b5887e91042b019776c41d5dd74557aferikabele DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = sysdb_attrs_get_uint32_t(reply[c], IPA_SECONDARY_BASE_RID,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = sysdb_attrs_get_string(reply[c], IPA_RANGE_TYPE, &value);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive range_list[c]->range_type = talloc_strdup(range_list[c], value);
97a9a944b5887e91042b019776c41d5dd74557aferikabele DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive /* Older IPA servers might not have the range_type attribute, but
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd * only support local ranges and trusts with algorithmic mapping. */
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslivestatic errno_t ipa_subdom_enumerates(struct sss_domain_info *parent,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd const char *name;
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd const char *orig_dn;
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess ret = sysdb_attrs_get_string(attrs, SYSDB_ORIG_DN, &orig_dn);
97a9a944b5887e91042b019776c41d5dd74557aferikabele DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_TRACE_ALL, ("Checking if we need the forest name for [%s].\n",
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("Original DN [%s] is not a valid DN.\n",
fe64b2ba25510d8c9dba5560a2d537763566cf40nd /* We are only interested in the member domain objects. In IPA the
c985aca104389df30d6ec0a637ce0ccaac904362nd * forest root object is stored as e.g.
fe64b2ba25510d8c9dba5560a2d537763566cf40nd * cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Member domains in the
70ada6b79498c38ab85985a3d30ee11248ce897byoshiki * forest are children of the forest root object e.g.
fb77c505254b6e9c925e23e734463e87574f8f40kess * cn=SUB.AD.DOM,cn=AD.DOM,cn=ad,cn=trusts,dc=example,dc=com. Since
fb77c505254b6e9c925e23e734463e87574f8f40kess * the forest name is not stored in the member objects we derive it
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess * from the RDN of the forest root object. */
fe64b2ba25510d8c9dba5560a2d537763566cf40nd if (strncasecmp("trusts", (const char *) val->data, val->length) != 0) {
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ("4th component is not 'trust', nothing to do.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd if (strncasecmp("ad", (const char *) val->data, val->length) != 0) {
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ("3rd component is not 'ad', nothing to do.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive forest = talloc_strndup(mem_ctx, (const char *) val->data, val->length);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("talloc_strndup failed.\n"));
fb77c505254b6e9c925e23e734463e87574f8f40kessstatic errno_t ipa_subdom_store(struct sss_domain_info *parent,
fe64b2ba25510d8c9dba5560a2d537763566cf40nd const char *name;
fe64b2ba25510d8c9dba5560a2d537763566cf40nd const char *flat;
fe64b2ba25510d8c9dba5560a2d537763566cf40nd const char *id;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = sysdb_attrs_get_string(attrs, IPA_FLATNAME, &flat);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ret = sysdb_attrs_get_string(attrs, IPA_TRUSTED_DOMAIN_SID, &id);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd mpg = sdap_idmap_domain_has_algorithmic_mapping(sdap_idmap_ctx, name, id);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ret = ipa_subdom_get_forest(tmp_ctx, sysdb_ctx_get_ldb(parent->sysdb),
ff797e743eb73c1d45b08158aa6b288c2d0c46eeslive ret = sysdb_subdomain_store(parent->sysdb, name, realm, flat,
ff797e743eb73c1d45b08158aa6b288c2d0c46eeslive DEBUG(SSSDBG_OP_FAILURE, ("sysdb_subdomain_store failed.\n"));
130d299c4b2b15be45532a176604c71fdc7bea5bndstatic errno_t ipa_subdomains_refresh(struct ipa_subdomains_ctx *ctx,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd const char *value;
b06660a3ed3d885e15d99c0209a46c4657df33fbrbowen /* check existing subdomains */
06ba4a61654b3763ad65f52283832ebf058fdf1cslive dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd for (c = 0; c < count; c++) {
fb77c505254b6e9c925e23e734463e87574f8f40kess DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_string failed.\n"));
130d299c4b2b15be45532a176604c71fdc7bea5bnd if (c >= count) {
130d299c4b2b15be45532a176604c71fdc7bea5bnd /* ok this subdomain does not exist anymore, let's clean up */
130d299c4b2b15be45532a176604c71fdc7bea5bnd /* Remove the AD ID ctx from the list of LDAP domains */
130d299c4b2b15be45532a176604c71fdc7bea5bnd /* ok let's try to update it */
130d299c4b2b15be45532a176604c71fdc7bea5bnd ret = ipa_subdom_enumerates(parent, reply[c], &enumerate);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = ipa_subdom_store(parent, ctx->sdap_id_ctx->opts->idmap_ctx,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive /* Nothing we can do about the errorr. Let's at least try
06ba4a61654b3763ad65f52283832ebf058fdf1cslive * to reuse the existing domain
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, "
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess "will try to use cached subdomain\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive if (count == h) {
06ba4a61654b3763ad65f52283832ebf058fdf1cslive /* all domains were already accounted for and have been updated */
130d299c4b2b15be45532a176604c71fdc7bea5bnd /* if we get here it means we have changes to the subdomains list */
130d299c4b2b15be45532a176604c71fdc7bea5bnd for (c = 0; c < count; c++) {
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess /* Nothing we can do about the errorr. Let's at least try
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess * to reuse the existing domain.
6b64034fa2a644ba291c484c0c01c7df5b8d982ckess ret = ipa_subdom_enumerates(parent, reply[c], &enumerate);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = ipa_subdom_store(parent, ctx->sdap_id_ctx->opts->idmap_ctx,
130d299c4b2b15be45532a176604c71fdc7bea5bnd DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to parse subdom data, "
130d299c4b2b15be45532a176604c71fdc7bea5bnd "will try to use cached subdomain\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40ndstatic void ipa_subdomains_get_conn_done(struct tevent_req *req);
fe64b2ba25510d8c9dba5560a2d537763566cf40ndipa_subdomains_handler_get(struct ipa_subdomains_req_ctx *ctx,
fe64b2ba25510d8c9dba5560a2d537763566cf40ndstatic void ipa_subdomains_handler_done(struct tevent_req *req);
fe64b2ba25510d8c9dba5560a2d537763566cf40ndstatic void ipa_subdomains_handler_master_done(struct tevent_req *req);
06ba4a61654b3763ad65f52283832ebf058fdf1cslivestatic void ipa_subdomains_handler_ranges_done(struct tevent_req *req);
06ba4a61654b3763ad65f52283832ebf058fdf1cslivestatic struct ipa_subdomains_req_params subdomain_requests[] = {
06ba4a61654b3763ad65f52283832ebf058fdf1cslive { IPA_CN, IPA_FLATNAME, IPA_TRUSTED_DOMAIN_SID, NULL }
fe64b2ba25510d8c9dba5560a2d537763566cf40nd IPA_ID_RANGE_SIZE, IPA_TRUSTED_DOMAIN_SID, IPA_RANGE_TYPE, NULL
313bb560bc5c323cfd40c9cad7335b4b8e060aedkessstatic void ipa_subdomains_retrieve(struct ipa_subdomains_ctx *ctx, struct be_req *be_req)
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive req = sdap_id_op_connect_send(req_ctx->sdap_op, req_ctx, &ret);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_connect_send failed: %d(%s).\n",
fe64b2ba25510d8c9dba5560a2d537763566cf40nd tevent_req_set_callback(req, ipa_subdomains_get_conn_done, req_ctx);
fb77c505254b6e9c925e23e734463e87574f8f40kessstatic void ipa_subdomains_get_conn_done(struct tevent_req *req)
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx);
fb77c505254b6e9c925e23e734463e87574f8f40kess ("No IPA server is available, cannot get the "
97a9a944b5887e91042b019776c41d5dd74557aferikabele "subdomain list while offline\n"));
fb77c505254b6e9c925e23e734463e87574f8f40kess/* FIXME: return saved results ?? */
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ("Failed to connect to IPA server: [%d](%s)\n",
5f86589186bcc15ee13e288a9d73acbeab2409fbdpejesh ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_RANGES);
fe64b2ba25510d8c9dba5560a2d537763566cf40ndipa_subdomains_handler_get(struct ipa_subdomains_req_ctx *ctx,
5f86589186bcc15ee13e288a9d73acbeab2409fbdpejesh ctx->current_filter = sdap_get_id_specific_filter(ctx, params->filter,
5f86589186bcc15ee13e288a9d73acbeab2409fbdpejesh req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev,
5f86589186bcc15ee13e288a9d73acbeab2409fbdpejesh DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
9fb925624300c864fe3969a264e52aa83f3c2dd0slivestatic void ipa_subdomains_handler_done(struct tevent_req *req)
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
c985aca104389df30d6ec0a637ce0ccaac904362nd ctx->reply = talloc_realloc(ctx, ctx->reply, struct sysdb_attrs *,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_SLAVE);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = ipa_subdomains_refresh(ctx->sd_ctx, ctx->reply_count, ctx->reply,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("Failed to refresh subdomains.\n"));
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_subdomains failed.\n"));
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ret = ipa_ad_subdom_refresh(ctx->sd_ctx->be_ctx, ctx->sd_ctx->id_ctx,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("ipa_ad_subdom_refresh failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive dp_opt_get_bool(ctx->sd_ctx->id_ctx->ipa_options->basic,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ("sss_krb5_write_mappings failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive /* Just continue */
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER);
06ba4a61654b3763ad65f52283832ebf058fdf1cslivestatic void ipa_subdomains_handler_ranges_done(struct tevent_req *req)
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx);
fb109b84906e3ee61680aa289953c2f9e859354erbowen ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = ipa_ranges_parse_results(ctx, reply_count, reply, &range_list);
fb109b84906e3ee61680aa289953c2f9e859354erbowen ("ipa_ranges_parse_results request failed.\n"));
c023f60e35022146373e40249f0c8c8d623b6fcfnd DEBUG(SSSDBG_OP_FAILURE, ("sysdb_update_ranges failed.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_SLAVE);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("No search base for ranges available.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40ndstatic void ipa_subdomains_handler_master_done(struct tevent_req *req)
fb77c505254b6e9c925e23e734463e87574f8f40kess ctx = tevent_req_callback_data(req, struct ipa_subdomains_req_ctx);
fb77c505254b6e9c925e23e734463e87574f8f40kess ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ret = sysdb_attrs_get_string(reply[0], IPA_FLATNAME, &flat);
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
db99fa79ac42b9cc42b63386eb289aecb0f3cb9cnd ret = ipa_subdomains_handler_get(ctx, IPA_SUBDOMAINS_MASTER);
fe64b2ba25510d8c9dba5560a2d537763566cf40nd /* Right now we know there has been an error
fe64b2ba25510d8c9dba5560a2d537763566cf40nd * and we don't have the master domain record
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_CRIT_FAILURE, ("Master domain record not found!\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslivestatic void ipa_subdom_timer_refresh(struct tevent_context *ev,
06ba4a61654b3763ad65f52283832ebf058fdf1cslivestatic void ipa_subdom_be_req_callback(struct be_req *be_req,
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd const char *errstr)
313bb560bc5c323cfd40c9cad7335b4b8e060aedkess DEBUG(SSSDBG_TRACE_ALL, ("Resetting last_refreshed and disabled_until.\n"));
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd refresh_interval = ctx->be_ctx->domain->subdomain_refresh_interval;
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_CRIT_FAILURE, ("be_req_create() failed.\n"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd ctx->timer_event = tevent_add_timer(ctx->be_ctx->ev, ctx, tv,
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom timer event\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslivestatic errno_t get_config_status(struct be_ctx *be_ctx,
97a9a944b5887e91042b019776c41d5dd74557aferikabele DEBUG(SSSDBG_OP_FAILURE, ("talloc_new failed.\n"));
7654193c1faf603feec999850322ad79e6c551bcnd ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path,
7654193c1faf603feec999850322ad79e6c551bcnd DEBUG(SSSDBG_OP_FAILURE, ("confdb_get_string failed.\n"));
c97e8972ab1f4dd167e3dc4db87daf91114009fbnd DEBUG(SSSDBG_TRACE_ALL, ("IPA subdomain provider is configured %s.\n",
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ctx = talloc_get_type(be_ctx->bet_info[BET_SUBDOMAINS].pvt_bet_data,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_TRACE_ALL, ("Subdomain provider disabled.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive if (ctx->last_refreshed > now - IPA_SUBDOMAIN_REFRESH_LIMIT) {
fe64b2ba25510d8c9dba5560a2d537763566cf40nd DEBUG(SSSDBG_OP_FAILURE, ("get_config_status failed.\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ctx->search_bases = id_ctx->ipa_options->subdomains_search_bases;
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd ctx->master_search_bases = id_ctx->ipa_options->master_domain_search_bases;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ctx->ranges_search_bases = id_ctx->ipa_options->ranges_search_bases;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ("Failed to add subdom reset timeouts callback"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = be_add_online_cb(ctx, be_ctx, ipa_subdom_online_cb, ctx, NULL);
130d299c4b2b15be45532a176604c71fdc7bea5bnd DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom online callback"));
130d299c4b2b15be45532a176604c71fdc7bea5bnd ret = be_add_offline_cb(ctx, be_ctx, ipa_subdom_offline_cb, ctx, NULL);
130d299c4b2b15be45532a176604c71fdc7bea5bnd DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to add subdom offline callback"));
fe64b2ba25510d8c9dba5560a2d537763566cf40nd /* The IPA code relies on the default FQDN format to unparse user
fe64b2ba25510d8c9dba5560a2d537763566cf40nd * names. Warn loudly if the full_name_format was customized on the
fe64b2ba25510d8c9dba5560a2d537763566cf40nd * IPA server
06ba4a61654b3763ad65f52283832ebf058fdf1cslive DEBUG(SSSDBG_FATAL_FAILURE, ("%s is set to a non-default value [%s] " \
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd "lookups of subdomain users will likely fail!\n",
06ba4a61654b3763ad65f52283832ebf058fdf1cslive CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive sss_log(SSS_LOG_ERR, "%s is set to a non-default value [%s] " \
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd "lookups of subdomain users will likely fail!\n",
06ba4a61654b3763ad65f52283832ebf058fdf1cslive CONFDB_FULL_NAME_FORMAT, be_ctx->domain->names->fq_fmt);
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd /* Attempt to continue */
06ba4a61654b3763ad65f52283832ebf058fdf1cslive realm = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_KRB5_REALM);
a7f40ca49262952d6dd69d021cf5b0c2b452ae4cnd DEBUG(SSSDBG_CRIT_FAILURE, ("No Kerberos realm for IPA?\n"));
06ba4a61654b3763ad65f52283832ebf058fdf1cslive hostname = dp_opt_get_string(id_ctx->ipa_options->basic, IPA_HOSTNAME);
bea526116133aa3d7dabd1924bfc580b37fbf22aslive DEBUG(SSSDBG_CRIT_FAILURE, ("No host name for IPA?\n"));