pacsrv_cmd.c revision b07a3b729892d2bc2ffa73d93de95e19003cc6c8
/*
SSSD
PAC Responder
Copyright (C) Sumit Bose <sbose@redhat.com> 2012
Jan Zeleny <jzeleny@redhat.com> 2012
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
{
int ret;
/* async processing, just return here */
return EOK;
}
return ret;
}
return EOK;
}
struct pac_req_ctx {
const char *domain_name;
const char *user_name;
struct sss_domain_info *dom;
struct PAC_LOGON_INFO *logon_info;
struct dom_sid2 *domain_sid;
struct grp_info *del_grp_list;
char **add_sids;
char *user_sid_str;
char *user_dom_sid_str;
char *primary_group_sid_str;
};
struct tevent_context *ev,
struct pac_req_ctx *pr_ctx,
struct pac_req_ctx *pr_ctx,
struct grp_info **_del_grp_list,
char ***_add_sids);
const char *grp_sid_str,
struct sss_domain_info *grp_dom);
{
int ret;
struct pac_req_ctx *pr_ctx;
struct tevent_req *req;
enum idmap_error_code err;
return ENOMEM;
}
return EINVAL;
}
&pr_ctx->logon_info);
goto done;
}
goto done;
}
goto done;
}
/* To be compatible with winbind based lookups we have to use lower case
* names only, effectively making the domain case-insenvitive. */
goto done;
}
if (err != IDMAP_SUCCESS) {
goto done;
}
} else {
}
goto done;
goto done;
}
done:
}
}
{
struct pac_req_ctx);
int ret;
goto done;
}
goto done;
}
done:
}
}
{
int ret;
struct tevent_req *req;
if (ret != 0) {
return ret;
}
return ENOMEM;
}
return ret;
}
{
unsigned long count;
size_t c;
struct sss_domain_info *dom;
struct ldb_result *msg;
return;
}
if (ret != HASH_SUCCESS) {
return;
}
for (c = 0; c < count; c++) {
continue;
}
continue;
"sysdb_search_object_by_sid failed.\n");
continue;
}
"for SID [%s].\n",
return;
}
SYSDB_UIDNUM, 0);
if (id == 0) {
SYSDB_GIDNUM, 0);
}
if (id == 0) {
continue;
}
if (ret != HASH_SUCCESS) {
continue;
}
}
}
}
{
int ret;
struct tevent_req *req;
goto done;
}
goto done;
}
goto done;
}
done:
}
}
struct pac_req_ctx *pr_ctx,
struct grp_info **_del_grp_list,
char ***_add_sids)
{
int ret;
size_t c;
const char *tmp_str;
size_t add_sid_count = 0;
size_t del_grp_count = 0;
const char *cur_sid;
goto done;
}
goto done;
}
goto done;
}
goto done;
}
/* First result is the user entry then the groups follow */
if (del_grp_list == NULL) {
goto done;
}
del_idx = 0;
goto done;
}
if (ret == HASH_SUCCESS) {
"with SID [%s].\n",
if (ret != HASH_SUCCESS) {
goto done;
}
} else if (ret == HASH_ERROR_KEY_NOT_FOUND) {
"the PAC anymore, membership " \
"must be removed.\n", cur_sid);
tmp_str);
goto done;
}
}
goto done;
}
del_idx++;
}
}
}
if (add_sid_count > 0) {
goto done;
}
c = 0;
goto done;
}
c++;
}
}
add_sid_count = c;
}
done:
return ret;
}
{
int ret;
struct ldb_message *msg;
goto done;
}
goto done;
}
goto done;
}
&msg);
"cannot be translated into a GID for "
"user [%s]. Typically this happens "
"when UIDs and GIDs are read from AD "
"and the primary AD group does not "
"have a GID assigned. Make sure the "
"user is created by the ID provider "
"before GSSAPI based authentication "
"is used in this case.\n",
goto done;
}
goto done;
}
goto done;
}
done:
return ret;
}
struct pac_save_memberships_state {
struct pac_req_ctx *pr_ctx;
};
static errno_t
{
struct pac_save_memberships_state *state;
struct tevent_req *req;
struct ldb_message *msg;
return NULL;
}
goto done;
}
goto done;
}
goto done;
}
}
done:
}
return req;
}
static errno_t
{
int ret;
int sret;
size_t c;
struct pac_req_ctx *pr_ctx;
bool in_transaction = false;
if (pr_ctx->del_grp_count == 0) {
return EOK;
}
return EINVAL;
}
return ENOMEM;
}
goto done;
}
in_transaction = true;
for (c = 0; c < pr_ctx->del_grp_count; c++) {
/* If there is a failure for one group we still try to remove the
* remaining groups. */
"user [%s] and group[%s].\n",
continue;
}
if (user_attrs == NULL) {
continue;
}
continue;
}
continue;
}
}
}
goto done;
}
in_transaction = false;
done:
if (in_transaction) {
}
}
return ret;
}
{
char *sid;
struct sss_domain_info *grp_dom;
struct tevent_req *subreq;
struct pac_save_memberships_state *state;
struct pac_req_ctx *pr_ctx;
if (pr_ctx->add_sid_count == 0) {
return EOK;
}
return EINVAL;
}
"will try next group\n");
continue;
}
continue;
grp_dom, true,
goto done;
}
return EAGAIN;
} else {
"trying next group.\n");
continue;
}
}
done:
return ret;
}
{
struct tevent_req *req;
struct pac_save_memberships_state *state;
char *err_msg;
char *sid;
struct sss_domain_info *grp_dom;
&err_msg);
goto error;
}
goto error;
}
"trying next group.\n");
}
goto error;
}
return;
}
static errno_t
const char *grp_sid_str,
struct sss_domain_info *grp_dom)
{
struct sysdb_attrs *user_attrs;
struct ldb_result *group;
const char *orig_group_dn;
const char *oc;
return ENOMEM;
}
group_attrs, &group);
goto done;
"sysdb_search_object_by_sid for SID [%s] failed [%d][%s].\n",
goto done;
}
goto done;
}
"objectclass.\n");
goto done;
}
"group [%s].\n",
goto done;
}
NULL);
if (orig_group_dn != NULL) {
if (user_attrs == NULL) {
goto done;
}
goto done;
}
goto done;
}
} else {
"[%s][%s].\n", grp_sid_str,
}
done:
return ret;
}
{
return EOK;
}
{
}
struct pac_lookup_sids_state {
struct pac_req_ctx *pr_ctx;
struct hash_iter_context_t *iter;
};
struct tevent_context *ev,
struct pac_req_ctx *pr_ctx,
{
struct tevent_req *req;
struct pac_lookup_sids_state *state;
int ret;
return NULL;
}
} else {
}
}
return req;
}
{
struct pac_lookup_sids_state *state;
struct tevent_req *subreq;
struct sss_domain_info *dom;
int ret;
dom, true,
0, NULL);
return ENOMEM;
}
return EAGAIN;
}
}
}
return EOK;
}
{
struct tevent_req *req;
char *err_msg;
&err_msg);
"Unable to get information from Data Provider\n"
"dp_error: [%u], errno: [%u], error_msg: [%s]\n",
}
/* Errors during individual lookups are ignored. */
}
return;
}
{
return EOK;
}
struct cli_protocol_version *register_cli_protocol_version(void)
{
static struct cli_protocol_version pac_cli_protocol_version[] = {
{1, "2011-04-12", "initial version"},
};
return pac_cli_protocol_version;
}
static struct sss_cmd_table pac_cmds[] = {
{SSS_CLI_NULL, NULL}
};
struct sss_cmd_table *get_pac_cmds(void) {
return pac_cmds;
}