int sssm_ldap_id_init(struct be_ctx *bectx,
struct bet_ops **ops,
void **pvt_data)
{
struct sdap_id_ctx *ctx;
const char *urls;
const char *dns_service_name;
const char *sasl_mech;
int ret;
/* If we're already set up, just return that */
if(bectx->bet_info[BET_ID].mod_name &&
strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) {
DEBUG(8, ("Re-using sdap_id_ctx for this provider\n"));
*ops = bectx->bet_info[BET_ID].bet_ops;
*pvt_data = bectx->bet_info[BET_ID].pvt_bet_data;
return EOK;
}
ctx = talloc_zero(bectx, struct sdap_id_ctx);
if (!ctx) return ENOMEM;
ctx->be = bectx;
ret = ldap_get_options(ctx, bectx->cdb,
bectx->conf_path, &ctx->opts);
if (ret != EOK) {
goto done;
}
dns_service_name = dp_opt_get_string(ctx->opts->basic,
SDAP_DNS_SERVICE_NAME);
DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name));
urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI);
if (!urls) {
DEBUG(1, ("Missing ldap_uri, will use service discovery\n"));
}
ret = sdap_service_init(ctx, ctx->be, "LDAP",
dns_service_name, urls, &ctx->service);
if (ret != EOK) {
DEBUG(1, ("Failed to initialize failover service!\n"));
goto done;
}
sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH);
if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) {
if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) {
ret = sdap_gssapi_init(ctx, ctx->opts->basic,
ctx->be, ctx->service,
&ctx->krb5_service);
if (ret != EOK) {
DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
}
}
ret = setup_tls_config(ctx->opts->basic);
if (ret != EOK) {
DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
ret = sdap_id_conn_cache_create(ctx, ctx, &ctx->conn_cache);
if (ret != EOK) {
goto done;
}
ret = sdap_id_setup_tasks(ctx);
if (ret != EOK) {
goto done;
}
ret = setup_child(ctx);
if (ret != EOK) {
DEBUG(1, ("setup_child failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
*ops = &sdap_id_ops;
*pvt_data = ctx;
ret = EOK;
done:
if (ret != EOK) {
talloc_free(ctx);
}
return ret;
}
static errno_t
ipa_ad_ctx_new(struct be_ctx *be_ctx,
struct ipa_id_ctx *id_ctx,
struct sss_domain_info *subdom,
struct ad_id_ctx **_ad_id_ctx)
{
struct ad_options *ad_options;
struct ad_id_ctx *ad_id_ctx;
const char *gc_service_name;
const char *service_name;
struct ad_srv_plugin_ctx *srv_ctx;
const char *ad_domain;
const char *ad_site_override;
struct sdap_domain *sdom;
errno_t ret;
const char *extra_attrs;
ad_domain = subdom->name;
DEBUG(SSSDBG_TRACE_LIBS, "Setting up AD subdomain %s\n", subdom->name);
ad_options = ipa_ad_options_new(id_ctx, subdom);
if (ad_options == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD options\n");
talloc_free(ad_options);
return ENOMEM;
}
extra_attrs = dp_opt_get_string(id_ctx->sdap_id_ctx->opts->basic,
SDAP_USER_EXTRA_ATTRS);
if (extra_attrs != NULL) {
DEBUG(SSSDBG_TRACE_ALL,
"Setting extra attrs for subdomain [%s] to [%s].\n", ad_domain,
extra_attrs);
ret = dp_opt_set_string(ad_options->id->basic, SDAP_USER_EXTRA_ATTRS,
extra_attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "dp_opt_get_string failed.\n");
talloc_free(ad_options);
return ret;
}
ret = sdap_extend_map_with_list(ad_options->id, ad_options->id,
SDAP_USER_EXTRA_ATTRS,
ad_options->id->user_map,
SDAP_OPTS_USER,
&ad_options->id->user_map,
&ad_options->id->user_map_cnt);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "sdap_extend_map_with_list failed.\n");
talloc_free(ad_options);
return ret;
}
} else {
DEBUG(SSSDBG_TRACE_ALL, "No extra attrs set.\n");
}
gc_service_name = talloc_asprintf(ad_options, "sd_gc_%s", subdom->forest);
if (gc_service_name == NULL) {
talloc_free(ad_options);
return ENOMEM;
}
service_name = talloc_asprintf(ad_options, "sd_%s", subdom->name);
if (service_name == NULL) {
talloc_free(ad_options);
return ENOMEM;
}
/* Set KRB5 realm to same as the one of IPA when IPA
* is able to attach PAC. For testing, use hardcoded. */
ret = ad_failover_init(ad_options, be_ctx, NULL, NULL,
id_ctx->server_mode->realm,
service_name, gc_service_name,
subdom->name, &ad_options->service);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD failover\n");
talloc_free(ad_options);
return ret;
}
ad_id_ctx = ad_id_ctx_init(ad_options, be_ctx);
if (ad_id_ctx == NULL) {
talloc_free(ad_options);
return ENOMEM;
}
ad_id_ctx->sdap_id_ctx->opts = ad_options->id;
ad_options->id_ctx = ad_id_ctx;
ad_site_override = dp_opt_get_string(ad_options->basic, AD_SITE);
/* use AD plugin */
srv_ctx = ad_srv_plugin_ctx_init(be_ctx, be_ctx->be_res,
default_host_dbs,
ad_id_ctx->ad_options->id,
id_ctx->server_mode->hostname,
ad_domain,
ad_site_override);
if (srv_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory?\n");
return ENOMEM;
}
be_fo_set_srv_lookup_plugin(be_ctx, ad_srv_plugin_send,
ad_srv_plugin_recv, srv_ctx, "AD");
ret = sdap_domain_subdom_add(ad_id_ctx->sdap_id_ctx,
ad_id_ctx->sdap_id_ctx->opts->sdom,
subdom->parent);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize sdap domain\n");
talloc_free(ad_options);
return ret;
}
sdom = sdap_domain_get(ad_id_ctx->sdap_id_ctx->opts, subdom);
if (sdom == NULL) {
return EFAULT;
}
sdap_inherit_options(subdom->parent->sd_inherit,
id_ctx->sdap_id_ctx->opts,
ad_id_ctx->sdap_id_ctx->opts);
ret = sdap_id_setup_tasks(be_ctx,
ad_id_ctx->sdap_id_ctx,
sdom,
ldap_enumeration_send,
ldap_enumeration_recv,
ad_id_ctx->sdap_id_ctx);
if (ret != EOK) {
talloc_free(ad_options);
return ret;
}
sdom->pvt = ad_id_ctx;
/* Set up the ID mapping object */
ad_id_ctx->sdap_id_ctx->opts->idmap_ctx =
id_ctx->sdap_id_ctx->opts->idmap_ctx;
*_ad_id_ctx = ad_id_ctx;
return EOK;
}