int sssm_ldap_id_init(struct be_ctx *bectx,
struct bet_ops **ops,
void **pvt_data)
{
struct sdap_id_ctx *ctx;
const char *urls;
const char *dns_service_name;
const char *sasl_mech;
int ret;
/* If we're already set up, just return that */
if(bectx->bet_info[BET_ID].mod_name &&
strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) {
DEBUG(8, ("Re-using sdap_id_ctx for this provider\n"));
*ops = bectx->bet_info[BET_ID].bet_ops;
*pvt_data = bectx->bet_info[BET_ID].pvt_bet_data;
return EOK;
}
ctx = talloc_zero(bectx, struct sdap_id_ctx);
if (!ctx) return ENOMEM;
ctx->be = bectx;
ret = ldap_get_options(ctx, bectx->cdb,
bectx->conf_path, &ctx->opts);
if (ret != EOK) {
goto done;
}
dns_service_name = dp_opt_get_string(ctx->opts->basic,
SDAP_DNS_SERVICE_NAME);
DEBUG(7, ("Service name for discovery set to %s\n", dns_service_name));
urls = dp_opt_get_string(ctx->opts->basic, SDAP_URI);
if (!urls) {
DEBUG(1, ("Missing ldap_uri, will use service discovery\n"));
}
ret = sdap_service_init(ctx, ctx->be, "LDAP",
dns_service_name, urls, &ctx->service);
if (ret != EOK) {
DEBUG(1, ("Failed to initialize failover service!\n"));
goto done;
}
sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH);
if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) {
if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) {
ret = sdap_gssapi_init(ctx, ctx->opts->basic,
ctx->be, ctx->service,
&ctx->krb5_service);
if (ret != EOK) {
DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
}
}
ret = setup_tls_config(ctx->opts->basic);
if (ret != EOK) {
DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
ret = sdap_id_conn_cache_create(ctx, ctx, &ctx->conn_cache);
if (ret != EOK) {
goto done;
}
ret = sdap_id_setup_tasks(ctx);
if (ret != EOK) {
goto done;
}
ret = setup_child(ctx);
if (ret != EOK) {
DEBUG(1, ("setup_child failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
*ops = &sdap_id_ops;
*pvt_data = ctx;
ret = EOK;
done:
if (ret != EOK) {
talloc_free(ctx);
}
return ret;
}
int sssm_ldap_id_init(struct be_ctx *bectx,
struct bet_ops **ops,
void **pvt_data)
{
struct sdap_id_ctx *ctx = NULL;
const char *urls;
const char *backup_urls;
const char *dns_service_name;
const char *sasl_mech;
struct sdap_service *sdap_service;
struct sdap_options *opts = NULL;
int ret;
/* If we're already set up, just return that */
if(bectx->bet_info[BET_ID].mod_name &&
strcmp("ldap", bectx->bet_info[BET_ID].mod_name) == 0) {
DEBUG(8, ("Re-using sdap_id_ctx for this provider\n"));
*ops = bectx->bet_info[BET_ID].bet_ops;
*pvt_data = bectx->bet_info[BET_ID].pvt_bet_data;
return EOK;
}
ret = ldap_get_options(bectx, bectx->domain, bectx->cdb,
bectx->conf_path, &opts);
if (ret != EOK) {
goto done;
}
dns_service_name = dp_opt_get_string(opts->basic,
SDAP_DNS_SERVICE_NAME);
DEBUG(SSSDBG_CONF_SETTINGS,
("Service name for discovery set to %s\n", dns_service_name));
urls = dp_opt_get_string(opts->basic, SDAP_URI);
backup_urls = dp_opt_get_string(opts->basic, SDAP_BACKUP_URI);
ret = sdap_service_init(bectx, bectx, "LDAP",
dns_service_name, urls, backup_urls,
&sdap_service);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Failed to initialize failover service!\n"));
goto done;
}
ctx = sdap_id_ctx_new(bectx, bectx, sdap_service);
if (!ctx) {
ret = ENOMEM;
goto done;
}
ctx->opts = talloc_steal(ctx, opts);
sasl_mech = dp_opt_get_string(ctx->opts->basic, SDAP_SASL_MECH);
if (sasl_mech && strcasecmp(sasl_mech, "GSSAPI") == 0) {
if (dp_opt_get_bool(ctx->opts->basic, SDAP_KRB5_KINIT)) {
ret = sdap_gssapi_init(ctx, ctx->opts->basic,
ctx->be, ctx->conn->service,
&ctx->krb5_service);
if (ret != EOK) {
DEBUG(1, ("sdap_gssapi_init failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
}
}
ret = setup_tls_config(ctx->opts->basic);
if (ret != EOK) {
DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
/* Set up the ID mapping object */
ret = sdap_idmap_init(ctx, ctx, &ctx->opts->idmap_ctx);
if (ret != EOK) goto done;
ret = ldap_id_setup_tasks(ctx);
if (ret != EOK) {
goto done;
}
ret = sdap_setup_child();
if (ret != EOK) {
DEBUG(1, ("setup_child failed [%d][%s].\n",
ret, strerror(ret)));
goto done;
}
/* setup SRV lookup plugin */
ret = be_fo_set_dns_srv_lookup_plugin(bectx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to set SRV lookup plugin "
"[%d]: %s\n", ret, strerror(ret)));
goto done;
}
/* setup periodical refresh of expired records */
ret = be_refresh_add_cb(bectx->refresh_ctx, BE_REFRESH_TYPE_NETGROUPS,
sdap_refresh_netgroups_send,
sdap_refresh_netgroups_recv,
ctx);
if (ret != EOK && ret != EEXIST) {
DEBUG(SSSDBG_MINOR_FAILURE, ("Periodical refresh of netgroups "
"will not work [%d]: %s\n", ret, strerror(ret)));
}
*ops = &sdap_id_ops;
*pvt_data = ctx;
ret = EOK;
done:
if (ret != EOK) {
talloc_free(opts);
talloc_free(ctx);
}
return ret;
}
