static errno_t attr_name(TALLOC_CTX *mem_ctx,
struct sysdb_attrs *entry,
struct sss_domain_info *dom,
const char *attr,
const char **_value)
{
errno_t ret;
const char *orig_name;
char *tmp_name;
char *outname;
ret = sysdb_attrs_get_string(entry, attr, &orig_name);
if (ret != EOK) {
return ret;
}
tmp_name = sss_output_name(mem_ctx, orig_name, dom->case_preserve, 0);
if (tmp_name == NULL) {
return ENOMEM;
}
if (dom->fqnames) {
outname = sss_tc_fqname(mem_ctx, dom->names, dom, tmp_name);
talloc_free(tmp_name);
if (outname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "sss_replace_space failed\n");
return ENOMEM;
}
} else {
outname = tmp_name;
}
*_value = outname;
return EOK;
}
errno_t krb5_setup(TALLOC_CTX *mem_ctx,
struct pam_data *pd,
struct sss_domain_info *dom,
struct krb5_ctx *krb5_ctx,
struct krb5child_req **_krb5_req)
{
struct krb5child_req *kr;
const char *mapped_name;
TALLOC_CTX *tmp_ctx;
errno_t ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
kr = talloc_zero(tmp_ctx, struct krb5child_req);
if (kr == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc failed.\n");
ret = ENOMEM;
goto done;
}
kr->is_offline = false;
talloc_set_destructor((TALLOC_CTX *) kr, krb5_cleanup);
kr->pd = pd;
kr->dom = dom;
kr->krb5_ctx = krb5_ctx;
ret = get_krb_primary(krb5_ctx->name_to_primary,
pd->user, dom->case_sensitive, &mapped_name);
if (ret == EOK) {
DEBUG(SSSDBG_TRACE_FUNC, "Setting mapped name to: %s\n", mapped_name);
kr->user = mapped_name;
kr->kuserok_user = sss_output_name(kr, kr->user,
dom->case_sensitive, 0);
if (kr->kuserok_user == NULL) {
ret = ENOMEM;
goto done;
}
} else if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_ALL, "No mapping for: %s\n", pd->user);
kr->user = pd->user;
kr->kuserok_user = sss_output_name(kr, kr->user,
dom->case_sensitive, 0);
if (kr->kuserok_user == NULL) {
ret = ENOMEM;
goto done;
}
} else {
DEBUG(SSSDBG_CRIT_FAILURE, "get_krb_primary failed - %s:[%d]\n",
sss_strerror(ret), ret);
goto done;
}
ret = EOK;
done:
if (ret == EOK) {
*_krb5_req = talloc_steal(mem_ctx, kr);
}
talloc_free(tmp_ctx);
return ret;
}
static errno_t sss_mc_refresh_nested_group(struct tools_ctx *tctx,
const char *shortname)
{
errno_t ret;
struct ldb_message *msg = NULL;
struct ldb_message_element *el;
const char *attrs[] = { SYSDB_MEMBEROF,
SYSDB_NAME,
NULL };
size_t i;
char *parent_internal_name;
char *parent_outname;
char *internal_name;
TALLOC_CTX *tmpctx;
tmpctx = talloc_new(tctx);
if (tmpctx == NULL) {
return ENOMEM;
}
internal_name = sss_create_internal_fqname(tmpctx, shortname,
tctx->local->name);
if (internal_name == NULL) {
ret = ENOMEM;
goto done;
}
ret = sss_mc_refresh_group(shortname);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot refresh group %s from memory cache\n", shortname);
/* try to carry on */
}
ret = sysdb_search_group_by_name(tmpctx, tctx->local, internal_name, attrs,
&msg);
if (ret) {
DEBUG(SSSDBG_OP_FAILURE,
"Search failed: %s (%d)\n", strerror(ret), ret);
goto done;
}
el = ldb_msg_find_element(msg, SYSDB_MEMBEROF);
if (!el || el->num_values == 0) {
DEBUG(SSSDBG_TRACE_INTERNAL, "Group %s has no parents\n",
internal_name);
ret = EOK;
goto done;
}
/* This group is nested. We need to invalidate all its parents, too */
for (i=0; i < el->num_values; i++) {
ret = sysdb_group_dn_name(tctx->sysdb, tmpctx,
(const char *) el->values[i].data,
&parent_internal_name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, "Malformed DN [%s]? Skipping\n",
(const char *) el->values[i].data);
talloc_free(parent_internal_name);
continue;
}
parent_outname = sss_output_name(tmpctx, parent_internal_name,
tctx->local->case_preserve, 0);
if (parent_outname == NULL) {
ret = ENOMEM;
goto done;
}
ret = sss_mc_refresh_group(parent_outname);
talloc_free(parent_internal_name);
talloc_free(parent_outname);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Cannot refresh group %s from memory cache\n", parent_outname);
/* try to carry on */
}
}
ret = EOK;
done:
talloc_free(tmpctx);
return ret;
}
