Line data Source code
1 : /*
2 : SSSD
3 :
4 : IPA Provider Common Functions
5 :
6 : Authors:
7 : Simo Sorce <ssorce@redhat.com>
8 :
9 : Copyright (C) 2009 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include <netdb.h>
26 : #include <ctype.h>
27 : #include <arpa/inet.h>
28 :
29 : #include "db/sysdb_selinux.h"
30 : #include "providers/ipa/ipa_common.h"
31 : #include "providers/ipa/ipa_dyndns.h"
32 : #include "providers/ldap/sdap_async_private.h"
33 : #include "providers/dp_dyndns.h"
34 : #include "util/sss_krb5.h"
35 : #include "db/sysdb_services.h"
36 : #include "db/sysdb_autofs.h"
37 :
38 : #include "providers/ipa/ipa_opts.h"
39 :
40 0 : int ipa_get_options(TALLOC_CTX *memctx,
41 : struct confdb_ctx *cdb,
42 : const char *conf_path,
43 : struct sss_domain_info *dom,
44 : struct ipa_options **_opts)
45 : {
46 : struct ipa_options *opts;
47 : char *domain;
48 : char *server;
49 : char *realm;
50 : char *ipa_hostname;
51 : int ret;
52 : char hostname[HOST_NAME_MAX + 1];
53 :
54 0 : opts = talloc_zero(memctx, struct ipa_options);
55 0 : if (!opts) return ENOMEM;
56 :
57 0 : ret = dp_get_options(opts, cdb, conf_path,
58 : ipa_basic_opts,
59 : IPA_OPTS_BASIC,
60 : &opts->basic);
61 0 : if (ret != EOK) {
62 0 : goto done;
63 : }
64 :
65 0 : domain = dp_opt_get_string(opts->basic, IPA_DOMAIN);
66 0 : if (!domain) {
67 0 : ret = dp_opt_set_string(opts->basic, IPA_DOMAIN, dom->name);
68 0 : if (ret != EOK) {
69 0 : goto done;
70 : }
71 0 : domain = dom->name;
72 : }
73 :
74 0 : server = dp_opt_get_string(opts->basic, IPA_SERVER);
75 0 : if (!server) {
76 0 : DEBUG(SSSDBG_CRIT_FAILURE,
77 : "No ipa server set, will use service discovery!\n");
78 : }
79 :
80 0 : ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
81 0 : if (ipa_hostname == NULL) {
82 0 : ret = gethostname(hostname, HOST_NAME_MAX);
83 0 : if (ret != EOK) {
84 0 : DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
85 : strerror(errno));
86 0 : ret = errno;
87 0 : goto done;
88 : }
89 0 : hostname[HOST_NAME_MAX] = '\0';
90 0 : DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
91 0 : ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
92 0 : if (ret != EOK) {
93 0 : goto done;
94 : }
95 : }
96 :
97 : /* First check whether the realm has been manually specified */
98 0 : realm = dp_opt_get_string(opts->basic, IPA_KRB5_REALM);
99 0 : if (!realm) {
100 : /* No explicit krb5_realm, use the IPA domain, transform to upper-case */
101 0 : realm = get_uppercase_realm(opts, domain);
102 0 : if (!realm) {
103 0 : ret = ENOMEM;
104 0 : goto done;
105 : }
106 :
107 0 : ret = dp_opt_set_string(opts->basic, IPA_KRB5_REALM,
108 : realm);
109 0 : if (ret != EOK) {
110 0 : goto done;
111 : }
112 : }
113 :
114 0 : ret = EOK;
115 0 : *_opts = opts;
116 :
117 : done:
118 0 : if (ret != EOK) {
119 0 : talloc_zfree(opts);
120 : }
121 0 : return ret;
122 : }
123 :
124 0 : static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx,
125 : struct dp_option *opts, int class,
126 : struct sdap_search_base ***_search_bases)
127 : {
128 : const char *class_name;
129 : char *unparsed_base;
130 :
131 0 : *_search_bases = NULL;
132 :
133 0 : switch (class) {
134 : case IPA_HBAC_SEARCH_BASE:
135 0 : class_name = "IPA_HBAC";
136 0 : break;
137 : case IPA_HOST_SEARCH_BASE:
138 0 : class_name = "IPA_HOST";
139 0 : break;
140 : case IPA_SELINUX_SEARCH_BASE:
141 0 : class_name = "IPA_SELINUX";
142 0 : break;
143 : case IPA_SUBDOMAINS_SEARCH_BASE:
144 0 : class_name = "IPA_SUBDOMAINS";
145 0 : break;
146 : case IPA_MASTER_DOMAIN_SEARCH_BASE:
147 0 : class_name = "IPA_MASTER_DOMAIN";
148 0 : break;
149 : case IPA_RANGES_SEARCH_BASE:
150 0 : class_name = "IPA_RANGES";
151 0 : break;
152 : case IPA_VIEWS_SEARCH_BASE:
153 0 : class_name = "IPA_VIEWS";
154 0 : break;
155 : default:
156 0 : DEBUG(SSSDBG_CONF_SETTINGS,
157 : "Unknown search base type: [%d]\n", class);
158 0 : class_name = "UNKNOWN";
159 : /* Non-fatal */
160 0 : break;
161 : }
162 :
163 0 : unparsed_base = dp_opt_get_string(opts, class);
164 0 : if (!unparsed_base || unparsed_base[0] == '\0') return ENOENT;
165 :
166 0 : return common_parse_search_base(mem_ctx, unparsed_base,
167 : class_name, NULL,
168 : _search_bases);
169 : }
170 :
171 0 : int ipa_get_id_options(struct ipa_options *ipa_opts,
172 : struct confdb_ctx *cdb,
173 : const char *conf_path,
174 : struct sdap_options **_opts)
175 : {
176 : TALLOC_CTX *tmpctx;
177 : char *basedn;
178 : char *realm;
179 : char *value;
180 : int ret;
181 : int i;
182 :
183 0 : tmpctx = talloc_new(ipa_opts);
184 0 : if (!tmpctx) {
185 0 : return ENOMEM;
186 : }
187 :
188 0 : ipa_opts->id = talloc_zero(ipa_opts, struct sdap_options);
189 0 : if (!ipa_opts->id) {
190 0 : ret = ENOMEM;
191 0 : goto done;
192 : }
193 :
194 0 : ret = sdap_domain_add(ipa_opts->id,
195 0 : ipa_opts->id_ctx->sdap_id_ctx->be->domain,
196 : NULL);
197 0 : if (ret != EOK) {
198 0 : goto done;
199 : }
200 :
201 : /* get sdap options */
202 0 : ret = dp_get_options(ipa_opts->id, cdb, conf_path,
203 : ipa_def_ldap_opts,
204 : SDAP_OPTS_BASIC,
205 0 : &ipa_opts->id->basic);
206 0 : if (ret != EOK) {
207 0 : goto done;
208 : }
209 :
210 0 : ret = domain_to_basedn(tmpctx,
211 0 : dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM),
212 : &basedn);
213 0 : if (ret != EOK) {
214 0 : goto done;
215 : }
216 :
217 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)) {
218 : /* FIXME: get values by querying IPA */
219 : /* set search base */
220 0 : value = talloc_asprintf(tmpctx, "cn=accounts,%s", basedn);
221 0 : if (!value) {
222 0 : ret = ENOMEM;
223 0 : goto done;
224 : }
225 0 : ret = dp_opt_set_string(ipa_opts->id->basic,
226 : SDAP_SEARCH_BASE, value);
227 0 : if (ret != EOK) {
228 0 : goto done;
229 : }
230 :
231 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
232 : ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name,
233 : dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE));
234 : }
235 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
236 : SDAP_SEARCH_BASE,
237 0 : &ipa_opts->id->sdom->search_bases);
238 0 : if (ret != EOK) goto done;
239 :
240 : /* set krb realm */
241 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)) {
242 0 : realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM);
243 0 : value = talloc_strdup(tmpctx, realm);
244 0 : if (value == NULL) {
245 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
246 0 : ret = ENOMEM;
247 0 : goto done;
248 : }
249 0 : ret = dp_opt_set_string(ipa_opts->id->basic,
250 : SDAP_KRB5_REALM, value);
251 0 : if (ret != EOK) {
252 0 : goto done;
253 : }
254 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
255 : ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name,
256 : dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM));
257 : }
258 :
259 0 : ret = sdap_set_sasl_options(ipa_opts->id,
260 : dp_opt_get_string(ipa_opts->basic,
261 : IPA_HOSTNAME),
262 0 : dp_opt_get_string(ipa_opts->id->basic,
263 : SDAP_KRB5_REALM),
264 0 : dp_opt_get_string(ipa_opts->id->basic,
265 : SDAP_KRB5_KEYTAB));
266 0 : if (ret != EOK) {
267 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set the SASL-related options\n");
268 0 : goto done;
269 : }
270 :
271 : /* fix schema to IPAv1 for now */
272 0 : ipa_opts->id->schema_type = SDAP_SCHEMA_IPA_V1;
273 :
274 : /* set user/group search bases if they are not specified */
275 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
276 : SDAP_USER_SEARCH_BASE)) {
277 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE,
278 : dp_opt_get_string(ipa_opts->id->basic,
279 : SDAP_SEARCH_BASE));
280 0 : if (ret != EOK) {
281 0 : goto done;
282 : }
283 :
284 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
285 : ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name,
286 : dp_opt_get_string(ipa_opts->id->basic,
287 : SDAP_USER_SEARCH_BASE));
288 : }
289 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
290 : SDAP_USER_SEARCH_BASE,
291 0 : &ipa_opts->id->sdom->user_search_bases);
292 0 : if (ret != EOK) goto done;
293 :
294 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
295 : SDAP_GROUP_SEARCH_BASE)) {
296 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE,
297 : dp_opt_get_string(ipa_opts->id->basic,
298 : SDAP_SEARCH_BASE));
299 0 : if (ret != EOK) {
300 0 : goto done;
301 : }
302 :
303 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
304 : ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
305 : dp_opt_get_string(ipa_opts->id->basic,
306 : SDAP_GROUP_SEARCH_BASE));
307 : }
308 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
309 : SDAP_GROUP_SEARCH_BASE,
310 0 : &ipa_opts->id->sdom->group_search_bases);
311 0 : if (ret != EOK) goto done;
312 :
313 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
314 : SDAP_SUDO_SEARCH_BASE)) {
315 : #if 0
316 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE,
317 : dp_opt_get_string(ipa_opts->id->basic,
318 : SDAP_SEARCH_BASE));
319 : if (ret != EOK) {
320 : goto done;
321 : }
322 : #else
323 : /* We don't yet have support for the representation
324 : * of sudo in IPA. For now, we need to point at the
325 : * compat tree
326 : */
327 0 : value = talloc_asprintf(tmpctx, "ou=SUDOers,%s", basedn);
328 0 : if (!value) {
329 0 : ret = ENOMEM;
330 0 : goto done;
331 : }
332 :
333 0 : ret = dp_opt_set_string(ipa_opts->id->basic,
334 : SDAP_SUDO_SEARCH_BASE,
335 : value);
336 0 : if (ret != EOK) {
337 0 : goto done;
338 : }
339 : #endif
340 :
341 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
342 : ipa_opts->id->basic[SDAP_SUDO_SEARCH_BASE].opt_name,
343 : dp_opt_get_string(ipa_opts->id->basic,
344 : SDAP_SUDO_SEARCH_BASE));
345 : }
346 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
347 : SDAP_SUDO_SEARCH_BASE,
348 0 : &ipa_opts->id->sdom->sudo_search_bases);
349 0 : if (ret != EOK) goto done;
350 :
351 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
352 : SDAP_NETGROUP_SEARCH_BASE)) {
353 0 : value = talloc_asprintf(tmpctx, "cn=ng,cn=alt,%s", basedn);
354 0 : if (!value) {
355 0 : ret = ENOMEM;
356 0 : goto done;
357 : }
358 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE,
359 : value);
360 0 : if (ret != EOK) {
361 0 : goto done;
362 : }
363 :
364 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
365 : ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
366 : dp_opt_get_string(ipa_opts->id->basic,
367 : SDAP_NETGROUP_SEARCH_BASE));
368 : }
369 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
370 : SDAP_NETGROUP_SEARCH_BASE,
371 0 : &ipa_opts->id->sdom->netgroup_search_bases);
372 0 : if (ret != EOK) goto done;
373 :
374 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
375 : IPA_HOST_SEARCH_BASE)) {
376 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE,
377 : dp_opt_get_string(ipa_opts->id->basic,
378 : SDAP_SEARCH_BASE));
379 0 : if (ret != EOK) {
380 0 : goto done;
381 : }
382 :
383 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
384 : ipa_opts->basic[IPA_HOST_SEARCH_BASE].opt_name,
385 : dp_opt_get_string(ipa_opts->basic,
386 : IPA_HOST_SEARCH_BASE));
387 : }
388 0 : ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
389 : IPA_HOST_SEARCH_BASE,
390 : &ipa_opts->host_search_bases);
391 0 : if (ret != EOK) goto done;
392 :
393 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
394 : IPA_HBAC_SEARCH_BASE)) {
395 0 : value = talloc_asprintf(tmpctx, "cn=hbac,%s", basedn);
396 0 : if (!value) {
397 0 : ret = ENOMEM;
398 0 : goto done;
399 : }
400 :
401 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE, value);
402 0 : if (ret != EOK) {
403 0 : goto done;
404 : }
405 :
406 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
407 : ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name,
408 : dp_opt_get_string(ipa_opts->basic,
409 : IPA_HBAC_SEARCH_BASE));
410 : }
411 0 : ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
412 : IPA_HBAC_SEARCH_BASE,
413 : &ipa_opts->hbac_search_bases);
414 0 : if (ret != EOK) goto done;
415 :
416 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
417 : IPA_SELINUX_SEARCH_BASE)) {
418 0 : value = talloc_asprintf(tmpctx, "cn=selinux,%s", basedn);
419 0 : if (!value) {
420 0 : ret = ENOMEM;
421 0 : goto done;
422 : }
423 :
424 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_SELINUX_SEARCH_BASE, value);
425 0 : if (ret != EOK) {
426 0 : goto done;
427 : }
428 :
429 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
430 : ipa_opts->basic[IPA_SELINUX_SEARCH_BASE].opt_name,
431 : dp_opt_get_string(ipa_opts->basic,
432 : IPA_SELINUX_SEARCH_BASE));
433 : }
434 0 : ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
435 : IPA_SELINUX_SEARCH_BASE,
436 : &ipa_opts->selinux_search_bases);
437 0 : if (ret != EOK) goto done;
438 :
439 0 : value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF);
440 0 : if (value != NULL) {
441 0 : ret = deref_string_to_val(value, &i);
442 0 : if (ret != EOK) {
443 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n");
444 0 : goto done;
445 : }
446 : }
447 :
448 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
449 : SDAP_SERVICE_SEARCH_BASE)) {
450 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE,
451 : dp_opt_get_string(ipa_opts->id->basic,
452 : SDAP_SEARCH_BASE));
453 0 : if (ret != EOK) {
454 0 : goto done;
455 : }
456 :
457 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
458 : ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
459 : dp_opt_get_string(ipa_opts->id->basic,
460 : SDAP_GROUP_SEARCH_BASE));
461 : }
462 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
463 : SDAP_SERVICE_SEARCH_BASE,
464 0 : &ipa_opts->id->sdom->service_search_bases);
465 0 : if (ret != EOK) goto done;
466 :
467 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
468 : IPA_SUBDOMAINS_SEARCH_BASE)) {
469 0 : value = talloc_asprintf(tmpctx, "cn=trusts,%s", basedn);
470 0 : if (value == NULL) {
471 0 : ret = ENOMEM;
472 0 : goto done;
473 : }
474 :
475 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_SUBDOMAINS_SEARCH_BASE, value);
476 0 : if (ret != EOK) {
477 0 : goto done;
478 : }
479 :
480 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
481 : ipa_opts->basic[IPA_SUBDOMAINS_SEARCH_BASE].opt_name,
482 : dp_opt_get_string(ipa_opts->basic,
483 : IPA_SUBDOMAINS_SEARCH_BASE));
484 : }
485 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
486 : IPA_SUBDOMAINS_SEARCH_BASE,
487 : &ipa_opts->subdomains_search_bases);
488 0 : if (ret != EOK) goto done;
489 :
490 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
491 : IPA_MASTER_DOMAIN_SEARCH_BASE)) {
492 0 : value = talloc_asprintf(tmpctx, "cn=ad,cn=etc,%s", basedn);
493 0 : if (value == NULL) {
494 0 : ret = ENOMEM;
495 0 : goto done;
496 : }
497 :
498 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_MASTER_DOMAIN_SEARCH_BASE, value);
499 0 : if (ret != EOK) {
500 0 : goto done;
501 : }
502 :
503 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
504 : ipa_opts->basic[IPA_MASTER_DOMAIN_SEARCH_BASE].opt_name,
505 : dp_opt_get_string(ipa_opts->basic,
506 : IPA_MASTER_DOMAIN_SEARCH_BASE));
507 : }
508 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
509 : IPA_MASTER_DOMAIN_SEARCH_BASE,
510 : &ipa_opts->master_domain_search_bases);
511 0 : if (ret != EOK) goto done;
512 :
513 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
514 : IPA_RANGES_SEARCH_BASE)) {
515 0 : value = talloc_asprintf(tmpctx, "cn=ranges,cn=etc,%s", basedn);
516 0 : if (value == NULL) {
517 0 : ret = ENOMEM;
518 0 : goto done;
519 : }
520 :
521 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_RANGES_SEARCH_BASE, value);
522 0 : if (ret != EOK) {
523 0 : goto done;
524 : }
525 :
526 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
527 : ipa_opts->basic[IPA_RANGES_SEARCH_BASE].opt_name,
528 : dp_opt_get_string(ipa_opts->basic,
529 : IPA_RANGES_SEARCH_BASE));
530 : }
531 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
532 : IPA_RANGES_SEARCH_BASE,
533 : &ipa_opts->ranges_search_bases);
534 0 : if (ret != EOK) goto done;
535 :
536 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
537 : IPA_VIEWS_SEARCH_BASE)) {
538 0 : value = talloc_asprintf(tmpctx, "cn=views,cn=accounts,%s", basedn);
539 0 : if (value == NULL) {
540 0 : ret = ENOMEM;
541 0 : goto done;
542 : }
543 :
544 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_VIEWS_SEARCH_BASE, value);
545 0 : if (ret != EOK) {
546 0 : goto done;
547 : }
548 :
549 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
550 : ipa_opts->basic[IPA_VIEWS_SEARCH_BASE].opt_name,
551 : dp_opt_get_string(ipa_opts->basic,
552 : IPA_VIEWS_SEARCH_BASE));
553 : }
554 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
555 : IPA_VIEWS_SEARCH_BASE,
556 : &ipa_opts->views_search_bases);
557 0 : if (ret != EOK) goto done;
558 :
559 0 : ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
560 : ipa_attr_map,
561 : SDAP_AT_GENERAL,
562 0 : &ipa_opts->id->gen_map);
563 0 : if (ret != EOK) {
564 0 : goto done;
565 : }
566 :
567 0 : ret = sdap_get_map(ipa_opts->id,
568 : cdb, conf_path,
569 : ipa_user_map,
570 : SDAP_OPTS_USER,
571 0 : &ipa_opts->id->user_map);
572 0 : if (ret != EOK) {
573 0 : goto done;
574 : }
575 :
576 0 : ret = sdap_extend_map_with_list(ipa_opts->id, ipa_opts->id,
577 : SDAP_USER_EXTRA_ATTRS,
578 0 : ipa_opts->id->user_map,
579 : SDAP_OPTS_USER,
580 0 : &ipa_opts->id->user_map,
581 0 : &ipa_opts->id->user_map_cnt);
582 0 : if (ret != EOK) {
583 0 : goto done;
584 : }
585 :
586 0 : ret = sdap_get_map(ipa_opts->id,
587 : cdb, conf_path,
588 : ipa_group_map,
589 : SDAP_OPTS_GROUP,
590 0 : &ipa_opts->id->group_map);
591 0 : if (ret != EOK) {
592 0 : goto done;
593 : }
594 :
595 0 : ret = sdap_get_map(ipa_opts->id,
596 : cdb, conf_path,
597 : ipa_netgroup_map,
598 : IPA_OPTS_NETGROUP,
599 0 : &ipa_opts->id->netgroup_map);
600 0 : if (ret != EOK) {
601 0 : goto done;
602 : }
603 :
604 0 : ret = sdap_get_map(ipa_opts->id,
605 : cdb, conf_path,
606 : ipa_host_map,
607 : IPA_OPTS_HOST,
608 : &ipa_opts->host_map);
609 0 : if (ret != EOK) {
610 0 : goto done;
611 : }
612 :
613 0 : ret = sdap_get_map(ipa_opts->id,
614 : cdb, conf_path,
615 : ipa_hostgroup_map,
616 : IPA_OPTS_HOSTGROUP,
617 : &ipa_opts->hostgroup_map);
618 0 : if (ret != EOK) {
619 0 : goto done;
620 : }
621 :
622 0 : ret = sdap_get_map(ipa_opts->id,
623 : cdb, conf_path,
624 : ipa_service_map,
625 : SDAP_OPTS_SERVICES,
626 0 : &ipa_opts->id->service_map);
627 0 : if (ret != EOK) {
628 0 : goto done;
629 : }
630 :
631 0 : ret = sdap_get_map(ipa_opts->id,
632 : cdb, conf_path,
633 : ipa_selinux_user_map,
634 : IPA_OPTS_SELINUX_USERMAP,
635 : &ipa_opts->selinuxuser_map);
636 0 : if (ret != EOK) {
637 0 : goto done;
638 : }
639 :
640 0 : ret = sdap_get_map(ipa_opts->id,
641 : cdb, conf_path,
642 : ipa_view_map,
643 : IPA_OPTS_VIEW,
644 : &ipa_opts->view_map);
645 0 : if (ret != EOK) {
646 0 : goto done;
647 : }
648 :
649 0 : ret = sdap_get_map(ipa_opts->id,
650 : cdb, conf_path,
651 : ipa_override_map,
652 : IPA_OPTS_OVERRIDE,
653 : &ipa_opts->override_map);
654 0 : if (ret != EOK) {
655 0 : goto done;
656 : }
657 :
658 0 : ret = EOK;
659 0 : *_opts = ipa_opts->id;
660 :
661 : done:
662 0 : talloc_zfree(tmpctx);
663 0 : if (ret != EOK) {
664 0 : talloc_zfree(ipa_opts->id);
665 : }
666 0 : return ret;
667 : }
668 :
669 0 : int ipa_get_auth_options(struct ipa_options *ipa_opts,
670 : struct confdb_ctx *cdb,
671 : const char *conf_path,
672 : struct dp_option **_opts)
673 : {
674 : char *value;
675 0 : char *copy = NULL;
676 : int ret;
677 :
678 0 : ipa_opts->auth = talloc_zero(ipa_opts, struct dp_option);
679 0 : if (ipa_opts->auth == NULL) {
680 0 : ret = ENOMEM;
681 0 : goto done;
682 : }
683 :
684 : /* get krb5 options */
685 0 : ret = dp_get_options(ipa_opts, cdb, conf_path,
686 : ipa_def_krb5_opts,
687 : KRB5_OPTS, &ipa_opts->auth);
688 0 : if (ret != EOK) {
689 0 : goto done;
690 : }
691 :
692 : /* If there is no KDC, try the deprecated krb5_kdcip option, too */
693 : /* FIXME - this can be removed in a future version */
694 0 : ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC);
695 0 : if (ret != EOK) {
696 0 : DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
697 0 : goto done;
698 : }
699 :
700 : /* set krb realm */
701 0 : if (NULL == dp_opt_get_string(ipa_opts->auth, KRB5_REALM)) {
702 0 : value = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM);
703 0 : if (!value) {
704 0 : ret = ENOMEM;
705 0 : goto done;
706 : }
707 0 : copy = talloc_strdup(ipa_opts->auth, value);
708 0 : if (copy == NULL) {
709 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
710 0 : ret = ENOMEM;
711 0 : goto done;
712 : }
713 0 : ret = dp_opt_set_string(ipa_opts->auth, KRB5_REALM, copy);
714 0 : if (ret != EOK) {
715 0 : goto done;
716 : }
717 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
718 : ipa_opts->auth[KRB5_REALM].opt_name,
719 : dp_opt_get_string(ipa_opts->auth, KRB5_REALM));
720 : }
721 :
722 : /* If krb5_fast_principal was not set explicitly, default to
723 : * host/$client_hostname@REALM
724 : */
725 0 : value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL);
726 0 : if (value == NULL) {
727 0 : value = talloc_asprintf(ipa_opts->auth, "host/%s@%s",
728 : dp_opt_get_string(ipa_opts->basic,
729 : IPA_HOSTNAME),
730 : dp_opt_get_string(ipa_opts->auth,
731 : KRB5_REALM));
732 0 : if (value == NULL) {
733 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n",
734 : ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name);
735 0 : ret = ENOMEM;
736 0 : goto done;
737 : }
738 :
739 0 : ret = dp_opt_set_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL,
740 : value);
741 0 : if (ret != EOK) {
742 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n",
743 : ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name);
744 0 : goto done;
745 : }
746 :
747 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
748 : ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name, value);
749 : }
750 :
751 : /* Set flag that controls whether we want to write the
752 : * kdcinfo files at all
753 : */
754 0 : ipa_opts->service->krb5_service->write_kdcinfo = \
755 0 : dp_opt_get_bool(ipa_opts->auth, KRB5_USE_KDCINFO);
756 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
757 : ipa_opts->auth[KRB5_USE_KDCINFO].opt_name,
758 : ipa_opts->service->krb5_service->write_kdcinfo ? "true" : "false");
759 :
760 0 : *_opts = ipa_opts->auth;
761 0 : ret = EOK;
762 :
763 : done:
764 0 : talloc_free(copy);
765 0 : if (ret != EOK) {
766 0 : talloc_zfree(ipa_opts->auth);
767 : }
768 0 : return ret;
769 : }
770 :
771 0 : static void ipa_resolve_callback(void *private_data, struct fo_server *server)
772 : {
773 0 : TALLOC_CTX *tmp_ctx = NULL;
774 : struct ipa_service *service;
775 : struct resolv_hostent *srvaddr;
776 : struct sockaddr_storage *sockaddr;
777 : char *address;
778 : const char *safe_address;
779 : char *new_uri;
780 : const char *srv_name;
781 : int ret;
782 :
783 0 : tmp_ctx = talloc_new(NULL);
784 0 : if (tmp_ctx == NULL) {
785 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
786 0 : return;
787 : }
788 :
789 0 : service = talloc_get_type(private_data, struct ipa_service);
790 0 : if (!service) {
791 0 : DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n");
792 0 : talloc_free(tmp_ctx);
793 0 : return;
794 : }
795 :
796 0 : srvaddr = fo_get_server_hostent(server);
797 0 : if (!srvaddr) {
798 0 : DEBUG(SSSDBG_CRIT_FAILURE,
799 : "FATAL: No hostent available for server (%s)\n",
800 : fo_get_server_str_name(server));
801 0 : talloc_free(tmp_ctx);
802 0 : return;
803 : }
804 :
805 0 : sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
806 0 : if (sockaddr == NULL) {
807 0 : DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n");
808 0 : talloc_free(tmp_ctx);
809 0 : return;
810 : }
811 :
812 0 : address = resolv_get_string_address(tmp_ctx, srvaddr);
813 0 : if (address == NULL) {
814 0 : DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n");
815 0 : talloc_free(tmp_ctx);
816 0 : return;
817 : }
818 :
819 0 : srv_name = fo_get_server_name(server);
820 0 : if (srv_name == NULL) {
821 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n");
822 0 : talloc_free(tmp_ctx);
823 0 : return;
824 : }
825 :
826 0 : new_uri = talloc_asprintf(service, "ldap://%s", srv_name);
827 0 : if (!new_uri) {
828 0 : DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n");
829 0 : talloc_free(tmp_ctx);
830 0 : return;
831 : }
832 0 : DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri);
833 :
834 : /* free old one and replace with new one */
835 0 : talloc_zfree(service->sdap->uri);
836 0 : service->sdap->uri = new_uri;
837 0 : talloc_zfree(service->sdap->sockaddr);
838 0 : service->sdap->sockaddr = talloc_steal(service, sockaddr);
839 :
840 0 : if (service->krb5_service->write_kdcinfo) {
841 0 : safe_address = sss_escape_ip_address(tmp_ctx,
842 : srvaddr->family,
843 : address);
844 0 : if (safe_address == NULL) {
845 0 : DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
846 0 : talloc_free(tmp_ctx);
847 0 : return;
848 : }
849 :
850 0 : ret = write_krb5info_file(service->krb5_service->realm, safe_address,
851 : SSS_KRB5KDC_FO_SRV);
852 0 : if (ret != EOK) {
853 0 : DEBUG(SSSDBG_OP_FAILURE,
854 : "write_krb5info_file failed, authentication might fail.\n");
855 : }
856 : }
857 :
858 0 : talloc_free(tmp_ctx);
859 : }
860 :
861 0 : static errno_t _ipa_servers_init(struct be_ctx *ctx,
862 : struct ipa_service *service,
863 : struct ipa_options *options,
864 : const char *servers,
865 : bool primary)
866 : {
867 : TALLOC_CTX *tmp_ctx;
868 0 : char **list = NULL;
869 : char *ipa_domain;
870 0 : int ret = 0;
871 : int i;
872 :
873 0 : tmp_ctx = talloc_new(NULL);
874 0 : if (!tmp_ctx) {
875 0 : return ENOMEM;
876 : }
877 :
878 : /* split server parm into a list */
879 0 : ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL);
880 0 : if (ret != EOK) {
881 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n");
882 0 : goto done;
883 : }
884 :
885 : /* now for each one add a new server to the failover service */
886 0 : for (i = 0; list[i]; i++) {
887 :
888 0 : talloc_steal(service, list[i]);
889 :
890 0 : if (be_fo_is_srv_identifier(list[i])) {
891 0 : if (!primary) {
892 0 : DEBUG(SSSDBG_MINOR_FAILURE,
893 : "Failed to add server [%s] to failover service: "
894 : "SRV resolution only allowed for primary servers!\n",
895 : list[i]);
896 0 : continue;
897 : }
898 :
899 0 : ipa_domain = dp_opt_get_string(options->basic, IPA_DOMAIN);
900 0 : ret = be_fo_add_srv_server(ctx, "IPA", "ldap", ipa_domain,
901 : BE_FO_PROTO_TCP, false, NULL);
902 0 : if (ret) {
903 0 : DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n");
904 0 : goto done;
905 : }
906 :
907 0 : DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup for service IPA\n");
908 0 : continue;
909 : }
910 :
911 : /* It could be ipv6 address in square brackets. Remove
912 : * the brackets if needed. */
913 0 : ret = remove_ipv6_brackets(list[i]);
914 0 : if (ret != EOK) {
915 0 : goto done;
916 : }
917 :
918 0 : ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL, primary);
919 0 : if (ret && ret != EEXIST) {
920 0 : DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n");
921 0 : goto done;
922 : }
923 :
924 0 : DEBUG(SSSDBG_TRACE_FUNC, "Added Server %s\n", list[i]);
925 : }
926 :
927 : done:
928 0 : talloc_free(tmp_ctx);
929 0 : return ret;
930 : }
931 :
932 : static inline errno_t
933 0 : ipa_primary_servers_init(struct be_ctx *ctx, struct ipa_service *service,
934 : struct ipa_options *options, const char *servers)
935 : {
936 0 : return _ipa_servers_init(ctx, service, options, servers, true);
937 : }
938 :
939 : static inline errno_t
940 0 : ipa_backup_servers_init(struct be_ctx *ctx, struct ipa_service *service,
941 : struct ipa_options *options, const char *servers)
942 : {
943 0 : return _ipa_servers_init(ctx, service, options, servers, false);
944 : }
945 :
946 0 : static int ipa_user_data_cmp(void *ud1, void *ud2)
947 : {
948 0 : return strcasecmp((char*) ud1, (char*) ud2);
949 : }
950 :
951 0 : int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
952 : const char *primary_servers,
953 : const char *backup_servers,
954 : struct ipa_options *options,
955 : struct ipa_service **_service)
956 : {
957 : TALLOC_CTX *tmp_ctx;
958 : struct ipa_service *service;
959 : char *realm;
960 : int ret;
961 :
962 0 : tmp_ctx = talloc_new(NULL);
963 0 : if (!tmp_ctx) {
964 0 : return ENOMEM;
965 : }
966 :
967 0 : service = talloc_zero(tmp_ctx, struct ipa_service);
968 0 : if (!service) {
969 0 : ret = ENOMEM;
970 0 : goto done;
971 : }
972 0 : service->sdap = talloc_zero(service, struct sdap_service);
973 0 : if (!service->sdap) {
974 0 : ret = ENOMEM;
975 0 : goto done;
976 : }
977 0 : service->krb5_service = talloc_zero(service, struct krb5_service);
978 0 : if (!service->krb5_service) {
979 0 : ret = ENOMEM;
980 0 : goto done;
981 : }
982 :
983 0 : ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp);
984 0 : if (ret != EOK) {
985 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
986 0 : goto done;
987 : }
988 :
989 0 : service->sdap->name = talloc_strdup(service, "IPA");
990 0 : if (!service->sdap->name) {
991 0 : ret = ENOMEM;
992 0 : goto done;
993 : }
994 :
995 0 : service->krb5_service->name = talloc_strdup(service, "IPA");
996 0 : if (!service->krb5_service->name) {
997 0 : ret = ENOMEM;
998 0 : goto done;
999 : }
1000 0 : service->sdap->kinit_service_name = service->krb5_service->name;
1001 :
1002 0 : realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM);
1003 0 : if (!realm) {
1004 0 : DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
1005 0 : ret = EINVAL;
1006 0 : goto done;
1007 : }
1008 0 : service->krb5_service->realm =
1009 0 : talloc_strdup(service->krb5_service, realm);
1010 0 : if (!service->krb5_service->realm) {
1011 0 : ret = ENOMEM;
1012 0 : goto done;
1013 : }
1014 :
1015 0 : if (!primary_servers) {
1016 0 : DEBUG(SSSDBG_CONF_SETTINGS,
1017 : "No primary servers defined, using service discovery\n");
1018 0 : primary_servers = BE_SRV_IDENTIFIER;
1019 : }
1020 :
1021 0 : ret = ipa_primary_servers_init(ctx, service, options, primary_servers);
1022 0 : if (ret != EOK) {
1023 0 : goto done;
1024 : }
1025 :
1026 0 : if (backup_servers) {
1027 0 : ret = ipa_backup_servers_init(ctx, service, options, backup_servers);
1028 0 : if (ret != EOK) {
1029 0 : goto done;
1030 : }
1031 : }
1032 :
1033 0 : ret = be_fo_service_add_callback(memctx, ctx, "IPA",
1034 : ipa_resolve_callback, service);
1035 0 : if (ret != EOK) {
1036 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n");
1037 0 : goto done;
1038 : }
1039 :
1040 0 : ret = EOK;
1041 :
1042 : done:
1043 0 : if (ret == EOK) {
1044 0 : *_service = talloc_steal(memctx, service);
1045 : }
1046 0 : talloc_zfree(tmp_ctx);
1047 0 : return ret;
1048 : }
1049 :
1050 0 : int ipa_get_autofs_options(struct ipa_options *ipa_opts,
1051 : struct confdb_ctx *cdb,
1052 : const char *conf_path,
1053 : struct sdap_options **_opts)
1054 : {
1055 : TALLOC_CTX *tmp_ctx;
1056 : char *basedn;
1057 : char *autofs_base;
1058 : errno_t ret;
1059 :
1060 0 : tmp_ctx = talloc_new(NULL);
1061 0 : if (!tmp_ctx) {
1062 0 : return ENOMEM;
1063 : }
1064 :
1065 0 : ret = domain_to_basedn(tmp_ctx,
1066 0 : dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM),
1067 : &basedn);
1068 0 : if (ret != EOK) {
1069 0 : goto done;
1070 : }
1071 :
1072 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
1073 : SDAP_AUTOFS_SEARCH_BASE)) {
1074 :
1075 0 : autofs_base = talloc_asprintf(tmp_ctx, "cn=%s,cn=automount,%s",
1076 : dp_opt_get_string(ipa_opts->basic,
1077 : IPA_AUTOMOUNT_LOCATION),
1078 : basedn);
1079 0 : if (!autofs_base) {
1080 0 : ret = ENOMEM;
1081 0 : goto done;
1082 : }
1083 :
1084 0 : ret = dp_opt_set_string(ipa_opts->id->basic,
1085 : SDAP_AUTOFS_SEARCH_BASE,
1086 : autofs_base);
1087 0 : if (ret != EOK) {
1088 0 : goto done;
1089 : }
1090 :
1091 0 : DEBUG(SSSDBG_TRACE_LIBS, "Option %s set to %s\n",
1092 : ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name,
1093 : dp_opt_get_string(ipa_opts->id->basic,
1094 : SDAP_AUTOFS_SEARCH_BASE));
1095 : }
1096 :
1097 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
1098 : SDAP_AUTOFS_SEARCH_BASE,
1099 0 : &ipa_opts->id->sdom->autofs_search_bases);
1100 0 : if (ret != EOK && ret != ENOENT) {
1101 0 : DEBUG(SSSDBG_OP_FAILURE, "Could not parse autofs search base\n");
1102 0 : goto done;
1103 : }
1104 :
1105 0 : ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
1106 : ipa_autofs_mobject_map,
1107 : SDAP_OPTS_AUTOFS_MAP,
1108 0 : &ipa_opts->id->autofs_mobject_map);
1109 0 : if (ret != EOK) {
1110 0 : DEBUG(SSSDBG_OP_FAILURE,
1111 : "Could not get autofs map object attribute map\n");
1112 0 : goto done;
1113 : }
1114 :
1115 0 : ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
1116 : ipa_autofs_entry_map,
1117 : SDAP_OPTS_AUTOFS_ENTRY,
1118 0 : &ipa_opts->id->autofs_entry_map);
1119 0 : if (ret != EOK) {
1120 0 : DEBUG(SSSDBG_OP_FAILURE,
1121 : "Could not get autofs entry object attribute map\n");
1122 0 : goto done;
1123 : }
1124 :
1125 0 : *_opts = ipa_opts->id;
1126 0 : ret = EOK;
1127 : done:
1128 0 : talloc_free(tmp_ctx);
1129 0 : return ret;
1130 : }
1131 :
1132 0 : errno_t ipa_get_dyndns_options(struct be_ctx *be_ctx,
1133 : struct ipa_options *ctx)
1134 : {
1135 : errno_t ret;
1136 : char *val;
1137 : bool update;
1138 : int ttl;
1139 :
1140 0 : ret = be_nsupdate_init(ctx, be_ctx, ipa_dyndns_opts, &ctx->dyndns_ctx);
1141 0 : if (ret != EOK) {
1142 0 : DEBUG(SSSDBG_OP_FAILURE,
1143 : "Cannot initialize IPA dyndns opts [%d]: %s\n",
1144 : ret, sss_strerror(ret));
1145 0 : return ret;
1146 : }
1147 :
1148 0 : if (ctx->basic == NULL) {
1149 0 : DEBUG(SSSDBG_MINOR_FAILURE, "IPA basic options not (yet) "
1150 : "initialized, cannot copy legacy options\n");
1151 0 : return EOK;
1152 : }
1153 :
1154 : /* Reuse legacy option values */
1155 0 : ret = confdb_get_string(be_ctx->cdb, ctx, be_ctx->conf_path,
1156 : "ipa_dyndns_update", NULL, &val);
1157 0 : if (ret != EOK) {
1158 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot get the value of %s\n",
1159 : "ipa_dyndns_update");
1160 : /* Not fatal */
1161 0 : } else if (ret == EOK && val) {
1162 0 : if (strcasecmp(val, "FALSE") == 0) {
1163 0 : update = false;
1164 0 : } else if (strcasecmp(val, "TRUE") == 0) {
1165 0 : update = true;
1166 : } else {
1167 0 : DEBUG(SSSDBG_MINOR_FAILURE,
1168 : "ipa_dyndns_update value is not a boolean!\n");
1169 0 : talloc_free(val);
1170 0 : return EINVAL;
1171 : }
1172 :
1173 0 : DEBUG(SSSDBG_MINOR_FAILURE, "Deprecation warning: The option %s is "
1174 : "deprecated and should not be used in favor of %s\n",
1175 : "ipa_dyndns_update", "dyndns_update");
1176 :
1177 0 : ret = dp_opt_set_bool(ctx->dyndns_ctx->opts,
1178 : DP_OPT_DYNDNS_UPDATE, update);
1179 0 : talloc_free(val);
1180 0 : if (ret != EOK) {
1181 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set option value\n");
1182 0 : return ret;
1183 : }
1184 : }
1185 :
1186 0 : ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path,
1187 : "ipa_dyndns_ttl", -1, &ttl);
1188 0 : if (ret != EOK) {
1189 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot get the value of %s\n",
1190 : "ipa_dyndns_ttl");
1191 : /* Not fatal */
1192 0 : } else if (ret == EOK && ttl != -1) {
1193 0 : DEBUG(SSSDBG_MINOR_FAILURE, "Deprecation warning: The option %s is "
1194 : "deprecated and should not be used in favor of %s\n",
1195 : "ipa_dyndns_ttl", "dyndns_ttl");
1196 :
1197 0 : ret = dp_opt_set_int(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_TTL, ttl);
1198 0 : if (ret != EOK) {
1199 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set option value\n");
1200 0 : return ret;
1201 : }
1202 : }
1203 :
1204 : /* Reuse legacy option values */
1205 0 : ret = confdb_get_string(be_ctx->cdb, ctx, be_ctx->conf_path,
1206 : "ipa_dyndns_iface", NULL, &val);
1207 0 : if (ret != EOK) {
1208 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot get the value of %s\n",
1209 : "ipa_dyndns_iface");
1210 : /* Not fatal */
1211 0 : } else if (ret == EOK && val) {
1212 0 : DEBUG(SSSDBG_MINOR_FAILURE, "Deprecation warning: The option %s is "
1213 : "deprecated and should not be used in favor of %s\n",
1214 : "ipa_dyndns_iface", "dyndns_iface");
1215 :
1216 0 : ret = dp_opt_set_string(ctx->dyndns_ctx->opts,
1217 : DP_OPT_DYNDNS_IFACE, val);
1218 0 : if (ret != EOK) {
1219 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set option value\n");
1220 0 : return ret;
1221 : }
1222 : }
1223 :
1224 0 : return EOK;
1225 : }
|
