Line data Source code
1 : /*
2 : Authors:
3 : Simo Sorce <ssorce@redhat.com>
4 :
5 : Copyright (C) 2008-2010 Red Hat
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include "providers/ldap/ldap_common.h"
22 :
23 : int
24 43 : sdap_domain_destructor(void *mem)
25 : {
26 43 : struct sdap_domain *dom =
27 : talloc_get_type(mem, struct sdap_domain);
28 43 : DLIST_REMOVE(*(dom->head), dom);
29 43 : return 0;
30 : }
31 :
32 : struct sdap_domain *
33 24 : sdap_domain_get(struct sdap_options *opts,
34 : struct sss_domain_info *dom)
35 : {
36 24 : struct sdap_domain *sditer = NULL;
37 :
38 37 : DLIST_FOR_EACH(sditer, opts->sdom) {
39 37 : if (sditer->dom == dom) {
40 24 : break;
41 : }
42 : }
43 :
44 24 : return sditer;
45 : }
46 :
47 : struct sdap_domain *
48 23 : sdap_domain_get_by_dn(struct sdap_options *opts,
49 : const char *dn)
50 : {
51 23 : struct sdap_domain *sditer = NULL;
52 23 : struct sdap_domain *sdmatch = NULL;
53 23 : TALLOC_CTX *tmp_ctx = NULL;
54 : int match_len;
55 23 : int best_match_len = 0;
56 :
57 23 : tmp_ctx = talloc_new(NULL);
58 23 : if (tmp_ctx == NULL) {
59 0 : return NULL;
60 : }
61 :
62 53 : DLIST_FOR_EACH(sditer, opts->sdom) {
63 30 : if (sss_ldap_dn_in_search_bases_len(tmp_ctx, dn, sditer->search_bases,
64 : NULL, &match_len)
65 5 : || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
66 : sditer->user_search_bases, NULL, &match_len)
67 5 : || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
68 : sditer->group_search_bases, NULL, &match_len)
69 5 : || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
70 : sditer->netgroup_search_bases, NULL, &match_len)
71 5 : || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
72 : sditer->sudo_search_bases, NULL, &match_len)
73 5 : || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
74 : sditer->service_search_bases, NULL, &match_len)
75 5 : || sss_ldap_dn_in_search_bases_len(tmp_ctx, dn,
76 : sditer->autofs_search_bases, NULL, &match_len)) {
77 25 : if (best_match_len < match_len) {
78 : /*this is a longer match*/
79 25 : best_match_len = match_len;
80 25 : sdmatch = sditer;
81 : }
82 : }
83 : }
84 23 : talloc_free(tmp_ctx);
85 23 : return sdmatch;
86 : }
87 :
88 : errno_t
89 43 : sdap_domain_add(struct sdap_options *opts,
90 : struct sss_domain_info *dom,
91 : struct sdap_domain **_sdom)
92 : {
93 : struct sdap_domain *sdom;
94 : errno_t ret;
95 :
96 43 : sdom = talloc_zero(opts, struct sdap_domain);
97 43 : if (sdom == NULL) {
98 0 : return ENOMEM;
99 : }
100 43 : sdom->dom = dom;
101 43 : sdom->head = &opts->sdom;
102 :
103 : /* Convert the domain name into search base */
104 43 : ret = domain_to_basedn(sdom, sdom->dom->name, &sdom->basedn);
105 43 : if (ret != EOK) {
106 0 : DEBUG(SSSDBG_OP_FAILURE,
107 : "Cannot convert domain name [%s] to base DN [%d]: %s\n",
108 : dom->name, ret, strerror(ret));
109 0 : goto done;
110 : }
111 :
112 43 : talloc_set_destructor((TALLOC_CTX *)sdom, sdap_domain_destructor);
113 43 : DLIST_ADD_END(opts->sdom, sdom, struct sdap_domain *);
114 :
115 43 : if (_sdom) *_sdom = sdom;
116 43 : ret = EOK;
117 :
118 : done:
119 43 : if (ret != EOK) {
120 0 : talloc_free(sdom);
121 : }
122 :
123 43 : return ret;
124 : }
125 :
126 : errno_t
127 12 : sdap_domain_subdom_add(struct sdap_id_ctx *sdap_id_ctx,
128 : struct sdap_domain *sdom_list,
129 : struct sss_domain_info *parent)
130 : {
131 : struct sss_domain_info *dom;
132 : struct sdap_domain *sdom, *sditer;
133 : errno_t ret;
134 :
135 48 : for (dom = get_next_domain(parent, true);
136 24 : dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
137 24 : dom = get_next_domain(dom, false)) {
138 :
139 24 : DLIST_FOR_EACH(sditer, sdom_list) {
140 0 : if (sditer->dom == dom) {
141 0 : break;
142 : }
143 : }
144 :
145 24 : if (sditer == NULL) {
146 : /* New sdap domain */
147 24 : DEBUG(SSSDBG_TRACE_FUNC, "subdomain %s is a new one, will "
148 : "create a new sdap domain object\n", dom->name);
149 :
150 24 : ret = sdap_domain_add(sdap_id_ctx->opts, dom, &sdom);
151 24 : if (ret != EOK) {
152 0 : DEBUG(SSSDBG_OP_FAILURE,
153 : "Cannot add new sdap domain for domain %s [%d]: %s\n",
154 : parent->name, ret, strerror(ret));
155 0 : return ret;
156 : }
157 : } else {
158 0 : sdom = sditer;
159 : }
160 :
161 : /* Update search bases */
162 24 : talloc_zfree(sdom->search_bases);
163 24 : sdom->search_bases = talloc_array(sdom, struct sdap_search_base *, 2);
164 24 : if (sdom->search_bases == NULL) {
165 0 : return ENOMEM;
166 : }
167 24 : sdom->search_bases[1] = NULL;
168 :
169 24 : ret = sdap_create_search_base(sdom, sdom->basedn, LDAP_SCOPE_SUBTREE,
170 24 : NULL, &sdom->search_bases[0]);
171 24 : if (ret) {
172 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot create new sdap search base\n");
173 0 : return ret;
174 : }
175 :
176 24 : sdom->user_search_bases = sdom->search_bases;
177 24 : sdom->group_search_bases = sdom->search_bases;
178 24 : sdom->netgroup_search_bases = sdom->search_bases;
179 24 : sdom->sudo_search_bases = sdom->search_bases;
180 24 : sdom->service_search_bases = sdom->search_bases;
181 24 : sdom->autofs_search_bases = sdom->search_bases;
182 : }
183 :
184 12 : return EOK;
185 : }
186 :
187 : void
188 1 : sdap_domain_remove(struct sdap_options *opts,
189 : struct sss_domain_info *dom)
190 : {
191 : struct sdap_domain *sdom;
192 :
193 1 : sdom = sdap_domain_get(opts, dom);
194 1 : if (sdom == NULL) return;
195 :
196 1 : DLIST_REMOVE(*(sdom->head), sdom);
197 : }
|
