Line data Source code
1 : /*
2 : SSSD
3 :
4 : IPA Provider Common Functions
5 :
6 : Authors:
7 : Simo Sorce <ssorce@redhat.com>
8 :
9 : Copyright (C) 2009 Red Hat
10 :
11 : This program is free software; you can redistribute it and/or modify
12 : it under the terms of the GNU General Public License as published by
13 : the Free Software Foundation; either version 3 of the License, or
14 : (at your option) any later version.
15 :
16 : This program is distributed in the hope that it will be useful,
17 : but WITHOUT ANY WARRANTY; without even the implied warranty of
18 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 : GNU General Public License for more details.
20 :
21 : You should have received a copy of the GNU General Public License
22 : along with this program. If not, see <http://www.gnu.org/licenses/>.
23 : */
24 :
25 : #include <netdb.h>
26 : #include <ctype.h>
27 : #include <arpa/inet.h>
28 :
29 : #include "db/sysdb_selinux.h"
30 : #include "providers/ipa/ipa_common.h"
31 : #include "providers/ipa/ipa_dyndns.h"
32 : #include "providers/ldap/sdap_async_private.h"
33 : #include "providers/be_dyndns.h"
34 : #include "util/sss_krb5.h"
35 : #include "db/sysdb_services.h"
36 : #include "db/sysdb_autofs.h"
37 :
38 : #include "providers/ipa/ipa_opts.h"
39 :
40 0 : int ipa_get_options(TALLOC_CTX *memctx,
41 : struct confdb_ctx *cdb,
42 : const char *conf_path,
43 : struct sss_domain_info *dom,
44 : struct ipa_options **_opts)
45 : {
46 : struct ipa_options *opts;
47 : char *domain;
48 : char *server;
49 : char *realm;
50 : char *ipa_hostname;
51 : int ret;
52 : char hostname[HOST_NAME_MAX + 1];
53 :
54 0 : opts = talloc_zero(memctx, struct ipa_options);
55 0 : if (!opts) return ENOMEM;
56 :
57 0 : ret = dp_get_options(opts, cdb, conf_path,
58 : ipa_basic_opts,
59 : IPA_OPTS_BASIC,
60 : &opts->basic);
61 0 : if (ret != EOK) {
62 0 : goto done;
63 : }
64 :
65 0 : domain = dp_opt_get_string(opts->basic, IPA_DOMAIN);
66 0 : if (!domain) {
67 0 : ret = dp_opt_set_string(opts->basic, IPA_DOMAIN, dom->name);
68 0 : if (ret != EOK) {
69 0 : goto done;
70 : }
71 0 : domain = dom->name;
72 : }
73 :
74 0 : server = dp_opt_get_string(opts->basic, IPA_SERVER);
75 0 : if (!server) {
76 0 : DEBUG(SSSDBG_CRIT_FAILURE,
77 : "No ipa server set, will use service discovery!\n");
78 : }
79 :
80 0 : ipa_hostname = dp_opt_get_string(opts->basic, IPA_HOSTNAME);
81 0 : if (ipa_hostname == NULL) {
82 0 : ret = gethostname(hostname, HOST_NAME_MAX);
83 0 : if (ret != EOK) {
84 0 : DEBUG(SSSDBG_CRIT_FAILURE, "gethostname failed [%d][%s].\n", errno,
85 : strerror(errno));
86 0 : ret = errno;
87 0 : goto done;
88 : }
89 0 : hostname[HOST_NAME_MAX] = '\0';
90 0 : DEBUG(SSSDBG_TRACE_ALL, "Setting ipa_hostname to [%s].\n", hostname);
91 0 : ret = dp_opt_set_string(opts->basic, IPA_HOSTNAME, hostname);
92 0 : if (ret != EOK) {
93 0 : goto done;
94 : }
95 : }
96 :
97 : /* First check whether the realm has been manually specified */
98 0 : realm = dp_opt_get_string(opts->basic, IPA_KRB5_REALM);
99 0 : if (!realm) {
100 : /* No explicit krb5_realm, use the IPA domain, transform to upper-case */
101 0 : realm = get_uppercase_realm(opts, domain);
102 0 : if (!realm) {
103 0 : ret = ENOMEM;
104 0 : goto done;
105 : }
106 :
107 0 : ret = dp_opt_set_string(opts->basic, IPA_KRB5_REALM,
108 : realm);
109 0 : if (ret != EOK) {
110 0 : goto done;
111 : }
112 : }
113 :
114 0 : ret = EOK;
115 0 : *_opts = opts;
116 :
117 : done:
118 0 : if (ret != EOK) {
119 0 : talloc_zfree(opts);
120 : }
121 0 : return ret;
122 : }
123 :
124 0 : static errno_t ipa_parse_search_base(TALLOC_CTX *mem_ctx,
125 : struct dp_option *opts, int class,
126 : struct sdap_search_base ***_search_bases)
127 : {
128 : const char *class_name;
129 : char *unparsed_base;
130 :
131 0 : *_search_bases = NULL;
132 :
133 0 : switch (class) {
134 : case IPA_HBAC_SEARCH_BASE:
135 0 : class_name = "IPA_HBAC";
136 0 : break;
137 : case IPA_HOST_SEARCH_BASE:
138 0 : class_name = "IPA_HOST";
139 0 : break;
140 : case IPA_SELINUX_SEARCH_BASE:
141 0 : class_name = "IPA_SELINUX";
142 0 : break;
143 : case IPA_SUBDOMAINS_SEARCH_BASE:
144 0 : class_name = "IPA_SUBDOMAINS";
145 0 : break;
146 : case IPA_MASTER_DOMAIN_SEARCH_BASE:
147 0 : class_name = "IPA_MASTER_DOMAIN";
148 0 : break;
149 : case IPA_RANGES_SEARCH_BASE:
150 0 : class_name = "IPA_RANGES";
151 0 : break;
152 : case IPA_VIEWS_SEARCH_BASE:
153 0 : class_name = "IPA_VIEWS";
154 0 : break;
155 : default:
156 0 : DEBUG(SSSDBG_CONF_SETTINGS,
157 : "Unknown search base type: [%d]\n", class);
158 0 : class_name = "UNKNOWN";
159 : /* Non-fatal */
160 0 : break;
161 : }
162 :
163 0 : unparsed_base = dp_opt_get_string(opts, class);
164 0 : if (!unparsed_base || unparsed_base[0] == '\0') return ENOENT;
165 :
166 0 : return common_parse_search_base(mem_ctx, unparsed_base,
167 : class_name, NULL,
168 : _search_bases);
169 : }
170 :
171 0 : int ipa_get_id_options(struct ipa_options *ipa_opts,
172 : struct confdb_ctx *cdb,
173 : const char *conf_path,
174 : struct sdap_options **_opts)
175 : {
176 : TALLOC_CTX *tmpctx;
177 : char *basedn;
178 : char *realm;
179 : char *value;
180 : int ret;
181 : int i;
182 :
183 0 : tmpctx = talloc_new(ipa_opts);
184 0 : if (!tmpctx) {
185 0 : return ENOMEM;
186 : }
187 :
188 0 : ipa_opts->id = talloc_zero(ipa_opts, struct sdap_options);
189 0 : if (!ipa_opts->id) {
190 0 : ret = ENOMEM;
191 0 : goto done;
192 : }
193 :
194 0 : ret = sdap_domain_add(ipa_opts->id,
195 0 : ipa_opts->id_ctx->sdap_id_ctx->be->domain,
196 : NULL);
197 0 : if (ret != EOK) {
198 0 : goto done;
199 : }
200 :
201 : /* get sdap options */
202 0 : ret = dp_get_options(ipa_opts->id, cdb, conf_path,
203 : ipa_def_ldap_opts,
204 : SDAP_OPTS_BASIC,
205 0 : &ipa_opts->id->basic);
206 0 : if (ret != EOK) {
207 0 : goto done;
208 : }
209 :
210 0 : ret = domain_to_basedn(tmpctx,
211 0 : dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM),
212 : &basedn);
213 0 : if (ret != EOK) {
214 0 : goto done;
215 : }
216 :
217 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE)) {
218 : /* FIXME: get values by querying IPA */
219 : /* set search base */
220 0 : value = talloc_asprintf(tmpctx, "cn=accounts,%s", basedn);
221 0 : if (!value) {
222 0 : ret = ENOMEM;
223 0 : goto done;
224 : }
225 0 : ret = dp_opt_set_string(ipa_opts->id->basic,
226 : SDAP_SEARCH_BASE, value);
227 0 : if (ret != EOK) {
228 0 : goto done;
229 : }
230 :
231 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
232 : ipa_opts->id->basic[SDAP_SEARCH_BASE].opt_name,
233 : dp_opt_get_string(ipa_opts->id->basic, SDAP_SEARCH_BASE));
234 : }
235 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
236 : SDAP_SEARCH_BASE,
237 0 : &ipa_opts->id->sdom->search_bases);
238 0 : if (ret != EOK) goto done;
239 :
240 : /* set krb realm */
241 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM)) {
242 0 : realm = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM);
243 0 : value = talloc_strdup(tmpctx, realm);
244 0 : if (value == NULL) {
245 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
246 0 : ret = ENOMEM;
247 0 : goto done;
248 : }
249 0 : ret = dp_opt_set_string(ipa_opts->id->basic,
250 : SDAP_KRB5_REALM, value);
251 0 : if (ret != EOK) {
252 0 : goto done;
253 : }
254 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
255 : ipa_opts->id->basic[SDAP_KRB5_REALM].opt_name,
256 : dp_opt_get_string(ipa_opts->id->basic, SDAP_KRB5_REALM));
257 : }
258 :
259 0 : ret = sdap_set_sasl_options(ipa_opts->id,
260 : dp_opt_get_string(ipa_opts->basic,
261 : IPA_HOSTNAME),
262 0 : dp_opt_get_string(ipa_opts->id->basic,
263 : SDAP_KRB5_REALM),
264 0 : dp_opt_get_string(ipa_opts->id->basic,
265 : SDAP_KRB5_KEYTAB));
266 0 : if (ret != EOK) {
267 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set the SASL-related options\n");
268 0 : goto done;
269 : }
270 :
271 : /* fix schema to IPAv1 for now */
272 0 : ipa_opts->id->schema_type = SDAP_SCHEMA_IPA_V1;
273 :
274 : /* set user/group search bases if they are not specified */
275 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
276 : SDAP_USER_SEARCH_BASE)) {
277 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_USER_SEARCH_BASE,
278 : dp_opt_get_string(ipa_opts->id->basic,
279 : SDAP_SEARCH_BASE));
280 0 : if (ret != EOK) {
281 0 : goto done;
282 : }
283 :
284 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
285 : ipa_opts->id->basic[SDAP_USER_SEARCH_BASE].opt_name,
286 : dp_opt_get_string(ipa_opts->id->basic,
287 : SDAP_USER_SEARCH_BASE));
288 : }
289 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
290 : SDAP_USER_SEARCH_BASE,
291 0 : &ipa_opts->id->sdom->user_search_bases);
292 0 : if (ret != EOK) goto done;
293 :
294 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
295 : SDAP_GROUP_SEARCH_BASE)) {
296 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_GROUP_SEARCH_BASE,
297 : dp_opt_get_string(ipa_opts->id->basic,
298 : SDAP_SEARCH_BASE));
299 0 : if (ret != EOK) {
300 0 : goto done;
301 : }
302 :
303 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
304 : ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
305 : dp_opt_get_string(ipa_opts->id->basic,
306 : SDAP_GROUP_SEARCH_BASE));
307 : }
308 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
309 : SDAP_GROUP_SEARCH_BASE,
310 0 : &ipa_opts->id->sdom->group_search_bases);
311 0 : if (ret != EOK) goto done;
312 :
313 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
314 : SDAP_NETGROUP_SEARCH_BASE)) {
315 0 : value = talloc_asprintf(tmpctx, "cn=ng,cn=alt,%s", basedn);
316 0 : if (!value) {
317 0 : ret = ENOMEM;
318 0 : goto done;
319 : }
320 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE,
321 : value);
322 0 : if (ret != EOK) {
323 0 : goto done;
324 : }
325 :
326 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
327 : ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
328 : dp_opt_get_string(ipa_opts->id->basic,
329 : SDAP_NETGROUP_SEARCH_BASE));
330 : }
331 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
332 : SDAP_NETGROUP_SEARCH_BASE,
333 0 : &ipa_opts->id->sdom->netgroup_search_bases);
334 0 : if (ret != EOK) goto done;
335 :
336 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
337 : IPA_HOST_SEARCH_BASE)) {
338 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE,
339 : dp_opt_get_string(ipa_opts->id->basic,
340 : SDAP_SEARCH_BASE));
341 0 : if (ret != EOK) {
342 0 : goto done;
343 : }
344 :
345 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
346 : ipa_opts->basic[IPA_HOST_SEARCH_BASE].opt_name,
347 : dp_opt_get_string(ipa_opts->basic,
348 : IPA_HOST_SEARCH_BASE));
349 : }
350 0 : ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
351 : IPA_HOST_SEARCH_BASE,
352 : &ipa_opts->host_search_bases);
353 0 : if (ret != EOK) goto done;
354 :
355 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
356 : IPA_HBAC_SEARCH_BASE)) {
357 0 : value = talloc_asprintf(tmpctx, "cn=hbac,%s", basedn);
358 0 : if (!value) {
359 0 : ret = ENOMEM;
360 0 : goto done;
361 : }
362 :
363 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_HBAC_SEARCH_BASE, value);
364 0 : if (ret != EOK) {
365 0 : goto done;
366 : }
367 :
368 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
369 : ipa_opts->basic[IPA_HBAC_SEARCH_BASE].opt_name,
370 : dp_opt_get_string(ipa_opts->basic,
371 : IPA_HBAC_SEARCH_BASE));
372 : }
373 0 : ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
374 : IPA_HBAC_SEARCH_BASE,
375 : &ipa_opts->hbac_search_bases);
376 0 : if (ret != EOK) goto done;
377 :
378 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
379 : IPA_SELINUX_SEARCH_BASE)) {
380 0 : value = talloc_asprintf(tmpctx, "cn=selinux,%s", basedn);
381 0 : if (!value) {
382 0 : ret = ENOMEM;
383 0 : goto done;
384 : }
385 :
386 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_SELINUX_SEARCH_BASE, value);
387 0 : if (ret != EOK) {
388 0 : goto done;
389 : }
390 :
391 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
392 : ipa_opts->basic[IPA_SELINUX_SEARCH_BASE].opt_name,
393 : dp_opt_get_string(ipa_opts->basic,
394 : IPA_SELINUX_SEARCH_BASE));
395 : }
396 0 : ret = ipa_parse_search_base(ipa_opts->basic, ipa_opts->basic,
397 : IPA_SELINUX_SEARCH_BASE,
398 : &ipa_opts->selinux_search_bases);
399 0 : if (ret != EOK) goto done;
400 :
401 0 : value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF);
402 0 : if (value != NULL) {
403 0 : ret = deref_string_to_val(value, &i);
404 0 : if (ret != EOK) {
405 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n");
406 0 : goto done;
407 : }
408 : }
409 :
410 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
411 : SDAP_SERVICE_SEARCH_BASE)) {
412 0 : ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE,
413 : dp_opt_get_string(ipa_opts->id->basic,
414 : SDAP_SEARCH_BASE));
415 0 : if (ret != EOK) {
416 0 : goto done;
417 : }
418 :
419 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
420 : ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
421 : dp_opt_get_string(ipa_opts->id->basic,
422 : SDAP_GROUP_SEARCH_BASE));
423 : }
424 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
425 : SDAP_SERVICE_SEARCH_BASE,
426 0 : &ipa_opts->id->sdom->service_search_bases);
427 0 : if (ret != EOK) goto done;
428 :
429 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
430 : IPA_SUBDOMAINS_SEARCH_BASE)) {
431 0 : value = talloc_asprintf(tmpctx, "cn=trusts,%s", basedn);
432 0 : if (value == NULL) {
433 0 : ret = ENOMEM;
434 0 : goto done;
435 : }
436 :
437 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_SUBDOMAINS_SEARCH_BASE, value);
438 0 : if (ret != EOK) {
439 0 : goto done;
440 : }
441 :
442 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
443 : ipa_opts->basic[IPA_SUBDOMAINS_SEARCH_BASE].opt_name,
444 : dp_opt_get_string(ipa_opts->basic,
445 : IPA_SUBDOMAINS_SEARCH_BASE));
446 : }
447 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
448 : IPA_SUBDOMAINS_SEARCH_BASE,
449 : &ipa_opts->subdomains_search_bases);
450 0 : if (ret != EOK) goto done;
451 :
452 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
453 : IPA_MASTER_DOMAIN_SEARCH_BASE)) {
454 0 : value = talloc_asprintf(tmpctx, "cn=ad,cn=etc,%s", basedn);
455 0 : if (value == NULL) {
456 0 : ret = ENOMEM;
457 0 : goto done;
458 : }
459 :
460 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_MASTER_DOMAIN_SEARCH_BASE, value);
461 0 : if (ret != EOK) {
462 0 : goto done;
463 : }
464 :
465 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
466 : ipa_opts->basic[IPA_MASTER_DOMAIN_SEARCH_BASE].opt_name,
467 : dp_opt_get_string(ipa_opts->basic,
468 : IPA_MASTER_DOMAIN_SEARCH_BASE));
469 : }
470 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
471 : IPA_MASTER_DOMAIN_SEARCH_BASE,
472 : &ipa_opts->master_domain_search_bases);
473 0 : if (ret != EOK) goto done;
474 :
475 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
476 : IPA_RANGES_SEARCH_BASE)) {
477 0 : value = talloc_asprintf(tmpctx, "cn=ranges,cn=etc,%s", basedn);
478 0 : if (value == NULL) {
479 0 : ret = ENOMEM;
480 0 : goto done;
481 : }
482 :
483 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_RANGES_SEARCH_BASE, value);
484 0 : if (ret != EOK) {
485 0 : goto done;
486 : }
487 :
488 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
489 : ipa_opts->basic[IPA_RANGES_SEARCH_BASE].opt_name,
490 : dp_opt_get_string(ipa_opts->basic,
491 : IPA_RANGES_SEARCH_BASE));
492 : }
493 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
494 : IPA_RANGES_SEARCH_BASE,
495 : &ipa_opts->ranges_search_bases);
496 0 : if (ret != EOK) goto done;
497 :
498 0 : if (NULL == dp_opt_get_string(ipa_opts->basic,
499 : IPA_VIEWS_SEARCH_BASE)) {
500 0 : value = talloc_asprintf(tmpctx, "cn=views,cn=accounts,%s", basedn);
501 0 : if (value == NULL) {
502 0 : ret = ENOMEM;
503 0 : goto done;
504 : }
505 :
506 0 : ret = dp_opt_set_string(ipa_opts->basic, IPA_VIEWS_SEARCH_BASE, value);
507 0 : if (ret != EOK) {
508 0 : goto done;
509 : }
510 :
511 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
512 : ipa_opts->basic[IPA_VIEWS_SEARCH_BASE].opt_name,
513 : dp_opt_get_string(ipa_opts->basic,
514 : IPA_VIEWS_SEARCH_BASE));
515 : }
516 0 : ret = ipa_parse_search_base(ipa_opts, ipa_opts->basic,
517 : IPA_VIEWS_SEARCH_BASE,
518 : &ipa_opts->views_search_bases);
519 0 : if (ret != EOK) goto done;
520 :
521 0 : ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
522 : ipa_attr_map,
523 : SDAP_AT_GENERAL,
524 0 : &ipa_opts->id->gen_map);
525 0 : if (ret != EOK) {
526 0 : goto done;
527 : }
528 :
529 0 : ret = sdap_get_map(ipa_opts->id,
530 : cdb, conf_path,
531 : ipa_user_map,
532 : SDAP_OPTS_USER,
533 0 : &ipa_opts->id->user_map);
534 0 : if (ret != EOK) {
535 0 : goto done;
536 : }
537 :
538 0 : ret = sdap_extend_map_with_list(ipa_opts->id, ipa_opts->id,
539 : SDAP_USER_EXTRA_ATTRS,
540 0 : ipa_opts->id->user_map,
541 : SDAP_OPTS_USER,
542 0 : &ipa_opts->id->user_map,
543 0 : &ipa_opts->id->user_map_cnt);
544 0 : if (ret != EOK) {
545 0 : goto done;
546 : }
547 :
548 0 : ret = sdap_get_map(ipa_opts->id,
549 : cdb, conf_path,
550 : ipa_group_map,
551 : SDAP_OPTS_GROUP,
552 0 : &ipa_opts->id->group_map);
553 0 : if (ret != EOK) {
554 0 : goto done;
555 : }
556 :
557 0 : ret = sdap_get_map(ipa_opts->id,
558 : cdb, conf_path,
559 : ipa_netgroup_map,
560 : IPA_OPTS_NETGROUP,
561 0 : &ipa_opts->id->netgroup_map);
562 0 : if (ret != EOK) {
563 0 : goto done;
564 : }
565 :
566 0 : ret = sdap_get_map(ipa_opts->id,
567 : cdb, conf_path,
568 : ipa_host_map,
569 : IPA_OPTS_HOST,
570 : &ipa_opts->host_map);
571 0 : if (ret != EOK) {
572 0 : goto done;
573 : }
574 :
575 0 : ret = sdap_get_map(ipa_opts->id,
576 : cdb, conf_path,
577 : ipa_hostgroup_map,
578 : IPA_OPTS_HOSTGROUP,
579 : &ipa_opts->hostgroup_map);
580 0 : if (ret != EOK) {
581 0 : goto done;
582 : }
583 :
584 0 : ret = sdap_get_map(ipa_opts->id,
585 : cdb, conf_path,
586 : ipa_service_map,
587 : SDAP_OPTS_SERVICES,
588 0 : &ipa_opts->id->service_map);
589 0 : if (ret != EOK) {
590 0 : goto done;
591 : }
592 :
593 0 : ret = sdap_get_map(ipa_opts->id,
594 : cdb, conf_path,
595 : ipa_selinux_user_map,
596 : IPA_OPTS_SELINUX_USERMAP,
597 : &ipa_opts->selinuxuser_map);
598 0 : if (ret != EOK) {
599 0 : goto done;
600 : }
601 :
602 0 : ret = sdap_get_map(ipa_opts->id,
603 : cdb, conf_path,
604 : ipa_view_map,
605 : IPA_OPTS_VIEW,
606 : &ipa_opts->view_map);
607 0 : if (ret != EOK) {
608 0 : goto done;
609 : }
610 :
611 0 : ret = sdap_get_map(ipa_opts->id,
612 : cdb, conf_path,
613 : ipa_override_map,
614 : IPA_OPTS_OVERRIDE,
615 : &ipa_opts->override_map);
616 0 : if (ret != EOK) {
617 0 : goto done;
618 : }
619 :
620 0 : ret = EOK;
621 0 : *_opts = ipa_opts->id;
622 :
623 : done:
624 0 : talloc_zfree(tmpctx);
625 0 : if (ret != EOK) {
626 0 : talloc_zfree(ipa_opts->id);
627 : }
628 0 : return ret;
629 : }
630 :
631 0 : int ipa_get_auth_options(struct ipa_options *ipa_opts,
632 : struct confdb_ctx *cdb,
633 : const char *conf_path,
634 : struct dp_option **_opts)
635 : {
636 : char *value;
637 0 : char *copy = NULL;
638 : int ret;
639 :
640 0 : ipa_opts->auth = talloc_zero(ipa_opts, struct dp_option);
641 0 : if (ipa_opts->auth == NULL) {
642 0 : ret = ENOMEM;
643 0 : goto done;
644 : }
645 :
646 : /* get krb5 options */
647 0 : ret = dp_get_options(ipa_opts, cdb, conf_path,
648 : ipa_def_krb5_opts,
649 : KRB5_OPTS, &ipa_opts->auth);
650 0 : if (ret != EOK) {
651 0 : goto done;
652 : }
653 :
654 : /* If there is no KDC, try the deprecated krb5_kdcip option, too */
655 : /* FIXME - this can be removed in a future version */
656 0 : ret = krb5_try_kdcip(cdb, conf_path, ipa_opts->auth, KRB5_KDC);
657 0 : if (ret != EOK) {
658 0 : DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
659 0 : goto done;
660 : }
661 :
662 : /* set krb realm */
663 0 : if (NULL == dp_opt_get_string(ipa_opts->auth, KRB5_REALM)) {
664 0 : value = dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM);
665 0 : if (!value) {
666 0 : ret = ENOMEM;
667 0 : goto done;
668 : }
669 0 : copy = talloc_strdup(ipa_opts->auth, value);
670 0 : if (copy == NULL) {
671 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup failed.\n");
672 0 : ret = ENOMEM;
673 0 : goto done;
674 : }
675 0 : ret = dp_opt_set_string(ipa_opts->auth, KRB5_REALM, copy);
676 0 : if (ret != EOK) {
677 0 : goto done;
678 : }
679 0 : DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
680 : ipa_opts->auth[KRB5_REALM].opt_name,
681 : dp_opt_get_string(ipa_opts->auth, KRB5_REALM));
682 : }
683 :
684 : /* If krb5_fast_principal was not set explicitly, default to
685 : * host/$client_hostname@REALM
686 : */
687 0 : value = dp_opt_get_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL);
688 0 : if (value == NULL) {
689 0 : value = talloc_asprintf(ipa_opts->auth, "host/%s@%s",
690 : dp_opt_get_string(ipa_opts->basic,
691 : IPA_HOSTNAME),
692 : dp_opt_get_string(ipa_opts->auth,
693 : KRB5_REALM));
694 0 : if (value == NULL) {
695 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n",
696 : ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name);
697 0 : ret = ENOMEM;
698 0 : goto done;
699 : }
700 :
701 0 : ret = dp_opt_set_string(ipa_opts->auth, KRB5_FAST_PRINCIPAL,
702 : value);
703 0 : if (ret != EOK) {
704 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Cannot set %s!\n",
705 : ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name);
706 0 : goto done;
707 : }
708 :
709 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
710 : ipa_opts->auth[KRB5_FAST_PRINCIPAL].opt_name, value);
711 : }
712 :
713 : /* Set flag that controls whether we want to write the
714 : * kdcinfo files at all
715 : */
716 0 : ipa_opts->service->krb5_service->write_kdcinfo = \
717 0 : dp_opt_get_bool(ipa_opts->auth, KRB5_USE_KDCINFO);
718 0 : DEBUG(SSSDBG_CONF_SETTINGS, "Option %s set to %s\n",
719 : ipa_opts->auth[KRB5_USE_KDCINFO].opt_name,
720 : ipa_opts->service->krb5_service->write_kdcinfo ? "true" : "false");
721 :
722 0 : *_opts = ipa_opts->auth;
723 0 : ret = EOK;
724 :
725 : done:
726 0 : talloc_free(copy);
727 0 : if (ret != EOK) {
728 0 : talloc_zfree(ipa_opts->auth);
729 : }
730 0 : return ret;
731 : }
732 :
733 0 : static void ipa_resolve_callback(void *private_data, struct fo_server *server)
734 : {
735 0 : TALLOC_CTX *tmp_ctx = NULL;
736 : struct ipa_service *service;
737 : struct resolv_hostent *srvaddr;
738 : struct sockaddr_storage *sockaddr;
739 : char *address;
740 : const char *safe_address;
741 : char *new_uri;
742 : const char *srv_name;
743 : int ret;
744 :
745 0 : tmp_ctx = talloc_new(NULL);
746 0 : if (tmp_ctx == NULL) {
747 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed\n");
748 0 : return;
749 : }
750 :
751 0 : service = talloc_get_type(private_data, struct ipa_service);
752 0 : if (!service) {
753 0 : DEBUG(SSSDBG_CRIT_FAILURE, "FATAL: Bad private_data\n");
754 0 : talloc_free(tmp_ctx);
755 0 : return;
756 : }
757 :
758 0 : srvaddr = fo_get_server_hostent(server);
759 0 : if (!srvaddr) {
760 0 : DEBUG(SSSDBG_CRIT_FAILURE,
761 : "FATAL: No hostent available for server (%s)\n",
762 : fo_get_server_str_name(server));
763 0 : talloc_free(tmp_ctx);
764 0 : return;
765 : }
766 :
767 0 : sockaddr = resolv_get_sockaddr_address(tmp_ctx, srvaddr, LDAP_PORT);
768 0 : if (sockaddr == NULL) {
769 0 : DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_sockaddr_address failed.\n");
770 0 : talloc_free(tmp_ctx);
771 0 : return;
772 : }
773 :
774 0 : address = resolv_get_string_address(tmp_ctx, srvaddr);
775 0 : if (address == NULL) {
776 0 : DEBUG(SSSDBG_CRIT_FAILURE, "resolv_get_string_address failed.\n");
777 0 : talloc_free(tmp_ctx);
778 0 : return;
779 : }
780 :
781 0 : srv_name = fo_get_server_name(server);
782 0 : if (srv_name == NULL) {
783 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Could not get server host name\n");
784 0 : talloc_free(tmp_ctx);
785 0 : return;
786 : }
787 :
788 0 : new_uri = talloc_asprintf(service, "ldap://%s", srv_name);
789 0 : if (!new_uri) {
790 0 : DEBUG(SSSDBG_OP_FAILURE, "Failed to copy URI ...\n");
791 0 : talloc_free(tmp_ctx);
792 0 : return;
793 : }
794 0 : DEBUG(SSSDBG_TRACE_FUNC, "Constructed uri '%s'\n", new_uri);
795 :
796 : /* free old one and replace with new one */
797 0 : talloc_zfree(service->sdap->uri);
798 0 : service->sdap->uri = new_uri;
799 0 : talloc_zfree(service->sdap->sockaddr);
800 0 : service->sdap->sockaddr = talloc_steal(service, sockaddr);
801 :
802 0 : if (service->krb5_service->write_kdcinfo) {
803 0 : safe_address = sss_escape_ip_address(tmp_ctx,
804 : srvaddr->family,
805 : address);
806 0 : if (safe_address == NULL) {
807 0 : DEBUG(SSSDBG_CRIT_FAILURE, "sss_escape_ip_address failed.\n");
808 0 : talloc_free(tmp_ctx);
809 0 : return;
810 : }
811 :
812 0 : ret = write_krb5info_file(service->krb5_service->realm, safe_address,
813 : SSS_KRB5KDC_FO_SRV);
814 0 : if (ret != EOK) {
815 0 : DEBUG(SSSDBG_OP_FAILURE,
816 : "write_krb5info_file failed, authentication might fail.\n");
817 : }
818 : }
819 :
820 0 : talloc_free(tmp_ctx);
821 : }
822 :
823 0 : static errno_t _ipa_servers_init(struct be_ctx *ctx,
824 : struct ipa_service *service,
825 : struct ipa_options *options,
826 : const char *servers,
827 : bool primary)
828 : {
829 : TALLOC_CTX *tmp_ctx;
830 0 : char **list = NULL;
831 : char *ipa_domain;
832 0 : int ret = 0;
833 : int i;
834 :
835 0 : tmp_ctx = talloc_new(NULL);
836 0 : if (!tmp_ctx) {
837 0 : return ENOMEM;
838 : }
839 :
840 : /* split server parm into a list */
841 0 : ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL);
842 0 : if (ret != EOK) {
843 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n");
844 0 : goto done;
845 : }
846 :
847 : /* now for each one add a new server to the failover service */
848 0 : for (i = 0; list[i]; i++) {
849 :
850 0 : talloc_steal(service, list[i]);
851 :
852 0 : if (be_fo_is_srv_identifier(list[i])) {
853 0 : if (!primary) {
854 0 : DEBUG(SSSDBG_MINOR_FAILURE,
855 : "Failed to add server [%s] to failover service: "
856 : "SRV resolution only allowed for primary servers!\n",
857 : list[i]);
858 0 : continue;
859 : }
860 :
861 0 : ipa_domain = dp_opt_get_string(options->basic, IPA_DOMAIN);
862 0 : ret = be_fo_add_srv_server(ctx, "IPA", "ldap", ipa_domain,
863 : BE_FO_PROTO_TCP, false, NULL);
864 0 : if (ret) {
865 0 : DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n");
866 0 : goto done;
867 : }
868 :
869 0 : DEBUG(SSSDBG_TRACE_FUNC, "Added service lookup for service IPA\n");
870 0 : continue;
871 : }
872 :
873 : /* It could be ipv6 address in square brackets. Remove
874 : * the brackets if needed. */
875 0 : ret = remove_ipv6_brackets(list[i]);
876 0 : if (ret != EOK) {
877 0 : goto done;
878 : }
879 :
880 0 : ret = be_fo_add_server(ctx, "IPA", list[i], 0, NULL, primary);
881 0 : if (ret && ret != EEXIST) {
882 0 : DEBUG(SSSDBG_FATAL_FAILURE, "Failed to add server\n");
883 0 : goto done;
884 : }
885 :
886 0 : DEBUG(SSSDBG_TRACE_FUNC, "Added Server %s\n", list[i]);
887 : }
888 :
889 : done:
890 0 : talloc_free(tmp_ctx);
891 0 : return ret;
892 : }
893 :
894 : static inline errno_t
895 0 : ipa_primary_servers_init(struct be_ctx *ctx, struct ipa_service *service,
896 : struct ipa_options *options, const char *servers)
897 : {
898 0 : return _ipa_servers_init(ctx, service, options, servers, true);
899 : }
900 :
901 : static inline errno_t
902 0 : ipa_backup_servers_init(struct be_ctx *ctx, struct ipa_service *service,
903 : struct ipa_options *options, const char *servers)
904 : {
905 0 : return _ipa_servers_init(ctx, service, options, servers, false);
906 : }
907 :
908 0 : static int ipa_user_data_cmp(void *ud1, void *ud2)
909 : {
910 0 : return strcasecmp((char*) ud1, (char*) ud2);
911 : }
912 :
913 0 : int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
914 : const char *primary_servers,
915 : const char *backup_servers,
916 : struct ipa_options *options,
917 : struct ipa_service **_service)
918 : {
919 : TALLOC_CTX *tmp_ctx;
920 : struct ipa_service *service;
921 : char *realm;
922 : int ret;
923 :
924 0 : tmp_ctx = talloc_new(NULL);
925 0 : if (!tmp_ctx) {
926 0 : return ENOMEM;
927 : }
928 :
929 0 : service = talloc_zero(tmp_ctx, struct ipa_service);
930 0 : if (!service) {
931 0 : ret = ENOMEM;
932 0 : goto done;
933 : }
934 0 : service->sdap = talloc_zero(service, struct sdap_service);
935 0 : if (!service->sdap) {
936 0 : ret = ENOMEM;
937 0 : goto done;
938 : }
939 0 : service->krb5_service = talloc_zero(service, struct krb5_service);
940 0 : if (!service->krb5_service) {
941 0 : ret = ENOMEM;
942 0 : goto done;
943 : }
944 :
945 0 : ret = be_fo_add_service(ctx, "IPA", ipa_user_data_cmp);
946 0 : if (ret != EOK) {
947 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create failover service!\n");
948 0 : goto done;
949 : }
950 :
951 0 : service->sdap->name = talloc_strdup(service, "IPA");
952 0 : if (!service->sdap->name) {
953 0 : ret = ENOMEM;
954 0 : goto done;
955 : }
956 :
957 0 : service->krb5_service->name = talloc_strdup(service, "IPA");
958 0 : if (!service->krb5_service->name) {
959 0 : ret = ENOMEM;
960 0 : goto done;
961 : }
962 0 : service->sdap->kinit_service_name = service->krb5_service->name;
963 :
964 0 : realm = dp_opt_get_string(options->basic, IPA_KRB5_REALM);
965 0 : if (!realm) {
966 0 : DEBUG(SSSDBG_CRIT_FAILURE, "No Kerberos realm set\n");
967 0 : ret = EINVAL;
968 0 : goto done;
969 : }
970 0 : service->krb5_service->realm =
971 0 : talloc_strdup(service->krb5_service, realm);
972 0 : if (!service->krb5_service->realm) {
973 0 : ret = ENOMEM;
974 0 : goto done;
975 : }
976 :
977 0 : if (!primary_servers) {
978 0 : DEBUG(SSSDBG_CONF_SETTINGS,
979 : "No primary servers defined, using service discovery\n");
980 0 : primary_servers = BE_SRV_IDENTIFIER;
981 : }
982 :
983 0 : ret = ipa_primary_servers_init(ctx, service, options, primary_servers);
984 0 : if (ret != EOK) {
985 0 : goto done;
986 : }
987 :
988 0 : if (backup_servers) {
989 0 : ret = ipa_backup_servers_init(ctx, service, options, backup_servers);
990 0 : if (ret != EOK) {
991 0 : goto done;
992 : }
993 : }
994 :
995 0 : ret = be_fo_service_add_callback(memctx, ctx, "IPA",
996 : ipa_resolve_callback, service);
997 0 : if (ret != EOK) {
998 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Failed to add failover callback!\n");
999 0 : goto done;
1000 : }
1001 :
1002 0 : ret = EOK;
1003 :
1004 : done:
1005 0 : if (ret == EOK) {
1006 0 : *_service = talloc_steal(memctx, service);
1007 : }
1008 0 : talloc_zfree(tmp_ctx);
1009 0 : return ret;
1010 : }
1011 :
1012 0 : int ipa_get_autofs_options(struct ipa_options *ipa_opts,
1013 : struct confdb_ctx *cdb,
1014 : const char *conf_path,
1015 : struct sdap_options **_opts)
1016 : {
1017 : TALLOC_CTX *tmp_ctx;
1018 : char *basedn;
1019 : char *autofs_base;
1020 : errno_t ret;
1021 :
1022 0 : tmp_ctx = talloc_new(NULL);
1023 0 : if (!tmp_ctx) {
1024 0 : return ENOMEM;
1025 : }
1026 :
1027 0 : ret = domain_to_basedn(tmp_ctx,
1028 0 : dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM),
1029 : &basedn);
1030 0 : if (ret != EOK) {
1031 0 : goto done;
1032 : }
1033 :
1034 0 : if (NULL == dp_opt_get_string(ipa_opts->id->basic,
1035 : SDAP_AUTOFS_SEARCH_BASE)) {
1036 :
1037 0 : autofs_base = talloc_asprintf(tmp_ctx, "cn=%s,cn=automount,%s",
1038 : dp_opt_get_string(ipa_opts->basic,
1039 : IPA_AUTOMOUNT_LOCATION),
1040 : basedn);
1041 0 : if (!autofs_base) {
1042 0 : ret = ENOMEM;
1043 0 : goto done;
1044 : }
1045 :
1046 0 : ret = dp_opt_set_string(ipa_opts->id->basic,
1047 : SDAP_AUTOFS_SEARCH_BASE,
1048 : autofs_base);
1049 0 : if (ret != EOK) {
1050 0 : goto done;
1051 : }
1052 :
1053 0 : DEBUG(SSSDBG_TRACE_LIBS, "Option %s set to %s\n",
1054 : ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name,
1055 : dp_opt_get_string(ipa_opts->id->basic,
1056 : SDAP_AUTOFS_SEARCH_BASE));
1057 : }
1058 :
1059 0 : ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
1060 : SDAP_AUTOFS_SEARCH_BASE,
1061 0 : &ipa_opts->id->sdom->autofs_search_bases);
1062 0 : if (ret != EOK && ret != ENOENT) {
1063 0 : DEBUG(SSSDBG_OP_FAILURE, "Could not parse autofs search base\n");
1064 0 : goto done;
1065 : }
1066 :
1067 0 : ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
1068 : ipa_autofs_mobject_map,
1069 : SDAP_OPTS_AUTOFS_MAP,
1070 0 : &ipa_opts->id->autofs_mobject_map);
1071 0 : if (ret != EOK) {
1072 0 : DEBUG(SSSDBG_OP_FAILURE,
1073 : "Could not get autofs map object attribute map\n");
1074 0 : goto done;
1075 : }
1076 :
1077 0 : ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
1078 : ipa_autofs_entry_map,
1079 : SDAP_OPTS_AUTOFS_ENTRY,
1080 0 : &ipa_opts->id->autofs_entry_map);
1081 0 : if (ret != EOK) {
1082 0 : DEBUG(SSSDBG_OP_FAILURE,
1083 : "Could not get autofs entry object attribute map\n");
1084 0 : goto done;
1085 : }
1086 :
1087 0 : *_opts = ipa_opts->id;
1088 0 : ret = EOK;
1089 : done:
1090 0 : talloc_free(tmp_ctx);
1091 0 : return ret;
1092 : }
1093 :
1094 0 : errno_t ipa_get_dyndns_options(struct be_ctx *be_ctx,
1095 : struct ipa_options *ctx)
1096 : {
1097 : errno_t ret;
1098 : char *val;
1099 : bool update;
1100 : int ttl;
1101 :
1102 0 : ret = be_nsupdate_init(ctx, be_ctx, ipa_dyndns_opts, &ctx->dyndns_ctx);
1103 0 : if (ret != EOK) {
1104 0 : DEBUG(SSSDBG_OP_FAILURE,
1105 : "Cannot initialize IPA dyndns opts [%d]: %s\n",
1106 : ret, sss_strerror(ret));
1107 0 : return ret;
1108 : }
1109 :
1110 0 : if (ctx->basic == NULL) {
1111 0 : DEBUG(SSSDBG_MINOR_FAILURE, "IPA basic options not (yet) "
1112 : "initialized, cannot copy legacy options\n");
1113 0 : return EOK;
1114 : }
1115 :
1116 : /* Reuse legacy option values */
1117 0 : ret = confdb_get_string(be_ctx->cdb, ctx, be_ctx->conf_path,
1118 : "ipa_dyndns_update", NULL, &val);
1119 0 : if (ret != EOK) {
1120 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot get the value of %s\n",
1121 : "ipa_dyndns_update");
1122 : /* Not fatal */
1123 0 : } else if (ret == EOK && val) {
1124 0 : if (strcasecmp(val, "FALSE") == 0) {
1125 0 : update = false;
1126 0 : } else if (strcasecmp(val, "TRUE") == 0) {
1127 0 : update = true;
1128 : } else {
1129 0 : DEBUG(SSSDBG_MINOR_FAILURE,
1130 : "ipa_dyndns_update value is not a boolean!\n");
1131 0 : talloc_free(val);
1132 0 : return EINVAL;
1133 : }
1134 :
1135 0 : DEBUG(SSSDBG_MINOR_FAILURE, "Deprecation warning: The option %s is "
1136 : "deprecated and should not be used in favor of %s\n",
1137 : "ipa_dyndns_update", "dyndns_update");
1138 :
1139 0 : ret = dp_opt_set_bool(ctx->dyndns_ctx->opts,
1140 : DP_OPT_DYNDNS_UPDATE, update);
1141 0 : talloc_free(val);
1142 0 : if (ret != EOK) {
1143 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set option value\n");
1144 0 : return ret;
1145 : }
1146 : }
1147 :
1148 0 : ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path,
1149 : "ipa_dyndns_ttl", -1, &ttl);
1150 0 : if (ret != EOK) {
1151 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot get the value of %s\n",
1152 : "ipa_dyndns_ttl");
1153 : /* Not fatal */
1154 0 : } else if (ret == EOK && ttl != -1) {
1155 0 : DEBUG(SSSDBG_MINOR_FAILURE, "Deprecation warning: The option %s is "
1156 : "deprecated and should not be used in favor of %s\n",
1157 : "ipa_dyndns_ttl", "dyndns_ttl");
1158 :
1159 0 : ret = dp_opt_set_int(ctx->dyndns_ctx->opts, DP_OPT_DYNDNS_TTL, ttl);
1160 0 : if (ret != EOK) {
1161 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set option value\n");
1162 0 : return ret;
1163 : }
1164 : }
1165 :
1166 : /* Reuse legacy option values */
1167 0 : ret = confdb_get_string(be_ctx->cdb, ctx, be_ctx->conf_path,
1168 : "ipa_dyndns_iface", NULL, &val);
1169 0 : if (ret != EOK) {
1170 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot get the value of %s\n",
1171 : "ipa_dyndns_iface");
1172 : /* Not fatal */
1173 0 : } else if (ret == EOK && val) {
1174 0 : DEBUG(SSSDBG_MINOR_FAILURE, "Deprecation warning: The option %s is "
1175 : "deprecated and should not be used in favor of %s\n",
1176 : "ipa_dyndns_iface", "dyndns_iface");
1177 :
1178 0 : ret = dp_opt_set_string(ctx->dyndns_ctx->opts,
1179 : DP_OPT_DYNDNS_IFACE, val);
1180 0 : if (ret != EOK) {
1181 0 : DEBUG(SSSDBG_OP_FAILURE, "Cannot set option value\n");
1182 0 : return ret;
1183 : }
1184 : }
1185 :
1186 0 : return EOK;
1187 : }
|
