Line data Source code
1 : /*
2 : Authors:
3 : Sumit Bose <sbose@redhat.com>
4 :
5 : Copyright (C) 2012 Red Hat
6 :
7 : This program is free software; you can redistribute it and/or modify
8 : it under the terms of the GNU General Public License as published by
9 : the Free Software Foundation; either version 3 of the License, or
10 : (at your option) any later version.
11 :
12 : This program is distributed in the hope that it will be useful,
13 : but WITHOUT ANY WARRANTY; without even the implied warranty of
14 : MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 : GNU General Public License for more details.
16 :
17 : You should have received a copy of the GNU General Public License
18 : along with this program. If not, see <http://www.gnu.org/licenses/>.
19 : */
20 :
21 : #include <utime.h>
22 :
23 : #include "confdb/confdb.h"
24 : #include "db/sysdb.h"
25 : #include "util/util.h"
26 :
27 1 : struct sss_domain_info *get_domains_head(struct sss_domain_info *domain)
28 : {
29 1 : struct sss_domain_info *dom = NULL;
30 :
31 : /* get to the top level domain */
32 1 : for (dom = domain; dom->parent != NULL; dom = dom->parent);
33 :
34 1 : return dom;
35 : }
36 :
37 1716 : struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
38 : uint32_t gnd_flags)
39 : {
40 : struct sss_domain_info *dom;
41 1716 : bool descend = gnd_flags & SSS_GND_DESCEND;
42 1716 : bool include_disabled = gnd_flags & SSS_GND_INCLUDE_DISABLED;
43 :
44 1716 : dom = domain;
45 3953 : while (dom) {
46 1754 : if (descend && dom->subdomains) {
47 104 : dom = dom->subdomains;
48 1650 : } else if (dom->next) {
49 1118 : dom = dom->next;
50 532 : } else if (descend && IS_SUBDOMAIN(dom) && dom->parent->next) {
51 49 : dom = dom->parent->next;
52 : } else {
53 483 : dom = NULL;
54 : }
55 :
56 1754 : if (dom) {
57 1271 : if (sss_domain_get_state(dom) == DOM_DISABLED
58 42 : && !include_disabled) {
59 38 : continue;
60 : } else {
61 : /* Next domain found. */
62 : break;
63 : }
64 : }
65 : }
66 :
67 1716 : return dom;
68 : }
69 :
70 0 : bool subdomain_enumerates(struct sss_domain_info *parent,
71 : const char *sd_name)
72 : {
73 0 : if (parent->sd_enumerate == NULL
74 0 : || parent->sd_enumerate[0] == NULL) {
75 0 : DEBUG(SSSDBG_MINOR_FAILURE,
76 : "Subdomain_enumerate not set\n");
77 0 : return false;
78 : }
79 :
80 0 : if (strcasecmp(parent->sd_enumerate[0], "all") == 0) {
81 0 : return true;
82 0 : } else if (strcasecmp(parent->sd_enumerate[0], "none") == 0) {
83 0 : return false;
84 : } else {
85 0 : for (int i=0; parent->sd_enumerate[i]; i++) {
86 0 : if (strcasecmp(parent->sd_enumerate[i], sd_name) == 0) {
87 0 : return true;
88 : }
89 : }
90 : }
91 :
92 0 : return false;
93 : }
94 :
95 189 : struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain,
96 : const char *name,
97 : bool match_any)
98 : {
99 189 : struct sss_domain_info *dom = domain;
100 :
101 189 : if (name == NULL) {
102 2 : return NULL;
103 : }
104 :
105 374 : while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
106 0 : dom = get_next_domain(dom, SSS_GND_DESCEND);
107 : }
108 1177 : while (dom) {
109 934 : if (strcasecmp(dom->name, name) == 0 ||
110 736 : ((match_any == true) && (dom->flat_name != NULL) &&
111 332 : (strcasecmp(dom->flat_name, name) == 0))) {
112 131 : return dom;
113 : }
114 803 : dom = get_next_domain(dom, SSS_GND_DESCEND);
115 : }
116 :
117 56 : return NULL;
118 : }
119 :
120 33 : struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
121 : const char *sid)
122 : {
123 33 : struct sss_domain_info *dom = domain;
124 : size_t sid_len;
125 : size_t dom_sid_len;
126 :
127 33 : if (sid == NULL) {
128 2 : return NULL;
129 : }
130 :
131 31 : sid_len = strlen(sid);
132 :
133 62 : while (dom && sss_domain_get_state(dom) == DOM_DISABLED) {
134 0 : dom = get_next_domain(dom, SSS_GND_DESCEND);
135 : }
136 :
137 202 : while (dom) {
138 168 : if (dom->domain_id != NULL) {
139 163 : dom_sid_len = strlen(dom->domain_id);
140 :
141 163 : if (strncasecmp(dom->domain_id, sid, dom_sid_len) == 0) {
142 28 : if (dom_sid_len == sid_len) {
143 : /* sid is domain sid */
144 28 : return dom;
145 : }
146 :
147 : /* sid is object sid, check if domain sid is align with
148 : * sid first subauthority component */
149 0 : if (sid[dom_sid_len] == '-') {
150 0 : return dom;
151 : }
152 : }
153 : }
154 :
155 140 : dom = get_next_domain(dom, SSS_GND_DESCEND);
156 : }
157 :
158 3 : return NULL;
159 : }
160 :
161 : struct sss_domain_info*
162 0 : sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain,
163 : const char* sid)
164 : {
165 : /* LDAP provider doesn't know about sub-domains and hence can only
166 : * have one configured domain
167 : */
168 0 : if (strcmp(domain->provider, "ldap") == 0) {
169 0 : return domain;
170 : } else {
171 0 : return find_domain_by_sid(get_domains_head(domain), sid);
172 : }
173 : }
174 :
175 : struct sss_domain_info *
176 42 : find_domain_by_object_name(struct sss_domain_info *domain,
177 : const char *object_name)
178 : {
179 : TALLOC_CTX *tmp_ctx;
180 42 : struct sss_domain_info *dom = NULL;
181 42 : char *domainname = NULL;
182 : errno_t ret;
183 :
184 42 : tmp_ctx = talloc_new(NULL);
185 42 : if (tmp_ctx == NULL) {
186 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
187 0 : return NULL;
188 : }
189 :
190 42 : ret = sss_parse_name(tmp_ctx, domain->names, object_name,
191 : &domainname, NULL);
192 42 : if (ret != EOK) {
193 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name '%s' [%d]: %s\n",
194 : object_name, ret, sss_strerror(ret));
195 0 : goto done;
196 : }
197 :
198 42 : if (domainname == NULL) {
199 42 : dom = domain;
200 : } else {
201 0 : dom = find_domain_by_name(domain, domainname, true);
202 : }
203 :
204 : done:
205 42 : talloc_free(tmp_ctx);
206 42 : return dom;
207 : }
208 :
209 1161 : errno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
210 : struct confdb_ctx *cdb,
211 : const char *domain_name,
212 : const char *db_path,
213 : struct sss_domain_info **_domain)
214 : {
215 : int ret;
216 : struct sss_domain_info *dom;
217 : struct sysdb_ctx *sysdb;
218 :
219 1161 : ret = confdb_get_domain(cdb, domain_name, &dom);
220 1161 : if (ret != EOK) {
221 0 : DEBUG(SSSDBG_OP_FAILURE, "Error retrieving domain configuration.\n");
222 0 : return ret;
223 : }
224 :
225 1161 : if (dom->sysdb != NULL) {
226 0 : DEBUG(SSSDBG_OP_FAILURE, "Sysdb context already initialized.\n");
227 0 : return EEXIST;
228 : }
229 :
230 1161 : ret = sysdb_domain_init(mem_ctx, dom, db_path, &sysdb);
231 1161 : if (ret != EOK) {
232 0 : DEBUG(SSSDBG_OP_FAILURE, "Error opening cache database.\n");
233 0 : return ret;
234 : }
235 :
236 1161 : dom->sysdb = talloc_steal(dom, sysdb);
237 :
238 1161 : *_domain = dom;
239 :
240 1161 : return EOK;
241 : }
242 :
243 : static errno_t
244 2 : sss_krb5_touch_config(void)
245 : {
246 2 : const char *config = NULL;
247 : errno_t ret;
248 :
249 2 : config = getenv("KRB5_CONFIG");
250 2 : if (config == NULL) {
251 2 : config = KRB5_CONF_PATH;
252 : }
253 :
254 2 : ret = utime(config, NULL);
255 2 : if (ret == -1) {
256 2 : ret = errno;
257 2 : DEBUG(SSSDBG_CRIT_FAILURE, "Unable to change mtime of \"%s\" "
258 : "[%d]: %s\n", config, ret, strerror(ret));
259 2 : return ret;
260 : }
261 :
262 0 : return EOK;
263 : }
264 :
265 : errno_t
266 0 : sss_write_domain_mappings(struct sss_domain_info *domain)
267 : {
268 : struct sss_domain_info *dom;
269 : struct sss_domain_info *parent_dom;
270 : errno_t ret;
271 : errno_t err;
272 : TALLOC_CTX *tmp_ctx;
273 : const char *mapping_file;
274 : char *sanitized_domain;
275 0 : char *tmp_file = NULL;
276 0 : int fd = -1;
277 : mode_t old_mode;
278 0 : FILE *fstream = NULL;
279 : int i;
280 0 : bool capaths_started = false;
281 : char *uc_forest;
282 : char *uc_parent;
283 :
284 0 : if (domain == NULL || domain->name == NULL) {
285 0 : DEBUG(SSSDBG_CRIT_FAILURE, "No domain name provided\n");
286 0 : return EINVAL;
287 : }
288 :
289 0 : tmp_ctx = talloc_new(NULL);
290 0 : if (!tmp_ctx) return ENOMEM;
291 :
292 0 : sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
293 0 : if (sanitized_domain == NULL) {
294 0 : DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n");
295 0 : return ENOMEM;
296 : }
297 :
298 : /* only alpha-numeric chars, dashes and underscores are allowed in
299 : * krb5 include directory */
300 0 : for (i = 0; sanitized_domain[i] != '\0'; i++) {
301 0 : if (!isalnum(sanitized_domain[i])
302 0 : && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
303 0 : sanitized_domain[i] = '_';
304 : }
305 : }
306 :
307 0 : mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
308 : KRB5_MAPPING_DIR, sanitized_domain);
309 0 : if (!mapping_file) {
310 0 : ret = ENOMEM;
311 0 : goto done;
312 : }
313 :
314 0 : DEBUG(SSSDBG_FUNC_DATA, "Mapping file for domain [%s] is [%s]\n",
315 : domain->name, mapping_file);
316 :
317 0 : tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
318 0 : if (tmp_file == NULL) {
319 0 : ret = ENOMEM;
320 0 : goto done;
321 : }
322 :
323 0 : old_mode = umask(SSS_DFL_UMASK);
324 0 : fd = mkstemp(tmp_file);
325 0 : umask(old_mode);
326 0 : if (fd < 0) {
327 0 : DEBUG(SSSDBG_OP_FAILURE,
328 : "creating the temp file [%s] for domain-realm mappings "
329 : "failed.\n", tmp_file);
330 0 : ret = EIO;
331 0 : talloc_zfree(tmp_ctx);
332 0 : goto done;
333 : }
334 :
335 0 : fstream = fdopen(fd, "a");
336 0 : if (!fstream) {
337 0 : ret = errno;
338 0 : DEBUG(SSSDBG_OP_FAILURE, "fdopen failed [%d]: %s\n",
339 : ret, strerror(ret));
340 0 : ret = close(fd);
341 0 : if (ret != 0) {
342 0 : ret = errno;
343 0 : DEBUG(SSSDBG_CRIT_FAILURE,
344 : "fclose failed [%d][%s].\n", ret, strerror(ret));
345 : /* Nothing to do here, just report the failure */
346 : }
347 0 : ret = EIO;
348 0 : goto done;
349 : }
350 :
351 0 : ret = fprintf(fstream, "[domain_realm]\n");
352 0 : if (ret < 0) {
353 0 : DEBUG(SSSDBG_OP_FAILURE, "fprintf failed\n");
354 0 : ret = EIO;
355 0 : goto done;
356 : }
357 :
358 0 : for (dom = get_next_domain(domain, SSS_GND_DESCEND);
359 0 : dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
360 0 : dom = get_next_domain(dom, 0)) {
361 0 : ret = fprintf(fstream, ".%s = %s\n%s = %s\n",
362 : dom->name, dom->realm, dom->name, dom->realm);
363 0 : if (ret < 0) {
364 0 : DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
365 0 : goto done;
366 : }
367 : }
368 :
369 0 : parent_dom = domain;
370 0 : uc_parent = get_uppercase_realm(tmp_ctx, parent_dom->name);
371 0 : if (uc_parent == NULL) {
372 0 : DEBUG(SSSDBG_OP_FAILURE, "get_uppercase_realm failed.\n");
373 0 : ret = ENOMEM;
374 0 : goto done;
375 : }
376 :
377 0 : for (dom = get_next_domain(domain, SSS_GND_DESCEND);
378 0 : dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
379 0 : dom = get_next_domain(dom, 0)) {
380 :
381 0 : if (dom->forest == NULL) {
382 0 : continue;
383 : }
384 :
385 0 : uc_forest = get_uppercase_realm(tmp_ctx, dom->forest);
386 0 : if (uc_forest == NULL) {
387 0 : DEBUG(SSSDBG_OP_FAILURE, "get_uppercase_realm failed.\n");
388 0 : ret = ENOMEM;
389 0 : goto done;
390 : }
391 :
392 0 : if (!capaths_started) {
393 0 : ret = fprintf(fstream, "[capaths]\n");
394 0 : if (ret < 0) {
395 0 : DEBUG(SSSDBG_OP_FAILURE, "fprintf failed\n");
396 0 : ret = EIO;
397 0 : goto done;
398 : }
399 0 : capaths_started = true;
400 : }
401 :
402 0 : ret = fprintf(fstream, "%s = {\n %s = %s\n}\n%s = {\n %s = %s\n}\n",
403 : dom->realm, uc_parent, uc_forest,
404 : uc_parent, dom->realm, uc_forest);
405 0 : if (ret < 0) {
406 0 : DEBUG(SSSDBG_CRIT_FAILURE, "fprintf failed\n");
407 0 : goto done;
408 : }
409 : }
410 :
411 0 : ret = fclose(fstream);
412 0 : fstream = NULL;
413 0 : if (ret != 0) {
414 0 : ret = errno;
415 0 : DEBUG(SSSDBG_CRIT_FAILURE,
416 : "fclose failed [%d][%s].\n", ret, strerror(ret));
417 0 : goto done;
418 : }
419 :
420 0 : ret = rename(tmp_file, mapping_file);
421 0 : if (ret == -1) {
422 0 : ret = errno;
423 0 : DEBUG(SSSDBG_CRIT_FAILURE,
424 : "rename failed [%d][%s].\n", ret, strerror(ret));
425 0 : goto done;
426 : }
427 :
428 0 : talloc_zfree(tmp_file);
429 :
430 0 : ret = chmod(mapping_file, 0644);
431 0 : if (ret == -1) {
432 0 : ret = errno;
433 0 : DEBUG(SSSDBG_CRIT_FAILURE,
434 : "fchmod failed [%d][%s].\n", ret, strerror(ret));
435 0 : goto done;
436 : }
437 :
438 0 : ret = EOK;
439 : done:
440 0 : err = sss_krb5_touch_config();
441 0 : if (err != EOK) {
442 0 : DEBUG(SSSDBG_CRIT_FAILURE, "Unable to change last modification time "
443 : "of krb5.conf. Created mappings may not be loaded.\n");
444 : /* Ignore */
445 : }
446 :
447 0 : if (fstream) {
448 0 : err = fclose(fstream);
449 0 : if (err != 0) {
450 0 : err = errno;
451 0 : DEBUG(SSSDBG_CRIT_FAILURE,
452 : "fclose failed [%d][%s].\n", err, strerror(err));
453 : /* Nothing to do here, just report the failure */
454 : }
455 : }
456 :
457 0 : if (tmp_file) {
458 0 : err = unlink(tmp_file);
459 0 : if (err < 0) {
460 0 : err = errno;
461 0 : DEBUG(SSSDBG_MINOR_FAILURE,
462 : "Could not remove file [%s]: [%d]: %s\n",
463 : tmp_file, err, strerror(err));
464 : }
465 : }
466 0 : talloc_free(tmp_ctx);
467 0 : return ret;
468 : }
469 :
470 : /* Save domain names, do not descend. */
471 0 : errno_t get_dom_names(TALLOC_CTX *mem_ctx,
472 : struct sss_domain_info *start_dom,
473 : char ***_dom_names,
474 : int *_dom_names_count)
475 : {
476 : struct sss_domain_info *dom;
477 : TALLOC_CTX *tmp_ctx;
478 : char **dom_names;
479 : size_t count, i;
480 : errno_t ret;
481 :
482 0 : tmp_ctx = talloc_new(NULL);
483 0 : if (tmp_ctx == NULL) {
484 0 : ret = ENOMEM;
485 0 : goto done;
486 : }
487 :
488 : /* get count of domains*/
489 0 : count = 0;
490 0 : dom = start_dom;
491 0 : while (dom) {
492 0 : count++;
493 0 : dom = get_next_domain(dom, 0);
494 : }
495 :
496 0 : dom_names = talloc_array(tmp_ctx, char*, count);
497 0 : if (dom_names == NULL) {
498 0 : ret = ENOMEM;
499 0 : goto done;
500 : }
501 :
502 : /* copy names */
503 0 : i = 0;
504 0 : dom = start_dom;
505 0 : while (dom) {
506 0 : dom_names[i] = talloc_strdup(dom_names, dom->name);
507 0 : if (dom_names[i] == NULL) {
508 0 : ret = ENOMEM;
509 0 : goto done;
510 : }
511 0 : dom = get_next_domain(dom, 0);
512 0 : i++;
513 : }
514 :
515 0 : if (_dom_names != NULL ) {
516 0 : *_dom_names = talloc_steal(mem_ctx, dom_names);
517 : }
518 :
519 0 : if (_dom_names_count != NULL ) {
520 0 : *_dom_names_count = count;
521 : }
522 :
523 0 : ret = EOK;
524 :
525 : done:
526 0 : talloc_free(tmp_ctx);
527 0 : return ret;
528 : }
529 :
530 : #define LOCALAUTH_PLUGIN_CONFIG \
531 : "[plugins]\n" \
532 : " localauth = {\n" \
533 : " module = sssd:"APP_MODULES_PATH"/sssd_krb5_localauth_plugin.so\n" \
534 : " enable_only = sssd\n" \
535 : " }"
536 :
537 2 : static errno_t sss_write_krb5_localauth_snippet(const char *path)
538 : {
539 : #ifdef HAVE_KRB5_LOCALAUTH_PLUGIN
540 : int ret;
541 : errno_t err;
542 : TALLOC_CTX *tmp_ctx = NULL;
543 : char *tmp_file = NULL;
544 : const char *file_name;
545 : int fd = -1;
546 : mode_t old_mode;
547 : ssize_t written;
548 : size_t size;
549 :
550 : tmp_ctx = talloc_new(NULL);
551 : if (tmp_ctx == NULL) {
552 : DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
553 : return ENOMEM;
554 : }
555 :
556 : file_name = talloc_asprintf(tmp_ctx, "%s/localauth_plugin", path);
557 : if (file_name == NULL) {
558 : DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
559 : ret = ENOMEM;
560 : goto done;
561 : }
562 :
563 : DEBUG(SSSDBG_FUNC_DATA, "File for localauth plugin configuration is [%s]\n",
564 : file_name);
565 :
566 : tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", file_name);
567 : if (tmp_file == NULL) {
568 : DEBUG(SSSDBG_OP_FAILURE, "talloc_asprintf failed.\n");
569 : ret = ENOMEM;
570 : goto done;
571 : }
572 :
573 : old_mode = umask(SSS_DFL_UMASK);
574 : fd = mkstemp(tmp_file);
575 : umask(old_mode);
576 : if (fd < 0) {
577 : DEBUG(SSSDBG_OP_FAILURE, "creating the temp file [%s] for "
578 : "domain-realm mappings failed.\n", tmp_file);
579 : ret = EIO;
580 : talloc_zfree(tmp_ctx);
581 : goto done;
582 : }
583 :
584 : size = sizeof(LOCALAUTH_PLUGIN_CONFIG) -1;
585 : written = sss_atomic_write_s(fd, discard_const(LOCALAUTH_PLUGIN_CONFIG),
586 : size);
587 : close(fd);
588 : if (written == -1) {
589 : ret = errno;
590 : DEBUG(SSSDBG_CRIT_FAILURE,
591 : "write failed [%d][%s]\n", ret, sss_strerror(ret));
592 : goto done;
593 : }
594 :
595 : if (written != size) {
596 : DEBUG(SSSDBG_CRIT_FAILURE,
597 : "Wrote %zd bytes expected %zu\n", written, size);
598 : ret = EIO;
599 : goto done;
600 : }
601 :
602 : ret = rename(tmp_file, file_name);
603 : if (ret == -1) {
604 : ret = errno;
605 : DEBUG(SSSDBG_CRIT_FAILURE,
606 : "rename failed [%d][%s].\n", ret, sss_strerror(ret));
607 : goto done;
608 : }
609 : tmp_file = NULL;
610 :
611 : ret = chmod(file_name, 0644);
612 : if (ret == -1) {
613 : ret = errno;
614 : DEBUG(SSSDBG_CRIT_FAILURE,
615 : "chmod failed [%d][%s].\n", ret, sss_strerror(ret));
616 : goto done;
617 : }
618 :
619 : done:
620 : if (tmp_file != NULL) {
621 : err = unlink(tmp_file);
622 : if (err == -1) {
623 : err = errno;
624 : DEBUG(SSSDBG_MINOR_FAILURE,
625 : "Could not remove file [%s]: [%d]: %s\n",
626 : tmp_file, err, sss_strerror(err));
627 : }
628 : }
629 :
630 : talloc_free(tmp_ctx);
631 : return ret;
632 : #else
633 2 : DEBUG(SSSDBG_TRACE_ALL, "Kerberos localauth plugin not available.\n");
634 2 : return EOK;
635 : #endif
636 : }
637 :
638 6 : errno_t sss_write_krb5_conf_snippet(const char *path)
639 : {
640 : errno_t ret;
641 : errno_t err;
642 :
643 6 : if (path != NULL && (*path == '\0' || strcasecmp(path, "none") == 0)) {
644 2 : DEBUG(SSSDBG_TRACE_FUNC, "Empty path, nothing to do.\n");
645 2 : return EOK;
646 : }
647 :
648 4 : if (path == NULL || *path != '/') {
649 2 : DEBUG(SSSDBG_CRIT_FAILURE, "Invalid or missing path [%s]-\n",
650 : path == NULL ? "missing" : path);
651 2 : return EINVAL;
652 : }
653 :
654 2 : ret = sss_write_krb5_localauth_snippet(path);
655 2 : if (ret != EOK) {
656 0 : DEBUG(SSSDBG_OP_FAILURE, "sss_write_krb5_localauth_snippet failed.\n");
657 0 : goto done;
658 : }
659 :
660 2 : ret = EOK;
661 :
662 : done:
663 2 : err = sss_krb5_touch_config();
664 2 : if (err != EOK) {
665 2 : DEBUG(SSSDBG_CRIT_FAILURE, "Unable to change last modification time "
666 : "of krb5.conf. Created mappings may not be loaded.\n");
667 : /* Ignore */
668 : }
669 :
670 2 : return ret;
671 : }
672 :
673 1 : errno_t fix_domain_in_name_list(TALLOC_CTX *mem_ctx,
674 : struct sss_domain_info *dom,
675 : char **in, char ***_out)
676 : {
677 : int ret;
678 : size_t c;
679 : TALLOC_CTX *tmp_ctx;
680 : char **out;
681 : struct sss_domain_info *head;
682 : struct sss_domain_info *out_domain;
683 : char *in_name;
684 : char *in_domain;
685 :
686 1 : head = get_domains_head(dom);
687 :
688 1 : tmp_ctx = talloc_new(NULL);
689 1 : if (tmp_ctx == NULL) {
690 0 : DEBUG(SSSDBG_OP_FAILURE, "talloc_new failed.\n");
691 0 : return ENOMEM;
692 : }
693 :
694 : /* count elements */
695 1 : for (c = 0; in[c] != NULL; c++);
696 :
697 1 : out = talloc_zero_array(tmp_ctx, char *, c + 1);
698 1 : if (out == NULL) {
699 0 : DEBUG(SSSDBG_OP_FAILURE, "talloc_array failed.\n");
700 0 : ret = ENOMEM;
701 0 : goto done;
702 : }
703 :
704 3 : for (c = 0; in[c] != NULL; c++) {
705 2 : ret = sss_parse_name(tmp_ctx, head->names, in[c], &in_domain,
706 : &in_name);
707 2 : if (ret != EOK) {
708 0 : DEBUG(SSSDBG_OP_FAILURE, "sss_parse_name failed for [%s].\n",
709 : in[c]);
710 0 : goto done;
711 : }
712 :
713 2 : if (in_domain == NULL) {
714 0 : out[c] = talloc_strdup(out, in_name);
715 : } else {
716 2 : out_domain = find_domain_by_name(head, in_domain, true);
717 2 : if (out_domain == NULL) {
718 0 : DEBUG(SSSDBG_CRIT_FAILURE,
719 : "Cannot find domain with name [%s].\n", in_domain);
720 0 : ret = EINVAL;
721 0 : goto done;
722 : }
723 :
724 2 : out[c] = sss_get_domain_name(out, in_name, out_domain);
725 : }
726 :
727 2 : if (out[c] == NULL) {
728 0 : DEBUG(SSSDBG_OP_FAILURE, "%s failed.\n",
729 : in_domain == NULL ? "talloc_strdup" : "sss_tc_fqname");
730 0 : ret = ENOMEM;
731 0 : goto done;
732 : }
733 : }
734 :
735 1 : *_out = talloc_steal(mem_ctx, out);
736 :
737 1 : ret = EOK;
738 :
739 : done:
740 1 : talloc_free(tmp_ctx);
741 :
742 1 : return ret;
743 : }
744 :
745 1588 : enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom)
746 : {
747 1588 : return dom->state;
748 : }
749 :
750 18 : void sss_domain_set_state(struct sss_domain_info *dom,
751 : enum sss_domain_state state)
752 : {
753 18 : dom->state = state;
754 18 : }
|
