diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-02-03 14:08:07 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-05 19:16:16 -0500 |
commit | cc84fd46f356c4a36a721ab135a33ec77c93e34d (patch) | |
tree | 256214d053417e3ee63a5f83038d3dbea10eca1d /src/providers/ldap | |
parent | 9e80079370ff3b943832adc3c5ef430e64be0a0c (diff) | |
download | sssd-cc84fd46f356c4a36a721ab135a33ec77c93e34d.tar.gz sssd-cc84fd46f356c4a36a721ab135a33ec77c93e34d.tar.bz2 sssd-cc84fd46f356c4a36a721ab135a33ec77c93e34d.zip |
AUTOFS: LDAP provider
Diffstat (limited to 'src/providers/ldap')
-rw-r--r-- | src/providers/ldap/ldap_common.c | 106 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.h | 5 | ||||
-rw-r--r-- | src/providers/ldap/ldap_init.c | 31 | ||||
-rw-r--r-- | src/providers/ldap/sdap.c | 13 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 19 | ||||
-rw-r--r-- | src/providers/ldap/sdap_async_autofs.c | 833 | ||||
-rw-r--r-- | src/providers/ldap/sdap_autofs.c | 291 | ||||
-rw-r--r-- | src/providers/ldap/sdap_autofs.h | 47 |
8 files changed, 1344 insertions, 1 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index cce3c0bc..3b8e0eeb 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -28,6 +28,7 @@ #include "providers/krb5/krb5_common.h" #include "db/sysdb_sudo.h" #include "db/sysdb_services.h" +#include "db/sysdb_autofs.h" #include "util/sss_krb5.h" #include "util/crypto/sss_crypto.h" @@ -55,6 +56,7 @@ struct dp_option default_basic_opts[] = { { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, { "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, + { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "rfc2307" }, NULL_STRING }, { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, { "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, @@ -242,6 +244,28 @@ struct sdap_attr_map service_map[] = { { "ldap_service_entry_usn", NULL, SYSDB_USN, NULL } }; +struct sdap_attr_map rfc2307_autofs_mobject_map[] = { + { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, + { "ldap_autofs_map_name", "ou", SYSDB_AUTOFS_MAP_NAME, NULL } +}; + +struct sdap_attr_map rfc2307_autofs_entry_map[] = { + { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, + { "ldap_autofs_entry_key", "cn", SYSDB_AUTOFS_ENTRY_KEY, NULL }, + { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, +}; + +struct sdap_attr_map rfc2307bis_autofs_mobject_map[] = { + { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, + { "ldap_autofs_map_name", "automountMapName", SYSDB_AUTOFS_MAP_NAME, NULL } +}; + +struct sdap_attr_map rfc2307bis_autofs_entry_map[] = { + { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, + { "ldap_autofs_entry_key", "automountKey", SYSDB_AUTOFS_ENTRY_KEY, NULL }, + { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, +}; + int ldap_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, @@ -595,6 +619,86 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx, return EOK; } +int ldap_get_autofs_options(TALLOC_CTX *memctx, + struct confdb_ctx *cdb, + const char *conf_path, + struct sdap_options *opts) +{ + const char *search_base; + struct sdap_attr_map *default_entry_map; + struct sdap_attr_map *default_mobject_map; + int ret; + + /* search base */ + search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE); + if (search_base != NULL) { + /* set autofs search bases if they are not */ + if (dp_opt_get_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE) == NULL) { + ret = dp_opt_set_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE, + search_base); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Could not set autofs search base" + "to default value\n")); + return ret; + } + + DEBUG(SSSDBG_FUNC_DATA, ("Option %s set to %s\n", + opts->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name, + dp_opt_get_string(opts->basic, SDAP_AUTOFS_SEARCH_BASE))); + } + } else { + DEBUG(SSSDBG_OP_FAILURE, ("Error: no autofs search base set\n")); + return ENOENT; + } + + ret = sdap_parse_search_base(opts, opts->basic, + SDAP_AUTOFS_SEARCH_BASE, + &opts->autofs_search_bases); + if (ret != EOK && ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, ("Could not parse autofs search base\n")); + return ret; + } + + /* attribute maps */ + switch (opts->schema_type) { + case SDAP_SCHEMA_RFC2307: + default_mobject_map = rfc2307_autofs_mobject_map; + default_entry_map = rfc2307_autofs_entry_map; + break; + case SDAP_SCHEMA_RFC2307BIS: + case SDAP_SCHEMA_IPA_V1: + case SDAP_SCHEMA_AD: + default_mobject_map = rfc2307bis_autofs_mobject_map; + default_entry_map = rfc2307bis_autofs_entry_map; + break; + default: + DEBUG(SSSDBG_CRIT_FAILURE, ("Unknown LDAP schema!\n")); + return EINVAL; + } + + ret = sdap_get_map(opts, cdb, conf_path, + default_mobject_map, + SDAP_OPTS_AUTOFS_MAP, + &opts->autofs_mobject_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not get autofs map object attribute map\n")); + return ret; + } + + ret = sdap_get_map(opts, cdb, conf_path, + default_entry_map, + SDAP_OPTS_AUTOFS_ENTRY, + &opts->autofs_entry_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not get autofs entry object attribute map\n")); + return ret; + } + + return EOK; +} + errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, struct dp_option *opts, int class, struct sdap_search_base ***_search_bases) @@ -635,6 +739,8 @@ errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, break; case SDAP_SERVICE_SEARCH_BASE: class_name = "SERVICE"; + case SDAP_AUTOFS_SEARCH_BASE: + class_name = "AUTOFS"; break; default: DEBUG(SSSDBG_CONF_SETTINGS, diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 603a1ed9..c377bcb6 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -124,6 +124,11 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx, const char *conf_path, struct sdap_options *opts); +int ldap_get_autofs_options(TALLOC_CTX *memctx, + struct confdb_ctx *cdb, + const char *conf_path, + struct sdap_options *opts); + int ldap_id_enumerate_set_timer(struct sdap_id_ctx *ctx, struct timeval tv); int ldap_id_cleanup_set_timer(struct sdap_id_ctx *ctx, struct timeval tv); diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index dd61a1e1..8c98c8ea 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -27,6 +27,7 @@ #include "providers/ldap/sdap_async_private.h" #include "providers/ldap/sdap_access.h" #include "providers/ldap/sdap_sudo.h" +#include "providers/ldap/sdap_autofs.h" static void sdap_shutdown(struct be_req *req); @@ -411,6 +412,36 @@ int sssm_ldap_sudo_init(struct be_ctx *be_ctx, return sdap_sudo_init(be_ctx, id_ctx, ops, &data); } +int sssm_ldap_autofs_init(struct be_ctx *be_ctx, + struct bet_ops **ops, + void **pvt_data) +{ +#ifdef BUILD_AUTOFS + struct sdap_id_ctx *id_ctx; + void *data; + int ret; + + ret = sssm_ldap_id_init(be_ctx, ops, &data); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + + id_ctx = talloc_get_type(data, struct sdap_id_ctx); + if (!id_ctx) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n")); + return EIO; + } + + return sdap_autofs_init(be_ctx, id_ctx, ops, pvt_data); +#else + DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs init handler called but SSSD is " + "built without autofs support, ignoring\n")); + return EOK; +#endif +} + static void sdap_shutdown(struct be_req *req) { /* TODO: Clean up any internal data */ diff --git a/src/providers/ldap/sdap.c b/src/providers/ldap/sdap.c index 27cffd79..1f97f554 100644 --- a/src/providers/ldap/sdap.c +++ b/src/providers/ldap/sdap.c @@ -717,6 +717,8 @@ static errno_t sdap_set_search_base(struct sdap_options *opts, break; case SDAP_SERVICE_SEARCH_BASE: bases = &opts->service_search_bases; + case SDAP_AUTOFS_SEARCH_BASE: + bases = &opts->autofs_search_bases; break; default: return EINVAL; @@ -750,7 +752,8 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, ||!opts->user_search_bases || !opts->group_search_bases || !opts->netgroup_search_bases - || !opts->sudo_search_bases) { + || !opts->sudo_search_bases + || !opts->autofs_search_bases) { naming_context = get_naming_context(opts->basic, rootdse); if (naming_context == NULL) { DEBUG(1, ("get_naming_context failed.\n")); @@ -812,6 +815,14 @@ errno_t sdap_set_config_options_with_rootdse(struct sysdb_attrs *rootdse, if (ret != EOK) goto done; } + /* autofs */ + if (!opts->autofs_search_bases) { + ret = sdap_set_search_base(opts, + SDAP_AUTOFS_SEARCH_BASE, + naming_context); + if (ret != EOK) goto done; + } + ret = EOK; done: diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 2e1dfa95..0a0f996d 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -168,6 +168,7 @@ enum sdap_basic_opt { SDAP_SUDO_SEARCH_BASE, SDAP_SUDO_REFRESH_ENABLED, SDAP_SUDO_REFRESH_TIMEOUT, + SDAP_AUTOFS_SEARCH_BASE, SDAP_SCHEMA, SDAP_OFFLINE_TIMEOUT, SDAP_FORCE_UPPER_CASE_REALM, @@ -311,6 +312,21 @@ enum sdap_service_attrs { SDAP_OPTS_SERVICES /* attrs counter */ }; +enum sdap_autofs_map_attrs { + SDAP_OC_AUTOFS_MAP, + SDAP_AT_AUTOFS_MAP_NAME, + + SDAP_OPTS_AUTOFS_MAP /* attrs counter */ +}; + +enum sdap_autofs_entry_attrs { + SDAP_OC_AUTOFS_ENTRY, + SDAP_AT_AUTOFS_ENTRY_KEY, + SDAP_AT_AUTOFS_ENTRY_VALUE, + + SDAP_OPTS_AUTOFS_ENTRY /* attrs counter */ +}; + struct sdap_attr_map { const char *opt_name; const char *def_name; @@ -335,6 +351,8 @@ struct sdap_options { /* FIXME - should this go to a special struct to avoid mixing with name-service-switch maps? */ struct sdap_attr_map *sudorule_map; + struct sdap_attr_map *autofs_mobject_map; + struct sdap_attr_map *autofs_entry_map; /* supported schema types */ enum schema_type { @@ -350,6 +368,7 @@ struct sdap_options { struct sdap_search_base **netgroup_search_bases; struct sdap_search_base **sudo_search_bases; struct sdap_search_base **service_search_bases; + struct sdap_search_base **autofs_search_bases; }; struct sdap_server_opts { diff --git a/src/providers/ldap/sdap_async_autofs.c b/src/providers/ldap/sdap_async_autofs.c new file mode 100644 index 00000000..ce8a1f96 --- /dev/null +++ b/src/providers/ldap/sdap_async_autofs.c @@ -0,0 +1,833 @@ +/* + SSSD + + Async LDAP Helper routines for autofs + + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "util/util.h" +#include "db/sysdb.h" +#include "providers/ldap/sdap_async_private.h" +#include "db/sysdb_autofs.h" +#include "providers/ldap/ldap_common.h" + +/* ====== Utility functions ====== */ +static const char * +get_autofs_map_name(struct sysdb_attrs *map, struct sdap_options *opts) +{ + errno_t ret; + struct ldb_message_element *el; + + ret = sysdb_attrs_get_el(map, + opts->autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].sys_name, + &el); + if (ret) return NULL; + if (el->num_values == 0) return NULL; + + return (const char *)el->values[0].data; +} + +static const char * +get_autofs_entry_key(struct sysdb_attrs *entry, struct sdap_options *opts) +{ + errno_t ret; + struct ldb_message_element *el; + + ret = sysdb_attrs_get_el(entry, + opts->autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_KEY].sys_name, + &el); + if (ret) return NULL; + if (el->num_values == 0) return NULL; + + return (const char *)el->values[0].data; +} + +static errno_t +save_autofs_entry(struct sysdb_ctx *sysdb, + struct sdap_options *opts, + struct sysdb_attrs *entry) +{ + const char *key; + const char *value; + struct ldb_message_element *el; + errno_t ret; + + key = get_autofs_entry_key(entry, opts); + if (!key) return EINVAL; + + ret = sysdb_attrs_get_el(entry, + opts->autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_VALUE].sys_name, + &el); + if (ret) return ret; + if (el->num_values == 0) return EINVAL; + else value = (const char *)el->values[0].data; + + ret = sysdb_save_autofsentry(sysdb, key, value, NULL); + if (ret != EOK) { + return ret; + } + + return EOK; +} + +static errno_t +save_autofs_entries(struct sysdb_ctx *sysdb, + struct sdap_options *opts, + char **add_entries, + struct sysdb_attrs **entries, + size_t num_entries) +{ + errno_t ret, tret; + const char *key; + bool in_transaction = false; + int i, j; + + ret = sysdb_transaction_start(sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot start sysdb transaction [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + in_transaction = true; + + for (i=0; add_entries[i]; i++) { + for (j=0; j < num_entries; j++) { + key = get_autofs_entry_key(entries[j], opts); + if (!key) { + DEBUG(SSSDBG_MINOR_FAILURE, + ("An entry without name? Skipping\n")); + return EINVAL; + } + + if (strcmp(add_entries[i], key)) { + continue; + } + + ret = save_autofs_entry(sysdb, opts, entries[j]); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Cannot save autofs entry [%d]: %s. Ignoring.\n", + ret, strerror(ret))); + continue; + } + } + } + + ret = sysdb_transaction_commit(sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot commit sysdb transaction [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + in_transaction = false; + + ret = EOK; +done: + if (in_transaction) { + tret = sysdb_transaction_cancel(sysdb); + if (tret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot cancel sysdb transaction [%d]: %s\n", + ret, strerror(ret))); + } + } + return ret; +} + +static errno_t +save_autofs_map(struct sysdb_ctx *sysdb, + struct sss_domain_info *dom, + struct sdap_options *opts, + struct sysdb_attrs *map) +{ + const char *mapname; + errno_t ret; + time_t now; + + mapname = get_autofs_map_name(map, opts); + if (!mapname) return EINVAL; + + now = time(NULL); + + ret = sysdb_save_autofsmap(sysdb, mapname, mapname, + NULL, dom->autofsmap_timeout, now); + if (ret != EOK) { + return ret; + } + + return EOK; +} + +struct automntmaps_process_members_state { + struct tevent_context *ev; + struct sdap_options *opts; + struct sdap_handle *sh; + struct sss_domain_info *dom; + int timeout; + struct sysdb_ctx *sysdb; + + char *filter; + const char **attrs; + + struct sysdb_attrs *map; + + struct sysdb_attrs **entries; + size_t entries_count; +}; + +static void +automntmaps_process_members_done(struct tevent_req *subreq); + +static struct tevent_req * +automntmaps_process_members_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_options *opts, + struct sdap_handle *sh, + struct sss_domain_info *dom, + int timeout, + struct sysdb_ctx *sysdb, + struct sysdb_attrs *map) +{ + errno_t ret; + struct tevent_req *req; + struct tevent_req *subreq; + struct automntmaps_process_members_state *state; + const char *orig_dn; + char *clean_orig_dn; + + req = tevent_req_create(mem_ctx, &state, + struct automntmaps_process_members_state); + if (!req) return NULL; + + state->ev = ev; + state->opts = opts; + state->dom = dom; + state->sh = sh; + state->sysdb = sysdb; + state->timeout = timeout; + + state->map = map; + + state->filter = talloc_asprintf(state, "(&(%s=*)(objectclass=%s))", + opts->autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_KEY].name, + opts->autofs_entry_map[SDAP_OC_AUTOFS_ENTRY].name); + if (!state->filter) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build filter\n")); + ret = ENOMEM; + goto immediate; + } + + ret = build_attrs_from_map(state, opts->autofs_entry_map, + SDAP_OPTS_AUTOFS_ENTRY, &state->attrs); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build attributes from map\n")); + ret = ENOMEM; + goto immediate; + } + + ret = sysdb_attrs_get_string(state->map, SYSDB_ORIG_DN, &orig_dn); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get originalDN\n")); + goto immediate; + } + + /* FIXME - should test if the DN is in the current base? */ + ret = sss_filter_sanitize(state, orig_dn, &clean_orig_dn); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot sanitize originalDN\n")); + goto immediate; + } + + DEBUG(SSSDBG_TRACE_FUNC, + ("Examining autofs map [%s]\n", clean_orig_dn)); + + subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, + clean_orig_dn, LDAP_SCOPE_SUBTREE, + state->filter, state->attrs, + opts->autofs_entry_map, + SDAP_OPTS_AUTOFS_ENTRY, + state->timeout); + if (!subreq) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot start search for entries\n")); + goto immediate; + } + tevent_req_set_callback(subreq, automntmaps_process_members_done, req); + return req; + +immediate: + if (ret != EOK) { + tevent_req_error(req, ret); + } else { + tevent_req_done(req); + } + tevent_req_post(req, ev); + return req; +} + +static void +automntmaps_process_members_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct automntmaps_process_members_state *state = + tevent_req_data(req, struct automntmaps_process_members_state); + errno_t ret; + + ret = sdap_get_generic_recv(subreq, state, + &state->entries_count, &state->entries); + talloc_zfree(subreq); + if (ret) { + tevent_req_error(req, ret); + return; + } + + DEBUG(SSSDBG_TRACE_FUNC, + ("Search for autofs entries, returned %d results.\n", + state->entries_count)); + + tevent_req_done(req); + return; +} + +static errno_t +automntmaps_process_members_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + size_t *entries_count, + struct sysdb_attrs ***entries) +{ + struct automntmaps_process_members_state *state; + state = tevent_req_data(req, struct automntmaps_process_members_state); + + TEVENT_REQ_RETURN_ON_ERROR(req); + + if (entries_count) { + *entries_count = state->entries_count; + } + + if (entries) { + *entries = talloc_steal(mem_ctx, state->entries); + } + + return EOK; +} + +struct sdap_get_automntmap_state { + struct tevent_context *ev; + struct sdap_options *opts; + struct sdap_handle *sh; + struct sss_domain_info *dom; + struct sysdb_ctx *sysdb; + const char **attrs; + const char *base_filter; + char *filter; + int timeout; + + char *higher_timestamp; + + struct sysdb_attrs **map; + size_t count; + + struct sysdb_attrs **entries; + size_t entries_count; + + size_t base_iter; + struct sdap_search_base **search_bases; +}; + +static errno_t +sdap_get_automntmap_next_base(struct tevent_req *req); +static void +sdap_get_automntmap_process(struct tevent_req *subreq); + +static struct tevent_req * +sdap_get_automntmap_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sss_domain_info *dom, + struct sysdb_ctx *sysdb, + struct sdap_options *opts, + struct sdap_search_base **search_bases, + struct sdap_handle *sh, + const char **attrs, + const char *filter, + int timeout) +{ + errno_t ret; + struct tevent_req *req; + struct sdap_get_automntmap_state *state; + + req = tevent_req_create(memctx, &state, struct sdap_get_automntmap_state); + if (!req) return NULL; + + state->ev = ev; + state->opts = opts; + state->dom = dom; + state->sh = sh; + state->sysdb = sysdb; + state->attrs = attrs; + state->higher_timestamp = NULL; + state->map = NULL; + state->count = 0; + state->timeout = timeout; + state->base_filter = filter; + state->base_iter = 0; + state->search_bases = search_bases; + + ret = sdap_get_automntmap_next_base(req); + if (ret != EOK) { + tevent_req_error(req, ret); + tevent_req_post(req, state->ev); + } + return req; +} + +static errno_t +sdap_get_automntmap_next_base(struct tevent_req *req) +{ + struct tevent_req *subreq; + struct sdap_get_automntmap_state *state; + + state = tevent_req_data(req, struct sdap_get_automntmap_state); + + talloc_zfree(state->filter); + state->filter = sdap_get_id_specific_filter(state, + state->base_filter, + state->search_bases[state->base_iter]->filter); + if (!state->filter) { + return ENOMEM; + } + + DEBUG(SSSDBG_TRACE_FUNC, + ("Searching for automount maps with base [%s]\n", + state->search_bases[state->base_iter]->basedn)); + + subreq = sdap_get_generic_send( + state, state->ev, state->opts, state->sh, + state->search_bases[state->base_iter]->basedn, + state->search_bases[state->base_iter]->scope, + state->filter, state->attrs, + state->opts->autofs_mobject_map, SDAP_OPTS_AUTOFS_MAP, + state->timeout); + if (!subreq) { + return EIO; + } + tevent_req_set_callback(subreq, sdap_get_automntmap_process, req); + + return EOK; +} + +static void +sdap_get_automntmap_done(struct tevent_req *subreq); + +static void +sdap_get_automntmap_process(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct sdap_get_automntmap_state *state = tevent_req_data(req, + struct sdap_get_automntmap_state); + errno_t ret; + + ret = sdap_get_generic_recv(subreq, state, + &state->count, &state->map); + talloc_zfree(subreq); + if (ret) { + tevent_req_error(req, ret); + return; + } + + DEBUG(SSSDBG_TRACE_FUNC, + ("Search for autofs maps, returned %d results.\n", state->count)); + + if (state->count == 0) { + /* No maps found in this search */ + state->base_iter++; + if (state->search_bases[state->base_iter]) { + /* There are more search bases to try */ + ret = sdap_get_automntmap_next_base(req); + if (ret != EOK) { + tevent_req_error(req, ENOENT); + } + return; + } + + tevent_req_error(req, ENOENT); + return; + } else if (state->count > 1) { + DEBUG(SSSDBG_OP_FAILURE, + ("The search yielded more than one autofs map\n")); + tevent_req_error(req, EIO); + return; + } + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Processing autofs maps\n")); + subreq = automntmaps_process_members_send(state, state->ev, state->opts, + state->sh, state->dom, + state->timeout, state->sysdb, + state->map[0]); + if (!subreq) { + tevent_req_error(req, ENOMEM); + return; + } + tevent_req_set_callback(subreq, sdap_get_automntmap_done, req); + + return; +} + +static void +sdap_get_automntmap_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct sdap_get_automntmap_state *state = tevent_req_data(req, + struct sdap_get_automntmap_state); + errno_t ret; + + ret = automntmaps_process_members_recv(subreq, state, &state->entries_count, + &state->entries); + talloc_zfree(subreq); + if (ret != EOK) { + tevent_req_error(req, ret); + return; + } + + DEBUG(SSSDBG_TRACE_FUNC, ("automount map members received\n")); + tevent_req_done(req); + return; +} + +static errno_t +sdap_get_automntmap_recv(struct tevent_req *req, + TALLOC_CTX *mem_ctx, + struct sysdb_attrs **map, + size_t *entries_count, + struct sysdb_attrs ***entries) +{ + struct sdap_get_automntmap_state *state = tevent_req_data(req, + struct sdap_get_automntmap_state); + + TEVENT_REQ_RETURN_ON_ERROR(req); + + if (map) { + *map = talloc_steal(mem_ctx, state->map[0]); + } + + if (entries_count) { + *entries_count = state->entries_count; + } + + if (entries) { + *entries = talloc_steal(mem_ctx, state->entries); + } + + return EOK; +} + +struct sdap_autofs_setautomntent_state { + char *filter; + const char **attrs; + struct sdap_options *opts; + struct sdap_handle *sh; + struct sysdb_ctx *sysdb; + struct sdap_id_op *sdap_op; + struct sss_domain_info *dom; + + const char *mapname; + struct sysdb_attrs *map; + struct sysdb_attrs **entries; + size_t entries_count; + + int dp_error; +}; + +static void +sdap_autofs_setautomntent_done(struct tevent_req *subreq); + +struct tevent_req * +sdap_autofs_setautomntent_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sss_domain_info *dom, + struct sysdb_ctx *sysdb, + struct sdap_handle *sh, + struct sdap_id_op *op, + struct sdap_options *opts, + const char *mapname) +{ + struct tevent_req *req; + struct tevent_req *subreq; + struct sdap_autofs_setautomntent_state *state; + char *clean_mapname; + errno_t ret; + + req = tevent_req_create(memctx, &state, + struct sdap_autofs_setautomntent_state); + if (!req) return NULL; + + if (!mapname) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No map name given\n")); + ret = EINVAL; + goto fail; + } + + state->sh = sh; + state->sysdb = sysdb; + state->opts = opts; + state->sdap_op = op; + state->dom = dom; + state->mapname = mapname; + + ret = sss_filter_sanitize(state, mapname, &clean_mapname); + if (ret != EOK) { + goto fail; + } + + state->filter = talloc_asprintf(state, "(&(%s=%s)(objectclass=%s))", + state->opts->autofs_mobject_map[SDAP_AT_AUTOFS_MAP_NAME].name, + clean_mapname, + state->opts->autofs_mobject_map[SDAP_OC_AUTOFS_MAP].name); + if (!state->filter) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build filter\n")); + ret = ENOMEM; + goto fail; + } + talloc_free(clean_mapname); + + ret = build_attrs_from_map(state, state->opts->autofs_mobject_map, + SDAP_OPTS_AUTOFS_MAP, &state->attrs); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to build attributes from map\n")); + ret = ENOMEM; + goto fail; + } + + subreq = sdap_get_automntmap_send(state, ev, dom, + sysdb, state->opts, + state->opts->autofs_search_bases, + state->sh, + state->attrs, state->filter, + dp_opt_get_int(state->opts->basic, + SDAP_SEARCH_TIMEOUT)); + if (!subreq) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Out of memory\n")); + ret = ENOMEM; + goto fail; + } + tevent_req_set_callback(subreq, sdap_autofs_setautomntent_done, req); + return req; + +fail: + tevent_req_error(req, ret); + tevent_req_post(req, ev); + return req; +} + +static errno_t +sdap_autofs_setautomntent_save(struct tevent_req *req); + +static void +sdap_autofs_setautomntent_done(struct tevent_req *subreq) +{ + errno_t ret; + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct sdap_autofs_setautomntent_state *state = tevent_req_data(req, + struct sdap_autofs_setautomntent_state); + + ret = sdap_get_automntmap_recv(subreq, state, &state->map, + &state->entries_count, &state->entries); + talloc_zfree(subreq); + if (ret != EOK) { + if (ret == ENOENT) { + DEBUG(SSSDBG_MINOR_FAILURE, ("Could not find automount map\n")); + } else { + DEBUG(SSSDBG_OP_FAILURE, + ("sdap_get_automntmap_recv failed [%d]: %s\n", + ret, strerror(ret))); + } + tevent_req_error(req, ret); + return; + } + + ret = sdap_autofs_setautomntent_save(req); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Could not save automount map\n")); + tevent_req_error(req, ret); + return; + } + + state->dp_error = DP_ERR_OK; + tevent_req_done(req); + return; +} + +static errno_t +sdap_autofs_setautomntent_save(struct tevent_req *req) +{ + struct sdap_autofs_setautomntent_state *state = tevent_req_data(req, + struct sdap_autofs_setautomntent_state); + errno_t ret, tret; + bool in_transaction = false; + TALLOC_CTX *tmp_ctx; + struct ldb_message *sysdb_map; + struct ldb_message_element *map_members = NULL; + char **sysdb_entrylist; + char **ldap_entrylist; + char **add_entries; + char **del_entries; + size_t i; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) return ENOMEM; + + if (state->entries_count == 0) { + /* No entries for this map in LDAP. + * We need to ensure that there are no entries + * in the sysdb either. + */ + ldap_entrylist = NULL; + } else { + ret = sysdb_attrs_to_list( + tmp_ctx, state->entries, + state->entries_count, + state->opts->autofs_entry_map[SDAP_AT_AUTOFS_ENTRY_KEY].name, + &ldap_entrylist); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("sysdb_attrs_primary_name_list failed [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + } + + ret = sysdb_get_map_byname(tmp_ctx, state->sysdb, state->mapname, + &sysdb_map); + if (ret != EOK && ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, + ("cache lookup for the map failed [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + if (sysdb_map) { + map_members = ldb_msg_find_element(sysdb_map, SYSDB_MEMBER); + } + + if (!map_members || map_members->num_values == 0) { + /* No map members for this map in sysdb currently */ + sysdb_entrylist = NULL; + } else { + sysdb_entrylist = talloc_array(state, char *, map_members->num_values+1); + if (!sysdb_entrylist) { + ret = ENOMEM; + goto done; + } + + /* Get a list of the map members by name only */ + for (i=0; i < map_members->num_values; i++) { + ret = sysdb_map_entry_name(sysdb_entrylist, state->sysdb, + (const char *) map_members->values[i].data, + &sysdb_entrylist[i]); + if (ret != EOK) { + goto done; + } + } + sysdb_entrylist[map_members->num_values] = NULL; + } + + /* Find the differences between the sysdb and LDAP lists + * Entries in the sysdb only must be removed. + */ + ret = diff_string_lists(tmp_ctx, ldap_entrylist, sysdb_entrylist, + &add_entries, &del_entries, NULL); + if (ret != EOK) goto done; + + ret = sysdb_transaction_start(state->sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot start sysdb transaction [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + in_transaction = true; + + /* Save the map itself */ + ret = save_autofs_map(state->sysdb, state->dom, state->opts, state->map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Cannot save autofs map entry [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + /* Create entries that don't exist yet */ + if (add_entries && add_entries[0]) { + ret = save_autofs_entries(state->sysdb, state->opts, + add_entries, state->entries, + state->entries_count); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Cannot save autofs entries [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + } + + /* Save the memberships */ + DEBUG(SSSDBG_TRACE_FUNC, ("Updating memberships for %s\n", state->mapname)); + ret = sysdb_autofs_map_update_members(state->sysdb, state->mapname, + (const char *const *) add_entries, + (const char *const *) del_entries); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Membership update failed [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + ret = sysdb_transaction_commit(state->sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot commit sysdb transaction [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + in_transaction = false; + + ret = EOK; +done: + if (in_transaction) { + tret = sysdb_transaction_cancel(state->sysdb); + if (tret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Cannot cancel sysdb transaction [%d]: %s\n", + ret, strerror(ret))); + } + } + talloc_zfree(tmp_ctx); + return ret; +} + +errno_t +sdap_autofs_setautomntent_recv(struct tevent_req *req) +{ + TEVENT_REQ_RETURN_ON_ERROR(req); + return EOK; +} + diff --git a/src/providers/ldap/sdap_autofs.c b/src/providers/ldap/sdap_autofs.c new file mode 100644 index 00000000..5e3e3320 --- /dev/null +++ b/src/providers/ldap/sdap_autofs.c @@ -0,0 +1,291 @@ +/* + SSSD + + LDAP handler for autofs + + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <errno.h> +#include <tevent.h> + +#include "providers/ldap/ldap_common.h" +#include "providers/ldap/sdap_autofs.h" +#include "providers/ldap/sdap.h" +#include "providers/ldap/sdap_async.h" +#include "providers/dp_backend.h" +#include "db/sysdb_autofs.h" +#include "util/util.h" + +static void +sdap_autofs_shutdown(struct be_req *req) +{ + sdap_handler_done(req, DP_ERR_OK, EOK, NULL); +} + +void sdap_autofs_handler(struct be_req *be_req); + +/* Autofs Handler */ +struct bet_ops sdap_autofs_ops = { + .handler = sdap_autofs_handler, + .finalize = sdap_autofs_shutdown +}; + +int sdap_autofs_init(struct be_ctx *be_ctx, + struct sdap_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data) +{ + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing autofs LDAP back end\n")); + + *ops = &sdap_autofs_ops; + *pvt_data = id_ctx; + + ret = ldap_get_autofs_options(id_ctx, be_ctx->cdb, + be_ctx->conf_path, id_ctx->opts); + if (ret != EOK) { + return ret; + } + + return ret; +} + +static struct tevent_req * +sdap_autofs_get_map_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_id_ctx *ctx, + const char *map_name); + +static void sdap_autofs_handler_done(struct tevent_req *req); + +void sdap_autofs_handler(struct be_req *be_req) +{ + struct sdap_id_ctx *id_ctx; + struct be_autofs_req *autofs_req; + struct tevent_req *req; + int ret = EOK; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("sdap autofs handler called\n")); + + id_ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_AUTOFS].pvt_bet_data, + struct sdap_id_ctx); + + if (be_is_offline(id_ctx->be)) { + return sdap_handler_done(be_req, DP_ERR_OFFLINE, EAGAIN, "Offline"); + } + + autofs_req = talloc_get_type(be_req->req_data, struct be_autofs_req); + + DEBUG(SSSDBG_FUNC_DATA, ("Requested refresh for: %s\n", + autofs_req->mapname ? autofs_req->mapname : "<ALL>\n")); + + req = sdap_autofs_get_map_send(be_req, be_req->be_ctx->ev, + id_ctx, autofs_req->mapname); + if (!req) { + ret = ENOMEM; + goto fail; + } + tevent_req_set_callback(req, sdap_autofs_handler_done, be_req); + + return; +fail: + be_req->fn(be_req, DP_ERR_FATAL, ret, NULL); +} + +struct autofs_get_map_state { + struct tevent_context *ev; + struct sdap_id_ctx *ctx; + struct sdap_id_op *op; + const char *map_name; + + int dp_error; +}; + +static errno_t +sdap_autofs_get_map_retry(struct tevent_req *req); +static void +sdap_autofs_get_map_connect_done(struct tevent_req *subreq); +static void +sdap_autofs_get_map_done(struct tevent_req *req); + +static struct tevent_req * +sdap_autofs_get_map_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sdap_id_ctx *ctx, + const char *map_name) +{ + struct tevent_req *req; + struct autofs_get_map_state *state; + int ret; + + req = tevent_req_create(mem_ctx, &state, struct autofs_get_map_state); + if (!req) return NULL; + + state->ev = ev; + state->ctx = ctx; + state->dp_error = DP_ERR_FATAL; + state->map_name = map_name; + + state->op = sdap_id_op_create(state, state->ctx->conn_cache); + if (!state->op) { + DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); + ret = ENOMEM; + goto fail; + } + + ret = sdap_autofs_get_map_retry(req); + if (ret != EOK) { + goto fail; + } + + return req; + +fail: + tevent_req_error(req, ret); + tevent_req_post(req, ev); + return req; +} + +static errno_t +sdap_autofs_get_map_retry(struct tevent_req *req) +{ + struct autofs_get_map_state *state = + tevent_req_data(req, struct autofs_get_map_state); + struct tevent_req *subreq; + int ret = EOK; + + subreq = sdap_id_op_connect_send(state->op, state, &ret); + if (!subreq) { + return ret; + } + + tevent_req_set_callback(subreq, sdap_autofs_get_map_connect_done, req); + return EOK; +} + +static void +sdap_autofs_get_map_connect_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct autofs_get_map_state *state = + tevent_req_data(req, struct autofs_get_map_state); + int dp_error = DP_ERR_FATAL; + int ret; + + ret = sdap_id_op_connect_recv(subreq, &dp_error); + talloc_zfree(subreq); + + if (ret != EOK) { + state->dp_error = dp_error; + tevent_req_error(req, ret); + return; + } + + subreq = sdap_autofs_setautomntent_send(state, state->ev, + state->ctx->be->domain, + state->ctx->be->sysdb, + sdap_id_op_handle(state->op), + state->op, + state->ctx->opts, + state->map_name); + if (!subreq) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("sdap_autofs_setautomntent_send failed\n")); + tevent_req_error(req, ENOMEM); + return; + } + tevent_req_set_callback(subreq, sdap_autofs_get_map_done, req); + +} + +static void +sdap_autofs_get_map_done(struct tevent_req *subreq) +{ + struct tevent_req *req = tevent_req_callback_data(subreq, + struct tevent_req); + struct autofs_get_map_state *state = + tevent_req_data(req, struct autofs_get_map_state); + int dp_error = DP_ERR_FATAL; + int ret; + + ret = sdap_autofs_setautomntent_recv(subreq); + talloc_zfree(subreq); + + ret = sdap_id_op_done(state->op, ret, &dp_error); + if (dp_error == DP_ERR_OK && ret != EOK) { + /* retry */ + ret = sdap_autofs_get_map_retry(req); + if (ret != EOK) { + tevent_req_error(req, ret); + return; + } + return; + } + + if (ret && ret != ENOENT) { + state->dp_error = dp_error; + tevent_req_error(req, ret); + return; + } + + if (ret == ENOENT) { + ret = sysdb_delete_autofsmap(state->ctx->be->sysdb, state->map_name); + if (ret != EOK && ret != ENOENT) { + DEBUG(SSSDBG_OP_FAILURE, + ("Cannot delete autofs map %s [%d]: %s\n", + state->map_name, ret, strerror(ret))); + tevent_req_error(req, ret); + return; + } + } + + state->dp_error = DP_ERR_OK; + tevent_req_done(req); +} + +static errno_t +sdap_autofs_get_map_recv(struct tevent_req *req, int *dp_error_out) +{ + struct autofs_get_map_state *state = + tevent_req_data(req, struct autofs_get_map_state); + + if (dp_error_out) { + *dp_error_out = state->dp_error; + } + + TEVENT_REQ_RETURN_ON_ERROR(req); + + return EOK; +} + +static void +sdap_autofs_handler_done(struct tevent_req *req) +{ + struct be_req *be_req = + tevent_req_callback_data(req, struct be_req); + int dperr; + errno_t ret; + + ret = sdap_autofs_get_map_recv(req, &dperr); + sdap_handler_done(be_req, dperr, ret, strerror(ret)); +} + diff --git a/src/providers/ldap/sdap_autofs.h b/src/providers/ldap/sdap_autofs.h new file mode 100644 index 00000000..0369e264 --- /dev/null +++ b/src/providers/ldap/sdap_autofs.h @@ -0,0 +1,47 @@ +/* + SSSD + + LDAP handler for autofs + + Authors: + Jakub Hrozek <jhrozek@redhat.com> + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _SDAP_AUTOFS_H_ +#define _SDAP_AUTOFS_H_ + +int sdap_autofs_init(struct be_ctx *be_ctx, + struct sdap_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data); + +struct tevent_req * +sdap_autofs_setautomntent_send(TALLOC_CTX *memctx, + struct tevent_context *ev, + struct sss_domain_info *dom, + struct sysdb_ctx *sysdb, + struct sdap_handle *sh, + struct sdap_id_op *op, + struct sdap_options *opts, + const char *mapname); + +errno_t +sdap_autofs_setautomntent_recv(struct tevent_req *req); + +#endif /* _SDAP_AUTOFS_H_ */ + |