[Pkg-sssd-devel] sssd: Changes to 'ubuntu'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Tue Oct 1 08:48:57 UTC 2013
Makefile.am | 57
configure.ac | 37
contrib/sssd.spec.in | 39
debian/changelog | 36
debian/control | 40
debian/patches/ml-016435.diff | 1205 ----------------
debian/patches/ml-016436.diff | 205 --
debian/patches/series | 2
po/bg.po | 18
po/de.po | 18
po/es.po | 18
po/eu.po | 18
po/fr.po | 18
po/hu.po | 18
po/id.po | 18
po/it.po | 18
po/ja.po | 18
po/nb.po | 18
po/nl.po | 18
po/pl.po | 18
po/pt.po | 18
po/ru.po | 18
po/sssd.pot | 18
po/sv.po | 51
po/tg.po | 18
po/tr.po | 18
po/uk.po | 18
po/zh_CN.po | 18
po/zh_TW.po | 18
src/build_macros.m4 | 14
src/conf_macros.m4 | 1
src/confdb/confdb.h | 1
src/db/sysdb.h | 37
src/db/sysdb_autofs.c | 2
src/db/sysdb_ops.c | 190 ++
src/db/sysdb_search.c | 2
src/db/sysdb_subdomains.c | 51
src/external/inotify.m4 | 32
src/external/krb5.m4 | 6
src/external/ldap.m4 | 4
src/external/libcares.m4 | 19
src/external/libpcre.m4 | 14
src/external/libpopt.m4 | 14
src/external/libtalloc.m4 | 15
src/external/libtdb.m4 | 14
src/external/libtevent.m4 | 21
src/external/libunistring.m4 | 31
src/external/nsupdate.m4 | 6
src/external/pac_responder.m4 | 3
src/external/python.m4 | 6
src/external/sizes.m4 | 12
src/krb5_plugin/sssd_krb5_locator_plugin.c | 2
src/lib/idmap/sss_idmap.h | 1
src/man/po/br.po | 835 +++++------
src/man/po/ca.po | 835 +++++------
src/man/po/cs.po | 876 ++++++-----
src/man/po/es.po | 854 ++++++-----
src/man/po/eu.po | 835 +++++------
src/man/po/fr.po | 870 ++++++-----
src/man/po/ja.po | 1132 ++++++++-------
src/man/po/lv.po | 835 +++++------
src/man/po/nl.po | 835 +++++------
src/man/po/pt.po | 835 +++++------
src/man/po/ru.po | 835 +++++------
src/man/po/sssd-docs.pot | 811 +++++-----
src/man/po/tg.po | 835 +++++------
src/man/po/uk.po | 869 ++++++-----
src/man/po/zh_CN.po | 835 +++++------
src/man/sssd-ad.5.xml | 5
src/man/sssd-ldap.5.xml | 5
src/man/sssd-sudo.5.xml | 24
src/man/sssd.8.xml | 8
src/man/sssd.conf.5.xml | 13
src/man/sssd_krb5_locator_plugin.8.xml | 2
src/monitor/monitor.c | 11
src/monitor/monitor_netlink.c | 7
src/providers/ad/ad_domain_info.c | 374 ++++
src/providers/ad/ad_domain_info.h | 41
src/providers/ad/ad_id.c | 199 ++
src/providers/ad/ad_id.h | 10
src/providers/ad/ad_init.c | 8
src/providers/ad/ad_srv.c | 101 +
src/providers/ad/ad_srv.h | 2
src/providers/ad/ad_subdomains.c | 258 ---
src/providers/dp_dyndns.c | 8
src/providers/fail_over.c | 5
src/providers/fail_over_srv.c | 7
src/providers/fail_over_srv.h | 3
src/providers/ipa/ipa_config.c | 2
src/providers/ipa/ipa_idmap.c | 19
src/providers/ipa/ipa_init.c | 36
src/providers/ipa/ipa_netgroups.c | 6
src/providers/ipa/ipa_selinux.c | 8
src/providers/ipa/ipa_selinux_maps.c | 4
src/providers/ipa/ipa_srv.c | 4
src/providers/ipa/ipa_srv.h | 2
src/providers/ipa/ipa_subdomains.c | 101 +
src/providers/ipa/ipa_subdomains_ext_groups.c | 6
src/providers/krb5/krb5_access.c | 5
src/providers/krb5/krb5_auth.c | 167 --
src/providers/krb5/krb5_auth.h | 1
src/providers/krb5/krb5_become_user.c | 130 +
src/providers/krb5/krb5_child.c | 482 +-----
src/providers/krb5/krb5_child_handler.c | 6
src/providers/krb5/krb5_common.c | 73
src/providers/krb5/krb5_common.h | 2
src/providers/krb5/krb5_delayed_online_authentication.c | 3
src/providers/krb5/krb5_renew_tgt.c | 5
src/providers/krb5/krb5_utils.c | 897 +++--------
src/providers/krb5/krb5_utils.h | 56
src/providers/ldap/ldap_auth.c | 7
src/providers/ldap/ldap_child.c | 6
src/providers/ldap/ldap_common.c | 25
src/providers/ldap/ldap_common.h | 29
src/providers/ldap/ldap_id.c | 25
src/providers/ldap/ldap_id_cleanup.c | 20
src/providers/ldap/ldap_id_enum.c | 23
src/providers/ldap/sdap.c | 11
src/providers/ldap/sdap.h | 6
src/providers/ldap/sdap_access.c | 21
src/providers/ldap/sdap_async.c | 2
src/providers/ldap/sdap_async_autofs.c | 8
src/providers/ldap/sdap_async_connection.c | 9
src/providers/ldap/sdap_async_enum.c | 2
src/providers/ldap/sdap_async_groups.c | 28
src/providers/ldap/sdap_async_groups_ad.c | 2
src/providers/ldap/sdap_async_initgroups.c | 157 +-
src/providers/ldap/sdap_async_initgroups_ad.c | 57
src/providers/ldap/sdap_async_nested_groups.c | 4
src/providers/ldap/sdap_async_netgroups.c | 24
src/providers/ldap/sdap_async_private.h | 6
src/providers/ldap/sdap_async_services.c | 8
src/providers/ldap/sdap_async_sudo.c | 2
src/providers/ldap/sdap_async_sudo_hostinfo.c | 2
src/providers/ldap/sdap_async_sudo_timer.c | 2
src/providers/ldap/sdap_async_users.c | 5
src/providers/ldap/sdap_child_helpers.c | 2
src/providers/ldap/sdap_fd_events.c | 5
src/providers/ldap/sdap_idmap.c | 29
src/providers/ldap/sdap_reinit.c | 2
src/providers/ldap/sdap_sudo.c | 4
src/providers/proxy/proxy_auth.c | 2
src/providers/proxy/proxy_child.c | 4
src/providers/proxy/proxy_id.c | 37
src/providers/proxy/proxy_init.c | 5
src/providers/simple/simple_access.c | 15
src/providers/simple/simple_access_check.c | 147 +
src/resolv/async_resolv.c | 18
src/resolv/async_resolv.h | 2
src/resolv/async_resolv_utils.c | 2
src/responder/common/negcache.c | 8
src/responder/common/responder_common.c | 10
src/responder/common/responder_dp.c | 2
src/responder/nss/nsssrv.c | 13
src/responder/nss/nsssrv_cmd.c | 196 +-
src/responder/nss/nsssrv_mmap_cache.c | 96 +
src/responder/nss/nsssrv_services.c | 13
src/responder/pac/pacsrv.c | 13
src/responder/pac/pacsrv_utils.c | 1
src/responder/pam/pamsrv_cmd.c | 2
src/sbus/sssd_dbus.h | 3
src/sbus/sssd_dbus_common.c | 66
src/sbus/sssd_dbus_connection.c | 10
src/sss_client/nss_mc_common.c | 8
src/tests/dlopen-tests.c | 159 ++
src/tests/krb5_child-test.c | 37
src/tests/krb5_utils-tests.c | 86 -
src/tests/resolv-tests.c | 4
src/tests/simple_access-tests.c | 45
src/tests/sysdb-tests.c | 73
src/tests/util-tests.c | 40
src/tools/files.c | 2
src/tools/sss_seed.c | 5
src/tools/tools_util.c | 3
src/util/backup_file.c | 2
src/util/child_common.c | 5
src/util/domain_info_utils.c | 143 +
src/util/server.c | 4
src/util/sss_format.h | 66
src/util/sss_krb5.c | 182 --
src/util/sss_krb5.h | 14
src/util/sss_ldap.c | 5
src/util/util.c | 15
src/util/util.h | 31
src/util/util_safealign.h | 75
src/util/util_sss_idmap.c | 32
src/util/util_sss_idmap.h | 28
version.m4 | 2
188 files changed, 10807 insertions(+), 10020 deletions(-)
New commits:
commit 2bc0828a779e3dfd7ac4dd6f678115ca01312767
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Tue Oct 1 11:42:09 2013 +0300
drop patches, update changelog
diff --git a/debian/changelog b/debian/changelog
index 0948ac0..daf2468 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sssd (1.11.1-0ubuntu1) UNRELEASED; urgency=low
+
+ * Sync from unreleased debian git.
+ - re-enable parallel build
+ * Dropped patches, both upstream.
+
+ -- Timo Aaltonen <tjaalton at ubuntu.com> Tue, 01 Oct 2013 11:39:49 +0300
+
sssd (1.11.1-1) UNRELEASED; urgency=low
* New upstream release.
diff --git a/debian/patches/ml-016435.diff b/debian/patches/ml-016435.diff
deleted file mode 100644
index 133c581..0000000
--- a/debian/patches/ml-016435.diff
+++ /dev/null
@@ -1,1205 +0,0 @@
->From 88c26495cc453e55fd6771eb7c8c711fe5fd8a06 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek at redhat.com>
-Date: Sat, 17 Aug 2013 01:12:21 +0200
-Subject: [PATCH 1/3] AD: async request to retrieve master domain info
-
-Adds a reusable async request to download the master domain info.
----
- Makefile.am | 3 +
- src/providers/ad/ad_domain_info.c | 350 ++++++++++++++++++++++++++++++++++++++
- src/providers/ad/ad_domain_info.h | 41 +++++
- src/providers/ad/ad_init.c | 2 +-
- src/providers/ad/ad_subdomains.c | 235 +++----------------------
- 5 files changed, 417 insertions(+), 214 deletions(-)
- create mode 100644 src/providers/ad/ad_domain_info.c
- create mode 100644 src/providers/ad/ad_domain_info.h
-
-diff --git a/Makefile.am b/Makefile.am
-index b913a12b895d68f1f3e23c185e493e576641d0e2..eb8592fcd19bce503c99a5745be2a67d3f70d48b 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1587,6 +1587,7 @@ libsss_ipa_la_SOURCES = \
- src/providers/ad/ad_dyndns.c \
- src/providers/ad/ad_id.c \
- src/providers/ad/ad_srv.c \
-+ src/providers/ad/ad_domain_info.c \
- src/util/user_info_msg.c \
- src/util/find_uid.c \
- src/util/sss_ldap.c \
-@@ -1638,6 +1639,8 @@ libsss_ad_la_SOURCES = \
- src/providers/ad/ad_srv.c \
- src/providers/ad/ad_subdomains.c \
- src/providers/ad/ad_subdomains.h \
-+ src/providers/ad/ad_domain_info.c \
-+ src/providers/ad/ad_domain_info.h \
- src/util/find_uid.c \
- src/util/user_info_msg.c \
- src/util/sss_krb5.c \
-diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
-new file mode 100644
-index 0000000000000000000000000000000000000000..252f1678e453f1cec671b30cf891c0ec74f6c749
---- /dev/null
-+++ b/src/providers/ad/ad_domain_info.c
-@@ -0,0 +1,350 @@
-+/*
-+ SSSD
-+
-+ AD Subdomains Module
-+
-+ Authors:
-+ Sumit Bose <sbose at redhat.com>
-+
-+ Copyright (C) 2013 Red Hat
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include <errno.h>
-+#include <tevent.h>
-+#include <ctype.h>
-+#include <ndr.h>
-+#include <ndr/ndr_nbt.h>
-+
-+#include "providers/ldap/sdap.h"
-+#include "providers/ldap/sdap_async.h"
-+#include "providers/ldap/sdap_idmap.h"
-+#include "util/util.h"
-+
-+#define AD_AT_OBJECT_SID "objectSID"
-+#define AD_AT_DNS_DOMAIN "DnsDomain"
-+#define AD_AT_NT_VERSION "NtVer"
-+#define AD_AT_NETLOGON "netlogon"
-+
-+#define MASTER_DOMAIN_SID_FILTER "objectclass=domain"
-+
-+struct ad_master_domain_state {
-+ struct tevent_context *ev;
-+ struct sdap_id_conn_ctx *conn;
-+ struct sdap_id_op *id_op;
-+ struct sdap_id_ctx *id_ctx;
-+ struct sdap_options *opts;
-+
-+ const char *dom_name;
-+ int base_iter;
-+
-+ char *flat;
-+ char *sid;
-+};
-+
-+static errno_t ad_master_domain_next(struct tevent_req *req);
-+static void ad_master_domain_next_done(struct tevent_req *subreq);
-+static void ad_master_domain_netlogon_done(struct tevent_req *req);
-+
-+struct tevent_req *
-+ad_master_domain_send(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct sdap_id_conn_ctx *conn,
-+ struct sdap_id_op *op,
-+ const char *dom_name)
-+{
-+ errno_t ret;
-+ struct tevent_req *req;
-+ struct ad_master_domain_state *state;
-+
-+ req = tevent_req_create(mem_ctx, &state, struct ad_master_domain_state);
-+ if (!req) return NULL;
-+
-+ state->ev = ev;
-+ state->id_op = op;
-+ state->conn = conn;
-+ state->id_ctx = conn->id_ctx;
-+ state->opts = conn->id_ctx->opts;
-+ state->dom_name = dom_name;
-+
-+ ret = ad_master_domain_next(req);
-+ if (ret != EOK && ret != EAGAIN) {
-+ goto immediate;
-+ }
-+
-+ return req;
-+
-+immediate:
-+ if (ret != EOK) {
-+ tevent_req_error(req, ret);
-+ } else {
-+ tevent_req_done(req);
-+ }
-+ tevent_req_post(req, ev);
-+ return req;
-+}
-+
-+static errno_t
-+ad_master_domain_next(struct tevent_req *req)
-+{
-+ struct tevent_req *subreq;
-+ struct sdap_search_base *base;
-+ const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
-+
-+ struct ad_master_domain_state *state =
-+ tevent_req_data(req, struct ad_master_domain_state);
-+
-+ base = state->opts->sdom->search_bases[state->base_iter];
-+ if (base == NULL) {
-+ return EOK;
-+ }
-+
-+ subreq = sdap_get_generic_send(state, state->ev,
-+ state->id_ctx->opts,
-+ sdap_id_op_handle(state->id_op),
-+ base->basedn, LDAP_SCOPE_BASE,
-+ MASTER_DOMAIN_SID_FILTER, master_sid_attrs,
-+ NULL, 0,
-+ dp_opt_get_int(state->opts->basic,
-+ SDAP_SEARCH_TIMEOUT),
-+ false);
-+ if (subreq == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
-+ return ENOMEM;
-+ }
-+ tevent_req_set_callback(subreq, ad_master_domain_next_done, req);
-+
-+ return EAGAIN;
-+}
-+
-+static void
-+ad_master_domain_next_done(struct tevent_req *subreq)
-+{
-+ errno_t ret;
-+ size_t reply_count;
-+ struct sysdb_attrs **reply = NULL;
-+ struct ldb_message_element *el;
-+ char *sid_str;
-+ enum idmap_error_code err;
-+ static const char *attrs[] = {AD_AT_NETLOGON, NULL};
-+ char *filter;
-+ char *ntver;
-+
-+ struct tevent_req *req = tevent_req_callback_data(subreq,
-+ struct tevent_req);
-+ struct ad_master_domain_state *state =
-+ tevent_req_data(req, struct ad_master_domain_state);
-+
-+ ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
-+ talloc_zfree(subreq);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
-+ goto done;
-+ }
-+
-+ if (reply_count == 0) {
-+ state->base_iter++;
-+ ret = ad_master_domain_next(req);
-+ if (ret == EAGAIN) {
-+ /* Async request will get us back here again */
-+ return;
-+ } else if (ret != EOK) {
-+ goto done;
-+ }
-+
-+ /* EOK */
-+ tevent_req_done(req);
-+ return;
-+ } else if (reply_count == 1) {
-+ ret = sysdb_attrs_get_el(reply[0], AD_AT_OBJECT_SID, &el);
-+ if (ret != EOK || el->num_values != 1) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_attrs_get_el failed.\n"));
-+ goto done;
-+ }
-+
-+ err = sss_idmap_bin_sid_to_sid(state->opts->idmap_ctx->map,
-+ el->values[0].data,
-+ el->values[0].length,
-+ &sid_str);
-+ if (err != IDMAP_SUCCESS) {
-+ DEBUG(SSSDBG_MINOR_FAILURE,
-+ ("Could not convert SID: [%s].\n", idmap_error_string(err)));
-+ ret = EFAULT;
-+ goto done;
-+ }
-+
-+ state->sid = talloc_steal(state, sid_str);
-+ } else {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ ("More than one result for domain SID found.\n"));
-+ ret = EINVAL;
-+ goto done;
-+ }
-+
-+ DEBUG(SSSDBG_TRACE_FUNC, ("Found SID [%s].\n", state->sid));
-+
-+ ntver = sss_ldap_encode_ndr_uint32(state, NETLOGON_NT_VERSION_5EX |
-+ NETLOGON_NT_VERSION_WITH_CLOSEST_SITE);
-+ if (ntver == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("sss_ldap_encode_ndr_uint32 failed.\n"));
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ filter = talloc_asprintf(state, "(&(%s=%s)(%s=%s))",
-+ AD_AT_DNS_DOMAIN, state->dom_name,
-+ AD_AT_NT_VERSION, ntver);
-+ if (filter == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n"));
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ subreq = sdap_get_generic_send(state, state->ev,
-+ state->id_ctx->opts,
-+ sdap_id_op_handle(state->id_op),
-+ "", LDAP_SCOPE_BASE, filter, attrs, NULL, 0,
-+ dp_opt_get_int(state->opts->basic,
-+ SDAP_SEARCH_TIMEOUT),
-+ false);
-+ if (subreq == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ tevent_req_set_callback(subreq, ad_master_domain_netlogon_done, req);
-+ return;
-+
-+done:
-+ tevent_req_error(req, ret);
-+}
-+
-+static void
-+ad_master_domain_netlogon_done(struct tevent_req *subreq)
-+{
-+ int ret;
-+ size_t reply_count;
-+ struct sysdb_attrs **reply = NULL;
-+ struct ldb_message_element *el;
-+ DATA_BLOB blob;
-+ enum ndr_err_code ndr_err;
-+ struct ndr_pull *ndr_pull = NULL;
-+ struct netlogon_samlogon_response response;
-+
-+ struct tevent_req *req = tevent_req_callback_data(subreq,
-+ struct tevent_req);
-+ struct ad_master_domain_state *state =
-+ tevent_req_data(req, struct ad_master_domain_state);
-+
-+ ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
-+ talloc_zfree(subreq);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
-+ goto done;
-+ }
-+
-+ if (reply_count == 0) {
-+ DEBUG(SSSDBG_TRACE_FUNC, ("No netlogon data available.\n"));
-+ ret = ENOENT;
-+ goto done;
-+ } else if (reply_count > 1) {
-+ DEBUG(SSSDBG_OP_FAILURE,
-+ ("More than one netlogon info returned.\n"));
-+ ret = EINVAL;
-+ goto done;
-+ }
-+
-+ ret = sysdb_attrs_get_el(reply[0], AD_AT_NETLOGON, &el);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_el() failed\n"));
-+ goto done;
-+ }
-+
-+ if (el->num_values == 0) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("netlogon has no value\n"));
-+ ret = ENOENT;
-+ goto done;
-+ } else if (el->num_values > 1) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("More than one netlogon value?\n"));
-+ ret = EIO;
-+ goto done;
-+ }
-+
-+ blob.data = el->values[0].data;
-+ blob.length = el->values[0].length;
-+
-+ ndr_pull = ndr_pull_init_blob(&blob, state);
-+ if (ndr_pull == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_init_blob() failed.\n"));
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+
-+ ndr_err = ndr_pull_netlogon_samlogon_response(ndr_pull, NDR_SCALARS,
-+ &response);
-+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_netlogon_samlogon_response() "
-+ "failed [%d]\n", ndr_err));
-+ ret = EBADMSG;
-+ goto done;
-+ }
-+
-+ if (!(response.ntver & NETLOGON_NT_VERSION_5EX)) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("Wrong version returned [%x]\n",
-+ response.ntver));
-+ ret = EBADMSG;
-+ goto done;
-+ }
-+
-+ if (response.data.nt5_ex.domain_name != NULL &&
-+ *response.data.nt5_ex.domain_name != '\0') {
-+ state->flat = talloc_strdup(state, response.data.nt5_ex.domain_name);
-+ if (state->flat == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
-+ ret = ENOMEM;
-+ goto done;
-+ }
-+ }
-+
-+ DEBUG(SSSDBG_TRACE_FUNC, ("Found flat name [%s].\n", state->flat));
-+ tevent_req_done(req);
-+ return;
-+
-+done:
-+ tevent_req_error(req, ret);
-+}
-+
-+errno_t
-+ad_master_domain_recv(struct tevent_req *req,
-+ TALLOC_CTX *mem_ctx,
-+ char **_flat,
-+ char **_id)
-+{
-+ struct ad_master_domain_state *state = tevent_req_data(req,
-+ struct ad_master_domain_state);
-+
-+ TEVENT_REQ_RETURN_ON_ERROR(req);
-+
-+ if (_flat) {
-+ *_flat = talloc_steal(mem_ctx, state->flat);
-+ }
-+
-+ if (_id) {
-+ *_id = talloc_steal(mem_ctx, state->sid);
-+ }
-+
-+ return EOK;
-+}
-diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h
-new file mode 100644
-index 0000000000000000000000000000000000000000..d21706396034509a498391e666e03a8e2eda8e08
---- /dev/null
-+++ b/src/providers/ad/ad_domain_info.h
-@@ -0,0 +1,41 @@
-+/*
-+ SSSD
-+
-+ AD Master Domain Module
-+
-+ Authors:
-+ Sumit Bose <sbose at redhat.com>
-+
-+ Copyright (C) 2013 Red Hat
-+
-+ This program is free software; you can redistribute it and/or modify
-+ it under the terms of the GNU General Public License as published by
-+ the Free Software Foundation; either version 3 of the License, or
-+ (at your option) any later version.
-+
-+ This program is distributed in the hope that it will be useful,
-+ but WITHOUT ANY WARRANTY; without even the implied warranty of
-+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
-+ GNU General Public License for more details.
-+
-+ You should have received a copy of the GNU General Public License
-+ along with this program. If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#ifndef _AD_MASTER_DOMAIN_H_
-+#define _AD_MASTER_DOMAIN_H_
-+
-+struct tevent_req *
-+ad_master_domain_send(TALLOC_CTX *mem_ctx,
-+ struct tevent_context *ev,
-+ struct sdap_id_conn_ctx *conn,
-+ struct sdap_id_op *op,
-+ const char *dom_name);
-+
-+errno_t
-+ad_master_domain_recv(struct tevent_req *req,
-+ TALLOC_CTX *mem_ctx,
-+ char **_flat,
-+ char **_id);
-+
-+#endif /* _AD_MASTER_DOMAIN_H_ */
-diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
-index f181afe6e37ace4cd0d7fba83923129b3161aad3..992881951edc215c9ad6b94efcab905abb3812f5 100644
---- a/src/providers/ad/ad_init.c
-+++ b/src/providers/ad/ad_init.c
-@@ -40,6 +40,7 @@
- #include "providers/ad/ad_srv.h"
- #include "providers/dp_dyndns.h"
- #include "providers/ad/ad_subdomains.h"
-+#include "providers/ad/ad_domain_info.h"
-
- struct ad_options *ad_options = NULL;
-
-@@ -214,7 +215,6 @@ sssm_ad_id_init(struct be_ctx *bectx,
- &ad_ctx->sdap_id_ctx->opts->idmap_ctx);
- if (ret != EOK) goto done;
-
--
- ret = setup_tls_config(ad_ctx->sdap_id_ctx->opts->basic);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE,
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index afd2031fe6be557f43555b6dd8b47731d9833585..399957ee16ab0a01c97c8dde4b0adc5ded1c4e25 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -24,6 +24,7 @@
-
- #include "providers/ldap/sdap_async.h"
- #include "providers/ad/ad_subdomains.h"
-+#include "providers/ad/ad_domain_info.h"
- #include <ctype.h>
- #include <ndr.h>
- #include <ndr/ndr_nbt.h>
-@@ -263,9 +264,7 @@ done:
- }
-
- static void ad_subdomains_get_conn_done(struct tevent_req *req);
--static errno_t ad_subdomains_get_master_sid(struct ad_subdomains_req_ctx *ctx);
--static void ad_subdomains_get_master_sid_done(struct tevent_req *req);
--static void ad_subdomains_get_netlogon_done(struct tevent_req *req);
-+static void ad_subdomains_master_dom_done(struct tevent_req *req);
- static errno_t ad_subdomains_get_slave(struct ad_subdomains_req_ctx *ctx);
-
- static void ad_subdomains_retrieve(struct ad_subdomains_ctx *ctx,
-@@ -340,236 +339,46 @@ static void ad_subdomains_get_conn_done(struct tevent_req *req)
- goto fail;
- }
-
-- ret = ad_subdomains_get_master_sid(ctx);
-- if (ret == EAGAIN) {
-- return;
-- } else if (ret != EOK) {
-+ req = ad_master_domain_send(ctx, ctx->sd_ctx->be_ctx->ev,
-+ ctx->sd_ctx->ldap_ctx,
-+ ctx->sdap_op,
-+ ctx->sd_ctx->domain_name);
-+ if (req == NULL) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("ad_master_domain_send failed.\n"));
-+ ret = ENOMEM;
- goto fail;
- }
--
-- DEBUG(SSSDBG_OP_FAILURE, ("No search base available.\n"));
-- ret = EINVAL;
-+ tevent_req_set_callback(req, ad_subdomains_master_dom_done, ctx);
-+ return;
-
- fail:
- be_req_terminate(ctx->be_req, dp_error, ret, NULL);
- }
-
--static errno_t ad_subdomains_get_master_sid(struct ad_subdomains_req_ctx *ctx)
-+static void ad_subdomains_master_dom_done(struct tevent_req *req)
- {
-- struct tevent_req *req;
-- struct sdap_search_base *base;
-- const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
--
--
-- base = ctx->sd_ctx->sdom->search_bases[ctx->base_iter];
-- if (base == NULL) {
-- return EOK;
-- }
--
-- req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev,
-- ctx->sd_ctx->sdap_id_ctx->opts,
-- sdap_id_op_handle(ctx->sdap_op),
-- base->basedn, LDAP_SCOPE_BASE,
-- MASTER_DOMAIN_SID_FILTER, master_sid_attrs,
-- NULL, 0,
-- dp_opt_get_int(ctx->sd_ctx->sdap_id_ctx->opts->basic,
-- SDAP_SEARCH_TIMEOUT),
-- false);
--
-- if (req == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
-- return ENOMEM;
-- }
--
-- tevent_req_set_callback(req, ad_subdomains_get_master_sid_done, ctx);
--
-- return EAGAIN;
--}
--
--static void ad_subdomains_get_master_sid_done(struct tevent_req *req)
--{
-- int ret;
-- size_t reply_count;
-- struct sysdb_attrs **reply = NULL;
- struct ad_subdomains_req_ctx *ctx;
-- struct ldb_message_element *el;
-- char *sid_str;
-- enum idmap_error_code err;
-- static const char *attrs[] = {AD_AT_NETLOGON, NULL};
-- char *filter;
-- char *ntver;
-+ errno_t ret;
-
- ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
-
-- ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
-+ ret = ad_master_domain_recv(req, ctx,
-+ &ctx->flat_name, &ctx->master_sid);
- talloc_zfree(req);
- if (ret != EOK) {
-- DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
-- goto done;
-- }
--
-- if (reply_count == 0) {
-- ctx->base_iter++;
-- ret = ad_subdomains_get_master_sid(ctx);
-- if (ret == EAGAIN) {
-- return;
-- } else if (ret != EOK) {
-- goto done;
-- }
-- } else if (reply_count == 1) {
-- ret = sysdb_attrs_get_el(reply[0], AD_AT_OBJECT_SID, &el);
-- if (ret != EOK || el->num_values != 1) {
-- DEBUG(SSSDBG_OP_FAILURE, ("sdap_attrs_get_el failed.\n"));
-- goto done;
-- }
--
-- err = sss_idmap_bin_sid_to_sid(ctx->sd_ctx->idmap_ctx,
-- el->values[0].data,
-- el->values[0].length,
-- &sid_str);
-- if (err != IDMAP_SUCCESS) {
-- DEBUG(SSSDBG_MINOR_FAILURE,
-- ("Could not convert SID: [%s].\n", idmap_error_string(err)));
-- ret = EFAULT;
-- goto done;
-- }
--
-- ctx->master_sid = talloc_steal(ctx, sid_str);
-- } else {
-- DEBUG(SSSDBG_OP_FAILURE,
-- ("More than one result for domain SID found.\n"));
-- ret = EINVAL;
-+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n"));
- goto done;
- }
-
-- DEBUG(SSSDBG_TRACE_FUNC, ("Found SID [%s].\n", ctx->master_sid));
--
-- ntver = sss_ldap_encode_ndr_uint32(ctx, NETLOGON_NT_VERSION_5EX |
-- NETLOGON_NT_VERSION_WITH_CLOSEST_SITE);
-- if (ntver == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, ("sss_ldap_encode_ndr_uint32 failed.\n"));
-- ret = ENOMEM;
-- goto done;
-- }
--
-- filter = talloc_asprintf(ctx, "(&(%s=%s)(%s=%s))",
-- AD_AT_DNS_DOMAIN, ctx->sd_ctx->domain_name,
-- AD_AT_NT_VERSION, ntver);
-- if (filter == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n"));
-- ret = ENOMEM;
-- goto done;
-- }
--
-- req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev,
-- ctx->sd_ctx->sdap_id_ctx->opts,
-- sdap_id_op_handle(ctx->sdap_op),
-- "", LDAP_SCOPE_BASE, filter, attrs, NULL, 0,
-- dp_opt_get_int(ctx->sd_ctx->sdap_id_ctx->opts->basic,
-- SDAP_SEARCH_TIMEOUT),
-- false);
-- if (req == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
-- ret = ENOMEM;
-- goto done;
-- }
--
-- tevent_req_set_callback(req, ad_subdomains_get_netlogon_done, ctx);
-- return;
--
--done:
-- be_req_terminate(ctx->be_req, DP_ERR_FATAL, ret, NULL);
--}
--
--static void ad_subdomains_get_netlogon_done(struct tevent_req *req)
--{
-- int ret;
-- size_t reply_count;
-- struct sysdb_attrs **reply = NULL;
-- struct ad_subdomains_req_ctx *ctx;
-- struct ldb_message_element *el;
-- DATA_BLOB blob;
-- enum ndr_err_code ndr_err;
-- struct ndr_pull *ndr_pull = NULL;
-- struct netlogon_samlogon_response response;
-- int dp_error = DP_ERR_FATAL;
--
-- ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
--
-- ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
-- talloc_zfree(req);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
-- goto done;
-- }
--
-- if (reply_count == 0) {
-- DEBUG(SSSDBG_TRACE_FUNC, ("No netlogon data available.\n"));
-- ret = ENOENT;
-- goto done;
-- } else if (reply_count > 1) {
-- DEBUG(SSSDBG_OP_FAILURE,
-- ("More than one netlogon info returned.\n"));
-- ret = EINVAL;
-- goto done;
-- }
--
-- ret = sysdb_attrs_get_el(reply[0], AD_AT_NETLOGON, &el);
-- if (ret != EOK) {
-- DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_el() failed\n"));
-- goto done;
-- }
--
-- if (el->num_values == 0) {
-- DEBUG(SSSDBG_OP_FAILURE, ("netlogon has no value\n"));
-- ret = ENOENT;
-- goto done;
-- } else if (el->num_values > 1) {
-- DEBUG(SSSDBG_OP_FAILURE, ("More than one netlogon value?\n"));
-- ret = EIO;
-- goto done;
-- }
--
-- blob.data = el->values[0].data;
-- blob.length = el->values[0].length;
--
-- ndr_pull = ndr_pull_init_blob(&blob, ctx);
-- if (ndr_pull == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_init_blob() failed.\n"));
-- ret = ENOMEM;
-- goto done;
-- }
--
-- ndr_err = ndr_pull_netlogon_samlogon_response(ndr_pull, NDR_SCALARS,
-- &response);
-- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-- DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_netlogon_samlogon_response() "
-- "failed [%d]\n", ndr_err));
-- ret = EBADMSG;
-- goto done;
-- }
--
-- if (!(response.ntver & NETLOGON_NT_VERSION_5EX)) {
-- DEBUG(SSSDBG_OP_FAILURE, ("Wrong version returned [%x]\n",
-- response.ntver));
-- ret = EBADMSG;
-- goto done;
-- }
--
-- if (response.data.nt5_ex.domain_name != NULL &&
-- *response.data.nt5_ex.domain_name != '\0') {
-- ctx->flat_name = talloc_strdup(ctx, response.data.nt5_ex.domain_name);
-- if (ctx->flat_name == NULL) {
-- DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
-- ret = ENOMEM;
-- goto done;
-- }
-- }
--
- DEBUG(SSSDBG_TRACE_FUNC, ("Found flat name [%s].\n", ctx->flat_name));
-+ DEBUG(SSSDBG_TRACE_FUNC, ("Found master SID [%s].\n", ctx->master_sid));
-
- ret = sysdb_master_domain_add_info(ctx->sd_ctx->be_ctx->domain,
- ctx->flat_name, ctx->master_sid);
-+ if (ret != EOK) {
-+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot save master domain info\n"));
-+ goto done;
-+ }
-
- ret = ad_subdomains_get_slave(ctx);
- if (ret == EAGAIN) {
-@@ -579,7 +388,7 @@ static void ad_subdomains_get_netlogon_done(struct tevent_req *req)
- }
-
- done:
-- be_req_terminate(ctx->be_req, dp_error, ret, NULL);
-+ be_req_terminate(ctx->be_req, DP_ERR_FATAL, ret, NULL);
- }
-
- static void ad_subdomains_get_slave_domain_done(struct tevent_req *req);
---
-1.8.3.1
-
--------------- next part --------------
->From 2d47aaae98953b954898171212e579f3463881a6 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek at redhat.com>
-Date: Sat, 24 Aug 2013 14:43:57 +0200
-Subject: [PATCH 2/3] LDAP: sdap_id_setup_tasks accepts a custom enum request
-
-AD provider will override the default with its own.
----
- src/providers/ipa/ipa_subdomains.c | 4 +++-
- src/providers/ldap/ldap_common.c | 10 +++++++---
- src/providers/ldap/ldap_common.h | 16 ++++++++++++++--
- src/providers/ldap/ldap_id_enum.c | 17 +++++------------
- 4 files changed, 29 insertions(+), 18 deletions(-)
-
-diff --git a/src/providers/ipa/ipa_subdomains.c b/src/providers/ipa/ipa_subdomains.c
-index c28af0e76a41352b80ab816076de156607243c1d..496af42b7c134bec8b106b3302cfb09a2a7fbc53 100644
---- a/src/providers/ipa/ipa_subdomains.c
-+++ b/src/providers/ipa/ipa_subdomains.c
-@@ -186,7 +186,9 @@ ipa_ad_ctx_new(struct be_ctx *be_ctx,
- }
-
- ret = sdap_id_setup_tasks(ad_id_ctx->sdap_id_ctx,
-- ad_id_ctx->ldap_ctx, sdom);
-+ ad_id_ctx->ldap_ctx, sdom,
-+ ldap_enumeration_send,
-+ ldap_enumeration_recv);
- if (ret != EOK) {
- talloc_free(ad_options);
- return ret;
-diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
More information about the Pkg-sssd-devel
mailing list