[Pkg-sssd-devel] sssd: Changes to 'ppa-precise'

Timo Aaltonen tjaalton-guest at alioth.debian.org
Thu Oct 10 20:58:25 UTC 2013


 Makefile.am                                             |   57 
 configure.ac                                            |   37 
 contrib/sssd.spec.in                                    |   39 
 debian/changelog                                        |   28 
 debian/control                                          |   41 
 debian/patches/ml-016435.diff                           | 1205 ----------------
 debian/patches/ml-016436.diff                           |  205 --
 debian/patches/series                                   |    2 
 po/bg.po                                                |   18 
 po/de.po                                                |   18 
 po/es.po                                                |   18 
 po/eu.po                                                |   18 
 po/fr.po                                                |   18 
 po/hu.po                                                |   18 
 po/id.po                                                |   18 
 po/it.po                                                |   18 
 po/ja.po                                                |   18 
 po/nb.po                                                |   18 
 po/nl.po                                                |   18 
 po/pl.po                                                |   18 
 po/pt.po                                                |   18 
 po/ru.po                                                |   18 
 po/sssd.pot                                             |   18 
 po/sv.po                                                |   51 
 po/tg.po                                                |   18 
 po/tr.po                                                |   18 
 po/uk.po                                                |   18 
 po/zh_CN.po                                             |   18 
 po/zh_TW.po                                             |   18 
 src/build_macros.m4                                     |   14 
 src/conf_macros.m4                                      |    1 
 src/confdb/confdb.h                                     |    1 
 src/db/sysdb.h                                          |   37 
 src/db/sysdb_autofs.c                                   |    2 
 src/db/sysdb_ops.c                                      |  190 ++
 src/db/sysdb_search.c                                   |    2 
 src/db/sysdb_subdomains.c                               |   51 
 src/external/inotify.m4                                 |   32 
 src/external/krb5.m4                                    |    6 
 src/external/ldap.m4                                    |    4 
 src/external/libcares.m4                                |   19 
 src/external/libpcre.m4                                 |   14 
 src/external/libpopt.m4                                 |   14 
 src/external/libtalloc.m4                               |   15 
 src/external/libtdb.m4                                  |   14 
 src/external/libtevent.m4                               |   21 
 src/external/libunistring.m4                            |   31 
 src/external/nsupdate.m4                                |    6 
 src/external/pac_responder.m4                           |    3 
 src/external/python.m4                                  |    6 
 src/external/sizes.m4                                   |   12 
 src/krb5_plugin/sssd_krb5_locator_plugin.c              |    2 
 src/lib/idmap/sss_idmap.h                               |    1 
 src/man/po/br.po                                        |  835 +++++------
 src/man/po/ca.po                                        |  835 +++++------
 src/man/po/cs.po                                        |  876 ++++++-----
 src/man/po/es.po                                        |  854 ++++++-----
 src/man/po/eu.po                                        |  835 +++++------
 src/man/po/fr.po                                        |  870 ++++++-----
 src/man/po/ja.po                                        | 1132 ++++++++-------
 src/man/po/lv.po                                        |  835 +++++------
 src/man/po/nl.po                                        |  835 +++++------
 src/man/po/pt.po                                        |  835 +++++------
 src/man/po/ru.po                                        |  835 +++++------
 src/man/po/sssd-docs.pot                                |  811 +++++-----
 src/man/po/tg.po                                        |  835 +++++------
 src/man/po/uk.po                                        |  869 ++++++-----
 src/man/po/zh_CN.po                                     |  835 +++++------
 src/man/sssd-ad.5.xml                                   |    5 
 src/man/sssd-ldap.5.xml                                 |    5 
 src/man/sssd-sudo.5.xml                                 |   24 
 src/man/sssd.8.xml                                      |    8 
 src/man/sssd.conf.5.xml                                 |   13 
 src/man/sssd_krb5_locator_plugin.8.xml                  |    2 
 src/monitor/monitor.c                                   |   11 
 src/monitor/monitor_netlink.c                           |    7 
 src/providers/ad/ad_domain_info.c                       |  374 ++++
 src/providers/ad/ad_domain_info.h                       |   41 
 src/providers/ad/ad_id.c                                |  199 ++
 src/providers/ad/ad_id.h                                |   10 
 src/providers/ad/ad_init.c                              |    8 
 src/providers/ad/ad_srv.c                               |  101 +
 src/providers/ad/ad_srv.h                               |    2 
 src/providers/ad/ad_subdomains.c                        |  258 ---
 src/providers/dp_dyndns.c                               |    8 
 src/providers/fail_over.c                               |    5 
 src/providers/fail_over_srv.c                           |    7 
 src/providers/fail_over_srv.h                           |    3 
 src/providers/ipa/ipa_config.c                          |    2 
 src/providers/ipa/ipa_idmap.c                           |   19 
 src/providers/ipa/ipa_init.c                            |   36 
 src/providers/ipa/ipa_netgroups.c                       |    6 
 src/providers/ipa/ipa_selinux.c                         |    8 
 src/providers/ipa/ipa_selinux_maps.c                    |    4 
 src/providers/ipa/ipa_srv.c                             |    4 
 src/providers/ipa/ipa_srv.h                             |    2 
 src/providers/ipa/ipa_subdomains.c                      |  101 +
 src/providers/ipa/ipa_subdomains_ext_groups.c           |    6 
 src/providers/krb5/krb5_access.c                        |    5 
 src/providers/krb5/krb5_auth.c                          |  167 --
 src/providers/krb5/krb5_auth.h                          |    1 
 src/providers/krb5/krb5_become_user.c                   |  130 +
 src/providers/krb5/krb5_child.c                         |  482 +-----
 src/providers/krb5/krb5_child_handler.c                 |    6 
 src/providers/krb5/krb5_common.c                        |   73 
 src/providers/krb5/krb5_common.h                        |    2 
 src/providers/krb5/krb5_delayed_online_authentication.c |    3 
 src/providers/krb5/krb5_renew_tgt.c                     |    5 
 src/providers/krb5/krb5_utils.c                         |  897 +++--------
 src/providers/krb5/krb5_utils.h                         |   56 
 src/providers/ldap/ldap_auth.c                          |    7 
 src/providers/ldap/ldap_child.c                         |    6 
 src/providers/ldap/ldap_common.c                        |   25 
 src/providers/ldap/ldap_common.h                        |   29 
 src/providers/ldap/ldap_id.c                            |   25 
 src/providers/ldap/ldap_id_cleanup.c                    |   20 
 src/providers/ldap/ldap_id_enum.c                       |   23 
 src/providers/ldap/sdap.c                               |   11 
 src/providers/ldap/sdap.h                               |    6 
 src/providers/ldap/sdap_access.c                        |   21 
 src/providers/ldap/sdap_async.c                         |    2 
 src/providers/ldap/sdap_async_autofs.c                  |    8 
 src/providers/ldap/sdap_async_connection.c              |    9 
 src/providers/ldap/sdap_async_enum.c                    |    2 
 src/providers/ldap/sdap_async_groups.c                  |   28 
 src/providers/ldap/sdap_async_groups_ad.c               |    2 
 src/providers/ldap/sdap_async_initgroups.c              |  157 +-
 src/providers/ldap/sdap_async_initgroups_ad.c           |   57 
 src/providers/ldap/sdap_async_nested_groups.c           |    4 
 src/providers/ldap/sdap_async_netgroups.c               |   24 
 src/providers/ldap/sdap_async_private.h                 |    6 
 src/providers/ldap/sdap_async_services.c                |    8 
 src/providers/ldap/sdap_async_sudo.c                    |    2 
 src/providers/ldap/sdap_async_sudo_hostinfo.c           |    2 
 src/providers/ldap/sdap_async_sudo_timer.c              |    2 
 src/providers/ldap/sdap_async_users.c                   |    5 
 src/providers/ldap/sdap_child_helpers.c                 |    2 
 src/providers/ldap/sdap_fd_events.c                     |    5 
 src/providers/ldap/sdap_idmap.c                         |   29 
 src/providers/ldap/sdap_reinit.c                        |    2 
 src/providers/ldap/sdap_sudo.c                          |    4 
 src/providers/proxy/proxy_auth.c                        |    2 
 src/providers/proxy/proxy_child.c                       |    4 
 src/providers/proxy/proxy_id.c                          |   37 
 src/providers/proxy/proxy_init.c                        |    5 
 src/providers/simple/simple_access.c                    |   15 
 src/providers/simple/simple_access_check.c              |  147 +
 src/resolv/async_resolv.c                               |   18 
 src/resolv/async_resolv.h                               |    2 
 src/resolv/async_resolv_utils.c                         |    2 
 src/responder/common/negcache.c                         |    8 
 src/responder/common/responder_common.c                 |   10 
 src/responder/common/responder_dp.c                     |    2 
 src/responder/nss/nsssrv.c                              |   13 
 src/responder/nss/nsssrv_cmd.c                          |  196 +-
 src/responder/nss/nsssrv_mmap_cache.c                   |   96 +
 src/responder/nss/nsssrv_services.c                     |   13 
 src/responder/pac/pacsrv.c                              |   13 
 src/responder/pac/pacsrv_utils.c                        |    1 
 src/responder/pam/pamsrv_cmd.c                          |    2 
 src/sbus/sssd_dbus.h                                    |    3 
 src/sbus/sssd_dbus_common.c                             |   66 
 src/sbus/sssd_dbus_connection.c                         |   10 
 src/sss_client/nss_mc_common.c                          |    8 
 src/tests/dlopen-tests.c                                |  159 ++
 src/tests/krb5_child-test.c                             |   37 
 src/tests/krb5_utils-tests.c                            |   86 -
 src/tests/resolv-tests.c                                |    4 
 src/tests/simple_access-tests.c                         |   45 
 src/tests/sysdb-tests.c                                 |   73 
 src/tests/util-tests.c                                  |   40 
 src/tools/files.c                                       |    2 
 src/tools/sss_seed.c                                    |    5 
 src/tools/tools_util.c                                  |    3 
 src/util/backup_file.c                                  |    2 
 src/util/child_common.c                                 |    5 
 src/util/domain_info_utils.c                            |  143 +
 src/util/server.c                                       |    4 
 src/util/sss_format.h                                   |   66 
 src/util/sss_krb5.c                                     |  182 --
 src/util/sss_krb5.h                                     |   14 
 src/util/sss_ldap.c                                     |    5 
 src/util/util.c                                         |   15 
 src/util/util.h                                         |   31 
 src/util/util_safealign.h                               |   75 
 src/util/util_sss_idmap.c                               |   32 
 src/util/util_sss_idmap.h                               |   28 
 version.m4                                              |    2 
 188 files changed, 10811 insertions(+), 10009 deletions(-)

New commits:
commit 36f6f2ff734f989cb52a1f8869568a5b82c77251
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Fri Oct 4 09:40:30 2013 +0300

    release to ppa

diff --git a/debian/changelog b/debian/changelog
index 6c9d6fe..745fe50 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,4 +1,4 @@
-sssd (1.11.0-0ubuntu3~precise1) UNRELEASED; urgency=low
+sssd (1.11.0-0ubuntu3~precise1) precise; urgency=low
 
   * Backport to precise.
     - drop dh_systemd changes.

commit d6102ab73ddcc2b9a11e75a3621c9f0da85c3b75
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Thu Oct 3 00:13:42 2013 +0300

    release to saucy

diff --git a/debian/changelog b/debian/changelog
index 81366ea..f77c163 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,10 +1,10 @@
-sssd (1.11.1-0ubuntu1) UNRELEASED; urgency=low
+sssd (1.11.1-0ubuntu1) saucy; urgency=low
 
   * Sync from unreleased debian git.
     - re-enable parallel build
   * Dropped patches, both upstream.
 
- -- Timo Aaltonen <tjaalton at ubuntu.com>  Tue, 01 Oct 2013 11:39:49 +0300
+ -- Timo Aaltonen <tjaalton at ubuntu.com>  Thu, 03 Oct 2013 00:13:18 +0300
 
 sssd (1.11.1-1) UNRELEASED; urgency=low
 

commit 581a71f12bdb3339f7307ef7d802e9dd8e3bc846
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Oct 1 11:56:28 2013 +0300

    control: Add libltdl-dev to build-depends.

diff --git a/debian/changelog b/debian/changelog
index fb1b5e4..7280f44 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -11,6 +11,7 @@ sssd (1.11.1-1) UNRELEASED; urgency=low
   * control: Drop unnecessary multiarch declarations.
   * control: Drop obsolete Breaks/Conflicts.
   * rules: Enable parallel build.
+  * control: Add libltdl-dev to build-depends.
 
  -- Timo Aaltonen <tjaalton at ubuntu.com>  Tue, 06 Aug 2013 17:04:28 +0300
 
diff --git a/debian/control b/debian/control
index 731a0f1..7208e0b 100644
--- a/debian/control
+++ b/debian/control
@@ -22,6 +22,7 @@ Build-Depends: debhelper (>= 9), quilt, dh-autoreconf, autopoint, lsb-release,
  libldb-dev,
  libtalloc-dev,
  libtdb-dev,
+ libltdl-dev,
  xml-core,
  docbook-xsl,
  docbook-xml,

commit 2bc0828a779e3dfd7ac4dd6f678115ca01312767
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date:   Tue Oct 1 11:42:09 2013 +0300

    drop patches, update changelog

diff --git a/debian/changelog b/debian/changelog
index 0948ac0..daf2468 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,11 @@
+sssd (1.11.1-0ubuntu1) UNRELEASED; urgency=low
+
+  * Sync from unreleased debian git.
+    - re-enable parallel build
+  * Dropped patches, both upstream.
+
+ -- Timo Aaltonen <tjaalton at ubuntu.com>  Tue, 01 Oct 2013 11:39:49 +0300
+
 sssd (1.11.1-1) UNRELEASED; urgency=low
 
   * New upstream release.
diff --git a/debian/patches/ml-016435.diff b/debian/patches/ml-016435.diff
deleted file mode 100644
index 133c581..0000000
--- a/debian/patches/ml-016435.diff
+++ /dev/null
@@ -1,1205 +0,0 @@
->From 88c26495cc453e55fd6771eb7c8c711fe5fd8a06 Mon Sep 17 00:00:00 2001
-From: Jakub Hrozek <jhrozek at redhat.com>
-Date: Sat, 17 Aug 2013 01:12:21 +0200
-Subject: [PATCH 1/3] AD: async request to retrieve master domain info
-
-Adds a reusable async request to download the master domain info.
----
- Makefile.am                       |   3 +
- src/providers/ad/ad_domain_info.c | 350 ++++++++++++++++++++++++++++++++++++++
- src/providers/ad/ad_domain_info.h |  41 +++++
- src/providers/ad/ad_init.c        |   2 +-
- src/providers/ad/ad_subdomains.c  | 235 +++----------------------
- 5 files changed, 417 insertions(+), 214 deletions(-)
- create mode 100644 src/providers/ad/ad_domain_info.c
- create mode 100644 src/providers/ad/ad_domain_info.h
-
-diff --git a/Makefile.am b/Makefile.am
-index b913a12b895d68f1f3e23c185e493e576641d0e2..eb8592fcd19bce503c99a5745be2a67d3f70d48b 100644
---- a/Makefile.am
-+++ b/Makefile.am
-@@ -1587,6 +1587,7 @@ libsss_ipa_la_SOURCES = \
-     src/providers/ad/ad_dyndns.c \
-     src/providers/ad/ad_id.c \
-     src/providers/ad/ad_srv.c \
-+    src/providers/ad/ad_domain_info.c \
-     src/util/user_info_msg.c \
-     src/util/find_uid.c \
-     src/util/sss_ldap.c \
-@@ -1638,6 +1639,8 @@ libsss_ad_la_SOURCES = \
-     src/providers/ad/ad_srv.c \
-     src/providers/ad/ad_subdomains.c \
-     src/providers/ad/ad_subdomains.h \
-+    src/providers/ad/ad_domain_info.c \
-+    src/providers/ad/ad_domain_info.h \
-     src/util/find_uid.c \
-     src/util/user_info_msg.c \
-     src/util/sss_krb5.c \
-diff --git a/src/providers/ad/ad_domain_info.c b/src/providers/ad/ad_domain_info.c
-new file mode 100644
-index 0000000000000000000000000000000000000000..252f1678e453f1cec671b30cf891c0ec74f6c749
---- /dev/null
-+++ b/src/providers/ad/ad_domain_info.c
-@@ -0,0 +1,350 @@
-+/*
-+    SSSD
-+
-+    AD Subdomains Module
-+
-+    Authors:
-+        Sumit Bose <sbose at redhat.com>
-+
-+    Copyright (C) 2013 Red Hat
-+
-+    This program is free software; you can redistribute it and/or modify
-+    it under the terms of the GNU General Public License as published by
-+    the Free Software Foundation; either version 3 of the License, or
-+    (at your option) any later version.
-+
-+    This program is distributed in the hope that it will be useful,
-+    but WITHOUT ANY WARRANTY; without even the implied warranty of
-+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+    GNU General Public License for more details.
-+
-+    You should have received a copy of the GNU General Public License
-+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#include <errno.h>
-+#include <tevent.h>
-+#include <ctype.h>
-+#include <ndr.h>
-+#include <ndr/ndr_nbt.h>
-+
-+#include "providers/ldap/sdap.h"
-+#include "providers/ldap/sdap_async.h"
-+#include "providers/ldap/sdap_idmap.h"
-+#include "util/util.h"
-+
-+#define AD_AT_OBJECT_SID "objectSID"
-+#define AD_AT_DNS_DOMAIN "DnsDomain"
-+#define AD_AT_NT_VERSION "NtVer"
-+#define AD_AT_NETLOGON   "netlogon"
-+
-+#define MASTER_DOMAIN_SID_FILTER "objectclass=domain"
-+
-+struct ad_master_domain_state {
-+    struct tevent_context *ev;
-+    struct sdap_id_conn_ctx *conn;
-+    struct sdap_id_op *id_op;
-+    struct sdap_id_ctx *id_ctx;
-+    struct sdap_options *opts;
-+
-+    const char *dom_name;
-+    int base_iter;
-+
-+    char *flat;
-+    char *sid;
-+};
-+
-+static errno_t ad_master_domain_next(struct tevent_req *req);
-+static void ad_master_domain_next_done(struct tevent_req *subreq);
-+static void ad_master_domain_netlogon_done(struct tevent_req *req);
-+
-+struct tevent_req *
-+ad_master_domain_send(TALLOC_CTX *mem_ctx,
-+                      struct tevent_context *ev,
-+                      struct sdap_id_conn_ctx *conn,
-+                      struct sdap_id_op *op,
-+                      const char *dom_name)
-+{
-+    errno_t ret;
-+    struct tevent_req *req;
-+    struct ad_master_domain_state *state;
-+
-+    req = tevent_req_create(mem_ctx, &state, struct ad_master_domain_state);
-+    if (!req) return NULL;
-+
-+    state->ev = ev;
-+    state->id_op = op;
-+    state->conn = conn;
-+    state->id_ctx = conn->id_ctx;
-+    state->opts = conn->id_ctx->opts;
-+    state->dom_name = dom_name;
-+
-+    ret = ad_master_domain_next(req);
-+    if (ret != EOK && ret != EAGAIN) {
-+        goto immediate;
-+    }
-+
-+    return req;
-+
-+immediate:
-+    if (ret != EOK) {
-+        tevent_req_error(req, ret);
-+    } else {
-+        tevent_req_done(req);
-+    }
-+    tevent_req_post(req, ev);
-+    return req;
-+}
-+
-+static errno_t
-+ad_master_domain_next(struct tevent_req *req)
-+{
-+    struct tevent_req *subreq;
-+    struct sdap_search_base *base;
-+    const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
-+
-+    struct ad_master_domain_state *state =
-+        tevent_req_data(req, struct ad_master_domain_state);
-+
-+    base = state->opts->sdom->search_bases[state->base_iter];
-+    if (base == NULL) {
-+        return EOK;
-+    }
-+
-+    subreq = sdap_get_generic_send(state, state->ev,
-+                                   state->id_ctx->opts,
-+                                   sdap_id_op_handle(state->id_op),
-+                                   base->basedn, LDAP_SCOPE_BASE,
-+                                   MASTER_DOMAIN_SID_FILTER, master_sid_attrs,
-+                                   NULL, 0,
-+                                   dp_opt_get_int(state->opts->basic,
-+                                                  SDAP_SEARCH_TIMEOUT),
-+                                   false);
-+    if (subreq == NULL) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
-+        return ENOMEM;
-+    }
-+    tevent_req_set_callback(subreq, ad_master_domain_next_done, req);
-+
-+    return EAGAIN;
-+}
-+
-+static void
-+ad_master_domain_next_done(struct tevent_req *subreq)
-+{
-+    errno_t ret;
-+    size_t reply_count;
-+    struct sysdb_attrs **reply = NULL;
-+    struct ldb_message_element *el;
-+    char *sid_str;
-+    enum idmap_error_code err;
-+    static const char *attrs[] = {AD_AT_NETLOGON, NULL};
-+    char *filter;
-+    char *ntver;
-+
-+    struct tevent_req *req = tevent_req_callback_data(subreq,
-+                                                      struct tevent_req);
-+    struct ad_master_domain_state *state =
-+        tevent_req_data(req, struct ad_master_domain_state);
-+
-+    ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
-+    talloc_zfree(subreq);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
-+        goto done;
-+    }
-+
-+    if (reply_count == 0) {
-+        state->base_iter++;
-+        ret = ad_master_domain_next(req);
-+        if (ret == EAGAIN) {
-+            /* Async request will get us back here again */
-+            return;
-+        } else if (ret != EOK) {
-+            goto done;
-+        }
-+
-+        /* EOK */
-+        tevent_req_done(req);
-+        return;
-+    } else if (reply_count == 1) {
-+        ret = sysdb_attrs_get_el(reply[0], AD_AT_OBJECT_SID, &el);
-+        if (ret != EOK || el->num_values != 1) {
-+            DEBUG(SSSDBG_OP_FAILURE, ("sdap_attrs_get_el failed.\n"));
-+            goto done;
-+        }
-+
-+        err = sss_idmap_bin_sid_to_sid(state->opts->idmap_ctx->map,
-+                                       el->values[0].data,
-+                                       el->values[0].length,
-+                                       &sid_str);
-+        if (err != IDMAP_SUCCESS) {
-+            DEBUG(SSSDBG_MINOR_FAILURE,
-+                  ("Could not convert SID: [%s].\n", idmap_error_string(err)));
-+            ret = EFAULT;
-+            goto done;
-+        }
-+
-+        state->sid = talloc_steal(state, sid_str);
-+    } else {
-+        DEBUG(SSSDBG_OP_FAILURE,
-+              ("More than one result for domain SID found.\n"));
-+        ret = EINVAL;
-+        goto done;
-+    }
-+
-+    DEBUG(SSSDBG_TRACE_FUNC, ("Found SID [%s].\n", state->sid));
-+
-+    ntver = sss_ldap_encode_ndr_uint32(state, NETLOGON_NT_VERSION_5EX |
-+                                       NETLOGON_NT_VERSION_WITH_CLOSEST_SITE);
-+    if (ntver == NULL) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("sss_ldap_encode_ndr_uint32 failed.\n"));
-+        ret = ENOMEM;
-+        goto done;
-+    }
-+
-+    filter = talloc_asprintf(state, "(&(%s=%s)(%s=%s))",
-+                             AD_AT_DNS_DOMAIN, state->dom_name,
-+                             AD_AT_NT_VERSION, ntver);
-+    if (filter == NULL) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n"));
-+        ret = ENOMEM;
-+        goto done;
-+    }
-+
-+    subreq = sdap_get_generic_send(state, state->ev,
-+                                   state->id_ctx->opts,
-+                                   sdap_id_op_handle(state->id_op),
-+                                   "", LDAP_SCOPE_BASE, filter, attrs, NULL, 0,
-+                                   dp_opt_get_int(state->opts->basic,
-+                                                  SDAP_SEARCH_TIMEOUT),
-+                                   false);
-+    if (subreq == NULL) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
-+        ret = ENOMEM;
-+        goto done;
-+    }
-+
-+    tevent_req_set_callback(subreq, ad_master_domain_netlogon_done, req);
-+    return;
-+
-+done:
-+    tevent_req_error(req, ret);
-+}
-+
-+static void
-+ad_master_domain_netlogon_done(struct tevent_req *subreq)
-+{
-+    int ret;
-+    size_t reply_count;
-+    struct sysdb_attrs **reply = NULL;
-+    struct ldb_message_element *el;
-+    DATA_BLOB blob;
-+    enum ndr_err_code ndr_err;
-+    struct ndr_pull *ndr_pull = NULL;
-+    struct netlogon_samlogon_response response;
-+
-+    struct tevent_req *req = tevent_req_callback_data(subreq,
-+                                                      struct tevent_req);
-+    struct ad_master_domain_state *state =
-+        tevent_req_data(req, struct ad_master_domain_state);
-+
-+    ret = sdap_get_generic_recv(subreq, state, &reply_count, &reply);
-+    talloc_zfree(subreq);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
-+        goto done;
-+    }
-+
-+    if (reply_count == 0) {
-+        DEBUG(SSSDBG_TRACE_FUNC, ("No netlogon data available.\n"));
-+        ret = ENOENT;
-+        goto done;
-+    } else if (reply_count > 1) {
-+        DEBUG(SSSDBG_OP_FAILURE,
-+              ("More than one netlogon info returned.\n"));
-+        ret = EINVAL;
-+        goto done;
-+    }
-+
-+    ret = sysdb_attrs_get_el(reply[0], AD_AT_NETLOGON, &el);
-+    if (ret != EOK) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_el() failed\n"));
-+        goto done;
-+    }
-+
-+    if (el->num_values == 0) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("netlogon has no value\n"));
-+        ret = ENOENT;
-+        goto done;
-+    } else if (el->num_values > 1) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("More than one netlogon value?\n"));
-+        ret = EIO;
-+        goto done;
-+    }
-+
-+    blob.data =  el->values[0].data;
-+    blob.length = el->values[0].length;
-+
-+    ndr_pull = ndr_pull_init_blob(&blob, state);
-+    if (ndr_pull == NULL) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_init_blob() failed.\n"));
-+        ret = ENOMEM;
-+        goto done;
-+    }
-+
-+    ndr_err = ndr_pull_netlogon_samlogon_response(ndr_pull, NDR_SCALARS,
-+                                                  &response);
-+    if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_netlogon_samlogon_response() "
-+                                  "failed [%d]\n", ndr_err));
-+        ret = EBADMSG;
-+        goto done;
-+    }
-+
-+    if (!(response.ntver & NETLOGON_NT_VERSION_5EX)) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("Wrong version returned [%x]\n",
-+                                  response.ntver));
-+        ret = EBADMSG;
-+        goto done;
-+    }
-+
-+    if (response.data.nt5_ex.domain_name != NULL &&
-+        *response.data.nt5_ex.domain_name != '\0') {
-+        state->flat = talloc_strdup(state, response.data.nt5_ex.domain_name);
-+        if (state->flat == NULL) {
-+            DEBUG(SSSDBG_OP_FAILURE, ("talloc_strdup failed.\n"));
-+            ret = ENOMEM;
-+            goto done;
-+        }
-+    }
-+
-+    DEBUG(SSSDBG_TRACE_FUNC, ("Found flat name [%s].\n", state->flat));
-+    tevent_req_done(req);
-+    return;
-+
-+done:
-+    tevent_req_error(req, ret);
-+}
-+
-+errno_t
-+ad_master_domain_recv(struct tevent_req *req,
-+                      TALLOC_CTX *mem_ctx,
-+                      char **_flat,
-+                      char **_id)
-+{
-+    struct ad_master_domain_state *state = tevent_req_data(req,
-+                                              struct ad_master_domain_state);
-+
-+    TEVENT_REQ_RETURN_ON_ERROR(req);
-+
-+    if (_flat) {
-+        *_flat = talloc_steal(mem_ctx, state->flat);
-+    }
-+
-+    if (_id) {
-+        *_id = talloc_steal(mem_ctx, state->sid);
-+    }
-+
-+    return EOK;
-+}
-diff --git a/src/providers/ad/ad_domain_info.h b/src/providers/ad/ad_domain_info.h
-new file mode 100644
-index 0000000000000000000000000000000000000000..d21706396034509a498391e666e03a8e2eda8e08
---- /dev/null
-+++ b/src/providers/ad/ad_domain_info.h
-@@ -0,0 +1,41 @@
-+/*
-+    SSSD
-+
-+    AD Master Domain Module
-+
-+    Authors:
-+        Sumit Bose <sbose at redhat.com>
-+
-+    Copyright (C) 2013 Red Hat
-+
-+    This program is free software; you can redistribute it and/or modify
-+    it under the terms of the GNU General Public License as published by
-+    the Free Software Foundation; either version 3 of the License, or
-+    (at your option) any later version.
-+
-+    This program is distributed in the hope that it will be useful,
-+    but WITHOUT ANY WARRANTY; without even the implied warranty of
-+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
-+    GNU General Public License for more details.
-+
-+    You should have received a copy of the GNU General Public License
-+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
-+*/
-+
-+#ifndef _AD_MASTER_DOMAIN_H_
-+#define _AD_MASTER_DOMAIN_H_
-+
-+struct tevent_req *
-+ad_master_domain_send(TALLOC_CTX *mem_ctx,
-+                      struct tevent_context *ev,
-+                      struct sdap_id_conn_ctx *conn,
-+                      struct sdap_id_op *op,
-+                      const char *dom_name);
-+
-+errno_t
-+ad_master_domain_recv(struct tevent_req *req,
-+                      TALLOC_CTX *mem_ctx,
-+                      char **_flat,
-+                      char **_id);
-+
-+#endif /* _AD_MASTER_DOMAIN_H_ */
-diff --git a/src/providers/ad/ad_init.c b/src/providers/ad/ad_init.c
-index f181afe6e37ace4cd0d7fba83923129b3161aad3..992881951edc215c9ad6b94efcab905abb3812f5 100644
---- a/src/providers/ad/ad_init.c
-+++ b/src/providers/ad/ad_init.c
-@@ -40,6 +40,7 @@
- #include "providers/ad/ad_srv.h"
- #include "providers/dp_dyndns.h"
- #include "providers/ad/ad_subdomains.h"
-+#include "providers/ad/ad_domain_info.h"
- 
- struct ad_options *ad_options = NULL;
- 
-@@ -214,7 +215,6 @@ sssm_ad_id_init(struct be_ctx *bectx,
-                           &ad_ctx->sdap_id_ctx->opts->idmap_ctx);
-     if (ret != EOK) goto done;
- 
--
-     ret = setup_tls_config(ad_ctx->sdap_id_ctx->opts->basic);
-     if (ret != EOK) {
-         DEBUG(SSSDBG_CRIT_FAILURE,
-diff --git a/src/providers/ad/ad_subdomains.c b/src/providers/ad/ad_subdomains.c
-index afd2031fe6be557f43555b6dd8b47731d9833585..399957ee16ab0a01c97c8dde4b0adc5ded1c4e25 100644
---- a/src/providers/ad/ad_subdomains.c
-+++ b/src/providers/ad/ad_subdomains.c
-@@ -24,6 +24,7 @@
- 
- #include "providers/ldap/sdap_async.h"
- #include "providers/ad/ad_subdomains.h"
-+#include "providers/ad/ad_domain_info.h"
- #include <ctype.h>
- #include <ndr.h>
- #include <ndr/ndr_nbt.h>
-@@ -263,9 +264,7 @@ done:
- }
- 
- static void ad_subdomains_get_conn_done(struct tevent_req *req);
--static errno_t ad_subdomains_get_master_sid(struct ad_subdomains_req_ctx *ctx);
--static void ad_subdomains_get_master_sid_done(struct tevent_req *req);
--static void ad_subdomains_get_netlogon_done(struct tevent_req *req);
-+static void ad_subdomains_master_dom_done(struct tevent_req *req);
- static errno_t ad_subdomains_get_slave(struct ad_subdomains_req_ctx *ctx);
- 
- static void ad_subdomains_retrieve(struct ad_subdomains_ctx *ctx,
-@@ -340,236 +339,46 @@ static void ad_subdomains_get_conn_done(struct tevent_req *req)
-         goto fail;
-     }
- 
--    ret = ad_subdomains_get_master_sid(ctx);
--    if (ret == EAGAIN) {
--        return;
--    } else if (ret != EOK) {
-+    req = ad_master_domain_send(ctx, ctx->sd_ctx->be_ctx->ev,
-+                                ctx->sd_ctx->ldap_ctx,
-+                                ctx->sdap_op,
-+                                ctx->sd_ctx->domain_name);
-+    if (req == NULL) {
-+        DEBUG(SSSDBG_OP_FAILURE, ("ad_master_domain_send failed.\n"));
-+        ret = ENOMEM;
-         goto fail;
-     }
--
--    DEBUG(SSSDBG_OP_FAILURE, ("No search base available.\n"));
--    ret = EINVAL;
-+    tevent_req_set_callback(req, ad_subdomains_master_dom_done, ctx);
-+    return;
- 
- fail:
-     be_req_terminate(ctx->be_req, dp_error, ret, NULL);
- }
- 
--static errno_t ad_subdomains_get_master_sid(struct ad_subdomains_req_ctx *ctx)
-+static void ad_subdomains_master_dom_done(struct tevent_req *req)
- {
--    struct tevent_req *req;
--    struct sdap_search_base *base;
--    const char *master_sid_attrs[] = {AD_AT_OBJECT_SID, NULL};
--
--
--    base = ctx->sd_ctx->sdom->search_bases[ctx->base_iter];
--    if (base == NULL) {
--        return EOK;
--    }
--
--    req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev,
--                           ctx->sd_ctx->sdap_id_ctx->opts,
--                           sdap_id_op_handle(ctx->sdap_op),
--                           base->basedn, LDAP_SCOPE_BASE,
--                           MASTER_DOMAIN_SID_FILTER, master_sid_attrs,
--                           NULL, 0,
--                           dp_opt_get_int(ctx->sd_ctx->sdap_id_ctx->opts->basic,
--                                          SDAP_SEARCH_TIMEOUT),
--                           false);
--
--    if (req == NULL) {
--        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
--        return ENOMEM;
--    }
--
--    tevent_req_set_callback(req, ad_subdomains_get_master_sid_done, ctx);
--
--    return EAGAIN;
--}
--
--static void ad_subdomains_get_master_sid_done(struct tevent_req *req)
--{
--    int ret;
--    size_t reply_count;
--    struct sysdb_attrs **reply = NULL;
-     struct ad_subdomains_req_ctx *ctx;
--    struct ldb_message_element *el;
--    char *sid_str;
--    enum idmap_error_code err;
--    static const char *attrs[] = {AD_AT_NETLOGON, NULL};
--    char *filter;
--    char *ntver;
-+    errno_t ret;
- 
-     ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
- 
--    ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
-+    ret = ad_master_domain_recv(req, ctx,
-+                                &ctx->flat_name, &ctx->master_sid);
-     talloc_zfree(req);
-     if (ret != EOK) {
--        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
--        goto done;
--    }
--
--    if (reply_count == 0) {
--        ctx->base_iter++;
--        ret = ad_subdomains_get_master_sid(ctx);
--        if (ret == EAGAIN) {
--            return;
--        } else if (ret != EOK) {
--            goto done;
--        }
--    } else if (reply_count == 1) {
--        ret = sysdb_attrs_get_el(reply[0], AD_AT_OBJECT_SID, &el);
--        if (ret != EOK || el->num_values != 1) {
--            DEBUG(SSSDBG_OP_FAILURE, ("sdap_attrs_get_el failed.\n"));
--            goto done;
--        }
--
--        err = sss_idmap_bin_sid_to_sid(ctx->sd_ctx->idmap_ctx,
--                                       el->values[0].data,
--                                       el->values[0].length,
--                                       &sid_str);
--        if (err != IDMAP_SUCCESS) {
--            DEBUG(SSSDBG_MINOR_FAILURE,
--                  ("Could not convert SID: [%s].\n", idmap_error_string(err)));
--            ret = EFAULT;
--            goto done;
--        }
--
--        ctx->master_sid = talloc_steal(ctx, sid_str);
--    } else {
--        DEBUG(SSSDBG_OP_FAILURE,
--              ("More than one result for domain SID found.\n"));
--        ret = EINVAL;
-+        DEBUG(SSSDBG_OP_FAILURE, ("Cannot retrieve master domain info\n"));
-         goto done;
-     }
- 
--    DEBUG(SSSDBG_TRACE_FUNC, ("Found SID [%s].\n", ctx->master_sid));
--
--    ntver = sss_ldap_encode_ndr_uint32(ctx, NETLOGON_NT_VERSION_5EX |
--                                       NETLOGON_NT_VERSION_WITH_CLOSEST_SITE);
--    if (ntver == NULL) {
--        DEBUG(SSSDBG_OP_FAILURE, ("sss_ldap_encode_ndr_uint32 failed.\n"));
--        ret = ENOMEM;
--        goto done;
--    }
--
--    filter = talloc_asprintf(ctx, "(&(%s=%s)(%s=%s))",
--                             AD_AT_DNS_DOMAIN, ctx->sd_ctx->domain_name,
--                             AD_AT_NT_VERSION, ntver);
--    if (filter == NULL) {
--        DEBUG(SSSDBG_OP_FAILURE, ("talloc_asprintf failed.\n"));
--        ret = ENOMEM;
--        goto done;
--    }
--
--    req = sdap_get_generic_send(ctx, ctx->sd_ctx->be_ctx->ev,
--                           ctx->sd_ctx->sdap_id_ctx->opts,
--                           sdap_id_op_handle(ctx->sdap_op),
--                           "", LDAP_SCOPE_BASE, filter, attrs, NULL, 0,
--                           dp_opt_get_int(ctx->sd_ctx->sdap_id_ctx->opts->basic,
--                                          SDAP_SEARCH_TIMEOUT),
--                           false);
--    if (req == NULL) {
--        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send failed.\n"));
--        ret = ENOMEM;
--        goto done;
--    }
--
--    tevent_req_set_callback(req, ad_subdomains_get_netlogon_done, ctx);
--    return;
--
--done:
--    be_req_terminate(ctx->be_req, DP_ERR_FATAL, ret, NULL);
--}
--
--static void ad_subdomains_get_netlogon_done(struct tevent_req *req)
--{
--    int ret;
--    size_t reply_count;
--    struct sysdb_attrs **reply = NULL;
--    struct ad_subdomains_req_ctx *ctx;
--    struct ldb_message_element *el;
--    DATA_BLOB blob;
--    enum ndr_err_code ndr_err;
--    struct ndr_pull *ndr_pull = NULL;
--    struct netlogon_samlogon_response response;
--    int dp_error = DP_ERR_FATAL;
--
--    ctx = tevent_req_callback_data(req, struct ad_subdomains_req_ctx);
--
--    ret = sdap_get_generic_recv(req, ctx, &reply_count, &reply);
--    talloc_zfree(req);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_OP_FAILURE, ("sdap_get_generic_send request failed.\n"));
--        goto done;
--    }
--
--    if (reply_count == 0) {
--        DEBUG(SSSDBG_TRACE_FUNC, ("No netlogon data available.\n"));
--        ret = ENOENT;
--        goto done;
--    } else if (reply_count > 1) {
--        DEBUG(SSSDBG_OP_FAILURE,
--              ("More than one netlogon info returned.\n"));
--        ret = EINVAL;
--        goto done;
--    }
--
--    ret = sysdb_attrs_get_el(reply[0], AD_AT_NETLOGON, &el);
--    if (ret != EOK) {
--        DEBUG(SSSDBG_OP_FAILURE, ("sysdb_attrs_get_el() failed\n"));
--        goto done;
--    }
--
--    if (el->num_values == 0) {
--        DEBUG(SSSDBG_OP_FAILURE, ("netlogon has no value\n"));
--        ret = ENOENT;
--        goto done;
--    } else if (el->num_values > 1) {
--        DEBUG(SSSDBG_OP_FAILURE, ("More than one netlogon value?\n"));
--        ret = EIO;
--        goto done;
--    }
--
--    blob.data =  el->values[0].data;
--    blob.length = el->values[0].length;
--
--    ndr_pull = ndr_pull_init_blob(&blob, ctx);
--    if (ndr_pull == NULL) {
--        DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_init_blob() failed.\n"));
--        ret = ENOMEM;
--        goto done;
--    }
--
--    ndr_err = ndr_pull_netlogon_samlogon_response(ndr_pull, NDR_SCALARS,
--                                                  &response);
--    if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
--        DEBUG(SSSDBG_OP_FAILURE, ("ndr_pull_netlogon_samlogon_response() "
--                                  "failed [%d]\n", ndr_err));
--        ret = EBADMSG;
--        goto done;
--    }



More information about the Pkg-sssd-devel mailing list