sssd  2.2.3
About: SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides also an NSS and PAM interface toward the system.
  Fossies Dox: sssd-2.2.3.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

ad_common.h
Go to the documentation of this file.
1 /*
2  SSSD
3 
4  Authors:
5  Stephen Gallagher <sgallagh@redhat.com>
6 
7  Copyright (C) 2012 Red Hat
8 
9  This program is free software; you can redistribute it and/or modify
10  it under the terms of the GNU General Public License as published by
11  the Free Software Foundation; either version 3 of the License, or
12  (at your option) any later version.
13 
14  This program is distributed in the hope that it will be useful,
15  but WITHOUT ANY WARRANTY; without even the implied warranty of
16  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17  GNU General Public License for more details.
18 
19  You should have received a copy of the GNU General Public License
20  along with this program. If not, see <http://www.gnu.org/licenses/>.
21 */
22 
23 #ifndef AD_COMMON_H_
24 #define AD_COMMON_H_
25 
26 #include "util/util.h"
28 
29 #define AD_SERVICE_NAME "AD"
30 #define AD_GC_SERVICE_NAME "AD_GC"
31 /* The port the Global Catalog runs on */
32 #define AD_GC_PORT 3268
33 
34 #define AD_AT_OBJECT_SID "objectSID"
35 #define AD_AT_DNS_DOMAIN "DnsDomain"
36 #define AD_AT_NT_VERSION "NtVer"
37 #define AD_AT_NETLOGON "netlogon"
38 
39 #define MASTER_DOMAIN_SID_FILTER "objectclass=domain"
40 
41 struct ad_options;
42 
44  AD_DOMAIN = 0,
70 
71  AD_OPTS_BASIC /* opts counter */
72 };
73 
74 struct ad_id_ctx {
79 };
80 
81 struct ad_service {
82  struct sdap_service *sdap;
83  struct sdap_service *gc;
85 };
86 
87 struct ad_options {
88  /* Common options */
89  struct dp_option *basic;
91 
92  /* ID Provider */
93  struct sdap_options *id;
94  struct ad_id_ctx *id_ctx;
95 
96  /* Auth and chpass Provider */
97  struct krb5_ctx *auth_ctx;
98 
99  /* Dynamic DNS updates */
102 };
103 
104 errno_t
105 ad_get_common_options(TALLOC_CTX *mem_ctx,
106  struct confdb_ctx *cdb,
107  const char *conf_path,
108  struct sss_domain_info *dom,
109  struct ad_options **_opts);
110 
111 /* FIXME: ad_get_common_options and ad_create_options are
112  * similar. The later is subdomain specific. It may be
113  * good to merge the two into one more generic funtion. */
114 struct ad_options *ad_create_options(TALLOC_CTX *mem_ctx,
115  struct confdb_ctx *cdb,
116  const char *conf_path,
117  struct data_provider *dp,
118  struct sss_domain_info *subdom);
119 
120 struct ad_options *ad_create_2way_trust_options(TALLOC_CTX *mem_ctx,
121  struct confdb_ctx *cdb,
122  const char *conf_path,
123  struct data_provider *dp,
124  const char *realm,
125  struct sss_domain_info *subdom,
126  const char *hostname,
127  const char *keytab);
128 
129 struct ad_options *ad_create_1way_trust_options(TALLOC_CTX *mem_ctx,
130  struct confdb_ctx *cdb,
131  const char *conf_path,
132  struct data_provider *dp,
133  struct sss_domain_info *subdom,
134  const char *hostname,
135  const char *keytab,
136  const char *sasl_authid);
137 
139  struct sdap_domain *sdap);
140 
141 errno_t
142 ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx,
143  const char *primary_servers,
144  const char *backup_servers,
145  const char *krb5_realm,
146  const char *ad_service,
147  const char *ad_gc_service,
148  const char *ad_domain,
149  bool use_kdcinfo,
150  size_t n_lookahead_primary,
151  size_t n_lookahead_backup,
152  struct ad_service **_service);
153 
154 void
155 ad_failover_reset(struct be_ctx *bectx,
156  struct ad_service *adsvc);
157 
158 errno_t
159 ad_get_id_options(struct ad_options *ad_opts,
160  struct confdb_ctx *cdb,
161  const char *conf_path,
162  struct data_provider *dp,
163  struct sdap_options **_opts);
164 errno_t
165 ad_get_autofs_options(struct ad_options *ad_opts,
166  struct confdb_ctx *cdb,
167  const char *conf_path);
168 errno_t
169 ad_get_auth_options(TALLOC_CTX *mem_ctx,
170  struct ad_options *ad_opts,
171  struct be_ctx *bectx,
172  struct dp_option **_opts);
173 
174 errno_t
176  struct ad_options *ad_opts);
177 
178 struct ad_id_ctx *
179 ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx);
180 
181 struct sdap_id_conn_ctx **
182 ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx,
183  struct sss_domain_info *dom);
184 
185 struct sdap_id_conn_ctx **
186 ad_ldap_conn_list(TALLOC_CTX *mem_ctx,
187  struct ad_id_ctx *ad_ctx,
188  struct sss_domain_info *dom);
189 
190 struct sdap_id_conn_ctx **
191 ad_user_conn_list(TALLOC_CTX *mem_ctx,
192  struct ad_id_ctx *ad_ctx,
193  struct sss_domain_info *dom);
194 
195 struct sdap_id_conn_ctx *
196 ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom);
197 
198 /* AD dynamic DNS updates */
200  struct ad_options *ctx);
201 
202 errno_t ad_sudo_init(TALLOC_CTX *mem_ctx,
203  struct be_ctx *be_ctx,
204  struct ad_id_ctx *id_ctx,
205  struct dp_method *dp_methods);
206 
207 errno_t ad_autofs_init(TALLOC_CTX *mem_ctx,
208  struct be_ctx *be_ctx,
209  struct ad_id_ctx *id_ctx,
210  struct dp_method *dp_methods);
211 
213  struct ad_options *ad_opts);
214 
215 errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx,
216  struct sysdb_attrs *reply,
217  bool check_next_nearest_site_as_well,
218  char **_flat_name,
219  char **_site,
220  char **_forest);
221 
222 errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts,
223  struct dp_option *suddom_opts,
224  struct confdb_ctx *cdb,
225  const char *subdom_conf_path,
226  int opt_id);
227 
229  struct ad_id_ctx *id_ctx);
230 
231 #endif /* AD_COMMON_H_ */
AD_GPO_MAP_DENY
@ AD_GPO_MAP_DENY
Definition: ad_common.h:64
ad_basic_opt
ad_basic_opt
Definition: ad_common.h:43
ad_get_dom_ldap_conn
struct sdap_id_conn_ctx * ad_get_dom_ldap_conn(struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom)
Definition: ad_common.c:1374
AD_SERVER
@ AD_SERVER
Definition: ad_common.h:46
sysdb_attrs
Definition: sysdb.h:328
AD_GPO_ACCESS_CONTROL
@ AD_GPO_ACCESS_CONTROL
Definition: ad_common.h:54
AD_DOMAIN
@ AD_DOMAIN
Definition: ad_common.h:44
sdap_id_conn_ctx::id_ctx
struct sdap_id_ctx * id_ctx
Definition: ldap_common.h:51
data_provider
Definition: dp_private.h:76
sdap_domain
Definition: sdap.h:416
AD_GPO_IGNORE_UNREADABLE
@ AD_GPO_IGNORE_UNREADABLE
Definition: ad_common.h:56
AD_GPO_DEFAULT_RIGHT
@ AD_GPO_DEFAULT_RIGHT
Definition: ad_common.h:65
AD_KEYTAB
@ AD_KEYTAB
Definition: ad_common.h:49
AD_GPO_MAP_PERMIT
@ AD_GPO_MAP_PERMIT
Definition: ad_common.h:63
dp_option
Definition: data_provider.h:201
realm
Definition: sss_cert_content_nss.c:293
ad_inherit_opts_if_needed
errno_t ad_inherit_opts_if_needed(struct dp_option *parent_opts, struct dp_option *suddom_opts, struct confdb_ctx *cdb, const char *subdom_conf_path, int opt_id)
Definition: ad_common.c:1472
AD_GPO_MAP_SERVICE
@ AD_GPO_MAP_SERVICE
Definition: ad_common.h:62
ad_options::be_res
struct be_resolv_ctx * be_res
Definition: ad_common.h:100
sss_domain_info
Data structure storing all of the basic features of a domain.
Definition: confdb.h:340
ad_options::service
struct ad_service * service
Definition: ad_common.h:90
ad_create_options
struct ad_options * ad_create_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, struct data_provider *dp, struct sss_domain_info *subdom)
Definition: ad_common.c:224
ad_user_conn_list
struct sdap_id_conn_ctx ** ad_user_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom)
Definition: ad_common.c:1442
ad_service::krb5_service
struct krb5_service * krb5_service
Definition: ad_common.h:84
AD_GPO_MAP_NETWORK
@ AD_GPO_MAP_NETWORK
Definition: ad_common.h:60
be_resolv_ctx
Definition: backend.h:42
ldap_common.h
ad_options
Definition: ad_common.h:87
AD_HOSTNAME
@ AD_HOSTNAME
Definition: ad_common.h:48
ad_set_search_bases
errno_t ad_set_search_bases(struct sdap_options *id_opts, struct sdap_domain *sdap)
Definition: ad_common.c:1158
errno_t
int errno_t
Definition: hbac_evaluator.c:36
ad_options::basic
struct dp_option * basic
Definition: ad_common.h:89
ad_id_ctx::sdap_id_ctx
struct sdap_id_ctx * sdap_id_ctx
Definition: ad_common.h:75
confdb_ctx
Definition: confdb_private.h:25
ad_get_dyndns_options
errno_t ad_get_dyndns_options(struct be_ctx *be_ctx, struct ad_options *ad_opts)
Definition: ad_common.c:1326
ad_create_1way_trust_options
struct ad_options * ad_create_1way_trust_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, struct data_provider *dp, struct sss_domain_info *subdom, const char *hostname, const char *keytab, const char *sasl_authid)
Definition: ad_common.c:350
ad_gc_conn_list
struct sdap_id_conn_ctx ** ad_gc_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom)
Definition: ad_common.c:1401
ad_get_id_options
errno_t ad_get_id_options(struct ad_options *ad_opts, struct confdb_ctx *cdb, const char *conf_path, struct data_provider *dp, struct sdap_options **_opts)
Definition: ad_common.c:1087
ad_service
Definition: ad_common.h:81
ad_ldap_conn_list
struct sdap_id_conn_ctx ** ad_ldap_conn_list(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_ctx, struct sss_domain_info *dom)
Definition: ad_common.c:1424
dp_method
Definition: dp_private.h:66
ad_failover_reset
void ad_failover_reset(struct be_ctx *bectx, struct ad_service *adsvc)
Definition: ad_common.c:848
ad_options::id
struct sdap_options * id
Definition: ad_common.h:93
AD_ENABLE_DNS_SITES
@ AD_ENABLE_DNS_SITES
Definition: ad_common.h:51
ad_refresh_init
errno_t ad_refresh_init(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx)
Definition: ad_refresh.c:208
netlogon_get_domain_info
errno_t netlogon_get_domain_info(TALLOC_CTX *mem_ctx, struct sysdb_attrs *reply, bool check_next_nearest_site_as_well, char **_flat_name, char **_site, char **_forest)
Definition: ad_domain_info.c:38
ad_dyndns_init
errno_t ad_dyndns_init(struct be_ctx *be_ctx, struct ad_options *ctx)
Definition: ad_dyndns.c:53
ctx
struct nss_ops_ctx * ctx
Definition: wbc_pwd_sssd.c:61
ad_autofs_init
errno_t ad_autofs_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, struct dp_method *dp_methods)
Definition: ad_autofs.c:25
AD_GPO_MAP_BATCH
@ AD_GPO_MAP_BATCH
Definition: ad_common.h:61
ad_get_autofs_options
errno_t ad_get_autofs_options(struct ad_options *ad_opts, struct confdb_ctx *cdb, const char *conf_path)
Definition: ad_common.c:1127
ad_machine_account_password_renewal_init
errno_t ad_machine_account_password_renewal_init(struct be_ctx *be_ctx, struct ad_options *ad_opts)
Definition: ad_machine_pw_renewal.c:301
AD_BACKUP_SERVER
@ AD_BACKUP_SERVER
Definition: ad_common.h:47
AD_GPO_CACHE_TIMEOUT
@ AD_GPO_CACHE_TIMEOUT
Definition: ad_common.h:57
krb5_ctx
Definition: krb5_common.h:97
ad_failover_init
errno_t ad_failover_init(TALLOC_CTX *mem_ctx, struct be_ctx *ctx, const char *primary_servers, const char *backup_servers, const char *krb5_realm, const char *ad_service, const char *ad_gc_service, const char *ad_domain, bool use_kdcinfo, size_t n_lookahead_primary, size_t n_lookahead_backup, struct ad_service **_service)
Definition: ad_common.c:724
be_nsupdate_ctx
Definition: be_dyndns.h:39
AD_MAXIMUM_MACHINE_ACCOUNT_PASSWORD_AGE
@ AD_MAXIMUM_MACHINE_ACCOUNT_PASSWORD_AGE
Definition: ad_common.h:68
AD_OPTS_BASIC
@ AD_OPTS_BASIC
Definition: ad_common.h:71
AD_GPO_IMPLICIT_DENY
@ AD_GPO_IMPLICIT_DENY
Definition: ad_common.h:55
ad_id_ctx::gc_ctx
struct sdap_id_conn_ctx * gc_ctx
Definition: ad_common.h:77
ad_service::sdap
struct sdap_service * sdap
Definition: ad_common.h:82
AD_KRB5_CONFD_PATH
@ AD_KRB5_CONFD_PATH
Definition: ad_common.h:67
ad_service::gc
struct sdap_service * gc
Definition: ad_common.h:83
sdap_options
Definition: sdap.h:459
AD_ENABLED_DOMAINS
@ AD_ENABLED_DOMAINS
Definition: ad_common.h:45
krb5_service
Definition: krb5_common.h:72
ad_create_2way_trust_options
struct ad_options * ad_create_2way_trust_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, struct data_provider *dp, const char *realm, struct sss_domain_info *subdom, const char *hostname, const char *keytab)
Definition: ad_common.c:310
AD_ENABLE_GC
@ AD_ENABLE_GC
Definition: ad_common.h:53
ad_options::id_ctx
struct ad_id_ctx * id_ctx
Definition: ad_common.h:94
AD_GPO_MAP_REMOTE_INTERACTIVE
@ AD_GPO_MAP_REMOTE_INTERACTIVE
Definition: ad_common.h:59
ad_id_ctx_init
struct ad_id_ctx * ad_id_ctx_init(struct ad_options *ad_opts, struct be_ctx *bectx)
Definition: ad_common.c:1345
ad_get_auth_options
errno_t ad_get_auth_options(TALLOC_CTX *mem_ctx, struct ad_options *ad_opts, struct be_ctx *bectx, struct dp_option **_opts)
Definition: ad_common.c:1251
ad_get_common_options
errno_t ad_get_common_options(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *conf_path, struct sss_domain_info *dom, struct ad_options **_opts)
Definition: ad_common.c:410
ad_id_ctx
Definition: ad_common.h:74
ad_id_ctx::ad_options
struct ad_options * ad_options
Definition: ad_common.h:78
AD_MACHINE_ACCOUNT_PASSWORD_RENEWAL_OPTS
@ AD_MACHINE_ACCOUNT_PASSWORD_RENEWAL_OPTS
Definition: ad_common.h:69
ad_options::dyndns_ctx
struct be_nsupdate_ctx * dyndns_ctx
Definition: ad_common.h:101
be_ctx
Definition: backend.h:75
sdap_service
Definition: sdap.h:99
AD_GPO_MAP_INTERACTIVE
@ AD_GPO_MAP_INTERACTIVE
Definition: ad_common.h:58
AD_ACCESS_FILTER
@ AD_ACCESS_FILTER
Definition: ad_common.h:52
sdap_id_conn_ctx
Definition: ldap_common.h:50
ad_options::auth_ctx
struct krb5_ctx * auth_ctx
Definition: ad_common.h:97
util.h
ad_sudo_init
errno_t ad_sudo_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, struct dp_method *dp_methods)
Definition: ad_sudo.c:29
AD_SITE
@ AD_SITE
Definition: ad_common.h:66
AD_KRB5_REALM
@ AD_KRB5_REALM
Definition: ad_common.h:50
dp_methods
dp_methods
Definition: dp.h:75
ad_id_ctx::ldap_ctx
struct sdap_id_conn_ctx * ldap_ctx
Definition: ad_common.h:76
sdap_id_ctx
Definition: ldap_common.h:64