himmelblau: add Entra ID provider with libhimmelblau integration

Makefile.am

@@ -410,6 +410,10 @@ sssdlib_LTLIBRARIES = \
     libsss_simple.la \
     $(NULL)
 
+if BUILD_HIMMELBLAU
+sssdlib_LTLIBRARIES += libsss_himmelblau.la
+endif
+
 if BUILD_SAMBA
 sssdlib_LTLIBRARIES += \
     libsss_ipa.la \
@@ -1079,6 +1083,30 @@ EXTRA_DIST += \
     src/responder/ifp/ifp_iface/ifp_iface.xml \
     $(NULL)
 
+if BUILD_VENDORED_HIMMELBLAU
+
+build-vendored-libhimmelblau:
+	@echo "Building vendored libhimmelblau..."
+	cd $(top_srcdir)/src/external/libhimmelblau && \
+	$(CARGO) cbuild --release --prefix=$(prefix) --libdir=$(libdir)
+	@touch $@
+
+clean-vendored-libhimmelblau:
+	cd $(top_srcdir)/src/external/libhimmelblau && \
+	$(CARGO) clean || true
+	rm -f build-vendored-libhimmelblau
+
+install-vendored-libhimmelblau:
+	cd $(top_srcdir)/src/external/libhimmelblau && \
+	$(CARGO) cinstall --release --destdir=$(DESTDIR) \
+	    --prefix=$(prefix) --libdir=$(libdir)
+
+BUILT_SOURCES += build-vendored-libhimmelblau
+
+.PHONY: build-vendored-libhimmelblau clean-vendored-libhimmelblau install-vendored-libhimmelblau
+
+endif # BUILD_VENDORED_HIMMELBLAU
+
 pkglib_LTLIBRARIES += libsss_sbus.la
 libsss_sbus_la_SOURCES = \
     src/util/check_file.c \
@@ -4516,6 +4544,37 @@ libsss_simple_la_LDFLAGS = \
     -avoid-version \
     -module
 
+if BUILD_HIMMELBLAU
+libsss_himmelblau_la_SOURCES = \
+    src/providers/himmelblau/himmelblau_init.c \
+    src/providers/himmelblau/himmelblau_auth.c \
+    src/providers/himmelblau/himmelblau_id.c \
+    src/providers/himmelblau/himmelblau_opts.c \
+    src/providers/himmelblau/himmelblau_device.c \
+    src/providers/himmelblau/himmelblau_util.c \
+    $(NULL)
+
+libsss_himmelblau_la_CFLAGS = \
+    $(AM_CFLAGS) \
+    $(HIMMELBLAU_CFLAGS)
+
+libsss_himmelblau_la_LIBADD = \
+    $(TALLOC_LIBS) \
+    $(TEVENT_LIBS) \
+    $(HIMMELBLAU_LIBS) \
+    $(SSSD_INTERNAL_LTLIBS) \
+    $(NULL)
+
+libsss_himmelblau_la_LDFLAGS = \
+    -avoid-version \
+    -module
+
+if BUILD_VENDORED_HIMMELBLAU
+libsss_himmelblau_la_DEPENDENCIES = build-vendored-libhimmelblau
+endif
+
+endif # BUILD_HIMMELBLAU
+
 libsss_krb5_la_SOURCES = \
     src/providers/krb5/krb5_init.c
 libsss_krb5_la_CFLAGS = \
@@ -5551,6 +5610,9 @@ if BUILD_PYTHON3_BINDINGS
 endif
 
 install-exec-hook: installsssddirs
+if BUILD_VENDORED_HIMMELBLAU
+	$(MAKE) install-vendored-libhimmelblau
+endif
 if BUILD_PYTHON2_BINDINGS
 	if [ "$(DESTDIR)" = "" ]; then \
 		cd $(builddir)/src/config; \
@@ -5674,6 +5736,9 @@ if BUILD_SAMBA
 endif
 
 clean-local:
+if BUILD_VENDORED_HIMMELBLAU
+	$(MAKE) clean-vendored-libhimmelblau
+endif
 if BUILD_PYTHON2_BINDINGS
 	if [ ! $(srcdir)/src/config/SSSDConfig/ipachangeconf.py -ef $(builddir)/src/config/SSSDConfig/ipachangeconf.py ]; then \
 		rm -f $(builddir)/src/config/SSSDConfig/ipachangeconf.py ; \

configure.ac

@@ -186,6 +186,7 @@ WITH_AUTOFS
 WITH_SUBID
 WITH_SUBID_LIB_PATH
 WITH_PASSKEY
+WITH_HIMMELBLAU
 WITH_SSH
 WITH_SYSLOG
 WITH_SAMBA
@@ -271,6 +272,26 @@ if test x"$found_passkey" = xyes; then
 fi
 AM_CONDITIONAL([BUILD_PASSKEY], [test x"$found_passkey" = xyes])
 
+m4_include([src/external/libhimmelblau.m4])
+
+AS_IF([test x"$with_himmelblau" = xyes -a x"$found_himmelblau" = xno], [
+    AC_MSG_ERROR([Himmelblau provider requested but libhimmelblau not found.
+Please install libhimmelblau-devel or use --without-himmelblau.])
+])
+
+AS_IF([test x"$with_himmelblau" = xauto], [
+    AS_IF([test x"$found_himmelblau" != xno], [
+        with_himmelblau=yes
+    ], [
+        with_himmelblau=no
+    ])
+])
+
+if test x"$with_himmelblau" = xyes; then
+    AC_DEFINE(BUILD_HIMMELBLAU, 1, [whether to build with Himmelblau provider])
+fi
+AM_CONDITIONAL([BUILD_HIMMELBLAU], [test x"$with_himmelblau" = xyes])
+
 UNICODE_LIBS=$UNISTRING_LIBS
 AC_SUBST(UNICODE_LIBS)
 

contrib/sssd.spec.in

@@ -8,6 +8,8 @@
 %global build_idp 0
 %endif
 
+%global with_himmelblau 0
+
 # we don't want to provide private python extension libs
 %define __provides_exclude_from %{python3_sitearch}/.*\.so$
 
@@ -91,6 +93,9 @@ BuildRequires: krb5-devel
 BuildRequires: libcmocka-devel >= 1.0.0
 BuildRequires: libdhash-devel >= 0.4.2
 BuildRequires: libfido2-devel
+%if 0%{?with_himmelblau}
+BuildRequires: libhimmelblau-devel >= 0.8.0
+%endif
 BuildRequires: libini_config-devel >= 1.3
 BuildRequires: libldb-devel
 BuildRequires: libnfsidmap-devel
@@ -522,6 +527,11 @@ autoreconf -ivf
     --with-test-dir=/dev/shm \
     --with-subid \
     --with-passkey \
+%if 0%{?with_himmelblau}
+    --with-himmelblau \
+%else
+    --without-himmelblau \
+%endif
 %if ! %{build_idp}
     --with-id-provider-idp=no \
 %endif
@@ -708,6 +718,9 @@ install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf
 
 %dir %{_libdir}/%{name}
 %{_libdir}/%{name}/libsss_simple.so
+%if 0%{?with_himmelblau}
+%{_libdir}/%{name}/libsss_himmelblau.so
+%endif
 
 #Internal shared libraries
 %{_libdir}/%{name}/libsss_child.so

src/conf_macros.m4

@@ -687,6 +687,17 @@ AC_DEFUN([WITH_PASSKEY],
                )
   ])
 
+AC_DEFUN([WITH_HIMMELBLAU],
+  [ AC_ARG_WITH([himmelblau],
+                [AC_HELP_STRING([--with-himmelblau],
+                                [Whether to build with Himmelblau provider [auto]]
+                               )
+                ],
+                [with_himmelblau=$withval],
+                with_himmelblau=auto
+               )
+  ])
+
 AC_DEFUN([WITH_SSH],
   [ AC_ARG_WITH([ssh],
                 [AC_HELP_STRING([--with-ssh],

src/confdb/confdb.h

@@ -266,6 +266,10 @@
 #define CONFDB_PROXY_FAST_ALIAS "proxy_fast_alias"
 #define CONFDB_PROXY_MAX_CHILDREN "proxy_max_children"
 
+/* Himmelblau Provider */
+#define CONFDB_HIMMELBLAU_DOMAIN "himmelblau_domain"
+#define CONFDB_HIMMELBLAU_DEVICE_STORAGE "himmelblau_device_storage"
+
 /* IdP Provider */
 #define CONFDB_IDP_CLIENT_SECRET "idp_client_secret"
 

src/external/libhimmelblau.m4

@@ -0,0 +1,30 @@
+AC_SUBST(HIMMELBLAU_LIBS)
+AC_SUBST(HIMMELBLAU_CFLAGS)
+
+found_himmelblau=no
+BUILD_VENDORED_HIMMELBLAU=no
+
+AS_IF([test x$with_himmelblau != xno], [
+    PKG_CHECK_MODULES([HIMMELBLAU], [himmelblau >= 0.8.0],
+                      [found_himmelblau=yes],
+                      [found_himmelblau=no])
+
+    AS_IF([test x"$found_himmelblau" = xno],
+        [AC_CHECK_PROG([CARGO], [cargo], [cargo])
+         AC_CHECK_PROG([CARGO_CBUILD], [cargo-cbuild], [cargo-cbuild])
+
+         AS_IF([test x"$CARGO" != x -a x"$CARGO_CBUILD" != x],
+            [AS_IF([test -f "$srcdir/src/external/libhimmelblau/Cargo.toml"],
+                [AC_MSG_NOTICE([Will build vendored libhimmelblau])
+                 found_himmelblau=vendored
+                 BUILD_VENDORED_HIMMELBLAU=yes
+                 HIMMELBLAU_CFLAGS="-I\$(top_builddir)/src/external/libhimmelblau/target/include"
+                 HIMMELBLAU_LIBS="-L\$(top_builddir)/src/external/libhimmelblau/target/\$(host)/release -lhimmelblau"],
+                [AC_MSG_WARN([No system libhimmelblau and no vendored source found])]
+            )]
+         )]
+    )
+])
+
+AM_CONDITIONAL([BUILD_VENDORED_HIMMELBLAU], [test x"$BUILD_VENDORED_HIMMELBLAU" = xyes])
+AM_CONDITIONAL([HAVE_LIBHIMMELBLAU], [test x"$found_himmelblau" != xno])