int pac_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *pac_cmds;
struct be_conn *iter;
struct pac_ctx *pac_ctx;
int ret, max_retries;
enum idmap_error_code err;
int fd_limit;
char *uid_str;
pac_cmds = get_pac_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
pac_cmds,
SSS_PAC_SOCKET_NAME, -1, NULL, -1,
CONFDB_PAC_CONF_ENTRY,
PAC_SBUS_SERVICE_NAME,
PAC_SBUS_SERVICE_VERSION,
&monitor_pac_methods,
"PAC", &pac_dp_methods.vtable,
sss_connection_setup,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
pac_ctx = talloc_zero(rctx, struct pac_ctx);
if (!pac_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing pac_ctx\n");
ret = ENOMEM;
goto fail;
}
pac_ctx->rctx = rctx;
pac_ctx->rctx->pvt_ctx = pac_ctx;
ret = confdb_get_string(pac_ctx->rctx->cdb, pac_ctx->rctx,
CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS,
DEFAULT_ALLOWED_UIDS, &uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get allowed UIDs.\n");
goto fail;
}
ret = csv_string_to_uid_array(pac_ctx->rctx, uid_str, true,
&pac_ctx->rctx->allowed_uids_count,
&pac_ctx->rctx->allowed_uids);
talloc_free(uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(pac_ctx->rctx->cdb,
CONFDB_PAC_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n");
goto fail;
}
for (iter = pac_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
pac_dp_reconnect_init, iter);
}
err = sss_idmap_init(sss_idmap_talloc, pac_ctx, sss_idmap_talloc_free,
&pac_ctx->idmap_ctx);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_idmap_init failed.\n");
ret = EFAULT;
goto fail;
}
/* Set up file descriptor limits */
ret = confdb_get_int(pac_ctx->rctx->cdb,
CONFDB_PAC_CONF_ENTRY,
CONFDB_SERVICE_FD_LIMIT,
DEFAULT_PAC_FD_LIMIT,
&fd_limit);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up file descriptor limit\n");
goto fail;
}
responder_set_fd_limit(fd_limit);
ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY,
CONFDB_PAC_LIFETIME, 300,
&pac_ctx->pac_lifetime);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to setup negative cache timeout.\n");
goto fail;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "PAC Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
static int pam_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *pam_cmds;
struct be_conn *iter;
struct pam_ctx *pctx;
int ret, max_retries;
int id_timeout;
int fd_limit;
pam_cmds = get_pam_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
pam_cmds,
SSS_PAM_SOCKET_NAME,
SSS_PAM_PRIV_SOCKET_NAME,
CONFDB_PAM_CONF_ENTRY,
SSS_PAM_SBUS_SERVICE_NAME,
SSS_PAM_SBUS_SERVICE_VERSION,
&monitor_pam_interface,
"PAM", &pam_dp_interface,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n"));
return ret;
}
pctx = talloc_zero(rctx, struct pam_ctx);
if (!pctx) {
ret = ENOMEM;
goto done;
}
pctx->rctx = rctx;
pctx->rctx->pvt_ctx = pctx;
/* Enable automatic reconnection to the Data Provider */
/* FIXME: "retries" is too generic, either get it from a global config
* or specify these retries are about the sbus connections to DP */
ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
goto done;
}
for (iter = pctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
pam_dp_reconnect_init, iter);
}
/* Set up the negative cache */
ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
&pctx->neg_timeout);
if (ret != EOK) goto done;
/* Set up the PAM identity timeout */
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_ID_TIMEOUT, 5,
&id_timeout);
if (ret != EOK) goto done;
pctx->id_timeout = (size_t)id_timeout;
ret = sss_ncache_init(pctx, &pctx->ncache);
if (ret != EOK) {
DEBUG(0, ("fatal error initializing negative cache\n"));
goto done;
}
ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx);
if (ret != EOK) {
goto done;
}
/* Create table for initgroup lookups */
ret = sss_hash_create(pctx, 10, &pctx->id_table);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Could not create initgroups hash table: [%s]",
strerror(ret)));
goto done;
}
/* Set up file descriptor limits */
ret = confdb_get_int(pctx->rctx->cdb,
CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_FD_LIMIT,
DEFAULT_PAM_FD_LIMIT,
&fd_limit);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Failed to set up file descriptor limit\n"));
goto done;
}
responder_set_fd_limit(fd_limit);
ret = EOK;
done:
if (ret != EOK) {
talloc_free(rctx);
}
return ret;
}
