void test_ncache_both_gid(void **state)
{
errno_t ret;
struct ncache_test_ctx *test_ctx;
test_ctx = talloc_get_type_abort(*state, struct ncache_test_ctx);
assert_non_null(test_ctx);
ret = sss_ncache_init(test_ctx, TIMEOUT, TIMEOUT, &test_ctx->ncache);
assert_int_equal(ret, EOK);
set_gids(test_ctx);
check_gids(test_ctx, EEXIST, ENOENT, EEXIST, ENOENT);
talloc_zfree(test_ctx->ncache);
}
void test_ncache_nocache_group(void **state)
{
errno_t ret;
struct ncache_test_ctx *test_ctx;
test_ctx = talloc_get_type_abort(*state, struct ncache_test_ctx);
assert_non_null(test_ctx);
ret = sss_ncache_init(test_ctx, 0, 0, &test_ctx->ncache);
assert_int_equal(ret, EOK);
set_groups(test_ctx);
check_groups(test_ctx, ENOENT, ENOENT, ENOENT, ENOENT);
talloc_zfree(test_ctx->ncache);
}
static int pam_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *pam_cmds;
struct be_conn *iter;
struct pam_ctx *pctx;
int ret, max_retries;
int id_timeout;
int fd_limit;
pam_cmds = get_pam_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
pam_cmds,
SSS_PAM_SOCKET_NAME,
SSS_PAM_PRIV_SOCKET_NAME,
CONFDB_PAM_CONF_ENTRY,
SSS_PAM_SBUS_SERVICE_NAME,
SSS_PAM_SBUS_SERVICE_VERSION,
&monitor_pam_interface,
"PAM", &pam_dp_interface,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n"));
return ret;
}
pctx = talloc_zero(rctx, struct pam_ctx);
if (!pctx) {
ret = ENOMEM;
goto done;
}
pctx->rctx = rctx;
pctx->rctx->pvt_ctx = pctx;
/* Enable automatic reconnection to the Data Provider */
/* FIXME: "retries" is too generic, either get it from a global config
* or specify these retries are about the sbus connections to DP */
ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
goto done;
}
for (iter = pctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
pam_dp_reconnect_init, iter);
}
/* Set up the negative cache */
ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
&pctx->neg_timeout);
if (ret != EOK) goto done;
/* Set up the PAM identity timeout */
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_ID_TIMEOUT, 5,
&id_timeout);
if (ret != EOK) goto done;
pctx->id_timeout = (size_t)id_timeout;
ret = sss_ncache_init(pctx, &pctx->ncache);
if (ret != EOK) {
DEBUG(0, ("fatal error initializing negative cache\n"));
goto done;
}
ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx);
if (ret != EOK) {
goto done;
}
/* Create table for initgroup lookups */
ret = sss_hash_create(pctx, 10, &pctx->id_table);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Could not create initgroups hash table: [%s]",
strerror(ret)));
goto done;
}
/* Set up file descriptor limits */
ret = confdb_get_int(pctx->rctx->cdb,
CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_FD_LIMIT,
DEFAULT_PAM_FD_LIMIT,
&fd_limit);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Failed to set up file descriptor limit\n"));
goto done;
}
responder_set_fd_limit(fd_limit);
ret = EOK;
done:
if (ret != EOK) {
talloc_free(rctx);
}
return ret;
}
int sudo_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *sudo_cmds;
struct sudo_ctx *sudo_ctx;
struct be_conn *iter;
int ret;
int max_retries;
sudo_cmds = get_sudo_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
sudo_cmds,
SSS_SUDO_SOCKET_NAME, -1, NULL, -1,
CONFDB_SUDO_CONF_ENTRY,
SSS_SUDO_SBUS_SERVICE_NAME,
SSS_SUDO_SBUS_SERVICE_VERSION,
&monitor_sudo_methods,
"SUDO",
&sudo_dp_methods.vtable,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
sudo_ctx = talloc_zero(rctx, struct sudo_ctx);
if (!sudo_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing sudo_ctx\n");
ret = ENOMEM;
goto fail;
}
ret = sss_ncache_init(rctx, &sudo_ctx->ncache);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"fatal error initializing ncache\n");
goto fail;
}
sudo_ctx->rctx = rctx;
sudo_ctx->rctx->pvt_ctx = sudo_ctx;
ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
&sudo_ctx->neg_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"fatal error getting ncache timeout\n");
goto fail;
}
sss_ncache_prepopulate(sudo_ctx->ncache, sudo_ctx->rctx->cdb, rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"failed to set ncache for sudo's filter_users\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(sudo_ctx->rctx->cdb,
CONFDB_SUDO_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up automatic reconnection\n");
goto fail;
}
for (iter = sudo_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
sudo_dp_reconnect_init, iter);
}
/* Get sudo_timed option */
ret = confdb_get_bool(sudo_ctx->rctx->cdb,
CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED,
CONFDB_DEFAULT_SUDO_TIMED,
&sudo_ctx->timed);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
goto fail;
}
/* Get sudo_inverse_order option */
ret = confdb_get_bool(sudo_ctx->rctx->cdb,
CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_INVERSE_ORDER,
CONFDB_DEFAULT_SUDO_INVERSE_ORDER,
&sudo_ctx->inverse_order);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
goto fail;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "SUDO Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
