static bool srv_in_server_list(const char *servers) { TALLOC_CTX *tmp_ctx; char **list = NULL; int ret = 0; bool has_srv = false; if (servers == NULL) return true; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return false; } /* split server parm into a list */ ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n"); goto done; } for (int i = 0; list[i]; i++) { has_srv = be_fo_is_srv_identifier(list[i]); if (has_srv == true) { break; } } done: talloc_free(tmp_ctx); return has_srv; }
static int attr_name_val_split(TALLOC_CTX *mem_ctx, const char *nameval, char **_name, char ***_values, int *_nvals) { char *name; char **values; const char *vals; int nvals; TALLOC_CTX *tmp_ctx; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) return ENOMEM; vals = strchr(nameval, ATTR_NAME_SEP); if (vals == NULL) { ret = EINVAL; goto done; } name = talloc_strndup(tmp_ctx, nameval, vals-nameval); if (name == NULL) { ret = ENOMEM; goto done; } vals++; ret = split_on_separator(tmp_ctx, vals, ATTR_VAL_SEP, true, true, &values, &nvals); if (ret != EOK) { goto done; } *_name = talloc_steal(mem_ctx, name); *_values = talloc_steal(mem_ctx, values); *_nvals = nvals; ret = EOK; done: talloc_free(tmp_ctx); return ret; }
errno_t krb5_servers_init(struct be_ctx *ctx, struct krb5_service *service, const char *service_name, const char *servers, bool primary) { TALLOC_CTX *tmp_ctx; char **list = NULL; errno_t ret; int i; char *port_str; long port; char *server_spec; char *endptr; struct servent *servent; tmp_ctx = talloc_new(NULL); if (!tmp_ctx) { return ENOMEM; } ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n")); goto done; } for (i = 0; list[i]; i++) { talloc_steal(service, list[i]); server_spec = talloc_strdup(service, list[i]); if (!server_spec) { ret = ENOMEM; goto done; } if (be_fo_is_srv_identifier(server_spec)) { ret = be_fo_add_srv_server(ctx, service_name, service_name, NULL, BE_FO_PROTO_UDP, true, NULL); if (ret) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup\n")); continue; } port_str = strrchr(server_spec, ':'); if (port_str == NULL) { port = 0; } else { *port_str = '\0'; ++port_str; if (isdigit(*port_str)) { errno = 0; port = strtol(port_str, &endptr, 10); if (errno != 0) { ret = errno; DEBUG(SSSDBG_CRIT_FAILURE, ("strtol failed on [%s]: [%d][%s].\n", port_str, ret, strerror(ret))); goto done; } if (*endptr != '\0') { DEBUG(SSSDBG_CRIT_FAILURE, ("Found additional characters [%s] in port number " "[%s].\n", endptr, port_str)); ret = EINVAL; goto done; } if (port < 1 || port > 65535) { DEBUG(SSSDBG_CRIT_FAILURE, ("Illegal port number [%d].\n", port)); ret = EINVAL; goto done; } } else if (isalpha(*port_str)) { servent = getservbyname(port_str, NULL); if (servent == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("getservbyname cannot find service [%s].\n", port_str)); ret = EINVAL; goto done; } port = servent->s_port; } else { DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported port specifier in [%s].\n", list[i])); ret = EINVAL; goto done; } } ret = be_fo_add_server(ctx, service_name, server_spec, (int) port, list[i], primary); if (ret && ret != EEXIST) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n")); goto done; } DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i])); } done: talloc_free(tmp_ctx); return ret; }
static errno_t ad_parse_access_filter(TALLOC_CTX *mem_ctx, struct sss_domain_info *dom, const char *filter_list, char **_filter) { char **filters; int nfilters; errno_t ret; char *best_match; int best_flags; char *filter; char *spec; int flags; TALLOC_CTX *tmp_ctx; int i = 0; if (_filter == NULL) return EINVAL; tmp_ctx = talloc_new(mem_ctx); if (tmp_ctx == NULL) { ret = ENOMEM; goto done; } if (filter_list == NULL) { *_filter = NULL; ret = EOK; goto done; } ret = split_on_separator(tmp_ctx, filter_list, '?', true, true, &filters, &nfilters); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot parse the list of ad_access_filters\n"); goto done; } best_match = NULL; best_flags = 0; for (i=0; i < nfilters; i++) { ret = parse_filter(tmp_ctx, filters[i], &filter, &spec, &flags); if (ret != EOK) { /* Skip the faulty filter. At worst, the user won't be * allowed access */ DEBUG(SSSDBG_MINOR_FAILURE, "Access filter [%s] could not be " "parsed, skipping\n", filters[i]); continue; } if (flags & AD_FILTER_DOMAIN && strcasecmp(spec, dom->name) != 0) { /* If the filter specifies a domain, it must match the * domain the user comes from */ continue; } if (flags & AD_FILTER_FOREST && strcasecmp(spec, dom->forest) != 0) { /* If the filter specifies a forest, it must match the * forest the user comes from */ continue; } if (flags > best_flags) { best_flags = flags; best_match = filter; } } ret = EOK; /* Make sure the result is enclosed in brackets */ *_filter = sdap_get_access_filter(mem_ctx, best_match); done: talloc_free(tmp_ctx); return ret; }