static const char * convert_user(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, const char *value) { char *rdn; const char *group; errno_t ret; ret = ipa_get_rdn(mem_ctx, conv->sysdb, value, &rdn, MATCHRDN_USER(conv->map_user)); if (ret == EOK) { return rdn; } else if (ret != ENOENT) { DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", value, ret, sss_strerror(ret)); return NULL; } ret = ipa_get_rdn(mem_ctx, conv->sysdb, value, &rdn, MATCHRDN_GROUP(conv->map_group)); if (ret == ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s\n", value); return NULL; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", value, ret, sss_strerror(ret)); return NULL; } group = talloc_asprintf(mem_ctx, "%%%s", rdn); talloc_free(rdn); return group; }
int ad_autofs_init(struct be_ctx *be_ctx, struct ad_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { int ret; DEBUG(SSSDBG_TRACE_INTERNAL, "Initializing autofs AD back end\n"); ret = sdap_autofs_init(be_ctx, id_ctx->sdap_id_ctx, ops, pvt_data); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD autofs [%d]: %s\n", ret, sss_strerror(ret)); return ret; } ret = ad_get_autofs_options(id_ctx->ad_options, be_ctx->cdb, be_ctx->conf_path); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD autofs [%d]: %s\n", ret, sss_strerror(ret)); return ret; } return EOK; }
struct ipa_sudo_conv * ipa_sudo_conv_init(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sdap_attr_map *map_rule, struct sdap_attr_map *map_cmdgroup, struct sdap_attr_map *map_cmd, struct sdap_attr_map *map_user, struct sdap_attr_map *map_group, struct sdap_attr_map *map_host, struct sdap_attr_map *map_hostgroup) { struct ipa_sudo_conv *conv; errno_t ret; conv = talloc_zero(mem_ctx, struct ipa_sudo_conv); if (conv == NULL) { return NULL; } conv->sysdb = sysdb; conv->map_rule = map_rule; conv->map_cmdgroup = map_cmdgroup; conv->map_cmd = map_cmd; conv->map_user = map_user; conv->map_group = map_group; conv->map_host = map_host; conv->map_hostgroup = map_hostgroup; ret = sss_hash_create(conv, 20, &conv->rules); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create hash table [%d]: %s\n", ret, sss_strerror(ret)); goto done; } ret = sss_hash_create(conv, 20, &conv->cmdgroups); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create hash table [%d]: %s\n", ret, sss_strerror(ret)); goto done; } ret = sss_hash_create(conv, 20, &conv->cmds); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create hash table [%d]: %s\n", ret, sss_strerror(ret)); goto done; } done: if (ret != EOK) { talloc_free(conv); return NULL; } return conv; }
static errno_t proxy_id_conf(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char **_libname, char **_libpath, bool *_fast_alias) { TALLOC_CTX *tmp_ctx; char *libname; char *libpath; bool fast_alias; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); return ENOMEM; } ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path, CONFDB_PROXY_LIBNAME, NULL, &libname); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret)); goto done; } else if (libname == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "No library name given\n"); ret = ENOENT; goto done; } ret = confdb_get_bool(be_ctx->cdb, be_ctx->conf_path, CONFDB_PROXY_FAST_ALIAS, false, &fast_alias); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret)); goto done; } libpath = talloc_asprintf(tmp_ctx, "libnss_%s.so.2", libname); if (libpath == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n"); ret = ENOMEM; goto done; } *_libname = talloc_steal(mem_ctx, libname); *_libpath = talloc_steal(mem_ctx, libpath); *_fast_alias = fast_alias; ret = EOK; done: talloc_free(tmp_ctx); return ret; }
errno_t ipa_sudo_conv_cmdgroups(struct ipa_sudo_conv *conv, struct sysdb_attrs **cmdgroups, size_t num_cmdgroups) { struct ipa_sudo_cmdgroup *cmdgroup = NULL; const char *key; errno_t ret; size_t i; if (num_cmdgroups == 0) { /* We're done here. */ return EOK; } for (i = 0; i < num_cmdgroups; i++) { ret = sysdb_attrs_get_string(cmdgroups[i], SYSDB_ORIG_DN, &key); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Failed to get command group DN, " "skipping [%d]: %s\n", ret, sss_strerror(ret)); continue; } cmdgroup = talloc_zero(conv->cmdgroups, struct ipa_sudo_cmdgroup); if (cmdgroup == NULL) { ret = ENOMEM; goto done; } ret = process_cmdgroupmember(conv, cmdgroup, cmdgroups[i]); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Failed to process member " "[%d]: %s\n", ret, sss_strerror(ret)); return ret; } ret = ipa_sudo_conv_store(conv->cmdgroups, key, cmdgroup); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Failed to store command group into " "table [%d]: %s\n", ret, sss_strerror(ret)); goto done; } cmdgroup = NULL; } ret = EOK; done: if (ret != EOK) { talloc_free(cmdgroup); } return ret; }
static errno_t sssctl_fetch_object(TALLOC_CTX *mem_ctx, struct sssctl_object_info *info, struct sss_domain_info *domains, struct sss_domain_info *domain, sssctl_basedn_fn basedn_fn, enum cache_object obj_type, const char *attr_name, const char *attr_value, struct sysdb_attrs **_entry, struct sss_domain_info **_dom) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs *entry; struct sss_domain_info *dom; const char **attrs; char *sanitized; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); return ENOMEM; } ret = sss_filter_sanitize(tmp_ctx, attr_value, &sanitized); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to sanitize input [%d]: %s\n", ret, sss_strerror(ret)); goto done; } attrs = sssctl_build_attrs(tmp_ctx, info); if (attrs == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get attribute list!\n"); ret = ENOMEM; goto done; } ret = sssctl_find_object(tmp_ctx, domains, domain, basedn_fn, obj_type, attr_name, sanitized, attrs, &entry, &dom); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to query cache [%d]: %s\n", ret, sss_strerror(ret)); goto done; } *_entry = talloc_steal(mem_ctx, entry); *_dom = dom; done: talloc_free(tmp_ctx); return ret; }
static errno_t ifp_groups_group_get(struct sbus_request *sbus_req, void *data, gid_t *_gid, struct sss_domain_info **_domain, struct ldb_message **_group) { struct ifp_ctx *ctx; struct sss_domain_info *domain; struct ldb_result *res; uid_t gid; errno_t ret; ctx = talloc_get_type(data, struct ifp_ctx); if (ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Invalid pointer!\n"); return ERR_INTERNAL; } ret = ifp_groups_decompose_path(ctx->rctx->domains, sbus_req->path, &domain, &gid); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to decompose object path" "[%s] [%d]: %s\n", sbus_req->path, ret, sss_strerror(ret)); return ret; } if (_group != NULL) { ret = sysdb_getgrgid_with_views(sbus_req, domain, gid, &res); if (ret == EOK && res->count == 0) { *_group = NULL; ret = ENOENT; } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %u@%s [%d]: %s\n", gid, domain->name, ret, sss_strerror(ret)); } else { *_group = res->msgs[0]; } } if (ret == EOK || ret == ENOENT) { if (_gid != NULL) { *_gid = gid; } if (_domain != NULL) { *_domain = domain; } } return ret; }
static errno_t sssctl_query_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct ldb_dn *base_dn, const char *filter, const char **attrs, struct sysdb_attrs **_entry) { TALLOC_CTX *tmp_ctx; struct sysdb_attrs **sysdb_attrs; struct ldb_message **msgs; size_t count; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n"); return ENOMEM; } ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_SUBTREE, filter, attrs, &count, &msgs); if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, "No result\n"); goto done; } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to search sysdb " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } if (count != 1) { DEBUG(SSSDBG_CRIT_FAILURE, "Search returned more than one result!\n"); ret = ERR_INTERNAL; goto done; } ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &sysdb_attrs); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to convert message to sysdb attrs " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } *_entry = talloc_steal(mem_ctx, sysdb_attrs[0]); done: talloc_free(tmp_ctx); return ret; }
static errno_t store_rulemember(TALLOC_CTX *mem_ctx, struct ipa_sudo_dn_list **list, hash_table_t *table, const char *dn) { struct ipa_sudo_dn_list *item; errno_t ret; item = talloc_zero(mem_ctx, struct ipa_sudo_dn_list); if (item == NULL) { return ENOMEM; } ret = ipa_sudo_conv_store(table, dn, NULL); if (ret != EOK && ret != EEXIST) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to store DN %s [%d]: %s\n", dn, ret, sss_strerror(ret)); goto done; } item->dn = talloc_steal(item, dn); DLIST_ADD(*list, item); done: if (ret != EOK && ret != EEXIST) { talloc_free(item); } return ret; }
static errno_t cache_req_search_ncache(struct cache_req *cr) { errno_t ret; if (cr->plugin->ncache_check_fn == NULL) { CACHE_REQ_DEBUG(SSSDBG_TRACE_INTERNAL, cr, "This request type does not support negative cache\n"); return EOK; } CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "Checking negative cache for [%s]\n", cr->debugobj); ret = cr->plugin->ncache_check_fn(cr->ncache, cr->domain, cr->data); if (ret == EEXIST) { CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "[%s] does not exist (negative cache)\n", cr->debugobj); return ENOENT; } else if (ret != EOK && ret != ENOENT) { CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr, "Unable to check negative cache [%d]: %s\n", ret, sss_strerror(ret)); return ret; } CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "[%s] is not present in negative cache\n", cr->debugobj); return EOK; }
static void cache_req_search_process_dp(TALLOC_CTX *mem_ctx, struct tevent_req *subreq, struct cache_req *cr) { char *err_msg; dbus_uint16_t err_maj; dbus_uint32_t err_min; errno_t ret; ret = sss_dp_get_account_recv(mem_ctx, subreq, &err_maj, &err_min, &err_msg); talloc_zfree(subreq); if (ret != EOK) { CACHE_REQ_DEBUG(SSSDBG_OP_FAILURE, cr, "Could not get account info [%d]: %s\n", ret, sss_strerror(ret)); CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "Due to an error we will return cached data\n"); } if (err_maj) { CACHE_REQ_DEBUG(SSSDBG_OP_FAILURE, cr, "Data Provider Error: %u, %u, %s\n", (unsigned int)err_maj, (unsigned int)err_min, err_msg); CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr, "Due to an error we will return cached data\n"); } return; }
static errno_t cache_req_dpreq_params(TALLOC_CTX *mem_ctx, struct cache_req *cr, struct ldb_result *result, const char **_string, uint32_t *_id, const char **_flag) { errno_t ret; if (cr->plugin->dpreq_params_fn == NULL) { CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr, "Bug: No dpreq params function specified\n"); return ERR_INTERNAL; } CACHE_REQ_DEBUG(SSSDBG_TRACE_INTERNAL, cr, "Creating DP request parameters\n"); ret = cr->plugin->dpreq_params_fn(mem_ctx, cr, result, _string, _id, _flag); if (ret != EOK) { CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr, "Unable to create DP request parameters [%d]: %s\n", ret, sss_strerror(ret)); return ret; } return EOK; }
static void be_ptask_done(struct tevent_req *req) { struct be_ptask *task = NULL; errno_t ret; task = tevent_req_callback_data(req, struct be_ptask); ret = task->recv_fn(req); talloc_zfree(req); task->req = NULL; switch (ret) { case EOK: DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: finished successfully\n", task->name); be_ptask_schedule(task, BE_PTASK_PERIOD, BE_PTASK_SCHEDULE_FROM_LAST); break; default: DEBUG(SSSDBG_OP_FAILURE, "Task [%s]: failed with [%d]: %s\n", task->name, ret, sss_strerror(ret)); be_ptask_schedule(task, BE_PTASK_PERIOD, BE_PTASK_SCHEDULE_FROM_NOW); break; } }
static errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, char **_pam_target) { char *pam_target; errno_t ret; ret = confdb_get_string(be_ctx->cdb, mem_ctx, be_ctx->conf_path, CONFDB_PROXY_PAM_TARGET, NULL, &pam_target); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret)); return ret; } if (pam_target == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Missing option %s.\n", CONFDB_PROXY_PAM_TARGET); return EINVAL; } *_pam_target = pam_target; return EOK; }
char * sss_get_domain_name(TALLOC_CTX *mem_ctx, const char *orig_name, struct sss_domain_info *dom) { char *user_name; char *domain = NULL; int ret; /* check if the name already contains domain part */ if (dom->names != NULL) { ret = sss_parse_name(mem_ctx, dom->names, orig_name, &domain, NULL); if (ret == ERR_REGEX_NOMATCH) { DEBUG(SSSDBG_TRACE_FUNC, "sss_parse_name could not parse domain from [%s]. " "Assuming it is not FQDN.\n", orig_name); } else if (ret != EOK) { DEBUG(SSSDBG_TRACE_FUNC, "sss_parse_name failed [%d]: %s\n", ret, sss_strerror(ret)); return NULL; } } if (IS_SUBDOMAIN(dom) && dom->fqnames && domain == NULL) { /* we always use the fully qualified name for subdomain users */ user_name = sss_tc_fqname(mem_ctx, dom->names, dom, orig_name); } else { user_name = talloc_strdup(mem_ctx, orig_name); } talloc_free(domain); return user_name; }
static errno_t wait_till_nss_responder_invalidate_cache(void) { struct stat stat_buf = { 0 }; const time_t max_wait = 1000000; /* 1 second */ const time_t step_time = 5000; /* 5 milliseconds */ const size_t steps_count = max_wait / step_time; int ret; for (size_t i = 0; i < steps_count; ++i) { ret = stat(SSS_NSS_MCACHE_DIR "/" CLEAR_MC_FLAG, &stat_buf); if (ret == -1) { ret = errno; if (ret == ENOENT) { /* nss responder has already invalidated memory caches */ return EOK; } DEBUG(SSSDBG_CRIT_FAILURE, "stat failed: %s (%d)\n", sss_strerror(ret), ret); } usleep(step_time); } return EAGAIN; }
struct sss_domain_info * find_domain_by_object_name(struct sss_domain_info *domain, const char *object_name) { TALLOC_CTX *tmp_ctx; struct sss_domain_info *dom = NULL; char *domainname = NULL; errno_t ret; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); return NULL; } ret = sss_parse_name(tmp_ctx, domain->names, object_name, &domainname, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name '%s' [%d]: %s\n", object_name, ret, sss_strerror(ret)); goto done; } if (domainname == NULL) { dom = domain; } else { dom = find_domain_by_name(domain, domainname, true); } done: talloc_free(tmp_ctx); return dom; }
static errno_t nss_get_id_type(struct nss_cmd_ctx *cmd_ctx, struct cache_req_result *result, enum sss_id_type *_type) { errno_t ret; if (cmd_ctx->sid_id_type != SSS_ID_TYPE_NOT_SPECIFIED) { *_type = cmd_ctx->sid_id_type; return EOK; } /* Well known objects are always groups. */ if (result->well_known_object) { *_type = SSS_ID_TYPE_GID; return EOK; } ret = find_sss_id_type(result->msgs[0], result->domain->mpg, _type); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Unable to find ID type [%d]: %s\n", ret, sss_strerror(ret)); return ret; } return EOK; }
static errno_t memcache_delete_entry_by_name(struct nss_ctx *nss_ctx, struct sized_string *name, enum sss_mc_type type) { errno_t ret; switch (type) { case SSS_MC_PASSWD: ret = sss_mmap_cache_pw_invalidate(nss_ctx->pwd_mc_ctx, name); break; case SSS_MC_GROUP: ret = sss_mmap_cache_gr_invalidate(nss_ctx->grp_mc_ctx, name); break; case SSS_MC_INITGROUPS: ret = sss_mmap_cache_initgr_invalidate(nss_ctx->initgr_mc_ctx, name); break; default: return EINVAL; } if (ret == EOK || ret == ENOENT) { return EOK; } DEBUG(SSSDBG_CRIT_FAILURE, "Internal failure in memory cache code: %d [%s]\n", ret, sss_strerror(ret)); return ret; }
static errno_t memcache_delete_entry_by_id(struct nss_ctx *nss_ctx, uint32_t id, enum sss_mc_type type) { errno_t ret; switch (type) { case SSS_MC_PASSWD: ret = sss_mmap_cache_pw_invalidate_uid(nss_ctx->pwd_mc_ctx, (uid_t)id); break; case SSS_MC_GROUP: ret = sss_mmap_cache_gr_invalidate_gid(nss_ctx->grp_mc_ctx, (gid_t)id); break; default: return EINVAL; } if (ret == EOK || ret == ENOENT) { return EOK; } DEBUG(SSSDBG_CRIT_FAILURE, "Internal failure in memory cache code: %d [%s]\n", ret, sss_strerror(ret)); return ret; }
void sbus_request_invoke_or_finish(struct sbus_request *dbus_req, sbus_msg_handler_fn handler_fn, void *handler_data, sbus_method_invoker_fn invoker_fn) { DBusError error; int ret; if (invoker_fn != NULL) { ret = invoker_fn(dbus_req, handler_fn); } else if (handler_fn != NULL) { ret = handler_fn(dbus_req, handler_data); } else { ret = EINVAL; } switch(ret) { case ERR_SBUS_REQUEST_HANDLED: case EOK: return; case ENOMEM: DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory handling DBus message\n"); sbus_request_finish(dbus_req, NULL); break; default: DEBUG(SSSDBG_CRIT_FAILURE, "Handler failed [%d]: %s\n", ret, sss_strerror(ret)); dbus_error_init(&error); dbus_set_error_const(&error, DBUS_ERROR_FAILED, INTERNAL_ERROR); sbus_request_fail_and_finish(dbus_req, &error); break; } }
errno_t sssm_proxy_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct data_provider *provider, const char *module_name, void **_module_data) { struct proxy_auth_ctx *auth_ctx; errno_t ret; if (!dp_target_enabled(provider, module_name, DPT_ACCESS, DPT_AUTH, DPT_CHPASS)) { return EOK; } /* Initialize auth_ctx since one of the access, auth or chpass is set. */ ret = proxy_init_auth_ctx(mem_ctx, be_ctx, &auth_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create auth context [%d]: %s\n", ret, sss_strerror(ret)); return ret; } *_module_data = auth_ctx; return EOK; }
const char* sss_ldap_err2string(int err) { if (IS_SSSD_ERROR(err)) { return sss_strerror(err); } else { return ldap_err2string(err); } }
static errno_t ad_get_enabled_domains(TALLOC_CTX *mem_ctx, struct ad_id_ctx *ad_id_ctx, const char *ad_domain, const char ***_ad_enabled_domains) { int ret; const char *str; const char *option_name; const char **domains = NULL; int count; bool is_ad_in_domains; TALLOC_CTX *tmp_ctx = NULL; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { return ENOMEM; } str = dp_opt_get_cstring(ad_id_ctx->ad_options->basic, AD_ENABLED_DOMAINS); if (str == NULL) { *_ad_enabled_domains = NULL; ret = EOK; goto done; } count = 0; ret = split_on_separator(tmp_ctx, str, ',', true, true, discard_const_p(char **, &domains), &count); if (ret != EOK) { option_name = ad_id_ctx->ad_options->basic[AD_ENABLED_DOMAINS].opt_name; DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse option [%s], [%i] [%s]!\n", option_name, ret, sss_strerror(ret)); ret = EINVAL; goto done; } is_ad_in_domains = false; for (int i = 0; i < count; i++) { is_ad_in_domains += strcmp(ad_domain, domains[i]) == 0 ? true : false; } if (is_ad_in_domains == false) { domains = talloc_realloc(tmp_ctx, domains, const char*, count + 2); if (domains == NULL) { ret = ENOMEM; goto done; } domains[count] = talloc_strdup(domains, ad_domain); if (domains[count] == NULL) { ret = ENOMEM; goto done; } domains[count + 1] = NULL; } else {
errno_t ipa_sudo_conv_cmds(struct ipa_sudo_conv *conv, struct sysdb_attrs **cmds, size_t num_cmds) { const char *key; const char *cmd; errno_t ret; size_t i; if (num_cmds == 0) { /* We're done here. */ return EOK; } for (i = 0; i < num_cmds; i++) { ret = sysdb_attrs_get_string(cmds[i], SYSDB_ORIG_DN, &key); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Failed to get command DN, skipping " "[%d]: %s\n", ret, sss_strerror(ret)); continue; } ret = sysdb_attrs_get_string(cmds[i], SYSDB_IPA_SUDOCMD_SUDOCMD, &cmd); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, "Failed to get command, skipping " "[%d]: %s\n", ret, sss_strerror(ret)); continue; } ret = ipa_sudo_conv_store(conv->cmds, key, discard_const(cmd)); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Failed to store command into table " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } } ret = EOK; done: return ret; }
errno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, void *module_data, struct dp_method *dp_methods) { struct proxy_id_ctx *ctx; char *libname; char *libpath; errno_t ret; ctx = talloc_zero(mem_ctx, struct proxy_id_ctx); if (ctx == NULL) { return ENOMEM; } ctx->be = be_ctx; ret = proxy_id_conf(ctx, be_ctx, &libname, &libpath, &ctx->fast_alias); if (ret != EOK) { goto done; } ctx->handle = dlopen(libpath, RTLD_NOW); if (ctx->handle == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to load %s module, " "error: %s\n", libpath, dlerror()); ret = ELIBACC; goto done; } ret = proxy_id_load_symbols(&ctx->ops, libname, ctx->handle); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to load NSS symbols [%d]: %s\n", ret, sss_strerror(ret)); goto done; } dp_set_method(dp_methods, DPM_ACCOUNT_HANDLER, proxy_account_info_handler_send, proxy_account_info_handler_recv, ctx, struct proxy_id_ctx, struct dp_id_data, struct dp_reply_std); dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER, default_account_domain_send, default_account_domain_recv, NULL, void, struct dp_get_acct_domain_data, struct dp_reply_std); ret = EOK; done: if (ret != EOK) { talloc_free(ctx); } return ret; }
void sbus_sync_emit_signal(struct sbus_sync_connection *conn, DBusMessage *msg) { errno_t ret; ret = sbus_sync_message_send(NULL, conn, msg, SBUS_MESSAGE_TIMEOUT, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to emit signal [%d]: %s\n", ret, sss_strerror(ret)); } }
static errno_t nodes_cached_objects(TALLOC_CTX *mem_ctx, struct ifp_ctx *ifp_ctx, enum ifp_cache_type type, const char *prefix, const char ***_nodes) { TALLOC_CTX *tmp_ctx; const char **paths; const char **nodes; const char *node; int num_paths; errno_t ret; int i; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n"); return ENOMEM; } ret = ifp_cache_list_domains(tmp_ctx, ifp_ctx->rctx->domains, type, &paths); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to obtain cache objects list " "[%d]: %s\n", ret, sss_strerror(ret)); goto done; } num_paths = talloc_array_length(paths) - 1; nodes = talloc_zero_array(tmp_ctx, const char *, num_paths + 1); if (nodes == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero_array() failed\n"); ret = ENOMEM; goto done; } for (i = 0; i < num_paths; i++) { node = sbus_opath_strip_prefix(paths[i], prefix); nodes[i] = talloc_strdup(nodes, node); if (nodes[i] == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n"); ret = ENOMEM; goto done; } } *_nodes = talloc_steal(mem_ctx, nodes); ret = EOK; done: talloc_free(tmp_ctx); return ret; }
void sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, const char *usn) { unsigned long usn_number; char *newusn; char *endptr = NULL; errno_t ret; if (srv_opts == NULL) { DEBUG(SSSDBG_TRACE_FUNC, "Bug: srv_opts is NULL\n"); return; } if (usn == NULL) { DEBUG(SSSDBG_TRACE_FUNC, "Bug: usn is NULL\n"); return; } errno = 0; usn_number = strtoul(usn, &endptr, 10); if (errno != 0) { ret = errno; DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n", usn, ret, sss_strerror(ret)); return; } if (usn_number == 0) { /* Zero means that there were no rules on the server, so we have * nothing to store. */ DEBUG(SSSDBG_TRACE_FUNC, "SUDO USN value is empty.\n"); return; } newusn = sdap_sudo_new_usn(srv_opts, usn_number, endptr); if (newusn == NULL) { return; } if (sysdb_compare_usn(newusn, srv_opts->max_sudo_value) > 0) { talloc_zfree(srv_opts->max_sudo_value); srv_opts->max_sudo_value = newusn; } else { talloc_zfree(newusn); } if (usn_number > srv_opts->last_usn) { srv_opts->last_usn = usn_number; } DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%s]\n", srv_opts->max_sudo_value); }
static errno_t sudosrv_fetch_rules(TALLOC_CTX *mem_ctx, enum sss_sudo_type type, struct sss_domain_info *domain, uid_t cli_uid, uid_t orig_uid, const char *username, char **groups, bool inverse_order, struct sysdb_attrs ***_rules, uint32_t *_num_rules) { struct sysdb_attrs **rules; const char *debug_name = "unknown"; uint32_t num_rules; errno_t ret; switch (type) { case SSS_SUDO_USER: DEBUG(SSSDBG_TRACE_FUNC, "Retrieving rules for [%s@%s]\n", username, domain->name); debug_name = "rules"; ret = sudosrv_cached_rules(mem_ctx, domain, cli_uid, orig_uid, username, groups, inverse_order, &rules, &num_rules); break; case SSS_SUDO_DEFAULTS: debug_name = "default options"; DEBUG(SSSDBG_TRACE_FUNC, "Retrieving default options for [%s@%s]\n", username, domain->name); ret = sudosrv_cached_defaults(mem_ctx, domain, &rules, &num_rules); break; default: ret = EINVAL; } if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve %s [%d]: %s\n", debug_name, ret, sss_strerror(ret)); return ret; } DEBUG(SSSDBG_TRACE_FUNC, "Returning %u %s for [%s@%s]\n", num_rules, debug_name, username, domain->name); *_rules = rules; *_num_rules = num_rules; return EOK; }