static bool has_defaults(struct confdb_ctx *cdb,
const char *conf_path,
const char *attrs[])
{
errno_t ret;
TALLOC_CTX *tmp_ctx;
char *val;
bool found_default = false;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return false;
}
for (size_t i = 0; attrs[i] != NULL; i++) {
ret = confdb_get_string(cdb, tmp_ctx, conf_path,
attrs[i], NULL, &val);
if (ret != EOK) {
continue;
}
if (val == NULL) {
found_default = true;
break;
}
}
talloc_free(tmp_ctx);
return found_default;
}
static errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx,
struct be_ctx *be_ctx,
char **_pam_target)
{
char *pam_target;
errno_t ret;
ret = confdb_get_string(be_ctx->cdb, mem_ctx, be_ctx->conf_path,
CONFDB_PROXY_PAM_TARGET, NULL, &pam_target);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
ret, sss_strerror(ret));
return ret;
}
if (pam_target == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Missing option %s.\n",
CONFDB_PROXY_PAM_TARGET);
return EINVAL;
}
*_pam_target = pam_target;
return EOK;
}
static errno_t pam_set_2fa_prompting_options(TALLOC_CTX *tmp_ctx,
struct confdb_ctx *cdb,
const char *section,
struct prompt_config ***pc_list)
{
bool single_2fa_prompt = false;
char *first_prompt = NULL;
char *second_prompt = NULL;
int ret;
ret = confdb_get_bool(cdb, section, CONFDB_PC_2FA_SINGLE_PROMPT, false,
&single_2fa_prompt);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "confdb_get_bool failed, using defaults");
}
ret = confdb_get_string(cdb, tmp_ctx, section, CONFDB_PC_2FA_1ST_PROMPT,
NULL, &first_prompt);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "confdb_get_string failed, using defaults");
}
if (single_2fa_prompt) {
ret = pc_list_add_2fa_single(pc_list, first_prompt);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "pc_list_add_2fa_single failed.\n");
}
return ret;
} else {
ret = confdb_get_string(cdb, tmp_ctx, section, CONFDB_PC_2FA_2ND_PROMPT,
NULL, &second_prompt);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
"confdb_get_string failed, using defaults");
}
ret = pc_list_add_2fa(pc_list, first_prompt, second_prompt);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "pc_list_add_2fa failed.\n");
}
return ret;
}
return ENOENT;
}
static errno_t proxy_id_conf(TALLOC_CTX *mem_ctx,
struct be_ctx *be_ctx,
char **_libname,
char **_libpath,
bool *_fast_alias)
{
TALLOC_CTX *tmp_ctx;
char *libname;
char *libpath;
bool fast_alias;
errno_t ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
return ENOMEM;
}
ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path,
CONFDB_PROXY_LIBNAME, NULL, &libname);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
ret, sss_strerror(ret));
goto done;
} else if (libname == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "No library name given\n");
ret = ENOENT;
goto done;
}
ret = confdb_get_bool(be_ctx->cdb, be_ctx->conf_path,
CONFDB_PROXY_FAST_ALIAS, false, &fast_alias);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
ret, sss_strerror(ret));
goto done;
}
libpath = talloc_asprintf(tmp_ctx, "libnss_%s.so.2", libname);
if (libpath == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
ret = ENOMEM;
goto done;
}
*_libname = talloc_steal(mem_ctx, libname);
*_libpath = talloc_steal(mem_ctx, libpath);
*_fast_alias = fast_alias;
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
static errno_t get_id_provider_default_re(TALLOC_CTX *mem_ctx,
struct confdb_ctx *cdb,
const char *conf_path,
char **re_pattern)
{
#ifdef HAVE_LIBPCRE_LESSER_THAN_7
DEBUG(SSSDBG_MINOR_FAILURE,
"The libpcre version on this system is too old. Only "
"the user@DOMAIN name fully qualified name format will "
"be supported\n");
*re_pattern = NULL;
return EOK;
#else
int ret;
size_t c;
char *id_provider = NULL;
struct provider_default_re {
const char *name;
const char *re;
} provider_default_re[] = {{"ipa", IPA_AD_DEFAULT_RE},
{"ad", IPA_AD_DEFAULT_RE},
{NULL, NULL}};
ret = confdb_get_string(cdb, mem_ctx, conf_path, CONFDB_DOMAIN_ID_PROVIDER,
NULL, &id_provider);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Failed to read ID provider " \
"from conf db.\n");
goto done;
}
if (id_provider == NULL) {
*re_pattern = NULL;
} else {
for (c = 0; provider_default_re[c].name != NULL; c++) {
if (strcmp(id_provider, provider_default_re[c].name) == 0) {
*re_pattern = talloc_strdup(mem_ctx, provider_default_re[c].re);
if (*re_pattern == NULL) {
DEBUG(SSSDBG_OP_FAILURE, "talloc_strdup failed.\n");
ret = ENOMEM;
goto done;
}
break;
}
}
}
ret = EOK;
done:
talloc_free(id_provider);
return ret;
#endif
}
static errno_t pam_set_password_prompting_options(TALLOC_CTX *tmp_ctx,
struct confdb_ctx *cdb,
const char *section,
struct prompt_config ***pc_list)
{
int ret;
char *value = NULL;
ret = confdb_get_string(cdb, tmp_ctx, section, CONFDB_PC_PASSWORD_PROMPT,
NULL, &value);
if (ret == EOK && value != NULL) {
ret = pc_list_add_password(pc_list, value);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "pc_list_add_password failed.\n");
}
return ret;
}
return ENOENT;
}
int userdel_defaults(TALLOC_CTX *mem_ctx,
struct confdb_ctx *confdb,
struct ops_ctx *data,
int remove_home)
{
int ret;
char *conf_path;
bool dfl_remove_home;
conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name);
if (!conf_path) {
return ENOMEM;
}
/* remove homedir on user creation? */
if (!remove_home) {
ret = confdb_get_bool(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_REMOVE_HOMEDIR,
DFL_REMOVE_HOMEDIR, &dfl_remove_home);
if (ret != EOK) {
goto done;
}
data->remove_homedir = dfl_remove_home;
} else {
data->remove_homedir = (remove_home == DO_REMOVE_HOME);
}
/* a directory to remove mail spools from */
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_MAIL_DIR,
DFL_MAIL_DIR, &data->maildir);
if (ret != EOK) {
goto done;
}
ret = EOK;
done:
talloc_free(conf_path);
return ret;
}
errno_t krb5_try_kdcip(struct confdb_ctx *cdb, const char *conf_path,
struct dp_option *opts, int opt_id)
{
char *krb5_servers = NULL;
errno_t ret;
krb5_servers = dp_opt_get_string(opts, opt_id);
if (krb5_servers == NULL) {
DEBUG(4, ("No KDC found in configuration, trying legacy option\n"));
ret = confdb_get_string(cdb, NULL, conf_path,
"krb5_kdcip", NULL, &krb5_servers);
if (ret != EOK) {
DEBUG(1, ("confdb_get_string failed.\n"));
return ret;
}
if (krb5_servers != NULL)
{
ret = dp_opt_set_string(opts, opt_id, krb5_servers);
if (ret != EOK) {
DEBUG(1, ("dp_opt_set_string failed.\n"));
talloc_free(krb5_servers);
return ret;
}
DEBUG(SSSDBG_CONF_SETTINGS,
("Set krb5 server [%s] based on legacy krb5_kdcip option\n",
krb5_servers));
DEBUG(SSSDBG_FATAL_FAILURE,
("Your configuration uses the deprecated option "
"'krb5_kdcip' to specify the KDC. Please change the "
"configuration to use the 'krb5_server' option "
"instead.\n"));
talloc_free(krb5_servers);
}
}
return EOK;
}
int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
const char *domain, struct sss_names_ctx **out)
{
TALLOC_CTX *tmpctx = NULL;
char *conf_path = NULL;
char *re_pattern = NULL;;
char *fq_fmt = NULL;
int ret;
tmpctx = talloc_new(NULL);
if (tmpctx == NULL) {
ret = ENOMEM;
goto done;
}
if (domain != NULL) {
conf_path = talloc_asprintf(tmpctx, CONFDB_DOMAIN_PATH_TMPL, domain);
if (conf_path == NULL) {
ret = ENOMEM;
goto done;
}
ret = confdb_get_string(cdb, tmpctx, conf_path,
CONFDB_NAME_REGEX, NULL, &re_pattern);
if (ret != EOK) goto done;
}
/* If not found in the domain, look in globals */
if (re_pattern == NULL) {
ret = confdb_get_string(cdb, tmpctx, CONFDB_MONITOR_CONF_ENTRY,
CONFDB_NAME_REGEX, NULL, &re_pattern);
if (ret != EOK) goto done;
}
if (re_pattern == NULL && conf_path != NULL) {
ret = get_id_provider_default_re(tmpctx, cdb, conf_path, &re_pattern);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Failed to get provider default regular " \
"expression for domain [%s].\n", domain);
goto done;
}
}
if (!re_pattern) {
re_pattern = talloc_strdup(tmpctx,
"(?P<name>[^@]+)@?(?P<domain>[^@]*$)");
if (!re_pattern) {
ret = ENOMEM;
goto done;
}
#ifdef HAVE_LIBPCRE_LESSER_THAN_7
} else {
DEBUG(SSSDBG_OP_FAILURE,
"This binary was build with a version of libpcre that does "
"not support non-unique named subpatterns.\n");
DEBUG(SSSDBG_OP_FAILURE,
"Please make sure that your pattern [%s] only contains "
"subpatterns with a unique name and uses "
"the Python syntax (?P<name>).\n", re_pattern);
#endif
}
if (conf_path != NULL) {
ret = confdb_get_string(cdb, tmpctx, conf_path,
CONFDB_FULL_NAME_FORMAT, NULL, &fq_fmt);
if (ret != EOK) goto done;
}
/* If not found in the domain, look in globals */
if (fq_fmt == NULL) {
ret = confdb_get_string(cdb, tmpctx, CONFDB_MONITOR_CONF_ENTRY,
CONFDB_FULL_NAME_FORMAT, NULL, &fq_fmt);
if (ret != EOK) goto done;
}
if (!fq_fmt) {
fq_fmt = talloc_strdup(tmpctx, CONFDB_DEFAULT_FULL_NAME_FORMAT);
if (!fq_fmt) {
ret = ENOMEM;
goto done;
}
}
ret = sss_names_init_from_args(mem_ctx, re_pattern, fq_fmt, out);
done:
talloc_free(tmpctx);
return ret;
}
int pac_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *pac_cmds;
struct be_conn *iter;
struct pac_ctx *pac_ctx;
int ret, max_retries;
enum idmap_error_code err;
int fd_limit;
char *uid_str;
pac_cmds = get_pac_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
pac_cmds,
SSS_PAC_SOCKET_NAME, -1, NULL, -1,
CONFDB_PAC_CONF_ENTRY,
PAC_SBUS_SERVICE_NAME,
PAC_SBUS_SERVICE_VERSION,
&monitor_pac_methods,
"PAC", &pac_dp_methods.vtable,
sss_connection_setup,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
pac_ctx = talloc_zero(rctx, struct pac_ctx);
if (!pac_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing pac_ctx\n");
ret = ENOMEM;
goto fail;
}
pac_ctx->rctx = rctx;
pac_ctx->rctx->pvt_ctx = pac_ctx;
ret = confdb_get_string(pac_ctx->rctx->cdb, pac_ctx->rctx,
CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS,
DEFAULT_ALLOWED_UIDS, &uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get allowed UIDs.\n");
goto fail;
}
ret = csv_string_to_uid_array(pac_ctx->rctx, uid_str, true,
&pac_ctx->rctx->allowed_uids_count,
&pac_ctx->rctx->allowed_uids);
talloc_free(uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(pac_ctx->rctx->cdb,
CONFDB_PAC_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n");
goto fail;
}
for (iter = pac_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
pac_dp_reconnect_init, iter);
}
err = sss_idmap_init(sss_idmap_talloc, pac_ctx, sss_idmap_talloc_free,
&pac_ctx->idmap_ctx);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_idmap_init failed.\n");
ret = EFAULT;
goto fail;
}
/* Set up file descriptor limits */
ret = confdb_get_int(pac_ctx->rctx->cdb,
CONFDB_PAC_CONF_ENTRY,
CONFDB_SERVICE_FD_LIMIT,
DEFAULT_PAC_FD_LIMIT,
&fd_limit);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up file descriptor limit\n");
goto fail;
}
responder_set_fd_limit(fd_limit);
ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY,
CONFDB_PAC_LIFETIME, 300,
&pac_ctx->pac_lifetime);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to setup negative cache timeout.\n");
goto fail;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "PAC Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
int sssm_proxy_id_init(struct be_ctx *bectx,
struct bet_ops **ops, void **pvt_data)
{
struct proxy_id_ctx *ctx;
char *libname;
char *libpath;
int ret;
ctx = talloc_zero(bectx, struct proxy_id_ctx);
if (!ctx) {
return ENOMEM;
}
ctx->be = bectx;
ret = confdb_get_string(bectx->cdb, ctx, bectx->conf_path,
CONFDB_PROXY_LIBNAME, NULL, &libname);
if (ret != EOK) goto done;
if (libname == NULL) {
ret = ENOENT;
goto done;
}
ret = confdb_get_bool(bectx->cdb, bectx->conf_path,
CONFDB_PROXY_FAST_ALIAS, false, &ctx->fast_alias);
if (ret != EOK) goto done;
libpath = talloc_asprintf(ctx, "libnss_%s.so.2", libname);
if (!libpath) {
ret = ENOMEM;
goto done;
}
ctx->handle = dlopen(libpath, RTLD_NOW);
if (!ctx->handle) {
DEBUG(0, ("Unable to load %s module with path, error: %s\n",
libpath, dlerror()));
ret = ELIBACC;
goto done;
}
ctx->ops.getpwnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwnam_r",
libname);
if (!ctx->ops.getpwnam_r) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.getpwuid_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwuid_r",
libname);
if (!ctx->ops.getpwuid_r) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.setpwent = proxy_dlsym(ctx->handle, "_nss_%s_setpwent", libname);
if (!ctx->ops.setpwent) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.getpwent_r = proxy_dlsym(ctx->handle, "_nss_%s_getpwent_r",
libname);
if (!ctx->ops.getpwent_r) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.endpwent = proxy_dlsym(ctx->handle, "_nss_%s_endpwent", libname);
if (!ctx->ops.endpwent) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.getgrnam_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrnam_r",
libname);
if (!ctx->ops.getgrnam_r) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.getgrgid_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrgid_r",
libname);
if (!ctx->ops.getgrgid_r) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.setgrent = proxy_dlsym(ctx->handle, "_nss_%s_setgrent", libname);
if (!ctx->ops.setgrent) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.getgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getgrent_r",
libname);
if (!ctx->ops.getgrent_r) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.endgrent = proxy_dlsym(ctx->handle, "_nss_%s_endgrent", libname);
if (!ctx->ops.endgrent) {
DEBUG(0, ("Failed to load NSS fns, error: %s\n", dlerror()));
ret = ELIBBAD;
goto done;
}
ctx->ops.initgroups_dyn = proxy_dlsym(ctx->handle, "_nss_%s_initgroups_dyn",
libname);
if (!ctx->ops.initgroups_dyn) {
DEBUG(1, ("The '%s' library does not provides the "
"_nss_XXX_initgroups_dyn function!\n"
"initgroups will be slow as it will require "
"full groups enumeration!\n", libname));
}
ctx->ops.setnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_setnetgrent",
libname);
if (!ctx->ops.setnetgrent) {
DEBUG(0, ("Failed to load _nss_%s_setnetgrent, error: %s. "
"The library does not support netgroups.\n", libname,
dlerror()));
}
ctx->ops.getnetgrent_r = proxy_dlsym(ctx->handle, "_nss_%s_getnetgrent_r",
libname);
if (!ctx->ops.getgrent_r) {
DEBUG(0, ("Failed to load _nss_%s_getnetgrent_r, error: %s. "
"The library does not support netgroups.\n", libname,
dlerror()));
}
ctx->ops.endnetgrent = proxy_dlsym(ctx->handle, "_nss_%s_endnetgrent",
libname);
if (!ctx->ops.endnetgrent) {
DEBUG(0, ("Failed to load _nss_%s_endnetgrent, error: %s. "
"The library does not support netgroups.\n", libname,
dlerror()));
}
ctx->ops.getservbyname_r = proxy_dlsym(ctx->handle,
"_nss_%s_getservbyname_r",
libname);
if (!ctx->ops.getservbyname_r) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to load _nss_%s_getservbyname_r, error: %s. "
"The library does not support services.\n",
libname,
dlerror()));
}
ctx->ops.getservbyport_r = proxy_dlsym(ctx->handle,
"_nss_%s_getservbyport_r",
libname);
if (!ctx->ops.getservbyport_r) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to load _nss_%s_getservbyport_r, error: %s. "
"The library does not support services.\n",
libname,
dlerror()));
}
ctx->ops.setservent = proxy_dlsym(ctx->handle,
"_nss_%s_setservent",
libname);
if (!ctx->ops.setservent) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to load _nss_%s_setservent, error: %s. "
"The library does not support services.\n",
libname,
dlerror()));
}
ctx->ops.getservent_r = proxy_dlsym(ctx->handle,
"_nss_%s_getservent_r",
libname);
if (!ctx->ops.getservent_r) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to load _nss_%s_getservent_r, error: %s. "
"The library does not support services.\n",
libname,
dlerror()));
}
ctx->ops.endservent = proxy_dlsym(ctx->handle,
"_nss_%s_endservent",
libname);
if (!ctx->ops.endservent) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to load _nss_%s_endservent, error: %s. "
"The library does not support services.\n",
libname,
dlerror()));
}
*ops = &proxy_id_ops;
*pvt_data = ctx;
ret = EOK;
done:
if (ret != EOK) {
talloc_free(ctx);
}
return ret;
}
/*
* Default values for add operations
*/
int useradd_defaults(TALLOC_CTX *mem_ctx,
struct confdb_ctx *confdb,
struct ops_ctx *data,
const char *gecos,
const char *homedir,
const char *shell,
int create_home,
const char *skeldir)
{
int ret;
char *basedir = NULL;
char *conf_path = NULL;
conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name);
if (!conf_path) {
return ENOMEM;
}
/* gecos */
data->gecos = talloc_strdup(mem_ctx, gecos ? gecos : data->name);
if (!data->gecos) {
ret = ENOMEM;
goto done;
}
DEBUG(7, ("Gecos: %s\n", data->gecos));
/* homedir */
if (homedir) {
data->home = talloc_strdup(data, homedir);
} else {
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_DEFAULT_BASEDIR,
DFL_BASEDIR_VAL, &basedir);
if (ret != EOK) {
goto done;
}
data->home = talloc_asprintf(mem_ctx, "%s/%s", basedir, data->name);
}
if (!data->home) {
ret = ENOMEM;
goto done;
}
DEBUG(7, ("Homedir: %s\n", data->home));
/* default shell */
if (!shell) {
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_DEFAULT_SHELL,
DFL_SHELL_VAL, &data->shell);
if (ret != EOK) {
goto done;
}
} else {
data->shell = talloc_strdup(mem_ctx, shell);
if (!data->shell) {
ret = ENOMEM;
goto done;
}
}
DEBUG(7, ("Shell: %s\n", data->shell));
/* create homedir on user creation? */
if (!create_home) {
ret = confdb_get_bool(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_CREATE_HOMEDIR,
DFL_CREATE_HOMEDIR, &data->create_homedir);
if (ret != EOK) {
goto done;
}
} else {
data->create_homedir = (create_home == DO_CREATE_HOME);
}
DEBUG(7, ("Auto create homedir: %s\n", data->create_homedir?"True":"False"));
/* umask to create homedirs */
ret = confdb_get_int(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_UMASK,
DFL_UMASK, (int *) &data->umask);
if (ret != EOK) {
goto done;
}
DEBUG(7, ("Umask: %o\n", data->umask));
/* a directory to create mail spools in */
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_MAIL_DIR,
DFL_MAIL_DIR, &data->maildir);
if (ret != EOK) {
goto done;
}
DEBUG(7, ("Mail dir: %s\n", data->maildir));
/* skeleton dir */
if (!skeldir) {
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_SKEL_DIR,
DFL_SKEL_DIR, &data->skeldir);
if (ret != EOK) {
goto done;
}
} else {
data->skeldir = talloc_strdup(mem_ctx, skeldir);
if (!data->skeldir) {
ret = ENOMEM;
goto done;
}
}
DEBUG(7, ("Skeleton dir: %s\n", data->skeldir));
ret = EOK;
done:
talloc_free(basedir);
talloc_free(conf_path);
return ret;
}
int confdb_init_db(const char *config_file, struct confdb_ctx *cdb)
{
TALLOC_CTX *tmp_ctx;
int ret;
int sret = EOK;
int version;
char timestr[21];
char *lasttimestr;
bool in_transaction = false;
const char *config_ldif;
const char *vals[2] = { timestr, NULL };
struct ldb_ldif *ldif;
struct sss_ini_initdata *init_data;
tmp_ctx = talloc_new(cdb);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n");
return ENOMEM;
}
init_data = sss_ini_initdata_init(tmp_ctx);
if (!init_data) {
DEBUG(SSSDBG_FATAL_FAILURE, "Out of memory.\n");
ret = ENOMEM;
goto done;
}
/* Open config file */
ret = sss_ini_config_file_open(init_data, config_file);
if (ret != EOK) {
DEBUG(SSSDBG_TRACE_FUNC,
"sss_ini_config_file_open failed: %s [%d]\n", strerror(ret),
ret);
if (ret == ENOENT) {
/* sss specific error denoting missing configuration file */
ret = ERR_MISSING_CONF;
}
goto done;
}
ret = sss_ini_config_access_check(init_data);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Permission check on config file failed.\n");
ret = EPERM;
goto done;
}
/* Determine if the conf file has changed since we last updated
* the confdb
*/
ret = sss_ini_get_stat(init_data);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Status check on config file failed.\n");
ret = errno;
goto done;
}
errno = 0;
ret = sss_ini_get_mtime(init_data, sizeof(timestr), timestr);
if (ret <= 0 || ret >= sizeof(timestr)) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to convert time_t to string ??\n");
ret = errno ? errno : EFAULT;
}
ret = confdb_get_string(cdb, tmp_ctx, "config", "lastUpdate",
NULL, &lasttimestr);
if (ret == EOK) {
/* check if we lastUpdate and last file modification change differ*/
if ((lasttimestr != NULL) && (strcmp(lasttimestr, timestr) == 0)) {
/* not changed, get out, nothing more to do */
ret = EOK;
goto done;
}
} else {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get lastUpdate attribute.\n");
goto done;
}
ret = sss_ini_get_config(init_data, config_file);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to load configuration\n");
goto done;
}
/* Make sure that the config file version matches the confdb version */
ret = sss_ini_get_cfgobj(init_data, "sssd", "config_file_version");
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Internal error determining config_file_version\n");
goto done;
}
ret = sss_ini_check_config_obj(init_data);
if (ret != EOK) {
/* No known version. Assumed to be version 1 */
DEBUG(SSSDBG_FATAL_FAILURE,
"Config file is an old version. "
"Please run configuration upgrade script.\n");
ret = EINVAL;
goto done;
}
version = sss_ini_get_int_config_value(init_data, 1, -1, &ret);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Config file version could not be determined\n");
goto done;
} else if (version < CONFDB_VERSION_INT) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Config file is an old version. "
"Please run configuration upgrade script.\n");
ret = EINVAL;
goto done;
} else if (version > CONFDB_VERSION_INT) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Config file version is newer than confdb\n");
ret = EINVAL;
goto done;
}
/* Set up a transaction to replace the configuration */
ret = ldb_transaction_start(cdb->ldb);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to start a transaction for "
"updating the configuration\n");
ret = sysdb_error_to_errno(ret);
goto done;
}
in_transaction = true;
/* Purge existing database */
ret = confdb_purge(cdb);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Could not purge existing configuration\n");
goto done;
}
ret = sss_confdb_create_ldif(tmp_ctx, init_data, &config_ldif);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not create LDIF for confdb\n");
goto done;
}
DEBUG(SSSDBG_TRACE_LIBS, "LDIF file to import: \n%s", config_ldif);
while ((ldif = ldb_ldif_read_string(cdb->ldb, &config_ldif))) {
ret = ldb_add(cdb->ldb, ldif->msg);
if (ret != LDB_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to initialize DB (%d,[%s]), aborting!\n",
ret, ldb_errstring(cdb->ldb));
ret = EIO;
goto done;
}
ldb_ldif_read_free(cdb->ldb, ldif);
}
/* now store the lastUpdate time so that we do not re-init if nothing
* changed on restart */
ret = confdb_add_param(cdb, true, "config", "lastUpdate", vals);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set last update time on db!\n");
goto done;
}
ret = ldb_transaction_commit(cdb->ldb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
goto done;
}
in_transaction = false;
ret = EOK;
done:
if (in_transaction) {
sret = ldb_transaction_cancel(cdb->ldb);
if (sret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
}
}
sss_ini_config_destroy(init_data);
sss_ini_close_file(init_data);
talloc_zfree(tmp_ctx);
return ret;
}
int sdap_get_map(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
struct sdap_attr_map *def_map,
int num_entries,
struct sdap_attr_map **_map)
{
struct sdap_attr_map *map;
char *name;
int i, ret;
map = talloc_array(memctx, struct sdap_attr_map, num_entries);
if (!map) {
return ENOMEM;
}
for (i = 0; i < num_entries; i++) {
map[i].opt_name = def_map[i].opt_name;
map[i].def_name = def_map[i].def_name;
map[i].sys_name = def_map[i].sys_name;
ret = confdb_get_string(cdb, map, conf_path,
map[i].opt_name,
map[i].def_name,
&name);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to retrieve value for %s\n", map[i].opt_name));
talloc_zfree(map);
return EINVAL;
}
if (name) {
ret = sss_filter_sanitize(map, name, &map[i].name);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Could not sanitize attribute [%s]\n", name));
talloc_zfree(map);
return EINVAL;
}
talloc_zfree(name);
} else {
map[i].name = NULL;
}
if (map[i].def_name && !map[i].name) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Failed to retrieve value for %s\n", map[i].opt_name));
talloc_zfree(map);
return EINVAL;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Option %s has%s value %s\n",
map[i].opt_name, map[i].name ? "" : " no",
map[i].name ? map[i].name : ""));
}
*_map = map;
return EOK;
}
int run_userdel_cmd(struct tools_ctx *tctx)
{
int ret, status;
char *userdel_cmd = NULL;
char *conf_path = NULL;
pid_t pid, child_pid;
conf_path = talloc_asprintf(tctx, CONFDB_DOMAIN_PATH_TMPL,
tctx->local->name);
if (!conf_path) {
ret = ENOMEM;
goto done;
}
ret = confdb_get_string(tctx->confdb, tctx,
conf_path, CONFDB_LOCAL_USERDEL_CMD,
NULL, &userdel_cmd);
if (ret != EOK || !userdel_cmd) {
goto done;
}
errno = 0;
pid = fork();
if (pid == 0) {
/* child */
execl(userdel_cmd, userdel_cmd,
tctx->octx->name, (char *) NULL);
exit(errno);
} else {
/* parent */
if (pid == -1) {
DEBUG(1, ("fork failed [%d]: %s\n"));
ret = errno;
goto done;
}
while((child_pid = waitpid(pid, &status, 0)) > 0) {
if (WIFEXITED(status)) {
ret = WEXITSTATUS(status);
if (ret != 0) {
DEBUG(5, ("command [%s] returned nonzero status %d.\n",
userdel_cmd, ret));
ret = EOK; /* Ignore return code of the command */
goto done;
}
} else if (WIFSIGNALED(status)) {
DEBUG(5, ("command [%s] was terminated by signal %d.\n",
userdel_cmd, WTERMSIG(status)));
ret = EIO;
goto done;
} else if (WIFSTOPPED(status)) {
DEBUG(5, ("command [%s] was stopped by signal %d.\n",
userdel_cmd, WSTOPSIG(status)));
continue;
} else {
DEBUG(1, ("Unknown status from WAITPID\n"));
ret = EIO;
goto done;
}
}
if (child_pid == -1) {
DEBUG(SSSDBG_CRIT_FAILURE, ("waitpid failed\n"));
ret = errno;
goto done;
}
}
ret = EOK;
done:
talloc_free(userdel_cmd);
talloc_free(conf_path);
return ret;
}
int ifp_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *ifp_cmds;
struct ifp_ctx *ifp_ctx;
struct be_conn *iter;
int ret;
int max_retries;
char *uid_str;
char *attr_list_str;
char *wildcard_limit_str;
ifp_cmds = get_ifp_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
ifp_cmds,
NULL, -1, NULL, -1,
CONFDB_IFP_CONF_ENTRY,
SSS_IFP_SBUS_SERVICE_NAME,
SSS_IFP_SBUS_SERVICE_VERSION,
&monitor_ifp_methods,
"InfoPipe",
&ifp_dp_methods.vtable,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
ifp_ctx = talloc_zero(rctx, struct ifp_ctx);
if (ifp_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ifp_ctx\n");
ret = ENOMEM;
goto fail;
}
ifp_ctx->rctx = rctx;
ifp_ctx->rctx->pvt_ctx = ifp_ctx;
ret = sss_names_init_from_args(ifp_ctx,
"(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
"%1$s@%2$s", &ifp_ctx->snctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing regex data\n");
goto fail;
}
ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx,
CONFDB_IFP_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS,
DEFAULT_ALLOWED_UIDS, &uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get allowed UIDs.\n");
goto fail;
}
ret = csv_string_to_uid_array(ifp_ctx->rctx, uid_str, true,
&ifp_ctx->rctx->allowed_uids_count,
&ifp_ctx->rctx->allowed_uids);
talloc_free(uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n");
goto fail;
}
ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx,
CONFDB_IFP_CONF_ENTRY, CONFDB_IFP_USER_ATTR_LIST,
NULL, &attr_list_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get user attribute list.\n");
goto fail;
}
ifp_ctx->user_whitelist = ifp_parse_user_attr_list(ifp_ctx, attr_list_str);
talloc_free(attr_list_str);
if (ifp_ctx->user_whitelist == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to parse the allowed attribute list\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(ifp_ctx->rctx->cdb,
CONFDB_IFP_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up automatic reconnection\n");
goto fail;
}
/* A bit convoluted way until we have a confdb_get_uint32 */
ret = confdb_get_string(ifp_ctx->rctx->cdb,
ifp_ctx->rctx,
CONFDB_IFP_CONF_ENTRY,
CONFDB_IFP_WILDCARD_LIMIT,
NULL, /* no limit by default */
&wildcard_limit_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to retrieve limit for a wildcard search\n");
goto fail;
}
if (wildcard_limit_str) {
ifp_ctx->wildcard_limit = strtouint32(wildcard_limit_str, NULL, 10);
ret = errno;
if (ret != EOK) {
goto fail;
}
}
for (iter = ifp_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
ifp_dp_reconnect_init, iter);
}
/* Connect to the D-BUS system bus and set up methods */
ret = sysbus_init(ifp_ctx, ifp_ctx->rctx->ev,
IFACE_IFP,
ifp_ctx, &ifp_ctx->sysbus);
if (ret == ERR_NO_SYSBUS) {
DEBUG(SSSDBG_MINOR_FAILURE,
"The system bus is not available..\n");
/* Explicitly ignore, the D-Bus daemon will start us */
} else if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to connect to the system message bus\n");
talloc_free(ifp_ctx);
return EIO;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "InfoPipe Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}