Exemplo n.º 1
0
static const char *
convert_user(TALLOC_CTX *mem_ctx,
             struct ipa_sudo_conv *conv,
             const char *value)
{
    char *rdn;
    const char *group;
    errno_t ret;

    ret = ipa_get_rdn(mem_ctx, conv->sysdb, value, &rdn,
                      MATCHRDN_USER(conv->map_user));
    if (ret == EOK) {
        return rdn;
    } else if (ret != ENOENT) {
        DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n",
              value, ret, sss_strerror(ret));
        return NULL;
    }

    ret = ipa_get_rdn(mem_ctx, conv->sysdb, value, &rdn,
                      MATCHRDN_GROUP(conv->map_group));
    if (ret == ENOENT) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s\n", value);
        return NULL;
    } else if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n",
              value, ret, sss_strerror(ret));
        return NULL;
    }

    group = talloc_asprintf(mem_ctx, "%%%s", rdn);
    talloc_free(rdn);

    return group;
}
Exemplo n.º 2
0
int ad_autofs_init(struct be_ctx *be_ctx,
                   struct ad_id_ctx *id_ctx,
                   struct bet_ops **ops,
                   void **pvt_data)
{
    int ret;

    DEBUG(SSSDBG_TRACE_INTERNAL, "Initializing autofs AD back end\n");

    ret = sdap_autofs_init(be_ctx, id_ctx->sdap_id_ctx, ops, pvt_data);
    if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD autofs [%d]: %s\n",
                                 ret, sss_strerror(ret));
        return ret;
    }

    ret = ad_get_autofs_options(id_ctx->ad_options, be_ctx->cdb,
                                be_ctx->conf_path);
    if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE, "Cannot initialize AD autofs [%d]: %s\n",
                                 ret, sss_strerror(ret));
        return ret;
    }

    return EOK;
}
Exemplo n.º 3
0
struct ipa_sudo_conv *
ipa_sudo_conv_init(TALLOC_CTX *mem_ctx,
                   struct sysdb_ctx *sysdb,
                   struct sdap_attr_map *map_rule,
                   struct sdap_attr_map *map_cmdgroup,
                   struct sdap_attr_map *map_cmd,
                   struct sdap_attr_map *map_user,
                   struct sdap_attr_map *map_group,
                   struct sdap_attr_map *map_host,
                   struct sdap_attr_map *map_hostgroup)
{
    struct ipa_sudo_conv *conv;
    errno_t ret;

    conv = talloc_zero(mem_ctx, struct ipa_sudo_conv);
    if (conv == NULL) {
        return NULL;
    }

    conv->sysdb = sysdb;
    conv->map_rule = map_rule;
    conv->map_cmdgroup = map_cmdgroup;
    conv->map_cmd = map_cmd;
    conv->map_user = map_user;
    conv->map_group = map_group;
    conv->map_host = map_host;
    conv->map_hostgroup = map_hostgroup;

    ret = sss_hash_create(conv, 20, &conv->rules);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create hash table [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

    ret = sss_hash_create(conv, 20, &conv->cmdgroups);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create hash table [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

    ret = sss_hash_create(conv, 20, &conv->cmds);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create hash table [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

done:
    if (ret != EOK) {
        talloc_free(conv);
        return NULL;
    }

    return conv;
}
Exemplo n.º 4
0
static errno_t proxy_id_conf(TALLOC_CTX *mem_ctx,
                             struct be_ctx *be_ctx,
                             char **_libname,
                             char **_libpath,
                             bool *_fast_alias)
{
    TALLOC_CTX *tmp_ctx;
    char *libname;
    char *libpath;
    bool fast_alias;
    errno_t ret;

    tmp_ctx = talloc_new(NULL);
    if (tmp_ctx == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
        return ENOMEM;
    }

    ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path,
                            CONFDB_PROXY_LIBNAME, NULL, &libname);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    } else if (libname == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "No library name given\n");
        ret = ENOENT;
        goto done;
    }

    ret = confdb_get_bool(be_ctx->cdb, be_ctx->conf_path,
                          CONFDB_PROXY_FAST_ALIAS, false, &fast_alias);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

    libpath = talloc_asprintf(tmp_ctx, "libnss_%s.so.2", libname);
    if (libpath == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
        ret = ENOMEM;
        goto done;
    }

    *_libname = talloc_steal(mem_ctx, libname);
    *_libpath = talloc_steal(mem_ctx, libpath);
    *_fast_alias = fast_alias;

    ret = EOK;

done:
    talloc_free(tmp_ctx);

    return ret;
}
Exemplo n.º 5
0
errno_t
ipa_sudo_conv_cmdgroups(struct ipa_sudo_conv *conv,
                        struct sysdb_attrs **cmdgroups,
                        size_t num_cmdgroups)
{
    struct ipa_sudo_cmdgroup *cmdgroup = NULL;
    const char *key;
    errno_t ret;
    size_t i;

    if (num_cmdgroups == 0) {
        /* We're done here. */
        return EOK;
    }

    for (i = 0; i < num_cmdgroups; i++) {
        ret = sysdb_attrs_get_string(cmdgroups[i], SYSDB_ORIG_DN, &key);
        if (ret != EOK) {
            DEBUG(SSSDBG_MINOR_FAILURE, "Failed to get command group DN, "
                  "skipping [%d]: %s\n", ret, sss_strerror(ret));
            continue;
        }

        cmdgroup = talloc_zero(conv->cmdgroups, struct ipa_sudo_cmdgroup);
        if (cmdgroup == NULL) {
            ret = ENOMEM;
            goto done;
        }

        ret = process_cmdgroupmember(conv, cmdgroup, cmdgroups[i]);
        if (ret != EOK) {
            DEBUG(SSSDBG_OP_FAILURE, "Failed to process member "
                  "[%d]: %s\n", ret, sss_strerror(ret));
            return ret;
        }

        ret = ipa_sudo_conv_store(conv->cmdgroups, key, cmdgroup);
        if (ret != EOK) {
            DEBUG(SSSDBG_OP_FAILURE, "Failed to store command group into "
                  "table [%d]: %s\n", ret, sss_strerror(ret));
            goto done;
        }

        cmdgroup = NULL;
    }

    ret = EOK;

done:
    if (ret != EOK) {
        talloc_free(cmdgroup);
    }

    return ret;
}
Exemplo n.º 6
0
static errno_t sssctl_fetch_object(TALLOC_CTX *mem_ctx,
                                   struct sssctl_object_info *info,
                                   struct sss_domain_info *domains,
                                   struct sss_domain_info *domain,
                                   sssctl_basedn_fn basedn_fn,
                                   enum cache_object obj_type,
                                   const char *attr_name,
                                   const char *attr_value,
                                   struct sysdb_attrs **_entry,
                                   struct sss_domain_info **_dom)
{
    TALLOC_CTX *tmp_ctx;
    struct sysdb_attrs *entry;
    struct sss_domain_info *dom;
    const char **attrs;
    char *sanitized;
    errno_t ret;

    tmp_ctx = talloc_new(NULL);
    if (tmp_ctx == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
        return ENOMEM;
    }

    ret = sss_filter_sanitize(tmp_ctx, attr_value, &sanitized);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to sanitize input [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

    attrs = sssctl_build_attrs(tmp_ctx, info);
    if (attrs == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get attribute list!\n");
        ret = ENOMEM;
        goto done;
    }

    ret = sssctl_find_object(tmp_ctx, domains, domain, basedn_fn,
                             obj_type, attr_name, sanitized, attrs,
                             &entry, &dom);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to query cache [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

    *_entry = talloc_steal(mem_ctx, entry);
    *_dom = dom;

done:
    talloc_free(tmp_ctx);

    return ret;
}
Exemplo n.º 7
0
static errno_t
ifp_groups_group_get(struct sbus_request *sbus_req,
                     void *data,
                     gid_t *_gid,
                     struct sss_domain_info **_domain,
                     struct ldb_message **_group)
{
    struct ifp_ctx *ctx;
    struct sss_domain_info *domain;
    struct ldb_result *res;
    uid_t gid;
    errno_t ret;

    ctx = talloc_get_type(data, struct ifp_ctx);
    if (ctx == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Invalid pointer!\n");
        return ERR_INTERNAL;
    }

    ret = ifp_groups_decompose_path(ctx->rctx->domains, sbus_req->path,
                                    &domain, &gid);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to decompose object path"
              "[%s] [%d]: %s\n", sbus_req->path, ret, sss_strerror(ret));
        return ret;
    }

    if (_group != NULL) {
        ret = sysdb_getgrgid_with_views(sbus_req, domain, gid, &res);
        if (ret == EOK && res->count == 0) {
            *_group = NULL;
            ret = ENOENT;
        }

        if (ret != EOK) {
            DEBUG(SSSDBG_CRIT_FAILURE, "Unable to lookup group %u@%s [%d]: %s\n",
                  gid, domain->name, ret, sss_strerror(ret));
        } else {
            *_group = res->msgs[0];
        }
    }

    if (ret == EOK || ret == ENOENT) {
        if (_gid != NULL) {
            *_gid = gid;
        }

        if (_domain != NULL) {
            *_domain = domain;
        }
    }

    return ret;
}
Exemplo n.º 8
0
static errno_t sssctl_query_cache(TALLOC_CTX *mem_ctx,
                                  struct sysdb_ctx *sysdb,
                                  struct ldb_dn *base_dn,
                                  const char *filter,
                                  const char **attrs,
                                  struct sysdb_attrs **_entry)
{
    TALLOC_CTX *tmp_ctx;
    struct sysdb_attrs **sysdb_attrs;
    struct ldb_message **msgs;
    size_t count;
    errno_t ret;

    tmp_ctx = talloc_new(NULL);
    if (tmp_ctx == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
        return ENOMEM;
    }

    ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_SUBTREE,
                             filter, attrs, &count, &msgs);
    if (ret == ENOENT) {
        DEBUG(SSSDBG_TRACE_FUNC, "No result\n");
        goto done;
    } else if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to search sysdb "
              "[%d]: %s\n", ret, sss_strerror(ret));
        goto done;
    }

    if (count != 1) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Search returned more than one result!\n");
        ret = ERR_INTERNAL;
        goto done;
    }

    ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &sysdb_attrs);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to convert message to sysdb attrs "
              "[%d]: %s\n", ret, sss_strerror(ret));
        goto done;
    }

    *_entry = talloc_steal(mem_ctx, sysdb_attrs[0]);

done:
    talloc_free(tmp_ctx);
    return ret;
}
Exemplo n.º 9
0
static errno_t
store_rulemember(TALLOC_CTX *mem_ctx,
                 struct ipa_sudo_dn_list **list,
                 hash_table_t *table,
                 const char *dn)
{
    struct ipa_sudo_dn_list *item;
    errno_t ret;

    item = talloc_zero(mem_ctx, struct ipa_sudo_dn_list);
    if (item == NULL) {
        return ENOMEM;
    }

    ret = ipa_sudo_conv_store(table, dn, NULL);
    if (ret != EOK && ret != EEXIST) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to store DN %s [%d]: %s\n",
              dn, ret, sss_strerror(ret));
        goto done;
    }

    item->dn = talloc_steal(item, dn);
    DLIST_ADD(*list, item);

done:
    if (ret != EOK && ret != EEXIST) {
        talloc_free(item);
    }

    return ret;
}
Exemplo n.º 10
0
static errno_t cache_req_search_ncache(struct cache_req *cr)
{
    errno_t ret;

    if (cr->plugin->ncache_check_fn == NULL) {
        CACHE_REQ_DEBUG(SSSDBG_TRACE_INTERNAL, cr,
                        "This request type does not support negative cache\n");
        return EOK;
    }

    CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
                    "Checking negative cache for [%s]\n",
                    cr->debugobj);

    ret = cr->plugin->ncache_check_fn(cr->ncache, cr->domain, cr->data);
    if (ret == EEXIST) {
        CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
                        "[%s] does not exist (negative cache)\n",
                        cr->debugobj);
        return ENOENT;
    } else if (ret != EOK && ret != ENOENT) {
        CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr,
                        "Unable to check negative cache [%d]: %s\n",
                        ret, sss_strerror(ret));
        return ret;
    }

    CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
                    "[%s] is not present in negative cache\n",
                    cr->debugobj);

    return EOK;
}
Exemplo n.º 11
0
static void cache_req_search_process_dp(TALLOC_CTX *mem_ctx,
                                        struct tevent_req *subreq,
                                        struct cache_req *cr)
{
    char *err_msg;
    dbus_uint16_t err_maj;
    dbus_uint32_t err_min;
    errno_t ret;

    ret = sss_dp_get_account_recv(mem_ctx, subreq, &err_maj, &err_min, &err_msg);
    talloc_zfree(subreq);
    if (ret != EOK) {
        CACHE_REQ_DEBUG(SSSDBG_OP_FAILURE, cr,
                        "Could not get account info [%d]: %s\n",
                        ret, sss_strerror(ret));
        CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
                        "Due to an error we will return cached data\n");
    }

    if (err_maj) {
        CACHE_REQ_DEBUG(SSSDBG_OP_FAILURE, cr,
                        "Data Provider Error: %u, %u, %s\n",
                        (unsigned int)err_maj, (unsigned int)err_min, err_msg);
        CACHE_REQ_DEBUG(SSSDBG_TRACE_FUNC, cr,
                        "Due to an error we will return cached data\n");
    }

    return;
}
Exemplo n.º 12
0
static errno_t cache_req_dpreq_params(TALLOC_CTX *mem_ctx,
                                      struct cache_req *cr,
                                      struct ldb_result *result,
                                      const char **_string,
                                      uint32_t *_id,
                                      const char **_flag)
{
    errno_t ret;

    if (cr->plugin->dpreq_params_fn == NULL) {
        CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr,
                        "Bug: No dpreq params function specified\n");
        return ERR_INTERNAL;
    }


    CACHE_REQ_DEBUG(SSSDBG_TRACE_INTERNAL, cr,
                    "Creating DP request parameters\n");

    ret = cr->plugin->dpreq_params_fn(mem_ctx, cr, result, _string, _id, _flag);
    if (ret != EOK) {
        CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, cr,
                        "Unable to create DP request parameters [%d]: %s\n",
                        ret, sss_strerror(ret));
        return ret;
    }

    return EOK;
}
Exemplo n.º 13
0
static void be_ptask_done(struct tevent_req *req)
{
    struct be_ptask *task = NULL;
    errno_t ret;

    task = tevent_req_callback_data(req, struct be_ptask);

    ret = task->recv_fn(req);
    talloc_zfree(req);
    task->req = NULL;
    switch (ret) {
    case EOK:
        DEBUG(SSSDBG_TRACE_FUNC, "Task [%s]: finished successfully\n",
                                  task->name);

        be_ptask_schedule(task, BE_PTASK_PERIOD, BE_PTASK_SCHEDULE_FROM_LAST);
        break;
    default:
        DEBUG(SSSDBG_OP_FAILURE, "Task [%s]: failed with [%d]: %s\n",
                                  task->name, ret, sss_strerror(ret));

        be_ptask_schedule(task, BE_PTASK_PERIOD, BE_PTASK_SCHEDULE_FROM_NOW);
        break;
    }
}
Exemplo n.º 14
0
static errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx,
                               struct be_ctx *be_ctx,
                               char **_pam_target)
{
    char *pam_target;
    errno_t ret;

    ret = confdb_get_string(be_ctx->cdb, mem_ctx, be_ctx->conf_path,
                            CONFDB_PROXY_PAM_TARGET, NULL, &pam_target);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
              ret, sss_strerror(ret));
        return ret;
    }

    if (pam_target == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Missing option %s.\n",
              CONFDB_PROXY_PAM_TARGET);
        return EINVAL;
    }

    *_pam_target = pam_target;

    return EOK;
}
Exemplo n.º 15
0
char *
sss_get_domain_name(TALLOC_CTX *mem_ctx,
                    const char *orig_name,
                    struct sss_domain_info *dom)
{
    char *user_name;
    char *domain = NULL;
    int ret;

    /* check if the name already contains domain part */
    if (dom->names != NULL) {
        ret = sss_parse_name(mem_ctx, dom->names, orig_name, &domain, NULL);
        if (ret == ERR_REGEX_NOMATCH) {
            DEBUG(SSSDBG_TRACE_FUNC,
                  "sss_parse_name could not parse domain from [%s]. "
                  "Assuming it is not FQDN.\n", orig_name);
        } else if (ret != EOK) {
            DEBUG(SSSDBG_TRACE_FUNC,
                  "sss_parse_name failed [%d]: %s\n", ret, sss_strerror(ret));
            return NULL;
        }
    }

    if (IS_SUBDOMAIN(dom) && dom->fqnames && domain == NULL) {
        /* we always use the fully qualified name for subdomain users */
        user_name = sss_tc_fqname(mem_ctx, dom->names, dom, orig_name);
    } else {
        user_name = talloc_strdup(mem_ctx, orig_name);
    }

    talloc_free(domain);

    return user_name;
}
Exemplo n.º 16
0
static errno_t wait_till_nss_responder_invalidate_cache(void)
{
    struct stat stat_buf = { 0 };
    const time_t max_wait = 1000000; /* 1 second */
    const time_t step_time = 5000; /* 5 milliseconds */
    const size_t steps_count = max_wait / step_time;
    int ret;

    for (size_t i = 0; i < steps_count; ++i) {
        ret = stat(SSS_NSS_MCACHE_DIR "/" CLEAR_MC_FLAG, &stat_buf);
        if (ret == -1) {
            ret = errno;
            if (ret == ENOENT) {
                /* nss responder has already invalidated memory caches */
                return EOK;
            }

            DEBUG(SSSDBG_CRIT_FAILURE,
                  "stat failed: %s (%d)\n", sss_strerror(ret), ret);
        }

        usleep(step_time);
    }

    return EAGAIN;
}
Exemplo n.º 17
0
struct sss_domain_info *
find_domain_by_object_name(struct sss_domain_info *domain,
                           const char *object_name)
{
    TALLOC_CTX *tmp_ctx;
    struct sss_domain_info *dom = NULL;
    char *domainname = NULL;
    errno_t ret;

    tmp_ctx = talloc_new(NULL);
    if (tmp_ctx == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
        return NULL;
    }

    ret = sss_parse_name(tmp_ctx, domain->names, object_name,
                         &domainname, NULL);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse name '%s' [%d]: %s\n",
                                    object_name, ret, sss_strerror(ret));
        goto done;
    }

    if (domainname == NULL) {
        dom = domain;
    } else {
        dom = find_domain_by_name(domain, domainname, true);
    }

done:
    talloc_free(tmp_ctx);
    return dom;
}
Exemplo n.º 18
0
static errno_t
nss_get_id_type(struct nss_cmd_ctx *cmd_ctx,
                struct cache_req_result *result,
                enum sss_id_type *_type)
{
    errno_t ret;

    if (cmd_ctx->sid_id_type != SSS_ID_TYPE_NOT_SPECIFIED) {
        *_type = cmd_ctx->sid_id_type;
        return EOK;
    }

    /* Well known objects are always groups. */
    if (result->well_known_object) {
        *_type = SSS_ID_TYPE_GID;
        return EOK;
    }

    ret = find_sss_id_type(result->msgs[0], result->domain->mpg, _type);
    if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE,
              "Unable to find ID type [%d]: %s\n", ret, sss_strerror(ret));
        return ret;
    }

    return EOK;
}
Exemplo n.º 19
0
static errno_t
memcache_delete_entry_by_name(struct nss_ctx *nss_ctx,
                              struct sized_string *name,
                              enum sss_mc_type type)
{
    errno_t ret;

    switch (type) {
    case SSS_MC_PASSWD:
        ret = sss_mmap_cache_pw_invalidate(nss_ctx->pwd_mc_ctx, name);
        break;
    case SSS_MC_GROUP:
        ret = sss_mmap_cache_gr_invalidate(nss_ctx->grp_mc_ctx, name);
        break;
    case SSS_MC_INITGROUPS:
        ret = sss_mmap_cache_initgr_invalidate(nss_ctx->initgr_mc_ctx, name);
        break;
    default:
        return EINVAL;
    }

    if (ret == EOK || ret == ENOENT) {
        return EOK;
    }

    DEBUG(SSSDBG_CRIT_FAILURE,
          "Internal failure in memory cache code: %d [%s]\n",
          ret, sss_strerror(ret));

    return ret;
}
Exemplo n.º 20
0
static errno_t
memcache_delete_entry_by_id(struct nss_ctx *nss_ctx,
                            uint32_t id,
                            enum sss_mc_type type)
{
    errno_t ret;

    switch (type) {
    case SSS_MC_PASSWD:
        ret = sss_mmap_cache_pw_invalidate_uid(nss_ctx->pwd_mc_ctx, (uid_t)id);
        break;
    case SSS_MC_GROUP:
        ret = sss_mmap_cache_gr_invalidate_gid(nss_ctx->grp_mc_ctx, (gid_t)id);
        break;
    default:
        return EINVAL;
    }

    if (ret == EOK || ret == ENOENT) {
        return EOK;
    }

    DEBUG(SSSDBG_CRIT_FAILURE,
          "Internal failure in memory cache code: %d [%s]\n",
          ret, sss_strerror(ret));

    return ret;
}
Exemplo n.º 21
0
void
sbus_request_invoke_or_finish(struct sbus_request *dbus_req,
                              sbus_msg_handler_fn handler_fn,
                              void *handler_data,
                              sbus_method_invoker_fn invoker_fn)
{
    DBusError error;
    int ret;

    if (invoker_fn != NULL) {
        ret = invoker_fn(dbus_req, handler_fn);
    } else if (handler_fn != NULL) {
        ret = handler_fn(dbus_req, handler_data);
    } else {
        ret = EINVAL;
    }

    switch(ret) {
    case ERR_SBUS_REQUEST_HANDLED:
    case EOK:
        return;
    case ENOMEM:
        DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory handling DBus message\n");
        sbus_request_finish(dbus_req, NULL);
        break;
    default:
        DEBUG(SSSDBG_CRIT_FAILURE, "Handler failed [%d]: %s\n",
              ret, sss_strerror(ret));
        dbus_error_init(&error);
        dbus_set_error_const(&error, DBUS_ERROR_FAILED, INTERNAL_ERROR);
        sbus_request_fail_and_finish(dbus_req, &error);
        break;
    }
}
Exemplo n.º 22
0
errno_t sssm_proxy_init(TALLOC_CTX *mem_ctx,
                       struct be_ctx *be_ctx,
                       struct data_provider *provider,
                       const char *module_name,
                       void **_module_data)
{
    struct proxy_auth_ctx *auth_ctx;
    errno_t ret;

    if (!dp_target_enabled(provider, module_name,
                           DPT_ACCESS, DPT_AUTH, DPT_CHPASS)) {
        return EOK;
    }

    /* Initialize auth_ctx since one of the access, auth or chpass is set. */

    ret = proxy_init_auth_ctx(mem_ctx, be_ctx, &auth_ctx);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create auth context [%d]: %s\n",
              ret, sss_strerror(ret));
        return ret;
    }

    *_module_data = auth_ctx;

    return EOK;
}
Exemplo n.º 23
0
Arquivo: sss_ldap.c Projeto: 3van/sssd
const char* sss_ldap_err2string(int err)
{
    if (IS_SSSD_ERROR(err)) {
        return sss_strerror(err);
    } else {
        return ldap_err2string(err);
    }
}
Exemplo n.º 24
0
static errno_t ad_get_enabled_domains(TALLOC_CTX *mem_ctx,
                                      struct ad_id_ctx *ad_id_ctx,
                                      const char *ad_domain,
                                      const char ***_ad_enabled_domains)
{
    int ret;
    const char *str;
    const char *option_name;
    const char **domains = NULL;
    int count;
    bool is_ad_in_domains;
    TALLOC_CTX *tmp_ctx = NULL;

    tmp_ctx = talloc_new(NULL);
    if (tmp_ctx == NULL) {
        return ENOMEM;
    }

    str = dp_opt_get_cstring(ad_id_ctx->ad_options->basic, AD_ENABLED_DOMAINS);
    if (str == NULL) {
        *_ad_enabled_domains = NULL;
        ret = EOK;
        goto done;
    }

    count = 0;
    ret = split_on_separator(tmp_ctx, str, ',', true, true,
                             discard_const_p(char **, &domains), &count);
    if (ret != EOK) {
        option_name = ad_id_ctx->ad_options->basic[AD_ENABLED_DOMAINS].opt_name;
        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse option [%s], [%i] [%s]!\n",
                                   option_name, ret, sss_strerror(ret));
        ret = EINVAL;
        goto done;
    }

    is_ad_in_domains = false;
    for (int i = 0; i < count; i++) {
        is_ad_in_domains += strcmp(ad_domain, domains[i]) == 0 ? true : false;
    }

    if (is_ad_in_domains == false) {
        domains = talloc_realloc(tmp_ctx, domains, const char*, count + 2);
        if (domains == NULL) {
            ret = ENOMEM;
            goto done;
        }

        domains[count] = talloc_strdup(domains, ad_domain);
        if (domains[count] == NULL) {
            ret = ENOMEM;
            goto done;
        }

        domains[count + 1] = NULL;
    } else {
Exemplo n.º 25
0
errno_t
ipa_sudo_conv_cmds(struct ipa_sudo_conv *conv,
                   struct sysdb_attrs **cmds,
                   size_t num_cmds)
{
    const char *key;
    const char *cmd;
    errno_t ret;
    size_t i;

    if (num_cmds == 0) {
        /* We're done here. */
        return EOK;
    }

    for (i = 0; i < num_cmds; i++) {
        ret = sysdb_attrs_get_string(cmds[i], SYSDB_ORIG_DN, &key);
        if (ret != EOK) {
            DEBUG(SSSDBG_MINOR_FAILURE, "Failed to get command DN, skipping "
                  "[%d]: %s\n", ret, sss_strerror(ret));
            continue;
        }

        ret = sysdb_attrs_get_string(cmds[i], SYSDB_IPA_SUDOCMD_SUDOCMD, &cmd);
        if (ret != EOK) {
            DEBUG(SSSDBG_MINOR_FAILURE, "Failed to get command, skipping "
                  "[%d]: %s\n", ret, sss_strerror(ret));
            continue;
        }

        ret = ipa_sudo_conv_store(conv->cmds, key, discard_const(cmd));
        if (ret != EOK) {
            DEBUG(SSSDBG_OP_FAILURE, "Failed to store command into table "
                  "[%d]: %s\n", ret, sss_strerror(ret));
            goto done;
        }
    }

    ret = EOK;

done:
    return ret;
}
Exemplo n.º 26
0
errno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx,
                           struct be_ctx *be_ctx,
                           void *module_data,
                           struct dp_method *dp_methods)
{
    struct proxy_id_ctx *ctx;
    char *libname;
    char *libpath;
    errno_t ret;

    ctx = talloc_zero(mem_ctx, struct proxy_id_ctx);
    if (ctx == NULL) {
        return ENOMEM;
    }

    ctx->be = be_ctx;

    ret = proxy_id_conf(ctx, be_ctx, &libname, &libpath, &ctx->fast_alias);
    if (ret != EOK) {
        goto done;
    }

    ctx->handle = dlopen(libpath, RTLD_NOW);
    if (ctx->handle == NULL) {
        DEBUG(SSSDBG_FATAL_FAILURE, "Unable to load %s module, "
              "error: %s\n", libpath, dlerror());
        ret = ELIBACC;
        goto done;
    }

    ret = proxy_id_load_symbols(&ctx->ops, libname, ctx->handle);
    if (ret != EOK) {
        DEBUG(SSSDBG_FATAL_FAILURE, "Unable to load NSS symbols [%d]: %s\n",
              ret, sss_strerror(ret));
        goto done;
    }

    dp_set_method(dp_methods, DPM_ACCOUNT_HANDLER,
                  proxy_account_info_handler_send, proxy_account_info_handler_recv, ctx,
                  struct proxy_id_ctx, struct dp_id_data, struct dp_reply_std);

    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
                  default_account_domain_send, default_account_domain_recv, NULL,
                  void, struct dp_get_acct_domain_data, struct dp_reply_std);

    ret = EOK;

done:
    if (ret != EOK) {
        talloc_free(ctx);
    }

    return ret;
}
Exemplo n.º 27
0
void sbus_sync_emit_signal(struct sbus_sync_connection *conn,
                           DBusMessage *msg)
{
    errno_t ret;

    ret = sbus_sync_message_send(NULL, conn, msg, SBUS_MESSAGE_TIMEOUT, NULL);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to emit signal [%d]: %s\n",
              ret, sss_strerror(ret));
    }
}
Exemplo n.º 28
0
static errno_t
nodes_cached_objects(TALLOC_CTX *mem_ctx,
                     struct ifp_ctx *ifp_ctx,
                     enum ifp_cache_type type,
                     const char *prefix,
                     const char ***_nodes)
{
    TALLOC_CTX *tmp_ctx;
    const char **paths;
    const char **nodes;
    const char *node;
    int num_paths;
    errno_t ret;
    int i;

    tmp_ctx = talloc_new(NULL);
    if (tmp_ctx == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
        return ENOMEM;
    }

    ret = ifp_cache_list_domains(tmp_ctx, ifp_ctx->rctx->domains, type, &paths);
    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to obtain cache objects list "
              "[%d]: %s\n", ret, sss_strerror(ret));
        goto done;
    }

    num_paths = talloc_array_length(paths) - 1;
    nodes = talloc_zero_array(tmp_ctx, const char *, num_paths + 1);
    if (nodes == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_zero_array() failed\n");
        ret = ENOMEM;
        goto done;
    }

    for (i = 0; i < num_paths; i++) {
        node = sbus_opath_strip_prefix(paths[i], prefix);
        nodes[i] = talloc_strdup(nodes, node);
        if (nodes[i] == NULL) {
            DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strdup() failed\n");
            ret = ENOMEM;
            goto done;
        }
    }

    *_nodes = talloc_steal(mem_ctx, nodes);

    ret = EOK;

done:
    talloc_free(tmp_ctx);
    return ret;
}
Exemplo n.º 29
0
void
sdap_sudo_set_usn(struct sdap_server_opts *srv_opts,
                  const char *usn)
{
    unsigned long usn_number;
    char *newusn;
    char *endptr = NULL;
    errno_t ret;

    if (srv_opts == NULL) {
        DEBUG(SSSDBG_TRACE_FUNC, "Bug: srv_opts is NULL\n");
        return;
    }

    if (usn == NULL) {
        DEBUG(SSSDBG_TRACE_FUNC, "Bug: usn is NULL\n");
        return;
    }

    errno = 0;
    usn_number = strtoul(usn, &endptr, 10);
    if (errno != 0) {
        ret = errno;
        DEBUG(SSSDBG_MINOR_FAILURE, "Unable to convert USN %s [%d]: %s\n",
              usn, ret, sss_strerror(ret));
        return;
    }

    if (usn_number == 0) {
        /* Zero means that there were no rules on the server, so we have
         * nothing to store. */
        DEBUG(SSSDBG_TRACE_FUNC, "SUDO USN value is empty.\n");
        return;
    }

    newusn = sdap_sudo_new_usn(srv_opts, usn_number, endptr);
    if (newusn == NULL) {
        return;
    }

    if (sysdb_compare_usn(newusn, srv_opts->max_sudo_value) > 0) {
        talloc_zfree(srv_opts->max_sudo_value);
        srv_opts->max_sudo_value = newusn;
    } else {
        talloc_zfree(newusn);
    }

    if (usn_number > srv_opts->last_usn) {
        srv_opts->last_usn = usn_number;
    }

    DEBUG(SSSDBG_FUNC_DATA, "SUDO higher USN value: [%s]\n",
                             srv_opts->max_sudo_value);
}
Exemplo n.º 30
0
static errno_t sudosrv_fetch_rules(TALLOC_CTX *mem_ctx,
                                   enum sss_sudo_type type,
                                   struct sss_domain_info *domain,
                                   uid_t cli_uid,
                                   uid_t orig_uid,
                                   const char *username,
                                   char **groups,
                                   bool inverse_order,
                                   struct sysdb_attrs ***_rules,
                                   uint32_t *_num_rules)
{
    struct sysdb_attrs **rules;
    const char *debug_name = "unknown";
    uint32_t num_rules;
    errno_t ret;

    switch (type) {
    case SSS_SUDO_USER:
        DEBUG(SSSDBG_TRACE_FUNC, "Retrieving rules for [%s@%s]\n",
              username, domain->name);
        debug_name = "rules";

        ret = sudosrv_cached_rules(mem_ctx, domain,
                                   cli_uid, orig_uid, username, groups,
                                   inverse_order, &rules, &num_rules);

        break;
    case SSS_SUDO_DEFAULTS:
        debug_name = "default options";
        DEBUG(SSSDBG_TRACE_FUNC, "Retrieving default options for [%s@%s]\n",
              username, domain->name);

        ret = sudosrv_cached_defaults(mem_ctx, domain, &rules, &num_rules);

        break;
    default:
        ret = EINVAL;
    }

    if (ret != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve %s [%d]: %s\n",
              debug_name, ret, sss_strerror(ret));
        return ret;
    }

    DEBUG(SSSDBG_TRACE_FUNC, "Returning %u %s for [%s@%s]\n",
          num_rules, debug_name, username, domain->name);

    *_rules = rules;
    *_num_rules = num_rules;

    return EOK;
}