errno_t monitor_common_rotate_logs(struct confdb_ctx *confdb,
const char *conf_path)
{
errno_t ret;
int old_debug_level = debug_level;
ret = rotate_debug_files();
if (ret) {
sss_log(SSS_LOG_ALERT, "Could not rotate debug files! [%d][%s]\n",
ret, strerror(ret));
return ret;
}
/* Get new debug level from the confdb */
ret = confdb_get_int(confdb, conf_path,
CONFDB_SERVICE_DEBUG_LEVEL,
old_debug_level,
&debug_level);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
/* Try to proceed with the old value */
debug_level = old_debug_level;
}
if (debug_level != old_debug_level) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Debug level changed to %#.4x\n", debug_level);
debug_level = debug_convert_old_level(debug_level);
}
return EOK;
}
static errno_t
autofs_get_config(struct autofs_ctx *actx,
struct confdb_ctx *cdb)
{
errno_t ret;
ret = confdb_get_int(cdb, CONFDB_AUTOFS_CONF_ENTRY,
CONFDB_AUTOFS_MAP_NEG_TIMEOUT, 15,
&actx->neg_timeout);
return ret;
}
static errno_t
autofs_get_config(struct autofs_ctx *actx,
struct confdb_ctx *cdb)
{
errno_t ret;
ret = confdb_get_int(cdb, CONFDB_AUTOFS_CONF_ENTRY,
CONFDB_AUTOFS_MAP_NEG_TIMEOUT, 15,
&actx->neg_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, "Cannot read %s from configuration [%d]: %s\n",
CONFDB_AUTOFS_MAP_NEG_TIMEOUT, ret, strerror(ret));
return ret;
}
return EOK;
}
int pac_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *pac_cmds;
struct be_conn *iter;
struct pac_ctx *pac_ctx;
int ret, max_retries;
enum idmap_error_code err;
int fd_limit;
char *uid_str;
pac_cmds = get_pac_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
pac_cmds,
SSS_PAC_SOCKET_NAME, -1, NULL, -1,
CONFDB_PAC_CONF_ENTRY,
PAC_SBUS_SERVICE_NAME,
PAC_SBUS_SERVICE_VERSION,
&monitor_pac_methods,
"PAC", &pac_dp_methods.vtable,
sss_connection_setup,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
pac_ctx = talloc_zero(rctx, struct pac_ctx);
if (!pac_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing pac_ctx\n");
ret = ENOMEM;
goto fail;
}
pac_ctx->rctx = rctx;
pac_ctx->rctx->pvt_ctx = pac_ctx;
ret = confdb_get_string(pac_ctx->rctx->cdb, pac_ctx->rctx,
CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS,
DEFAULT_ALLOWED_UIDS, &uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get allowed UIDs.\n");
goto fail;
}
ret = csv_string_to_uid_array(pac_ctx->rctx, uid_str, true,
&pac_ctx->rctx->allowed_uids_count,
&pac_ctx->rctx->allowed_uids);
talloc_free(uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(pac_ctx->rctx->cdb,
CONFDB_PAC_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n");
goto fail;
}
for (iter = pac_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
pac_dp_reconnect_init, iter);
}
err = sss_idmap_init(sss_idmap_talloc, pac_ctx, sss_idmap_talloc_free,
&pac_ctx->idmap_ctx);
if (err != IDMAP_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_idmap_init failed.\n");
ret = EFAULT;
goto fail;
}
/* Set up file descriptor limits */
ret = confdb_get_int(pac_ctx->rctx->cdb,
CONFDB_PAC_CONF_ENTRY,
CONFDB_SERVICE_FD_LIMIT,
DEFAULT_PAC_FD_LIMIT,
&fd_limit);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up file descriptor limit\n");
goto fail;
}
responder_set_fd_limit(fd_limit);
ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY,
CONFDB_PAC_LIFETIME, 300,
&pac_ctx->pac_lifetime);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to setup negative cache timeout.\n");
goto fail;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "PAC Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
static errno_t filter_responses(struct confdb_ctx *cdb,
struct response_data *resp_list)
{
int ret;
struct response_data *resp;
uint32_t user_info_type;
int64_t expire_date;
int pam_verbosity;
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY,
&pam_verbosity);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to read PAM verbosity, not fatal.\n");
pam_verbosity = DEFAULT_PAM_VERBOSITY;
}
resp = resp_list;
while(resp != NULL) {
if (resp->type == SSS_PAM_USER_INFO) {
if (resp->len < sizeof(uint32_t)) {
DEBUG(SSSDBG_CRIT_FAILURE, "User info entry is too short.\n");
return EINVAL;
}
if (pam_verbosity == PAM_VERBOSITY_NO_MESSAGES) {
resp->do_not_send_to_client = true;
resp = resp->next;
continue;
}
memcpy(&user_info_type, resp->data, sizeof(uint32_t));
resp->do_not_send_to_client = false;
switch (user_info_type) {
case SSS_PAM_USER_INFO_OFFLINE_AUTH:
if (resp->len != sizeof(uint32_t) + sizeof(int64_t)) {
DEBUG(SSSDBG_CRIT_FAILURE,
"User info offline auth entry is "
"too short.\n");
return EINVAL;
}
memcpy(&expire_date, resp->data + sizeof(uint32_t),
sizeof(int64_t));
if ((expire_date == 0 &&
pam_verbosity < PAM_VERBOSITY_INFO) ||
(expire_date > 0 &&
pam_verbosity < PAM_VERBOSITY_IMPORTANT)) {
resp->do_not_send_to_client = true;
}
break;
default:
DEBUG(SSSDBG_TRACE_LIBS,
"User info type [%d] not filtered.\n",
user_info_type);
}
} else if (resp->type & SSS_SERVER_INFO) {
resp->do_not_send_to_client = true;
}
resp = resp->next;
}
return EOK;
}
/*
* Default values for add operations
*/
int useradd_defaults(TALLOC_CTX *mem_ctx,
struct confdb_ctx *confdb,
struct ops_ctx *data,
const char *gecos,
const char *homedir,
const char *shell,
int create_home,
const char *skeldir)
{
int ret;
char *basedir = NULL;
char *conf_path = NULL;
conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name);
if (!conf_path) {
return ENOMEM;
}
/* gecos */
data->gecos = talloc_strdup(mem_ctx, gecos ? gecos : data->name);
if (!data->gecos) {
ret = ENOMEM;
goto done;
}
DEBUG(7, ("Gecos: %s\n", data->gecos));
/* homedir */
if (homedir) {
data->home = talloc_strdup(data, homedir);
} else {
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_DEFAULT_BASEDIR,
DFL_BASEDIR_VAL, &basedir);
if (ret != EOK) {
goto done;
}
data->home = talloc_asprintf(mem_ctx, "%s/%s", basedir, data->name);
}
if (!data->home) {
ret = ENOMEM;
goto done;
}
DEBUG(7, ("Homedir: %s\n", data->home));
/* default shell */
if (!shell) {
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_DEFAULT_SHELL,
DFL_SHELL_VAL, &data->shell);
if (ret != EOK) {
goto done;
}
} else {
data->shell = talloc_strdup(mem_ctx, shell);
if (!data->shell) {
ret = ENOMEM;
goto done;
}
}
DEBUG(7, ("Shell: %s\n", data->shell));
/* create homedir on user creation? */
if (!create_home) {
ret = confdb_get_bool(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_CREATE_HOMEDIR,
DFL_CREATE_HOMEDIR, &data->create_homedir);
if (ret != EOK) {
goto done;
}
} else {
data->create_homedir = (create_home == DO_CREATE_HOME);
}
DEBUG(7, ("Auto create homedir: %s\n", data->create_homedir?"True":"False"));
/* umask to create homedirs */
ret = confdb_get_int(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_UMASK,
DFL_UMASK, (int *) &data->umask);
if (ret != EOK) {
goto done;
}
DEBUG(7, ("Umask: %o\n", data->umask));
/* a directory to create mail spools in */
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_MAIL_DIR,
DFL_MAIL_DIR, &data->maildir);
if (ret != EOK) {
goto done;
}
DEBUG(7, ("Mail dir: %s\n", data->maildir));
/* skeleton dir */
if (!skeldir) {
ret = confdb_get_string(confdb, mem_ctx,
conf_path, CONFDB_LOCAL_SKEL_DIR,
DFL_SKEL_DIR, &data->skeldir);
if (ret != EOK) {
goto done;
}
} else {
data->skeldir = talloc_strdup(mem_ctx, skeldir);
if (!data->skeldir) {
ret = ENOMEM;
goto done;
}
}
DEBUG(7, ("Skeleton dir: %s\n", data->skeldir));
ret = EOK;
done:
talloc_free(basedir);
talloc_free(conf_path);
return ret;
}
int ldap_get_options(TALLOC_CTX *memctx,
struct sss_domain_info *dom,
struct confdb_ctx *cdb,
const char *conf_path,
struct data_provider *dp,
struct sdap_options **_opts)
{
struct sdap_attr_map *default_attr_map;
struct sdap_attr_map *default_user_map;
struct sdap_attr_map *default_group_map;
struct sdap_attr_map *default_netgroup_map;
struct sdap_attr_map *default_host_map;
struct sdap_attr_map *default_service_map;
struct sdap_options *opts;
char *schema;
char *pwmodify;
const char *search_base;
const char *pwd_policy;
int ret;
int account_cache_expiration;
int offline_credentials_expiration;
const char *ldap_deref;
int ldap_deref_val;
int o;
const char *authtok_type;
struct dp_opt_blob authtok_blob;
char *cleartext;
const int search_base_options[] = { SDAP_USER_SEARCH_BASE,
SDAP_GROUP_SEARCH_BASE,
SDAP_NETGROUP_SEARCH_BASE,
SDAP_HOST_SEARCH_BASE,
SDAP_SERVICE_SEARCH_BASE,
-1 };
opts = talloc_zero(memctx, struct sdap_options);
if (!opts) return ENOMEM;
opts->dp = dp;
ret = sdap_domain_add(opts, dom, NULL);
if (ret != EOK) {
goto done;
}
ret = dp_get_options(opts, cdb, conf_path,
default_basic_opts,
SDAP_OPTS_BASIC,
&opts->basic);
if (ret != EOK) {
goto done;
}
/* Handle search bases */
search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE);
if (search_base != NULL) {
/* set user/group/netgroup search bases if they are not */
for (o = 0; search_base_options[o] != -1; o++) {
if (NULL == dp_opt_get_string(opts->basic, search_base_options[o])) {
ret = dp_opt_set_string(opts->basic, search_base_options[o],
search_base);
if (ret != EOK) {
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
opts->basic[search_base_options[o]].opt_name,
dp_opt_get_string(opts->basic,
search_base_options[o]));
}
}
} else {
DEBUG(SSSDBG_FUNC_DATA,
"Search base not set, trying to discover it later when "
"connecting to the LDAP server.\n");
}
/* Default search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_SEARCH_BASE,
&opts->sdom->search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* User search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_USER_SEARCH_BASE,
&opts->sdom->user_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Group search base */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_GROUP_SEARCH_BASE,
&opts->sdom->group_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Netgroup search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_NETGROUP_SEARCH_BASE,
&opts->sdom->netgroup_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Netgroup search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_HOST_SEARCH_BASE,
&opts->sdom->host_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
/* Service search */
ret = sdap_parse_search_base(opts, opts->basic,
SDAP_SERVICE_SEARCH_BASE,
&opts->sdom->service_search_bases);
if (ret != EOK && ret != ENOENT) goto done;
pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY);
if (pwd_policy == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Missing password policy, this may not happen.\n");
ret = EINVAL;
goto done;
}
if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 &&
strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 &&
strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Unsupported password policy [%s].\n", pwd_policy);
ret = EINVAL;
goto done;
}
/* account_cache_expiration must be >= than offline_credentials_expiration */
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_CRED_TIMEOUT, 0,
&offline_credentials_expiration);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n",
CONFDB_PAM_CRED_TIMEOUT);
goto done;
}
account_cache_expiration = dp_opt_get_int(opts->basic,
SDAP_ACCOUNT_CACHE_EXPIRATION);
/* account cache_expiration must not be smaller than
* offline_credentials_expiration to prevent deleting entries that
* still contain credentials valid for offline login.
*
* offline_credentials_expiration == 0 is a special case that says
* that the cached credentials are valid forever. Therefore, the cached
* entries must not be purged from cache.
*/
if (!offline_credentials_expiration && account_cache_expiration) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Conflicting values for options %s (unlimited) "
"and %s (%d)\n",
opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
CONFDB_PAM_CRED_TIMEOUT,
offline_credentials_expiration);
ret = EINVAL;
goto done;
}
if (offline_credentials_expiration && account_cache_expiration &&
offline_credentials_expiration > account_cache_expiration) {
DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger "
"than value of %s (now %d)\n",
opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name,
account_cache_expiration,
CONFDB_PAM_CRED_TIMEOUT,
offline_credentials_expiration);
ret = EINVAL;
goto done;
}
ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF);
if (ldap_deref != NULL) {
ret = deref_string_to_val(ldap_deref, &ldap_deref_val);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n");
goto done;
}
}
#ifndef HAVE_LDAP_CONNCB
bool ldap_referrals;
ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS);
if (ldap_referrals) {
DEBUG(SSSDBG_CRIT_FAILURE,
"LDAP referrals are not supported, because the LDAP library "
"is too old, see sssd-ldap(5) for details.\n");
ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
goto done;
}
}
#endif
/* schema type */
schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA);
if (strcasecmp(schema, "rfc2307") == 0) {
opts->schema_type = SDAP_SCHEMA_RFC2307;
default_attr_map = generic_attr_map;
default_user_map = rfc2307_user_map;
default_group_map = rfc2307_group_map;
default_netgroup_map = netgroup_map;
default_host_map = host_map;
default_service_map = service_map;
} else
if (strcasecmp(schema, "rfc2307bis") == 0) {
opts->schema_type = SDAP_SCHEMA_RFC2307BIS;
default_attr_map = generic_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
default_netgroup_map = netgroup_map;
default_host_map = host_map;
default_service_map = service_map;
} else
if (strcasecmp(schema, "IPA") == 0) {
opts->schema_type = SDAP_SCHEMA_IPA_V1;
default_attr_map = gen_ipa_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
default_netgroup_map = netgroup_map;
default_host_map = host_map;
default_service_map = service_map;
} else
if (strcasecmp(schema, "AD") == 0) {
opts->schema_type = SDAP_SCHEMA_AD;
default_attr_map = gen_ad_attr_map;
default_user_map = gen_ad2008r2_user_map;
default_group_map = gen_ad2008r2_group_map;
default_netgroup_map = netgroup_map;
default_host_map = host_map;
default_service_map = service_map;
} else {
DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema);
ret = EINVAL;
goto done;
}
/* pwmodify mode */
pwmodify = dp_opt_get_string(opts->basic, SDAP_PWMODIFY_MODE);
if (strcasecmp(pwmodify, "exop") == 0) {
opts->pwmodify_mode = SDAP_PWMODIFY_EXOP;
} else if (strcasecmp(pwmodify, "ldap_modify") == 0) {
opts->pwmodify_mode = SDAP_PWMODIFY_LDAP;
} else {
DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized pwmodify mode: %s\n", pwmodify);
ret = EINVAL;
goto done;
}
ret = sdap_get_map(opts, cdb, conf_path,
default_attr_map,
SDAP_AT_GENERAL,
&opts->gen_map);
if (ret != EOK) {
goto done;
}
ret = sdap_get_map(opts, cdb, conf_path,
default_user_map,
SDAP_OPTS_USER,
&opts->user_map);
if (ret != EOK) {
goto done;
}
ret = sdap_extend_map_with_list(opts, opts, SDAP_USER_EXTRA_ATTRS,
opts->user_map, SDAP_OPTS_USER,
&opts->user_map, &opts->user_map_cnt);
if (ret != EOK) {
goto done;
}
ret = sdap_get_map(opts, cdb, conf_path,
default_group_map,
SDAP_OPTS_GROUP,
&opts->group_map);
if (ret != EOK) {
goto done;
}
ret = sdap_get_map(opts, cdb, conf_path,
default_netgroup_map,
SDAP_OPTS_NETGROUP,
&opts->netgroup_map);
if (ret != EOK) {
goto done;
}
ret = sdap_get_map(opts, cdb, conf_path,
default_host_map,
SDAP_OPTS_HOST,
&opts->host_map);
if (ret != EOK) {
goto done;
}
ret = sdap_get_map(opts, cdb, conf_path,
default_service_map,
SDAP_OPTS_SERVICES,
&opts->service_map);
if (ret != EOK) {
goto done;
}
/* If there is no KDC, try the deprecated krb5_kdcip option, too */
/* FIXME - this can be removed in a future version */
ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n");
goto done;
}
authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE);
if (authtok_type != NULL &&
strcasecmp(authtok_type,"obfuscated_password") == 0) {
DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, "
"trying to convert to cleartext.\n");
authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK);
if (authtok_blob.data == NULL || authtok_blob.length == 0) {
DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n");
ret = EINVAL;
goto done;
}
ret = sss_password_decrypt(memctx, (char *) authtok_blob.data,
&cleartext);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated "
"password back to cleartext\n");
goto done;
}
authtok_blob.data = (uint8_t *) cleartext;
authtok_blob.length = strlen(cleartext);
ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob);
talloc_free(cleartext);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
goto done;
}
ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE,
"password");
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n");
goto done;
}
}
ret = EOK;
*_opts = opts;
done:
if (ret != EOK) {
talloc_zfree(opts);
}
return ret;
}
static int nss_clear_memcache(struct sbus_request *dbus_req, void *data)
{
errno_t ret;
int memcache_timeout;
struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
if (ret != 0) {
ret = errno;
if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_FUNC,
"CLEAR_MC_FLAG not found. Nothing to do.\n");
goto done;
} else {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unlink file: %s.\n",
strerror(ret));
return ret;
}
}
/* CLEAR_MC_FLAG removed successfully. Clearing memory caches. */
ret = confdb_get_int(rctx->cdb,
CONFDB_NSS_CONF_ENTRY,
CONFDB_MEMCACHE_TIMEOUT,
300, &memcache_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Unable to get memory cache entry timeout.\n");
return ret;
}
/* TODO: read cache sizes from configuration */
DEBUG(SSSDBG_TRACE_FUNC, "Clearing memory caches.\n");
ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
(time_t) memcache_timeout,
&nctx->pwd_mc_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"passwd mmap cache invalidation failed\n");
return ret;
}
ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
(time_t) memcache_timeout,
&nctx->grp_mc_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"group mmap cache invalidation failed\n");
return ret;
}
ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
(time_t)memcache_timeout,
&nctx->initgr_mc_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"initgroups mmap cache invalidation failed\n");
return ret;
}
done:
return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
}
static int
autofs_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *autofs_cmds;
struct autofs_ctx *autofs_ctx;
struct be_conn *iter;
int ret;
int hret;
int max_retries;
autofs_cmds = get_autofs_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
autofs_cmds,
SSS_AUTOFS_SOCKET_NAME, -1, NULL, -1,
CONFDB_AUTOFS_CONF_ENTRY,
SSS_AUTOFS_SBUS_SERVICE_NAME,
SSS_AUTOFS_SBUS_SERVICE_VERSION,
&monitor_autofs_methods,
"autofs",
&autofs_dp_methods.vtable,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
autofs_ctx = talloc_zero(rctx, struct autofs_ctx);
if (!autofs_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing autofs_ctx\n");
ret = ENOMEM;
goto fail;
}
ret = autofs_get_config(autofs_ctx, cdb);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Cannot read autofs configuration\n");
goto fail;
}
autofs_ctx->rctx = rctx;
autofs_ctx->rctx->pvt_ctx = autofs_ctx;
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(autofs_ctx->rctx->cdb,
CONFDB_AUTOFS_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up automatic reconnection\n");
goto fail;
}
for (iter = autofs_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
autofs_dp_reconnect_init, iter);
}
/* Create the lookup table for setautomntent results */
hret = sss_hash_create_ex(autofs_ctx, 10, &autofs_ctx->maps, 0, 0, 0, 0,
autofs_map_hash_delete_cb, NULL);
if (hret != HASH_SUCCESS) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Unable to initialize automount maps hash table\n");
ret = EIO;
goto fail;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "autofs Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
int sudo_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *sudo_cmds;
struct sudo_ctx *sudo_ctx;
struct be_conn *iter;
int ret;
int max_retries;
sudo_cmds = get_sudo_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
sudo_cmds,
SSS_SUDO_SOCKET_NAME, -1, NULL, -1,
CONFDB_SUDO_CONF_ENTRY,
SSS_SUDO_SBUS_SERVICE_NAME,
SSS_SUDO_SBUS_SERVICE_VERSION,
&monitor_sudo_methods,
"SUDO",
NULL,
sss_connection_setup,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
sudo_ctx = talloc_zero(rctx, struct sudo_ctx);
if (!sudo_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing sudo_ctx\n");
ret = ENOMEM;
goto fail;
}
sudo_ctx->rctx = rctx;
sudo_ctx->rctx->pvt_ctx = sudo_ctx;
sss_ncache_prepopulate(sudo_ctx->rctx->ncache, sudo_ctx->rctx->cdb, rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"failed to set ncache for sudo's filter_users\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(sudo_ctx->rctx->cdb,
CONFDB_SUDO_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up automatic reconnection\n");
goto fail;
}
for (iter = sudo_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
sudo_dp_reconnect_init, iter);
}
/* Get sudo_timed option */
ret = confdb_get_bool(sudo_ctx->rctx->cdb,
CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED,
CONFDB_DEFAULT_SUDO_TIMED,
&sudo_ctx->timed);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
goto fail;
}
/* Get sudo_inverse_order option */
ret = confdb_get_bool(sudo_ctx->rctx->cdb,
CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_INVERSE_ORDER,
CONFDB_DEFAULT_SUDO_INVERSE_ORDER,
&sudo_ctx->inverse_order);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
goto fail;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "SUDO Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
int ssh_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *ssh_cmds;
struct ssh_ctx *ssh_ctx;
struct be_conn *iter;
int ret;
int max_retries;
ssh_cmds = get_ssh_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
ssh_cmds,
SSS_SSH_SOCKET_NAME, NULL,
CONFDB_SSH_CONF_ENTRY,
SSS_SSH_SBUS_SERVICE_NAME,
SSS_SSH_SBUS_SERVICE_VERSION,
&monitor_ssh_methods,
"SSH",
&ssh_dp_methods.vtable,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
ssh_ctx = talloc_zero(rctx, struct ssh_ctx);
if (!ssh_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ssh_ctx\n");
ret = ENOMEM;
goto fail;
}
ssh_ctx->rctx = rctx;
ssh_ctx->rctx->pvt_ctx = ssh_ctx;
ret = sss_names_init_from_args(ssh_ctx,
"(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
"%1$s@%2$s", &ssh_ctx->snctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing regex data\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(ssh_ctx->rctx->cdb,
CONFDB_SSH_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up automatic reconnection\n");
goto fail;
}
for (iter = ssh_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
ssh_dp_reconnect_init, iter);
}
/* Get responder options */
/* Get ssh_hash_known_hosts option */
ret = confdb_get_bool(ssh_ctx->rctx->cdb,
CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_HASH_KNOWN_HOSTS,
CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS,
&ssh_ctx->hash_known_hosts);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
goto fail;
}
/* Get ssh_known_hosts_timeout option */
ret = confdb_get_int(ssh_ctx->rctx->cdb,
CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_KNOWN_HOSTS_TIMEOUT,
CONFDB_DEFAULT_SSH_KNOWN_HOSTS_TIMEOUT,
&ssh_ctx->known_hosts_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n",
ret, strerror(ret));
goto fail;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "SSH Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx,
struct be_ctx *be_ctx,
struct proxy_auth_ctx **_auth_ctx)
{
struct proxy_auth_ctx *auth_ctx;
errno_t ret;
int hret;
int max_children;
auth_ctx = talloc_zero(mem_ctx, struct proxy_auth_ctx);
if (auth_ctx == NULL) {
return ENOMEM;
}
auth_ctx->be = be_ctx;
auth_ctx->timeout_ms = SSS_CLI_SOCKET_TIMEOUT / 4;
auth_ctx->next_id = 1;
ret = proxy_auth_conf(auth_ctx, be_ctx, &auth_ctx->pam_target);
if (ret != EOK) {
goto done;
}
ret = proxy_setup_sbus(auth_ctx, auth_ctx, be_ctx);
if (ret != EOK) {
goto done;
}
/* Set up request hash table */
ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path,
CONFDB_PROXY_MAX_CHILDREN,
OPT_MAX_CHILDREN_DEFAULT,
&max_children);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret));
goto done;
}
if (max_children < 1) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Option " CONFDB_PROXY_MAX_CHILDREN " must be higher then 0\n");
ret = EINVAL;
goto done;
}
auth_ctx->max_children = max_children;
hret = hash_create(auth_ctx->max_children * 2, &auth_ctx->request_table,
NULL, NULL);
if (hret != HASH_SUCCESS) {
DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize request table\n");
ret = EIO;
goto done;
}
*_auth_ctx = auth_ctx;
ret = EOK;
done:
if (ret != EOK) {
talloc_free(auth_ctx);
}
return ret;
}
static int pam_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *pam_cmds;
struct be_conn *iter;
struct pam_ctx *pctx;
int ret, max_retries;
int id_timeout;
int fd_limit;
pam_cmds = get_pam_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
pam_cmds,
SSS_PAM_SOCKET_NAME,
SSS_PAM_PRIV_SOCKET_NAME,
CONFDB_PAM_CONF_ENTRY,
SSS_PAM_SBUS_SERVICE_NAME,
SSS_PAM_SBUS_SERVICE_VERSION,
&monitor_pam_interface,
"PAM", &pam_dp_interface,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n"));
return ret;
}
pctx = talloc_zero(rctx, struct pam_ctx);
if (!pctx) {
ret = ENOMEM;
goto done;
}
pctx->rctx = rctx;
pctx->rctx->pvt_ctx = pctx;
/* Enable automatic reconnection to the Data Provider */
/* FIXME: "retries" is too generic, either get it from a global config
* or specify these retries are about the sbus connections to DP */
ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
if (ret != EOK) {
DEBUG(0, ("Failed to set up automatic reconnection\n"));
goto done;
}
for (iter = pctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
pam_dp_reconnect_init, iter);
}
/* Set up the negative cache */
ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
&pctx->neg_timeout);
if (ret != EOK) goto done;
/* Set up the PAM identity timeout */
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_ID_TIMEOUT, 5,
&id_timeout);
if (ret != EOK) goto done;
pctx->id_timeout = (size_t)id_timeout;
ret = sss_ncache_init(pctx, &pctx->ncache);
if (ret != EOK) {
DEBUG(0, ("fatal error initializing negative cache\n"));
goto done;
}
ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx);
if (ret != EOK) {
goto done;
}
/* Create table for initgroup lookups */
ret = sss_hash_create(pctx, 10, &pctx->id_table);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Could not create initgroups hash table: [%s]",
strerror(ret)));
goto done;
}
/* Set up file descriptor limits */
ret = confdb_get_int(pctx->rctx->cdb,
CONFDB_PAM_CONF_ENTRY,
CONFDB_SERVICE_FD_LIMIT,
DEFAULT_PAM_FD_LIMIT,
&fd_limit);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Failed to set up file descriptor limit\n"));
goto done;
}
responder_set_fd_limit(fd_limit);
ret = EOK;
done:
if (ret != EOK) {
talloc_free(rctx);
}
return ret;
}
int ssh_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct sss_cmd_table *ssh_cmds;
struct ssh_ctx *ssh_ctx;
struct be_conn *iter;
int ret;
int max_retries;
ssh_ctx = talloc_zero(mem_ctx, struct ssh_ctx);
if (!ssh_ctx) {
DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing ssh_ctx\n"));
return ENOMEM;
}
ssh_cmds = get_ssh_cmds();
ret = sss_process_init(ssh_ctx, ev, cdb,
ssh_cmds,
SSS_SSH_SOCKET_NAME, NULL,
CONFDB_SSH_CONF_ENTRY,
SSS_SSH_SBUS_SERVICE_NAME,
SSS_SSH_SBUS_SERVICE_VERSION,
&monitor_ssh_interface,
"SSH",
&ssh_dp_interface,
&ssh_ctx->rctx);
if (ret != EOK) {
return ret;
}
ssh_ctx->rctx->pvt_ctx = ssh_ctx;
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(ssh_ctx->rctx->cdb,
CONFDB_SSH_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Failed to set up automatic reconnection\n"));
return ret;
}
for (iter = ssh_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
ssh_dp_reconnect_init, iter);
}
/* Get responder options */
/* Get ssh_hash_known_hosts option */
ret = confdb_get_bool(ssh_ctx->rctx->cdb,
CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_HASH_KNOWN_HOSTS,
CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS,
&ssh_ctx->hash_known_hosts);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n",
ret, strerror(ret)));
return ret;
}
DEBUG(SSSDBG_TRACE_FUNC, ("SSH Initialization complete\n"));
return EOK;
}
int ifp_process_init(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct confdb_ctx *cdb)
{
struct resp_ctx *rctx;
struct sss_cmd_table *ifp_cmds;
struct ifp_ctx *ifp_ctx;
struct be_conn *iter;
int ret;
int max_retries;
char *uid_str;
char *attr_list_str;
char *wildcard_limit_str;
ifp_cmds = get_ifp_cmds();
ret = sss_process_init(mem_ctx, ev, cdb,
ifp_cmds,
NULL, -1, NULL, -1,
CONFDB_IFP_CONF_ENTRY,
SSS_IFP_SBUS_SERVICE_NAME,
SSS_IFP_SBUS_SERVICE_VERSION,
&monitor_ifp_methods,
"InfoPipe",
&ifp_dp_methods.vtable,
&rctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
return ret;
}
ifp_ctx = talloc_zero(rctx, struct ifp_ctx);
if (ifp_ctx == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ifp_ctx\n");
ret = ENOMEM;
goto fail;
}
ifp_ctx->rctx = rctx;
ifp_ctx->rctx->pvt_ctx = ifp_ctx;
ret = sss_names_init_from_args(ifp_ctx,
"(?P<name>[^@]+)@?(?P<domain>[^@]*$)",
"%1$s@%2$s", &ifp_ctx->snctx);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing regex data\n");
goto fail;
}
ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx,
CONFDB_IFP_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS,
DEFAULT_ALLOWED_UIDS, &uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get allowed UIDs.\n");
goto fail;
}
ret = csv_string_to_uid_array(ifp_ctx->rctx, uid_str, true,
&ifp_ctx->rctx->allowed_uids_count,
&ifp_ctx->rctx->allowed_uids);
talloc_free(uid_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n");
goto fail;
}
ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx,
CONFDB_IFP_CONF_ENTRY, CONFDB_IFP_USER_ATTR_LIST,
NULL, &attr_list_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get user attribute list.\n");
goto fail;
}
ifp_ctx->user_whitelist = ifp_parse_user_attr_list(ifp_ctx, attr_list_str);
talloc_free(attr_list_str);
if (ifp_ctx->user_whitelist == NULL) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to parse the allowed attribute list\n");
goto fail;
}
/* Enable automatic reconnection to the Data Provider */
ret = confdb_get_int(ifp_ctx->rctx->cdb,
CONFDB_IFP_CONF_ENTRY,
CONFDB_SERVICE_RECON_RETRIES,
3, &max_retries);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to set up automatic reconnection\n");
goto fail;
}
/* A bit convoluted way until we have a confdb_get_uint32 */
ret = confdb_get_string(ifp_ctx->rctx->cdb,
ifp_ctx->rctx,
CONFDB_IFP_CONF_ENTRY,
CONFDB_IFP_WILDCARD_LIMIT,
NULL, /* no limit by default */
&wildcard_limit_str);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"Failed to retrieve limit for a wildcard search\n");
goto fail;
}
if (wildcard_limit_str) {
ifp_ctx->wildcard_limit = strtouint32(wildcard_limit_str, NULL, 10);
ret = errno;
if (ret != EOK) {
goto fail;
}
}
for (iter = ifp_ctx->rctx->be_conns; iter; iter = iter->next) {
sbus_reconnect_init(iter->conn, max_retries,
ifp_dp_reconnect_init, iter);
}
/* Connect to the D-BUS system bus and set up methods */
ret = sysbus_init(ifp_ctx, ifp_ctx->rctx->ev,
IFACE_IFP,
ifp_ctx, &ifp_ctx->sysbus);
if (ret == ERR_NO_SYSBUS) {
DEBUG(SSSDBG_MINOR_FAILURE,
"The system bus is not available..\n");
/* Explicitly ignore, the D-Bus daemon will start us */
} else if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Failed to connect to the system message bus\n");
talloc_free(ifp_ctx);
return EIO;
}
ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
"schedule_get_domains_tasks failed.\n");
goto fail;
}
DEBUG(SSSDBG_TRACE_FUNC, "InfoPipe Initialization complete\n");
return EOK;
fail:
talloc_free(rctx);
return ret;
}
