static bool srv_in_server_list(const char *servers)
{
TALLOC_CTX *tmp_ctx;
char **list = NULL;
int ret = 0;
bool has_srv = false;
if (servers == NULL) return true;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return false;
}
/* split server parm into a list */
ret = split_on_separator(tmp_ctx, servers, ',', true, true, &list, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Failed to parse server list!\n");
goto done;
}
for (int i = 0; list[i]; i++) {
has_srv = be_fo_is_srv_identifier(list[i]);
if (has_srv == true) {
break;
}
}
done:
talloc_free(tmp_ctx);
return has_srv;
}
static int attr_name_val_split(TALLOC_CTX *mem_ctx, const char *nameval,
char **_name, char ***_values, int *_nvals)
{
char *name;
char **values;
const char *vals;
int nvals;
TALLOC_CTX *tmp_ctx;
errno_t ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) return ENOMEM;
vals = strchr(nameval, ATTR_NAME_SEP);
if (vals == NULL) {
ret = EINVAL;
goto done;
}
name = talloc_strndup(tmp_ctx, nameval, vals-nameval);
if (name == NULL) {
ret = ENOMEM;
goto done;
}
vals++;
ret = split_on_separator(tmp_ctx, vals, ATTR_VAL_SEP, true, true,
&values, &nvals);
if (ret != EOK) {
goto done;
}
*_name = talloc_steal(mem_ctx, name);
*_values = talloc_steal(mem_ctx, values);
*_nvals = nvals;
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t krb5_servers_init(struct be_ctx *ctx,
struct krb5_service *service,
const char *service_name,
const char *servers,
bool primary)
{
TALLOC_CTX *tmp_ctx;
char **list = NULL;
errno_t ret;
int i;
char *port_str;
long port;
char *server_spec;
char *endptr;
struct servent *servent;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
ret = split_on_separator(tmp_ctx, servers, ',', true, &list, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to parse server list!\n"));
goto done;
}
for (i = 0; list[i]; i++) {
talloc_steal(service, list[i]);
server_spec = talloc_strdup(service, list[i]);
if (!server_spec) {
ret = ENOMEM;
goto done;
}
if (be_fo_is_srv_identifier(server_spec)) {
ret = be_fo_add_srv_server(ctx, service_name, service_name, NULL,
BE_FO_PROTO_UDP, true, NULL);
if (ret) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Added service lookup\n"));
continue;
}
port_str = strrchr(server_spec, ':');
if (port_str == NULL) {
port = 0;
} else {
*port_str = '\0';
++port_str;
if (isdigit(*port_str)) {
errno = 0;
port = strtol(port_str, &endptr, 10);
if (errno != 0) {
ret = errno;
DEBUG(SSSDBG_CRIT_FAILURE, ("strtol failed on [%s]: [%d][%s].\n", port_str,
ret, strerror(ret)));
goto done;
}
if (*endptr != '\0') {
DEBUG(SSSDBG_CRIT_FAILURE, ("Found additional characters [%s] in port number "
"[%s].\n", endptr, port_str));
ret = EINVAL;
goto done;
}
if (port < 1 || port > 65535) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Illegal port number [%d].\n", port));
ret = EINVAL;
goto done;
}
} else if (isalpha(*port_str)) {
servent = getservbyname(port_str, NULL);
if (servent == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("getservbyname cannot find service [%s].\n",
port_str));
ret = EINVAL;
goto done;
}
port = servent->s_port;
} else {
DEBUG(SSSDBG_CRIT_FAILURE, ("Unsupported port specifier in [%s].\n", list[i]));
ret = EINVAL;
goto done;
}
}
ret = be_fo_add_server(ctx, service_name, server_spec, (int) port,
list[i], primary);
if (ret && ret != EEXIST) {
DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to add server\n"));
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Added Server %s\n", list[i]));
}
done:
talloc_free(tmp_ctx);
return ret;
}
static errno_t
ad_parse_access_filter(TALLOC_CTX *mem_ctx,
struct sss_domain_info *dom,
const char *filter_list,
char **_filter)
{
char **filters;
int nfilters;
errno_t ret;
char *best_match;
int best_flags;
char *filter;
char *spec;
int flags;
TALLOC_CTX *tmp_ctx;
int i = 0;
if (_filter == NULL) return EINVAL;
tmp_ctx = talloc_new(mem_ctx);
if (tmp_ctx == NULL) {
ret = ENOMEM;
goto done;
}
if (filter_list == NULL) {
*_filter = NULL;
ret = EOK;
goto done;
}
ret = split_on_separator(tmp_ctx, filter_list, '?', true, true,
&filters, &nfilters);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Cannot parse the list of ad_access_filters\n");
goto done;
}
best_match = NULL;
best_flags = 0;
for (i=0; i < nfilters; i++) {
ret = parse_filter(tmp_ctx, filters[i], &filter, &spec, &flags);
if (ret != EOK) {
/* Skip the faulty filter. At worst, the user won't be
* allowed access */
DEBUG(SSSDBG_MINOR_FAILURE, "Access filter [%s] could not be "
"parsed, skipping\n", filters[i]);
continue;
}
if (flags & AD_FILTER_DOMAIN && strcasecmp(spec, dom->name) != 0) {
/* If the filter specifies a domain, it must match the
* domain the user comes from
*/
continue;
}
if (flags & AD_FILTER_FOREST && strcasecmp(spec, dom->forest) != 0) {
/* If the filter specifies a forest, it must match the
* forest the user comes from
*/
continue;
}
if (flags > best_flags) {
best_flags = flags;
best_match = filter;
}
}
ret = EOK;
/* Make sure the result is enclosed in brackets */
*_filter = sdap_get_access_filter(mem_ctx, best_match);
done:
talloc_free(tmp_ctx);
return ret;
}
