DWORD CTCopyFileWithOriginalPerms( PCSTR pszSrcPath, PCSTR pszDstPath ) { DWORD ceError = ERROR_SUCCESS; uid_t uid; gid_t gid; mode_t mode; ceError = CTGetOwnerAndPermissions(pszSrcPath, &uid, &gid, &mode); BAIL_ON_CENTERIS_ERROR(ceError); ceError = CTCopyFileWithPerms(pszSrcPath, pszDstPath, mode); BAIL_ON_CENTERIS_ERROR(ceError); ceError = CTChangeOwnerAndPermissions(pszDstPath, uid, gid, mode); BAIL_ON_CENTERIS_ERROR(ceError); error: return ceError; }
static PSTR GetNsswitchDescription(const JoinProcessOptions *options, LWException **exc) { PSTR ret = NULL; PCSTR configureSteps; BOOLEAN hasBadSeLinux; QueryResult compatResult = FullyConfigured; PSTR compatDescription = NULL; NsswitchConf conf; DWORD ceError = ERROR_SUCCESS; memset(&conf, 0, sizeof(conf)); LW_CLEANUP_CTERR(exc, UnsupportedSeLinuxEnabled(&hasBadSeLinux)); if(hasBadSeLinux) { LW_CLEANUP_CTERR(exc, CTAllocateStringPrintf(&ret, "Your machine is using an unsupported SeLinux policy. This must be disabled before nsswitch can be modified to allow active directory users. Please run '/usr/sbin/setenforce Permissive' and then re-run this program.")); goto cleanup; } ceError = ReadNsswitchConf(&conf, "", TRUE); if(ceError == ERROR_FILE_NOT_FOUND) { ceError = ERROR_SUCCESS; if (options->warningCallback != NULL) { options->warningCallback(options, "Could not find file", "Could not find nsswitch file"); } goto cleanup; } LW_CLEANUP_CTERR(exc, ceError); if(options->joiningDomain) { LW_TRY(exc, compatResult = RemoveCompat(&conf, &compatDescription, &LW_EXC)); } if(compatResult == FullyConfigured) { CT_SAFE_FREE_STRING(compatDescription); LW_CLEANUP_CTERR(exc, CTStrdup("", &compatDescription)); } if (options->joiningDomain) { uid_t uid = 0; gid_t gid = 0; mode_t mode = 0; LW_CLEANUP_CTERR(exc, CTGetOwnerAndPermissions( conf.filename, &uid, &gid, &mode)); if ((mode & 0444) != 0444) { LW_CLEANUP_CTERR(exc, CTAllocateStringPrintf(&ret, "The permissions of 0%03o on %s are invalid. All users must have at least read permission for the file. You can fix this by running 'chmod a+r %s'.", (int)(mode&0777), conf.filename, conf.filename)); goto cleanup; } } conf.modified = FALSE; LW_CLEANUP_CTERR(exc, UpdateNsswitchConf(&conf, options->joiningDomain)); if(options->joiningDomain && conf.modified) configureSteps = "The following steps are required and can be performed automatically:\n" "\t* Edit nsswitch apparmor profile to allow libraries in the " PREFIXDIR "/lib and " PREFIXDIR "/lib64 directories\n" "\t* List lwidentity module in /usr/lib/security/methods.cfg (AIX only)\n" "\t* Add lwidentity to passwd and group/groups line /etc/nsswitch.conf or /etc/netsvc.conf\n"; else if(conf.modified) configureSteps = "The following steps are required and can be performed automatically:\n" "\t* Remove lwidentity module from /usr/lib/security/methods.cfg (AIX only)\n" "\t* Remove lwidentity from passwd and group/groups line /etc/nsswitch.conf or /etc/netsvc.conf\n" "The following step is optional:\n" "\t* Remove apparmor exception for likewise nsswitch libraries\n"; else configureSteps = ""; if(strlen(compatDescription) || strlen(configureSteps)) { LW_CLEANUP_CTERR(exc, CTAllocateStringPrintf(&ret, "%s%sIf any changes are performed, then the following services must be restarted:\n" "\t* GDM\n" "\t* XDM\n" "\t* Cron\n" "\t* Dbus\n" "\t* Nscd", compatDescription, configureSteps)); } else LW_CLEANUP_CTERR(exc, CTStrdup("Fully Configured", &ret)); cleanup: CT_SAFE_FREE_STRING(compatDescription); FreeNsswitchConfContents(&conf); return ret; }
static QueryResult QueryNsswitch(const JoinProcessOptions *options, LWException **exc) { QueryResult result = FullyConfigured; BOOLEAN configured; BOOLEAN exists; BOOLEAN hasBadSeLinux; NsswitchConf conf; DWORD ceError = ERROR_SUCCESS; uid_t uid = 0; gid_t gid = 0; mode_t mode = 0; memset(&conf, 0, sizeof(conf)); if (options->enableMultipleJoins) { result = NotApplicable; goto cleanup; } if (options->joiningDomain) { ceError = ReadNsswitchConf(&conf, NULL, FALSE); if(ceError == ERROR_FILE_NOT_FOUND) { ceError = ERROR_SUCCESS; DJ_LOG_WARNING("Warning: Could not find nsswitch file"); goto cleanup; } LW_CLEANUP_CTERR(exc, ceError); LW_TRY(exc, result = RemoveCompat(&conf, NULL, &LW_EXC)); if(result == CannotConfigure || result == NotConfigured) { goto cleanup; } LW_CLEANUP_CTERR(exc, CTGetOwnerAndPermissions( conf.filename, &uid, &gid, &mode)); if ((mode & 0444) != 0444) { // The user has to fix the permissions result = CannotConfigure; goto cleanup; } LW_CLEANUP_CTERR(exc, UpdateNsswitchConf(&conf, TRUE)); if(conf.modified) { LW_CLEANUP_CTERR(exc, UnsupportedSeLinuxEnabled(&hasBadSeLinux)); if(hasBadSeLinux) result = CannotConfigure; else result = NotConfigured; goto cleanup; } LW_CLEANUP_CTERR(exc, DJHasMethodsCfg(&exists)); if(exists) { LW_CLEANUP_CTERR(exc, DJIsMethodsCfgConfigured(&configured)); if(!configured) { result = NotConfigured; goto cleanup; } } LW_CLEANUP_CTERR(exc, IsApparmorConfigured(&configured)); if(!configured) { result = NotConfigured; goto cleanup; } } else { LW_CLEANUP_CTERR(exc, DJHasMethodsCfg(&exists)); if(exists) { LW_CLEANUP_CTERR(exc, DJIsMethodsCfgConfigured(&configured)); if(configured) { result = NotConfigured; goto cleanup; } } } cleanup: FreeNsswitchConfContents(&conf); return result; }