errno_t monitor_common_rotate_logs(struct confdb_ctx *confdb, const char *conf_path) { errno_t ret; int old_debug_level = debug_level; ret = rotate_debug_files(); if (ret) { sss_log(SSS_LOG_ALERT, "Could not rotate debug files! [%d][%s]\n", ret, strerror(ret)); return ret; } /* Get new debug level from the confdb */ ret = confdb_get_int(confdb, conf_path, CONFDB_SERVICE_DEBUG_LEVEL, old_debug_level, &debug_level); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); /* Try to proceed with the old value */ debug_level = old_debug_level; } if (debug_level != old_debug_level) { DEBUG(SSSDBG_FATAL_FAILURE, "Debug level changed to %#.4x\n", debug_level); debug_level = debug_convert_old_level(debug_level); } return EOK; }
static errno_t autofs_get_config(struct autofs_ctx *actx, struct confdb_ctx *cdb) { errno_t ret; ret = confdb_get_int(cdb, CONFDB_AUTOFS_CONF_ENTRY, CONFDB_AUTOFS_MAP_NEG_TIMEOUT, 15, &actx->neg_timeout); return ret; }
static errno_t autofs_get_config(struct autofs_ctx *actx, struct confdb_ctx *cdb) { errno_t ret; ret = confdb_get_int(cdb, CONFDB_AUTOFS_CONF_ENTRY, CONFDB_AUTOFS_MAP_NEG_TIMEOUT, 15, &actx->neg_timeout); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "Cannot read %s from configuration [%d]: %s\n", CONFDB_AUTOFS_MAP_NEG_TIMEOUT, ret, strerror(ret)); return ret; } return EOK; }
int pac_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *pac_cmds; struct be_conn *iter; struct pac_ctx *pac_ctx; int ret, max_retries; enum idmap_error_code err; int fd_limit; char *uid_str; pac_cmds = get_pac_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, pac_cmds, SSS_PAC_SOCKET_NAME, -1, NULL, -1, CONFDB_PAC_CONF_ENTRY, PAC_SBUS_SERVICE_NAME, PAC_SBUS_SERVICE_VERSION, &monitor_pac_methods, "PAC", &pac_dp_methods.vtable, sss_connection_setup, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n"); return ret; } pac_ctx = talloc_zero(rctx, struct pac_ctx); if (!pac_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing pac_ctx\n"); ret = ENOMEM; goto fail; } pac_ctx->rctx = rctx; pac_ctx->rctx->pvt_ctx = pac_ctx; ret = confdb_get_string(pac_ctx->rctx->cdb, pac_ctx->rctx, CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS, DEFAULT_ALLOWED_UIDS, &uid_str); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get allowed UIDs.\n"); goto fail; } ret = csv_string_to_uid_array(pac_ctx->rctx, uid_str, true, &pac_ctx->rctx->allowed_uids_count, &pac_ctx->rctx->allowed_uids); talloc_free(uid_str); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n"); goto fail; } /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n"); goto fail; } for (iter = pac_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, pac_dp_reconnect_init, iter); } err = sss_idmap_init(sss_idmap_talloc, pac_ctx, sss_idmap_talloc_free, &pac_ctx->idmap_ctx); if (err != IDMAP_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "sss_idmap_init failed.\n"); ret = EFAULT; goto fail; } /* Set up file descriptor limits */ ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY, CONFDB_SERVICE_FD_LIMIT, DEFAULT_PAC_FD_LIMIT, &fd_limit); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up file descriptor limit\n"); goto fail; } responder_set_fd_limit(fd_limit); ret = confdb_get_int(pac_ctx->rctx->cdb, CONFDB_PAC_CONF_ENTRY, CONFDB_PAC_LIFETIME, 300, &pac_ctx->pac_lifetime); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to setup negative cache timeout.\n"); goto fail; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, "PAC Initialization complete\n"); return EOK; fail: talloc_free(rctx); return ret; }
static errno_t filter_responses(struct confdb_ctx *cdb, struct response_data *resp_list) { int ret; struct response_data *resp; uint32_t user_info_type; int64_t expire_date; int pam_verbosity; ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_VERBOSITY, DEFAULT_PAM_VERBOSITY, &pam_verbosity); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to read PAM verbosity, not fatal.\n"); pam_verbosity = DEFAULT_PAM_VERBOSITY; } resp = resp_list; while(resp != NULL) { if (resp->type == SSS_PAM_USER_INFO) { if (resp->len < sizeof(uint32_t)) { DEBUG(SSSDBG_CRIT_FAILURE, "User info entry is too short.\n"); return EINVAL; } if (pam_verbosity == PAM_VERBOSITY_NO_MESSAGES) { resp->do_not_send_to_client = true; resp = resp->next; continue; } memcpy(&user_info_type, resp->data, sizeof(uint32_t)); resp->do_not_send_to_client = false; switch (user_info_type) { case SSS_PAM_USER_INFO_OFFLINE_AUTH: if (resp->len != sizeof(uint32_t) + sizeof(int64_t)) { DEBUG(SSSDBG_CRIT_FAILURE, "User info offline auth entry is " "too short.\n"); return EINVAL; } memcpy(&expire_date, resp->data + sizeof(uint32_t), sizeof(int64_t)); if ((expire_date == 0 && pam_verbosity < PAM_VERBOSITY_INFO) || (expire_date > 0 && pam_verbosity < PAM_VERBOSITY_IMPORTANT)) { resp->do_not_send_to_client = true; } break; default: DEBUG(SSSDBG_TRACE_LIBS, "User info type [%d] not filtered.\n", user_info_type); } } else if (resp->type & SSS_SERVER_INFO) { resp->do_not_send_to_client = true; } resp = resp->next; } return EOK; }
/* * Default values for add operations */ int useradd_defaults(TALLOC_CTX *mem_ctx, struct confdb_ctx *confdb, struct ops_ctx *data, const char *gecos, const char *homedir, const char *shell, int create_home, const char *skeldir) { int ret; char *basedir = NULL; char *conf_path = NULL; conf_path = talloc_asprintf(mem_ctx, CONFDB_DOMAIN_PATH_TMPL, data->domain->name); if (!conf_path) { return ENOMEM; } /* gecos */ data->gecos = talloc_strdup(mem_ctx, gecos ? gecos : data->name); if (!data->gecos) { ret = ENOMEM; goto done; } DEBUG(7, ("Gecos: %s\n", data->gecos)); /* homedir */ if (homedir) { data->home = talloc_strdup(data, homedir); } else { ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_DEFAULT_BASEDIR, DFL_BASEDIR_VAL, &basedir); if (ret != EOK) { goto done; } data->home = talloc_asprintf(mem_ctx, "%s/%s", basedir, data->name); } if (!data->home) { ret = ENOMEM; goto done; } DEBUG(7, ("Homedir: %s\n", data->home)); /* default shell */ if (!shell) { ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_DEFAULT_SHELL, DFL_SHELL_VAL, &data->shell); if (ret != EOK) { goto done; } } else { data->shell = talloc_strdup(mem_ctx, shell); if (!data->shell) { ret = ENOMEM; goto done; } } DEBUG(7, ("Shell: %s\n", data->shell)); /* create homedir on user creation? */ if (!create_home) { ret = confdb_get_bool(confdb, mem_ctx, conf_path, CONFDB_LOCAL_CREATE_HOMEDIR, DFL_CREATE_HOMEDIR, &data->create_homedir); if (ret != EOK) { goto done; } } else { data->create_homedir = (create_home == DO_CREATE_HOME); } DEBUG(7, ("Auto create homedir: %s\n", data->create_homedir?"True":"False")); /* umask to create homedirs */ ret = confdb_get_int(confdb, mem_ctx, conf_path, CONFDB_LOCAL_UMASK, DFL_UMASK, (int *) &data->umask); if (ret != EOK) { goto done; } DEBUG(7, ("Umask: %o\n", data->umask)); /* a directory to create mail spools in */ ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_MAIL_DIR, DFL_MAIL_DIR, &data->maildir); if (ret != EOK) { goto done; } DEBUG(7, ("Mail dir: %s\n", data->maildir)); /* skeleton dir */ if (!skeldir) { ret = confdb_get_string(confdb, mem_ctx, conf_path, CONFDB_LOCAL_SKEL_DIR, DFL_SKEL_DIR, &data->skeldir); if (ret != EOK) { goto done; } } else { data->skeldir = talloc_strdup(mem_ctx, skeldir); if (!data->skeldir) { ret = ENOMEM; goto done; } } DEBUG(7, ("Skeleton dir: %s\n", data->skeldir)); ret = EOK; done: talloc_free(basedir); talloc_free(conf_path); return ret; }
int ldap_get_options(TALLOC_CTX *memctx, struct sss_domain_info *dom, struct confdb_ctx *cdb, const char *conf_path, struct data_provider *dp, struct sdap_options **_opts) { struct sdap_attr_map *default_attr_map; struct sdap_attr_map *default_user_map; struct sdap_attr_map *default_group_map; struct sdap_attr_map *default_netgroup_map; struct sdap_attr_map *default_host_map; struct sdap_attr_map *default_service_map; struct sdap_options *opts; char *schema; char *pwmodify; const char *search_base; const char *pwd_policy; int ret; int account_cache_expiration; int offline_credentials_expiration; const char *ldap_deref; int ldap_deref_val; int o; const char *authtok_type; struct dp_opt_blob authtok_blob; char *cleartext; const int search_base_options[] = { SDAP_USER_SEARCH_BASE, SDAP_GROUP_SEARCH_BASE, SDAP_NETGROUP_SEARCH_BASE, SDAP_HOST_SEARCH_BASE, SDAP_SERVICE_SEARCH_BASE, -1 }; opts = talloc_zero(memctx, struct sdap_options); if (!opts) return ENOMEM; opts->dp = dp; ret = sdap_domain_add(opts, dom, NULL); if (ret != EOK) { goto done; } ret = dp_get_options(opts, cdb, conf_path, default_basic_opts, SDAP_OPTS_BASIC, &opts->basic); if (ret != EOK) { goto done; } /* Handle search bases */ search_base = dp_opt_get_string(opts->basic, SDAP_SEARCH_BASE); if (search_base != NULL) { /* set user/group/netgroup search bases if they are not */ for (o = 0; search_base_options[o] != -1; o++) { if (NULL == dp_opt_get_string(opts->basic, search_base_options[o])) { ret = dp_opt_set_string(opts->basic, search_base_options[o], search_base); if (ret != EOK) { goto done; } DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n", opts->basic[search_base_options[o]].opt_name, dp_opt_get_string(opts->basic, search_base_options[o])); } } } else { DEBUG(SSSDBG_FUNC_DATA, "Search base not set, trying to discover it later when " "connecting to the LDAP server.\n"); } /* Default search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_SEARCH_BASE, &opts->sdom->search_bases); if (ret != EOK && ret != ENOENT) goto done; /* User search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_USER_SEARCH_BASE, &opts->sdom->user_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Group search base */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_GROUP_SEARCH_BASE, &opts->sdom->group_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Netgroup search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_NETGROUP_SEARCH_BASE, &opts->sdom->netgroup_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Netgroup search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_HOST_SEARCH_BASE, &opts->sdom->host_search_bases); if (ret != EOK && ret != ENOENT) goto done; /* Service search */ ret = sdap_parse_search_base(opts, opts->basic, SDAP_SERVICE_SEARCH_BASE, &opts->sdom->service_search_bases); if (ret != EOK && ret != ENOENT) goto done; pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); if (pwd_policy == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, "Missing password policy, this may not happen.\n"); ret = EINVAL; goto done; } if (strcasecmp(pwd_policy, PWD_POL_OPT_NONE) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_SHADOW) != 0 && strcasecmp(pwd_policy, PWD_POL_OPT_MIT) != 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Unsupported password policy [%s].\n", pwd_policy); ret = EINVAL; goto done; } /* account_cache_expiration must be >= than offline_credentials_expiration */ ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_CRED_TIMEOUT, 0, &offline_credentials_expiration); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot get value of %s from confdb \n", CONFDB_PAM_CRED_TIMEOUT); goto done; } account_cache_expiration = dp_opt_get_int(opts->basic, SDAP_ACCOUNT_CACHE_EXPIRATION); /* account cache_expiration must not be smaller than * offline_credentials_expiration to prevent deleting entries that * still contain credentials valid for offline login. * * offline_credentials_expiration == 0 is a special case that says * that the cached credentials are valid forever. Therefore, the cached * entries must not be purged from cache. */ if (!offline_credentials_expiration && account_cache_expiration) { DEBUG(SSSDBG_CRIT_FAILURE, "Conflicting values for options %s (unlimited) " "and %s (%d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, CONFDB_PAM_CRED_TIMEOUT, offline_credentials_expiration); ret = EINVAL; goto done; } if (offline_credentials_expiration && account_cache_expiration && offline_credentials_expiration > account_cache_expiration) { DEBUG(SSSDBG_CRIT_FAILURE, "Value of %s (now %d) must be larger " "than value of %s (now %d)\n", opts->basic[SDAP_ACCOUNT_CACHE_EXPIRATION].opt_name, account_cache_expiration, CONFDB_PAM_CRED_TIMEOUT, offline_credentials_expiration); ret = EINVAL; goto done; } ldap_deref = dp_opt_get_string(opts->basic, SDAP_DEREF); if (ldap_deref != NULL) { ret = deref_string_to_val(ldap_deref, &ldap_deref_val); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to verify ldap_deref option.\n"); goto done; } } #ifndef HAVE_LDAP_CONNCB bool ldap_referrals; ldap_referrals = dp_opt_get_bool(opts->basic, SDAP_REFERRALS); if (ldap_referrals) { DEBUG(SSSDBG_CRIT_FAILURE, "LDAP referrals are not supported, because the LDAP library " "is too old, see sssd-ldap(5) for details.\n"); ret = dp_opt_set_bool(opts->basic, SDAP_REFERRALS, false); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } } #endif /* schema type */ schema = dp_opt_get_string(opts->basic, SDAP_SCHEMA); if (strcasecmp(schema, "rfc2307") == 0) { opts->schema_type = SDAP_SCHEMA_RFC2307; default_attr_map = generic_attr_map; default_user_map = rfc2307_user_map; default_group_map = rfc2307_group_map; default_netgroup_map = netgroup_map; default_host_map = host_map; default_service_map = service_map; } else if (strcasecmp(schema, "rfc2307bis") == 0) { opts->schema_type = SDAP_SCHEMA_RFC2307BIS; default_attr_map = generic_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; default_netgroup_map = netgroup_map; default_host_map = host_map; default_service_map = service_map; } else if (strcasecmp(schema, "IPA") == 0) { opts->schema_type = SDAP_SCHEMA_IPA_V1; default_attr_map = gen_ipa_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; default_netgroup_map = netgroup_map; default_host_map = host_map; default_service_map = service_map; } else if (strcasecmp(schema, "AD") == 0) { opts->schema_type = SDAP_SCHEMA_AD; default_attr_map = gen_ad_attr_map; default_user_map = gen_ad2008r2_user_map; default_group_map = gen_ad2008r2_group_map; default_netgroup_map = netgroup_map; default_host_map = host_map; default_service_map = service_map; } else { DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized schema type: %s\n", schema); ret = EINVAL; goto done; } /* pwmodify mode */ pwmodify = dp_opt_get_string(opts->basic, SDAP_PWMODIFY_MODE); if (strcasecmp(pwmodify, "exop") == 0) { opts->pwmodify_mode = SDAP_PWMODIFY_EXOP; } else if (strcasecmp(pwmodify, "ldap_modify") == 0) { opts->pwmodify_mode = SDAP_PWMODIFY_LDAP; } else { DEBUG(SSSDBG_FATAL_FAILURE, "Unrecognized pwmodify mode: %s\n", pwmodify); ret = EINVAL; goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_attr_map, SDAP_AT_GENERAL, &opts->gen_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_user_map, SDAP_OPTS_USER, &opts->user_map); if (ret != EOK) { goto done; } ret = sdap_extend_map_with_list(opts, opts, SDAP_USER_EXTRA_ATTRS, opts->user_map, SDAP_OPTS_USER, &opts->user_map, &opts->user_map_cnt); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_group_map, SDAP_OPTS_GROUP, &opts->group_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_netgroup_map, SDAP_OPTS_NETGROUP, &opts->netgroup_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_host_map, SDAP_OPTS_HOST, &opts->host_map); if (ret != EOK) { goto done; } ret = sdap_get_map(opts, cdb, conf_path, default_service_map, SDAP_OPTS_SERVICES, &opts->service_map); if (ret != EOK) { goto done; } /* If there is no KDC, try the deprecated krb5_kdcip option, too */ /* FIXME - this can be removed in a future version */ ret = krb5_try_kdcip(cdb, conf_path, opts->basic, SDAP_KRB5_KDC); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "sss_krb5_try_kdcip failed.\n"); goto done; } authtok_type = dp_opt_get_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE); if (authtok_type != NULL && strcasecmp(authtok_type,"obfuscated_password") == 0) { DEBUG(SSSDBG_TRACE_ALL, "Found obfuscated password, " "trying to convert to cleartext.\n"); authtok_blob = dp_opt_get_blob(opts->basic, SDAP_DEFAULT_AUTHTOK); if (authtok_blob.data == NULL || authtok_blob.length == 0) { DEBUG(SSSDBG_CRIT_FAILURE, "Missing obfuscated password string.\n"); ret = EINVAL; goto done; } ret = sss_password_decrypt(memctx, (char *) authtok_blob.data, &cleartext); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Cannot convert the obfuscated " "password back to cleartext\n"); goto done; } authtok_blob.data = (uint8_t *) cleartext; authtok_blob.length = strlen(cleartext); ret = dp_opt_set_blob(opts->basic, SDAP_DEFAULT_AUTHTOK, authtok_blob); talloc_free(cleartext); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } ret = dp_opt_set_string(opts->basic, SDAP_DEFAULT_AUTHTOK_TYPE, "password"); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "dp_opt_set_string failed.\n"); goto done; } } ret = EOK; *_opts = opts; done: if (ret != EOK) { talloc_zfree(opts); } return ret; }
static int nss_clear_memcache(struct sbus_request *dbus_req, void *data) { errno_t ret; int memcache_timeout; struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx); struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx; ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG); if (ret != 0) { ret = errno; if (ret == ENOENT) { DEBUG(SSSDBG_TRACE_FUNC, "CLEAR_MC_FLAG not found. Nothing to do.\n"); goto done; } else { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unlink file: %s.\n", strerror(ret)); return ret; } } /* CLEAR_MC_FLAG removed successfully. Clearing memory caches. */ ret = confdb_get_int(rctx->cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_MEMCACHE_TIMEOUT, 300, &memcache_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Unable to get memory cache entry timeout.\n"); return ret; } /* TODO: read cache sizes from configuration */ DEBUG(SSSDBG_TRACE_FUNC, "Clearing memory caches.\n"); ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS, (time_t) memcache_timeout, &nctx->pwd_mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache invalidation failed\n"); return ret; } ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS, (time_t) memcache_timeout, &nctx->grp_mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache invalidation failed\n"); return ret; } ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout, &nctx->initgr_mc_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "initgroups mmap cache invalidation failed\n"); return ret; } done: return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID); }
static int autofs_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *autofs_cmds; struct autofs_ctx *autofs_ctx; struct be_conn *iter; int ret; int hret; int max_retries; autofs_cmds = get_autofs_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, autofs_cmds, SSS_AUTOFS_SOCKET_NAME, -1, NULL, -1, CONFDB_AUTOFS_CONF_ENTRY, SSS_AUTOFS_SBUS_SERVICE_NAME, SSS_AUTOFS_SBUS_SERVICE_VERSION, &monitor_autofs_methods, "autofs", &autofs_dp_methods.vtable, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n"); return ret; } autofs_ctx = talloc_zero(rctx, struct autofs_ctx); if (!autofs_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing autofs_ctx\n"); ret = ENOMEM; goto fail; } ret = autofs_get_config(autofs_ctx, cdb); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Cannot read autofs configuration\n"); goto fail; } autofs_ctx->rctx = rctx; autofs_ctx->rctx->pvt_ctx = autofs_ctx; /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(autofs_ctx->rctx->cdb, CONFDB_AUTOFS_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n"); goto fail; } for (iter = autofs_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, autofs_dp_reconnect_init, iter); } /* Create the lookup table for setautomntent results */ hret = sss_hash_create_ex(autofs_ctx, 10, &autofs_ctx->maps, 0, 0, 0, 0, autofs_map_hash_delete_cb, NULL); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to initialize automount maps hash table\n"); ret = EIO; goto fail; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, "autofs Initialization complete\n"); return EOK; fail: talloc_free(rctx); return ret; }
int sudo_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *sudo_cmds; struct sudo_ctx *sudo_ctx; struct be_conn *iter; int ret; int max_retries; sudo_cmds = get_sudo_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, sudo_cmds, SSS_SUDO_SOCKET_NAME, -1, NULL, -1, CONFDB_SUDO_CONF_ENTRY, SSS_SUDO_SBUS_SERVICE_NAME, SSS_SUDO_SBUS_SERVICE_VERSION, &monitor_sudo_methods, "SUDO", NULL, sss_connection_setup, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n"); return ret; } sudo_ctx = talloc_zero(rctx, struct sudo_ctx); if (!sudo_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing sudo_ctx\n"); ret = ENOMEM; goto fail; } sudo_ctx->rctx = rctx; sudo_ctx->rctx->pvt_ctx = sudo_ctx; sss_ncache_prepopulate(sudo_ctx->rctx->ncache, sudo_ctx->rctx->cdb, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "failed to set ncache for sudo's filter_users\n"); goto fail; } /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(sudo_ctx->rctx->cdb, CONFDB_SUDO_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n"); goto fail; } for (iter = sudo_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, sudo_dp_reconnect_init, iter); } /* Get sudo_timed option */ ret = confdb_get_bool(sudo_ctx->rctx->cdb, CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_TIMED, CONFDB_DEFAULT_SUDO_TIMED, &sudo_ctx->timed); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); goto fail; } /* Get sudo_inverse_order option */ ret = confdb_get_bool(sudo_ctx->rctx->cdb, CONFDB_SUDO_CONF_ENTRY, CONFDB_SUDO_INVERSE_ORDER, CONFDB_DEFAULT_SUDO_INVERSE_ORDER, &sudo_ctx->inverse_order); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); goto fail; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, "SUDO Initialization complete\n"); return EOK; fail: talloc_free(rctx); return ret; }
int ssh_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *ssh_cmds; struct ssh_ctx *ssh_ctx; struct be_conn *iter; int ret; int max_retries; ssh_cmds = get_ssh_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, ssh_cmds, SSS_SSH_SOCKET_NAME, NULL, CONFDB_SSH_CONF_ENTRY, SSS_SSH_SBUS_SERVICE_NAME, SSS_SSH_SBUS_SERVICE_VERSION, &monitor_ssh_methods, "SSH", &ssh_dp_methods.vtable, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n"); return ret; } ssh_ctx = talloc_zero(rctx, struct ssh_ctx); if (!ssh_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ssh_ctx\n"); ret = ENOMEM; goto fail; } ssh_ctx->rctx = rctx; ssh_ctx->rctx->pvt_ctx = ssh_ctx; ret = sss_names_init_from_args(ssh_ctx, "(?P<name>[^@]+)@?(?P<domain>[^@]*$)", "%1$s@%2$s", &ssh_ctx->snctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing regex data\n"); goto fail; } /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n"); goto fail; } for (iter = ssh_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, ssh_dp_reconnect_init, iter); } /* Get responder options */ /* Get ssh_hash_known_hosts option */ ret = confdb_get_bool(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_HASH_KNOWN_HOSTS, CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS, &ssh_ctx->hash_known_hosts); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); goto fail; } /* Get ssh_known_hosts_timeout option */ ret = confdb_get_int(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_KNOWN_HOSTS_TIMEOUT, CONFDB_DEFAULT_SSH_KNOWN_HOSTS_TIMEOUT, &ssh_ctx->known_hosts_timeout); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Error reading from confdb (%d) [%s]\n", ret, strerror(ret)); goto fail; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, "SSH Initialization complete\n"); return EOK; fail: talloc_free(rctx); return ret; }
static errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct proxy_auth_ctx **_auth_ctx) { struct proxy_auth_ctx *auth_ctx; errno_t ret; int hret; int max_children; auth_ctx = talloc_zero(mem_ctx, struct proxy_auth_ctx); if (auth_ctx == NULL) { return ENOMEM; } auth_ctx->be = be_ctx; auth_ctx->timeout_ms = SSS_CLI_SOCKET_TIMEOUT / 4; auth_ctx->next_id = 1; ret = proxy_auth_conf(auth_ctx, be_ctx, &auth_ctx->pam_target); if (ret != EOK) { goto done; } ret = proxy_setup_sbus(auth_ctx, auth_ctx, be_ctx); if (ret != EOK) { goto done; } /* Set up request hash table */ ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path, CONFDB_PROXY_MAX_CHILDREN, OPT_MAX_CHILDREN_DEFAULT, &max_children); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret)); goto done; } if (max_children < 1) { DEBUG(SSSDBG_CRIT_FAILURE, "Option " CONFDB_PROXY_MAX_CHILDREN " must be higher then 0\n"); ret = EINVAL; goto done; } auth_ctx->max_children = max_children; hret = hash_create(auth_ctx->max_children * 2, &auth_ctx->request_table, NULL, NULL); if (hret != HASH_SUCCESS) { DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize request table\n"); ret = EIO; goto done; } *_auth_ctx = auth_ctx; ret = EOK; done: if (ret != EOK) { talloc_free(auth_ctx); } return ret; }
static int pam_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *pam_cmds; struct be_conn *iter; struct pam_ctx *pctx; int ret, max_retries; int id_timeout; int fd_limit; pam_cmds = get_pam_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, pam_cmds, SSS_PAM_SOCKET_NAME, SSS_PAM_PRIV_SOCKET_NAME, CONFDB_PAM_CONF_ENTRY, SSS_PAM_SBUS_SERVICE_NAME, SSS_PAM_SBUS_SERVICE_VERSION, &monitor_pam_interface, "PAM", &pam_dp_interface, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("sss_process_init() failed\n")); return ret; } pctx = talloc_zero(rctx, struct pam_ctx); if (!pctx) { ret = ENOMEM; goto done; } pctx->rctx = rctx; pctx->rctx->pvt_ctx = pctx; /* Enable automatic reconnection to the Data Provider */ /* FIXME: "retries" is too generic, either get it from a global config * or specify these retries are about the sbus connections to DP */ ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(0, ("Failed to set up automatic reconnection\n")); goto done; } for (iter = pctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, pam_dp_reconnect_init, iter); } /* Set up the negative cache */ ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY, CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15, &pctx->neg_timeout); if (ret != EOK) goto done; /* Set up the PAM identity timeout */ ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_PAM_ID_TIMEOUT, 5, &id_timeout); if (ret != EOK) goto done; pctx->id_timeout = (size_t)id_timeout; ret = sss_ncache_init(pctx, &pctx->ncache); if (ret != EOK) { DEBUG(0, ("fatal error initializing negative cache\n")); goto done; } ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx); if (ret != EOK) { goto done; } /* Create table for initgroup lookups */ ret = sss_hash_create(pctx, 10, &pctx->id_table); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Could not create initgroups hash table: [%s]", strerror(ret))); goto done; } /* Set up file descriptor limits */ ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY, CONFDB_SERVICE_FD_LIMIT, DEFAULT_PAM_FD_LIMIT, &fd_limit); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up file descriptor limit\n")); goto done; } responder_set_fd_limit(fd_limit); ret = EOK; done: if (ret != EOK) { talloc_free(rctx); } return ret; }
int ssh_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct sss_cmd_table *ssh_cmds; struct ssh_ctx *ssh_ctx; struct be_conn *iter; int ret; int max_retries; ssh_ctx = talloc_zero(mem_ctx, struct ssh_ctx); if (!ssh_ctx) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing ssh_ctx\n")); return ENOMEM; } ssh_cmds = get_ssh_cmds(); ret = sss_process_init(ssh_ctx, ev, cdb, ssh_cmds, SSS_SSH_SOCKET_NAME, NULL, CONFDB_SSH_CONF_ENTRY, SSS_SSH_SBUS_SERVICE_NAME, SSS_SSH_SBUS_SERVICE_VERSION, &monitor_ssh_interface, "SSH", &ssh_dp_interface, &ssh_ctx->rctx); if (ret != EOK) { return ret; } ssh_ctx->rctx->pvt_ctx = ssh_ctx; /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Failed to set up automatic reconnection\n")); return ret; } for (iter = ssh_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, ssh_dp_reconnect_init, iter); } /* Get responder options */ /* Get ssh_hash_known_hosts option */ ret = confdb_get_bool(ssh_ctx->rctx->cdb, CONFDB_SSH_CONF_ENTRY, CONFDB_SSH_HASH_KNOWN_HOSTS, CONFDB_DEFAULT_SSH_HASH_KNOWN_HOSTS, &ssh_ctx->hash_known_hosts); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, ("Error reading from confdb (%d) [%s]\n", ret, strerror(ret))); return ret; } DEBUG(SSSDBG_TRACE_FUNC, ("SSH Initialization complete\n")); return EOK; }
int ifp_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) { struct resp_ctx *rctx; struct sss_cmd_table *ifp_cmds; struct ifp_ctx *ifp_ctx; struct be_conn *iter; int ret; int max_retries; char *uid_str; char *attr_list_str; char *wildcard_limit_str; ifp_cmds = get_ifp_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, ifp_cmds, NULL, -1, NULL, -1, CONFDB_IFP_CONF_ENTRY, SSS_IFP_SBUS_SERVICE_NAME, SSS_IFP_SBUS_SERVICE_VERSION, &monitor_ifp_methods, "InfoPipe", &ifp_dp_methods.vtable, &rctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n"); return ret; } ifp_ctx = talloc_zero(rctx, struct ifp_ctx); if (ifp_ctx == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ifp_ctx\n"); ret = ENOMEM; goto fail; } ifp_ctx->rctx = rctx; ifp_ctx->rctx->pvt_ctx = ifp_ctx; ret = sss_names_init_from_args(ifp_ctx, "(?P<name>[^@]+)@?(?P<domain>[^@]*$)", "%1$s@%2$s", &ifp_ctx->snctx); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing regex data\n"); goto fail; } ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx, CONFDB_IFP_CONF_ENTRY, CONFDB_SERVICE_ALLOWED_UIDS, DEFAULT_ALLOWED_UIDS, &uid_str); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get allowed UIDs.\n"); goto fail; } ret = csv_string_to_uid_array(ifp_ctx->rctx, uid_str, true, &ifp_ctx->rctx->allowed_uids_count, &ifp_ctx->rctx->allowed_uids); talloc_free(uid_str); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set allowed UIDs.\n"); goto fail; } ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx, CONFDB_IFP_CONF_ENTRY, CONFDB_IFP_USER_ATTR_LIST, NULL, &attr_list_str); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to get user attribute list.\n"); goto fail; } ifp_ctx->user_whitelist = ifp_parse_user_attr_list(ifp_ctx, attr_list_str); talloc_free(attr_list_str); if (ifp_ctx->user_whitelist == NULL) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to parse the allowed attribute list\n"); goto fail; } /* Enable automatic reconnection to the Data Provider */ ret = confdb_get_int(ifp_ctx->rctx->cdb, CONFDB_IFP_CONF_ENTRY, CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to set up automatic reconnection\n"); goto fail; } /* A bit convoluted way until we have a confdb_get_uint32 */ ret = confdb_get_string(ifp_ctx->rctx->cdb, ifp_ctx->rctx, CONFDB_IFP_CONF_ENTRY, CONFDB_IFP_WILDCARD_LIMIT, NULL, /* no limit by default */ &wildcard_limit_str); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "Failed to retrieve limit for a wildcard search\n"); goto fail; } if (wildcard_limit_str) { ifp_ctx->wildcard_limit = strtouint32(wildcard_limit_str, NULL, 10); ret = errno; if (ret != EOK) { goto fail; } } for (iter = ifp_ctx->rctx->be_conns; iter; iter = iter->next) { sbus_reconnect_init(iter->conn, max_retries, ifp_dp_reconnect_init, iter); } /* Connect to the D-BUS system bus and set up methods */ ret = sysbus_init(ifp_ctx, ifp_ctx->rctx->ev, IFACE_IFP, ifp_ctx, &ifp_ctx->sysbus); if (ret == ERR_NO_SYSBUS) { DEBUG(SSSDBG_MINOR_FAILURE, "The system bus is not available..\n"); /* Explicitly ignore, the D-Bus daemon will start us */ } else if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to connect to the system message bus\n"); talloc_free(ifp_ctx); return EIO; } ret = schedule_get_domains_task(rctx, rctx->ev, rctx, NULL); if (ret != EOK) { DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); goto fail; } DEBUG(SSSDBG_TRACE_FUNC, "InfoPipe Initialization complete\n"); return EOK; fail: talloc_free(rctx); return ret; }