dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Pavel Březina <pbrezina@redhat.com>
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina Copyright (C) 2016 Red Hat
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina This program is free software; you can redistribute it and/or modify
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina it under the terms of the GNU General Public License as published by
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina the Free Software Foundation; either version 3 of the License, or
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina (at your option) any later version.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina This program is distributed in the hope that it will be useful,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina GNU General Public License for more details.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina You should have received a copy of the GNU General Public License
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#include "providers/data_provider/dp_private.h"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#define FILTER_TYPE(str, type) {str "=", sizeof(str "=") - 1, type}
3d29430867cf92b2d71afa95abb679711231117cPavel Březinastatic bool check_and_parse_filter(struct dp_id_data *data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* We will use sizeof() to determine the length of a string so we don't
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * call strlen over and over again with each request. Not a bottleneck,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina * but unnecessary and simple to avoid. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina static struct {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina } types[] = {FILTER_TYPE("name", BE_FILTER_NAME),
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return false;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (strncmp(filter, types[i].name, types[i].lenght) == 0) {
dc30c60f166ad9adc63a47a1013508a71624ac87Petr Cech data->filter_value = SBUS_SET_STRING(&filter[types[i].lenght]);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina return false;
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashovstatic struct dp_initgr_ctx *create_initgr_ctx(
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina unsigned int i;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ctx = talloc_zero(mem_ctx, struct dp_initgr_ctx);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Copy domain name */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Copy filter value */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ctx->filter_value = talloc_strdup(ctx, filter_value);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Reference domain info */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* If we had the data in sysdb */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Copy original username */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov username = ldb_msg_find_attr_as_string(res->msgs[0], SYSDB_NAME, NULL);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ctx->username = talloc_strdup(ctx, username);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Copy group IDs */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ctx->groups = talloc_array(mem_ctx, uint32_t, res->count);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* The first GID is the primary so it might be duplicated
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov * later in the list. */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov for (ctx->gnum = 0, i = 0; i < res->count; i++) {
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ctx->groups[ctx->gnum] = ldb_msg_find_attr_as_uint(res->msgs[i],
4a9c1047354dbe5a4ed41e5951ae623e3772e113René Genz /* If 0 it may be a non-POSIX group, so we skip it. */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashovstatic void dp_req_initgr_pp_nss_notify(const char *req_name,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* If user didn't exist in the cache previously */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* There is no point in contacting NSS responder */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory?!\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory?!\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Ordering NSS responder to update memory cache\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sbus_conn_send_reply(dp_client_conn(dp_cli), msg);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashovstatic void dp_req_initgr_pp_sr_overlay(struct data_provider *provider,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov struct ldb_message_element el = { 0, SYSDB_SESSION_RECORDING, 0, NULL };
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov struct sysdb_attrs del_attrs = { 1, &el };
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* If selective session recording is not enabled */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov if (be->sr_conf.scope != SESSION_RECORDING_SCOPE_SOME) {
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Allocate temporary talloc context */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed creating temporary talloc context\n");
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Get updated initgroups data with overrides */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ret = sysdb_initgroups_with_views(tmp_ctx, ctx->domain_info,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov if (ret == ENOENT || (ret == EOK && res->count == 0)) {
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get initgroups: %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Delete sessionRecording attribute so we know when we failed */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ret = sysdb_set_entry_attr(ctx->domain_info->sysdb, res->msgs[0]->dn,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed removing %s attribute: %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov SYSDB_SESSION_RECORDING, sss_strerror(ret));
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Format output username */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov name = sss_get_name_from_msg(ctx->domain_info, res->msgs[0]);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ret = sss_output_fqname(tmp_ctx, ctx->domain_info, name,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed formatting output username from \"%s\": %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* For each user name in session recording config */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov for (; *conf_user != NULL && !enabled; conf_user++) {
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* If it matches the requested user name */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov if (strcmp(*conf_user, output_name) == 0) {
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* If we have groups in config and are not yet enabled */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* For each group in response */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov for (i = 0; i < res->count && !enabled; i++) {
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Get the group msg */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Get the primary group */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov gid = sss_view_ldb_msg_find_attr_as_uint64(ctx->domain_info,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ret = sysdb_getgrgid_with_views(tmp_ctx, ctx->domain_info,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed retrieving group #%llu: %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov (unsigned long long)gid, sss_strerror(ret));
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Get the group's output name */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov name = sss_get_name_from_msg(ctx->domain_info, msg);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ret = sss_output_fqname(tmp_ctx, ctx->domain_info,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed formatting output group name from \"%s\": %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* For each group in configuration */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov if (strcmp(*conf_group, output_name) == 0) {
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov /* Set sessionRecording attribute to enabled value */
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed creating attributes\n");
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ret = sysdb_attrs_add_bool(add_attrs, SYSDB_SESSION_RECORDING, enabled);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed setting %s attribute: %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov SYSDB_SESSION_RECORDING, sss_strerror(ret));
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ret = sysdb_set_entry_attr(ctx->domain_info->sysdb, res->msgs[0]->dn,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov "Failed storing %s attribute: %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov SYSDB_SESSION_RECORDING, sss_strerror(ret));
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashovstatic void dp_req_initgr_pp(const char *req_name,
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov dp_req_initgr_pp_nss_notify(req_name, provider, ctx);
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov dp_req_initgr_pp_sr_overlay(provider, ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t dp_initgroups(struct sbus_request *sbus_req,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina const char *key,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina domain = find_domain_by_name(be_ctx->domain, data->domain, true);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sysdb_initgroups(sbus_req, domain, data->filter_value, &res);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (ret == ENOENT || (ret == EOK && res->count == 0)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to get initgroups [%d]: %s\n",
24b3a7b91a54b5b55cfddb52b3d5ac565afdcff1Nikolai Kondrashov ctx = create_initgr_ctx(sbus_req, data->domain, domain,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_req_with_reply_pp(dp_cli, data->domain, "Initgroups", key,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sbus_req, DPT_ID, DPM_ACCOUNT_HANDLER, dp_flags, data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t dp_get_account_info_handler(struct sbus_request *sbus_req,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina data = talloc_zero(sbus_req, struct dp_id_data);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (!check_and_parse_filter(data, filter, extra)) {
806f65f3c90dc0f7921932494228ad93f3ed3027Lukas Slebodnik data->entry_type, be_req2str(data->entry_type),
ca68b1b4ba06b1cda316ae8af470647bd7015a5aLukas Slebodnik key = talloc_asprintf(data, "%u:%s:%s:%s", data->entry_type,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if ((data->entry_type & BE_REQ_TYPE_MASK) == BE_REQ_INITGROUPS) {
6a611406e805a1707ca0b9e86b6aa96e02e43eccPavel Březina ret = dp_initgroups(sbus_req, dp_cli, key, dp_flags, data);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_req_with_reply(dp_cli, domain, "Account", key,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina sbus_req, DPT_ID, DPM_ACCOUNT_HANDLER, dp_flags, data,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozekcheck_and_parse_acct_domain_filter(struct dp_get_acct_domain_data *data,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek /* We will use sizeof() to determine the length of a string so we don't
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek * call strlen over and over again with each request. Not a bottleneck,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek * but unnecessary and simple to avoid. */
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek static struct {
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek } types[] = {FILTER_TYPE("idnumber", BE_FILTER_IDNUM),
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek return false;
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek if (strncmp(filter, types[i].name, types[i].lenght) == 0) {
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek data->filter_value = SBUS_SET_STRING(&filter[types[i].lenght]);
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek return true;
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek return true;
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek return false;
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozekerrno_t dp_get_account_domain_handler(struct sbus_request *sbus_req,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek data = talloc_zero(sbus_req, struct dp_get_acct_domain_data);
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek if (!check_and_parse_acct_domain_filter(data, filter)) {
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek dp_req_with_reply(dp_cli, NULL, "AccountDomain", key, sbus_req,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozekdefault_account_domain_send(TALLOC_CTX *mem_ctx,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozekerrno_t default_account_domain_recv(TALLOC_CTX *mem_ctx,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek struct default_account_domain_state *state = NULL;