providers/proxy/proxy_init.c

2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/*
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    SSSD
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    proxy_init.c
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    Authors:
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        Stephen Gallagher <sgallagh@redhat.com>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    Copyright (C) 2010 Red Hat
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    This program is free software; you can redistribute it and/or modify
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    it under the terms of the GNU General Public License as published by
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    the Free Software Foundation; either version 3 of the License, or
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    (at your option) any later version.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    This program is distributed in the hope that it will be useful,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    but WITHOUT ANY WARRANTY; without even the implied warranty of
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    GNU General Public License for more details.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    You should have received a copy of the GNU General Public License
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    along with this program.  If not, see <http://www.gnu.org/licenses/>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher*/
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
af58b15fa7f20e33736d79c6a4b3becb568517caLukas Slebodnik#include "config.h"
af58b15fa7f20e33736d79c6a4b3becb568517caLukas Slebodnik
69c83119c0504fd1590299b8a4ecdabf86a8f18dLukas Slebodnik#include "util/sss_format.h"
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include "providers/proxy/proxy.h"
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#define NSS_FN_NAME "_nss_%s_%s"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech#define OPT_MAX_CHILDREN_DEFAULT 10
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#define ERROR_INITGR "The '%s' library does not provides the " \
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                         "_nss_XXX_initgroups_dyn function!\n" \
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                         "initgroups will be slow as it will require " \
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                         "full groups enumeration!\n"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#define ERROR_NETGR "The '%s' library does not support netgroups.\n"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina#define ERROR_SERV "The '%s' library does not support services.\n"
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void *proxy_dlsym(void *handle,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                         const char *name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                         const char *libname)
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher{
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    char *funcname;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    void *funcptr;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    funcname = talloc_asprintf(NULL, NSS_FN_NAME, libname, name);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (funcname == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return NULL;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    funcptr = dlsym(handle, funcname);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    talloc_free(funcname);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    return funcptr;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t proxy_id_conf(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                             struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                             char **_libname,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                             char **_libpath,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                             bool *_fast_alias)
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    TALLOC_CTX *tmp_ctx;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    char *libname;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    char *libpath;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    bool fast_alias;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    tmp_ctx = talloc_new(NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (tmp_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        return ENOMEM;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                            CONFDB_PROXY_LIBNAME, NULL, &libname);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    } else if (libname == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "No library name given\n");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        ret = ENOENT;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = confdb_get_bool(be_ctx->cdb, be_ctx->conf_path,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                          CONFDB_PROXY_FAST_ALIAS, false, &fast_alias);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    libpath = talloc_asprintf(tmp_ctx, "libnss_%s.so.2", libname);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (libpath == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        ret = ENOMEM;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_libname = talloc_steal(mem_ctx, libname);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_libpath = talloc_steal(mem_ctx, libpath);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_fast_alias = fast_alias;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = EOK;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinadone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    talloc_free(tmp_ctx);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t proxy_id_load_symbols(struct proxy_nss_ops *ops,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                     const char *libname,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                     void *handle)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    int i;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct {void **dest;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            const char *name;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            const char *custom_error;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            bool is_fatal;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    } symbols[] = {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getpwnam_r, "getpwnam_r", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getpwuid_r, "getpwuid_r", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->setpwent, "setpwent", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getpwent_r, "getpwent_r", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->endpwent, "endpwent", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getgrnam_r, "getgrnam_r", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getgrgid_r, "getgrgid_r", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->setgrent, "setgrent", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getgrent_r, "getgrent_r", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->endgrent, "endgrent", NULL, true},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->initgroups_dyn, "initgroups_dyn", ERROR_INITGR, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->setnetgrent, "setnetgrent", ERROR_NETGR, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getnetgrent_r, "getnetgrent_r", ERROR_NETGR, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->endnetgrent, "endnetgrent", ERROR_NETGR, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getservbyname_r, "getservbyname_r", ERROR_SERV, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getservbyport_r, "getservbyport_r", ERROR_SERV, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->setservent, "setservent", ERROR_SERV, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->getservent_r, "getservent_r", ERROR_SERV, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {(void**)&ops->endservent, "endservent", ERROR_SERV, false},
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        {NULL, NULL, NULL, false}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    };
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    for (i = 0; symbols[i].dest != NULL; i++) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        *symbols[i].dest = proxy_dlsym(handle, symbols[i].name, libname);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        if (*symbols[i].dest == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            DEBUG(SSSDBG_FATAL_FAILURE, "Failed to load _nss_%s_%s, "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  "error: %s.\n", libname, symbols[i].name, dlerror());
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            if (symbols[i].custom_error != NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                DEBUG(SSSDBG_CRIT_FAILURE, symbols[i].custom_error, libname);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            if (symbols[i].is_fatal) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                return ELIBBAD;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina            }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t proxy_setup_sbus(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                struct proxy_auth_ctx *ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                struct be_ctx *be_ctx)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    char *sbus_address;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    sbus_address = talloc_asprintf(mem_ctx, "unix:path=%s/%s_%s", PIPE_PATH,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                   PROXY_CHILD_PIPE, be_ctx->domain->name);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (sbus_address == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_asprintf() failed.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ENOMEM;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = sbus_new_server(mem_ctx, be_ctx->ev, sbus_address, 0, be_ctx->gid,
7622d9d97eb6747a9f3406633281f2492f8f4a0aFabiano Fidêncio                          false, &ctx->sbus_srv, proxy_client_init, ctx, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    talloc_free(sbus_address);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Could not set up sbus server.\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t proxy_auth_conf(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               char **_pam_target)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    char *pam_target;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = confdb_get_string(be_ctx->cdb, mem_ctx, be_ctx->conf_path,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                            CONFDB_PROXY_PAM_TARGET, NULL, &pam_target);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to read confdb [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ret;
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose    }
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (pam_target == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Missing option %s.\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              CONFDB_PROXY_PAM_TARGET);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return EINVAL;
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose    }
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_pam_target = pam_target;
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic errno_t proxy_init_auth_ctx(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                   struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                   struct proxy_auth_ctx **_auth_ctx)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct proxy_auth_ctx *auth_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    int hret;
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech    int max_children;
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    auth_ctx = talloc_zero(mem_ctx, struct proxy_auth_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (auth_ctx == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return ENOMEM;
627d83dff183219826489949cb55ef71945e94abStephen Gallagher    }
627d83dff183219826489949cb55ef71945e94abStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    auth_ctx->be = be_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    auth_ctx->timeout_ms = SSS_CLI_SOCKET_TIMEOUT / 4;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    auth_ctx->next_id = 1;
627d83dff183219826489949cb55ef71945e94abStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = proxy_auth_conf(auth_ctx, be_ctx, &auth_ctx->pam_target);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
627d83dff183219826489949cb55ef71945e94abStephen Gallagher    }
627d83dff183219826489949cb55ef71945e94abStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = proxy_setup_sbus(auth_ctx, auth_ctx, be_ctx);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* Set up request hash table */
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech    ret = confdb_get_int(be_ctx->cdb, be_ctx->conf_path,
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech                         CONFDB_PROXY_MAX_CHILDREN,
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech                         OPT_MAX_CHILDREN_DEFAULT,
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech                         &max_children);
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech    if (ret != EOK) {
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech        DEBUG(SSSDBG_CRIT_FAILURE,
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech              "Unable to read confdb [%d]: %s\n", ret, sss_strerror(ret));
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech        goto done;
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech    }
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech    if (max_children < 1) {
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech        DEBUG(SSSDBG_CRIT_FAILURE,
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech              "Option " CONFDB_PROXY_MAX_CHILDREN " must be higher then 0\n");
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech        ret = EINVAL;
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech        goto done;
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech    }
aef0171e0bdc9a683958d69c7ee984fb10cd5de7Petr Cech    auth_ctx->max_children = max_children;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    hret = hash_create(auth_ctx->max_children * 2, &auth_ctx->request_table,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                       NULL, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (hret != HASH_SUCCESS) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Could not initialize request table\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        ret = EIO;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_auth_ctx = auth_ctx;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = EOK;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinadone:
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        talloc_free(auth_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_proxy_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                       struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                       struct data_provider *provider,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                       const char *module_name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                       void **_module_data)
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct proxy_auth_ctx *auth_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (!dp_target_enabled(provider, module_name,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                           DPT_ACCESS, DPT_AUTH, DPT_CHPASS)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        return EOK;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    /* Initialize auth_ctx since one of the access, auth or chpass is set. */
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = proxy_init_auth_ctx(mem_ctx, be_ctx, &auth_ctx);
d9577dbd92555b0755881e37724019ef9c578404Stef Walter    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create auth context [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
d9577dbd92555b0755881e37724019ef9c578404Stef Walter        return ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    *_module_data = auth_ctx;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    return EOK;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_proxy_id_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                           struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                           void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                           struct dp_method *dp_methods)
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct proxy_id_ctx *ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    char *libname;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    char *libpath;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    errno_t ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ctx = talloc_zero(mem_ctx, struct proxy_id_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ctx == NULL) {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        return ENOMEM;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ctx->be = be_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = proxy_id_conf(ctx, be_ctx, &libname, &libpath, &ctx->fast_alias);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ret != EOK) {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ctx->handle = dlopen(libpath, RTLD_NOW);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    if (ctx->handle == NULL) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Unable to load %s module, "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              "error: %s\n", libpath, dlerror());
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        ret = ELIBACC;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = proxy_id_load_symbols(&ctx->ops, libname, ctx->handle);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    if (ret != EOK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina        DEBUG(SSSDBG_FATAL_FAILURE, "Unable to load NSS symbols [%d]: %s\n",
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina              ret, sss_strerror(ret));
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        goto done;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    dp_set_method(dp_methods, DPM_ACCOUNT_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  proxy_account_info_handler_send, proxy_account_info_handler_recv, ctx,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina                  struct proxy_id_ctx, struct dp_id_data, struct dp_reply_std);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek    dp_set_method(dp_methods, DPM_ACCT_DOMAIN_HANDLER,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek                  default_account_domain_send, default_account_domain_recv, NULL,
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek                  void, struct dp_get_acct_domain_data, struct dp_reply_std);
c0f9f5a0f6d71a1596ee3cef549b4b02295313c3Jakub Hrozek
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    ret = EOK;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherdone:
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    if (ret != EOK) {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher        talloc_free(ctx);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    }
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    return ret;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_proxy_auth_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                             struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                             void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                             struct dp_method *dp_methods)
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct proxy_auth_ctx *auth_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    auth_ctx = talloc_get_type(module_data, struct proxy_auth_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    dp_set_method(dp_methods, DPM_AUTH_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  proxy_pam_handler_send, proxy_pam_handler_recv, auth_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  struct proxy_auth_ctx, struct pam_data, struct pam_data *);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher}
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_proxy_chpass_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct dp_method *dp_methods)
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return sssm_proxy_auth_init(mem_ctx, be_ctx, module_data, dp_methods);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina}
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t sssm_proxy_access_init(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct be_ctx *be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               void *module_data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct dp_method *dp_methods)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina{
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    struct proxy_auth_ctx *auth_ctx;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    auth_ctx = talloc_get_type(module_data, struct proxy_auth_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    dp_set_method(dp_methods, DPM_ACCESS_HANDLER,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  proxy_pam_handler_send, proxy_pam_handler_recv, auth_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                  struct proxy_auth_ctx, struct pam_data, struct pam_data *);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina    return EOK;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher}