nss_protocol_pwent.c revision 4049b63f8c67ada17b453463b0451ca6be3d5de4
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina Pavel Březina <pbrezina@redhat.com>
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina Copyright (C) 2016 Red Hat
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina This program is free software; you can redistribute it and/or modify
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina it under the terms of the GNU General Public License as published by
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina the Free Software Foundation; either version 3 of the License, or
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina (at your option) any later version.
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina This program is distributed in the hope that it will be useful,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina but WITHOUT ANY WARRANTY; without even the implied warranty of
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina GNU General Public License for more details.
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina You should have received a copy of the GNU General Public License
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina along with this program. If not, see <http://www.gnu.org/licenses/>.
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* First, try to return overriden gid. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina gid = ldb_msg_find_attr_as_uint64(msg, OVERRIDE_PREFIX SYSDB_GIDNUM,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Try to return domain gid override. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Return original gid. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina return ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březinastatic const char *
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina homedir = sss_view_ldb_msg_find_attr_as_string(dom, msg, SYSDB_HOMEDIR,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Check to see which homedir_prefix to use. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina homedir_ctx->config_homedir_substr = dom->homedir_substr;
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina homedir_ctx->config_homedir_substr = nctx->homedir_substr;
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Check whether we are unconditionally overriding the server
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina * for home directory locations.
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina return expand_homedir_template(mem_ctx, dom->override_homedir,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina return expand_homedir_template(mem_ctx, nctx->override_homedir,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* In the case of a NULL or empty homedir, check to see if
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina * we have a fallback homedir to use.
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina return expand_homedir_template(mem_ctx, dom->fallback_homedir,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina return expand_homedir_template(mem_ctx, nctx->fallback_homedir,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Provider can also return template, try to expand it.*/
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina return expand_homedir_template(mem_ctx, homedir,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březinastatic const char *
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina const char *upn,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina homedir = nss_get_homedir_override(mem_ctx, msg, nss_ctx, domain, &hd_ctx);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březinastatic const char *
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březinanss_get_shell_override(struct ldb_message *msg,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Check whether we are unconditionally overriding
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina * the server for the login shell. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina shell = sss_view_ldb_msg_find_attr_as_string(domain, msg, SYSDB_SHELL,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Check whether there is a default shell specified */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina if (nss_ctx->allowed_shells == NULL && nss_ctx->vetoed_shells == NULL) {
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina if (strcmp(nss_ctx->vetoed_shells[i], shell) == 0) {
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "The shell '%s' is vetoed. Using fallback.\n",
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina if (strcmp(shell, nss_ctx->etc_shells[i]) == 0) {
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina DEBUG(SSSDBG_TRACE_ALL, "Using original shell '%s'\n", shell);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina if (strcmp(nss_ctx->allowed_shells[0], "*") == 0) {
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "The shell '%s' is allowed but does not exist. "
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina for (i = 0; nss_ctx->allowed_shells[i]; i++) {
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina if (strcmp(nss_ctx->allowed_shells[i], shell) == 0) {
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "The shell '%s' is allowed but does not exist. "
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "The shell '%s' is not allowed and does not exist.\n", shell);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina const char *upn;
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Get fields. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina upn = ldb_msg_find_attr_as_string(msg, SYSDB_UPN, NULL);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina uid = sss_view_ldb_msg_find_attr_as_uint64(domain, msg, SYSDB_UIDNUM, 0);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "Incomplete user object for %s[%u]! Skipping\n",
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina gecos = sss_view_ldb_msg_find_attr_as_string(domain, msg, SYSDB_GECOS,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina homedir = nss_get_homedir(mem_ctx, nss_ctx, domain, msg, name, upn, uid);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina shell = nss_get_shell_override(msg, nss_ctx, domain);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Convert to sized strings. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sized_output_name(mem_ctx, nss_ctx->rctx, name, domain, _name);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "sized_output_name failed, skipping [%d]: %s\n",
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina to_sized_string(_gecos, gecos == NULL ? "" : gecos);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březinanss_protocol_fill_pwent(struct nss_ctx *nss_ctx,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Password field content. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* First two fields (length and reserved), filled up later. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sss_packet_grow(packet, 2 * sizeof(uint32_t));
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = nss_get_pwent(tmp_ctx, nss_ctx, result->domain, msg, &uid, &gid,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Check negative cache during enumeration. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sss_ncache_check_user(nss_ctx->rctx->ncache,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "User [%s] filtered out! (negative cache)\n", name->str);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Adjust packet size: uid, gid + string fields. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sss_packet_grow(packet, 2 * sizeof(uint32_t)
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina sss_packet_get_body(packet, &body, &body_len);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Fill packet. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina SAFEALIGN_SET_STRING(&body[rp], name->str, name->len, &rp);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina SAFEALIGN_SET_STRING(&body[rp], pwfield.str, pwfield.len, &rp);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina SAFEALIGN_SET_STRING(&body[rp], gecos.str, gecos.len, &rp);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina SAFEALIGN_SET_STRING(&body[rp], homedir.str, homedir.len, &rp);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina SAFEALIGN_SET_STRING(&body[rp], shell.str, shell.len, &rp);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina /* Do not store entry in memory cache during enumeration. */
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina ret = sss_mmap_cache_pw_store(&nss_ctx->pwd_mc_ctx, name, &pwfield,
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina "Failed to store user %s (%s) in mmap cache [%d]: %s!\n",
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina name->str, result->domain->name, ret, sss_strerror(ret));
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina sss_packet_get_body(packet, &body, &body_len);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina SAFEALIGN_COPY_UINT32(body, &num_results, NULL);
4049b63f8c67ada17b453463b0451ca6be3d5de4Pavel Březina SAFEALIGN_SETMEM_UINT32(body + sizeof(uint32_t), 0, NULL); /* reserved */