pamsrv.c revision 07e941c1bbdc752142bbd3b838c540bc7ecd0ed7
1795e934ebcd58175d3b5bbdd811b13c7889efa3Timo Sirainen PAM Responder
76a99afe0914951d20d96e0bf5e6d8d3ea3fd503Timo Sirainen Copyright (C) Simo Sorce <ssorce@redhat.com> 2009
55639052253ff28c6a0f569ae76dfda33e02c5f2Timo Sirainen Copyright (C) Sumit Bose <sbose@redhat.com> 2009
76a99afe0914951d20d96e0bf5e6d8d3ea3fd503Timo Sirainen This program is free software; you can redistribute it and/or modify
596ec384269cad3b0f0661df89b9cf33cbd171b7Timo Sirainen it under the terms of the GNU General Public License as published by
666286d8ecc6c450b2232dcc628f79454215acfcTimo Sirainen the Free Software Foundation; either version 3 of the License, or
2521fd0986302cdabc8b0711eef63ac188f32cd6Timo Sirainen (at your option) any later version.
1795e934ebcd58175d3b5bbdd811b13c7889efa3Timo Sirainen This program is distributed in the hope that it will be useful,
a35cbba04d0a2823da98e693bd09a051addffdb2Timo Sirainen but WITHOUT ANY WARRANTY; without even the implied warranty of
fa3fc0b4c821874ccc56a1512604f661b411d3a4Aki Tuomi MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
fa3fc0b4c821874ccc56a1512604f661b411d3a4Aki Tuomi GNU General Public License for more details.
503e5ef896c7b4a51cf73efb0d132860a8c747e6Timo Sirainen You should have received a copy of the GNU General Public License
3ccfcf0856958cb9208a9fc51c3bdf13c58ad52aTimo Sirainen along with this program. If not, see <http://www.gnu.org/licenses/>.
4316355ca8b7698516272520a972291378698140Timo Sirainenstatic struct data_provider_iface pam_dp_methods = {
4316355ca8b7698516272520a972291378698140Timo Sirainenstatic void pam_dp_reconnect_init(struct sbus_connection *conn, int status, void *pvt)
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn);
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen /* Did we reconnect successfully? */
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n");
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen /* Identify ourselves to the data provider */
4316355ca8b7698516272520a972291378698140Timo Sirainen /* all fine */
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen handle_requests_after_reconnect(be_conn->rctx);
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen /* Handle failure */
4316355ca8b7698516272520a972291378698140Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n",
4316355ca8b7698516272520a972291378698140Timo Sirainen /* FIXME: kill the frontend and let the monitor restart it ? */
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainen /* pam_shutdown(rctx); */
0df9428baed48afaff90b4d4f03792d2fd756a43Timo Sirainenstatic int pam_process_init(TALLOC_CTX *mem_ctx,
2521fd0986302cdabc8b0711eef63ac188f32cd6Timo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
4316355ca8b7698516272520a972291378698140Timo Sirainen /* Enable automatic reconnection to the Data Provider */
4316355ca8b7698516272520a972291378698140Timo Sirainen /* FIXME: "retries" is too generic, either get it from a global config
4316355ca8b7698516272520a972291378698140Timo Sirainen * or specify these retries are about the sbus connections to DP */
1795e934ebcd58175d3b5bbdd811b13c7889efa3Timo Sirainen ret = confdb_get_int(pctx->rctx->cdb, CONFDB_PAM_CONF_ENTRY,
d23c747de9d33966483fbdd41f08ad7766da7c5cTimo Sirainen CONFDB_SERVICE_RECON_RETRIES, 3, &max_retries);
1795e934ebcd58175d3b5bbdd811b13c7889efa3Timo Sirainen "Failed to set up automatic reconnection\n");
3ccfcf0856958cb9208a9fc51c3bdf13c58ad52aTimo Sirainen for (iter = pctx->rctx->be_conns; iter; iter = iter->next) {
82995cc154a929f37aa486a72a6485e9f8d34a30Timo Sirainen /* Set up the negative cache */
82995cc154a929f37aa486a72a6485e9f8d34a30Timo Sirainen ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
4316355ca8b7698516272520a972291378698140Timo Sirainen /* Set up the PAM identity timeout */
d9b8c65d0a0ffc709ba7d23c449dbf2f46b10674Timo Sirainen ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
d23c747de9d33966483fbdd41f08ad7766da7c5cTimo Sirainen "fatal error initializing negative cache\n");
d23c747de9d33966483fbdd41f08ad7766da7c5cTimo Sirainen ret = sss_ncache_prepopulate(pctx->ncache, cdb, pctx->rctx);
82995cc154a929f37aa486a72a6485e9f8d34a30Timo Sirainen /* Create table for initgroup lookups */
d23c747de9d33966483fbdd41f08ad7766da7c5cTimo Sirainen ret = sss_hash_create(pctx, 10, &pctx->id_table);
e5acc283bf030b0b5c79ca4e52d315c516a299faPascal Volk "Could not create initgroups hash table: [%s]",
d23c747de9d33966483fbdd41f08ad7766da7c5cTimo Sirainen /* Set up file descriptor limits */
4316355ca8b7698516272520a972291378698140Timo Sirainen "Failed to set up file descriptor limit\n");
4316355ca8b7698516272520a972291378698140Timo Sirainen ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
666286d8ecc6c450b2232dcc628f79454215acfcTimo Sirainen DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
4316355ca8b7698516272520a972291378698140Timo Sirainen /* Set debug level to invalid value so we can deside if -d 0 was used. */
4316355ca8b7698516272520a972291378698140Timo Sirainen pc = poptGetContext(argv[0], argc, argv, long_options, 0);
4316355ca8b7698516272520a972291378698140Timo Sirainen fprintf(stderr, "\nInvalid option %s: %s\n\n",
3cfc375f0d939c346b9b0e6f0ac78b9bc367dd95Timo Sirainen /* set up things like debug, signals, daemonization, etc... */
4316355ca8b7698516272520a972291378698140Timo Sirainen ret = server_setup("sssd[pam]", 0, CONFDB_PAM_CONF_ENTRY, &main_ctx);
4316355ca8b7698516272520a972291378698140Timo Sirainen /* This is not fatal, don't return */
e34d170f8f0e084bd94bfbc1a7085ece67e508dfTimo Sirainen "Could not set up to exit when parent process does\n");
b8a4aab1f117f6760184ad50b1af41ba810b51f9Timo Sirainen /* loop on main */