local.c revision 7171a7584dda534dde5409f3e7f4657e845ece15
fa9e4066f08beec538e775443c5be79dd423fcabahrens Secrets Responder
ea8dc4b6d2251b437950c0056bc626b311c73c27eschrock Copyright (C) Simo Sorce <ssorce@redhat.com> 2016
fa9e4066f08beec538e775443c5be79dd423fcabahrens This program is free software; you can redistribute it and/or modify
fa9e4066f08beec538e775443c5be79dd423fcabahrens it under the terms of the GNU General Public License as published by
fa9e4066f08beec538e775443c5be79dd423fcabahrens the Free Software Foundation; either version 3 of the License, or
fa9e4066f08beec538e775443c5be79dd423fcabahrens (at your option) any later version.
fa9e4066f08beec538e775443c5be79dd423fcabahrens This program is distributed in the hope that it will be useful,
fa9e4066f08beec538e775443c5be79dd423fcabahrens but WITHOUT ANY WARRANTY; without even the implied warranty of
fa9e4066f08beec538e775443c5be79dd423fcabahrens MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
fa9e4066f08beec538e775443c5be79dd423fcabahrens GNU General Public License for more details.
fa9e4066f08beec538e775443c5be79dd423fcabahrens You should have received a copy of the GNU General Public License
fa9e4066f08beec538e775443c5be79dd423fcabahrens along with this program. If not, see <http://www.gnu.org/licenses/>.
27dd1e87cd3d939264769dd4af7e6a529cde001fMark Shellenbaum#include "responder/secrets/secsrv_private.h"
fa9e4066f08beec538e775443c5be79dd423fcabahrensstatic int local_decrypt(struct local_context *lctx, TALLOC_CTX *mem_ctx,
fa9e4066f08beec538e775443c5be79dd423fcabahrens DEBUG(SSSDBG_TRACE_INTERNAL, "Decrypting with masterkey\n");
fa9e4066f08beec538e775443c5be79dd423fcabahrens _secret.data = (char *)sss_base64_decode(mem_ctx, secret,
fa9e4066f08beec538e775443c5be79dd423fcabahrens DEBUG(SSSDBG_OP_FAILURE, "sss_base64_decode failed\n");
fa9e4066f08beec538e775443c5be79dd423fcabahrens "sss_decrypt failed [%d]: %s\n", ret, sss_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Output length mismatch or output not NULL-terminated\n");
fa9e4066f08beec538e775443c5be79dd423fcabahrensstatic int local_encrypt(struct local_context *lctx, TALLOC_CTX *mem_ctx,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_CRIT_FAILURE, "Uknown encryption type '%s'\n", enctype);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "sss_encrypt failed [%d]: %s\n", ret, sss_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *req_path,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *s, *e;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw while (s && *s) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (e == s) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (!ldb_dn_add_child_fmt(dn, "cn=%.*s", (int)(e - s), s)) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw s = e + 1;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Local path for [%s] is [%s]\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw path = talloc_strndup_append_buffer(path, (char *)val->data,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw path = talloc_strndup(mem_ctx, (char *)val->data, val->length);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Secrets path for [%s] is [%s]\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *req_path,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw static const char *attrs[] = { "secret", "enctype", NULL };
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *attr_secret;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *attr_enctype;
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_FUNC, "Retrieving a secret from [%s]\n", req_path);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "local_db_dn failed [%d]: %s\n", ret, sss_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Searching for [%s] at [%s] with scope=base\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "ldb_search returned [%d]: %s\n", ret, ldb_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Too many secrets returned with BASE search\n");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw attr_secret = ldb_msg_find_attr_as_string(res->msgs[0], "secret", NULL);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_CRIT_FAILURE, "The 'secret' attribute is missing\n");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw attr_enctype = ldb_msg_find_attr_as_string(res->msgs[0], "enctype", NULL);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = local_decrypt(lctx, mem_ctx, attr_secret, attr_enctype, secret);
1ab996781aab376b5ee79af025ab24ff42a0a3f0Mark Shellenbaum *secret = talloc_strdup(mem_ctx, attr_secret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *req_path,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_FUNC, "Listing keys at [%s]\n", req_path);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "local_db_dn failed [%d]: %s\n", ret, sss_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Searching for [%s] at [%s] with scope=subtree\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "ldb_search returned [%d]: %s\n", ret, ldb_strerror(ret));
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum for (unsigned i = 0; i < res->count; i++) {
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum keys[i] = local_dn_to_path(keys, dn, res->msgs[i]->dn);
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum DEBUG(SSSDBG_TRACE_LIBS, "Returning %d secrets\n", res->count);
1412a1a223b7a94990edf5114c108b0a29c3f881Mark Shellenbaumstatic int local_db_check_containers(TALLOC_CTX *mem_ctx,
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum /* We need to exclude the leaf as that will be the new child entry,
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum * We also do not care for the synthetic containers that constitute the
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum * base path (cn=<uidnumber>,cn=users,cn=secrets), so in total we remove
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum * 4 components */
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum for (int i = 0; i < num; i++) {
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum /* remove the child first (we do not want to check the leaf) */
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum if (!ldb_dn_remove_child_components(dn, 1)) return EFAULT;
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum /* and check the parent container exists */
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum "Searching for [%s] at [%s] with scope=base\n",
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum LOCAL_CONTAINER_FILTER, ldb_dn_get_linearized(dn));
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum if (ret != LDB_SUCCESS || res->count != 1) {
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum "DN [%s] does not exist\n", ldb_dn_get_linearized(dn));
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaumstatic int local_db_check_containers_nest_level(struct local_context *lctx,
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum /* We need do not care for the synthetic containers that constitute the
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum * base path (cn=<uidnumber>,cn=user,cn=secrets). */
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum nest_level = ldb_dn_get_comp_num(leaf_dn) - 3;
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum if (nest_level > lctx->containers_nest_level) {
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum "Cannot create a nested container of depth %d as the maximum"
1412a1a223b7a94990edf5114c108b0a29c3f881Mark Shellenbaum "allowed number of nested containers is %d.\n",
1412a1a223b7a94990edf5114c108b0a29c3f881Mark Shellenbaum return ERR_SEC_INVALID_CONTAINERS_NEST_LEVEL;
1412a1a223b7a94990edf5114c108b0a29c3f881Mark Shellenbaumstatic int local_db_check_number_of_secrets(TALLOC_CTX *mem_ctx,
1412a1a223b7a94990edf5114c108b0a29c3f881Mark Shellenbaum dn = ldb_dn_new(tmp_ctx, lctx->ldb, "cn=secrets");
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_SUBTREE,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Cannot store any more secrets as the maximum allowed limit (%d) "
fa9e4066f08beec538e775443c5be79dd423fcabahrensstatic int local_check_max_payload_size(struct local_context *lctx,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw max_payload_size = lctx->max_payload_size * 1024; /* kb */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Secrets' payload size [%d kb (%d)] exceeds the maximum allowed "
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "payload size [%d kb (%d)]\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *req_path,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *secret)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_FUNC, "Adding a secret to [%s]\n", req_path);
2459a9eaca6b6525c76289d22ffe4c96be1956d6marks ret = local_db_dn(msg, lctx->ldb, req_path, &msg->dn);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "local_db_dn failed [%d]: %s\n", ret, sss_strerror(ret));
fa9e4066f08beec538e775443c5be79dd423fcabahrens /* make sure containers exist */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "local_db_check_containers failed for [%s]: [%d]: %s\n",
2459a9eaca6b6525c76289d22ffe4c96be1956d6marks ldb_dn_get_linearized(msg->dn), ret, sss_strerror(ret));
fa9e4066f08beec538e775443c5be79dd423fcabahrens "local_db_check_number_of_secrets failed [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = local_check_max_payload_size(lctx, strlen(secret));
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum "local_check_max_payload_size failed [%d]: %s\n",
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum ret = local_encrypt(lctx, msg, secret, enctype, &enc_secret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "local_encrypt failed [%d]: %s\n", ret, sss_strerror(ret));
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum ret = ldb_msg_add_string(msg, "type", "simple");
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum "ldb_msg_add_string failed adding type:simple [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "ldb_msg_add_string failed adding enctype [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "ldb_msg_add_string failed adding secret [%d]: %s\n",
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum ret = ldb_msg_add_fmt(msg, "creationTime", "%lu", time(NULL));
b249c65cf0a7400e86a36ddab5c3fce085809859marks "ldb_msg_add_string failed adding creationTime [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Secret %s already exists\n", ldb_dn_get_linearized(msg->dn));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Failed to add secret [%s]: [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ldb_dn_get_linearized(msg->dn), ret, ldb_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *req_path)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_FUNC, "Removing a secret from [%s]\n", req_path);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "local_db_dn failed [%d]: %s\n", ret, sss_strerror(ret));
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum "Searching for [%s] at [%s] with scope=base\n",
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum LOCAL_CONTAINER_FILTER, ldb_dn_get_linearized(dn));
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum "ldb_search returned %d: %s\n", ret, ldb_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Searching for children of [%s]\n", ldb_dn_get_linearized(dn));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = ldb_search(lctx->ldb, tmp_ctx, &res, dn, LDB_SCOPE_ONELEVEL,
0a586cea3ceec7e5e50e7e54c745082a7a333ac2Mark Shellenbaum "ldb_search returned %d: %s\n", ret, ldb_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Failed to remove '%s': Container is not empty\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "ldb_delete returned %d: %s\n", ret, ldb_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* fallthrough */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *req_path)
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_FUNC, "Creating a container at [%s]\n", req_path);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "local_db_dn failed [%d]: %s\n", ret, sss_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* make sure containers exist */
89459e17032b6bb1d59eebd2b7c0d06859d4657cMark Shellenbaum "local_db_check_containers failed for [%s]: [%d]: %s\n",
4c841f6070b4f88f9dc008de526b313bbebd4e32marks ldb_dn_get_linearized(msg->dn), ret, sss_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = local_db_check_containers_nest_level(lctx, msg->dn);
be6fd75a69ae679453d9cda5bff3326111e6d1caMatthew Ahrens ret = ldb_msg_add_string(msg, "type", "container");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "ldb_msg_add_string failed adding type:container [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = ldb_msg_add_fmt(msg, "creationTime", "%lu", time(NULL));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "ldb_msg_add_string failed adding creationTime [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Secret %s already exists\n", ldb_dn_get_linearized(msg->dn));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Failed to add secret [%s]: [%d]: %s\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ldb_dn_get_linearized(msg->dn), ret, ldb_strerror(ret));
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* be strict for now */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Unrecognized URI fragments: [%s]\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Unrecognized URI userinfo: [%s]\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* only type simple for now */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw if (ret != 0) {
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw "Invalid URI query: [%s]\n",
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw /* drop SEC_BASEPATH prefix */
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw talloc_strdup(mem_ctx, &secreq->mapped_path[sizeof(SEC_BASEPATH) - 1]);
1ab996781aab376b5ee79af025ab24ff42a0a3f0Mark Shellenbaum "Failed to map request to local db path\n");
e0d35c4478bf9fd4080951b5b9d1f9a38948ba69marks DEBUG(SSSDBG_TRACE_LIBS, "Local DB path is %s\n", *local_db_path);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amwstatic struct tevent_req *local_secret_req(TALLOC_CTX *mem_ctx,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw const char *content_type;
be6fd75a69ae679453d9cda5bff3326111e6d1caMatthew Ahrens req = tevent_req_create(mem_ctx, &state, struct local_secret_state);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw lctx = talloc_get_type(provider_ctx, struct local_context);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_INTERNAL, "Received a local secrets request\n");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_OP_FAILURE, "No or uknown Content-Type\n");
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_LIBS, "Content-Type: %s\n", content_type);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_LIBS, "Processing HTTP GET at [%s]\n", req_path);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = local_db_list_keys(state, lctx, req_path, &keys, &nkeys);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = sec_array_to_json(state, keys, nkeys, &body.data);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = local_db_get_simple(state, lctx, req_path, &secret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = sec_simple_secret_to_json(state, secret, &body.data);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw body.data = (void *)sss_base64_decode(state, secret, &body.length);
fa9e4066f08beec538e775443c5be79dd423fcabahrens DEBUG(SSSDBG_TRACE_LIBS, "Processing HTTP PUT at [%s]\n", req_path);
fa9e4066f08beec538e775443c5be79dd423fcabahrens ret = sec_json_to_simple_secret(state, secreq->body.data,
fa9e4066f08beec538e775443c5be79dd423fcabahrens secret = sss_base64_encode(state, (uint8_t *)secreq->body.data,
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = local_db_put_simple(state, lctx, req_path, secret);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw DEBUG(SSSDBG_TRACE_LIBS, "Processing HTTP POST at [%s]\n", req_path);
da6c28aaf62fa55f0fdb8004aa40f88f23bf53f0amw ret = sec_http_reply_with_body(secreq, &secreq->reply, STATUS_200,
d47621a49c68c359358f6630aa45cc320762f51fTim Haley ret = sec_http_status_reply(secreq, &secreq->reply, STATUS_200);
29a0b7379cd3103841d05e3ed04486412049acccmarks DEBUG(SSSDBG_TRACE_LIBS, "Did not find the requested data\n");
003c2582df5b8a57cb0e6f04227f93ccd982f0e5Mark Shellenbaum "Local secrets request error [%d]: %s\n",
29a0b7379cd3103841d05e3ed04486412049acccmarks /* shortcircuit the request here as all called functions are
de0f1ddb598506a5d9a02946b67e9300b5f2a7cdAlbert Lee * synchronous and final and no further subrequests are made */
29a0b7379cd3103841d05e3ed04486412049acccmarks DEBUG(SSSDBG_TRACE_INTERNAL, "Local secrets request done\n");
fa9e4066f08beec538e775443c5be79dd423fcabahrensstatic int generate_master_key(const char *filename, size_t size)
fa9e4066f08beec538e775443c5be79dd423fcabahrens "generate_csprng_buffer failed [%d]: %s\n",
27dd1e87cd3d939264769dd4af7e6a529cde001fMark Shellenbaum "open(%s) failed [%d]: %s\n",
fa9e4066f08beec538e775443c5be79dd423fcabahrens "sss_atomic_write_s failed [%d]: %s\n",
fa9e4066f08beec538e775443c5be79dd423fcabahrens /* non-fatal failure */
fa9e4066f08beec538e775443c5be79dd423fcabahrens "Failed to remove file: %s - %d [%s]!\n",
fa9e4066f08beec538e775443c5be79dd423fcabahrens DEBUG(SSSDBG_TRACE_INTERNAL, "Creating a local provider handle\n");
fa9e4066f08beec538e775443c5be79dd423fcabahrens "ldb_connect(%s) returned %d: %s\n",
fa9e4066f08beec538e775443c5be79dd423fcabahrens lctx->containers_nest_level = sctx->containers_nest_level;
fa9e4066f08beec538e775443c5be79dd423fcabahrens lctx->master_key.data = talloc_size(lctx, MKEY_SIZE);
fa9e4066f08beec538e775443c5be79dd423fcabahrens DEBUG(SSSDBG_TRACE_FUNC, "No master key, generating a new one..\n");
fa9e4066f08beec538e775443c5be79dd423fcabahrens DEBUG(SSSDBG_OP_FAILURE, "Cannot generate a master key: %d\n", ret);
d47621a49c68c359358f6630aa45cc320762f51fTim Haley size = sss_atomic_read_s(mfd, lctx->master_key.data,
d47621a49c68c359358f6630aa45cc320762f51fTim Haley if (size < 0 || size != lctx->master_key.length) {
d47621a49c68c359358f6630aa45cc320762f51fTim Haley DEBUG(SSSDBG_OP_FAILURE, "Cannot read a master key: %d\n", ret);
4929fd5ef3f018b490359eb4a2d95d22152325fbTim Haley DEBUG(SSSDBG_TRACE_INTERNAL, "Local provider handle created\n");