99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov/*
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov SSSD
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov Session recording utilities
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov Authors:
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov Copyright (C) 2017 Red Hat
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov This program is free software; you can redistribute it and/or modify
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov it under the terms of the GNU General Public License as published by
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov the Free Software Foundation; either version 3 of the License, or
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov (at your option) any later version.
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov This program is distributed in the hope that it will be useful,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov but WITHOUT ANY WARRANTY; without even the implied warranty of
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov GNU General Public License for more details.
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov You should have received a copy of the GNU General Public License
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov along with this program. If not, see <http://www.gnu.org/licenses/>.
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov*/
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov#include "util/session_recording.h"
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov#include "util/debug.h"
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov#include <string.h>
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov#include <errno.h>
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov#include <sys/types.h>
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov#include <sys/stat.h>
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov#include <unistd.h>
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashoverrno_t session_recording_conf_load(TALLOC_CTX *mem_ctx,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov struct confdb_ctx *cdb,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov struct session_recording_conf *pconf)
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov{
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov int ret;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov char *str;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov struct stat s;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if (cdb == NULL || pconf == NULL) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = EINVAL;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov }
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov /* Read session_recording/scope option */
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = confdb_get_string(cdb, mem_ctx, CONFDB_SESSION_RECORDING_CONF_ENTRY,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov CONFDB_SESSION_RECORDING_SCOPE, "none", &str);
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if (ret != EOK) goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if (strcasecmp(str, "none") == 0) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov pconf->scope = SESSION_RECORDING_SCOPE_NONE;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov } else if (strcasecmp(str, "some") == 0) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov pconf->scope = SESSION_RECORDING_SCOPE_SOME;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov } else if (strcasecmp(str, "all") == 0) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov pconf->scope = SESSION_RECORDING_SCOPE_ALL;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov } else {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov "Unknown value for session recording scope: %s\n",
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov str);
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = EINVAL;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov }
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov /* If session recording is enabled at all */
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if (pconf->scope != SESSION_RECORDING_SCOPE_NONE) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov /* Check that the shell exists and is executable */
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = stat(SESSION_RECORDING_SHELL, &s);
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if (ret != 0) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov switch (errno) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov case ENOENT:
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov "Session recording shell \"%s\" not found\n",
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov SESSION_RECORDING_SHELL);
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = EINVAL;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov case EOK:
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if ((s.st_mode & 0111) != 0111) {
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov "Session recording shell \"%s\" is not executable\n",
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov SESSION_RECORDING_SHELL);
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = EINVAL;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov }
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov break;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov default:
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov "Failed checking for session recording shell "
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov "\"%s\": %s\n",
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov SESSION_RECORDING_SHELL, strerror(errno));
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = EINVAL;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov }
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov }
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov }
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov /* Read session_recording/users option */
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = confdb_get_string_as_list(cdb, mem_ctx,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov CONFDB_SESSION_RECORDING_CONF_ENTRY,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov CONFDB_SESSION_RECORDING_USERS,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov &pconf->users);
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if (ret != EOK && ret != ENOENT) goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov /* Read session_recording/groups option */
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = confdb_get_string_as_list(cdb, mem_ctx,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov CONFDB_SESSION_RECORDING_CONF_ENTRY,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov CONFDB_SESSION_RECORDING_GROUPS,
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov &pconf->groups);
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov if (ret != EOK && ret != ENOENT) goto done;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov ret = EOK;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashovdone:
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov return ret;
99b96048b79b0228c3f7c431ea12010f7bd5b362Nikolai Kondrashov}