confdb.c revision f6dbb235373b122ae15643ef5dbbe821ee1307d9
97a9a944b5887e91042b019776c41d5dd74557aferikabele/*
97a9a944b5887e91042b019776c41d5dd74557aferikabele SSSD
97a9a944b5887e91042b019776c41d5dd74557aferikabele
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive NSS Configuratoin DB
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive
a945f35eff8b6a88009ce73de6d4c862ce58de3cslive Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd This program is free software; you can redistribute it and/or modify
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd it under the terms of the GNU General Public License as published by
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd the Free Software Foundation; either version 3 of the License, or
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen (at your option) any later version.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen This program is distributed in the hope that it will be useful,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen but WITHOUT ANY WARRANTY; without even the implied warranty of
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd GNU General Public License for more details.
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd You should have received a copy of the GNU General Public License
3f08db06526d6901aa08c110b5bc7dde6bc39905nd along with this program. If not, see <http://www.gnu.org/licenses/>.
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd*/
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd#include "config.h"
3f08db06526d6901aa08c110b5bc7dde6bc39905nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd#include <ctype.h>
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd#include "util/util.h"
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd#include "confdb/confdb.h"
8529679ec1c2e3285d9a2b0e124d3af16154c406kess#include "confdb/confdb_private.h"
8529679ec1c2e3285d9a2b0e124d3af16154c406kess#include "util/strtonum.h"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include "db/sysdb.h"
7f5b59ccc63c0c0e3e678a168f09ee6a2f51f9d0nd
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd if (!var) { \
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd ret = err; \
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd goto label; \
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd } \
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd} while(0)
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4ndstatic char *prepend_cn(char *str, int *slen, const char *comp, int clen)
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd{
97a9a944b5887e91042b019776c41d5dd74557aferikabele char *ret;
20189240503ef2c8f5dc6e2248b57faab4b23b5and
97a9a944b5887e91042b019776c41d5dd74557aferikabele ret = talloc_realloc(NULL, str, char, *slen + 4 + clen + 1);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive if (!ret)
06ba4a61654b3763ad65f52283832ebf058fdf1cslive return NULL;
20189240503ef2c8f5dc6e2248b57faab4b23b5and
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd /* move current string to the end */
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd memmove(&ret[clen +4], ret, *slen+1); /* includes termination */
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd memcpy(ret, "cn=", 3);
117c1f888a14e73cdd821dc6c23eb0411144a41cnd memcpy(&ret[3], comp, clen);
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd ret[clen+3] = ',';
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd *slen = *slen + 4 + clen;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd return ret;
aa0c9ba3adef6e0e98c6f38d2bf690283b609aacrbowen}
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4ndint parse_section(TALLOC_CTX *mem_ctx, const char *section,
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd char **sec_dn, const char **rdn_name)
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd{
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd TALLOC_CTX *tmp_ctx;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd char *dn = NULL;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd char *p;
62160b002faf84ed5427a5b4ad264031eba3f908nd const char *s;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd int l, ret;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd /* section must be a non null string and must not start with '/' */
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd if (!section || !*section || *section == '/') return EINVAL;
e19681198636b7d979c040d08e0288935a2faf53nd
e19681198636b7d979c040d08e0288935a2faf53nd tmp_ctx = talloc_new(mem_ctx);
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd if (!tmp_ctx) return ENOMEM;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive
20189240503ef2c8f5dc6e2248b57faab4b23b5and s = section;
20189240503ef2c8f5dc6e2248b57faab4b23b5and l = 0;
20189240503ef2c8f5dc6e2248b57faab4b23b5and while ((p = strchrnul(s, '/'))) {
20189240503ef2c8f5dc6e2248b57faab4b23b5and if (l == 0) {
20189240503ef2c8f5dc6e2248b57faab4b23b5and dn = talloc_asprintf(tmp_ctx, "cn=%s", s);
20189240503ef2c8f5dc6e2248b57faab4b23b5and l = 3 + (p-s);
20189240503ef2c8f5dc6e2248b57faab4b23b5and dn[l] = '\0';
20189240503ef2c8f5dc6e2248b57faab4b23b5and } else {
06ba4a61654b3763ad65f52283832ebf058fdf1cslive dn = prepend_cn(dn, &l, s, p-s);
be43dfdc0292dc9ec54820ced4ebb82507e3bd76rbowen }
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic if (!dn) {
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic ret = ENOMEM;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic goto done;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic }
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic if (*p == '\0') {
67a715b4352c3e25bff32fccad48350180393f5end if (rdn_name) *rdn_name = s;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive break; /* reached end */
be43dfdc0292dc9ec54820ced4ebb82507e3bd76rbowen }
725ecc2b5c7499ee392e85a151778718a8e33dcckess s = p+1;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive if (*s == '\0') { /* a section cannot end in '.' */
06ba4a61654b3763ad65f52283832ebf058fdf1cslive ret = EINVAL;
be43dfdc0292dc9ec54820ced4ebb82507e3bd76rbowen goto done;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic }
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic }
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic *sec_dn = talloc_steal(mem_ctx, dn);
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic ret = EOK;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic
be43dfdc0292dc9ec54820ced4ebb82507e3bd76rbowendone:
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic talloc_free(tmp_ctx);
be43dfdc0292dc9ec54820ced4ebb82507e3bd76rbowen return ret;
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf}
06ba4a61654b3763ad65f52283832ebf058fdf1cslive
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4ndint confdb_add_param(struct confdb_ctx *cdb,
62160b002faf84ed5427a5b4ad264031eba3f908nd bool replace,
62160b002faf84ed5427a5b4ad264031eba3f908nd const char *section,
62160b002faf84ed5427a5b4ad264031eba3f908nd const char *attribute,
62160b002faf84ed5427a5b4ad264031eba3f908nd const char **values)
62160b002faf84ed5427a5b4ad264031eba3f908nd{
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic TALLOC_CTX *tmp_ctx = NULL;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic struct ldb_message *msg;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic struct ldb_result *res;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic struct ldb_dn *dn;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic char *secdn;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic const char *rdn_name;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic int ret, i;
62160b002faf84ed5427a5b4ad264031eba3f908nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd tmp_ctx = talloc_new(NULL);
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd if (!tmp_ctx) {
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd ret = ENOMEM;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd goto done;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd }
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd ret = parse_section(tmp_ctx, section, &secdn, &rdn_name);
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd if (ret != EOK) {
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd goto done;
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd }
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd dn = ldb_dn_new(tmp_ctx, cdb->ldb, secdn);
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd CONFDB_ZERO_CHECK_OR_JUMP(dn, ret, EIO, done);
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd ret = ldb_search(cdb->ldb, tmp_ctx, &res,
06ba4a61654b3763ad65f52283832ebf058fdf1cslive dn, LDB_SCOPE_BASE, NULL, NULL);
67a715b4352c3e25bff32fccad48350180393f5end if (ret != LDB_SUCCESS) {
67a715b4352c3e25bff32fccad48350180393f5end ret = EIO;
529258d4aa14c83ac8ef5392731cb58ac0068495nd goto done;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive }
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf
725ecc2b5c7499ee392e85a151778718a8e33dcckess msg = ldb_msg_new(tmp_ctx);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive CONFDB_ZERO_CHECK_OR_JUMP(msg, ret, ENOMEM, done);
67a715b4352c3e25bff32fccad48350180393f5end
06ba4a61654b3763ad65f52283832ebf058fdf1cslive msg->dn = talloc_steal(msg, dn);
67a715b4352c3e25bff32fccad48350180393f5end CONFDB_ZERO_CHECK_OR_JUMP(msg->dn, ret, ENOMEM, done);
67a715b4352c3e25bff32fccad48350180393f5end
06ba4a61654b3763ad65f52283832ebf058fdf1cslive if (res->count == 0) { /* add a new message */
67a715b4352c3e25bff32fccad48350180393f5end errno = 0;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf /* cn first */
725ecc2b5c7499ee392e85a151778718a8e33dcckess ret = ldb_msg_add_string(msg, "cn", rdn_name);
06ba4a61654b3763ad65f52283832ebf058fdf1cslive if (ret != LDB_SUCCESS) {
9a58dc6a2b26ec128b1270cf48810e705f1a90dbsf if (errno) ret = errno;
725ecc2b5c7499ee392e85a151778718a8e33dcckess else ret = EIO;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive goto done;
06ba4a61654b3763ad65f52283832ebf058fdf1cslive }
06ba4a61654b3763ad65f52283832ebf058fdf1cslive
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic /* now the requested attribute */
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic for (i = 0; values[i]; i++) {
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic ret = ldb_msg_add_string(msg, attribute, values[i]);
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic if (ret != LDB_SUCCESS) {
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic if (errno) ret = errno;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic else ret = EIO;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic goto done;
f0fa55ff14fa0bf8fd72d989f6625de6dc3260c8igalic }
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd }
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd ret = ldb_add(cdb->ldb, msg);
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd if (ret != LDB_SUCCESS) {
8529679ec1c2e3285d9a2b0e124d3af16154c406kess ret = EIO;
8529679ec1c2e3285d9a2b0e124d3af16154c406kess goto done;
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor }
7f5b59ccc63c0c0e3e678a168f09ee6a2f51f9d0nd
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung } else {
3b3b7fc78d1f5bfc2769903375050048ff41ff26nd int optype;
5effc8b39fae5cd169d17f342bfc265705840014rbowen errno = 0;
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen
2c9e74eac9f72c14535dd65a520e4de2e664d9cdhumbedooh /* mark this as a replacement */
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen if (replace) optype = LDB_FLAG_MOD_REPLACE;
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen else optype = LDB_FLAG_MOD_ADD;
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen ret = ldb_msg_add_empty(msg, attribute, optype, NULL);
bdd978e5ecd8daa2542d4d4e1988c78a622cd7f4nd if (ret != LDB_SUCCESS) {
if (errno) ret = errno;
else ret = EIO;
goto done;
}
/* now the requested attribute */
for (i = 0; values[i]; i++) {
ret = ldb_msg_add_string(msg, attribute, values[i]);
if (ret != LDB_SUCCESS) {
if (errno) ret = errno;
else ret = EIO;
goto done;
}
}
ret = ldb_modify(cdb->ldb, msg);
if (ret != LDB_SUCCESS) {
ret = EIO;
goto done;
}
}
ret = EOK;
done:
talloc_free(tmp_ctx);
if (ret != EOK) {
DEBUG(1, ("Failed to add [%s] to [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret)));
}
return ret;
}
int confdb_get_param(struct confdb_ctx *cdb,
TALLOC_CTX *mem_ctx,
const char *section,
const char *attribute,
char ***values)
{
TALLOC_CTX *tmp_ctx;
struct ldb_result *res;
struct ldb_dn *dn;
char *secdn;
const char *attrs[] = { attribute, NULL };
char **vals;
struct ldb_message_element *el;
int ret, i;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx)
return ENOMEM;
ret = parse_section(tmp_ctx, section, &secdn, NULL);
if (ret != EOK) {
goto done;
}
dn = ldb_dn_new(tmp_ctx, cdb->ldb, secdn);
if (!dn) {
ret = EIO;
goto done;
}
ret = ldb_search(cdb->ldb, tmp_ctx, &res,
dn, LDB_SCOPE_BASE, attrs, NULL);
if (ret != LDB_SUCCESS) {
ret = EIO;
goto done;
}
if (res->count > 1) {
ret = EIO;
goto done;
}
vals = talloc_zero(mem_ctx, char *);
ret = EOK;
if (res->count > 0) {
el = ldb_msg_find_element(res->msgs[0], attribute);
if (el && el->num_values > 0) {
vals = talloc_realloc(mem_ctx, vals, char *, el->num_values +1);
if (!vals) {
ret = ENOMEM;
goto done;
}
/* should always be strings so this should be safe */
for (i = 0; i < el->num_values; i++) {
struct ldb_val v = el->values[i];
vals[i] = talloc_strndup(vals, (char *)v.data, v.length);
if (!vals[i]) {
ret = ENOMEM;
goto done;
}
}
vals[i] = NULL;
}
}
*values = vals;
done:
talloc_free(tmp_ctx);
if (ret != EOK) {
DEBUG(1, ("Failed to get [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret)));
}
return ret;
}
int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
const char *section, const char *attribute,
const char *defstr, char **result)
{
char **values = NULL;
char *restr;
int ret;
ret = confdb_get_param(cdb, ctx, section, attribute, &values);
if (ret != EOK) {
goto failed;
}
if (values[0]) {
if (values[1] != NULL) {
/* too many values */
ret = EINVAL;
goto failed;
}
restr = talloc_steal(ctx, values[0]);
} else {
/* Did not return a value, so use the default */
if (defstr == NULL) { /* No default given */
*result = NULL;
talloc_free(values);
return EOK;
}
/* Copy the default string */
restr = talloc_strdup(ctx, defstr);
}
if (!restr) {
ret = ENOMEM;
goto failed;
}
talloc_free(values);
*result = restr;
return EOK;
failed:
talloc_free(values);
DEBUG(1, ("Failed to get [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret)));
return ret;
}
int confdb_get_int(struct confdb_ctx *cdb,
const char *section, const char *attribute,
int defval, int *result)
{
char **values = NULL;
long val;
int ret;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
ret = ENOMEM;
goto failed;
}
ret = confdb_get_param(cdb, tmp_ctx, section, attribute, &values);
if (ret != EOK) {
goto failed;
}
if (values[0]) {
if (values[1] != NULL) {
/* too many values */
ret = EINVAL;
goto failed;
}
errno = 0;
val = strtol(values[0], NULL, 0);
if (errno) {
ret = errno;
goto failed;
}
if (val < INT_MIN || val > INT_MAX) {
ret = ERANGE;
goto failed;
}
} else {
val = defval;
}
talloc_free(tmp_ctx);
*result = (int)val;
return EOK;
failed:
talloc_free(tmp_ctx);
DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret)));
return ret;
}
long confdb_get_long(struct confdb_ctx *cdb,
const char *section, const char *attribute,
long defval, long *result)
{
char **values = NULL;
long val;
int ret;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
ret = ENOMEM;
goto failed;
}
ret = confdb_get_param(cdb, tmp_ctx, section, attribute, &values);
if (ret != EOK) {
goto failed;
}
if (values[0]) {
if (values[1] != NULL) {
/* too many values */
ret = EINVAL;
goto failed;
}
errno = 0;
val = strtol(values[0], NULL, 0);
if (errno) {
ret = errno;
goto failed;
}
} else {
val = defval;
}
talloc_free(tmp_ctx);
*result = val;
return EOK;
failed:
talloc_free(tmp_ctx);
DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret)));
return ret;
}
int confdb_get_bool(struct confdb_ctx *cdb,
const char *section, const char *attribute,
bool defval, bool *result)
{
char **values = NULL;
bool val;
int ret;
TALLOC_CTX *tmp_ctx;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
ret = ENOMEM;
goto failed;
}
ret = confdb_get_param(cdb, tmp_ctx, section, attribute, &values);
if (ret != EOK) {
goto failed;
}
if (values[0]) {
if (values[1] != NULL) {
/* too many values */
ret = EINVAL;
goto failed;
}
if (strcasecmp(values[0], "FALSE") == 0) {
val = false;
} else if (strcasecmp(values[0], "TRUE") == 0) {
val = true;
} else {
DEBUG(2, ("Value is not a boolean!\n"));
ret = EINVAL;
goto failed;
}
} else {
val = defval;
}
talloc_free(tmp_ctx);
*result = val;
return EOK;
failed:
talloc_free(tmp_ctx);
DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret)));
return ret;
}
/* WARNING: Unlike other similar functions, this one does NOT take a default,
* and returns ENOENT if the attribute was not found ! */
int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx,
const char *section, const char *attribute,
char ***result)
{
char **values = NULL;
int ret;
ret = confdb_get_param(cdb, ctx, section, attribute, &values);
if (ret != EOK) {
goto done;
}
if (values && values[0]) {
if (values[1] != NULL) {
/* too many values */
ret = EINVAL;
goto done;
}
} else {
/* Did not return a value */
ret = ENOENT;
goto done;
}
ret = split_on_separator(ctx, values[0], ',', true, result, NULL);
done:
talloc_free(values);
if (ret != EOK && ret != ENOENT) {
DEBUG(2, ("Failed to get [%s] from [%s], error [%d] (%s)\n",
attribute, section, ret, strerror(ret)));
}
return ret;
}
int confdb_init(TALLOC_CTX *mem_ctx,
struct confdb_ctx **cdb_ctx,
const char *confdb_location)
{
struct confdb_ctx *cdb;
int ret = EOK;
mode_t old_umask;
cdb = talloc_zero(mem_ctx, struct confdb_ctx);
if (!cdb)
return ENOMEM;
/* Because confdb calls use sync ldb calls, we create a separate event
* context here. This will prevent the ldb sync calls to start nested
* events.
* NOTE: this means that we *cannot* do async calls and return in confdb
* unless we convert all calls and hook back to the main event context.
*/
cdb->pev = tevent_context_init(cdb);
if (!cdb->pev) {
talloc_free(cdb);
return EIO;
}
cdb->ldb = ldb_init(cdb, cdb->pev);
if (!cdb->ldb) {
talloc_free(cdb);
return EIO;
}
ret = ldb_set_debug(cdb->ldb, ldb_debug_messages, NULL);
if (ret != LDB_SUCCESS) {
DEBUG(0,("Could not set up debug fn.\n"));
talloc_free(cdb);
return EIO;
}
old_umask = umask(0177);
ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL);
umask(old_umask);
if (ret != LDB_SUCCESS) {
DEBUG(0, ("Unable to open config database [%s]\n",
confdb_location));
talloc_free(cdb);
return EIO;
}
*cdb_ctx = cdb;
return EOK;
}
static errno_t get_entry_as_uint32(struct ldb_message *msg,
uint32_t *return_value,
const char *entry,
uint32_t default_value)
{
const char *tmp = NULL;
char *endptr;
uint32_t u32ret = 0;
*return_value = 0;
if (!msg || !entry) {
return EFAULT;
}
tmp = ldb_msg_find_attr_as_string(msg, entry, NULL);
if (tmp == NULL) {
*return_value = default_value;
return EOK;
}
if ((*tmp == '-') || (*tmp == '\0')) {
return EINVAL;
}
u32ret = strtouint32 (tmp, &endptr, 10);
if (errno) {
return errno;
}
if (*endptr != '\0') {
/* Not all of the string was a valid number */
return EINVAL;
}
*return_value = u32ret;
return EOK;
}
static errno_t get_entry_as_bool(struct ldb_message *msg,
bool *return_value,
const char *entry,
bool default_value)
{
const char *tmp = NULL;
*return_value = 0;
if (!msg || !entry) {
return EFAULT;
}
tmp = ldb_msg_find_attr_as_string(msg, entry, NULL);
if (tmp == NULL || *tmp == '\0') {
*return_value = default_value;
return EOK;
}
if (strcasecmp(tmp, "FALSE") == 0) {
*return_value = 0;
}
else if (strcasecmp(tmp, "TRUE") == 0) {
*return_value = 1;
}
else {
return EINVAL;
}
return EOK;
}
/* The default UID/GID for domains is 1. This wouldn't work well with
* the local provider */
static uint32_t confdb_get_min_id(struct sss_domain_info *domain)
{
uint32_t defval = SSSD_MIN_ID;
if (domain && strcasecmp(domain->provider, "local") == 0) {
defval = SSSD_LOCAL_MINID;
}
return defval;
}
static int confdb_get_domain_internal(struct confdb_ctx *cdb,
TALLOC_CTX *mem_ctx,
const char *name,
struct sss_domain_info **_domain)
{
struct sss_domain_info *domain;
struct ldb_result *res;
TALLOC_CTX *tmp_ctx;
struct ldb_dn *dn;
const char *tmp;
int ret, val;
uint32_t entry_cache_timeout;
tmp_ctx = talloc_new(mem_ctx);
if (!tmp_ctx) return ENOMEM;
dn = ldb_dn_new_fmt(tmp_ctx, cdb->ldb,
"cn=%s,%s", name, CONFDB_DOMAIN_BASEDN);
if (!dn) {
ret = ENOMEM;
goto done;
}
ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn,
LDB_SCOPE_BASE, NULL, NULL);
if (ret != LDB_SUCCESS) {
ret = EIO;
goto done;
}
if (res->count != 1) {
DEBUG(0, ("Unknown domain [%s]\n", name));
ret = ENOENT;
goto done;
}
domain = talloc_zero(mem_ctx, struct sss_domain_info);
if (!domain) {
ret = ENOMEM;
goto done;
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL);
if (!tmp) {
DEBUG(0, ("Invalid configuration entry, fatal error!\n"));
ret = EINVAL;
goto done;
}
domain->name = talloc_strdup(domain, tmp);
if (!domain->name) {
ret = ENOMEM;
goto done;
}
domain->conn_name = domain->name;
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_DOMAIN_ID_PROVIDER,
NULL);
if (tmp) {
domain->provider = talloc_strdup(domain, tmp);
if (!domain->provider) {
ret = ENOMEM;
goto done;
}
}
else {
DEBUG(0, ("Domain [%s] does not specify an ID provider, disabling!\n",
domain->name));
ret = EINVAL;
goto done;
}
if (strcasecmp(domain->provider, "files") == 0) {
/* The files provider is not valid anymore */
DEBUG(0, ("The \"files\" provider is invalid\n"));
ret = EINVAL;
goto done;
}
if (strcasecmp(domain->provider, "local") == 0) {
/* If this is the local provider, we need to ensure that
* no other provider was specified for other types, since
* the local provider cannot load them.
*/
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_DOMAIN_AUTH_PROVIDER,
NULL);
if (tmp && strcasecmp(tmp, "local") != 0) {
DEBUG(0, ("Local ID provider does not support [%s] as an AUTH provider.\n", tmp));
ret = EINVAL;
goto done;
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_DOMAIN_ACCESS_PROVIDER,
NULL);
if (tmp && strcasecmp(tmp, "local") != 0) {
DEBUG(0, ("Local ID provider does not support [%s] as an ACCESS provider.\n", tmp));
ret = EINVAL;
goto done;
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_DOMAIN_CHPASS_PROVIDER,
NULL);
if (tmp && strcasecmp(tmp, "local") != 0) {
DEBUG(0, ("Local ID provider does not support [%s] as a CHPASS provider.\n", tmp));
ret = EINVAL;
goto done;
}
}
domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0],
CONFDB_DOMAIN_TIMEOUT, 0);
/* Determine if this domain can be enumerated */
/* TEMP: test if the old bitfield conf value is used and warn it has been
* superceeded. */
val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0);
if (val > 0) { /* ok there was a number in here */
DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! "
"Enumeration is now a boolean and takes true/false values. "
"Interpreting as true\n", domain->name));
domain->enumerate = true;
} else { /* assume the new format */
ret = get_entry_as_bool(res->msgs[0], &domain->enumerate,
CONFDB_DOMAIN_ENUMERATE, 0);
if(ret != EOK) {
DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE));
goto done;
}
}
if (!domain->enumerate) {
DEBUG(1, ("No enumeration for [%s]!\n", domain->name));
}
/* Determine if user/group names will be Fully Qualified
* in NSS interfaces */
ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0);
if(ret != EOK) {
DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_FQ));
goto done;
}
ret = get_entry_as_uint32(res->msgs[0], &domain->id_min,
CONFDB_DOMAIN_MINID,
confdb_get_min_id(domain));
if (ret != EOK) {
DEBUG(0, ("Invalid value for minId\n"));
ret = EINVAL;
goto done;
}
ret = get_entry_as_uint32(res->msgs[0], &domain->id_max,
CONFDB_DOMAIN_MAXID, 0);
if (ret != EOK) {
DEBUG(0, ("Invalid value for maxId\n"));
ret = EINVAL;
goto done;
}
if (domain->id_max && (domain->id_max < domain->id_min)) {
DEBUG(0, ("Invalid domain range\n"));
ret = EINVAL;
goto done;
}
/* Do we allow to cache credentials */
ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials,
CONFDB_DOMAIN_CACHE_CREDS, 0);
if(ret != EOK) {
DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS));
goto done;
}
ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords,
CONFDB_DOMAIN_LEGACY_PASS, 0);
if(ret != EOK) {
DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS));
goto done;
}
/* Get the global entry cache timeout setting */
ret = get_entry_as_uint32(res->msgs[0], &entry_cache_timeout,
CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT, 5400);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Invalid value for [%s]\n",
CONFDB_DOMAIN_ENTRY_CACHE_TIMEOUT));
goto done;
}
/* Override the user cache timeout, if specified */
ret = get_entry_as_uint32(res->msgs[0], &domain->user_timeout,
CONFDB_DOMAIN_USER_CACHE_TIMEOUT,
entry_cache_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Invalid value for [%s]\n",
CONFDB_DOMAIN_USER_CACHE_TIMEOUT));
goto done;
}
/* Override the group cache timeout, if specified */
ret = get_entry_as_uint32(res->msgs[0], &domain->group_timeout,
CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT,
entry_cache_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Invalid value for [%s]\n",
CONFDB_DOMAIN_GROUP_CACHE_TIMEOUT));
goto done;
}
/* Override the netgroup cache timeout, if specified */
ret = get_entry_as_uint32(res->msgs[0], &domain->netgroup_timeout,
CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT,
entry_cache_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Invalid value for [%s]\n",
CONFDB_DOMAIN_NETGROUP_CACHE_TIMEOUT));
goto done;
}
/* Override the service cache timeout, if specified */
ret = get_entry_as_uint32(res->msgs[0], &domain->service_timeout,
CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT,
entry_cache_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Invalid value for [%s]\n",
CONFDB_DOMAIN_SERVICE_CACHE_TIMEOUT));
goto done;
}
/* Override the autofs cache timeout, if specified */
ret = get_entry_as_uint32(res->msgs[0], &domain->autofsmap_timeout,
CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT,
entry_cache_timeout);
if (ret != EOK) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Invalid value for [%s]\n",
CONFDB_DOMAIN_AUTOFS_CACHE_TIMEOUT));
goto done;
}
/* Set the PAM warning time, if specified */
val = ldb_msg_find_attr_as_int(res->msgs[0],
CONFDB_DOMAIN_PWD_EXPIRATION_WARNING,
-1);
if (val > 0) {
/* The value is in days, transform it to seconds */
val *= 24 * 3600;
} else {
ret = confdb_get_int(cdb, CONFDB_PAM_CONF_ENTRY,
CONFDB_PAM_PWD_EXPIRATION_WARNING,
-1, &val);
if (ret != EOK) {
DEBUG(1, ("Failed to read PAM expiration warning, not fatal.\n"));
val = -1;
}
}
domain->pwd_expiration_warning = val;
ret = get_entry_as_uint32(res->msgs[0], &domain->override_gid,
CONFDB_DOMAIN_OVERRIDE_GID, 0);
if (ret != EOK) {
DEBUG(0, ("Invalid value for [%s]\n", CONFDB_DOMAIN_OVERRIDE_GID));
goto done;
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_NSS_OVERRIDE_HOMEDIR, NULL);
if (tmp != NULL) {
domain->override_homedir = talloc_strdup(domain, tmp);
if (!domain->override_homedir) {
ret = ENOMEM;
goto done;
}
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_NSS_FALLBACK_HOMEDIR, NULL);
if (tmp != NULL) {
domain->fallback_homedir = talloc_strdup(domain, tmp);
if (!domain->fallback_homedir) {
ret = ENOMEM;
goto done;
}
}
tmp = ldb_msg_find_attr_as_string(res->msgs[0],
CONFDB_DOMAIN_SUBDOMAIN_HOMEDIR, NULL);
if (tmp != NULL) {
domain->subdomain_homedir = talloc_strdup(domain, tmp);
if (!domain->subdomain_homedir) {
ret = ENOMEM;
goto done;
}
}
ret = get_entry_as_bool(res->msgs[0], &domain->case_sensitive,
CONFDB_DOMAIN_CASE_SENSITIVE, true);
if(ret != EOK) {
DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CASE_SENSITIVE));
goto done;
}
if (domain->case_sensitive == false &&
strcasecmp(domain->provider, "local") == 0) {
DEBUG(SSSDBG_FATAL_FAILURE,
("Local ID provider does not support the case insensitive flag\n"));
ret = EINVAL;
goto done;
}
*_domain = domain;
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
int confdb_get_domains(struct confdb_ctx *cdb,
struct sss_domain_info **domains)
{
TALLOC_CTX *tmp_ctx;
struct sss_domain_info *domain, *prevdom = NULL;
char **domlist;
int ret, i;
if (cdb->doms) {
*domains = cdb->doms;
return EOK;
}
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) return ENOMEM;
ret = confdb_get_string_as_list(cdb, tmp_ctx,
CONFDB_MONITOR_CONF_ENTRY,
CONFDB_MONITOR_ACTIVE_DOMAINS,
&domlist);
if (ret == ENOENT) {
DEBUG(0, ("No domains configured, fatal error!\n"));
goto done;
}
if (ret != EOK ) {
DEBUG(0, ("Fatal error retrieving domains list!\n"));
goto done;
}
for (i = 0; domlist[i]; i++) {
ret = confdb_get_domain_internal(cdb, cdb, domlist[i], &domain);
if (ret) {
DEBUG(0, ("Error (%d [%s]) retrieving domain [%s], skipping!\n",
ret, strerror(ret), domlist[i]));
continue;
}
if (cdb->doms == NULL) {
cdb->doms = domain;
prevdom = cdb->doms;
} else {
prevdom->next = domain;
prevdom = domain;
}
}
if (cdb->doms == NULL) {
DEBUG(0, ("No properly configured domains, fatal error!\n"));
ret = ENOENT;
goto done;
}
*domains = cdb->doms;
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
int confdb_get_domain(struct confdb_ctx *cdb,
const char *name,
struct sss_domain_info **_domain)
{
struct sss_domain_info *dom, *doms;
int ret;
ret = confdb_get_domains(cdb, &doms);
if (ret != EOK) {
return ret;
}
for (dom = doms; dom; dom = dom->next) {
if (strcasecmp(dom->name, name) == 0) {
*_domain = dom;
return EOK;
}
}
return ENOENT;
}