providers/proxy/proxy.h

10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher/*
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    SSSD
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    Proxy provider, private header file
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    Authors:
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher        Sumit Bose <sbose@redhat.com>
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    Copyright (C) 2010 Red Hat
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    This program is free software; you can redistribute it and/or modify
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    it under the terms of the GNU General Public License as published by
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    the Free Software Foundation; either version 3 of the License, or
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    (at your option) any later version.
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    This program is distributed in the hope that it will be useful,
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    but WITHOUT ANY WARRANTY; without even the implied warranty of
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    GNU General Public License for more details.
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    You should have received a copy of the GNU General Public License
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher    along with this program.  If not, see <http://www.gnu.org/licenses/>.
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher*/
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#ifndef __PROXY_H__
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#define __PROXY_H__
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <nss.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <errno.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <pwd.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <grp.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <dlfcn.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <sys/types.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <sys/wait.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <security/pam_appl.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <security/pam_modules.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include "util/util.h"
cc2d77d5218c188119fa954c856e858cbde76947Pavel Březina#include "providers/backend.h"
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include "db/sysdb.h"
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose#include "sss_client/nss_compat.h"
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#include <dhash.h>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
e07d700ed9daf0cf96607fa2d72978cb2431b794Pavel Březina#define PROXY_CHILD_PATH "/org/freedesktop/sssd/proxychild"
e07d700ed9daf0cf96607fa2d72978cb2431b794Pavel Březina
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstruct proxy_nss_ops {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*getpwnam_r)(const char *name, struct passwd *result,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                  char *buffer, size_t buflen, int *errnop);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*getpwuid_r)(uid_t uid, struct passwd *result,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                  char *buffer, size_t buflen, int *errnop);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*setpwent)(void);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*getpwent_r)(struct passwd *result,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                  char *buffer, size_t buflen, int *errnop);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*endpwent)(void);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*getgrnam_r)(const char *name, struct group *result,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                  char *buffer, size_t buflen, int *errnop);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*getgrgid_r)(gid_t gid, struct group *result,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                  char *buffer, size_t buflen, int *errnop);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*setgrent)(void);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*getgrent_r)(struct group *result,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                  char *buffer, size_t buflen, int *errnop);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*endgrent)(void);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    enum nss_status (*initgroups_dyn)(const char *user, gid_t group,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                      long int *start, long int *size,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                      gid_t **groups, long int limit,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher                                      int *errnop);
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose    enum nss_status (*setnetgrent)(const char *netgroup,
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose                                   struct __netgrent *result);
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose    enum nss_status (*getnetgrent_r)(struct __netgrent *result, char *buffer,
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose                                     size_t buflen, int *errnop);
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose    enum nss_status (*endnetgrent)(struct __netgrent *result);
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher    /* Services */
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher    enum nss_status (*getservbyname_r)(const char *name,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                                        const char *protocol,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                                        struct servent *result,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                                        char *buffer, size_t buflen,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                                        int *errnop);
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher    enum nss_status (*getservbyport_r)(int port, const char *protocol,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                                        struct servent *result,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                                        char *buffer, size_t buflen,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                                        int *errnop);
627d83dff183219826489949cb55ef71945e94abStephen Gallagher    enum nss_status (*setservent)(void);
627d83dff183219826489949cb55ef71945e94abStephen Gallagher    enum nss_status (*getservent_r)(struct servent *result,
627d83dff183219826489949cb55ef71945e94abStephen Gallagher                                    char *buffer, size_t buflen,
627d83dff183219826489949cb55ef71945e94abStephen Gallagher                                    int *errnop);
627d83dff183219826489949cb55ef71945e94abStephen Gallagher    enum nss_status (*endservent)(void);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher};
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstruct authtok_conv {
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    struct sss_auth_token *authtok;
9acfb09f7969a69f58bd45c856b01700541853caLukas Slebodnik    struct sss_auth_token *newauthtok;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    bool sent_old;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher};
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstruct proxy_id_ctx {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct be_ctx *be;
51773686d354b82081830444c048706d83d43d65Jakub Hrozek    bool fast_alias;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct proxy_nss_ops ops;
e4c0aa467500c2919c76776d3667f4b08f1ad09dSumit Bose    void *handle;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher};
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstruct proxy_auth_ctx {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct be_ctx *be;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    char *pam_target;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    uint32_t max_children;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    uint32_t running;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    uint32_t next_id;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    hash_table_t *request_table;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct sbus_connection *sbus_srv;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    int timeout_ms;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher};
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstruct proxy_child_ctx {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct proxy_auth_ctx *auth_ctx;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct be_req *be_req;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct pam_data *pd;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    uint32_t id;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    pid_t pid;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    bool running;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct sbus_connection *conn;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct tevent_timer *timer;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct tevent_req *init_req;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher};
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstruct pc_init_ctx {
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    char *command;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    pid_t pid;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct tevent_timer *timeout;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct tevent_signal *sige;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct proxy_child_ctx *child_ctx;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher    struct sbus_connection *conn;
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher};
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina//int proxy_client_init(struct sbus_connection *conn, void *data);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#define PROXY_CHILD_PIPE "private/proxy_child"
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#define DEFAULT_BUFSIZE 4096
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher#define MAX_BUF_SIZE 1024*1024 /* max 1MiB */
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* From proxy_id.c */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaproxy_account_info_handler_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct proxy_id_ctx *id_ctx,
3d29430867cf92b2d71afa95abb679711231117cPavel Březina                               struct dp_id_data *data,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                               struct dp_req_params *params);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t proxy_account_info_handler_recv(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                       struct tevent_req *req,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                                       struct dp_reply_std *data);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* From proxy_auth.c */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastruct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaproxy_pam_handler_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                      struct proxy_auth_ctx *proxy_auth_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                      struct pam_data *pd,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                      struct dp_req_params *params);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaproxy_pam_handler_recv(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                      struct tevent_req *req,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina                      struct pam_data **_data);
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher
04feeade1f6259368a6b23c6b3ecbad261161659Sumit Bose/* From proxy_netgroup.c */
04feeade1f6259368a6b23c6b3ecbad261161659Sumit Boseerrno_t get_netgroup(struct proxy_id_ctx *ctx,
4e9631a9f1ae87317eef53145622099c46196b56Jakub Hrozek                     struct sss_domain_info *dom,
04feeade1f6259368a6b23c6b3ecbad261161659Sumit Bose                     const char *name);
04feeade1f6259368a6b23c6b3ecbad261161659Sumit Bose
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallaghererrno_t get_serv_byname(struct proxy_id_ctx *ctx,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                        struct sss_domain_info *dom,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                        const char *name,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                        const char *protocol);
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallaghererrno_t
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagherget_serv_byport(struct proxy_id_ctx *ctx,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                struct sss_domain_info *dom,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                const char *be_filter,
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher                const char *protocol);
aec5785126354bd8b192f63fe04ea08dae9c0705Stephen Gallagher
627d83dff183219826489949cb55ef71945e94abStephen Gallaghererrno_t enum_services(struct proxy_id_ctx *ctx,
627d83dff183219826489949cb55ef71945e94abStephen Gallagher                      struct sysdb_ctx *sysdb,
627d83dff183219826489949cb55ef71945e94abStephen Gallagher                      struct sss_domain_info *dom);
627d83dff183219826489949cb55ef71945e94abStephen Gallagher
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaint proxy_client_init(struct sbus_connection *conn, void *data);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina
10afbe39cb81a1810dba486c4b8e46578bb300bbStephen Gallagher#endif /* __PROXY_H__ */