2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Stephen Gallagher <sgallagh@redhat.com>
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher Copyright (C) 2010 Red Hat
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher This program is free software; you can redistribute it and/or modify
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher it under the terms of the GNU General Public License as published by
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher the Free Software Foundation; either version 3 of the License, or
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher (at your option) any later version.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher This program is distributed in the hope that it will be useful,
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher but WITHOUT ANY WARRANTY; without even the implied warranty of
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher GNU General Public License for more details.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher You should have received a copy of the GNU General Public License
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* =Getpwnam-wrapper======================================================*/
29d85ae19933805622fdcead4ea43ba2d06cc3f0Lukas Slebodnikstatic int save_user(struct sss_domain_info *domain,
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozekhandle_getpw_result(enum nss_status status, struct passwd *pwd,
7ff5374d0103f8e2e03ef15790838b85918153aeLukas Slebodnikstatic int get_pw_name(struct proxy_id_ctx *ctx,
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", i_name);
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek ret = sss_parse_internal_fqname(tmpctx, i_name, &shortname_or_alias, NULL);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher /* FIXME: should we move this call outside the transaction to keep the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher * transaction as short as possible ? */
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek status = ctx->ops.getpwnam_r(shortname_or_alias, pwd, buffer, buflen, &ret);
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek ret = handle_getpw_result(status, pwd, dom, &del_user);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getpwnam failed [%d]: %s\n", ret, strerror(ret));
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* Canonicalize the username in case it was actually an alias */
b3292840ebaa747a9fd596ff47cc5d18198361d0Michal Zidek ret = sysdb_getpwuid(tmpctx, dom, uid, &cached_pwd);
51773686d354b82081830444c048706d83d43d65Jakub Hrozek /* Non-fatal, attempt to canonicalize online */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Request to cache failed [%d]: %s\n",
51773686d354b82081830444c048706d83d43d65Jakub Hrozek real_name = ldb_msg_find_attr_as_string(cached_pwd->msgs[0],
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Cached user has no name?\n");
51773686d354b82081830444c048706d83d43d65Jakub Hrozek status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret);
51773686d354b82081830444c048706d83d43d65Jakub Hrozek ret = handle_getpw_result(status, pwd, dom, &del_user);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getpwuid failed [%d]: %s\n", ret, strerror(ret));
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek real_name = sss_create_internal_fqname(tmpctx, pwd->pw_name, dom->name);
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* Both lookups went fine, we can save the user now */
2537fe318a3866780abca100cf6eb7c258f9d02bFabiano Fidêncio ret = save_user(dom, pwd, real_name, i_name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "proxy -> getpwnam_r failed for '%s' <%d>: %s\n",
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozekhandle_getpw_result(enum nss_status status, struct passwd *pwd,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "User not found.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "User found: (%s, %"SPRIuid", %"SPRIgid")\n",
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher /* uid=0 or gid=0 are invalid values */
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher /* also check that the id is in the valid range for this domain */
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) ||
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "User filtered out! (id out of range)\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Remote back end is not available. Entering offline mode\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unknown return code %d\n", status);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "User %s does not exist (or is invalid) on remote server,"
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncioprepare_attrs_for_saving_ops(TALLOC_CTX *mem_ctx,
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio const char *real_name, /* already_qualified */
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio lc_name = sss_tc_utf8_str_tolower(*attrs, real_name);
22e074249928605a1d5b926274ae2efb1596bc73Michal Zidek DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio ret = sysdb_attrs_add_string(*attrs, SYSDB_NAME_ALIAS, lc_name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio cased_alias = sss_get_cased_name(*attrs, alias, case_sensitive);
22e074249928605a1d5b926274ae2efb1596bc73Michal Zidek /* Add the alias only if it differs from lowercased pw_name */
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio if (lc_name == NULL || strcmp(cased_alias, lc_name) != 0) {
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio ret = sysdb_attrs_add_string(*attrs, SYSDB_NAME_ALIAS,
22e074249928605a1d5b926274ae2efb1596bc73Michal Zidek DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidênciostatic int save_user(struct sss_domain_info *domain,
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio const char *real_name, /* already qualified */
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio if (pwd->pw_shell && pwd->pw_shell[0] != '\0') {
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio if (pwd->pw_gecos && pwd->pw_gecos[0] != '\0') {
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio ret = prepare_attrs_for_saving_ops(NULL, domain->case_sensitive,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not add user to cache\n");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* =Getpwuid-wrapper======================================================*/
7ff5374d0103f8e2e03ef15790838b85918153aeLukas Slebodnikstatic int get_pw_uid(struct proxy_id_ctx *ctx,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Searching user by uid (%"SPRIuid")\n", uid);
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret);
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek ret = handle_getpw_result(status, pwd, dom, &del_user);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getpwuid failed [%d]: %s\n", ret, strerror(ret));
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek name = sss_create_internal_fqname(tmpctx, pwd->pw_name, dom->name);
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "failed to qualify name '%s'\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "proxy -> getpwuid_r failed for '%"SPRIuid"' <%d>: %s\n",
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* =Getpwent-wrapper======================================================*/
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Enumerating users\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* always zero out the pwd structure */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* get entry */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos status = ctx->ops.getpwent_r(pwd, buffer, buflen, &ret);
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* buffer too small ? */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos newbuf = talloc_realloc_size(tmpctx, buffer, buflen);
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* we are done here */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Enumeration completed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "User found (%s, %"SPRIuid", %"SPRIgid")\n",
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* uid=0 or gid=0 are invalid values */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* also check that the id is in the valid range for this domain
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) ||
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "User [%s] filtered out! (id out"
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek name = sss_create_internal_fqname(tmpctx, pwd->pw_name, dom->name);
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek "failed to create internal name '%s'\n",
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* Do not fail completely on errors.
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos * Just report the failure to save and go on */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to store user %s."
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* "remote" backend unavailable. Enter offline mode */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "proxy -> getpwent_r failed (%d)[%s]"
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
4e9631a9f1ae87317eef53145622099c46196b56Jakub Hrozek/* =Save-group-utilities=================================================*/
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(level, "Group %s has no members!\n", \
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(level, "Group %s has %d members!\n", \
b6a8bdebb40a63d2adc50c574fee88229d1e8f3dStephen Gallagherstatic errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb,
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek const char *const*fq_gr_mem,
4e9631a9f1ae87317eef53145622099c46196b56Jakub Hrozekstatic int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek (const char *const *) fq_gr_mem);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not add group members\n");
8c8cbddeabe585377a5fb3d5df09cc9a236b77ddJan Zeleny /* Create ghost users */
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek ret = proxy_process_missing_users(sysdb, dom, attrs,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not add missing members\n");
69e8b7fcb9e3dc814a9ffc2a97fa656521cc4505Fabiano Fidêncio ret = prepare_attrs_for_saving_ops(tmp_ctx, dom->case_sensitive,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not add group to cache\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Could not commit transaction: [%s]\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");
b6a8bdebb40a63d2adc50c574fee88229d1e8f3dStephen Gallagherstatic errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb,
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek const char *const*fq_gr_mem,
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek for (i = 0; fq_gr_mem[i]; i++) {
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek ret = sysdb_search_user_by_name(tmp_ctx, domain, fq_gr_mem[i],
b6a8bdebb40a63d2adc50c574fee88229d1e8f3dStephen Gallagher /* Member already exists in the cache */
b6a8bdebb40a63d2adc50c574fee88229d1e8f3dStephen Gallagher /* clean up */
8c8cbddeabe585377a5fb3d5df09cc9a236b77ddJan Zeleny /* No entry for this user. Create a ghost user */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Member [%s] not cached, creating ghost user entry\n",
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek ret = sysdb_attrs_add_string(group_attrs, SYSDB_GHOST, fq_gr_mem[i]);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Cannot store ghost user entry: [%d]: %s\n",
b6a8bdebb40a63d2adc50c574fee88229d1e8f3dStephen Gallagher /* Unexpected error */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Error searching cache for user [%s]: [%s]\n",
4e9631a9f1ae87317eef53145622099c46196b56Jakub Hrozek/* =Getgrnam-wrapper======================================================*/
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozekstatic char *
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek newbuf = talloc_realloc_size(mem_ctx, *buffer, *buflen);
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozekhandle_getgr_result(enum nss_status status, struct group *grp,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Buffer too small\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Group not found.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "Group found: (%s, %"SPRIgid")\n",
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* gid=0 is an invalid value */
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* also check that the id is in the valid range for this domain */
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Group filtered out! (id out of range)\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Remote back end is not available. Entering offline mode\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Unknown return code %d\n", status);
7ff5374d0103f8e2e03ef15790838b85918153aeLukas Slebodnikstatic int get_gr_name(struct proxy_id_ctx *ctx,
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek DEBUG(SSSDBG_FUNC_DATA, "Searching group by name (%s)\n", i_name);
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek ret = sss_parse_internal_fqname(tmpctx, i_name, &shortname_or_alias, NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "proxy -> getgrnam_r failed for '%s': [%d] %s\n",
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* always zero out the grp structure */
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek buffer = grow_group_buffer(tmpctx, &buffer, &buflen);
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek status = ctx->ops.getgrnam_r(shortname_or_alias, grp, buffer,
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek ret = handle_getgr_result(status, grp, dom, &delete_group);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getgrnam failed [%d]: %s\n", ret, strerror(ret));
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek "Group %s does not exist (or is invalid) on remote server,"
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* Canonicalize the group name in case it was actually an alias */
b3292840ebaa747a9fd596ff47cc5d18198361d0Michal Zidek ret = sysdb_getgrgid(tmpctx, dom, gid, &cached_grp);
51773686d354b82081830444c048706d83d43d65Jakub Hrozek /* Non-fatal, attempt to canonicalize online */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Request to cache failed [%d]: %s\n",
51773686d354b82081830444c048706d83d43d65Jakub Hrozek real_name = ldb_msg_find_attr_as_string(cached_grp->msgs[0],
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Cached group has no name?\n");
51773686d354b82081830444c048706d83d43d65Jakub Hrozek buffer = grow_group_buffer(tmpctx, &buffer, &buflen);
51773686d354b82081830444c048706d83d43d65Jakub Hrozek status = ctx->ops.getgrgid_r(gid, grp, buffer, buflen, &ret);
51773686d354b82081830444c048706d83d43d65Jakub Hrozek ret = handle_getgr_result(status, grp, dom, &delete_group);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getgrgid failed [%d]: %s\n", ret, strerror(ret));
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek real_name = sss_create_internal_fqname(tmpctx, grp->gr_name, dom->name);
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to create fqdn '%s'\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Group %s does not exist (or is invalid) on remote server,"
221d70ae3c5b7bc7384f57ffd3f88f89a3e6ae6aFabiano Fidêncio ret = save_group(sysdb, dom, grp, real_name, i_name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Cannot save group [%d]: %s\n", ret, strerror(ret));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "proxy -> getgrnam_r failed for '%s' <%d>: %s\n",
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* =Getgrgid-wrapper======================================================*/
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Searching group by gid (%"SPRIgid")\n", gid);
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* always zero out the grp structure */
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek buffer = grow_group_buffer(tmpctx, &buffer, &buflen);
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek status = ctx->ops.getgrgid_r(gid, grp, buffer, buflen, &ret);
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek ret = handle_getgr_result(status, grp, dom, &delete_group);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getgrgid failed [%d]: %s\n", ret, strerror(ret));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Group %"SPRIgid" does not exist (or is invalid) on remote "
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek name = sss_create_internal_fqname(tmpctx, grp->gr_name, dom->name);
221d70ae3c5b7bc7384f57ffd3f88f89a3e6ae6aFabiano Fidêncio ret = save_group(sysdb, dom, grp, name, NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Cannot save user [%d]: %s\n", ret, strerror(ret));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "proxy -> getgrgid_r failed for '%"SPRIgid"' <%d>: %s\n",
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* =Getgrent-wrapper======================================================*/
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstatic int enum_groups(TALLOC_CTX *mem_ctx,
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Enumerating groups\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* always zero out the grp structure */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* get entry */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos status = ctx->ops.getgrent_r(grp, buffer, buflen, &ret);
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* buffer too small ? */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos newbuf = talloc_realloc_size(tmpctx, buffer, buflen);
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* we are done here */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_LIBS, "Enumeration completed.\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Group found (%s, %"SPRIgid")\n",
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* gid=0 is an invalid value */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* also check that the id is in the valid range for this domain
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Group [%s] filtered out! (id"
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek name = sss_create_internal_fqname(tmpctx, grp->gr_name,
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, "Failed to create internal fqname "
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek "Ignoring\n");
221d70ae3c5b7bc7384f57ffd3f88f89a3e6ae6aFabiano Fidêncio ret = save_group(sysdb, dom, grp, name, NULL);
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* Do not fail completely on errors.
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos * Just report the failure to save and go on */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to store group."
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "Ignoring\n");
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* "remote" backend unavailable. Enter offline mode */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "proxy -> getgrent_r failed (%d)[%s]"
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* =Initgroups-wrapper====================================================*/
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstatic int get_initgr_groups_process(TALLOC_CTX *memctx,
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek ret = sss_parse_internal_fqname(tmpctx, i_name, &shortname_or_alias, NULL);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher /* FIXME: should we move this call outside the transaction to keep the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher * transaction as short as possible ? */
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek status = ctx->ops.getpwnam_r(shortname_or_alias, pwd,
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek ret = handle_getpw_result(status, pwd, dom, &del_user);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getpwnam failed [%d]: %s\n", ret, strerror(ret));
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not delete user\n");
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek /* Canonicalize the username in case it was actually an alias */
b3292840ebaa747a9fd596ff47cc5d18198361d0Michal Zidek ret = sysdb_getpwuid(tmpctx, dom, uid, &cached_pwd);
51773686d354b82081830444c048706d83d43d65Jakub Hrozek /* Non-fatal, attempt to canonicalize online */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_TRACE_FUNC, "Request to cache failed [%d]: %s\n",
51773686d354b82081830444c048706d83d43d65Jakub Hrozek real_name = ldb_msg_find_attr_as_string(cached_pwd->msgs[0],
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_MINOR_FAILURE, "Cached user has no name?\n");
51773686d354b82081830444c048706d83d43d65Jakub Hrozek status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret);
51773686d354b82081830444c048706d83d43d65Jakub Hrozek ret = handle_getpw_result(status, pwd, dom, &del_user);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "getpwuid failed [%d]: %s\n", ret, strerror(ret));
526d4d5e5a916cf30a043836cba14eab529cb7b1Jakub Hrozek real_name = sss_create_internal_fqname(tmpctx, pwd->pw_name, dom->name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not delete user\n");
2537fe318a3866780abca100cf6eb7c258f9d02bFabiano Fidêncio ret = save_user(dom, pwd, real_name, i_name);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not save user\n");
28d1ff294f7d612f6d37c82ed426b8bf5c34bfafJakub Hrozek ret = get_initgr_groups_process(tmpctx, ctx, sysdb, dom, pwd);
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Could not process initgroups\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "Failed to commit transaction\n");
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagherstatic int get_initgr_groups_process(TALLOC_CTX *memctx,
66d1f565dfb39325ab7daa264b5795b1f348756eSimo Sorce /* nss modules may skip the primary group when we pass it in so always add
66d1f565dfb39325ab7daa264b5795b1f348756eSimo Sorce * it in advance */
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher /* FIXME: should we move this call outside the transaction to keep the
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher * transaction as short as possible ? */
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos status = ctx->ops.initgroups_dyn(pwd->pw_name, pwd->pw_gid, &num_gids,
499718cb04a534ba76ee9dfb055c2bfc96fdeeb3Ondrej Kos /* buffer too small ? */
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov DEBUG(SSSDBG_FUNC_DATA, "The initgroups call returned 'NOTFOUND'. "
66d1f565dfb39325ab7daa264b5795b1f348756eSimo Sorce "Assume the user is only member of its "
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov "primary group (%"SPRIgid")\n", pwd->pw_gid);
66d1f565dfb39325ab7daa264b5795b1f348756eSimo Sorce /* fall through */
18e24f20a4aef66a4899367a0775a98ab2acd18ePavel Reichl DEBUG(SSSDBG_CONF_SETTINGS, "User [%s] appears to be member of %lu "
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher for (i = 0; i < num_gids; i++) {
684d1b48b5582a1bf7812b8c3c663592dc6dfed9Pavel Březina ret = get_gr_gid(memctx, ctx, sysdb, dom, gids[i], now);
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov DEBUG(SSSDBG_OP_FAILURE, "proxy -> initgroups_dyn failed (%d)[%s]\n",
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher/* =Proxy_Id-Functions====================================================*/
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* For now we support only core attrs. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL, "Invalid attr type");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* Proxy provider does not support security ID lookups. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, ENOSYS,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Security lookups are not supported");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina switch (data->entry_type & BE_REQ_TYPE_MASK) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = enum_users(mem_ctx, ctx, sysdb, domain);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = get_pw_name(ctx, domain, data->filter_value);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina uid = (uid_t) strtouint32(data->filter_value, &endptr, 10);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (errno || *endptr || (data->filter_value == endptr)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid attr type");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid filter type");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = enum_groups(mem_ctx, ctx, sysdb, domain);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = get_gr_name(ctx, sysdb, domain, data->filter_value);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina gid = (gid_t) strtouint32(data->filter_value, &endptr, 10);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina if (errno || *endptr || (data->filter_value == endptr)) {
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid attr type");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = get_gr_gid(mem_ctx, ctx, sysdb, domain, gid, 0);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid filter type");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher case BE_REQ_INITGROUPS: /* init groups for user */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid filter type");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, ENODEV,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Initgroups call not supported");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = get_initgr(mem_ctx, ctx, sysdb, domain, data->filter_value);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid filter type");
d7dc57bcc2468bee756bcd568daee0644e5b888dSumit Bose if (ctx->ops.setnetgrent == NULL || ctx->ops.getnetgrent_r == NULL ||
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, ENODEV,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Netgroups are not supported");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = get_netgroup(ctx, domain, data->filter_value);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, ENODEV,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Services are not supported");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, ENODEV,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Services are not supported");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, ENODEV,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Services are not supported");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid filter type");
2dd3faebcd3cfd00efda38ffd2585d675e696b12Stephen Gallagher default: /*fail*/
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, EINVAL,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina "Invalid filter type");
83bf46f4066e3d5e838a32357c201de9bd6ecdfdNikolai Kondrashov "proxy returned UNAVAIL error, going offline!\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_FATAL, ret, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&reply, DP_ERR_OK, EOK, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaproxy_account_info_handler_send(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct proxy_account_info_handler_state *state;
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state->reply = proxy_account_info(state, id_ctx, data, params->be_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* TODO For backward compatibility we always return EOK to DP now. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinaerrno_t proxy_account_info_handler_recv(TALLOC_CTX *mem_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct proxy_account_info_handler_state *state = NULL;