responder/common/responder_utils.c

115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose/*
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   SSSD
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   Common Responder utility functions
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   Copyright (C) Sumit Bose <sbose@redhat.com> 2014
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   This program is free software; you can redistribute it and/or modify
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   it under the terms of the GNU General Public License as published by
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   the Free Software Foundation; either version 3 of the License, or
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   (at your option) any later version.
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   This program is distributed in the hope that it will be useful,
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   but WITHOUT ANY WARRANTY; without even the implied warranty of
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   GNU General Public License for more details.
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   You should have received a copy of the GNU General Public License
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose   along with this program.  If not, see <http://www.gnu.org/licenses/>.
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose*/
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose#include <talloc.h>
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek#include "responder/common/responder.h"
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose#include "util/util.h"
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bosestatic inline bool
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Boseattr_in_list(const char **list, size_t nlist, const char *str)
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose{
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    size_t i;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    for (i = 0; i < nlist; i++) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        if (strcasecmp(list[i], str) == 0) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            break;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    return (i < nlist) ? true : false;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose}
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Boseconst char **parse_attr_list_ex(TALLOC_CTX *mem_ctx, const char *conf_str,
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                                const char **defaults)
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose{
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    TALLOC_CTX *tmp_ctx;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    errno_t ret;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    const char **list = NULL;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    const char **res = NULL;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    int list_size;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    char **conf_list = NULL;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    int conf_list_size = 0;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    const char **allow = NULL;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    const char **deny = NULL;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    int ai = 0, di = 0, li = 0;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    int i;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    tmp_ctx = talloc_new(NULL);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    if (tmp_ctx == NULL) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        return NULL;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    if (conf_str) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        ret = split_on_separator(tmp_ctx, conf_str, ',', true, true,
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                                 &conf_list, &conf_list_size);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        if (ret != EOK) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            DEBUG(SSSDBG_OP_FAILURE,
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                  "Cannot parse attribute ACL list  %s: %d\n", conf_str, ret);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            goto done;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        allow = talloc_zero_array(tmp_ctx, const char *, conf_list_size);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        deny = talloc_zero_array(tmp_ctx, const char *, conf_list_size);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        if (allow == NULL || deny == NULL) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            goto done;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    for (i = 0; i < conf_list_size; i++) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        switch (conf_list[i][0]) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            case '+':
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                allow[ai] = conf_list[i] + 1;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                ai++;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                continue;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            case '-':
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                deny[di] = conf_list[i] + 1;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                di++;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                continue;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            default:
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                DEBUG(SSSDBG_CRIT_FAILURE, "ACL values must start with "
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                      "either '+' (allow) or '-' (deny), got '%s'\n",
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                      conf_list[i]);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                goto done;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    /* Assume the output will have to hold defaults and all the configured,
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose     * values, resize later
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose     */
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    list_size = 0;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    if (defaults != NULL) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        while (defaults[list_size]) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            list_size++;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    list_size += conf_list_size;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    list = talloc_zero_array(tmp_ctx, const char *, list_size + 1);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    if (list == NULL) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        goto done;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    /* Start by copying explicitly allowed attributes */
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    for (i = 0; i < ai; i++) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        /* if the attribute is explicitly denied, skip it */
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        if (attr_in_list(deny, di, allow[i])) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            continue;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        list[li] = talloc_strdup(list, allow[i]);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        if (list[li] == NULL) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            goto done;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        li++;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        DEBUG(SSSDBG_TRACE_INTERNAL,
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose              "Added allowed attr %s to whitelist\n", allow[i]);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    /* Add defaults */
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    if (defaults != NULL) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        for (i = 0; defaults[i]; i++) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            /* if the attribute is explicitly denied, skip it */
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            if (attr_in_list(deny, di, defaults[i])) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                continue;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            list[li] = talloc_strdup(list, defaults[i]);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            if (list[li] == NULL) {
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                goto done;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            li++;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose            DEBUG(SSSDBG_TRACE_INTERNAL,
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose                  "Added default attr %s to whitelist\n", defaults[i]);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose        }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    }
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    res = talloc_steal(mem_ctx, list);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bosedone:
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    talloc_free(tmp_ctx);
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose    return res;
115de6d50f0d0bdd5745a5d8eb0d067be9128528Sumit Bose}
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozekchar *sss_resp_create_fqname(TALLOC_CTX *mem_ctx,
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek                             struct resp_ctx *rctx,
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek                             struct sss_domain_info *dom,
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek                             bool name_is_upn,
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek                             const char *orig_name)
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek{
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    TALLOC_CTX *tmp_ctx;
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    char *name;
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    tmp_ctx = talloc_new(NULL);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    if (tmp_ctx == NULL) {
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        return NULL;
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    }
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    name = sss_get_cased_name(tmp_ctx, orig_name, dom->case_sensitive);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    if (name == NULL) {
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        DEBUG(SSSDBG_CRIT_FAILURE, "sss_get_cased_name failed\n");
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        talloc_free(tmp_ctx);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        return NULL;
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    }
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    name = sss_reverse_replace_space(tmp_ctx, name, rctx->override_space);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    if (name == NULL) {
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        DEBUG(SSSDBG_CRIT_FAILURE, "sss_reverse_replace_space failed\n");
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        talloc_free(tmp_ctx);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        return NULL;
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    }
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    if (name_is_upn == false) {
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        name = sss_create_internal_fqname(tmp_ctx, name, dom->name);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        if (name == NULL) {
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek            DEBUG(SSSDBG_CRIT_FAILURE, "sss_create_internal_fqname failed\n");
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek            talloc_free(tmp_ctx);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek            return NULL;
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek        }
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    }
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    name = talloc_steal(mem_ctx, name);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    talloc_free(tmp_ctx);
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek    return name;
78f9a9d4a2725f1b2cb6e582c965b5e6f7bdff7dJakub Hrozek}