responder/nss/nsssrv.c

	nsssrv.c revision 5d19966eda424bd71964c6913b84d705dce3b350
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley/*
499b34cea04a46823d003d4c0520c8b03e8513cbBrian Wellington   SSSD
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley   NSS Responder
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley   Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence
15a44745412679c30a6d022733925af70a38b715David Lawrence   This program is free software; you can redistribute it and/or modify
15a44745412679c30a6d022733925af70a38b715David Lawrence   it under the terms of the GNU General Public License as published by
15a44745412679c30a6d022733925af70a38b715David Lawrence   the Free Software Foundation; either version 3 of the License, or
15a44745412679c30a6d022733925af70a38b715David Lawrence   (at your option) any later version.
15a44745412679c30a6d022733925af70a38b715David Lawrence
15a44745412679c30a6d022733925af70a38b715David Lawrence   This program is distributed in the hope that it will be useful,
15a44745412679c30a6d022733925af70a38b715David Lawrence   but WITHOUT ANY WARRANTY; without even the implied warranty of
15a44745412679c30a6d022733925af70a38b715David Lawrence   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley   GNU General Public License for more details.
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
2f734e0a7e518c89c2b2b179714b8885b7626b3aAndreas Gustafsson   You should have received a copy of the GNU General Public License
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence   along with this program.  If not, see <http://www.gnu.org/licenses/>.
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley*/
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include <stdio.h>
1666a83cab9109e39f565161af3d8a30c7bbbea7Mark Andrews#include <unistd.h>
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley#include <fcntl.h>
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include <sys/types.h>
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley#include <sys/stat.h>
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include <sys/socket.h>
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley#include <sys/un.h>
de8661e517ed679cfaa12e47eb9a8e23829ed320David Lawrence#include <string.h>
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley#include <sys/time.h>
de8661e517ed679cfaa12e47eb9a8e23829ed320David Lawrence#include <errno.h>
de8661e517ed679cfaa12e47eb9a8e23829ed320David Lawrence#include <popt.h>
de8661e517ed679cfaa12e47eb9a8e23829ed320David Lawrence#include <dbus/dbus.h>
de8661e517ed679cfaa12e47eb9a8e23829ed320David Lawrence
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include "util/util.h"
76477bd0e0a8f150f06f45c347d286b782cfa679Brian Wellington#include "responder/nss/nsssrv.h"
108490a7f8529aff50a0ac7897580b59a73d9845David Lawrence#include "responder/nss/nsssrv_private.h"
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer#include "responder/nss/nsssrv_mmap_cache.h"
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews#include "responder/nss/nsssrv_netgroup.h"
108490a7f8529aff50a0ac7897580b59a73d9845David Lawrence#include "responder/common/negcache.h"
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include "db/sysdb.h"
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include "confdb/confdb.h"
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include "sbus/sssd_dbus.h"
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley#include "responder/common/responder_packet.h"
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley#include "responder/common/responder.h"
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#include "responder/common/responder_sbus.h"
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#include "providers/data_provider.h"
1d8cbe855fc355b80802dcf29f4ac24bebdd1193Brian Wellington#include "monitor/monitor_interfaces.h"
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#include "sbus/sbus_client.h"
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#include "util/util_sss_idmap.h"
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#define DEFAULT_PWFIELD "*"
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#define DEFAULT_NSS_FD_LIMIT 8192
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#define SHELL_REALLOC_INCREMENT 5
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#define SHELL_REALLOC_MAX       50
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellingtonstatic int nss_clear_memcache(struct sbus_request *dbus_req, void *data);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellingtonstatic int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *data);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellingtonstruct mon_cli_iface monitor_nss_methods = {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    { &mon_cli_iface_meta, 0 },
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .ping = monitor_common_pong,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .resInit = monitor_common_res_init,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .shutDown = NULL,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .goOffline = NULL,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .resetOffline = NULL,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .rotateLogs = responder_logrotate,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .clearMemcache = nss_clear_memcache,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .clearEnumCache = nss_clear_netgroup_hash_table,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    .sysbusReconnect = NULL,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington};
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellingtonstatic int nss_clear_memcache(struct sbus_request *dbus_req, void *data)
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington{
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    errno_t ret;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    int memcache_timeout;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    if (ret != 0) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington        ret = errno;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington        if (ret == ENOENT) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington            DEBUG(SSSDBG_TRACE_FUNC,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                  "CLEAR_MC_FLAG not found. Nothing to do.\n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington            goto done;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington        } else {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington            DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unlink file: %s.\n",
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                  strerror(ret));
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley            return ret;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        }
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington    /* CLEAR_MC_FLAG removed successfully. Clearing memory caches. */
c336121fb5a5c1b9cb9b2cd4cea50f0788270505Brian Wellington
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence    ret = confdb_get_int(rctx->cdb,
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley                         CONFDB_NSS_CONF_ENTRY,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                         CONFDB_MEMCACHE_TIMEOUT,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                         300, &memcache_timeout);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    if (ret != EOK) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington        DEBUG(SSSDBG_FATAL_FAILURE,
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley              "Unable to get memory cache entry timeout.\n");
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley        return ret;
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley    }
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley    /* TODO: read cache sizes from configuration */
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley    DEBUG(SSSDBG_TRACE_FUNC, "Clearing memory caches.\n");
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley    ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley                                (time_t) memcache_timeout,
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence                                &nctx->pwd_mc_ctx);
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence    if (ret != EOK) {
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley        DEBUG(SSSDBG_CRIT_FAILURE,
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington              "passwd mmap cache invalidation failed\n");
1a69a1a78cfaa86f3b68bbc965232b7876d4da2aDavid Lawrence        return ret;
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington    }
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington
1d8cbe855fc355b80802dcf29f4ac24bebdd1193Brian Wellington    ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington                                (time_t) memcache_timeout,
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington                                &nctx->grp_mc_ctx);
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington    if (ret != EOK) {
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington        DEBUG(SSSDBG_CRIT_FAILURE,
da76a8046e01e1c1c2e6f75772afb2c4f202cc25Brian Wellington              "group mmap cache invalidation failed\n");
da76a8046e01e1c1c2e6f75772afb2c4f202cc25Brian Wellington        return ret;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    }
d1e4b08844175357a925ddd6dcfa750cccd2b116Brian Wellington
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellingtondone:
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley}
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halleystatic int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *data)
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley{
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley    errno_t ret;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley    struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    ret = nss_orphan_netgroups(nctx);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley    if (ret != EOK) {
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington        DEBUG(SSSDBG_CRIT_FAILURE,
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley              "Could not invalidate netgroups\n");
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley        return ret;
2f734e0a7e518c89c2b2b179714b8885b7626b3aAndreas Gustafsson    }
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley    return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
2f734e0a7e518c89c2b2b179714b8885b7626b3aAndreas Gustafsson}
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halleystatic errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells)
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley{
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    int i = 0;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    char *sh;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    char **shells = NULL;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    TALLOC_CTX *tmp_ctx;
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley    errno_t ret;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    int size;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    tmp_ctx = talloc_new(NULL);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    if (!tmp_ctx) return ENOMEM;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    shells = talloc_array(tmp_ctx, char *, SHELL_REALLOC_INCREMENT);
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    if (!shells) {
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        ret = ENOMEM;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        goto done;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    }
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    size = SHELL_REALLOC_INCREMENT;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    setusershell();
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    while ((sh = getusershell())) {
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        shells[i] = talloc_strdup(shells, sh);
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        if (!shells[i]) {
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley            endusershell();
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley            ret = ENOMEM;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley            goto done;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        }
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        DEBUG(SSSDBG_TRACE_FUNC, "Found shell %s in /etc/shells\n", shells[i]);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley        i++;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington        if (i == size) {
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley            size += SHELL_REALLOC_INCREMENT;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington            if (size > SHELL_REALLOC_MAX) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                DEBUG(SSSDBG_FATAL_FAILURE,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                      "Reached maximum number of shells [%d]. "
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                          "Users may be denied access. "
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                          "Please check /etc/shells for sanity\n",
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                          SHELL_REALLOC_MAX);
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                break;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley            }
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington            shells = talloc_realloc(NULL, shells, char *,
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington                                    size);
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington            if (!shells) {
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington                ret = ENOMEM;
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington                goto done;
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington            }
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington        }
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington    }
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington    endusershell();
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington
d119051ef75d5a88d28c13fb0a7c6d6757a4e9b5Brian Wellington    if (i + 1 < size) {
5e4b7294d88ab58371d8c98e05ea80086dcb67cdBob Halley        shells = talloc_realloc(NULL, shells, char *, i + 1);
5e4b7294d88ab58371d8c98e05ea80086dcb67cdBob Halley        if (!shells) {
5e4b7294d88ab58371d8c98e05ea80086dcb67cdBob Halley            ret = ENOMEM;
108490a7f8529aff50a0ac7897580b59a73d9845David Lawrence            goto done;
108490a7f8529aff50a0ac7897580b59a73d9845David Lawrence        }
108490a7f8529aff50a0ac7897580b59a73d9845David Lawrence    }
5e4b7294d88ab58371d8c98e05ea80086dcb67cdBob Halley    shells[i] = NULL;
108490a7f8529aff50a0ac7897580b59a73d9845David Lawrence
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    *_shells = talloc_move(mem_ctx, &shells);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    ret = EOK;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halleydone:
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    talloc_zfree(tmp_ctx);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    return ret;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley}
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halleystatic int nss_get_config(struct nss_ctx *nctx,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                          struct confdb_ctx *cdb)
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley{
5e4b7294d88ab58371d8c98e05ea80086dcb67cdBob Halley    int ret;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                         CONFDB_NSS_ENUM_CACHE_TIMEOUT, 120,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                         &nctx->enum_cache_timeout);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    if (ret != EOK) goto done;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                         CONFDB_NSS_ENTRY_NEG_TIMEOUT, 15,
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews                         &nctx->neg_timeout);
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews    if (ret != EOK) goto done;
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews    ret = confdb_get_bool(cdb, CONFDB_NSS_CONF_ENTRY,
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews                         CONFDB_NSS_FILTER_USERS_IN_GROUPS, true,
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews                         &nctx->filter_users_in_groups);
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews    if (ret != EOK) goto done;
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews    ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                         CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE, 50,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                         &nctx->cache_refresh_percent);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    if (ret != EOK) goto done;
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington    if (nctx->cache_refresh_percent < 0 ||
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        nctx->cache_refresh_percent > 99) {
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        DEBUG(SSSDBG_FATAL_FAILURE,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews              "Configuration error: entry_cache_nowait_percentage is "
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                 "invalid. Disabling feature.\n");
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley        nctx->cache_refresh_percent = 0;
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    }
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    ret = sss_ncache_prepopulate(nctx->ncache, cdb, nctx->rctx);
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    if (ret != EOK) {
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        goto done;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    }
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington                            CONFDB_NSS_PWFIELD, DEFAULT_PWFIELD,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                            &nctx->pwfield);
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington    if (ret != EOK) goto done;
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                            CONFDB_NSS_OVERRIDE_HOMEDIR, NULL,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                            &nctx->override_homedir);
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    if (ret != EOK) goto done;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley                            CONFDB_NSS_FALLBACK_HOMEDIR, NULL,
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley                            &nctx->fallback_homedir);
663841abe0bb1cc8040e552597ef721c35b799e5Brian Wellington    if (ret != EOK) goto done;
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley                            CONFDB_NSS_OVERRIDE_SHELL, NULL,
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley                            &nctx->override_shell);
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley    if (ret != EOK && ret != ENOENT) goto done;
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley    ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
76477bd0e0a8f150f06f45c347d286b782cfa679Brian Wellington                                    CONFDB_NSS_ALLOWED_SHELL,
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley                                    &nctx->allowed_shells);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley    if (ret != EOK && ret != ENOENT) goto done;
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
663841abe0bb1cc8040e552597ef721c35b799e5Brian Wellington    ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
663841abe0bb1cc8040e552597ef721c35b799e5Brian Wellington                                    CONFDB_NSS_VETOED_SHELL,
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley                                    &nctx->vetoed_shells);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    if (ret != EOK && ret != ENOENT) goto done;
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret != EOK) goto done;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley                            CONFDB_NSS_SHELL_FALLBACK,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                            CONFDB_DEFAULT_SHELL_FALLBACK,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley                            &nctx->shell_fallback);
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    if (ret != EOK) goto done;
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley                            CONFDB_NSS_DEFAULT_SHELL,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley                            NULL,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews                            &nctx->default_shell);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    if (ret != EOK) goto done;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley                            CONFDB_NSS_HOMEDIR_SUBSTRING,
ed0b018ee06295f5fa8c45412486d40f219f2fefMichael Graff                            CONFDB_DEFAULT_HOMEDIR_SUBSTRING,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley                            &nctx->homedir_substr);
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    if (ret != EOK) goto done;
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    ret = 0;
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halleydone:
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    return ret;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley}
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halleystatic int nss_update_memcache(struct sbus_request *dbus_req, void *data)
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews{
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    nss_update_pw_memcache(nctx);
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    nss_update_gr_memcache(nctx);
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    return EOK;
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff}
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graffstatic int nss_memcache_initgr_check(struct sbus_request *dbus_req, void *data)
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff{
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff    struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff    struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    char *user;
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    char *domain;
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    uint32_t *groups;
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff    int gnum;
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff    if (!sbus_request_parse_or_finish(dbus_req,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley                                      DBUS_TYPE_STRING, &user,
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff                                      DBUS_TYPE_STRING, &domain,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley                                      DBUS_TYPE_ARRAY, DBUS_TYPE_UINT32, &groups, &gnum,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                                      DBUS_TYPE_INVALID)) {
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley        return EOK; /* handled */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    }
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley    DEBUG(SSSDBG_TRACE_LIBS,
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley          "Got request for [%s@%s]\n", user, domain);
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    nss_update_initgr_memcache(nctx, user, domain, gnum, groups);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley}
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
e63f7c6f556aef66ff81fb128605f9eadf1ddcd9Mark Andrewsstatic struct data_provider_rev_iface nss_dp_methods = {
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    { &data_provider_rev_iface_meta, 0 },
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    .updateCache = nss_update_memcache,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    .initgrCheck = nss_memcache_initgr_check
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley};
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halleystatic void nss_dp_reconnect_init(struct sbus_connection *conn,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                                  int status, void *pvt)
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley{
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    int ret;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    /* Did we reconnect successfully? */
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    if (status == SBUS_RECONNECT_SUCCESS) {
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n");
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        /* Identify ourselves to the data provider */
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        ret = dp_common_send_id(be_conn->conn,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews                                DATA_PROVIDER_VERSION,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley                                "NSS");
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley        /* all fine */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley        if (ret == EOK) {
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley            handle_requests_after_reconnect(be_conn->rctx);
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence            return;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        }
c336121fb5a5c1b9cb9b2cd4cea50f0788270505Brian Wellington    }
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    /* Failed to reconnect */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n",
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington              be_conn->domain->name);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington    /* FIXME: kill the frontend and let the monitor restart it ? */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley    /* nss_shutdown(rctx); */
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence}
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halleyint nss_process_init(TALLOC_CTX *mem_ctx,
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington                     struct tevent_context *ev,
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington                     struct confdb_ctx *cdb)
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews{
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    struct resp_ctx *rctx;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    struct sss_cmd_table *nss_cmds;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    struct be_conn *iter;
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington    struct nss_ctx *nctx;
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington    int memcache_timeout;
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence    int ret, max_retries;
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence    enum idmap_error_code err;
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence    int hret;
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence    int fd_limit;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
c336121fb5a5c1b9cb9b2cd4cea50f0788270505Brian Wellington    nss_cmds = get_nss_cmds();
c6ab6ca3fd5f0bca400aac931f616722bbb19109Andreas Gustafsson
c6ab6ca3fd5f0bca400aac931f616722bbb19109Andreas Gustafsson    ret = sss_process_init(mem_ctx, ev, cdb,
c336121fb5a5c1b9cb9b2cd4cea50f0788270505Brian Wellington                           nss_cmds,
c336121fb5a5c1b9cb9b2cd4cea50f0788270505Brian Wellington                           SSS_NSS_SOCKET_NAME, NULL,
c6ab6ca3fd5f0bca400aac931f616722bbb19109Andreas Gustafsson                           CONFDB_NSS_CONF_ENTRY,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                           NSS_SBUS_SERVICE_NAME,
c6ab6ca3fd5f0bca400aac931f616722bbb19109Andreas Gustafsson                           NSS_SBUS_SERVICE_VERSION,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                           &monitor_nss_methods,
c6ab6ca3fd5f0bca400aac931f616722bbb19109Andreas Gustafsson                           "NSS", &nss_dp_methods.vtable,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                           &rctx);
55839cbe314c61e40b29b81a7de7e7aaf7163a10Brian Wellington    if (ret != EOK) {
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence        DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
c6ab6ca3fd5f0bca400aac931f616722bbb19109Andreas Gustafsson        return ret;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    }
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    nctx = talloc_zero(rctx, struct nss_ctx);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    if (!nctx) {
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington        DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing nss_ctx\n");
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        ret = ENOMEM;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        goto fail;
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    }
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    ret = sss_ncache_init(rctx, &nctx->ncache);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    if (ret != EOK) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington        DEBUG(SSSDBG_FATAL_FAILURE,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington              "fatal error initializing negative cache\n");
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley        goto fail;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence    nctx->rctx = rctx;
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington    nctx->rctx->pvt_ctx = nctx;
c6ab6ca3fd5f0bca400aac931f616722bbb19109Andreas Gustafsson
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley    ret = nss_get_config(nctx, cdb);
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence    if (ret != EOK) {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington        DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting nss config\n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington        goto fail;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    }
202991557a4b7e8d3df7725d84f0fcae90dbaee6David Lawrence
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    /* Enable automatic reconnection to the Data Provider */
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington    ret = confdb_get_int(nctx->rctx->cdb,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington                         CONFDB_NSS_CONF_ENTRY,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                         CONFDB_SERVICE_RECON_RETRIES,
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley                         3, &max_retries);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret != EOK) {
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer        DEBUG(SSSDBG_FATAL_FAILURE,
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer              "Failed to set up automatic reconnection\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        goto fail;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    for (iter = nctx->rctx->be_conns; iter; iter = iter->next) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        sbus_reconnect_init(iter->conn, max_retries,
c9e698df1b2f3731577eaf9598ed3845eac67e1bBrian Wellington                            nss_dp_reconnect_init, iter);
c9e698df1b2f3731577eaf9598ed3845eac67e1bBrian Wellington    }
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley
c9e698df1b2f3731577eaf9598ed3845eac67e1bBrian Wellington    err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley                         &nctx->idmap_ctx);
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer    if (err != IDMAP_SUCCESS) {
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer        DEBUG(SSSDBG_FATAL_FAILURE, "sss_idmap_init failed.\n");
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer        ret = EFAULT;
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer        goto fail;
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer    }
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer    /* Create the lookup table for netgroup results */
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer    hret = sss_hash_create_ex(nctx, 10, &nctx->netgroups, 0, 0, 0, 0,
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer                              netgroup_hash_delete_cb, NULL);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (hret != HASH_SUCCESS) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        DEBUG(SSSDBG_FATAL_FAILURE,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley              "Unable to initialize netgroup hash table\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        ret = EIO;
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer        goto fail;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer    /* create mmap caches */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    /* Remove the CLEAR_MC_FLAG file if exists. */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret != 0 && errno != ENOENT) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        ret = errno;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        DEBUG(SSSDBG_CRIT_FAILURE,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley              "Failed to unlink file [%s]. This can cause memory cache to "
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley               "be purged when next log rotation is requested. %d: %s\n",
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley               SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG, ret, strerror(ret));
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    ret = confdb_get_int(nctx->rctx->cdb,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley                         CONFDB_NSS_CONF_ENTRY,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley                         CONFDB_MEMCACHE_TIMEOUT,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley                         300, &memcache_timeout);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret != EOK) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        DEBUG(SSSDBG_FATAL_FAILURE,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley              "Failed to get 'memcache_timeout' option from confdb.\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        goto fail;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    /* TODO: read cache sizes from configuration */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews                              SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews                              &nctx->pwd_mc_ctx);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    ret = sss_mmap_cache_init(nctx, "group", SSS_MC_GROUP,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews                              SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley                              &nctx->grp_mc_ctx);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    if (ret) {
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews        DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews    /* Set up file descriptor limits */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    ret = confdb_get_int(nctx->rctx->cdb,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews                         CONFDB_NSS_CONF_ENTRY,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews                         CONFDB_SERVICE_FD_LIMIT,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley                         DEFAULT_NSS_FD_LIMIT,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley                         &fd_limit);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret != EOK) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        DEBUG(SSSDBG_FATAL_FAILURE,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley              "Failed to set up file descriptor limit\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        goto fail;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    responder_set_fd_limit(fd_limit);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret != EOK) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        goto fail;
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    }
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    ret = sss_names_init(nctx, nctx->rctx->cdb, NULL, &nctx->global_names);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley    if (ret != EOK) {
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        DEBUG(SSSDBG_CRIT_FAILURE, "sss_names_init failed.\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley        goto fail;
    }

    DEBUG(SSSDBG_TRACE_FUNC, "NSS Initialization complete\n");

    return EOK;

fail:
    talloc_free(rctx);
    return ret;
}

int main(int argc, const char *argv[])
{
    int opt;
    poptContext pc;
    struct main_context *main_ctx;
    int ret;
    uid_t uid;
    gid_t gid;

    struct poptOption long_options[] = {
        POPT_AUTOHELP
        SSSD_MAIN_OPTS
        SSSD_SERVER_OPTS(uid, gid)
        POPT_TABLEEND
    };

    /* Set debug level to invalid value so we can deside if -d 0 was used. */
    debug_level = SSSDBG_INVALID;

    pc = poptGetContext(argv[0], argc, argv, long_options, 0);
    while((opt = poptGetNextOpt(pc)) != -1) {
        switch(opt) {
        default:
            fprintf(stderr, "\nInvalid option %s: %s\n\n",
                  poptBadOption(pc, 0), poptStrerror(opt));
            poptPrintUsage(pc, stderr, 0);
            return 1;
        }
    }

    poptFreeContext(pc);

    DEBUG_INIT(debug_level);

    /* set up things like debug, signals, daemonization, etc... */
    debug_log_file = "sssd_nss";

    ret = server_setup("sssd[nss]", 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
                       &main_ctx);
    if (ret != EOK) return 2;

    ret = die_if_parent_died();
    if (ret != EOK) {
        /* This is not fatal, don't return */
        DEBUG(SSSDBG_OP_FAILURE,
              "Could not set up to exit when parent process does\n");
    }

    ret = nss_process_init(main_ctx,
                           main_ctx->event_ctx,
                           main_ctx->confdb_ctx);
    if (ret != EOK) return 3;

    /* loop on main */
    server_loop(main_ctx);

    return 0;
}