nsssrv.c revision 5d19966eda424bd71964c6913b84d705dce3b350
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley NSS Responder
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
15a44745412679c30a6d022733925af70a38b715David Lawrence This program is free software; you can redistribute it and/or modify
15a44745412679c30a6d022733925af70a38b715David Lawrence it under the terms of the GNU General Public License as published by
15a44745412679c30a6d022733925af70a38b715David Lawrence the Free Software Foundation; either version 3 of the License, or
15a44745412679c30a6d022733925af70a38b715David Lawrence (at your option) any later version.
15a44745412679c30a6d022733925af70a38b715David Lawrence This program is distributed in the hope that it will be useful,
15a44745412679c30a6d022733925af70a38b715David Lawrence but WITHOUT ANY WARRANTY; without even the implied warranty of
15a44745412679c30a6d022733925af70a38b715David Lawrence MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley GNU General Public License for more details.
2f734e0a7e518c89c2b2b179714b8885b7626b3aAndreas Gustafsson You should have received a copy of the GNU General Public License
9c3531d72aeaad6c5f01efe6a1c82023e1379e4dDavid Lawrence along with this program. If not, see <http://www.gnu.org/licenses/>.
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington#include "responder/common/responder_sbus.h"
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellingtonstatic int nss_clear_memcache(struct sbus_request *dbus_req, void *data);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellingtonstatic int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *data);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellingtonstruct mon_cli_iface monitor_nss_methods = {
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington .clearEnumCache = nss_clear_netgroup_hash_table,
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellingtonstatic int nss_clear_memcache(struct sbus_request *dbus_req, void *data)
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington "CLEAR_MC_FLAG not found. Nothing to do.\n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unlink file: %s.\n",
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington /* CLEAR_MC_FLAG removed successfully. Clearing memory caches. */
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley "Unable to get memory cache entry timeout.\n");
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley /* TODO: read cache sizes from configuration */
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley DEBUG(SSSDBG_TRACE_FUNC, "Clearing memory caches.\n");
077daa21229ffaedda79588fa70fbaeae19ae998Bob Halley ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
f8727bd90366af835f551da1b5e1fdfcd2d3d01fBrian Wellington "passwd mmap cache invalidation failed\n");
1d8cbe855fc355b80802dcf29f4ac24bebdd1193Brian Wellington ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
da76a8046e01e1c1c2e6f75772afb2c4f202cc25Brian Wellington "group mmap cache invalidation failed\n");
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halleystatic int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *data)
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley "Could not invalidate netgroups\n");
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halleystatic errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells)
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley shells = talloc_array(tmp_ctx, char *, SHELL_REALLOC_INCREMENT);
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley DEBUG(SSSDBG_TRACE_FUNC, "Found shell %s in /etc/shells\n", shells[i]);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington "Reached maximum number of shells [%d]. "
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington "Users may be denied access. "
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley "Please check /etc/shells for sanity\n",
71954c957132c35ddf5f9e4dcc98c057b265b6d8Brian Wellington shells = talloc_realloc(NULL, shells, char *,
5e4b7294d88ab58371d8c98e05ea80086dcb67cdBob Halley shells = talloc_realloc(NULL, shells, char *, i + 1);
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews ret = confdb_get_bool(cdb, CONFDB_NSS_CONF_ENTRY,
8fd925169f3d690f6c50c17d711adc9695407528Mark Andrews ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews "Configuration error: entry_cache_nowait_percentage is "
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley "invalid. Disabling feature.\n");
134ba0e08a0ae9a564a8d8628fc633377d3fc239Bob Halley ret = sss_ncache_prepopulate(nctx->ncache, cdb, nctx->rctx);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
77771185071bf74d53378f1a3099a04d2af5153eBrian Wellington ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
1fc4929aa610263a2362afed516d7dc8e689397dBob Halley ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
663841abe0bb1cc8040e552597ef721c35b799e5Brian Wellington ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
9b2267b5ba9d0640512a41e139a4a36caa43730dBob Halley ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halleystatic int nss_update_memcache(struct sbus_request *dbus_req, void *data)
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graffstatic int nss_memcache_initgr_check(struct sbus_request *dbus_req, void *data)
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
15197aefa1659e98ea1c48e2cbae631136a072b7Michael Graff struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
2aa67e804d85f4d88153368ce65ce4df7b5390e6Bob Halley DBUS_TYPE_ARRAY, DBUS_TYPE_UINT32, &groups, &gnum,
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley nss_update_initgr_memcache(nctx, user, domain, gnum, groups);
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
e63f7c6f556aef66ff81fb128605f9eadf1ddcd9Mark Andrewsstatic struct data_provider_rev_iface nss_dp_methods = {
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halleystatic void nss_dp_reconnect_init(struct sbus_connection *conn,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn);
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews /* Did we reconnect successfully? */
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n");
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews /* Identify ourselves to the data provider */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley /* all fine */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley /* Failed to reconnect */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n",
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington /* FIXME: kill the frontend and let the monitor restart it ? */
2dfd6bca9aa6d9279b4278d6fa18ea5f63ba0ec9Bob Halley /* nss_shutdown(rctx); */
40f53fa8d9c6a4fc38c0014495e7a42b08f52481David Lawrence DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
4e5388b45908ce8b8b35825ca6f16c1d236643baBrian Wellington DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing nss_ctx\n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington ret = sss_ncache_init(rctx, &nctx->ncache);
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington "fatal error initializing negative cache\n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting nss config\n");
51e0ad287f1b345f0c3316f0633aab14d0e8bb65Brian Wellington /* Enable automatic reconnection to the Data Provider */
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer "Failed to set up automatic reconnection\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley for (iter = nctx->rctx->be_conns; iter; iter = iter->next) {
c9e698df1b2f3731577eaf9598ed3845eac67e1bBrian Wellington err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer DEBUG(SSSDBG_FATAL_FAILURE, "sss_idmap_init failed.\n");
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer /* Create the lookup table for netgroup results */
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer hret = sss_hash_create_ex(nctx, 10, &nctx->netgroups, 0, 0, 0, 0,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley "Unable to initialize netgroup hash table\n");
a3a11c4f3fc9ba972802b811c4d95a9884d6ff4aMichael Sawyer /* create mmap caches */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley /* Remove the CLEAR_MC_FLAG file if exists. */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley "Failed to unlink file [%s]. This can cause memory cache to "
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley "be purged when next log rotation is requested. %d: %s\n",
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG, ret, strerror(ret));
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley "Failed to get 'memcache_timeout' option from confdb.\n");
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews /* TODO: read cache sizes from configuration */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews ret = sss_mmap_cache_init(nctx, "group", SSS_MC_GROUP,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
4b87939256ede703385e9cab92d3c58d03c31098Mark Andrews /* Set up file descriptor limits */
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley "Failed to set up file descriptor limit\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley ret = schedule_get_domains_task(rctx, rctx->ev, rctx);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley ret = sss_names_init(nctx, nctx->rctx->cdb, NULL, &nctx->global_names);
9ee5efde7df57cbe70fb9b32c9d898e8ef7eca1eBob Halley DEBUG(SSSDBG_CRIT_FAILURE, "sss_names_init failed.\n");
return EOK;
fail:
return ret;
int opt;
int ret;
switch(opt) {
&main_ctx);