nsssrv.c revision fd25e68446ae86135489edb0823607b394f4ec40
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
2eeec5240b424984e3ee26296da1eeab6c6d739eChristian Maeder This program is free software; you can redistribute it and/or modify
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer it under the terms of the GNU General Public License as published by
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer the Free Software Foundation; either version 3 of the License, or
7520452bb30b5abbd471f82352fc4c1c937e02c5Till Mossakowski (at your option) any later version.
7520452bb30b5abbd471f82352fc4c1c937e02c5Till Mossakowski This program is distributed in the hope that it will be useful,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer but WITHOUT ANY WARRANTY; without even the implied warranty of
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer GNU General Public License for more details.
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer You should have received a copy of the GNU General Public License
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer along with this program. If not, see <http://www.gnu.org/licenses/>.
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyer#include "responder/nss/nsssrv_mmap_cache.h"
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer#include "responder/common/responder_packet.h"
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer#include "responder/common/responder_sbus.h"
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyerstatic int nss_clear_memcache(struct sbus_request *dbus_req, void *data);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyerstatic int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *data);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyerstruct mon_cli_iface monitor_nss_methods = {
d1066b8fb69179973dcab47154858d77e72760a7Thiemo Wiedemeyer .clearEnumCache = nss_clear_netgroup_hash_table,
4e9e95ba35a68f3c767bc0b23ebf9e904e442517Christian Maederstatic int nss_clear_memcache(struct sbus_request *dbus_req, void *data)
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
4e9e95ba35a68f3c767bc0b23ebf9e904e442517Christian Maeder ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
f9e0b18852b238ddb649d341194e05d7200d1bbeChristian Maeder "CLEAR_MC_FLAG not found. Nothing to do.\n");
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer DEBUG(SSSDBG_CRIT_FAILURE, "Failed to unlink file: %s.\n",
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* CLEAR_MC_FLAG removed successfully. Clearing memory caches. */
1ac36418f204bbe56f4cd951a979180721758999Christian Maeder "Unable to get memory cache entry timeout.\n");
16e45483b5ce48f0b92d01c817242a8c9b8bae02Christian Maeder /* TODO: read cache sizes from configuration */
40b73e7d13a858afeac95321fcdb9ac216bfbf01Thiemo Wiedemeyer DEBUG(SSSDBG_TRACE_FUNC, "Clearing memory caches.\n");
ddc662fdf0207eae2034d7b68ae5e2225c575207Thiemo Wiedemeyer ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer "passwd mmap cache invalidation failed\n");
331603b37dec12e37e2e1df9634ef0f2c5c73ddfThiemo Wiedemeyer ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
331603b37dec12e37e2e1df9634ef0f2c5c73ddfThiemo Wiedemeyer "group mmap cache invalidation failed\n");
5044e8de9e6fde7a139a5e34324c92a4d08a6e73Thiemo Wiedemeyer ret = sss_mmap_cache_reinit(nctx, SSS_MC_CACHE_ELEMENTS,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer "initgroups mmap cache invalidation failed\n");
1ac36418f204bbe56f4cd951a979180721758999Christian Maeder return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyerstatic int nss_clear_netgroup_hash_table(struct sbus_request *dbus_req, void *data)
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
1be357403a65d1954fd6b5f38e5cf8a630d8112fThiemo Wiedemeyer struct nss_ctx *nctx = (struct nss_ctx*) rctx->pvt_ctx;
a4e6fb26100f53e3b1e9f5b97c2e0a0c129294e5Christian Maeder "Could not invalidate netgroups\n");
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID);
1ac36418f204bbe56f4cd951a979180721758999Christian Maederstatic errno_t nss_get_etc_shells(TALLOC_CTX *mem_ctx, char ***_shells)
109b67ffce2bad83667e2f4a319d2d7f380f91afThiemo Wiedemeyer shells = talloc_array(tmp_ctx, char *, SHELL_REALLOC_INCREMENT);
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu DEBUG(SSSDBG_TRACE_FUNC, "Found shell %s in /etc/shells\n", shells[i]);
1be357403a65d1954fd6b5f38e5cf8a630d8112fThiemo Wiedemeyer "Reached maximum number of shells [%d]. "
1be357403a65d1954fd6b5f38e5cf8a630d8112fThiemo Wiedemeyer "Users may be denied access. "
1be357403a65d1954fd6b5f38e5cf8a630d8112fThiemo Wiedemeyer "Please check /etc/shells for sanity\n",
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer shells = talloc_realloc(NULL, shells, char *,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu shells = talloc_realloc(NULL, shells, char *, i + 1);
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyerstatic int nss_get_config(struct nss_ctx *nctx,
1ac36418f204bbe56f4cd951a979180721758999Christian Maeder ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer ret = confdb_get_bool(cdb, CONFDB_NSS_CONF_ENTRY,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu ret = confdb_get_int(cdb, CONFDB_NSS_CONF_ENTRY,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu CONFDB_NSS_ENTRY_CACHE_NOWAIT_PERCENTAGE, 50,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu "Configuration error: entry_cache_nowait_percentage is "
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu "invalid. Disabling feature.\n");
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer ret = sss_ncache_prepopulate(nctx->rctx->ncache, cdb, nctx->rctx);
ddc662fdf0207eae2034d7b68ae5e2225c575207Thiemo Wiedemeyer ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
aa07f9c4585a94514dcff2979d853d6e04c12fb9Thiemo Wiedemeyer if (ret != EOK && ret != ENOENT) goto done;
aa07f9c4585a94514dcff2979d853d6e04c12fb9Thiemo Wiedemeyer ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyer if (ret != EOK && ret != ENOENT) goto done;
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = confdb_get_string_as_list(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
aa07f9c4585a94514dcff2979d853d6e04c12fb9Thiemo Wiedemeyer if (ret != EOK && ret != ENOENT) goto done;
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = nss_get_etc_shells(nctx, &nctx->etc_shells);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
545d0cd78159cade346b579d06052638b19b0f72Thiemo Wiedemeyer ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu ret = confdb_get_string(cdb, nctx, CONFDB_NSS_CONF_ENTRY,
5b00a9d748d5bea461601ed7ed5198dfd30cf2d2Thiemo Wiedemeyer ret = confdb_get_string(cdb, nctx, CONFDB_IFP_CONF_ENTRY,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer nctx->extra_attributes = parse_attr_list_ex(nctx, tmp_str, NULL);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyerint nss_memorycache_update_initgroups(struct sbus_request *sbus_req,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer struct resp_ctx *rctx = talloc_get_type(data, struct resp_ctx);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer struct nss_ctx *nctx = talloc_get_type(rctx->pvt_ctx, struct nss_ctx);
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(SSSDBG_TRACE_LIBS, "Updating inigroups memory cache of [%s@%s]\n",
84ba39232a012abf2085c8a421ebce6abc52d56eThiemo Wiedemeyer nss_update_initgr_memcache(nctx, user, domain, num_groups, groups);
1ac36418f204bbe56f4cd951a979180721758999Christian Maeder return iface_nss_memorycache_UpdateInitgroups_finish(sbus_req);
84ba39232a012abf2085c8a421ebce6abc52d56eThiemo Wiedemeyerstatic void nss_dp_reconnect_init(struct sbus_connection *conn,
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn);
1ac36418f204bbe56f4cd951a979180721758999Christian Maeder /* Did we reconnect successfully? */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(SSSDBG_CRIT_FAILURE, "Reconnected to the Data Provider.\n");
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer /* Identify ourselves to the data provider */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer ret = rdp_register_client(be_conn, "NSS");
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer /* all fine */
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer handle_requests_after_reconnect(be_conn->rctx);
1ac36418f204bbe56f4cd951a979180721758999Christian Maeder /* Failed to reconnect */
84ba39232a012abf2085c8a421ebce6abc52d56eThiemo Wiedemeyer DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n",
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer /* FIXME: kill the frontend and let the monitor restart it ? */
545d0cd78159cade346b579d06052638b19b0f72Thiemo Wiedemeyer /* nss_shutdown(rctx); */
8836fa284a241af325aa6f41234b5130b26ec4f9Thiemo Wiedemeyer DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n");
37e30366abd83c00a5d5447b45694627fd783de8Cui Jian DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing nss_ctx\n");
66fd8f017efdb8a6c862c3f1856dfaef90865dd5Thiemo Wiedemeyer DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting nss config\n");
40c18e3f63c23085e5bb36ea35efe141a87df8e4Klaus Luettich /* Enable automatic reconnection to the Data Provider */
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu "Failed to set up automatic reconnection\n");
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu for (iter = nctx->rctx->be_conns; iter; iter = iter->next) {
a4e6fb26100f53e3b1e9f5b97c2e0a0c129294e5Christian Maeder sbus_reconnect_init(iter->conn, max_retries,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer err = sss_idmap_init(sss_idmap_talloc, nctx, sss_idmap_talloc_free,
109b67ffce2bad83667e2f4a319d2d7f380f91afThiemo Wiedemeyer DEBUG(SSSDBG_FATAL_FAILURE, "sss_idmap_init failed.\n");
a4e6fb26100f53e3b1e9f5b97c2e0a0c129294e5Christian Maeder /* Create the lookup table for netgroup results */
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu hret = sss_hash_create_ex(nctx, 10, &nctx->netgroups, 0, 0, 0, 0,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer "Unable to initialize netgroup hash table\n");
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* create mmap caches */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* Remove the CLEAR_MC_FLAG file if exists. */
d1066b8fb69179973dcab47154858d77e72760a7Thiemo Wiedemeyer ret = unlink(SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG);
d1066b8fb69179973dcab47154858d77e72760a7Thiemo Wiedemeyer "Failed to unlink file [%s]. This can cause memory cache to "
d1066b8fb69179973dcab47154858d77e72760a7Thiemo Wiedemeyer "be purged when next log rotation is requested. %d: %s\n",
5107ba7da675778f2fded68493512b60eff8a455Christian Maeder SSS_NSS_MCACHE_DIR"/"CLEAR_MC_FLAG, ret, strerror(ret));
0dba5bbaaef2f620f3b83a16ab6b229c3dd50c98Christian Maeder "Failed to get 'memcache_timeout' option from confdb.\n");
5044e8de9e6fde7a139a5e34324c92a4d08a6e73Thiemo Wiedemeyer /* TODO: read cache sizes from configuration */
5044e8de9e6fde7a139a5e34324c92a4d08a6e73Thiemo Wiedemeyer ret = sss_mmap_cache_init(nctx, "passwd", SSS_MC_PASSWD,
5044e8de9e6fde7a139a5e34324c92a4d08a6e73Thiemo Wiedemeyer SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer DEBUG(SSSDBG_CRIT_FAILURE, "passwd mmap cache is DISABLED\n");
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer ret = sss_mmap_cache_init(nctx, "group", SSS_MC_GROUP,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
8f5219469b89a15dc6d4c2c30463775975f5841cRazvan Pascanu DEBUG(SSSDBG_CRIT_FAILURE, "group mmap cache is DISABLED\n");
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu ret = sss_mmap_cache_init(nctx, "initgroups", SSS_MC_INITGROUPS,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu SSS_MC_CACHE_ELEMENTS, (time_t)memcache_timeout,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu DEBUG(SSSDBG_CRIT_FAILURE, "inigroups mmap cache is DISABLED\n");
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer /* Set up file descriptor limits */
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer "Failed to set up file descriptor limit\n");
966a6c024c828387023fccb0cd0049f78687e5dcThiemo Wiedemeyer ret = schedule_get_domains_task(rctx, rctx->ev, rctx, nctx->rctx->ncache);
c40b7badd217089d8a256dabdf8f7d4e219ca215Thiemo Wiedemeyer DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n");
b6a59f004903ac7bc96323ee3ef09c01fd221157Christian Maeder ret = sss_ad_default_names_ctx(nctx, &nctx->global_names);
a4e6fb26100f53e3b1e9f5b97c2e0a0c129294e5Christian Maeder DEBUG(SSSDBG_CRIT_FAILURE, "sss_ad_default_names_ctx failed.\n");
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu DEBUG(SSSDBG_TRACE_FUNC, "NSS Initialization complete\n");
38122cbf09ad3dcc31a826cc4093f630515a5cfcChristian Maeder /* Set debug level to invalid value so we can deside if -d 0 was used. */
53e76316f409f6b1b57ed3d2e5cb9cfe1cb511e5Thiemo Wiedemeyer pc = poptGetContext(argv[0], argc, argv, long_options, 0);
36f69d35e01d2d6b6bdc165b49661f2a80af8687Mihai Codescu fprintf(stderr, "\nInvalid option %s: %s\n\n",
66b035879accdc5f8337726173f800286a87fd78Christian Maeder /* set up things like debug, signals, daemonization, etc... */
1ac36418f204bbe56f4cd951a979180721758999Christian Maeder ret = server_setup("sssd[nss]", 0, uid, gid, CONFDB_NSS_CONF_ENTRY,
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu /* This is not fatal, don't return */
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu "Could not set up to exit when parent process does\n");
71654489020a03cf6ce9f2947f3da26a996f9c32Razvan Pascanu /* loop on main */