a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce Secrets Responder
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce Copyright (C) Simo Sorce <ssorce@redhat.com> 2016
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce This program is free software; you can redistribute it and/or modify
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce it under the terms of the GNU General Public License as published by
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce the Free Software Foundation; either version 3 of the License, or
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce (at your option) any later version.
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce This program is distributed in the hope that it will be useful,
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce but WITHOUT ANY WARRANTY; without even the implied warranty of
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce GNU General Public License for more details.
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce You should have received a copy of the GNU General Public License
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce along with this program. If not, see <http://www.gnu.org/licenses/>.
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce "Failed to get file descriptors limit\n");
efc65e78fa4e01e6cecc8690a9899af61213be62Fabiano Fidêncio "Failed to get containers' maximum depth\n");
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbfFabiano Fidêncio "Failed to get maximum number of entries\n");
7171a7584dda534dde5409f3e7f4657e845ece15Fabiano Fidêncio "Failed to get payload's maximum size for an entry\n");
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce ret = confdb_get_int(sctx->rctx->cdb, sctx->rctx->confdb_service_path,
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce "Cannot get the client idle timeout [%d]: %s\n",
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* Ensure that the client timeout is at least ten seconds */
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorcestatic int sec_responder_ctx_destructor(void *ptr)
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce struct resp_ctx *rctx = talloc_get_type(ptr, struct resp_ctx);
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* mark that we are shutting down the responder, so it is propagated
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce * into underlying contexts that are freed right before rctx */
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce DEBUG(SSSDBG_TRACE_FUNC, "Responder is being shut down\n");
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing resp_ctx\n");
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce rctx->confdb_service_path = CONFDB_SEC_CONF_ENTRY;
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce talloc_set_destructor((TALLOC_CTX*)rctx, sec_responder_ctx_destructor);
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing sec_ctx\n");
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce DEBUG(SSSDBG_FATAL_FAILURE, "fatal error getting secrets config\n");
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce ret = resolv_init(sctx, ev, SEC_NET_TIMEOUT, &sctx->resctx);
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce /* not fatal for now */
8f2a34cc6964a1f80a1434e05315a7ae0bb5774eSimo Sorce DEBUG(SSSDBG_CRIT_FAILURE, "Failed to initialize resolver library\n");
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* Set up file descriptor limits */
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce ret = activate_unix_sockets(rctx, sec_connection_setup);
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce DEBUG(SSSDBG_TRACE_FUNC, "Secrets Initialization complete\n");
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* Set debug level to invalid value so we can deside if -d 0 was used. */
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce pc = poptGetContext(argv[0], argc, argv, long_options, 0);
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* set up things like debug, signals, daemonization, etc... */
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce ret = server_setup("sssd[secrets]", 0, uid, gid, CONFDB_SEC_CONF_ENTRY,
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* This is not fatal, don't return */
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce "Could not set up to exit when parent process does\n");
a8d1a344e580f29699aed9b88d87fc3c6f5d113bSimo Sorce /* loop on main */