src/util/domain_info_utils.c

	domain_info_utils.c revision 58dd26b1c5b60ee992dd5d1214bb168aebb42d54
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive/*
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    Authors:
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        Sumit Bose <sbose@redhat.com>
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    Copyright (C) 2012 Red Hat
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    This program is free software; you can redistribute it and/or modify
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    it under the terms of the GNU General Public License as published by
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    the Free Software Foundation; either version 3 of the License, or
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    (at your option) any later version.
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    This program is distributed in the hope that it will be useful,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    but WITHOUT ANY WARRANTY; without even the implied warranty of
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
6cced120094ad0ee645247fbcdbac5dae2f5da98slive    GNU General Public License for more details.
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    You should have received a copy of the GNU General Public License
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    along with this program.  If not, see <http://www.gnu.org/licenses/>.
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive*/
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
51853aa2ebfdf9903a094467e1d02099f143639daaron#include <utime.h>
51853aa2ebfdf9903a094467e1d02099f143639daaron
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive#include "confdb/confdb.h"
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive#include "db/sysdb.h"
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive#include "util/util.h"
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive/* the directory domain - realm mappings are written to */
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive#define KRB5_MAPPING_DIR PUBCONF_PATH"/krb5.include.d"
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslivestruct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive                                        bool descend)
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive{
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    struct sss_domain_info *dom;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    dom = domain;
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    while (dom) {
4a7e911a2df39170655de6ea32debfcf7e376bfaslive        if (descend && dom->subdomains) {
4a7e911a2df39170655de6ea32debfcf7e376bfaslive            dom = dom->subdomains;
4a7e911a2df39170655de6ea32debfcf7e376bfaslive        } else if (dom->next) {
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars            dom = dom->next;
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars        } else if (descend && IS_SUBDOMAIN(dom) && dom->parent->next) {
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars            dom = dom->parent->next;
6cced120094ad0ee645247fbcdbac5dae2f5da98slive        } else {
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars            dom = NULL;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        }
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        if (dom && !dom->disabled) break;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    }
4a7e911a2df39170655de6ea32debfcf7e376bfaslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    return dom;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive}
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslivestruct sss_domain_info *find_subdomain_by_name(struct sss_domain_info *domain,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive                                               const char *name,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive                                               bool match_any)
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive{
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    struct sss_domain_info *dom = domain;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    while (dom && dom->disabled) {
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        dom = get_next_domain(dom, true);
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    }
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    while (dom) {
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        if (strcasecmp(dom->name, name) == 0 ||
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars            ((match_any == true) && (dom->flat_name != NULL) &&
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars             (strcasecmp(dom->flat_name, name) == 0))) {
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars            return dom;
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars        }
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars        dom = get_next_domain(dom, true);
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    }
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive
6cced120094ad0ee645247fbcdbac5dae2f5da98slive    return NULL;
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars}
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslivestruct sss_domain_info *new_subdomain(TALLOC_CTX *mem_ctx,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive                                      struct sss_domain_info *parent,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive                                      const char *name,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive                                      const char *realm,
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars                                      const char *flat_name,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive                                      const char *id)
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive{
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    struct sss_domain_info *dom;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    DEBUG(SSSDBG_TRACE_FUNC,
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive          ("Creating [%s] as subdomain of [%s]!\n", name, parent->name));
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    dom = talloc_zero(mem_ctx, struct sss_domain_info);
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    if (dom == NULL) {
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        DEBUG(SSSDBG_OP_FAILURE, ("talloc_zero failed.\n"));
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        return NULL;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    }
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    dom->parent = parent;
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    dom->name = talloc_strdup(dom, name);
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    if (dom->name == NULL) {
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars        DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy domain name.\n"));
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars        goto fail;
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    }
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    dom->provider = talloc_strdup(dom, parent->provider);
6cced120094ad0ee645247fbcdbac5dae2f5da98slive    if (dom->provider == NULL) {
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars        DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy provider name.\n"));
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        goto fail;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    }
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    dom->conn_name = talloc_strdup(dom, parent->conn_name);
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars    if (dom->conn_name == NULL) {
f6d0bff0e95a7e6dd97f871582a1f091477c45c9lars        DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy connection name.\n"));
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        goto fail;
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    }
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive    if (realm != NULL) {
a27e9e05958bc51ea09edb8d8d862fe8b125313bslive        dom->realm = talloc_strdup(dom, realm);
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        if (dom->realm == NULL) {
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive            DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy realm name.\n"));
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive            goto fail;
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        }
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    }
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    if (flat_name != NULL) {
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        dom->flat_name = talloc_strdup(dom, flat_name);
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        if (dom->flat_name == NULL) {
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive            DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy flat name.\n"));
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive            goto fail;
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        }
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    }
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    if (id != NULL) {
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        dom->domain_id = talloc_strdup(dom, id);
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        if (dom->domain_id == NULL) {
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive            DEBUG(SSSDBG_OP_FAILURE, ("Failed to copy id.\n"));
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive            goto fail;
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive        }
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    }
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    dom->enumerate = false;
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    dom->fqnames = true;
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    dom->mpg = true;
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    /* FIXME: get ranges from the server */
222f0f03c2f9ee6343c18f80f0cb6e9aad21bc58slive    dom->id_min = 0;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->id_max = 0xffffffff;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->pwd_expiration_warning = parent->pwd_expiration_warning;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->cache_credentials = parent->cache_credentials;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->case_sensitive = false;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->user_timeout = parent->user_timeout;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->group_timeout = parent->group_timeout;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->netgroup_timeout = parent->netgroup_timeout;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->service_timeout = parent->service_timeout;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->override_homedir = parent->override_homedir;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->names = parent->names;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->subdomain_homedir = parent->subdomain_homedir;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    if (parent->sysdb == NULL) {
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele        DEBUG(SSSDBG_OP_FAILURE, ("Missing sysdb context in parent domain.\n"));
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele        goto fail;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    }
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    dom->sysdb = parent->sysdb;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    return dom;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabelefail:
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    talloc_free(dom);
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele    return NULL;
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele}
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabeleerrno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
1f2a7403f1389cbf2da0a53a2b2fb425dea75506erikabele                         struct confdb_ctx *cdb,
                         const char *domain_name,
                         const char *db_path,
                         struct sss_domain_info **_domain)
{
    int ret;
    struct sss_domain_info *dom;
    struct sysdb_ctx *sysdb;

    ret = confdb_get_domain(cdb, domain_name, &dom);
    if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE, ("Error retrieving domain configuration.\n"));
        return ret;
    }

    if (dom->sysdb != NULL) {
        DEBUG(SSSDBG_OP_FAILURE, ("Sysdb context already initialized.\n"));
        return EEXIST;
    }

    ret = sysdb_domain_init(mem_ctx, dom, db_path, &sysdb);
    if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE, ("Error opening cache database.\n"));
        return ret;
    }

    dom->sysdb = talloc_steal(dom, sysdb);

    *_domain = dom;

    return EOK;
}

static errno_t
sss_krb5_touch_config(void)
{
    const char *config = NULL;
    errno_t ret;

    config = getenv("KRB5_CONFIG");
    if (config == NULL) {
        config = KRB5_CONF_PATH;
    }

    ret = utime(config, NULL);
    if (ret == -1) {
        ret = errno;
        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change mtime of \"%s\" "
                                    "[%d]: %s\n", config, strerror(ret)));
        return ret;
    }

    return EOK;
}

errno_t
sss_write_domain_mappings(struct sss_domain_info *domain)
{
    struct sss_domain_info *dom;
    errno_t ret;
    errno_t err;
    TALLOC_CTX *tmp_ctx;
    const char *mapping_file;
    char *sanitized_domain;
    char *tmp_file = NULL;
    int fd = -1;
    mode_t old_mode;
    FILE *fstream = NULL;
    int i;

    if (domain == NULL || domain->name == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, ("No domain name provided\n"));
        return EINVAL;
    }

    tmp_ctx = talloc_new(NULL);
    if (!tmp_ctx) return ENOMEM;

    sanitized_domain = talloc_strdup(tmp_ctx, domain->name);
    if (sanitized_domain == NULL) {
        DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_strdup() failed\n"));
        return ENOMEM;
    }

    /* only alpha-numeric chars, dashes and underscores are allowed in
     * krb5 include directory */
    for (i = 0; sanitized_domain[i] != '\0'; i++) {
        if (!isalnum(sanitized_domain[i])
                && sanitized_domain[i] != '-' && sanitized_domain[i] != '_') {
            sanitized_domain[i] = '_';
        }
    }

    mapping_file = talloc_asprintf(tmp_ctx, "%s/domain_realm_%s",
                                   KRB5_MAPPING_DIR, sanitized_domain);
    if (!mapping_file) {
        ret = ENOMEM;
        goto done;
    }

    DEBUG(SSSDBG_FUNC_DATA, ("Mapping file for domain [%s] is [%s]\n",
                             domain->name, mapping_file));

    tmp_file = talloc_asprintf(tmp_ctx, "%sXXXXXX", mapping_file);
    if (tmp_file == NULL) {
        ret = ENOMEM;
        goto done;
    }

    old_mode = umask(077);
    fd = mkstemp(tmp_file);
    umask(old_mode);
    if (fd < 0) {
        DEBUG(SSSDBG_OP_FAILURE, ("creating the temp file [%s] for domain-realm "
                                  "mappings failed.", tmp_file));
        ret = EIO;
        talloc_zfree(tmp_ctx);
        goto done;
    }

    fstream = fdopen(fd, "a");
    if (!fstream) {
        ret = errno;
        DEBUG(SSSDBG_OP_FAILURE, ("fdopen failed [%d]: %s\n",
                                  ret, strerror(ret)));
        ret = close(fd);
        if (ret != 0) {
            ret = errno;
            DEBUG(SSSDBG_CRIT_FAILURE,
                ("fclose failed [%d][%s].\n", ret, strerror(ret)));
            /* Nothing to do here, just report the failure */
        }
        ret = EIO;
        goto done;
    }

    ret = fprintf(fstream, "[domain_realm]\n");
    if (ret < 0) {
        DEBUG(SSSDBG_OP_FAILURE, ("fprintf failed\n"));
        ret = EIO;
        goto done;
    }

    for (dom = get_next_domain(domain, true);
         dom && IS_SUBDOMAIN(dom); /* if we get back to a parent, stop */
         dom = get_next_domain(dom, false)) {
        ret = fprintf(fstream, ".%s = %s\n%s = %s\n",
                               dom->name, dom->realm, dom->name, dom->realm);
        if (ret < 0) {
            DEBUG(SSSDBG_CRIT_FAILURE, ("fprintf failed\n"));
            goto done;
        }
    }

    ret = fclose(fstream);
    fstream = NULL;
    if (ret != 0) {
        ret = errno;
        DEBUG(SSSDBG_CRIT_FAILURE,
              ("fclose failed [%d][%s].\n", ret, strerror(ret)));
        goto done;
    }

    ret = rename(tmp_file, mapping_file);
    if (ret == -1) {
        ret = errno;
        DEBUG(SSSDBG_CRIT_FAILURE,
              ("rename failed [%d][%s].\n", ret, strerror(ret)));
        goto done;
    }

    talloc_zfree(tmp_file);

    ret = chmod(mapping_file, 0644);
    if (ret == -1) {
        ret = errno;
        DEBUG(SSSDBG_CRIT_FAILURE,
              ("fchmod failed [%d][%s].\n", ret, strerror(ret)));
        goto done;
    }

    ret = EOK;
done:
    err = sss_krb5_touch_config();
    if (err != EOK) {
        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to change last modification time "
              "of krb5.conf. Created mappings may not be loaded.\n"));
        /* Ignore */
    }

    if (fstream) {
        err = fclose(fstream);
        if (err != 0) {
            err = errno;
            DEBUG(SSSDBG_CRIT_FAILURE,
                ("fclose failed [%d][%s].\n", err, strerror(err)));
            /* Nothing to do here, just report the failure */
        }
    }

    if (tmp_file) {
        err = unlink(tmp_file);
        if (err < 0) {
            err = errno;
            DEBUG(SSSDBG_MINOR_FAILURE,
                  ("Could not remove file [%s]: [%d]: %s",
                   tmp_file, err, strerror(err)));
        }
    }
    talloc_free(tmp_ctx);
    return ret;
}