summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-01-21 12:37:36 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-01-27 09:02:01 -0500
commitaec5785126354bd8b192f63fe04ea08dae9c0705 (patch)
tree817ba377568db20761ce0f26865a48624a278268
parent8c3a4809b3420657289b42f028a1c9019b112991 (diff)
downloadsssd-aec5785126354bd8b192f63fe04ea08dae9c0705.tar.gz
sssd-aec5785126354bd8b192f63fe04ea08dae9c0705.tar.bz2
sssd-aec5785126354bd8b192f63fe04ea08dae9c0705.zip
PROXY: add support for service lookups (non-enumeration)
-rw-r--r--Makefile.am1
-rw-r--r--src/providers/proxy/proxy.h24
-rw-r--r--src/providers/proxy/proxy_id.c28
-rw-r--r--src/providers/proxy/proxy_init.c22
-rw-r--r--src/providers/proxy/proxy_services.c199
5 files changed, 274 insertions, 0 deletions
diff --git a/Makefile.am b/Makefile.am
index 2e47e96f..a8ae01d7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -949,6 +949,7 @@ libsss_proxy_la_SOURCES = \
src/providers/proxy/proxy_init.c \
src/providers/proxy/proxy_id.c \
src/providers/proxy/proxy_netgroup.c \
+ src/providers/proxy/proxy_services.c \
src/providers/proxy/proxy_auth.c
libsss_proxy_la_CFLAGS = \
$(AM_CFLAGS)
diff --git a/src/providers/proxy/proxy.h b/src/providers/proxy/proxy.h
index 41981fd8..d9484613 100644
--- a/src/providers/proxy/proxy.h
+++ b/src/providers/proxy/proxy.h
@@ -70,6 +70,17 @@ struct proxy_nss_ops {
enum nss_status (*getnetgrent_r)(struct __netgrent *result, char *buffer,
size_t buflen, int *errnop);
enum nss_status (*endnetgrent)(struct __netgrent *result);
+
+ /* Services */
+ enum nss_status (*getservbyname_r)(const char *name,
+ const char *protocol,
+ struct servent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
+ enum nss_status (*getservbyport_r)(int port, const char *protocol,
+ struct servent *result,
+ char *buffer, size_t buflen,
+ int *errnop);
};
struct authtok_conv {
@@ -145,4 +156,17 @@ errno_t get_netgroup(struct proxy_id_ctx *ctx,
struct sss_domain_info *dom,
const char *name);
+errno_t get_serv_byname(struct proxy_id_ctx *ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
+ const char *name,
+ const char *protocol);
+
+errno_t
+get_serv_byport(struct proxy_id_ctx *ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
+ const char *be_filter,
+ const char *protocol);
+
#endif /* __PROXY_H__ */
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c
index cfb058a8..b3bd97ff 100644
--- a/src/providers/proxy/proxy_id.c
+++ b/src/providers/proxy/proxy_id.c
@@ -1173,6 +1173,34 @@ void proxy_get_account_info(struct be_req *breq)
ret = get_netgroup(ctx, sysdb, domain, ar->filter_value);
break;
+ case BE_REQ_SERVICES:
+ switch (ar->filter_type) {
+ case BE_FILTER_NAME:
+ if (ctx->ops.getservbyname_r == NULL) {
+ return proxy_reply(breq, DP_ERR_FATAL,
+ ENODEV, "Services are not supported");
+ }
+ ret = get_serv_byname(ctx, sysdb, domain,
+ ar->filter_value,
+ ar->extra_value);
+ break;
+ case BE_FILTER_IDNUM:
+ if (ctx->ops.getservbyport_r == NULL) {
+ return proxy_reply(breq, DP_ERR_FATAL,
+ ENODEV, "Services are not supported");
+ }
+ ret = get_serv_byport(ctx, sysdb, domain,
+ ar->filter_value,
+ ar->extra_value);
+ break;
+ case BE_FILTER_ENUM:
+ break;
+ default:
+ return proxy_reply(breq, DP_ERR_FATAL,
+ EINVAL, "Invalid filter type");
+ }
+ break;
+
default: /*fail*/
return proxy_reply(breq, DP_ERR_FATAL,
EINVAL, "Invalid request type");
diff --git a/src/providers/proxy/proxy_init.c b/src/providers/proxy/proxy_init.c
index f53d6de1..b28e65a5 100644
--- a/src/providers/proxy/proxy_init.c
+++ b/src/providers/proxy/proxy_init.c
@@ -237,6 +237,28 @@ int sssm_proxy_id_init(struct be_ctx *bectx,
dlerror()));
}
+ ctx->ops.getservbyname_r = proxy_dlsym(ctx->handle,
+ "_nss_%s_getservbyname_r",
+ libname);
+ if (!ctx->ops.getservbyname_r) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Failed to load _nss_%s_getservbyname_r, error: %s. "
+ "The library does not support services.\n",
+ libname,
+ dlerror()));
+ }
+
+ ctx->ops.getservbyport_r = proxy_dlsym(ctx->handle,
+ "_nss_%s_getservbyport_r",
+ libname);
+ if (!ctx->ops.getservbyport_r) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Failed to load _nss_%s_getservbyport_r, error: %s. "
+ "The library does not support services.\n",
+ libname,
+ dlerror()));
+ }
+
*ops = &proxy_id_ops;
*pvt_data = ctx;
ret = EOK;
diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c
new file mode 100644
index 00000000..184f4daf
--- /dev/null
+++ b/src/providers/proxy/proxy_services.c
@@ -0,0 +1,199 @@
+/*
+ SSSD
+
+ Authors:
+ Stephen Gallagher <sgallagh@redhat.com>
+
+ Copyright (C) 2012 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "providers/proxy/proxy.h"
+#include "util/util.h"
+#include "util/strtonum.h"
+#include "db/sysdb_services.h"
+
+#define BUFLEN 1024
+
+errno_t
+proxy_save_service(struct sysdb_ctx *sysdb,
+ struct servent *svc,
+ bool lowercase,
+ uint64_t cache_timeout)
+{
+ errno_t ret;
+ char *cased_name;
+ const char **protocols;
+ const char **cased_aliases;
+ TALLOC_CTX *tmp_ctx;
+ size_t num_aliases, i;
+ time_t now = time(NULL);
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) return ENOMEM;
+
+ cased_name = sss_get_cased_name(tmp_ctx, svc->s_name, !lowercase);
+ if (!cased_name) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ protocols = talloc_array(tmp_ctx, const char *, 2);
+ if (!protocols) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ protocols[0] = sss_get_cased_name(protocols, svc->s_proto,
+ !lowercase);
+ if (!protocols[0]) {
+ ret = ENOMEM;
+ goto done;
+ }
+ protocols[1] = NULL;
+
+ /* Count the aliases */
+ for(num_aliases = 0; svc->s_aliases[num_aliases]; num_aliases++);
+
+ if (num_aliases >= 1) {
+ cased_aliases = talloc_array(tmp_ctx, const char *, num_aliases + 1);
+ if (!cased_aliases) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ for (i = 0; i < num_aliases; i++) {
+ cased_aliases[i] = sss_get_cased_name(tmp_ctx, svc->s_aliases[i],
+ !lowercase);
+ if (!cased_aliases[i]) {
+ ret = ENOMEM;
+ goto done;
+ }
+ }
+ cased_aliases[num_aliases] = NULL;
+ } else {
+ cased_aliases = NULL;
+ }
+
+ ret = sysdb_store_service(sysdb,
+ cased_name,
+ ntohs(svc->s_port),
+ cased_aliases,
+ protocols,
+ cache_timeout,
+ now);
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+errno_t
+get_serv_byname(struct proxy_id_ctx *ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
+ const char *name,
+ const char *protocol)
+{
+ errno_t ret;
+ enum nss_status status;
+ struct servent *result;
+ TALLOC_CTX *tmp_ctx;
+ char buffer[BUFLEN];
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) return ENOMEM;
+
+ result = talloc_zero(tmp_ctx, struct servent);
+ if (!result) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ status = ctx->ops.getservbyname_r(name, protocol, result,
+ buffer, BUFLEN, &ret);
+ if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_NOTFOUND) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("getservbyname_r failed for service [%s].\n", name));
+ return ret;
+ }
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ /* Make sure we remove it from the cache */
+ ret = sysdb_svc_delete(sysdb, name, 0, protocol);
+ } else {
+
+ /* Results found. Save them into the cache */
+ ret = proxy_save_service(sysdb, result,
+ !dom->case_sensitive,
+ ctx->entry_cache_timeout);
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+errno_t
+get_serv_byport(struct proxy_id_ctx *ctx,
+ struct sysdb_ctx *sysdb,
+ struct sss_domain_info *dom,
+ const char *be_filter,
+ const char *protocol)
+{
+ errno_t ret;
+ enum nss_status status;
+ struct servent *result;
+ TALLOC_CTX *tmp_ctx;
+ uint16_t port;
+ char buffer[BUFLEN];
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) return ENOMEM;
+
+ result = talloc_zero(tmp_ctx, struct servent);
+ if (!result) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ errno = 0;
+ port = htons(strtouint16(be_filter, NULL, 0));
+ if (errno) {
+ ret = errno;
+ goto done;
+ }
+
+ status = ctx->ops.getservbyport_r(port, protocol, result,
+ buffer, BUFLEN, &ret);
+ if (status != NSS_STATUS_SUCCESS && status != NSS_STATUS_NOTFOUND) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("getservbyport_r failed for service [%s].\n", be_filter));
+ return ret;
+ }
+
+ if (status == NSS_STATUS_NOTFOUND) {
+ /* Make sure we remove it from the cache */
+ ret = sysdb_svc_delete(sysdb, NULL, port, protocol);
+ } else {
+ /* Results found. Save them into the cache */
+ ret = proxy_save_service(sysdb, result,
+ !dom->case_sensitive,
+ ctx->entry_cache_timeout);
+ }
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}