summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--server/confdb/confdb.c4
-rw-r--r--server/responder/common/responder_cmd.h4
-rw-r--r--server/responder/common/responder_common.c118
-rw-r--r--server/responder/common/responder_common.h1
-rw-r--r--server/responder/nss/nsssrv.c5
-rw-r--r--server/responder/nss/nsssrv.h2
-rw-r--r--server/responder/pam/pamsrv.c5
7 files changed, 80 insertions, 59 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 9ada97f3..26c9e939 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -522,11 +522,13 @@ static int confdb_init_db(struct confdb_ctx *cdb)
ret = confdb_add_param(cdb, false, "config/services/pam", "command", val);
if (ret != EOK) goto done;
+#if 0 /* for future use */
/* Set the sssd_pam socket path */
val[0] = talloc_asprintf(tmp_ctx, "%s/pam", PIPE_PATH);
CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
ret = confdb_add_param(cdb, false, "config/services/pam", "unixSocket", val);
if (ret != EOK) goto done;
+#endif /* for future use */
/* Add PAM to the list of active services */
val[0] = "pam";
@@ -545,11 +547,13 @@ static int confdb_init_db(struct confdb_ctx *cdb)
ret = confdb_add_param(cdb, false, "config/services/nss", "command", val);
if (ret != EOK) goto done;
+#if 0 /* for future use */
/* Set the sssd_nss socket path */
val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", PIPE_PATH);
CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
ret = confdb_add_param(cdb, false, "config/services/nss", "unixSocket", val);
if (ret != EOK) goto done;
+#endif /* for future use */
/* Add NSS to the list of active services */
val[0] = "nss";
diff --git a/server/responder/common/responder_cmd.h b/server/responder/common/responder_cmd.h
index e02d5f22..b70b297a 100644
--- a/server/responder/common/responder_cmd.h
+++ b/server/responder/common/responder_cmd.h
@@ -48,8 +48,8 @@ struct nss_ctx {
int priv_lfd;
struct sysdb_ctx *sysdb;
struct confdb_ctx *cdb;
- char *sock_name;
- char *priv_sock_name;
+ const char *sock_name;
+ const char *priv_sock_name;
struct service_sbus_ctx *ss_ctx;
struct service_sbus_ctx *dp_ctx;
struct btreemap *domain_map;
diff --git a/server/responder/common/responder_common.c b/server/responder/common/responder_common.c
index 490f4e6b..18d2f3da 100644
--- a/server/responder/common/responder_common.c
+++ b/server/responder/common/responder_common.c
@@ -329,6 +329,9 @@ static int sss_sbus_init(struct nss_ctx *nctx)
static int set_unix_socket(struct nss_ctx *nctx)
{
struct sockaddr_un addr;
+
+/* for future use */
+#if 0
char *default_pipe;
int ret;
@@ -361,74 +364,79 @@ static int set_unix_socket(struct nss_ctx *nctx)
return ret;
}
talloc_free(default_pipe);
+#endif
- nctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (nctx->lfd == -1) {
- return EIO;
- }
+ if (nctx->sock_name != NULL ) {
+ nctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (nctx->lfd == -1) {
+ return EIO;
+ }
- nctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0);
- if (nctx->priv_lfd == -1) {
- close(nctx->lfd);
- return EIO;
- }
+ /* Set the umask so that permissions are set right on the socket.
+ * It must be readable and writable by anybody on the system. */
+ umask(0111);
- /* Set the umask so that permissions are set right on the socket.
- * It must be readable and writable by anybody on the system. */
- umask(0111);
+ set_nonblocking(nctx->lfd);
+ set_close_on_exec(nctx->lfd);
- set_nonblocking(nctx->lfd);
- set_close_on_exec(nctx->lfd);
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, nctx->sock_name, sizeof(addr.sun_path));
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, nctx->sock_name, sizeof(addr.sun_path));
+ /* make sure we have no old sockets around */
+ unlink(nctx->sock_name);
- /* make sure we have no old sockets around */
- unlink(nctx->sock_name);
+ if (bind(nctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ DEBUG(0,("Unable to bind on socket '%s'\n", nctx->sock_name));
+ goto failed;
+ }
+ if (listen(nctx->lfd, 10) != 0) {
+ DEBUG(0,("Unable to listen on socket '%s'\n", nctx->sock_name));
+ goto failed;
+ }
- if (bind(nctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
- DEBUG(0,("Unable to bind on socket '%s'\n", nctx->sock_name));
- goto failed;
- }
- if (listen(nctx->lfd, 10) != 0) {
- DEBUG(0,("Unable to listen on socket '%s'\n", nctx->sock_name));
- goto failed;
+ nctx->lfde = tevent_add_fd(nctx->ev, nctx, nctx->lfd,
+ TEVENT_FD_READ, accept_fd_handler, nctx);
+ if (!nctx->lfde) {
+ DEBUG(0, ("Failed to queue handler on pipe\n"));
+ goto failed;
+ }
}
- /* create privileged pipe */
- umask(0177);
+ if (nctx->priv_sock_name != NULL ) {
+ /* create privileged pipe */
+ nctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0);
+ if (nctx->priv_lfd == -1) {
+ close(nctx->lfd);
+ return EIO;
+ }
- set_nonblocking(nctx->priv_lfd);
- set_close_on_exec(nctx->priv_lfd);
+ umask(0177);
- memset(&addr, 0, sizeof(addr));
- addr.sun_family = AF_UNIX;
- strncpy(addr.sun_path, nctx->priv_sock_name, sizeof(addr.sun_path));
+ set_nonblocking(nctx->priv_lfd);
+ set_close_on_exec(nctx->priv_lfd);
- unlink(nctx->priv_sock_name);
+ memset(&addr, 0, sizeof(addr));
+ addr.sun_family = AF_UNIX;
+ strncpy(addr.sun_path, nctx->priv_sock_name, sizeof(addr.sun_path));
- if (bind(nctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
- DEBUG(0,("Unable to bind on socket '%s'\n", nctx->priv_sock_name));
- goto failed;
- }
- if (listen(nctx->priv_lfd, 10) != 0) {
- DEBUG(0,("Unable to listen on socket '%s'\n", nctx->priv_sock_name));
- goto failed;
- }
+ unlink(nctx->priv_sock_name);
- nctx->lfde = tevent_add_fd(nctx->ev, nctx, nctx->lfd,
- TEVENT_FD_READ, accept_fd_handler, nctx);
- if (!nctx->lfde) {
- DEBUG(0, ("Failed to queue handler on pipe\n"));
- goto failed;
- }
+ if (bind(nctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+ DEBUG(0,("Unable to bind on socket '%s'\n", nctx->priv_sock_name));
+ goto failed;
+ }
+ if (listen(nctx->priv_lfd, 10) != 0) {
+ DEBUG(0,("Unable to listen on socket '%s'\n", nctx->priv_sock_name));
+ goto failed;
+ }
- nctx->priv_lfde = tevent_add_fd(nctx->ev, nctx, nctx->priv_lfd,
- TEVENT_FD_READ, accept_priv_fd_handler, nctx);
- if (!nctx->priv_lfde) {
- DEBUG(0, ("Failed to queue handler on privileged pipe\n"));
- goto failed;
+ nctx->priv_lfde = tevent_add_fd(nctx->ev, nctx, nctx->priv_lfd,
+ TEVENT_FD_READ, accept_priv_fd_handler, nctx);
+ if (!nctx->priv_lfde) {
+ DEBUG(0, ("Failed to queue handler on privileged pipe\n"));
+ goto failed;
+ }
}
/* we want default permissions on created files to be very strict,
@@ -488,6 +496,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
struct sbus_method sss_sbus_methods[],
struct sss_cmd_table sss_cmds[],
const char *sss_pipe_name,
+ const char *sss_priv_pipe_name,
const char *confdb_socket_path,
struct sbus_method dp_methods[])
{
@@ -503,7 +512,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
nctx->cdb = cdb;
nctx->sss_sbus_methods = sss_sbus_methods;
nctx->sss_cmds = sss_cmds;
- nctx->sss_pipe_name = sss_pipe_name;
+ nctx->sock_name = sss_pipe_name;
+ nctx->priv_sock_name = sss_priv_pipe_name;
nctx->confdb_socket_path = confdb_socket_path;
nctx->dp_methods = dp_methods;
diff --git a/server/responder/common/responder_common.h b/server/responder/common/responder_common.h
index 38180705..0a5b6274 100644
--- a/server/responder/common/responder_common.h
+++ b/server/responder/common/responder_common.h
@@ -15,6 +15,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
struct sbus_method sss_sbus_methods[],
struct sss_cmd_table sss_cmds[],
const char *sss_pipe_name,
+ const char *sss_priv_pipe_name,
const char *confdb_socket_path,
struct sbus_method dp_methods[]);
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 248b8a1e..a26f5eda 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -330,6 +330,9 @@ static int nss_sbus_init(struct nss_ctx *nctx)
static int set_unix_socket(struct nss_ctx *nctx)
{
struct sockaddr_un addr;
+
+/* for future use */
+#if 0
char *default_pipe;
int ret;
@@ -346,6 +349,8 @@ static int set_unix_socket(struct nss_ctx *nctx)
return ret;
}
talloc_free(default_pipe);
+#endif
+ nctx->sock_name = SSS_NSS_SOCKET_NAME;
nctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);
if (nctx->lfd == -1) {
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index b1f1ff7d..949961a4 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -57,7 +57,7 @@ struct nss_ctx {
int lfd;
struct sysdb_ctx *sysdb;
struct confdb_ctx *cdb;
- char *sock_name;
+ const char *sock_name;
struct service_sbus_ctx *ss_ctx;
struct service_sbus_ctx *dp_ctx;
struct btreemap *domain_map;
diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c
index b6593bcf..de62e035 100644
--- a/server/responder/pam/pamsrv.c
+++ b/server/responder/pam/pamsrv.c
@@ -44,8 +44,8 @@
#include "monitor/monitor_interfaces.h"
#include "sbus/sbus_client.h"
#include "responder/pam/pamsrv.h"
+#include "../sss_client/sss_cli.h"
-#define SSS_PAM_PIPE_NAME "pam"
#define PAM_SBUS_SERVICE_VERSION 0x0001
#define PAM_SBUS_SERVICE_NAME "pam"
#define CONFDB_SOCKET_PATH "config/services/pam"
@@ -158,7 +158,8 @@ int main(int argc, const char *argv[])
main_ctx->confdb_ctx,
sss_sbus_methods,
sss_cmds,
- SSS_PAM_PIPE_NAME,
+ SSS_PAM_SOCKET_NAME,
+ SSS_PAM_PRIV_SOCKET_NAME,
CONFDB_SOCKET_PATH,
pam_dp_methods);
if (ret != EOK) return 3;