diff options
Diffstat (limited to 'server/confdb/confdb.c')
-rw-r--r-- | server/confdb/confdb.c | 908 |
1 files changed, 0 insertions, 908 deletions
diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c deleted file mode 100644 index 6981baa5..00000000 --- a/server/confdb/confdb.c +++ /dev/null @@ -1,908 +0,0 @@ -/* - SSSD - - NSS Configuratoin DB - - Copyright (C) Simo Sorce <ssorce@redhat.com> 2008 - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#define _GNU_SOURCE - -#include <ctype.h> -#include "config.h" -#include "util/util.h" -#include "confdb/confdb.h" -#include "confdb/confdb_private.h" -#include "util/strtonum.h" -#include "db/sysdb.h" - -#define CONFDB_ZERO_CHECK_OR_JUMP(var, ret, err, label) do { \ - if (!var) { \ - ret = err; \ - goto label; \ - } \ -} while(0) - -static char *prepend_cn(char *str, int *slen, const char *comp, int clen) -{ - char *ret; - - ret = talloc_realloc(NULL, str, char, *slen + 4 + clen + 1); - if (!ret) - return NULL; - - /* move current string to the end */ - memmove(&ret[clen +4], ret, *slen+1); /* includes termination */ - memcpy(ret, "cn=", 3); - memcpy(&ret[3], comp, clen); - ret[clen+3] = ','; - - *slen = *slen + 4 + clen; - - return ret; -} - -int parse_section(TALLOC_CTX *mem_ctx, const char *section, - char **sec_dn, const char **rdn_name) -{ - TALLOC_CTX *tmp_ctx; - char *dn = NULL; - char *p; - const char *s; - int l, ret; - - /* section must be a non null string and must not start with '/' */ - if (!section || !*section || *section == '/') return EINVAL; - - tmp_ctx = talloc_new(mem_ctx); - if (!tmp_ctx) return ENOMEM; - - s = section; - l = 0; - while ((p = strchrnul(s, '/'))) { - if (l == 0) { - dn = talloc_asprintf(tmp_ctx, "cn=%s", s); - l = 3 + (p-s); - dn[l] = '\0'; - } else { - dn = prepend_cn(dn, &l, s, p-s); - } - if (!dn) { - ret = ENOMEM; - goto done; - } - if (*p == '\0') { - if (rdn_name) *rdn_name = s; - break; /* reached end */ - } - s = p+1; - if (*s == '\0') { /* a section cannot end in '.' */ - ret = EINVAL; - goto done; - } - } - - *sec_dn = talloc_steal(mem_ctx, dn); - ret = EOK; - -done: - talloc_free(tmp_ctx); - return ret; -} - -int confdb_add_param(struct confdb_ctx *cdb, - bool replace, - const char *section, - const char *attribute, - const char **values) -{ - TALLOC_CTX *tmp_ctx = NULL; - struct ldb_message *msg; - struct ldb_result *res; - struct ldb_dn *dn; - char *secdn; - const char *rdn_name; - int ret, i; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - ret = ENOMEM; - goto done; - } - - ret = parse_section(tmp_ctx, section, &secdn, &rdn_name); - if (ret != EOK) { - goto done; - } - - dn = ldb_dn_new(tmp_ctx, cdb->ldb, secdn); - CONFDB_ZERO_CHECK_OR_JUMP(dn, ret, EIO, done); - - ret = ldb_search(cdb->ldb, tmp_ctx, &res, - dn, LDB_SCOPE_BASE, NULL, NULL); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - - msg = ldb_msg_new(tmp_ctx); - CONFDB_ZERO_CHECK_OR_JUMP(msg, ret, ENOMEM, done); - - msg->dn = talloc_steal(msg, dn); - CONFDB_ZERO_CHECK_OR_JUMP(msg->dn, ret, ENOMEM, done); - - if (res->count == 0) { /* add a new message */ - errno = 0; - - /* cn first */ - ret = ldb_msg_add_string(msg, "cn", rdn_name); - if (ret != LDB_SUCCESS) { - if (errno) ret = errno; - else ret = EIO; - goto done; - } - - /* now the requested attribute */ - for (i = 0; values[i]; i++) { - ret = ldb_msg_add_string(msg, attribute, values[i]); - if (ret != LDB_SUCCESS) { - if (errno) ret = errno; - else ret = EIO; - goto done; - } - } - - ret = ldb_add(cdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - - } else { - int optype; - errno = 0; - - /* mark this as a replacement */ - if (replace) optype = LDB_FLAG_MOD_REPLACE; - else optype = LDB_FLAG_MOD_ADD; - ret = ldb_msg_add_empty(msg, attribute, optype, NULL); - if (ret != LDB_SUCCESS) { - if (errno) ret = errno; - else ret = EIO; - goto done; - } - - /* now the requested attribute */ - for (i = 0; values[i]; i++) { - ret = ldb_msg_add_string(msg, attribute, values[i]); - if (ret != LDB_SUCCESS) { - if (errno) ret = errno; - else ret = EIO; - goto done; - } - } - - ret = ldb_modify(cdb->ldb, msg); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - } - - ret = EOK; - -done: - talloc_free(tmp_ctx); - if (ret != EOK) { - DEBUG(1, ("Failed to add [%s] to [%s], error [%d] (%s)", - attribute, section, ret, strerror(ret))); - } - return ret; -} - -int confdb_get_param(struct confdb_ctx *cdb, - TALLOC_CTX *mem_ctx, - const char *section, - const char *attribute, - char ***values) -{ - TALLOC_CTX *tmp_ctx; - struct ldb_result *res; - struct ldb_dn *dn; - char *secdn; - const char *attrs[] = { attribute, NULL }; - char **vals; - struct ldb_message_element *el; - int ret, i; - - tmp_ctx = talloc_new(mem_ctx); - if (!tmp_ctx) - return ENOMEM; - - ret = parse_section(tmp_ctx, section, &secdn, NULL); - if (ret != EOK) { - goto done; - } - - dn = ldb_dn_new(tmp_ctx, cdb->ldb, secdn); - if (!dn) { - ret = EIO; - goto done; - } - - ret = ldb_search(cdb->ldb, tmp_ctx, &res, - dn, LDB_SCOPE_BASE, attrs, NULL); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - if (res->count > 1) { - ret = EIO; - goto done; - } - - vals = talloc_zero(mem_ctx, char *); - ret = EOK; - - if (res->count > 0) { - el = ldb_msg_find_element(res->msgs[0], attribute); - if (el && el->num_values > 0) { - vals = talloc_realloc(mem_ctx, vals, char *, el->num_values +1); - if (!vals) { - ret = ENOMEM; - goto done; - } - /* should always be strings so this should be safe */ - for (i = 0; i < el->num_values; i++) { - struct ldb_val v = el->values[i]; - vals[i] = talloc_strndup(vals, (char *)v.data, v.length); - if (!vals[i]) { - ret = ENOMEM; - goto done; - } - } - vals[i] = NULL; - } - } - - *values = vals; - -done: - talloc_free(tmp_ctx); - if (ret != EOK) { - DEBUG(1, ("Failed to get [%s] from [%s], error [%d] (%s)", - attribute, section, ret, strerror(ret))); - } - return ret; -} - -int confdb_get_string(struct confdb_ctx *cdb, TALLOC_CTX *ctx, - const char *section, const char *attribute, - const char *defstr, char **result) -{ - char **values = NULL; - char *restr; - int ret; - - ret = confdb_get_param(cdb, ctx, section, attribute, &values); - if (ret != EOK) { - goto failed; - } - - if (values[0]) { - if (values[1] != NULL) { - /* too many values */ - ret = EINVAL; - goto failed; - } - restr = talloc_steal(ctx, values[0]); - } else { - /* Did not return a value, so use the default */ - - if (defstr == NULL) { /* No default given */ - *result = NULL; - talloc_free(values); - return EOK; - } - - /* Copy the default string */ - restr = talloc_strdup(ctx, defstr); - } - if (!restr) { - ret = ENOMEM; - goto failed; - } - - talloc_free(values); - - *result = restr; - return EOK; - -failed: - talloc_free(values); - DEBUG(1, ("Failed to get [%s] from [%s], error [%d] (%s)", - attribute, section, ret, strerror(ret))); - return ret; -} - -int confdb_get_int(struct confdb_ctx *cdb, TALLOC_CTX *ctx, - const char *section, const char *attribute, - int defval, int *result) -{ - char **values = NULL; - long val; - int ret; - - ret = confdb_get_param(cdb, ctx, section, attribute, &values); - if (ret != EOK) { - goto failed; - } - - if (values[0]) { - if (values[1] != NULL) { - /* too many values */ - ret = EINVAL; - goto failed; - } - - errno = 0; - val = strtol(values[0], NULL, 0); - if (errno) { - ret = errno; - goto failed; - } - - if (val < INT_MIN || val > INT_MAX) { - ret = ERANGE; - goto failed; - } - - } else { - val = defval; - } - - talloc_free(values); - - *result = (int)val; - return EOK; - -failed: - talloc_free(values); - DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)", - attribute, section, ret, strerror(ret))); - return ret; -} - -long confdb_get_long(struct confdb_ctx *cdb, TALLOC_CTX *ctx, - const char *section, const char *attribute, - long defval, long *result) -{ - char **values = NULL; - long val; - int ret; - - ret = confdb_get_param(cdb, ctx, section, attribute, &values); - if (ret != EOK) { - goto failed; - } - - if (values[0]) { - if (values[1] != NULL) { - /* too many values */ - ret = EINVAL; - goto failed; - } - - errno = 0; - val = strtol(values[0], NULL, 0); - if (errno) { - ret = errno; - goto failed; - } - - } else { - val = defval; - } - - talloc_free(values); - - *result = val; - return EOK; - -failed: - talloc_free(values); - DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)", - attribute, section, ret, strerror(ret))); - return ret; -} - -int confdb_get_bool(struct confdb_ctx *cdb, TALLOC_CTX *ctx, - const char *section, const char *attribute, - bool defval, bool *result) -{ - char **values = NULL; - bool val; - int ret; - - ret = confdb_get_param(cdb, ctx, section, attribute, &values); - if (ret != EOK) { - goto failed; - } - - if (values[0]) { - if (values[1] != NULL) { - /* too many values */ - ret = EINVAL; - goto failed; - } - - if (strcasecmp(values[0], "FALSE") == 0) { - val = false; - - } else if (strcasecmp(values[0], "TRUE") == 0) { - val = true; - - } else { - - DEBUG(2, ("Value is not a boolean!\n")); - ret = EINVAL; - goto failed; - } - - } else { - val = defval; - } - - talloc_free(values); - - *result = val; - return EOK; - -failed: - talloc_free(values); - DEBUG(1, ("Failed to read [%s] from [%s], error [%d] (%s)", - attribute, section, ret, strerror(ret))); - return ret; -} - -/* WARNING: Unlike other similar functions, this one does NOT take a default, - * and returns ENOENT if the attribute was not found ! */ -int confdb_get_string_as_list(struct confdb_ctx *cdb, TALLOC_CTX *ctx, - const char *section, const char *attribute, - char ***result) -{ - char **values = NULL; - int ret; - - ret = confdb_get_param(cdb, ctx, section, attribute, &values); - if (ret != EOK) { - goto done; - } - - if (values && values[0]) { - if (values[1] != NULL) { - /* too many values */ - ret = EINVAL; - goto done; - } - } else { - /* Did not return a value */ - ret = ENOENT; - goto done; - } - - ret = split_on_separator(ctx, values[0], ',', true, result, NULL); - -done: - talloc_free(values); - if (ret != EOK && ret != ENOENT) { - DEBUG(2, ("Failed to get [%s] from [%s], error [%d] (%s)", - attribute, section, ret, strerror(ret))); - } - return ret; -} - -int confdb_init(TALLOC_CTX *mem_ctx, - struct confdb_ctx **cdb_ctx, - char *confdb_location) -{ - struct confdb_ctx *cdb; - int ret = EOK; - - cdb = talloc_zero(mem_ctx, struct confdb_ctx); - if (!cdb) - return ENOMEM; - - /* Because confdb calls use sync ldb calls, we create a separate event - * context here. This will prevent the ldb sync calls to start nested - * events. - * NOTE: this means that we *cannot* do async calls and return in confdb - * unless we convert all calls and hook back to the main event context. - */ - - cdb->pev = tevent_context_init(cdb); - if (!cdb->pev) { - talloc_free(cdb); - return EIO; - } - - cdb->ldb = ldb_init(cdb, cdb->pev); - if (!cdb->ldb) { - talloc_free(cdb); - return EIO; - } - - ret = ldb_set_debug(cdb->ldb, ldb_debug_messages, NULL); - if (ret != LDB_SUCCESS) { - DEBUG(0,("Could not set up debug fn.\n")); - talloc_free(cdb); - return EIO; - } - - ret = ldb_connect(cdb->ldb, confdb_location, 0, NULL); - if (ret != LDB_SUCCESS) { - DEBUG(0, ("Unable to open config database [%s]\n", - confdb_location)); - talloc_free(cdb); - return EIO; - } - - *cdb_ctx = cdb; - - return EOK; -} - -static errno_t get_entry_as_uint32(struct ldb_message *msg, - uint32_t *return_value, - const char *entry, - uint32_t default_value) -{ - const char *tmp = NULL; - char *endptr; - uint32_t u32ret = 0; - - *return_value = 0; - - if (!msg || !entry) { - return EFAULT; - } - - tmp = ldb_msg_find_attr_as_string(msg, entry, NULL); - if (tmp == NULL) { - *return_value = default_value; - return EOK; - } - - if ((*tmp == '-') || (*tmp == '\0')) { - return EINVAL; - } - - u32ret = strtouint32 (tmp, &endptr, 10); - if (errno) { - return errno; - } - - if (*endptr != '\0') { - /* Not all of the string was a valid number */ - return EINVAL; - } - - *return_value = u32ret; - return EOK; -} - -static errno_t get_entry_as_bool(struct ldb_message *msg, - bool *return_value, - const char *entry, - bool default_value) -{ - const char *tmp = NULL; - - *return_value = 0; - - if (!msg || !entry) { - return EFAULT; - } - - tmp = ldb_msg_find_attr_as_string(msg, entry, NULL); - if (tmp == NULL || *tmp == '\0') { - *return_value = default_value; - return EOK; - } - - if (strcasecmp(tmp, "FALSE") == 0) { - *return_value = 0; - } - else if (strcasecmp(tmp, "TRUE") == 0) { - *return_value = 1; - } - else { - return EINVAL; - } - - return EOK; -} - -static int confdb_get_domain_internal(struct confdb_ctx *cdb, - TALLOC_CTX *mem_ctx, - const char *name, - struct sss_domain_info **_domain) -{ - struct sss_domain_info *domain; - struct ldb_result *res; - TALLOC_CTX *tmp_ctx; - struct ldb_dn *dn; - const char *tmp; - int ret, val; - - tmp_ctx = talloc_new(mem_ctx); - if (!tmp_ctx) return ENOMEM; - - dn = ldb_dn_new_fmt(tmp_ctx, cdb->ldb, - "cn=%s,%s", name, CONFDB_DOMAIN_BASEDN); - if (!dn) { - ret = ENOMEM; - goto done; - } - - ret = ldb_search(cdb->ldb, tmp_ctx, &res, dn, - LDB_SCOPE_BASE, NULL, NULL); - if (ret != LDB_SUCCESS) { - ret = EIO; - goto done; - } - - if (res->count != 1) { - DEBUG(0, ("Unknown domain [%s]\n", name)); - ret = ENOENT; - goto done; - } - - domain = talloc_zero(mem_ctx, struct sss_domain_info); - if (!domain) { - ret = ENOMEM; - goto done; - } - - tmp = ldb_msg_find_attr_as_string(res->msgs[0], "cn", NULL); - if (!tmp) { - DEBUG(0, ("Invalid configuration entry, fatal error!\n")); - ret = EINVAL; - goto done; - } - domain->name = talloc_strdup(domain, tmp); - if (!domain->name) { - ret = ENOMEM; - goto done; - } - - tmp = ldb_msg_find_attr_as_string(res->msgs[0], - CONFDB_DOMAIN_ID_PROVIDER, - NULL); - if (tmp) { - domain->provider = talloc_strdup(domain, tmp); - if (!domain->provider) { - ret = ENOMEM; - goto done; - } - } - else { - DEBUG(0, ("Domain [%s] does not specify an ID provider, disabling!\n", - domain->name)); - ret = EINVAL; - goto done; - } - - if (strcasecmp(domain->provider, "files") == 0) { - /* The files provider is not valid anymore */ - DEBUG(0, ("The \"files\" provider is invalid\n")); - ret = EINVAL; - goto done; - } - - if (strcasecmp(domain->provider, "local") == 0) { - /* If this is the local provider, we need to ensure that - * no other provider was specified for other types, since - * the local provider cannot load them. - */ - tmp = ldb_msg_find_attr_as_string(res->msgs[0], - CONFDB_DOMAIN_AUTH_PROVIDER, - NULL); - if (tmp && strcasecmp(tmp, "local") != 0) { - DEBUG(0, ("Local ID provider does not support [%s] as an AUTH provider.\n", tmp)); - ret = EINVAL; - goto done; - } - - tmp = ldb_msg_find_attr_as_string(res->msgs[0], - CONFDB_DOMAIN_ACCESS_PROVIDER, - NULL); - if (tmp && strcasecmp(tmp, "local") != 0) { - DEBUG(0, ("Local ID provider does not support [%s] as an ACCESS provider.\n", tmp)); - ret = EINVAL; - goto done; - } - - tmp = ldb_msg_find_attr_as_string(res->msgs[0], - CONFDB_DOMAIN_CHPASS_PROVIDER, - NULL); - if (tmp && strcasecmp(tmp, "local") != 0) { - DEBUG(0, ("Local ID provider does not support [%s] as a CHPASS provider.\n", tmp)); - ret = EINVAL; - goto done; - } - } - - domain->timeout = ldb_msg_find_attr_as_int(res->msgs[0], - CONFDB_DOMAIN_TIMEOUT, 0); - - /* Determine if this domain can be enumerated */ - - /* TEMP: test if the old bitfield conf value is used and warn it has been - * superceeded. */ - val = ldb_msg_find_attr_as_int(res->msgs[0], CONFDB_DOMAIN_ENUMERATE, 0); - if (val > 0) { /* ok there was a number in here */ - DEBUG(0, ("Warning: enumeration parameter in %s still uses integers! " - "Enumeration is now a boolean and takes true/false values. " - "Interpreting as true\n", domain->name)); - domain->enumerate = true; - } else { /* assume the new format */ - ret = get_entry_as_bool(res->msgs[0], &domain->enumerate, - CONFDB_DOMAIN_ENUMERATE, 1); - if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_ENUMERATE)); - goto done; - } - } - if (!domain->enumerate) { - DEBUG(1, ("No enumeration for [%s]!\n", domain->name)); - } - - /* Determine if user/group names will be Fully Qualified - * in NSS interfaces */ - ret = get_entry_as_bool(res->msgs[0], &domain->fqnames, CONFDB_DOMAIN_FQ, 0); - if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_FQ)); - goto done; - } - - ret = get_entry_as_uint32(res->msgs[0], &domain->id_min, - CONFDB_DOMAIN_MINID, SSSD_MIN_ID); - if (ret != EOK) { - DEBUG(0, ("Invalid value for minId\n")); - ret = EINVAL; - goto done; - } - - ret = get_entry_as_uint32(res->msgs[0], &domain->id_max, - CONFDB_DOMAIN_MAXID, 0); - if (ret != EOK) { - DEBUG(0, ("Invalid value for maxId\n")); - ret = EINVAL; - goto done; - } - - if (domain->id_max && (domain->id_max < domain->id_min)) { - DEBUG(0, ("Invalid domain range\n")); - ret = EINVAL; - goto done; - } - - /* Do we allow to cache credentials */ - ret = get_entry_as_bool(res->msgs[0], &domain->cache_credentials, - CONFDB_DOMAIN_CACHE_CREDS, 0); - if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_CACHE_CREDS)); - goto done; - } - - ret = get_entry_as_bool(res->msgs[0], &domain->legacy_passwords, - CONFDB_DOMAIN_LEGACY_PASS, 0); - if(ret != EOK) { - DEBUG(0, ("Invalid value for %s\n", CONFDB_DOMAIN_LEGACY_PASS)); - goto done; - } - - *_domain = domain; - ret = EOK; - -done: - talloc_free(tmp_ctx); - return ret; -} - -int confdb_get_domains(struct confdb_ctx *cdb, - struct sss_domain_info **domains) -{ - TALLOC_CTX *tmp_ctx; - struct sss_domain_info *domain, *prevdom = NULL; - char **domlist; - int ret, i; - - if (cdb->doms) { - *domains = cdb->doms; - return EOK; - } - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) return ENOMEM; - - ret = confdb_get_string_as_list(cdb, tmp_ctx, - CONFDB_MONITOR_CONF_ENTRY, - CONFDB_MONITOR_ACTIVE_DOMAINS, - &domlist); - if (ret == ENOENT) { - DEBUG(0, ("No domains configured, fatal error!\n")); - goto done; - } - if (ret != EOK ) { - DEBUG(0, ("Fatal error retrieving domains list!\n")); - goto done; - } - - for (i = 0; domlist[i]; i++) { - ret = confdb_get_domain_internal(cdb, cdb, domlist[i], &domain); - if (ret) { - DEBUG(0, ("Error (%d [%s]) retrieving domain [%s], skipping!\n", - ret, strerror(ret), domlist[i])); - ret = EOK; - continue; - } - - if (cdb->doms == NULL) { - cdb->doms = domain; - prevdom = cdb->doms; - } else { - prevdom->next = domain; - prevdom = domain; - } - } - - if (cdb->doms == NULL) { - DEBUG(0, ("No properly configured domains, fatal error!\n")); - ret = ENOENT; - goto done; - } - - *domains = cdb->doms; - ret = EOK; - -done: - talloc_free(tmp_ctx); - return ret; -} - -int confdb_get_domain(struct confdb_ctx *cdb, - const char *name, - struct sss_domain_info **_domain) -{ - struct sss_domain_info *dom, *doms; - int ret; - - ret = confdb_get_domains(cdb, &doms); - if (ret != EOK) { - return ret; - } - - for (dom = doms; dom; dom = dom->next) { - if (strcasecmp(dom->name, name) == 0) { - *_domain = dom; - return EOK; - } - } - - return ENOENT; -} |