summaryrefslogtreecommitdiff
path: root/server/nss
diff options
context:
space:
mode:
Diffstat (limited to 'server/nss')
-rw-r--r--server/nss/nss_ldb.h14
-rw-r--r--server/nss/nsssrv.c15
-rw-r--r--server/nss/nsssrv.h8
-rw-r--r--server/nss/nsssrv_cmd.c146
-rw-r--r--server/nss/nsssrv_ldb.c174
-rw-r--r--server/nss/nsssrv_ldb.h19
6 files changed, 348 insertions, 28 deletions
diff --git a/server/nss/nss_ldb.h b/server/nss/nss_ldb.h
new file mode 100644
index 00000000..64ac592b
--- /dev/null
+++ b/server/nss/nss_ldb.h
@@ -0,0 +1,14 @@
+/* nss_ldb private header file */
+
+#define NSS_LDB_PATH "/var/lib/sss/db/sssd.ldb"
+
+#define NSS_USER_BASE "cn=users,cn=local"
+
+#define NSS_PWNAM_FILTER "(&(objectclass=user)(uid=%s))"
+#define NSS_PWUID_FILTER "(&(objectclass=user)(uidNumber=%llu))"
+#define NSS_PWENT_FILTER "(objectclass=user)"
+
+#define NSS_PW_ATTRS {NSS_PW_NAME, NSS_PW_UIDNUM, NSS_PW_GIDNUM, \
+ NSS_PW_FULLNAME, NSS_PW_HOMEDIR, NSS_PW_SHELL, \
+ NULL}
+
diff --git a/server/nss/nsssrv.c b/server/nss/nsssrv.c
index 5ade80ec..36094a7c 100644
--- a/server/nss/nsssrv.c
+++ b/server/nss/nsssrv.c
@@ -28,11 +28,11 @@
#include <string.h>
#include <sys/time.h>
#include <errno.h>
-#include "talloc.h"
-#include "events.h"
+#include "ldb.h"
#include "util/util.h"
#include "service.h"
#include "nss/nsssrv.h"
+#include "nss/nsssrv_ldb.h"
static void set_nonblocking(int fd)
{
@@ -105,7 +105,7 @@ static void client_recv(struct event_context *ev, struct cli_ctx *cctx)
/* do not read anymore */
EVENT_FD_NOT_READABLE(cctx->cfde);
/* execute command */
- ret = nss_cmd_execute(ev, cctx);
+ ret = nss_cmd_execute(cctx);
if (ret != RES_SUCCESS) {
DEBUG(0, ("Failed to execute request, aborting client!\n"));
talloc_free(cctx);
@@ -181,6 +181,9 @@ static void accept_fd_handler(struct event_context *ev,
DEBUG(0, ("Failed to queue client handler\n"));
}
+ cctx->ev = ev;
+ cctx->ldb = nctx->ldb;
+
talloc_set_destructor(cctx, client_destructor);
DEBUG(2, ("Client connected!\n"));
@@ -231,6 +234,7 @@ failed:
void nss_task_init(struct task_server *task)
{
struct nss_ctx *nctx;
+ int ret;
task_server_set_title(task, "sssd[nsssrv]");
@@ -243,4 +247,9 @@ void nss_task_init(struct task_server *task)
set_unix_socket(task->event_ctx, nctx, SSS_NSS_SOCKET_NAME);
+ ret = nss_ldb_init(nctx, task->event_ctx, &nctx->ldb);
+ if (ret != RES_SUCCESS) {
+ task_server_terminate(task, "fatal error initializing nss_ctx\n");
+ return;
+ }
}
diff --git a/server/nss/nsssrv.h b/server/nss/nsssrv.h
index 075db1d0..6ed679f4 100644
--- a/server/nss/nsssrv.h
+++ b/server/nss/nsssrv.h
@@ -26,15 +26,21 @@
#include <sys/un.h>
#include "talloc.h"
#include "events.h"
+#include "ldb.h"
#include "../nss_client/sss_nss.h"
+struct nss_ldb_ctx;
+
struct nss_ctx {
struct task_server *task;
struct fd_event *lfde;
int lfd;
+ struct ldb_context *ldb;
};
struct cli_ctx {
+ struct event_context *ev;
+ struct ldb_context *ldb;
int cfd;
struct fd_event *cfde;
struct sockaddr_un addr;
@@ -63,6 +69,6 @@ enum sss_nss_command nss_get_cmd(struct nss_packet *packet);
void nss_get_body(struct nss_packet *packet, uint8_t **body, size_t *blen);
/* from nsssrv_cmd.c */
-int nss_cmd_execute(struct event_context *ev, struct cli_ctx *cctx);
+int nss_cmd_execute(struct cli_ctx *cctx);
#endif /* __NSSSRV_H__ */
diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c
index f66dc88c..a1400487 100644
--- a/server/nss/nsssrv_cmd.c
+++ b/server/nss/nsssrv_cmd.c
@@ -19,16 +19,22 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+#include "ldb.h"
+#include "ldb_errors.h"
#include "util/util.h"
#include "nss/nsssrv.h"
+#include "nss/nsssrv_ldb.h"
+
+struct nss_cmd_ctx {
+ struct cli_ctx *cctx;
+};
struct nss_cmd_table {
enum sss_nss_command cmd;
- int (*fn)(struct event_context *ev, struct cli_ctx *cctx);
+ int (*fn)(struct cli_ctx *cctx);
};
-static int nss_cmd_get_version(struct event_context *ev,
- struct cli_ctx *cctx)
+static int nss_cmd_get_version(struct cli_ctx *cctx)
{
uint8_t *body;
size_t blen;
@@ -51,28 +57,75 @@ static int nss_cmd_get_version(struct event_context *ev,
return RES_SUCCESS;
}
-static int nss_cmd_getpwnam(struct event_context *ev,
- struct cli_ctx *cctx)
+static int nss_cmd_getpwnam_callback(void *ptr, int status,
+ struct ldb_result *res)
{
+ struct nss_cmd_ctx *nctx = talloc_get_type(ptr, struct nss_cmd_ctx);
+ struct cli_ctx *cctx = nctx->cctx;
+ struct ldb_message *msg;
uint8_t *body;
- size_t blen;
- int ret;
const char *name;
+ const char *fullname;
+ const char *homedir;
+ const char *shell;
+ uint64_t uid;
+ uint64_t gid;
+ size_t rsize, rp, rl, blen;
+ int ret;
- /* get user name to query */
- nss_get_body(cctx->creq->in, &body, &blen);
- name = (const char *)body;
- /* if not terminated fail */
- if (name[blen -1] != '\0') {
- return RES_INVALID_DATA;
+ if (res->count != 1) {
+ if (res->count > 1) {
+ DEBUG(1, ("getpwnam call returned more than oine result !?!\n"));
+ }
+ if (res->count == 0) {
+ DEBUG(2, ("No results for getpwnam call"));
+ }
+ ret = nss_packet_new(cctx->creq, 2*sizeof(uint32_t),
+ nss_get_cmd(cctx->creq->in),
+ &cctx->creq->out);
+ if (ret != RES_SUCCESS) {
+ return ret;
+ }
+ nss_get_body(cctx->creq->out, &body, &blen);
+ ((uint32_t *)body)[0] = 0; /* 0 results */
+ ((uint32_t *)body)[1] = 0; /* reserved */
+ goto done;
}
- /* TODO: async search data and return */
+ msg = res->msgs[0];
+
+ name = ldb_msg_find_attr_as_string(msg, NSS_PW_NAME, NULL);
+ fullname = ldb_msg_find_attr_as_string(msg, NSS_PW_FULLNAME, NULL);
+ homedir = ldb_msg_find_attr_as_string(msg, NSS_PW_HOMEDIR, NULL);
+ shell = ldb_msg_find_attr_as_string(msg, NSS_PW_SHELL, NULL);
+ uid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_UIDNUM, 0);
+ gid = ldb_msg_find_attr_as_uint64(msg, NSS_PW_UIDNUM, 0);
+
+ if (!name || !fullname || !homedir || !shell || !uid || !gid) {
+ DEBUG(1, ("Incomplede user object?!? Aborting\n"));
- /* fake data for now */
+ ret = nss_packet_new(cctx->creq, 2*sizeof(uint32_t),
+ nss_get_cmd(cctx->creq->in),
+ &cctx->creq->out);
+ if (ret != RES_SUCCESS) {
+ return ret;
+ }
+ nss_get_body(cctx->creq->out, &body, &blen);
+ ((uint32_t *)body)[0] = 0; /* 0 results */
+ ((uint32_t *)body)[1] = 0; /* reserved */
+ goto done;
+ }
+
+ rsize = 2*sizeof(uint32_t);
+ rsize += 2*sizeof(uint64_t);
+ rsize += strlen(name) + 1;
+ rsize += 2; /* password always set to 'x' */
+ rsize += strlen(fullname) + 1;
+ rsize += strlen(homedir) + 1;
+ rsize += strlen(shell) + 1;
/* create response packet */
- ret = nss_packet_new(cctx->creq, 4+4+(8+8+4+2+4+10+10),
+ ret = nss_packet_new(cctx->creq, rsize,
nss_get_cmd(cctx->creq->in),
&cctx->creq->out);
if (ret != RES_SUCCESS) {
@@ -82,26 +135,71 @@ static int nss_cmd_getpwnam(struct event_context *ev,
((uint32_t *)body)[0] = 1; /* 1 result */
((uint32_t *)body)[1] = 0; /* reserved */
- ((uint64_t *)body)[1] = 1234; /* first result uid */
- ((uint64_t *)body)[2] = 1234; /* first result gid */
-
- name = "foo\0x\0foo\0/home/foo\0/bin/bash\0";
- memcpy(&body[24], name, (8+8+4+2+4+10+10));
-
+ ((uint64_t *)body)[1] = uid; /* first result uid */
+ ((uint64_t *)body)[2] = gid; /* first result gid */
+
+ rp = 2*sizeof(uint32_t) + 2*sizeof(uint64_t);
+ rl = strlen(name)+1;
+ memcpy(&body[rp], name, rl);
+ rp += rl;
+ rl = 2;
+ memcpy(&body[rp], "x", rl);
+ rp += rl;
+ rl = strlen(fullname)+1;
+ memcpy(&body[rp], fullname, rl);
+ rp += rl;
+ rl = strlen(homedir)+1;
+ memcpy(&body[rp], homedir, rl);
+ rp += rl;
+ rl = strlen(shell)+1;
+ memcpy(&body[rp], shell, rl);
+
+done:
/* now that the packet is in place, unlock queue
* making the event writable */
EVENT_FD_WRITEABLE(cctx->cfde);
+ /* free all request related data through the talloc hierarchy */
+ talloc_free(nctx);
+
return RES_SUCCESS;
}
+static int nss_cmd_getpwnam(struct cli_ctx *cctx)
+{
+ struct nss_cmd_ctx *nctx;
+ uint8_t *body;
+ size_t blen;
+ int ret;
+ const char *name;
+
+ /* get user name to query */
+ nss_get_body(cctx->creq->in, &body, &blen);
+ name = (const char *)body;
+ /* if not terminated fail */
+ if (name[blen -1] != '\0') {
+ return RES_INVALID_DATA;
+ }
+
+ nctx = talloc(cctx, struct nss_cmd_ctx);
+ if (!nctx) {
+ return RES_NOMEM;
+ }
+ nctx->cctx = cctx;
+
+ ret = nss_ldb_getpwnam(nctx, cctx->ev, cctx->ldb, name,
+ nss_cmd_getpwnam_callback, nctx);
+
+ return ret;
+}
+
struct nss_cmd_table nss_cmds[] = {
{SSS_NSS_GET_VERSION, nss_cmd_get_version},
{SSS_NSS_GETPWNAM, nss_cmd_getpwnam},
{SSS_NSS_NULL, NULL}
};
-int nss_cmd_execute(struct event_context *ev, struct cli_ctx *cctx)
+int nss_cmd_execute(struct cli_ctx *cctx)
{
enum sss_nss_command cmd;
int i;
@@ -110,7 +208,7 @@ int nss_cmd_execute(struct event_context *ev, struct cli_ctx *cctx)
for (i = 0; nss_cmds[i].cmd != SSS_NSS_NULL; i++) {
if (cmd == nss_cmds[i].cmd) {
- return nss_cmds[i].fn(ev, cctx);
+ return nss_cmds[i].fn(cctx);
}
}
diff --git a/server/nss/nsssrv_ldb.c b/server/nss/nsssrv_ldb.c
new file mode 100644
index 00000000..9ceb8f10
--- /dev/null
+++ b/server/nss/nsssrv_ldb.c
@@ -0,0 +1,174 @@
+/*
+ SSSD
+
+ NSS Responder
+
+ Copyright (C) Simo Sorce <ssorce@redhat.com> 2008
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "ldb.h"
+#include "ldb_errors.h"
+#include "util/util.h"
+#include "nss/nsssrv.h"
+#include "nss/nsssrv_ldb.h"
+#include "nss/nss_ldb.h"
+
+struct nss_ldb_search_ctx {
+ nss_ldb_callback_t callback;
+ void *ptr;
+ struct ldb_result *res;
+};
+
+static int request_error(struct nss_ldb_search_ctx *sctx, int ldb_error)
+{
+ sctx->callback(sctx->ptr, ldb_error, sctx->res);
+ return ldb_error;
+}
+
+static int request_done(struct nss_ldb_search_ctx *sctx)
+{
+ return sctx->callback(sctx->ptr, LDB_SUCCESS, sctx->res);
+}
+
+static int getpwnam_callback(struct ldb_request *req,
+ struct ldb_reply *ares)
+{
+ struct nss_ldb_search_ctx *sctx;
+ struct ldb_result *res;
+ int n;
+
+ sctx = talloc_get_type(req->context, struct nss_ldb_search_ctx);
+ res = sctx->res;
+
+ if (!ares) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+ if (ares->error != LDB_SUCCESS) {
+ return request_error(sctx, ares->error);
+ }
+
+ switch (ares->type) {
+ case LDB_REPLY_ENTRY:
+ sctx->res->msgs = talloc_realloc(sctx, res->msgs,
+ struct ldb_message *,
+ res->count + 2);
+ if (! res->msgs) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ res->msgs[res->count + 1] = NULL;
+
+ res->msgs[res->count] = talloc_move(res->msgs, &ares->message);
+ res->count++;
+ break;
+
+ case LDB_REPLY_REFERRAL:
+ if (res->refs) {
+ for (n = 0; res->refs[n]; n++) /*noop*/ ;
+ } else {
+ n = 0;
+ }
+
+ res->refs = talloc_realloc(res, res->refs, char *, n + 2);
+ if (! res->refs) {
+ return request_error(sctx, LDB_ERR_OPERATIONS_ERROR);
+ }
+
+ res->refs[n] = talloc_move(res->refs, &ares->referral);
+ res->refs[n + 1] = NULL;
+ break;
+
+ case LDB_REPLY_DONE:
+ res->controls = talloc_move(res, &ares->controls);
+
+ /* this is the last message, and means the request is done */
+ return request_done(sctx);
+ }
+
+ talloc_free(ares);
+ return LDB_SUCCESS;
+}
+
+int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct ldb_context *ldb,
+ const char *name,
+ nss_ldb_callback_t fn, void *ptr)
+{
+ struct nss_ldb_search_ctx *sctx;
+ struct ldb_request *req;
+ static const char *attrs[] = NSS_PW_ATTRS;
+ char *expression;
+ int ret;
+
+ sctx = talloc(mem_ctx, struct nss_ldb_search_ctx);
+ if (!sctx) {
+ return RES_NOMEM;
+ }
+ sctx->callback = fn;
+ sctx->ptr = ptr;
+ sctx->res = talloc_zero(sctx, struct ldb_result);
+ if (!sctx->res) {
+ talloc_free(sctx);
+ return RES_NOMEM;
+ }
+
+ expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name);
+ if (!expression) {
+ talloc_free(sctx);
+ return RES_NOMEM;
+ }
+
+ ret = ldb_build_search_req(&req, ldb, sctx,
+ ldb_dn_new(sctx, ldb, NSS_USER_BASE),
+ LDB_SCOPE_SUBTREE,
+ expression, attrs, NULL,
+ sctx, getpwnam_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ return RES_ERROR;
+ }
+
+ ret = ldb_request(ldb, req);
+ if (ret != LDB_SUCCESS) {
+ return RES_ERROR;
+ }
+
+ return RES_SUCCESS;
+}
+
+int nss_ldb_init(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct ldb_context **ldbp)
+{
+ struct ldb_context *ldb;
+ int ret;
+
+ ldb = ldb_init(mem_ctx, ev);
+ if (!ldb) {
+ return RES_ERROR;
+ }
+
+ ret = ldb_connect(ldb, NSS_LDB_PATH, 0, NULL);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(ldb);
+ return RES_ERROR;
+ }
+
+ *ldbp = ldb;
+
+ return RES_SUCCESS;
+}
diff --git a/server/nss/nsssrv_ldb.h b/server/nss/nsssrv_ldb.h
new file mode 100644
index 00000000..a50216d0
--- /dev/null
+++ b/server/nss/nsssrv_ldb.h
@@ -0,0 +1,19 @@
+
+#define NSS_PW_NAME "uid"
+#define NSS_PW_UIDNUM "uidNumber"
+#define NSS_PW_GIDNUM "gidNumber"
+#define NSS_PW_FULLNAME "fullName"
+#define NSS_PW_HOMEDIR "HomeDirectory"
+#define NSS_PW_SHELL "loginShell"
+
+typedef int (*nss_ldb_callback_t)(void *, int, struct ldb_result *);
+
+int nss_ldb_init(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct ldb_context **ldb);
+
+int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx,
+ struct event_context *ev,
+ struct ldb_context *ldb,
+ const char *name,
+ nss_ldb_callback_t fn, void *ptr);