diff options
Diffstat (limited to 'server/providers/proxy.c')
-rw-r--r-- | server/providers/proxy.c | 397 |
1 files changed, 349 insertions, 48 deletions
diff --git a/server/providers/proxy.c b/server/providers/proxy.c index a9469219..62638c1f 100644 --- a/server/providers/proxy.c +++ b/server/providers/proxy.c @@ -55,67 +55,82 @@ struct proxy_ctx { struct proxy_nss_ops ops; }; -static int get_pw_name(struct be_ctx *be_ctx, struct proxy_ctx *proxy_ctx, char *name) +static void proxy_reply(struct be_req *req, int error, const char *errstr) { - struct proxy_nss_ops *ops = &proxy_ctx->ops; + return req->fn(req, error, errstr); +} + +static void get_pw_name(struct be_req *req, char *name) +{ + struct proxy_ctx *ctx; enum nss_status status; struct passwd result; char *buffer; int ret; + ctx = talloc_get_type(req->be_ctx->pvt_data, struct proxy_ctx); + buffer = talloc_size(NULL, 4096); - if (!buffer) return ENOMEM; + if (!buffer) + return proxy_reply(req, ENOMEM, "Out of memory"); - status = ops->getpwnam_r(name, &result, buffer, 4096, &ret); + status = ctx->ops.getpwnam_r(name, &result, buffer, 4096, &ret); switch (status) { case NSS_STATUS_NOTFOUND: - ret = sysdb_posix_remove_user(be_ctx, be_ctx->sysdb, - be_ctx->domain, name); + ret = sysdb_posix_remove_user(req, req->be_ctx->sysdb, + req->be_ctx->domain, name); break; case NSS_STATUS_SUCCESS: - ret = sysdb_posix_store_user(be_ctx, be_ctx->sysdb, be_ctx->domain, + ret = sysdb_posix_store_user(req, req->be_ctx->sysdb, + req->be_ctx->domain, result.pw_name, result.pw_passwd, result.pw_uid, result.pw_gid, - result.pw_gecos, result.pw_dir, - result.pw_shell); + result.pw_gecos, result.pw_dir, + result.pw_shell); break; default: DEBUG(2, ("proxy -> getpwnam_r failed for '%s' (%d)[%s]\n", name, ret, strerror(ret))); talloc_free(buffer); - return ret; + return proxy_reply(req, ret, "Operation failed"); } if (ret != EOK) { DEBUG(1, ("Failed to update LDB Cache for '%s' (%d) !?\n", name, ret)); + talloc_free(buffer); + return proxy_reply(req, ret, "Operation failed"); } talloc_free(buffer); - return ret; + return proxy_reply(req, EOK, NULL); } -static int get_pw_uid(struct be_ctx *be_ctx, struct proxy_ctx *proxy_ctx, uid_t uid) +static void get_pw_uid(struct be_req *req, uid_t uid) { - struct proxy_nss_ops *ops = &proxy_ctx->ops; + struct proxy_ctx *ctx; enum nss_status status; struct passwd result; char *buffer; int ret; + ctx = talloc_get_type(req->be_ctx->pvt_data, struct proxy_ctx); + buffer = talloc_size(NULL, 4096); - if (!buffer) return ENOMEM; + if (!buffer) + return proxy_reply(req, ENOMEM, "Out of memory"); - status = ops->getpwuid_r(uid, &result, buffer, 4096, &ret); + status = ctx->ops.getpwuid_r(uid, &result, buffer, 4096, &ret); switch (status) { case NSS_STATUS_NOTFOUND: - ret = sysdb_posix_remove_user_by_uid(be_ctx, be_ctx->sysdb, - be_ctx->domain,uid); + ret = sysdb_posix_remove_user_by_uid(req, req->be_ctx->sysdb, + req->be_ctx->domain,uid); break; case NSS_STATUS_SUCCESS: - ret = sysdb_posix_store_user(be_ctx, be_ctx->sysdb, be_ctx->domain, + ret = sysdb_posix_store_user(req, req->be_ctx->sysdb, + req->be_ctx->domain, result.pw_name, result.pw_passwd, result.pw_uid, result.pw_gid, result.pw_gecos, result.pw_dir, @@ -125,82 +140,368 @@ static int get_pw_uid(struct be_ctx *be_ctx, struct proxy_ctx *proxy_ctx, uid_t DEBUG(2, ("proxy -> getpwuid_r failed for '%lu' (%d)[%s]\n", (unsigned long)uid, ret, strerror(ret))); talloc_free(buffer); - return ret; + return proxy_reply(req, ret, "Operation failed"); } if (ret != EOK) { DEBUG(1, ("Failed to update LDB Cache for '%lu' (%d) !?\n", (unsigned long)uid, ret)); + talloc_free(buffer); + return proxy_reply(req, ret, "Operation failed"); } talloc_free(buffer); - return ret; + return proxy_reply(req, EOK, NULL); } -static int proxy_check_online(struct be_ctx *be_ctx, int *reply) +#define MAX_BUF_SIZE 1024*1024 /* max 1MiB */ + +static void enum_users(struct be_req *req) { - *reply = MOD_ONLINE; - return EOK; + struct proxy_ctx *ctx; + enum nss_status status; + struct passwd result; + char *buffer, *newb; + size_t buflen; + const char *errstr; + int ret; + + ctx = talloc_get_type(req->be_ctx->pvt_data, struct proxy_ctx); + + buflen = 4096; + buffer = talloc_size(NULL, buflen); + if (!buffer) + return proxy_reply(req, ENOMEM, "Out of memory"); + + status = ctx->ops.setpwent(); + if (status != NSS_STATUS_SUCCESS) + return proxy_reply(req, EIO, "Operation failed"); + + while (status == NSS_STATUS_SUCCESS) { + + status = ctx->ops.getpwent_r(&result, buffer, buflen, &ret); + + switch (status) { + case NSS_STATUS_TRYAGAIN: + /* buffer too small ? */ + if (buflen < MAX_BUF_SIZE) { + buflen *= 2; + } + if (buflen > MAX_BUF_SIZE) { + buflen = MAX_BUF_SIZE; + } + newb = talloc_realloc_size(NULL, buffer, buflen); + if (!newb) { + errstr = "Out of memory"; + ret = ENOMEM; + goto done; + } + buffer = newb; + status = NSS_STATUS_SUCCESS; + break; + + case NSS_STATUS_NOTFOUND: + /* we got last one */ + break; + + case NSS_STATUS_SUCCESS: + ret = sysdb_posix_store_user(req, req->be_ctx->sysdb, + req->be_ctx->domain, + result.pw_name, result.pw_passwd, + result.pw_uid, result.pw_gid, + result.pw_gecos, result.pw_dir, + result.pw_shell); + if (ret != EOK) { + DEBUG(1, ("Failed to update LDB Cache for '%s' (%d)[%s] !?\n", + (unsigned long)result.pw_name, ret, strerror(ret))); + } + break; + + default: + DEBUG(2, ("proxy -> getpwent_r failed (%d)[%s]\n", + ret, strerror(ret))); + errstr = "Operation failed"; + goto done; + } + } + + errstr = NULL; + ret = EOK; + +done: + talloc_free(buffer); + ctx->ops.endpwent(); + return proxy_reply(req, ret, errstr); +} + +static void get_gr_name(struct be_req *req, char *name) +{ + struct proxy_ctx *ctx; + enum nss_status status; + struct group result; + char *buffer; + int ret; + + ctx = talloc_get_type(req->be_ctx->pvt_data, struct proxy_ctx); + + buffer = talloc_size(NULL, 4096); + if (!buffer) + return proxy_reply(req, ENOMEM, "Out of memory"); + + status = ctx->ops.getgrnam_r(name, &result, buffer, 4096, &ret); + + switch (status) { + case NSS_STATUS_NOTFOUND: + ret = sysdb_posix_remove_group(req, req->be_ctx->sysdb, + req->be_ctx->domain, name); + break; + case NSS_STATUS_SUCCESS: + /* FIXME: check members are all available or fetch them */ + ret = sysdb_posix_store_group(req, req->be_ctx->sysdb, + req->be_ctx->domain, result.gr_name, + result.gr_gid, result.gr_mem); + break; + default: + DEBUG(2, ("proxy -> getpwnam_r failed for '%s' (%d)[%s]\n", + name, ret, strerror(ret))); + talloc_free(buffer); + return proxy_reply(req, ret, "Operation failed"); + } + + if (ret != EOK) { + DEBUG(1, ("Failed to update LDB Cache for '%s' (%d) !?\n", + name, ret)); + talloc_free(buffer); + return proxy_reply(req, ret, "Operation failed"); + } + + talloc_free(buffer); + return proxy_reply(req, EOK, NULL); +} + +static void get_gr_gid(struct be_req *req, gid_t gid) +{ + struct proxy_ctx *ctx; + enum nss_status status; + struct group result; + char *buffer; + int ret; + + ctx = talloc_get_type(req->be_ctx->pvt_data, struct proxy_ctx); + + buffer = talloc_size(NULL, 4096); + if (!buffer) + return proxy_reply(req, ENOMEM, "Out of memory"); + + status = ctx->ops.getgrgid_r(gid, &result, buffer, 4096, &ret); + + switch (status) { + case NSS_STATUS_NOTFOUND: + ret = sysdb_posix_remove_group_by_gid(req, req->be_ctx->sysdb, + req->be_ctx->domain, gid); + break; + case NSS_STATUS_SUCCESS: + ret = sysdb_posix_store_group(req, req->be_ctx->sysdb, + req->be_ctx->domain, result.gr_name, + result.gr_gid, result.gr_mem); + break; + default: + DEBUG(2, ("proxy -> getgrgid_r failed for '%lu' (%d)[%s]\n", + (unsigned long)gid, ret, strerror(ret))); + talloc_free(buffer); + return proxy_reply(req, ret, "Operation failed"); + } + + if (ret != EOK) { + DEBUG(1, ("Failed to update LDB Cache for '%lu' (%d) !?\n", + (unsigned long)gid, ret)); + talloc_free(buffer); + return proxy_reply(req, ret, "Operation failed"); + } + + talloc_free(buffer); + return proxy_reply(req, EOK, NULL); } -static int proxy_get_account_info(struct be_ctx *be_ctx, - int entry_type, int attr_type, - int filter_type, char *filter_value) +static void enum_groups(struct be_req *req) { struct proxy_ctx *ctx; + enum nss_status status; + struct group result; + char *buffer, *newb; + size_t buflen; + const char * errstr; + int ret; + + ctx = talloc_get_type(req->be_ctx->pvt_data, struct proxy_ctx); + + buflen = 4096; + buffer = talloc_size(NULL, buflen); + if (!buffer) + return proxy_reply(req, ENOMEM, "Out of memory"); + + status = ctx->ops.setgrent(); + if (status != NSS_STATUS_SUCCESS) + return proxy_reply(req, EIO, "Operation failed"); + + while (status == NSS_STATUS_SUCCESS) { + + status = ctx->ops.getgrent_r(&result, buffer, buflen, &ret); + + switch (status) { + case NSS_STATUS_TRYAGAIN: + /* buffer too small ? */ + if (buflen < MAX_BUF_SIZE) { + buflen *= 2; + } + if (buflen > MAX_BUF_SIZE) { + buflen = MAX_BUF_SIZE; + } + newb = talloc_realloc_size(NULL, buffer, buflen); + if (!newb) { + errstr = "Out of memory"; + ret = ENOMEM; + goto done; + } + buffer = newb; + status = NSS_STATUS_SUCCESS; + break; + + case NSS_STATUS_NOTFOUND: + /* we got last one */ + break; + + case NSS_STATUS_SUCCESS: + ret = sysdb_posix_store_group(req, req->be_ctx->sysdb, + req->be_ctx->domain, result.gr_name, + result.gr_gid, result.gr_mem); + if (ret != EOK) { + DEBUG(1, ("Failed to update LDB Cache for '%s' (%d)[%s] !?\n", + (unsigned long)result.gr_name, ret, strerror(ret))); + } + break; + + default: + DEBUG(2, ("proxy -> getgrent_r failed (%d)[%s]\n", + ret, strerror(ret))); + errstr = "Operation failed"; + goto done; + } + } + + errstr = NULL; + ret = EOK; + +done: + talloc_free(buffer); + ctx->ops.endgrent(); + return proxy_reply(req, ret, errstr); +} + +/* TODO: actually do check something */ +static void proxy_check_online(struct be_req *req) +{ + struct be_online_req *oreq; + + oreq = talloc_get_type(req->req_data, struct be_online_req); + + oreq->online = MOD_ONLINE; + + req->fn(req, EOK, NULL); +} + +/* TODO: See if we can use async_req code */ +static void proxy_get_account_info(struct be_req *req) +{ + struct be_acct_req *ar; uid_t uid; + gid_t gid; - ctx = talloc_get_type(be_ctx->pvt_data, struct proxy_ctx); + ar = talloc_get_type(req->req_data, struct be_acct_req); - switch (entry_type) { + switch (ar->entry_type) { case BE_REQ_USER: /* user */ - switch (filter_type) { + switch (ar->filter_type) { case BE_FILTER_NAME: - switch (attr_type) { + switch (ar->attr_type) { case BE_ATTR_CORE: - if (strchr(filter_value, '*')) { - /* TODO */ + if (strchr(ar->filter_value, '*')) { + return enum_users(req); } else { - return get_pw_name(be_ctx, ctx, filter_value); + return get_pw_name(req, ar->filter_value); } break; default: - return EINVAL; + return proxy_reply(req, EINVAL, "Invalid attr type"); } break; case BE_FILTER_IDNUM: - switch (attr_type) { + switch (ar->attr_type) { case BE_ATTR_CORE: - if (strchr(filter_value, '*')) { - return EINVAL; + if (strchr(ar->filter_value, '*')) { + return proxy_reply(req, EINVAL, "Invalid attr type"); } else { char *endptr; errno = 0; - uid = (uid_t)strtol(filter_value, &endptr, 0); - if (errno || *endptr || (filter_value == endptr)) { - return EINVAL; + uid = (uid_t)strtol(ar->filter_value, &endptr, 0); + if (errno || *endptr || (ar->filter_value == endptr)) { + return proxy_reply(req, EINVAL, "Invalid attr type"); } - return get_pw_uid(be_ctx, ctx, uid); + return get_pw_uid(req, uid); } break; default: - return EINVAL; + return proxy_reply(req, EINVAL, "Invalid attr type"); } break; default: - return EINVAL; + return proxy_reply(req, EINVAL, "Invalid filter type"); } break; case BE_REQ_GROUP: /* group */ - /* TODO */ - return EOK; + switch (ar->filter_type) { + case BE_FILTER_NAME: + switch (ar->attr_type) { + case BE_ATTR_CORE: + if (strchr(ar->filter_value, '*')) { + return enum_groups(req); + } else { + return get_gr_name(req, ar->filter_value); + } + break; + default: + return proxy_reply(req, EINVAL, "Invalid attr type"); + } + break; + case BE_FILTER_IDNUM: + switch (ar->attr_type) { + case BE_ATTR_CORE: + if (strchr(ar->filter_value, '*')) { + return proxy_reply(req, EINVAL, "Invalid attr type"); + } else { + char *endptr; + errno = 0; + gid = (gid_t)strtol(ar->filter_value, &endptr, 0); + if (errno || *endptr || (ar->filter_value == endptr)) { + return proxy_reply(req, EINVAL, "Invalid attr type"); + } + return get_gr_gid(req, gid); + } + break; + default: + return proxy_reply(req, EINVAL, "Invalid attr type"); + } + break; + default: + return proxy_reply(req, EINVAL, "Invalid filter type"); + } + break; + default: /*fail*/ - return EINVAL; + return proxy_reply(req, EINVAL, "Invalid request type"); } - - return EOK; } struct be_mod_ops proxy_mod_ops = { |