diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/nss/nsssrv.h | 7 | ||||
-rw-r--r-- | server/nss/nsssrv_cmd.c | 294 | ||||
-rw-r--r-- | server/nss/nsssrv_ldb.c | 97 | ||||
-rw-r--r-- | server/nss/nsssrv_ldb.h | 5 | ||||
-rw-r--r-- | server/nss/nsssrv_packet.c | 9 |
5 files changed, 335 insertions, 77 deletions
diff --git a/server/nss/nsssrv.h b/server/nss/nsssrv.h index 6ed679f4..6302c32c 100644 --- a/server/nss/nsssrv.h +++ b/server/nss/nsssrv.h @@ -30,6 +30,7 @@ #include "../nss_client/sss_nss.h" struct nss_ldb_ctx; +struct getent_ctx; struct nss_ctx { struct task_server *task; @@ -45,6 +46,7 @@ struct cli_ctx { struct fd_event *cfde; struct sockaddr_un addr; struct cli_request *creq; + struct getent_ctx *gctx; }; struct nss_packet; @@ -65,8 +67,9 @@ int nss_packet_new(TALLOC_CTX *mem_ctx, size_t size, int nss_packet_grow(struct nss_packet *packet, size_t size); int nss_packet_recv(struct nss_packet *packet, int fd); int nss_packet_send(struct nss_packet *packet, int fd); -enum sss_nss_command nss_get_cmd(struct nss_packet *packet); -void nss_get_body(struct nss_packet *packet, uint8_t **body, size_t *blen); +enum sss_nss_command nss_packet_get_cmd(struct nss_packet *packet); +void nss_packet_get_body(struct nss_packet *packet, uint8_t **body, size_t *blen); +void nss_packet_set_error(struct nss_packet *packet, int error); /* from nsssrv_cmd.c */ int nss_cmd_execute(struct cli_ctx *cctx); diff --git a/server/nss/nsssrv_cmd.c b/server/nss/nsssrv_cmd.c index cc255e4c..66676613 100644 --- a/server/nss/nsssrv_cmd.c +++ b/server/nss/nsssrv_cmd.c @@ -29,31 +29,52 @@ struct nss_cmd_ctx { struct cli_ctx *cctx; }; +struct getent_ctx { + struct ldb_result *pwds; + struct ldb_result *grps; + int pwd_cur; + int grp_cur; +}; + struct nss_cmd_table { enum sss_nss_command cmd; int (*fn)(struct cli_ctx *cctx); }; +static void nss_cmd_done(struct nss_cmd_ctx *nctx) +{ + /* now that the packet is in place, unlock queue + * making the event writable */ + EVENT_FD_WRITEABLE(nctx->cctx->cfde); + + /* free all request related data through the talloc hierarchy */ + talloc_free(nctx); +} + static int nss_cmd_get_version(struct cli_ctx *cctx) { + struct nss_cmd_ctx *nctx; uint8_t *body; size_t blen; int ret; + nctx = talloc(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + /* create response packet */ ret = nss_packet_new(cctx->creq, sizeof(uint32_t), - nss_get_cmd(cctx->creq->in), + nss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } - nss_get_body(cctx->creq->out, &body, &blen); + nss_packet_get_body(cctx->creq->out, &body, &blen); ((uint32_t *)body)[0] = SSS_NSS_VERSION; - /* now that the packet is in place, unlock queue - * making the event writable */ - EVENT_FD_WRITEABLE(cctx->cfde); - + nss_cmd_done(nctx); return EOK; } @@ -104,7 +125,7 @@ static int fill_pwent(struct nss_packet *packet, num = 0; goto done; } - nss_get_body(packet, &body, &blen); + nss_packet_get_body(packet, &body, &blen); ((uint64_t *)(&body[rp]))[0] = uid; ((uint64_t *)(&body[rp]))[1] = gid; @@ -124,7 +145,7 @@ static int fill_pwent(struct nss_packet *packet, } done: - nss_get_body(packet, &body, &blen); + nss_packet_get_body(packet, &body, &blen); ((uint32_t *)body)[0] = num; /* num results */ ((uint32_t *)body)[1] = 0; /* reserved */ @@ -140,6 +161,19 @@ static int nss_cmd_getpw_callback(void *ptr, int status, size_t blen; int ret; + /* create response packet */ + ret = nss_packet_new(cctx->creq, 0, + nss_packet_get_cmd(cctx->creq->in), + &cctx->creq->out); + if (ret != EOK) { + return ret; + } + + if (status != LDB_SUCCESS) { + nss_packet_set_error(cctx->creq->out, status); + goto done; + } + if (res->count != 1) { if (res->count > 1) { DEBUG(1, ("getpwnam call returned more than oine result !?!\n")); @@ -148,36 +182,23 @@ static int nss_cmd_getpw_callback(void *ptr, int status, DEBUG(2, ("No results for getpwnam call")); } ret = nss_packet_new(cctx->creq, 2*sizeof(uint32_t), - nss_get_cmd(cctx->creq->in), + nss_packet_get_cmd(cctx->creq->in), &cctx->creq->out); if (ret != EOK) { return ret; } - nss_get_body(cctx->creq->out, &body, &blen); + nss_packet_get_body(cctx->creq->out, &body, &blen); ((uint32_t *)body)[0] = 0; /* 0 results */ ((uint32_t *)body)[1] = 0; /* reserved */ goto done; } - /* create response packet */ - ret = nss_packet_new(cctx->creq, 0, - nss_get_cmd(cctx->creq->in), - &cctx->creq->out); - if (ret != EOK) { - return ret; - } - ret = fill_pwent(cctx->creq->out, res->msgs, res->count); + nss_packet_set_error(cctx->creq->out, ret); done: - /* now that the packet is in place, unlock queue - * making the event writable */ - EVENT_FD_WRITEABLE(cctx->cfde); - - /* free all request related data through the talloc hierarchy */ - talloc_free(nctx); - - return ret; + nss_cmd_done(nctx); + return EOK; } static int nss_cmd_getpwnam(struct cli_ctx *cctx) @@ -189,7 +210,7 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) const char *name; /* get user name to query */ - nss_get_body(cctx->creq->in, &body, &blen); + nss_packet_get_body(cctx->creq->in, &body, &blen); name = (const char *)body; /* if not terminated fail */ if (name[blen -1] != '\0') { @@ -216,8 +237,8 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx) int ret; uint64_t uid; - /* get user name to query */ - nss_get_body(cctx->creq->in, &body, &blen); + /* get uid to query */ + nss_packet_get_body(cctx->creq->in, &body, &blen); if (blen != sizeof(uint64_t)) { return EINVAL; @@ -237,10 +258,223 @@ static int nss_cmd_getpwuid(struct cli_ctx *cctx) return ret; } +/* to keep it simple at this stage we are retrieving the + * full enumeration again for each request for each process + * and we also block on setpwent() for the full time needed + * to retrieve the data. And endpwent() frees all the data. + * Next steps are: + * - use and nsssrv wide cache with data already structured + * so that it can be immediately returned (see nscd way) + * - use mutexes so that setpwent() can return immediately + * even if the data is still being fetched + * - make getpwent() wait on the mutex + */ +static int nss_cmd_setpwent_callback(void *ptr, int status, + struct ldb_result *res) +{ + struct nss_cmd_ctx *nctx = talloc_get_type(ptr, struct nss_cmd_ctx); + struct cli_ctx *cctx = nctx->cctx; + struct getent_ctx *gctx = cctx->gctx; + int ret; + + /* create response packet */ + ret = nss_packet_new(cctx->creq, 0, + nss_packet_get_cmd(cctx->creq->in), + &cctx->creq->out); + if (ret != EOK) { + return ret; + } + + if (status != LDB_SUCCESS) { + nss_packet_set_error(cctx->creq->out, status); + goto done; + } + + gctx->pwds = talloc_steal(gctx, res); + +done: + nss_cmd_done(nctx); + return EOK; +} + +static int nss_cmd_setpwent(struct cli_ctx *cctx) +{ + struct nss_cmd_ctx *nctx; + struct getent_ctx *gctx; + int ret; + + nctx = talloc(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + + if (cctx->gctx == NULL) { + gctx = talloc_zero(cctx, struct getent_ctx); + if (!gctx) { + talloc_free(nctx); + return ENOMEM; + } + cctx->gctx = gctx; + } + if (cctx->gctx->pwds) { + talloc_free(cctx->gctx->pwds); + cctx->gctx->pwds = NULL; + cctx->gctx->pwd_cur = 0; + } + + ret = nss_ldb_enumpwent(nctx, cctx->ev, cctx->ldb, + nss_cmd_setpwent_callback, nctx); + + return ret; +} + +static int nss_cmd_retpwent(struct cli_ctx *cctx, int num) +{ + struct getent_ctx *gctx = cctx->gctx; + int n, ret; + + n = gctx->pwds->count - gctx->pwd_cur; + if (n > num) n = num; + + ret = fill_pwent(cctx->creq->out, &(gctx->pwds->msgs[gctx->pwd_cur]), n); + gctx->pwd_cur += n; + + return ret; +} + +/* used only if a process calls getpwent() without first calling setpwent() + * in this case we basically trigger an implicit setpwent() */ +static int nss_cmd_getpwent_callback(void *ptr, int status, + struct ldb_result *res) +{ + struct nss_cmd_ctx *nctx = talloc_get_type(ptr, struct nss_cmd_ctx); + struct cli_ctx *cctx = nctx->cctx; + struct getent_ctx *gctx = cctx->gctx; + uint8_t *body; + size_t blen; + uint32_t num; + int ret; + + /* get max num of entries to return in one call */ + nss_packet_get_body(cctx->creq->in, &body, &blen); + if (blen != sizeof(uint32_t)) { + return EINVAL; + } + num = *((uint32_t *)body); + + /* create response packet */ + ret = nss_packet_new(cctx->creq, 0, + nss_packet_get_cmd(cctx->creq->in), + &cctx->creq->out); + if (ret != EOK) { + return ret; + } + + if (status != LDB_SUCCESS) { + nss_packet_set_error(cctx->creq->out, status); + goto done; + } + + gctx->pwds = talloc_steal(gctx, res); + + ret = nss_cmd_retpwent(cctx, num); + nss_packet_set_error(cctx->creq->out, ret); + +done: + nss_cmd_done(nctx); + return EOK; +} + +static int nss_cmd_getpwent(struct cli_ctx *cctx) +{ + struct nss_cmd_ctx *nctx; + struct getent_ctx *gctx; + uint8_t *body; + size_t blen; + uint32_t num; + int ret; + + /* get max num of entries to return in one call */ + nss_packet_get_body(cctx->creq->in, &body, &blen); + if (blen != sizeof(uint32_t)) { + return EINVAL; + } + num = *((uint32_t *)body); + + nctx = talloc(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + + /* see if we need to trigger an implicit setpwent() */ + if (cctx->gctx == NULL || cctx->gctx->pwds == NULL) { + if (cctx->gctx == NULL) { + gctx = talloc_zero(cctx, struct getent_ctx); + if (!gctx) { + talloc_free(nctx); + return ENOMEM; + } + cctx->gctx = gctx; + } + if (cctx->gctx->pwds == NULL) { + ret = nss_ldb_enumpwent(nctx, cctx->ev, cctx->ldb, + nss_cmd_getpwent_callback, nctx); + return ret; + } + } + + /* create response packet */ + ret = nss_packet_new(cctx->creq, 0, + nss_packet_get_cmd(cctx->creq->in), + &cctx->creq->out); + if (ret != EOK) { + return ret; + } + + ret = nss_cmd_retpwent(cctx, num); + nss_packet_set_error(cctx->creq->out, ret); + nss_cmd_done(nctx); + return EOK; +} + +static int nss_cmd_endpwent(struct cli_ctx *cctx) +{ + struct nss_cmd_ctx *nctx; + int ret; + + nctx = talloc(cctx, struct nss_cmd_ctx); + if (!nctx) { + return ENOMEM; + } + nctx->cctx = cctx; + + /* create response packet */ + ret = nss_packet_new(cctx->creq, 0, + nss_packet_get_cmd(cctx->creq->in), + &cctx->creq->out); + + if (cctx->gctx == NULL) goto done; + if (cctx->gctx->pwds == NULL) goto done; + + /* free results and reset */ + talloc_free(cctx->gctx->pwds); + cctx->gctx->pwds = NULL; + cctx->gctx->pwd_cur = 0; + +done: + nss_cmd_done(nctx); + return EOK; +} + struct nss_cmd_table nss_cmds[] = { {SSS_NSS_GET_VERSION, nss_cmd_get_version}, {SSS_NSS_GETPWNAM, nss_cmd_getpwnam}, {SSS_NSS_GETPWUID, nss_cmd_getpwuid}, + {SSS_NSS_SETPWENT, nss_cmd_setpwent}, + {SSS_NSS_GETPWENT, nss_cmd_getpwent}, + {SSS_NSS_ENDPWENT, nss_cmd_endpwent}, {SSS_NSS_NULL, NULL} }; @@ -249,7 +483,7 @@ int nss_cmd_execute(struct cli_ctx *cctx) enum sss_nss_command cmd; int i; - cmd = nss_get_cmd(cctx->creq->in); + cmd = nss_packet_get_cmd(cctx->creq->in); for (i = 0; nss_cmds[i].cmd != SSS_NSS_NULL; i++) { if (cmd == nss_cmds[i].cmd) { diff --git a/server/nss/nsssrv_ldb.c b/server/nss/nsssrv_ldb.c index 023d63be..a54bc6a5 100644 --- a/server/nss/nsssrv_ldb.c +++ b/server/nss/nsssrv_ldb.c @@ -40,13 +40,13 @@ static int nss_ldb_error_to_errno(int lerr) static int request_error(struct nss_ldb_search_ctx *sctx, int ldb_error) { - sctx->callback(sctx->ptr, ldb_error, sctx->res); + sctx->callback(sctx->ptr, nss_ldb_error_to_errno(ldb_error), sctx->res); return ldb_error; } static int request_done(struct nss_ldb_search_ctx *sctx) { - return sctx->callback(sctx->ptr, LDB_SUCCESS, sctx->res); + return sctx->callback(sctx->ptr, EOK, sctx->res); } static int getpw_callback(struct ldb_request *req, @@ -108,35 +108,33 @@ static int getpw_callback(struct ldb_request *req, return LDB_SUCCESS; } -int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, - struct event_context *ev, - struct ldb_context *ldb, - const char *name, - nss_ldb_callback_t fn, void *ptr) +static struct nss_ldb_search_ctx *init_sctx(TALLOC_CTX *mem_ctx, + nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; - struct ldb_request *req; - static const char *attrs[] = NSS_PW_ATTRS; - char *expression; - int ret; sctx = talloc(mem_ctx, struct nss_ldb_search_ctx); if (!sctx) { - return ENOMEM; + return NULL; } sctx->callback = fn; sctx->ptr = ptr; sctx->res = talloc_zero(sctx, struct ldb_result); if (!sctx->res) { talloc_free(sctx); - return ENOMEM; + return NULL; } - expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); - if (!expression) { - talloc_free(sctx); - return ENOMEM; - } + return sctx; +} + +static int do_search(struct nss_ldb_search_ctx *sctx, + struct ldb_context *ldb, + const char *expression) +{ + static const char *attrs[] = NSS_PW_ATTRS; + struct ldb_request *req; + int ret; ret = ldb_build_search_req(&req, ldb, sctx, ldb_dn_new(sctx, ldb, NSS_USER_BASE), @@ -145,7 +143,7 @@ int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, sctx, getpw_callback, NULL); if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret);; + return nss_ldb_error_to_errno(ret); } ret = ldb_request(ldb, req); @@ -156,53 +154,66 @@ int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, return EOK; } -int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, +int nss_ldb_getpwnam(TALLOC_CTX *mem_ctx, struct event_context *ev, struct ldb_context *ldb, - uint64_t uid, + const char *name, nss_ldb_callback_t fn, void *ptr) { struct nss_ldb_search_ctx *sctx; - struct ldb_request *req; - static const char *attrs[] = NSS_PW_ATTRS; - unsigned long long int filter_uid = uid; char *expression; - int ret; - sctx = talloc(mem_ctx, struct nss_ldb_search_ctx); + sctx = init_sctx(mem_ctx, fn, ptr); if (!sctx) { return ENOMEM; } - sctx->callback = fn; - sctx->ptr = ptr; - sctx->res = talloc_zero(sctx, struct ldb_result); - if (!sctx->res) { + + expression = talloc_asprintf(sctx, NSS_PWNAM_FILTER, name); + if (!expression) { talloc_free(sctx); return ENOMEM; } + return do_search(sctx, ldb, expression); +} + +int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct ldb_context *ldb, + uint64_t uid, + nss_ldb_callback_t fn, void *ptr) +{ + struct nss_ldb_search_ctx *sctx; + unsigned long long int filter_uid = uid; + char *expression; + + sctx = init_sctx(mem_ctx, fn, ptr); + if (!sctx) { + return ENOMEM; + } + expression = talloc_asprintf(sctx, NSS_PWUID_FILTER, filter_uid); if (!expression) { talloc_free(sctx); return ENOMEM; } - ret = ldb_build_search_req(&req, ldb, sctx, - ldb_dn_new(sctx, ldb, NSS_USER_BASE), - LDB_SCOPE_SUBTREE, - expression, attrs, NULL, - sctx, getpw_callback, - NULL); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); - } + return do_search(sctx, ldb, expression); +} - ret = ldb_request(ldb, req); - if (ret != LDB_SUCCESS) { - return nss_ldb_error_to_errno(ret); +int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct ldb_context *ldb, + nss_ldb_callback_t fn, void *ptr) +{ + struct nss_ldb_search_ctx *sctx; + + sctx = init_sctx(mem_ctx, fn, ptr); + if (!sctx) { + return ENOMEM; } - return EOK; + return do_search(sctx, ldb, NSS_PWENT_FILTER); } int nss_ldb_init(TALLOC_CTX *mem_ctx, diff --git a/server/nss/nsssrv_ldb.h b/server/nss/nsssrv_ldb.h index 924c41d7..a57a9119 100644 --- a/server/nss/nsssrv_ldb.h +++ b/server/nss/nsssrv_ldb.h @@ -23,3 +23,8 @@ int nss_ldb_getpwuid(TALLOC_CTX *mem_ctx, struct ldb_context *ldb, uint64_t uid, nss_ldb_callback_t fn, void *ptr); + +int nss_ldb_enumpwent(TALLOC_CTX *mem_ctx, + struct event_context *ev, + struct ldb_context *ldb, + nss_ldb_callback_t fn, void *ptr); diff --git a/server/nss/nsssrv_packet.c b/server/nss/nsssrv_packet.c index c4758ba5..c15f5c76 100644 --- a/server/nss/nsssrv_packet.c +++ b/server/nss/nsssrv_packet.c @@ -197,13 +197,18 @@ int nss_packet_send(struct nss_packet *packet, int fd) return EOK; } -enum sss_nss_command nss_get_cmd(struct nss_packet *packet) +enum sss_nss_command nss_packet_get_cmd(struct nss_packet *packet) { return (enum sss_nss_command)(*packet->cmd); } -void nss_get_body(struct nss_packet *packet, uint8_t **body, size_t *blen) +void nss_packet_get_body(struct nss_packet *packet, uint8_t **body, size_t *blen) { *body = packet->body; *blen = *packet->len - SSS_NSS_HEADER_SIZE; } + +void nss_packet_set_error(struct nss_packet *packet, int error) +{ + *(packet->status) = error; +} |