summaryrefslogtreecommitdiffstats
path: root/server/responder/nss
diff options
context:
space:
mode:
authorSimo Sorce <ssorce@redhat.com>2009-04-16 18:35:06 -0400
committerSimo Sorce <ssorce@redhat.com>2009-04-17 14:58:46 -0400
commit65951186e13fea410d087c84f7332b04d116f8fc (patch)
treeafc9a8c181d068d518e9e5f75fb7c30ff6db2f53 /server/responder/nss
parent8f209f1cee137e410386b68f82a31c9ba862fe19 (diff)
downloadsssd-65951186e13fea410d087c84f7332b04d116f8fc.tar.gz
sssd-65951186e13fea410d087c84f7332b04d116f8fc.tar.xz
sssd-65951186e13fea410d087c84f7332b04d116f8fc.zip
Force user check and discover user's domain
Force a user lookup against the users domain provider. If a user domain is not specified search though all non fully qualifying domains. Perform authentication against the corrent domain auth backend, based on the user's domain found in the lookup if one was not specified. Also move the NSS-DP functions in COMMON-DP as they are reused by the PAM responder too now.
Diffstat (limited to 'server/responder/nss')
-rw-r--r--server/responder/nss/nsssrv.h17
-rw-r--r--server/responder/nss/nsssrv_dp.c261
2 files changed, 0 insertions, 278 deletions
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index 37d3735d0..cbbb9cc64 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -68,24 +68,7 @@ struct nss_packet;
int nss_cmd_execute(struct cli_ctx *cctx);
/* from nsssrv_dp.c */
-#define NSS_DP_USER 1
-#define NSS_DP_GROUP 2
-#define NSS_DP_INITGROUPS 3
-
-typedef void (*nss_dp_callback_t)(uint16_t err_maj, uint32_t err_min,
- const char *err_msg, void *ptr);
-
-int nss_dp_send_acct_req(struct resp_ctx *rctx, TALLOC_CTX *memctx,
- nss_dp_callback_t callback, void *callback_ctx,
- int timeout, const char *domain, int type,
- const char *opt_name, uint32_t opt_id);
-
struct sbus_method *get_nss_dp_methods(void);
struct sss_cmd_table *get_nss_cmds(void);
-int nss_parse_name(TALLOC_CTX *memctx,
- struct nss_ctx *nctx,
- const char *origname,
- const char **domain, const char **name);
-
#endif /* __NSSSRV_H__ */
diff --git a/server/responder/nss/nsssrv_dp.c b/server/responder/nss/nsssrv_dp.c
index b2e15df3a..943a872c2 100644
--- a/server/responder/nss/nsssrv_dp.c
+++ b/server/responder/nss/nsssrv_dp.c
@@ -28,267 +28,6 @@
#include "sbus/sbus_client.h"
#include "providers/dp_sbus.h"
-struct nss_dp_req {
- nss_dp_callback_t callback;
- void *callback_ctx;
- struct tevent_timer *te;
- DBusPendingCall *pending_reply;
-};
-
-static int nss_dp_req_destructor(void *ptr)
-{
- struct nss_dp_req *req = talloc_get_type(ptr, struct nss_dp_req);
-
- if (req->pending_reply) {
- dbus_pending_call_cancel(req->pending_reply);
- }
-
- return 0;
-}
-
-static void nss_dp_send_acct_timeout(struct tevent_context *ev,
- struct tevent_timer *te,
- struct timeval t, void *data)
-{
- struct nss_dp_req *ndp_req;
- dbus_uint16_t err_maj = DP_ERR_TIMEOUT;
- dbus_uint32_t err_min = EIO;
- const char *err_msg = "Request timed out";
-
- ndp_req = talloc_get_type(data, struct nss_dp_req);
-
- ndp_req->callback(err_maj, err_min, err_msg, ndp_req->callback_ctx);
-
- talloc_free(ndp_req);
-}
-
-static int nss_dp_get_reply(DBusPendingCall *pending,
- dbus_uint16_t *err_maj,
- dbus_uint32_t *err_min,
- const char **err_msg);
-
-static void nss_dp_send_acct_callback(DBusPendingCall *pending, void *ptr)
-{
- struct nss_dp_req *ndp_req;
- dbus_uint16_t err_maj;
- dbus_uint32_t err_min;
- const char *err_msg;
- int ret;
-
- ndp_req = talloc_get_type(ptr, struct nss_dp_req);
-
- /* free timeout event and remove request destructor */
- talloc_free(ndp_req->te);
- talloc_set_destructor(ndp_req, NULL);
-
- ret = nss_dp_get_reply(pending, &err_maj, &err_min, &err_msg);
- if (ret != EOK) {
- err_maj = DP_ERR_FATAL;
- err_min = ret;
- err_msg = "Failed to get reply from Data Provider";
- }
-
- ndp_req->callback(err_maj, err_min, err_msg, ndp_req->callback_ctx);
-
- talloc_free(ndp_req);
-}
-
-int nss_dp_send_acct_req(struct resp_ctx *rctx, TALLOC_CTX *memctx,
- nss_dp_callback_t callback, void *callback_ctx,
- int timeout, const char *domain, int type,
- const char *opt_name, uint32_t opt_id)
-{
- struct nss_dp_req *ndp_req;
- DBusMessage *msg;
- DBusPendingCall *pending_reply;
- DBusConnection *conn;
- dbus_bool_t ret;
- uint32_t be_type;
- const char *attrs = "core";
- char *filter;
- struct timeval tv;
-
- /* either, or, not both */
- if (opt_name && opt_id) {
- return EINVAL;
- }
-
- if (!domain) {
- return EINVAL;
- }
-
- switch (type) {
- case NSS_DP_USER:
- be_type = BE_REQ_USER;
- break;
- case NSS_DP_GROUP:
- be_type = BE_REQ_GROUP;
- break;
- case NSS_DP_INITGROUPS:
- be_type = BE_REQ_INITGROUPS;
- break;
- default:
- return EINVAL;
- }
-
- if (opt_name) {
- filter = talloc_asprintf(memctx, "name=%s", opt_name);
- } else if (opt_id) {
- filter = talloc_asprintf(memctx, "idnumber=%u", opt_id);
- } else {
- filter = talloc_strdup(memctx, "name=*");
- }
- if (!filter) {
- return ENOMEM;
- }
-
- /* double check dp_ctx has actually been initialized.
- * in some pathological cases it may happen that nss starts up before
- * dp connection code is actually able to establish a connection.
- */
- if (!rctx->dp_ctx) {
- DEBUG(1, ("The Data Provider connection is not available yet!"
- " This maybe a bug, it shouldn't happen!\n"));
- return EIO;
- }
- conn = sbus_get_connection(rctx->dp_ctx->scon_ctx);
-
- /* create the message */
- msg = dbus_message_new_method_call(NULL,
- DP_CLI_PATH,
- DP_CLI_INTERFACE,
- DP_SRV_METHOD_GETACCTINFO);
- if (msg == NULL) {
- DEBUG(0,("Out of memory?!\n"));
- return ENOMEM;
- }
-
- DEBUG(4, ("Sending request for [%s][%u][%s][%s]\n",
- domain, be_type, attrs, filter));
-
- ret = dbus_message_append_args(msg,
- DBUS_TYPE_STRING, &domain,
- DBUS_TYPE_UINT32, &be_type,
- DBUS_TYPE_STRING, &attrs,
- DBUS_TYPE_STRING, &filter,
- DBUS_TYPE_INVALID);
- if (!ret) {
- DEBUG(1,("Failed to build message\n"));
- return EIO;
- }
-
- ret = dbus_connection_send_with_reply(conn, msg, &pending_reply,
- 600000 /* TODO: set timeout */);
- if (!ret) {
- /*
- * Critical Failure
- * We can't communicate on this connection
- * We'll drop it using the default destructor.
- */
- DEBUG(0, ("D-BUS send failed.\n"));
- dbus_message_unref(msg);
- return EIO;
- }
-
- ndp_req = talloc_zero(memctx, struct nss_dp_req);
- if (!ndp_req) {
- dbus_message_unref(msg);
- return ENOMEM;
- }
- ndp_req->callback = callback;
- ndp_req->callback_ctx = callback_ctx;
-
- /* set up destructor */
- ndp_req->pending_reply = pending_reply;
- talloc_set_destructor((TALLOC_CTX *)ndp_req, nss_dp_req_destructor);
-
- /* setup the timeout handler */
- gettimeofday(&tv, NULL);
- tv.tv_sec += timeout/1000;
- tv.tv_usec += (timeout%1000) * 1000;
- ndp_req->te = tevent_add_timer(rctx->ev, memctx, tv,
- nss_dp_send_acct_timeout, ndp_req);
-
- /* Set up the reply handler */
- dbus_pending_call_set_notify(pending_reply,
- nss_dp_send_acct_callback,
- ndp_req, NULL);
- dbus_message_unref(msg);
-
- return EOK;
-}
-
-static int nss_dp_get_reply(DBusPendingCall *pending,
- dbus_uint16_t *err_maj,
- dbus_uint32_t *err_min,
- const char **err_msg)
-{
- DBusMessage *reply;
- DBusError dbus_error;
- dbus_bool_t ret;
- int type;
- int err = EOK;
-
- dbus_error_init(&dbus_error);
-
- reply = dbus_pending_call_steal_reply(pending);
- if (!reply) {
- /* reply should never be null. This function shouldn't be called
- * until reply is valid or timeout has occurred. If reply is NULL
- * here, something is seriously wrong and we should bail out.
- */
- DEBUG(0, ("Severe error. A reply callback was called but no reply was received and no timeout occurred\n"));
-
- /* FIXME: Destroy this connection ? */
- err = EIO;
- goto done;
- }
-
- type = dbus_message_get_type(reply);
- switch (type) {
- case DBUS_MESSAGE_TYPE_METHOD_RETURN:
- ret = dbus_message_get_args(reply, &dbus_error,
- DBUS_TYPE_UINT16, err_maj,
- DBUS_TYPE_UINT32, err_min,
- DBUS_TYPE_STRING, err_msg,
- DBUS_TYPE_INVALID);
- if (!ret) {
- DEBUG(1,("Filed to parse message\n"));
- /* FIXME: Destroy this connection ? */
- if (dbus_error_is_set(&dbus_error)) dbus_error_free(&dbus_error);
- err = EIO;
- goto done;
- }
-
- DEBUG(4, ("Got reply (%u, %u, %s) from Data Provider\n",
- (unsigned int)*err_maj, (unsigned int)*err_min, *err_msg));
-
- break;
-
- case DBUS_MESSAGE_TYPE_ERROR:
- DEBUG(0,("The Data Provider returned an error [%s]\n",
- dbus_message_get_error_name(reply)));
- /* Falling through to default intentionally*/
- default:
- /*
- * Timeout or other error occurred or something
- * unexpected happened.
- * It doesn't matter which, because either way we
- * know that this connection isn't trustworthy.
- * We'll destroy it now.
- */
-
- /* FIXME: Destroy this connection ? */
- err = EIO;
- }
-
-done:
- dbus_pending_call_unref(pending);
- dbus_message_unref(reply);
-
- return err;
-}
-
static int nss_dp_identity(DBusMessage *message, struct sbus_conn_ctx *sconn)
{
dbus_uint16_t version = DATA_PROVIDER_VERSION;