1 files changed, 135 insertions, 20 deletions

diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index 4e99f5628..61844bbe0 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -49,8 +49,6 @@
 
 #define BE_CONF_ENTRY "config/domains/%s"
 
-typedef int (*be_init_fn_t)(TALLOC_CTX *, struct be_mod_ops **, void **);
-
 static int service_identity(DBusMessage *message, struct sbus_conn_ctx *sconn);
 static int service_pong(DBusMessage *message, struct sbus_conn_ctx *sconn);
 
@@ -305,7 +303,7 @@ static int be_check_online(DBusMessage *message, struct sbus_conn_ctx *sconn)
 
     be_req->req_data = req;
 
-    ret = be_file_request(ctx, ctx->ops->check_online, be_req);
+    ret = be_file_request(ctx, ctx->id_ops->check_online, be_req);
     if (ret != EOK) {
         online = MOD_OFFLINE;
         err_maj = DP_ERR_FATAL;
@@ -482,7 +480,7 @@ static int be_get_account_info(DBusMessage *message, struct sbus_conn_ctx *sconn
 
     be_req->req_data = req;
 
-    ret = be_file_request(ctx, ctx->ops->get_account_info, be_req);
+    ret = be_file_request(ctx, ctx->id_ops->get_account_info, be_req);
     if (ret != EOK) {
         err_maj = DP_ERR_FATAL;
         err_min = ret;
@@ -588,7 +586,7 @@ static int be_pam_handler(DBusMessage *message, struct sbus_conn_ctx *sconn)
     be_req->pvt = reply;
     be_req->req_data = pd;
 
-    ret = be_file_request(ctx, ctx->ops->pam_handler, be_req);
+    ret = be_file_request(ctx, ctx->auth_ops->pam_handler, be_req);
     if (ret != EOK) {
         pam_status = PAM_SYSTEM_ERR;
         goto done;
@@ -698,8 +696,7 @@ static int be_cli_init(struct be_ctx *ctx)
 }
 
 static int be_finalize(struct be_ctx *ctx);
-static void be_shutdown(struct be_req *req, int status,
-                        const char *errstr);
+static void be_shutdown(struct be_req *req, int status, const char *errstr);
 
 static void be_cli_reconnect_init(struct sbus_conn_ctx *sconn, int status, void *pvt)
 {
@@ -730,37 +727,76 @@ static void be_cli_reconnect_init(struct sbus_conn_ctx *sconn, int status, void
     /* Kill the backend and let the monitor restart it */
     ret = be_finalize(be_ctx);
     if (ret != EOK) {
-        DEBUG(0, ("Finalizing back-end failed with error [%d] [%s]", ret, strerror(ret)));
+        DEBUG(0, ("Finalizing back-end failed with error [%d] [%s]\n",
+                  ret, strerror(ret)));
         be_shutdown(NULL, ret, NULL);
     }
 }
 
-static void be_shutdown(struct be_req *req, int status,
-                        const char *errstr)
+static void be_shutdown(struct be_req *req, int status, const char *errstr)
 {
     /* Nothing left to do but exit() */
     if (status == EOK)
         exit(0);
 
     /* Something went wrong in finalize */
+    DEBUG(0, ("Finalizing auth module failed with error [%d] [%s]\n",
+              status, errstr ? : strerror(status)));
+
     exit(1);
 }
 
-static int be_finalize(struct be_ctx *ctx)
+static void be_id_shutdown(struct be_req *req, int status, const char *errstr)
 {
+    struct be_req *shutdown_req;
+    struct be_ctx *ctx;
     int ret;
-    struct be_req *shutdown_req = talloc_zero(ctx, struct be_req);
+
+    if (status != EOK) {
+        /* Something went wrong in finalize */
+        DEBUG(0, ("Finalizing auth module failed with error [%d] [%s]\n",
+                  status, errstr ? : strerror(status)));
+    }
+
+    ctx = req->be_ctx;
+
+    /* Now shutdown the id module too */
+    shutdown_req = talloc_zero(ctx, struct be_req);
     if (!shutdown_req) {
         ret = ENOMEM;
         goto fail;
     }
 
     shutdown_req->be_ctx = ctx;
-    shutdown_req->fn = be_shutdown;
+    shutdown_req->fn = be_id_shutdown;
+
+    shutdown_req->pvt = ctx->pvt_id_data;
+
+    ret = be_file_request(ctx, ctx->id_ops->finalize, shutdown_req);
+    if (ret == EOK)
+        return;
+
+fail:
+    /* If we got here, we couldn't shut down cleanly. */
+    be_shutdown(NULL, ret, NULL);
+}
+
+static int be_finalize(struct be_ctx *ctx)
+{
+    struct be_req *shutdown_req;
+    int ret;
+
+    shutdown_req = talloc_zero(ctx, struct be_req);
+    if (!shutdown_req) {
+        ret = ENOMEM;
+        goto fail;
+    }
 
-    shutdown_req->pvt = ctx->pvt_data;
+    shutdown_req->be_ctx = ctx;
+    shutdown_req->fn = be_id_shutdown;
+    shutdown_req->pvt = ctx->pvt_auth_data;
 
-    ret = be_file_request(ctx, ctx->ops->finalize, shutdown_req);
+    ret = be_file_request(ctx, ctx->auth_ops->finalize, shutdown_req);
     if (ret == EOK) return EOK;
 
 fail:
@@ -769,13 +805,13 @@ fail:
     return ret;
 }
 
-static int load_backend(struct be_ctx *ctx)
+static int load_id_backend(struct be_ctx *ctx)
 {
     TALLOC_CTX *tmp_ctx;
     char *path;
     void *handle;
     char *mod_init_fn_name;
-    be_init_fn_t mod_init_fn;
+    be_id_init_fn_t mod_init_fn;
     int ret;
 
     tmp_ctx = talloc_new(ctx);
@@ -804,7 +840,7 @@ static int load_backend(struct be_ctx *ctx)
         goto done;
     }
 
-    mod_init_fn = (be_init_fn_t)dlsym(handle, mod_init_fn_name);
+    mod_init_fn = (be_id_init_fn_t)dlsym(handle, mod_init_fn_name);
     if (!mod_init_fn) {
         DEBUG(0, ("Unable to load init fn from module %s, error: %s\n",
                   ctx->name, dlerror()));
@@ -812,7 +848,7 @@ static int load_backend(struct be_ctx *ctx)
         goto done;
     }
 
-    ret = mod_init_fn(ctx, &ctx->ops, &ctx->pvt_data);
+    ret = mod_init_fn(ctx, &ctx->id_ops, &ctx->pvt_id_data);
     if (ret != EOK) {
         DEBUG(0, ("Error (%d) in module (%s) initialization!\n",
                   ret, ctx->name));
@@ -826,6 +862,75 @@ done:
     return ret;
 }
 
+static int load_auth_backend(struct be_ctx *ctx)
+{
+    TALLOC_CTX *tmp_ctx;
+    char *mod_name;
+    char *path;
+    void *handle;
+    char *mod_init_fn_name;
+    be_auth_init_fn_t mod_init_fn;
+    int ret;
+
+    tmp_ctx = talloc_new(ctx);
+    if (!tmp_ctx) {
+        return ENOMEM;
+    }
+
+    ret = confdb_get_string(ctx->cdb, tmp_ctx, ctx->conf_path,
+                            "auth-module", NULL, &mod_name);
+    if (ret != EOK) {
+        ret = EFAULT;
+        goto done;
+    }
+    if (!mod_name) {
+        ret = ENOENT;
+        goto done;
+    }
+
+    path = talloc_asprintf(tmp_ctx, "%s/libsss_%s.so",
+                           DATA_PROVIDER_PLUGINS_PATH, mod_name);
+    if (!path) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    handle = dlopen(path, RTLD_NOW);
+    if (!handle) {
+        DEBUG(0, ("Unable to load %s module with path (%s), error: %s\n",
+                  mod_name, path, dlerror()));
+        ret = ELIBACC;
+        goto done;
+    }
+
+    mod_init_fn_name = talloc_asprintf(tmp_ctx, "sssm_%s_auth_init", mod_name);
+    if (!mod_init_fn_name) {
+        ret = ENOMEM;
+        goto done;
+    }
+
+    mod_init_fn = (be_auth_init_fn_t)dlsym(handle, mod_init_fn_name);
+    if (!mod_init_fn) {
+        DEBUG(0, ("Unable to load init fn from module %s, error: %s\n",
+                  mod_name, dlerror()));
+        ret = ELIBBAD;
+        goto done;
+    }
+
+    ret = mod_init_fn(ctx, &ctx->auth_ops, &ctx->pvt_auth_data);
+    if (ret != EOK) {
+        DEBUG(0, ("Error (%d) in module (%s) initialization!\n",
+                  ret, mod_name));
+        goto done;
+    }
+
+    ret = EOK;
+
+done:
+    talloc_free(tmp_ctx);
+    return ret;
+}
+
 int be_process_init(TALLOC_CTX *mem_ctx,
                     const char *be_name,
                     const char *be_domain,
@@ -869,12 +974,22 @@ int be_process_init(TALLOC_CTX *mem_ctx,
         return ret;
     }
 
-    ret = load_backend(ctx);
+    ret = load_id_backend(ctx);
     if (ret != EOK) {
         DEBUG(0, ("fatal error initializing data providers\n"));
         return ret;
     }
 
+    ret = load_auth_backend(ctx);
+    if (ret != EOK) {
+        if (ret != ENOENT) {
+            DEBUG(0, ("fatal error initializing data providers\n"));
+            return ret;
+        }
+        DEBUG(1, ("No authentication module provided for [%s] !!\n",
+                  be_domain));
+    }
+
     return EOK;
 }