diff options
Diffstat (limited to 'src/providers/proxy')
-rw-r--r-- | src/providers/proxy/proxy_id.c | 331 | ||||
-rw-r--r-- | src/providers/proxy/proxy_services.c | 185 |
2 files changed, 271 insertions, 245 deletions
diff --git a/src/providers/proxy/proxy_id.c b/src/providers/proxy/proxy_id.c index 06a15b8ce..9a179209d 100644 --- a/src/providers/proxy/proxy_id.c +++ b/src/providers/proxy/proxy_id.c @@ -353,8 +353,9 @@ static int enum_users(TALLOC_CTX *mem_ctx, char *buffer; char *newbuf; int ret; + bool again; - DEBUG(7, ("Enumerating users\n")); + DEBUG(SSSDBG_TRACE_LIBS, ("Enumerating users\n")); tmpctx = talloc_new(mem_ctx); if (!tmpctx) { @@ -386,76 +387,83 @@ static int enum_users(TALLOC_CTX *mem_ctx, goto done; } -again: - /* always zero out the pwd structure */ - memset(pwd, 0, sizeof(struct passwd)); - - /* get entry */ - status = ctx->ops.getpwent_r(pwd, buffer, buflen, &ret); - - switch (status) { - case NSS_STATUS_TRYAGAIN: - /* buffer too small ? */ - if (buflen < MAX_BUF_SIZE) { - buflen *= 2; - } - if (buflen > MAX_BUF_SIZE) { - buflen = MAX_BUF_SIZE; - } - newbuf = talloc_realloc_size(tmpctx, buffer, buflen); - if (!newbuf) { - ret = ENOMEM; - goto done; - } - buffer = newbuf; - goto again; - - case NSS_STATUS_NOTFOUND: - - /* we are done here */ - DEBUG(7, ("Enumeration completed.\n")); - - ret = sysdb_transaction_commit(sysdb); - in_transaction = false; - break; - - case NSS_STATUS_SUCCESS: - - DEBUG(7, ("User found (%s, %d, %d)\n", - pwd->pw_name, pwd->pw_uid, pwd->pw_gid)); - - /* uid=0 or gid=0 are invalid values */ - /* also check that the id is in the valid range for this domain */ - if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) || - OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) { - - DEBUG(2, ("User [%s] filtered out! (id out of range)\n", - pwd->pw_name)); - - goto again; /* skip */ - } - - ret = save_user(sysdb, !dom->case_sensitive, pwd, + do { + again = false; + + /* always zero out the pwd structure */ + memset(pwd, 0, sizeof(struct passwd)); + + /* get entry */ + status = ctx->ops.getpwent_r(pwd, buffer, buflen, &ret); + + switch (status) { + case NSS_STATUS_TRYAGAIN: + /* buffer too small ? */ + if (buflen < MAX_BUF_SIZE) { + buflen *= 2; + } + if (buflen > MAX_BUF_SIZE) { + buflen = MAX_BUF_SIZE; + } + newbuf = talloc_realloc_size(tmpctx, buffer, buflen); + if (!newbuf) { + ret = ENOMEM; + goto done; + } + buffer = newbuf; + again = true; + break; + + case NSS_STATUS_NOTFOUND: + + /* we are done here */ + DEBUG(SSSDBG_TRACE_LIBS, ("Enumeration completed.\n")); + + ret = sysdb_transaction_commit(sysdb); + in_transaction = false; + break; + + case NSS_STATUS_SUCCESS: + + DEBUG(SSSDBG_TRACE_LIBS, ("User found (%s, %d, %d)\n", + pwd->pw_name, pwd->pw_uid, pwd->pw_gid)); + + /* uid=0 or gid=0 are invalid values */ + /* also check that the id is in the valid range for this domain + */ + if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) || + OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) { + + DEBUG(SSSDBG_OP_FAILURE, ("User [%s] filtered out! (id out" + " of range)\n", pwd->pw_name)); + + again = true; + break; + } + + ret = save_user(sysdb, !dom->case_sensitive, pwd, pwd->pw_name, NULL, dom->user_timeout); - if (ret) { - /* Do not fail completely on errors. - * Just report the failure to save and go on */ - DEBUG(2, ("Failed to store user %s. Ignoring.\n", - pwd->pw_name)); + if (ret) { + /* Do not fail completely on errors. + * Just report the failure to save and go on */ + DEBUG(SSSDBG_OP_FAILURE, ("Failed to store user %s." + " Ignoring.\n", pwd->pw_name)); + } + again = true; + break; + + case NSS_STATUS_UNAVAIL: + /* "remote" backend unavailable. Enter offline mode */ + ret = ENXIO; + break; + + default: + ret = EIO; + DEBUG(SSSDBG_OP_FAILURE, ("proxy -> getpwent_r failed (%d)[%s]" + "\n", ret, strerror(ret))); + break; } - goto again; /* next */ - - case NSS_STATUS_UNAVAIL: - /* "remote" backend unavailable. Enter offline mode */ - ret = ENXIO; - break; - - default: - ret = EIO; - DEBUG(2, ("proxy -> getpwent_r failed (%d)[%s]\n", - ret, strerror(ret))); - break; - } + } while (again); done: talloc_zfree(tmpctx); @@ -940,8 +948,9 @@ static int enum_groups(TALLOC_CTX *mem_ctx, char *buffer; char *newbuf; int ret; + bool again; - DEBUG(7, ("Enumerating groups\n")); + DEBUG(SSSDBG_TRACE_LIBS, ("Enumerating groups\n")); tmpctx = talloc_new(mem_ctx); if (!tmpctx) { @@ -973,74 +982,82 @@ static int enum_groups(TALLOC_CTX *mem_ctx, goto done; } -again: - /* always zero out the grp structure */ - memset(grp, 0, sizeof(struct group)); - - /* get entry */ - status = ctx->ops.getgrent_r(grp, buffer, buflen, &ret); - - switch (status) { - case NSS_STATUS_TRYAGAIN: - /* buffer too small ? */ - if (buflen < MAX_BUF_SIZE) { - buflen *= 2; - } - if (buflen > MAX_BUF_SIZE) { - buflen = MAX_BUF_SIZE; - } - newbuf = talloc_realloc_size(tmpctx, buffer, buflen); - if (!newbuf) { - ret = ENOMEM; - goto done; - } - buffer = newbuf; - goto again; - - case NSS_STATUS_NOTFOUND: - - /* we are done here */ - DEBUG(7, ("Enumeration completed.\n")); - - ret = sysdb_transaction_commit(sysdb); - in_transaction = false; - break; - - case NSS_STATUS_SUCCESS: - - DEBUG(7, ("Group found (%s, %d)\n", - grp->gr_name, grp->gr_gid)); - - /* gid=0 is an invalid value */ - /* also check that the id is in the valid range for this domain */ - if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) { - - DEBUG(2, ("Group [%s] filtered out! (id out of range)\n", - grp->gr_name)); + do { + again = false; - goto again; /* skip */ - } + /* always zero out the grp structure */ + memset(grp, 0, sizeof(struct group)); - ret = save_group(sysdb, dom, grp, grp->gr_name, - NULL, dom->group_timeout); - if (ret) { - /* Do not fail completely on errors. - * Just report the failure to save and go on */ - DEBUG(2, ("Failed to store group. Ignoring.\n")); + /* get entry */ + status = ctx->ops.getgrent_r(grp, buffer, buflen, &ret); + + switch (status) { + case NSS_STATUS_TRYAGAIN: + /* buffer too small ? */ + if (buflen < MAX_BUF_SIZE) { + buflen *= 2; + } + if (buflen > MAX_BUF_SIZE) { + buflen = MAX_BUF_SIZE; + } + newbuf = talloc_realloc_size(tmpctx, buffer, buflen); + if (!newbuf) { + ret = ENOMEM; + goto done; + } + buffer = newbuf; + again = true; + break; + + case NSS_STATUS_NOTFOUND: + + /* we are done here */ + DEBUG(SSSDBG_TRACE_LIBS, ("Enumeration completed.\n")); + + ret = sysdb_transaction_commit(sysdb); + in_transaction = false; + break; + + case NSS_STATUS_SUCCESS: + + DEBUG(SSSDBG_OP_FAILURE, ("Group found (%s, %d)\n", + grp->gr_name, grp->gr_gid)); + + /* gid=0 is an invalid value */ + /* also check that the id is in the valid range for this domain + */ + if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) { + + DEBUG(SSSDBG_OP_FAILURE, ("Group [%s] filtered out! (id" + "out of range)\n", grp->gr_name)); + + again = true; + break; + } + + ret = save_group(sysdb, dom, grp, grp->gr_name, + NULL, dom->group_timeout); + if (ret) { + /* Do not fail completely on errors. + * Just report the failure to save and go on */ + DEBUG(SSSDBG_OP_FAILURE, ("Failed to store group." + "Ignoring\n")); + } + again = true; + break; + + case NSS_STATUS_UNAVAIL: + /* "remote" backend unavailable. Enter offline mode */ + ret = ENXIO; + break; + + default: + ret = EIO; + DEBUG(SSSDBG_OP_FAILURE, ("proxy -> getgrent_r failed (%d)[%s]" + "\n", ret, strerror(ret))); + break; } - goto again; /* next */ - - case NSS_STATUS_UNAVAIL: - /* "remote" backend unavailable. Enter offline mode */ - ret = ENXIO; - break; - - default: - ret = EIO; - DEBUG(2, ("proxy -> getgrent_r failed (%d)[%s]\n", - ret, strerror(ret))); - break; - } + } while (again); done: talloc_zfree(tmpctx); @@ -1225,32 +1242,34 @@ static int get_initgr_groups_process(TALLOC_CTX *memctx, return ENOMEM; } -again: /* FIXME: should we move this call outside the transaction to keep the * transaction as short as possible ? */ - status = ctx->ops.initgroups_dyn(pwd->pw_name, pwd->pw_gid, &num_gids, - &num, &gids, limit, &ret); - switch (status) { - case NSS_STATUS_TRYAGAIN: - /* buffer too small ? */ - if (size < MAX_BUF_SIZE) { - num *= 2; - size = num*sizeof(gid_t); - } - if (size > MAX_BUF_SIZE) { - size = MAX_BUF_SIZE; - num = size/sizeof(gid_t); - } - limit = num; - gids = talloc_realloc_size(memctx, gids, size); - if (!gids) { - return ENOMEM; + do { + status = ctx->ops.initgroups_dyn(pwd->pw_name, pwd->pw_gid, &num_gids, + &num, &gids, limit, &ret); + + if (status == NSS_STATUS_TRYAGAIN) { + /* buffer too small ? */ + if (size < MAX_BUF_SIZE) { + num *= 2; + size = num*sizeof(gid_t); + } + if (size > MAX_BUF_SIZE) { + size = MAX_BUF_SIZE; + num = size/sizeof(gid_t); + } + limit = num; + gids = talloc_realloc_size(memctx, gids, size); + if (!gids) { + return ENOMEM; + } } - goto again; /* retry with more memory */ + } while(status == NSS_STATUS_TRYAGAIN); + switch (status) { case NSS_STATUS_SUCCESS: - DEBUG(4, ("User [%s] appears to be member of %lu groups\n", - pwd->pw_name, num_gids)); + DEBUG(SSSDBG_CONF_SETTINGS, ("User [%s] appears to be member of %lu" + "groups\n", pwd->pw_name, num_gids)); now = time(NULL); for (i = 0; i < num_gids; i++) { diff --git a/src/providers/proxy/proxy_services.c b/src/providers/proxy/proxy_services.c index 2b606064c..aa19ccb68 100644 --- a/src/providers/proxy/proxy_services.c +++ b/src/providers/proxy/proxy_services.c @@ -199,6 +199,7 @@ enum_services(struct proxy_id_ctx *ctx, time_t now = time(NULL); const char *protocols[2] = { NULL, NULL }; const char **cased_aliases; + bool again; DEBUG(SSSDBG_TRACE_FUNC, ("Enumerating services\n")); @@ -232,96 +233,102 @@ enum_services(struct proxy_id_ctx *ctx, goto done; } -again: - /* always zero out the svc structure */ - memset(svc, 0, sizeof(struct servent)); - - /* get entry */ - status = ctx->ops.getservent_r(svc, buffer, buflen, &ret); - - switch (status) { - case NSS_STATUS_TRYAGAIN: - /* buffer too small ? */ - if (buflen < MAX_BUF_SIZE) { - buflen *= 2; - } - if (buflen > MAX_BUF_SIZE) { - buflen = MAX_BUF_SIZE; + do { + again = false; + + /* always zero out the svc structure */ + memset(svc, 0, sizeof(struct servent)); + + /* get entry */ + status = ctx->ops.getservent_r(svc, buffer, buflen, &ret); + + switch (status) { + case NSS_STATUS_TRYAGAIN: + /* buffer too small ? */ + if (buflen < MAX_BUF_SIZE) { + buflen *= 2; + } + if (buflen > MAX_BUF_SIZE) { + buflen = MAX_BUF_SIZE; + } + newbuf = talloc_realloc_size(tmpctx, buffer, buflen); + if (!newbuf) { + ret = ENOMEM; + goto done; + } + buffer = newbuf; + again = true; + break; + + case NSS_STATUS_NOTFOUND: + + /* we are done here */ + DEBUG(SSSDBG_TRACE_FUNC, ("Enumeration completed.\n")); + + ret = sysdb_transaction_commit(sysdb); + if (ret != EOK) goto done; + + in_transaction = false; + break; + + case NSS_STATUS_SUCCESS: + + DEBUG(SSSDBG_TRACE_INTERNAL, + ("Service found (%s, %d/%s)\n", + svc->s_name, svc->s_port, svc->s_proto)); + + protocols[0] = sss_get_cased_name(protocols, svc->s_proto, + dom->case_sensitive); + if (!protocols[0]) { + ret = ENOMEM; + goto done; + } + protocols[1] = NULL; + + ret = sss_get_cased_name_list(tmpctx, + (const char * const *) svc->s_aliases, + dom->case_sensitive, &cased_aliases); + if (ret != EOK) { + /* Do not fail completely on errors. + * Just report the failure to save and go on */ + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to store service [%s]. Ignoring.\n", + strerror(ret))); + again = true; + break; + } + + ret = sysdb_store_service(sysdb, + svc->s_name, + svc->s_port, + cased_aliases, + protocols, + NULL, NULL, + dom->service_timeout, + now); + if (ret) { + /* Do not fail completely on errors. + * Just report the failure to save and go on */ + DEBUG(SSSDBG_OP_FAILURE, + ("Failed to store service [%s]. Ignoring.\n", + strerror(ret))); + } + again = true; + break; + + case NSS_STATUS_UNAVAIL: + /* "remote" backend unavailable. Enter offline mode */ + ret = ENXIO; + break; + + default: + ret = EIO; + DEBUG(SSSDBG_CRIT_FAILURE, + ("proxy -> getservent_r failed (%d)[%s]\n", + ret, strerror(ret))); + break; } - newbuf = talloc_realloc_size(tmpctx, buffer, buflen); - if (!newbuf) { - ret = ENOMEM; - goto done; - } - buffer = newbuf; - goto again; - - case NSS_STATUS_NOTFOUND: - - /* we are done here */ - DEBUG(SSSDBG_TRACE_FUNC, ("Enumeration completed.\n")); - - ret = sysdb_transaction_commit(sysdb); - if (ret != EOK) goto done; - - in_transaction = false; - break; - - case NSS_STATUS_SUCCESS: - - DEBUG(SSSDBG_TRACE_INTERNAL, - ("Service found (%s, %d/%s)\n", - svc->s_name, svc->s_port, svc->s_proto)); - - protocols[0] = sss_get_cased_name(protocols, svc->s_proto, - dom->case_sensitive); - if (!protocols[0]) { - ret = ENOMEM; - goto done; - } - protocols[1] = NULL; - - ret = sss_get_cased_name_list(tmpctx, - (const char * const *) svc->s_aliases, - dom->case_sensitive, &cased_aliases); - if (ret != EOK) { - /* Do not fail completely on errors. - * Just report the failure to save and go on */ - DEBUG(SSSDBG_OP_FAILURE, - ("Failed to store service [%s]. Ignoring.\n", - strerror(ret))); - goto again; /* next */ - } - - ret = sysdb_store_service(sysdb, - svc->s_name, - svc->s_port, - cased_aliases, - protocols, - NULL, NULL, - dom->service_timeout, - now); - if (ret) { - /* Do not fail completely on errors. - * Just report the failure to save and go on */ - DEBUG(SSSDBG_OP_FAILURE, - ("Failed to store service [%s]. Ignoring.\n", - strerror(ret))); - } - goto again; /* next */ - - case NSS_STATUS_UNAVAIL: - /* "remote" backend unavailable. Enter offline mode */ - ret = ENXIO; - break; - - default: - ret = EIO; - DEBUG(SSSDBG_CRIT_FAILURE, - ("proxy -> getservent_r failed (%d)[%s]\n", - ret, strerror(ret))); - break; - } + } while (again); done: talloc_zfree(tmpctx); |