From 2cbdd12983eb85eddb90f64cfafb24eae5b448f4 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Sun, 25 Dec 2011 19:14:47 +0100 Subject: AUTOFS: a client library This is the library the autofs client is using. automounter dlopen()s the library so there is no header file, no pkgconfig file and the library is in the libsss_autofs package, not in -devel. The library provides the following interface: * _sss_setautomntent() - select the map for processing * _sss_getautomntent_r() - iterates through key/value pairs in the selected map. The key is usually the mount point, the value is mount information (server:/export) * _sss_getautomntbyname_r() - returns value for a specific key. * _sss_endautomntent() deselect a map, clean up --- Makefile.am | 24 +- contrib/sssd.spec.in | 13 ++ src/sss_client/autofs/sss_autofs.c | 360 +++++++++++++++++++++++++++++ src/sss_client/autofs/sss_autofs.exports | 14 ++ src/sss_client/autofs/sss_autofs_private.h | 45 ++++ src/sss_client/common.c | 20 ++ src/sss_client/sss_cli.h | 12 + 7 files changed, 487 insertions(+), 1 deletion(-) create mode 100644 src/sss_client/autofs/sss_autofs.c create mode 100644 src/sss_client/autofs/sss_autofs.exports create mode 100644 src/sss_client/autofs/sss_autofs_private.h diff --git a/Makefile.am b/Makefile.am index 3efa46dbc..27d17fa4a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -30,6 +30,7 @@ dbusintrospectdir = $(datarootdir)/sssd/introspect localedir = @localedir@ nsslibdir = @nsslibdir@ pamlibdir = @pammoddir@ +autofslibdir = @appmodpath@ dbpath = @dbpath@ pluginpath = @pluginpath@ @@ -216,6 +217,7 @@ AM_CPPFLAGS = \ -DSSS_PAM_SOCKET_NAME=\"$(pipepath)/pam\" \ -DSSS_PAM_PRIV_SOCKET_NAME=\"$(pipepath)/private/pam\" \ -DSSS_SUDO_SOCKET_NAME=\"$(pipepath)/sudo\" \ + -DSSS_AUTOFS_SOCKET_NAME=\"$(pipepath)/autofs\" \ -DLOCALEDIR=\"$(localedir)\" EXTRA_DIST = build/config.rpath @@ -843,6 +845,7 @@ noinst_PROGRAMS = pam_test_client if BUILD_SUDO noinst_PROGRAMS += sss_sudo_cli endif + pam_test_client_SOURCES = src/sss_client/pam_test_client.c pam_test_client_LDFLAGS = -lpam -lpam_misc @@ -897,6 +900,20 @@ include_HEADERS += \ src/sss_client/sudo/sss_sudo.h endif +if BUILD_AUTOFS +autofslib_LTLIBRARIES = libsss_autofs.la +libsss_autofs_la_SOURCES = \ + src/sss_client/common.c \ + src/sss_client/sss_cli.h \ + src/sss_client/autofs/sss_autofs.c \ + src/sss_client/autofs/sss_autofs_private.h + +libsss_autofs_la_LDFLAGS = \ + -module \ + -avoid-version \ + -Wl,--version-script,$(srcdir)/src/sss_client/autofs/sss_autofs.exports +endif + dist_noinst_DATA += \ src/sss_client/sss_nss.exports \ src/sss_client/sss_pam.exports @@ -904,6 +921,10 @@ if BUILD_SUDO dist_noinst_DATA += src/sss_client/sss_sudo.exports endif +if BUILD_AUTOFS +dist_noinst_DATA += src/sss_client/autofs/sss_autofs.exports +endif + #################### # Plugin Libraries # #################### @@ -1235,7 +1256,8 @@ installsssddirs:: $(DESTDIR)$(pidpath) \ $(DESTDIR)$(logpath) \ $(DESTDIR)$(pubconfpath) \ - $(DESTDIR)$(sudolibdir) + $(DESTDIR)$(sudolibdir) \ + $(DESTDIR)$(autofslibdir) if HAVE_DOXYGEN docs: diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index dadaa25f8..bd94f8bb1 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -358,6 +358,14 @@ rm -rf $RPM_BUILD_ROOT %{_libdir}/libipa_hbac.so %{_libdir}/pkgconfig/ipa_hbac.pc +%package -n libsss_autofs +Summary: A library to allow communication between Autofs and SSSD +Group: Development/Libraries +License: LGPLv3+ + +%description -n libsss_autofs +A utility library to allow communication between Autofs and SSSD + %files -n libipa_hbac-python %defattr(-,root,root,-) %{python_sitearch}/pyhbac.so @@ -378,6 +386,11 @@ rm -rf $RPM_BUILD_ROOT %{_includedir}/sss_sudo.h %{_libdir}/sssd/modules/libsss_sudo.so %{_libdir}/pkgconfig/libsss_sudo.pc + +%files -n libsss_autofs +%defattr(-,root,root,-) +%doc src/sss_client/COPYING src/sss_client/COPYING.LESSER +%{_libdir}/sssd/modules/libsss_autofs.so* %endif %post diff --git a/src/sss_client/autofs/sss_autofs.c b/src/sss_client/autofs/sss_autofs.c new file mode 100644 index 000000000..6195c0fc4 --- /dev/null +++ b/src/sss_client/autofs/sss_autofs.c @@ -0,0 +1,360 @@ +/* + Authors: + Jakub Hrozek + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include + +#include "sss_client/autofs/sss_autofs_private.h" +#include "sss_client/sss_cli.h" + +/* Historically, autofs map and key names were just file names */ +#define MAX_AUTOMNTMAPNAME_LEN NAME_MAX +#define MAX_AUTOMNTKEYNAME_LEN NAME_MAX + +struct automtent { + char *mapname; + size_t cursor; +}; + +errno_t +_sss_setautomntent(const char *mapname, void **context) +{ + errno_t ret; + int errnop; + struct automtent *ctx; + char *name; + size_t name_len; + struct sss_cli_req_data rd; + uint8_t *repbuf = NULL; + size_t replen; + + if (!mapname) return EINVAL; + + sss_nss_lock(); + + ret = sss_strnlen(mapname, MAX_AUTOMNTMAPNAME_LEN, &name_len); + if (ret != 0) { + ret = EINVAL; + goto out; + } + + name = malloc(sizeof(char)*name_len + 1); + if (name == NULL) { + ret = ENOMEM; + goto out; + } + strncpy(name, mapname, name_len + 1); + + rd.data = name; + rd.len = name_len + 1; + + sss_autofs_make_request(SSS_AUTOFS_SETAUTOMNTENT, &rd, + &repbuf, &replen, &errnop); + if (errnop != 0) { + free(name); + ret = errnop; + goto out; + } + + /* no results if not found */ + if (((uint32_t *)repbuf)[0] == 0) { + free(name); + free(repbuf); + ret = ENOENT; + goto out; + } + free(repbuf); + + ctx = malloc(sizeof(struct automtent)); + if (!ctx) { + free(name); + ret = ENOMEM; + goto out; + } + + ctx->mapname = strdup(name); + if (!ctx->mapname) { + free(name); + free(ctx); + ret = ENOMEM; + goto out; + } + ctx->cursor = 0; + free(name); + + *context = ctx; + ret = 0; +out: + sss_nss_unlock(); + return ret; +} + +errno_t +_sss_getautomntent_r(char **key, char **value, void *context) +{ + int errnop; + errno_t ret; + size_t name_len; + struct sss_cli_req_data rd; + uint8_t *repbuf = NULL; + size_t replen; + struct automtent *ctx; + size_t ctr = 0; + size_t data_len = 0; + uint8_t *data; + uint32_t v; + + char *buf; + uint32_t len; + uint32_t keylen; + uint32_t vallen; + size_t rp; + + sss_nss_lock(); + + ctx = (struct automtent *) context; + if (!ctx) { + ret = EINVAL; + goto out; + } + + /* Be paranoid in case someone tries to smuggle in a huge map name */ + ret = sss_strnlen(ctx->mapname, MAX_AUTOMNTMAPNAME_LEN, &name_len); + if (ret != 0) { + ret = EINVAL; + goto out; + } + + data_len = sizeof(uint32_t) + /* mapname len */ + name_len + 1 + /* mapname\0 */ + sizeof(uint32_t); /* index into the map */ + + data = malloc(data_len); + if (!data) { + ret = ENOMEM; + goto out; + } + + v = name_len; + SAFEALIGN_COPY_UINT32(data, &v, &ctr); + + safealign_memcpy(data+ctr, ctx->mapname, name_len + 1, &ctr); + + v = ctx->cursor; + SAFEALIGN_COPY_UINT32(data+ctr, &v, &ctr); + + rd.data = data; + rd.len = data_len; + + sss_autofs_make_request(SSS_AUTOFS_GETAUTOMNTENT, &rd, + &repbuf, &replen, &errnop); + free(data); + if (errnop != 0) { + ret = errnop; + goto out; + } + + /* Got reply, let's parse it */ + rp = 0; + SAFEALIGN_COPY_UINT32(&len, repbuf+rp, &rp); + if (len == 0) { + /* End of iteration */ + *key = NULL; + *value = NULL; + ret = ENOENT; + goto out; + } + + SAFEALIGN_COPY_UINT32(&keylen, repbuf+rp, &rp); + if (keylen > len-rp) { + ret = EIO; + goto out; + } + + buf = malloc(keylen); + if (!buf) { + ret = ENOMEM; + goto out; + } + + safealign_memcpy(buf, repbuf+rp, keylen, &rp); + *key = buf; + + SAFEALIGN_COPY_UINT32(&vallen, repbuf+rp, &rp); + if (vallen > len-rp) { + ret = EIO; + goto out; + } + + buf = malloc(vallen); + if (!buf) { + free(*key); + ret = ENOMEM; + goto out; + } + + safealign_memcpy(buf, repbuf+rp, vallen, &rp); + *value = buf; + + /* Advance the cursor so that we'll fetch the next map + * next time getautomntent is called */ + ctx->cursor++; + ret = 0; +out: + free(repbuf); + sss_nss_unlock(); + return ret; +} + +errno_t +_sss_getautomntbyname_r(const char *key, char **value, void *context) +{ + int errnop; + errno_t ret; + struct automtent *ctx; + size_t key_len; + size_t name_len; + size_t data_len = 0; + uint8_t *data; + uint32_t v; + size_t ctr = 0; + struct sss_cli_req_data rd; + uint8_t *repbuf = NULL; + size_t replen; + + char *buf; + uint32_t len; + uint32_t vallen; + size_t rp; + + sss_nss_lock(); + + ctx = (struct automtent *) context; + if (!ctx || !key) { + ret = EINVAL; + goto out; + } + + /* Be paranoid in case someone tries to smuggle in a huge map name */ + ret = sss_strnlen(ctx->mapname, MAX_AUTOMNTMAPNAME_LEN, &name_len); + if (ret != 0) { + ret = EINVAL; + goto out; + } + + ret = sss_strnlen(ctx->mapname, MAX_AUTOMNTKEYNAME_LEN, &key_len); + if (ret != 0) { + ret = EINVAL; + goto out; + } + + + data_len = sizeof(uint32_t) + /* mapname len */ + name_len + 1 + /* mapname\0 */ + sizeof(uint32_t) + /* keyname len */ + key_len + 1; /* keyname\0 */ + + data = malloc(data_len); + if (!data) { + ret = ENOMEM; + goto out; + } + + v = name_len; + SAFEALIGN_COPY_UINT32(data, &v, &ctr); + + safealign_memcpy(data+ctr, ctx->mapname, name_len + 1, &ctr); + + v = key_len; + SAFEALIGN_COPY_UINT32(data+ctr, &v, &ctr); + + safealign_memcpy(data+ctr, key, key_len + 1, &ctr); + + rd.data = data; + rd.len = data_len; + + sss_autofs_make_request(SSS_AUTOFS_GETAUTOMNTBYNAME, &rd, + &repbuf, &replen, &errnop); + free(data); + if (errnop != 0) { + ret = errnop; + goto out; + } + + /* Got reply, let's parse it */ + rp = 0; + SAFEALIGN_COPY_UINT32(&len, repbuf+rp, &rp); + if (len == 0) { + /* No data */ + *value = NULL; + ret = ENOENT; + goto out; + } + + SAFEALIGN_COPY_UINT32(&vallen, repbuf+rp, &rp); + if (vallen > len-rp) { + ret = EIO; + goto out; + } + + buf = malloc(vallen); + if (!buf) { + ret = ENOMEM; + goto out; + } + + safealign_memcpy(buf, repbuf+rp, vallen, &rp); + *value = buf; + + ret = 0; +out: + free(repbuf); + sss_nss_unlock(); + return ret; +} + +errno_t +_sss_endautomntent(void **context) +{ + struct automtent *fctx; + errno_t ret; + int errnop; + + if (!context) return 0; + + sss_nss_lock(); + + fctx = (struct automtent *) *context; + + free(fctx->mapname); + free(fctx); + + sss_autofs_make_request(SSS_AUTOFS_ENDAUTOMNTENT, + NULL, NULL, NULL, &errnop); + if (errnop != 0) { + ret = errnop; + goto out; + } + + ret = 0; +out: + sss_nss_unlock(); + return ret; +} diff --git a/src/sss_client/autofs/sss_autofs.exports b/src/sss_client/autofs/sss_autofs.exports new file mode 100644 index 000000000..f9ce8f5b2 --- /dev/null +++ b/src/sss_client/autofs/sss_autofs.exports @@ -0,0 +1,14 @@ +EXPORTED { + + # public functions + global: + _sss_setautomntent; + _sss_getautomntent_r; + _sss_getautomntbyname_r; + _sss_endautomntent; + + # everything else is local + local: + *; +}; + diff --git a/src/sss_client/autofs/sss_autofs_private.h b/src/sss_client/autofs/sss_autofs_private.h new file mode 100644 index 000000000..6459c1cc7 --- /dev/null +++ b/src/sss_client/autofs/sss_autofs_private.h @@ -0,0 +1,45 @@ +/* + Authors: + Jakub Hrozek + + Copyright (C) 2012 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include +#include "util/util.h" + +/** + * Selects a map for processing. + */ +errno_t _sss_setautomntent(const char *mapname, void **context); + +/** + * Iterates through key/value pairs in the selected map. The key is usually + * the mount point, the value is mount information (server:/export) + */ +errno_t _sss_getautomntent_r(char **key, char **value, void *context); + +/** + * Returns value for a specific key + */ +errno_t +_sss_getautomntbyname_r(const char *key, char **value, void *context); + +/** + * Deselect a map, end the processing + */ +errno_t _sss_endautomntent(void **context); + diff --git a/src/sss_client/common.c b/src/sss_client/common.c index 998f7c8ce..8fe8b44ce 100644 --- a/src/sss_client/common.c +++ b/src/sss_client/common.c @@ -379,6 +379,8 @@ static bool sss_cli_check_version(const char *socket_name) expected_version = SSS_PAM_PROTOCOL_VERSION; } else if (strcmp(socket_name, SSS_SUDO_SOCKET_NAME) == 0) { expected_version = SSS_SUDO_PROTOCOL_VERSION; + } else if (strcmp(socket_name, SSS_AUTOFS_SOCKET_NAME) == 0) { + expected_version = SSS_AUTOFS_PROTOCOL_VERSION; } else { return false; } @@ -830,6 +832,24 @@ int sss_sudo_make_request(enum sss_cli_command cmd, return ret; } +int sss_autofs_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop) +{ + enum sss_status ret = SSS_STATUS_UNAVAIL; + + ret = sss_cli_check_socket(errnop, SSS_AUTOFS_SOCKET_NAME); + if (ret != SSS_STATUS_SUCCESS) { + return SSS_STATUS_UNAVAIL; + } + + ret = sss_cli_make_request_nochecks(cmd, rd, repbuf, replen, errnop); + + return ret; +} + + const char *ssscli_err2string(int err) { const char *m; diff --git a/src/sss_client/sss_cli.h b/src/sss_client/sss_cli.h index dc137dc43..15a2b1cb3 100644 --- a/src/sss_client/sss_cli.h +++ b/src/sss_client/sss_cli.h @@ -45,6 +45,7 @@ typedef int errno_t; #define SSS_NSS_PROTOCOL_VERSION 1 #define SSS_PAM_PROTOCOL_VERSION 3 #define SSS_SUDO_PROTOCOL_VERSION 0 +#define SSS_AUTOFS_PROTOCOL_VERSION 1 #ifdef LOGIN_NAME_MAX #define SSS_NAME_MAX LOGIN_NAME_MAX @@ -163,6 +164,12 @@ enum sss_cli_command { SSS_SUDO_GET_SUDORULES = 0x00C1, SSS_SUDO_GET_DEFAULTS = 0x00C2, +/* autofs */ + SSS_AUTOFS_SETAUTOMNTENT = 0x00D1, + SSS_AUTOFS_GETAUTOMNTENT = 0x00D2, + SSS_AUTOFS_GETAUTOMNTBYNAME = 0x00D3, + SSS_AUTOFS_ENDAUTOMNTENT = 0x00D4, + /* PAM related calls */ SSS_PAM_AUTHENTICATE = 0x00F1, /**< see pam_sm_authenticate(3) for * details. @@ -470,6 +477,11 @@ int sss_sudo_make_request(enum sss_cli_command cmd, uint8_t **repbuf, size_t *replen, int *errnop); +int sss_autofs_make_request(enum sss_cli_command cmd, + struct sss_cli_req_data *rd, + uint8_t **repbuf, size_t *replen, + int *errnop); + #ifndef SAFEALIGN_COPY_UINT32 static inline void safealign_memcpy(void *dest, const void *src, size_t n, size_t *counter) -- cgit