From 65f90758d4df5581bc94746d47a1548ed8ff738b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 6 Apr 2009 15:54:00 -0400 Subject: Unify name parsing and reposnder headers Use common sss_parse_name function in all responders Simplify responder headers by combining common,cmd,dp in one header and add name parse structure as part of the common responder context. --- server/responder/nss/nsssrv.c | 28 +---- server/responder/nss/nsssrv.h | 10 +- server/responder/nss/nsssrv_cmd.c | 257 +++++++++++++++++++++----------------- 3 files changed, 146 insertions(+), 149 deletions(-) (limited to 'server/responder/nss') diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c index 4f9713b17..834c42d95 100644 --- a/server/responder/nss/nsssrv.c +++ b/server/responder/nss/nsssrv.c @@ -123,7 +123,7 @@ static int nss_get_config(struct nss_ctx *nctx, struct confdb_ctx *cdb) { TALLOC_CTX *tmpctx; - const char *domain, *name; + char *domain, *name; const char **domains; char **filter_list; int ret, num, i, j; @@ -150,8 +150,8 @@ static int nss_get_config(struct nss_ctx *nctx, "filterUsers", &filter_list); if (ret != EOK) goto done; for (i = 0; filter_list[i]; i++) { - ret = nss_parse_name(tmpctx, nctx, filter_list[i], - &domain, &name); + ret = sss_parse_name(tmpctx, nctx->rctx->names, + filter_list[i], &domain, &name); if (ret != EOK) { DEBUG(1, ("Invalid name in filterUsers list: [%s] (%d)\n", filter_list[i], ret)); @@ -192,8 +192,8 @@ static int nss_get_config(struct nss_ctx *nctx, "filterGroups", &filter_list); if (ret != EOK) goto done; for (i = 0; filter_list[i]; i++) { - ret = nss_parse_name(tmpctx, nctx, filter_list[i], - &domain, &name); + ret = sss_parse_name(tmpctx, nctx->rctx->names, + filter_list[i], &domain, &name); if (ret != EOK) { DEBUG(1, ("Invalid name in filterGroups list: [%s] (%d)\n", filter_list[i], ret)); @@ -235,22 +235,6 @@ done: return ret; } -static void *nss_pcre_malloc(size_t size) -{ - return talloc_named_const(NULL, size, "nss_pcre_malloc"); -} - -static void nss_pcre_free(void *ctx) -{ - talloc_free(ctx); -} - -void nss_pcre_setup(void) -{ - pcre_malloc = nss_pcre_malloc; - pcre_free = nss_pcre_free; -} - int nss_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) @@ -260,8 +244,6 @@ int nss_process_init(TALLOC_CTX *mem_ctx, struct nss_ctx *nctx; int ret; - nss_pcre_setup(); - nctx = talloc_zero(mem_ctx, struct nss_ctx); if (!nctx) { DEBUG(0, ("fatal error initializing nss_ctx\n")); diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h index 093f795b4..37d3735d0 100644 --- a/server/responder/nss/nsssrv.h +++ b/server/responder/nss/nsssrv.h @@ -32,20 +32,14 @@ #include "dbus/dbus.h" #include "sbus/sssd_dbus.h" #include "responder/common/responder_packet.h" -#include "responder/common/responder_cmd.h" +#include "responder/common/responder.h" #include "responder/nss/nsssrv_nc.h" -#include #define NSS_SBUS_SERVICE_VERSION 0x0001 #define NSS_SBUS_SERVICE_NAME "nss" #define NSS_PACKET_MAX_RECV_SIZE 1024 -/* NSS_DOMAIN_DELIM can be specified in config.h */ -#ifndef NSS_DOMAIN_DELIM -#define NSS_DOMAIN_DELIM '@' -#endif - #define NSS_ENUM_USERS 0x01 #define NSS_ENUM_GROUPS 0x02 #define NSS_ENUM_ALL 0x03 @@ -67,8 +61,6 @@ struct nss_ctx { struct getent_ctx *pctx; struct getent_ctx *gctx; - - pcre *parse_name_re; }; struct nss_packet; diff --git a/server/responder/nss/nsssrv_cmd.c b/server/responder/nss/nsssrv_cmd.c index 26c51fac8..d090b9d18 100644 --- a/server/responder/nss/nsssrv_cmd.c +++ b/server/responder/nss/nsssrv_cmd.c @@ -27,7 +27,7 @@ struct nss_cmd_ctx { struct cli_ctx *cctx; - const char *name; + char *name; uint32_t id; bool immediate; @@ -79,77 +79,6 @@ static int nss_cmd_send_error(struct nss_cmd_ctx *cmdctx, int err) return; \ } while(0) -int nss_parse_name(TALLOC_CTX *memctx, - struct nss_ctx *nctx, - const char *origname, - const char **domain, const char **name) -{ - pcre *re = nctx->parse_name_re; - const char *errstr; - const char *pattern = "(?[^@]+)@?(?[^@]*$)"; - const char *result; - int options; - int errpos; - int errval; - int ovec[30]; - int origlen; - int ret, strnum; - - options = PCRE_DUPNAMES | PCRE_EXTENDED; - - if (!re) { - re = pcre_compile2(pattern, options, &errval, &errstr, &errpos, NULL); - if (!re) { - DEBUG(1, ("Invalid Regular Expression pattern at position %d. (%d [%s])\n", - errpos, errstr)); - return EFAULT; - } - } - nctx->parse_name_re = re; - - origlen = strlen(origname); - options = PCRE_NOTEMPTY; - - ret = pcre_exec(re, NULL, origname, origlen, 0, options, ovec, 30); - if (ret < 0) { - DEBUG(2, ("PCRE Matching error, %d\n", ret)); - return EINVAL; - } - - if (ret == 0) { - DEBUG(1, ("Too many matches, the pattern is invalid.\n")); - } - - strnum = ret; - - result = NULL; - ret = pcre_get_named_substring(re, origname, ovec, strnum, "name", &result); - if (ret < 0 || !result) { - DEBUG(2, ("Name not found!\n")); - return EINVAL; - } - *name = talloc_steal(memctx, result); - if (!*name) return ENOMEM; - - - result = NULL; - ret = pcre_get_named_substring(re, origname, ovec, strnum, "domain", &result); - if (ret < 0 || !result) { - DEBUG(4, ("Domain not provided!\n")); - *domain = NULL; - } else { - /* ignore "" string */ - if (*result) { - *domain = talloc_steal(memctx, result); - if (!*domain) return ENOMEM; - } else { - *domain = NULL; - } - } - - return EOK; -} - static int nss_dom_ctx_init(struct nss_dom_ctx *dctx, struct btreemap *domain_map, const char *domain) { @@ -189,12 +118,14 @@ static int fill_pwent(struct sss_packet *packet, size_t rsize, rp, blen; size_t s1, s2, s3, s4; size_t dom_len = 0; - int i, ret, num; + int delim = 1; + int i, ret, num, t; bool add_domain = info->fqnames; const char *domain = info->name; + const char *namefmt = nctx->rctx->names->fq_fmt; int ncret; - if (add_domain) dom_len = strlen(domain) +1; + if (add_domain) dom_len = strlen(domain); /* first 2 fields (len and reserved), filled up later */ ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); @@ -245,8 +176,9 @@ static int fill_pwent(struct sss_packet *packet, s2 = strlen(gecos) + 1; s3 = strlen(homedir) + 1; s4 = strlen(shell) + 1; + if (add_domain) s1 += delim + dom_len; + rsize = 2*sizeof(uint32_t) +s1 + 2 + s2 + s3 +s4; - if (add_domain) rsize += dom_len; ret = sss_packet_grow(packet, rsize); if (ret != EOK) { @@ -258,13 +190,35 @@ static int fill_pwent(struct sss_packet *packet, ((uint32_t *)(&body[rp]))[0] = uid; ((uint32_t *)(&body[rp]))[1] = gid; rp += 2*sizeof(uint32_t); - memcpy(&body[rp], name, s1); - rp += s1; + if (add_domain) { - body[rp-1] = NSS_DOMAIN_DELIM; - memcpy(&body[rp], domain, dom_len); - rp += dom_len; + ret = snprintf(&body[rp], s1, namefmt, name, domain); + if (ret >= s1) { + /* need more space, got creative with the print format ? */ + t = ret - s1 + 1; + ret = sss_packet_grow(packet, t); + if (ret != EOK) { + num = 0; + goto done; + } + delim += t; + s1 += t; + sss_packet_get_body(packet, &body, &blen); + + /* retry */ + ret = snprintf(&body[rp], s1, namefmt, name, domain); + } + + if (ret != s1-1) { + DEBUG(1, ("Failed to generate a fully qualified name for user " + "[%s] in [%s]! Skipping user.\n", name, domain)); + continue; + } + } else { + memcpy(&body[rp], name, s1); } + rp += s1; + memcpy(&body[rp], "x", 2); rp += 2; memcpy(&body[rp], gecos, s2); @@ -493,8 +447,8 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) struct sss_domain_info *info; struct nss_ctx *nctx; const char **domains; - const char *domname; const char *rawname; + char *domname; uint8_t *body; size_t blen; int ret, num, i; @@ -519,7 +473,7 @@ static int nss_cmd_getpwnam(struct cli_ctx *cctx) rawname = (const char *)body; domname = NULL; - ret = nss_parse_name(cmdctx, nctx, rawname, + ret = sss_parse_name(cmdctx, cctx->rctx->names, rawname, &domname, &cmdctx->name); if (ret != EOK) { DEBUG(2, ("Invalid name received [%s]\n", rawname)); @@ -1332,16 +1286,18 @@ static int fill_grent(struct sss_packet *packet, const char *name; uint32_t gid, uid; size_t rsize, rp, blen, mnump; - int i, j, n, ret, num, memnum; + int i, j, n, t, ret, num, memnum; bool get_members; bool skip_members; size_t dom_len = 0; size_t name_len; + int delim = 1; bool add_domain = info->fqnames; const char *domain = info->name; + const char *namefmt = nctx->rctx->names->fq_fmt; int ncret; - if (add_domain) dom_len = strlen(domain) +1; + if (add_domain) dom_len = strlen(domain); /* first 2 fields (len and reserved), filled up later */ ret = sss_packet_grow(packet, 2*sizeof(uint32_t)); @@ -1396,11 +1352,15 @@ static int fill_grent(struct sss_packet *packet, } /* fill in gid and name and set pointer for number of members */ - name_len = strlen(name)+1; - rsize = 2 * sizeof(uint32_t) + name_len +2; - if (add_domain) rsize += dom_len; + name_len = strlen(name) + 1; + if (add_domain) name_len += delim + dom_len; + rsize = 2 * sizeof(uint32_t) + name_len + 2; ret = sss_packet_grow(packet, rsize); + if (ret != EOK) { + num = 0; + goto done; + } sss_packet_get_body(packet, &body, &blen); /* 0-3: 64bit number gid */ @@ -1414,13 +1374,34 @@ static int fill_grent(struct sss_packet *packet, rp += sizeof(uint32_t); /* 8-X: sequence of strings (name, passwd, mem..) */ - memcpy(&body[rp], name, name_len); - rp += name_len; if (add_domain) { - body[rp-1] = NSS_DOMAIN_DELIM; - memcpy(&body[rp], domain, dom_len); - rp += dom_len; + ret = snprintf(&body[rp], name_len, namefmt, name, domain); + if (ret >= name_len) { + /* need more space, got creative with the print format ? */ + t = ret - name_len + 1; + ret = sss_packet_grow(packet, t); + if (ret != EOK) { + num = 0; + goto done; + } + delim += t; + name_len += t; + sss_packet_get_body(packet, &body, &blen); + + /* retry */ + ret = snprintf(&body[rp], name_len, namefmt, name, domain); + } + + if (ret != name_len-1) { + DEBUG(1, ("Failed to generate a fully qualified name for user " + "[%s] in [%s]! Skipping user.\n", name, domain)); + continue; + } + } else { + memcpy(&body[rp], name, name_len); } + rp += name_len; + body[rp] = 'x'; /* group passwd field */ body[rp+1] = '\0'; @@ -1435,20 +1416,21 @@ static int fill_grent(struct sss_packet *packet, n = 0; for (j = 0; j < memnum; j++) { + name = (char *)el->values[j].data; + ncret = nss_ncache_check_user(nctx->ncache, - nctx->neg_timeout, domain, - (char *)el->values[j].data); + nctx->neg_timeout, + domain, name); if (ncret == EEXIST) { DEBUG(4, ("User [%s@%s] filtered out! (negative cache)\n", name, domain)); continue; } - rsize = el->values[j].length + 1; - if (add_domain) { - name_len = rsize; - rsize += dom_len; - } + name_len = el->values[j].length + 1; + if (add_domain) name_len += delim + dom_len; + + rsize = name_len; ret = sss_packet_grow(packet, rsize); if (ret != EOK) { num = 0; @@ -1457,12 +1439,34 @@ static int fill_grent(struct sss_packet *packet, sss_packet_get_body(packet, &body, &blen); rp = blen - rsize; - memcpy(&body[rp], el->values[j].data, el->values[j].length); + if (add_domain) { - rp += name_len; - body[rp-1] = NSS_DOMAIN_DELIM; - memcpy(&body[rp], domain, dom_len); + ret = snprintf(&body[rp], name_len, namefmt, name, domain); + if (ret >= name_len) { + /* need more space, got creative with the print format ? */ + t = ret - name_len + 1; + ret = sss_packet_grow(packet, t); + if (ret != EOK) { + num = 0; + goto done; + } + delim += t; + name_len += t; + sss_packet_get_body(packet, &body, &blen); + + /* retry */ + ret = snprintf(&body[rp], name_len, namefmt, name, domain); + } + + if (ret != name_len-1) { + DEBUG(1, ("Failed to generate a fully qualified name for user " + "[%s] in [%s]! Skipping user.\n", name, domain)); + continue; + } + } else { + memcpy(&body[rp], name, name_len); } + rp += name_len; body[blen-1] = '\0'; n++; @@ -1514,12 +1518,10 @@ static int fill_grent(struct sss_packet *packet, continue; } - rsize = strlen(name) + 1; - if (add_domain) { - name_len = rsize; - rsize += dom_len; - } + name_len = strlen(name) + 1; + if (add_domain) name_len += delim + dom_len; + rsize = name_len; ret = sss_packet_grow(packet, rsize); if (ret != EOK) { num = 0; @@ -1527,13 +1529,34 @@ static int fill_grent(struct sss_packet *packet, } sss_packet_get_body(packet, &body, &blen); rp = blen - rsize; - memcpy(&body[rp], name, rsize); + if (add_domain) { - body[rp-1] = NSS_DOMAIN_DELIM; - memcpy(&body[rp], domain, dom_len); - rp += dom_len; - } + ret = snprintf(&body[rp], name_len, namefmt, name, domain); + if (ret >= name_len) { + /* need more space, got creative with the print format ? */ + t = ret - name_len + 1; + ret = sss_packet_grow(packet, t); + if (ret != EOK) { + num = 0; + goto done; + } + delim += t; + name_len += t; + sss_packet_get_body(packet, &body, &blen); + + /* retry */ + ret = snprintf(&body[rp], name_len, namefmt, name, domain); + } + if (ret != name_len-1) { + DEBUG(1, ("Failed to generate a fully qualified name for user " + "[%s] in [%s]! Skipping user.\n", name, domain)); + continue; + } + } else { + memcpy(&body[rp], name, name_len); + } + rp += name_len; memnum++; continue; @@ -1752,8 +1775,8 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx) struct sss_domain_info *info; struct nss_ctx *nctx; const char **domains; - const char *domname; const char *rawname; + char *domname; uint8_t *body; size_t blen; int ret, num, i; @@ -1777,7 +1800,7 @@ static int nss_cmd_getgrnam(struct cli_ctx *cctx) rawname = (const char *)body; domname = NULL; - ret = nss_parse_name(cmdctx, nctx, rawname, + ret = sss_parse_name(cmdctx, cctx->rctx->names, rawname, &domname, &cmdctx->name); if (ret != EOK) { DEBUG(2, ("Invalid name received [%s]\n", rawname)); @@ -2844,8 +2867,8 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx) struct sss_domain_info *info; struct nss_ctx *nctx; const char **domains; - const char *domname; const char *rawname; + char *domname; uint8_t *body; size_t blen; int ret, num, i; @@ -2869,7 +2892,7 @@ static int nss_cmd_initgroups(struct cli_ctx *cctx) rawname = (const char *)body; domname = NULL; - ret = nss_parse_name(cmdctx, nctx, rawname, + ret = sss_parse_name(cmdctx, cctx->rctx->names, rawname, &domname, &cmdctx->name); if (ret != EOK) { DEBUG(2, ("Invalid name received [%s]\n", rawname)); -- cgit