LCOV - code coverage report
Current view: top level - providers/proxy - proxy_id.c (source / functions) Hit Total Coverage
Test: .coverage.total Lines: 0 711 0.0 %
Date: 2015-10-19 Functions: 0 16 0.0 %

          Line data    Source code
       1             : /*
       2             :     SSSD
       3             : 
       4             :     proxy_id.c
       5             : 
       6             :     Authors:
       7             :         Stephen Gallagher <sgallagh@redhat.com>
       8             : 
       9             :     Copyright (C) 2010 Red Hat
      10             : 
      11             :     This program is free software; you can redistribute it and/or modify
      12             :     it under the terms of the GNU General Public License as published by
      13             :     the Free Software Foundation; either version 3 of the License, or
      14             :     (at your option) any later version.
      15             : 
      16             :     This program is distributed in the hope that it will be useful,
      17             :     but WITHOUT ANY WARRANTY; without even the implied warranty of
      18             :     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      19             :     GNU General Public License for more details.
      20             : 
      21             :     You should have received a copy of the GNU General Public License
      22             :     along with this program.  If not, see <http://www.gnu.org/licenses/>.
      23             : */
      24             : 
      25             : #include "config.h"
      26             : 
      27             : #include "util/sss_format.h"
      28             : #include "util/strtonum.h"
      29             : #include "providers/proxy/proxy.h"
      30             : 
      31             : /* =Getpwnam-wrapper======================================================*/
      32             : 
      33             : static int save_user(struct sss_domain_info *domain,
      34             :                      bool lowercase, struct passwd *pwd, const char *real_name,
      35             :                      const char *alias, uint64_t cache_timeout);
      36             : 
      37             : static int
      38             : handle_getpw_result(enum nss_status status, struct passwd *pwd,
      39             :                     struct sss_domain_info *dom, bool *del_user);
      40             : 
      41             : static int
      42             : delete_user(struct sss_domain_info *domain,
      43             :             const char *name, uid_t uid);
      44             : 
      45           0 : static int get_pw_name(struct proxy_id_ctx *ctx,
      46             :                        struct sss_domain_info *dom,
      47             :                        const char *name)
      48             : {
      49             :     TALLOC_CTX *tmpctx;
      50             :     struct passwd *pwd;
      51             :     enum nss_status status;
      52             :     char *buffer;
      53             :     size_t buflen;
      54             :     int ret;
      55             :     uid_t uid;
      56             :     bool del_user;
      57           0 :     struct ldb_result *cached_pwd = NULL;
      58           0 :     const char *real_name = NULL;
      59             : 
      60           0 :     DEBUG(SSSDBG_TRACE_FUNC, "Searching user by name (%s)\n", name);
      61             : 
      62           0 :     tmpctx = talloc_new(NULL);
      63           0 :     if (!tmpctx) {
      64           0 :         return ENOMEM;
      65             :     }
      66             : 
      67           0 :     pwd = talloc_zero(tmpctx, struct passwd);
      68           0 :     if (!pwd) {
      69           0 :         ret = ENOMEM;
      70           0 :         goto done;
      71             :     }
      72             : 
      73           0 :     buflen = DEFAULT_BUFSIZE;
      74           0 :     buffer = talloc_size(tmpctx, buflen);
      75           0 :     if (!buffer) {
      76           0 :         ret = ENOMEM;
      77           0 :         goto done;
      78             :     }
      79             : 
      80             :     /* FIXME: should we move this call outside the transaction to keep the
      81             :      * transaction as short as possible ? */
      82           0 :     status = ctx->ops.getpwnam_r(name, pwd, buffer, buflen, &ret);
      83           0 :     ret = handle_getpw_result(status, pwd, dom, &del_user);
      84           0 :     if (ret) {
      85           0 :         DEBUG(SSSDBG_OP_FAILURE,
      86             :               "getpwnam failed [%d]: %s\n", ret, strerror(ret));
      87           0 :         goto done;
      88             :     }
      89             : 
      90           0 :     if (del_user) {
      91           0 :         ret = delete_user(dom, name, 0);
      92           0 :         goto done;
      93             :     }
      94             : 
      95           0 :     uid = pwd->pw_uid;
      96             : 
      97             :     /* Canonicalize the username in case it was actually an alias */
      98             : 
      99           0 :     if (ctx->fast_alias == true) {
     100           0 :         ret = sysdb_getpwuid(tmpctx, dom, uid, &cached_pwd);
     101           0 :         if (ret != EOK) {
     102             :             /* Non-fatal, attempt to canonicalize online */
     103           0 :             DEBUG(SSSDBG_TRACE_FUNC, "Request to cache failed [%d]: %s\n",
     104             :                   ret, strerror(ret));
     105             :         }
     106             : 
     107           0 :         if (ret == EOK && cached_pwd->count == 1) {
     108           0 :             real_name = ldb_msg_find_attr_as_string(cached_pwd->msgs[0],
     109             :                                                     SYSDB_NAME, NULL);
     110           0 :             if (!real_name) {
     111           0 :                 DEBUG(SSSDBG_MINOR_FAILURE, "Cached user has no name?\n");
     112             :             }
     113             :         }
     114             :     }
     115             : 
     116           0 :     if (real_name == NULL) {
     117           0 :         memset(buffer, 0, buflen);
     118             : 
     119           0 :         status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret);
     120           0 :         ret = handle_getpw_result(status, pwd, dom, &del_user);
     121           0 :         if (ret) {
     122           0 :             DEBUG(SSSDBG_OP_FAILURE,
     123             :                 "getpwuid failed [%d]: %s\n", ret, strerror(ret));
     124           0 :             goto done;
     125             :         }
     126             : 
     127           0 :         real_name = pwd->pw_name;
     128             :     }
     129             : 
     130           0 :     if (del_user) {
     131           0 :         ret = delete_user(dom, name, uid);
     132           0 :         goto done;
     133             :     }
     134             : 
     135             :     /* Both lookups went fine, we can save the user now */
     136           0 :     ret = save_user(dom, !dom->case_sensitive, pwd,
     137           0 :                     real_name, name, dom->user_timeout);
     138             : 
     139             : done:
     140           0 :     talloc_zfree(tmpctx);
     141           0 :     if (ret) {
     142           0 :         DEBUG(SSSDBG_OP_FAILURE,
     143             :               "proxy -> getpwnam_r failed for '%s' <%d>: %s\n",
     144             :                name, ret, strerror(ret));
     145             :     }
     146           0 :     return ret;
     147             : }
     148             : 
     149             : static int
     150           0 : handle_getpw_result(enum nss_status status, struct passwd *pwd,
     151             :                     struct sss_domain_info *dom, bool *del_user)
     152             : {
     153           0 :     int ret = EOK;
     154             : 
     155           0 :     if (!del_user) {
     156           0 :         return EINVAL;
     157             :     }
     158           0 :     *del_user = false;
     159             : 
     160           0 :     switch (status) {
     161             :     case NSS_STATUS_NOTFOUND:
     162             : 
     163           0 :         DEBUG(SSSDBG_MINOR_FAILURE, "User not found.\n");
     164           0 :         *del_user = true;
     165           0 :         break;
     166             : 
     167             :     case NSS_STATUS_SUCCESS:
     168             : 
     169           0 :         DEBUG(SSSDBG_TRACE_FUNC, "User found: (%s, %"SPRIuid", %"SPRIgid")\n",
     170             :               pwd->pw_name, pwd->pw_uid, pwd->pw_gid);
     171             : 
     172             :         /* uid=0 or gid=0 are invalid values */
     173             :         /* also check that the id is in the valid range for this domain */
     174           0 :         if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) ||
     175           0 :             OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) {
     176             : 
     177           0 :             DEBUG(SSSDBG_MINOR_FAILURE,
     178             :                   "User filtered out! (id out of range)\n");
     179           0 :             *del_user = true;
     180           0 :             break;
     181             :         }
     182           0 :         break;
     183             : 
     184             :     case NSS_STATUS_UNAVAIL:
     185           0 :         DEBUG(SSSDBG_MINOR_FAILURE,
     186             :               "Remote back end is not available. Entering offline mode\n");
     187           0 :         ret = ENXIO;
     188           0 :         break;
     189             : 
     190             :     default:
     191           0 :         DEBUG(SSSDBG_OP_FAILURE, "Unknown return code %d\n", status);
     192           0 :         ret = EIO;
     193           0 :         break;
     194             :     }
     195             : 
     196           0 :     return ret;
     197             : }
     198             : 
     199             : static int
     200           0 : delete_user(struct sss_domain_info *domain,
     201             :             const char *name, uid_t uid)
     202             : {
     203           0 :     int ret = EOK;
     204             : 
     205           0 :     DEBUG(SSSDBG_TRACE_FUNC,
     206             :           "User %s does not exist (or is invalid) on remote server,"
     207             :            " deleting!\n", name);
     208           0 :     ret = sysdb_delete_user(domain, name, uid);
     209           0 :     if (ret == ENOENT) {
     210           0 :         ret = EOK;
     211             :     }
     212             : 
     213           0 :     return ret;
     214             : }
     215             : 
     216           0 : static int save_user(struct sss_domain_info *domain,
     217             :                      bool lowercase, struct passwd *pwd, const char *real_name,
     218             :                      const char *alias, uint64_t cache_timeout)
     219             : {
     220             :     const char *shell;
     221             :     const char *gecos;
     222           0 :     struct sysdb_attrs *attrs = NULL;
     223             :     errno_t ret;
     224             :     const char *cased_alias;
     225           0 :     const char *lc_pw_name = NULL;
     226             : 
     227           0 :     if (pwd->pw_shell && pwd->pw_shell[0] != '\0') {
     228           0 :         shell = pwd->pw_shell;
     229             :     } else {
     230           0 :         shell = NULL;
     231             :     }
     232             : 
     233           0 :     if (pwd->pw_gecos && pwd->pw_gecos[0] != '\0') {
     234           0 :         gecos = pwd->pw_gecos;
     235             :     } else {
     236           0 :         gecos = NULL;
     237             :     }
     238             : 
     239           0 :     if (lowercase || alias) {
     240           0 :         attrs = sysdb_new_attrs(NULL);
     241           0 :         if (!attrs) {
     242           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
     243           0 :             ret = ENOMEM;
     244           0 :             goto done;
     245             :         }
     246             :     }
     247             : 
     248           0 :     if (lowercase) {
     249           0 :         lc_pw_name = sss_tc_utf8_str_tolower(attrs, pwd->pw_name);
     250           0 :         if (lc_pw_name == NULL) {
     251           0 :             DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
     252           0 :             ret = ENOMEM;
     253           0 :             goto done;
     254             :         }
     255             : 
     256           0 :         ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lc_pw_name);
     257           0 :         if (ret) {
     258           0 :             DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
     259           0 :             ret = ENOMEM;
     260           0 :             goto done;
     261             :         }
     262             : 
     263             :     }
     264             : 
     265           0 :     if (alias) {
     266           0 :         cased_alias = sss_get_cased_name(attrs, alias, !lowercase);
     267           0 :         if (!cased_alias) {
     268           0 :             ret = ENOMEM;
     269           0 :             goto done;
     270             :         }
     271             : 
     272             :         /* Add the alias only if it differs from lowercased pw_name */
     273           0 :         if (lc_pw_name == NULL || strcmp(cased_alias, lc_pw_name) != 0) {
     274           0 :             ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, cased_alias);
     275           0 :             if (ret) {
     276           0 :                 DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
     277           0 :                 goto done;
     278             :             }
     279             :         }
     280             :     }
     281             : 
     282           0 :     ret = sysdb_store_user(domain,
     283             :                            real_name,
     284           0 :                            pwd->pw_passwd,
     285             :                            pwd->pw_uid,
     286             :                            pwd->pw_gid,
     287             :                            gecos,
     288           0 :                            pwd->pw_dir,
     289             :                            shell,
     290             :                            NULL,
     291             :                            attrs,
     292             :                            NULL,
     293             :                            cache_timeout,
     294             :                            0);
     295           0 :     if (ret) {
     296           0 :         DEBUG(SSSDBG_OP_FAILURE, "Could not add user to cache\n");
     297           0 :         goto done;
     298             :     }
     299             : 
     300             : done:
     301           0 :     talloc_zfree(attrs);
     302           0 :     return ret;
     303             : }
     304             : 
     305             : /* =Getpwuid-wrapper======================================================*/
     306             : 
     307           0 : static int get_pw_uid(struct proxy_id_ctx *ctx,
     308             :                       struct sss_domain_info *dom,
     309             :                       uid_t uid)
     310             : {
     311             :     TALLOC_CTX *tmpctx;
     312             :     struct passwd *pwd;
     313             :     enum nss_status status;
     314             :     char *buffer;
     315             :     size_t buflen;
     316           0 :     bool del_user = false;
     317             :     int ret;
     318             : 
     319           0 :     DEBUG(SSSDBG_TRACE_FUNC, "Searching user by uid (%"SPRIuid")\n", uid);
     320             : 
     321           0 :     tmpctx = talloc_new(NULL);
     322           0 :     if (!tmpctx) {
     323           0 :         return ENOMEM;
     324             :     }
     325             : 
     326           0 :     pwd = talloc_zero(tmpctx, struct passwd);
     327           0 :     if (!pwd) {
     328           0 :         ret = ENOMEM;
     329           0 :         goto done;
     330             :     }
     331             : 
     332           0 :     buflen = DEFAULT_BUFSIZE;
     333           0 :     buffer = talloc_size(tmpctx, buflen);
     334           0 :     if (!buffer) {
     335           0 :         ret = ENOMEM;
     336           0 :         goto done;
     337             :     }
     338             : 
     339           0 :     status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret);
     340           0 :     ret = handle_getpw_result(status, pwd, dom, &del_user);
     341           0 :     if (ret) {
     342           0 :         DEBUG(SSSDBG_OP_FAILURE,
     343             :               "getpwuid failed [%d]: %s\n", ret, strerror(ret));
     344           0 :         goto done;
     345             :     }
     346             : 
     347           0 :     if (del_user) {
     348           0 :         ret = delete_user(dom, NULL, uid);
     349           0 :         goto done;
     350             :     }
     351             : 
     352           0 :     ret = save_user(dom, !dom->case_sensitive, pwd,
     353           0 :                     pwd->pw_name, NULL, dom->user_timeout);
     354             : 
     355             : done:
     356           0 :     talloc_zfree(tmpctx);
     357           0 :     if (ret) {
     358           0 :         DEBUG(SSSDBG_CRIT_FAILURE,
     359             :               "proxy -> getpwuid_r failed for '%"SPRIuid"' <%d>: %s\n",
     360             :                uid, ret, strerror(ret));
     361             :     }
     362           0 :     return ret;
     363             : }
     364             : 
     365             : /* =Getpwent-wrapper======================================================*/
     366             : 
     367           0 : static int enum_users(TALLOC_CTX *mem_ctx,
     368             :                       struct proxy_id_ctx *ctx,
     369             :                       struct sysdb_ctx *sysdb,
     370             :                       struct sss_domain_info *dom)
     371             : {
     372             :     TALLOC_CTX *tmpctx;
     373           0 :     bool in_transaction = false;
     374             :     struct passwd *pwd;
     375             :     enum nss_status status;
     376             :     size_t buflen;
     377             :     char *buffer;
     378             :     char *newbuf;
     379             :     int ret;
     380             :     errno_t sret;
     381             :     bool again;
     382             : 
     383           0 :     DEBUG(SSSDBG_TRACE_LIBS, "Enumerating users\n");
     384             : 
     385           0 :     tmpctx = talloc_new(mem_ctx);
     386           0 :     if (!tmpctx) {
     387           0 :         return ENOMEM;
     388             :     }
     389             : 
     390           0 :     pwd = talloc_zero(tmpctx, struct passwd);
     391           0 :     if (!pwd) {
     392           0 :         ret = ENOMEM;
     393           0 :         goto done;
     394             :     }
     395             : 
     396           0 :     buflen = DEFAULT_BUFSIZE;
     397           0 :     buffer = talloc_size(tmpctx, buflen);
     398           0 :     if (!buffer) {
     399           0 :         ret = ENOMEM;
     400           0 :         goto done;
     401             :     }
     402             : 
     403           0 :     ret = sysdb_transaction_start(sysdb);
     404           0 :     if (ret) {
     405           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
     406           0 :         goto done;
     407             :     }
     408           0 :     in_transaction = true;
     409             : 
     410           0 :     status = ctx->ops.setpwent();
     411           0 :     if (status != NSS_STATUS_SUCCESS) {
     412           0 :         ret = EIO;
     413           0 :         goto done;
     414             :     }
     415             : 
     416             :     do {
     417           0 :         again = false;
     418             : 
     419             :         /* always zero out the pwd structure */
     420           0 :         memset(pwd, 0, sizeof(struct passwd));
     421             : 
     422             :         /* get entry */
     423           0 :         status = ctx->ops.getpwent_r(pwd, buffer, buflen, &ret);
     424             : 
     425           0 :         switch (status) {
     426             :             case NSS_STATUS_TRYAGAIN:
     427             :                 /* buffer too small ? */
     428           0 :                 if (buflen < MAX_BUF_SIZE) {
     429           0 :                     buflen *= 2;
     430             :                 }
     431           0 :                 if (buflen > MAX_BUF_SIZE) {
     432           0 :                     buflen = MAX_BUF_SIZE;
     433             :                 }
     434           0 :                 newbuf = talloc_realloc_size(tmpctx, buffer, buflen);
     435           0 :                 if (!newbuf) {
     436           0 :                     ret = ENOMEM;
     437           0 :                     goto done;
     438             :                 }
     439           0 :                 buffer = newbuf;
     440           0 :                 again = true;
     441           0 :                 break;
     442             : 
     443             :             case NSS_STATUS_NOTFOUND:
     444             : 
     445             :                 /* we are done here */
     446           0 :                 DEBUG(SSSDBG_TRACE_LIBS, "Enumeration completed.\n");
     447             : 
     448           0 :                 ret = sysdb_transaction_commit(sysdb);
     449           0 :                 if (ret != EOK) {
     450           0 :                     DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
     451           0 :                     goto done;
     452             :                 }
     453           0 :                 in_transaction = false;
     454           0 :                 break;
     455             : 
     456             :             case NSS_STATUS_SUCCESS:
     457             : 
     458           0 :                 DEBUG(SSSDBG_TRACE_LIBS,
     459             :                       "User found (%s, %"SPRIuid", %"SPRIgid")\n",
     460             :                        pwd->pw_name, pwd->pw_uid, pwd->pw_gid);
     461             : 
     462             :                 /* uid=0 or gid=0 are invalid values */
     463             :                 /* also check that the id is in the valid range for this domain
     464             :                  */
     465           0 :                 if (OUT_OF_ID_RANGE(pwd->pw_uid, dom->id_min, dom->id_max) ||
     466           0 :                     OUT_OF_ID_RANGE(pwd->pw_gid, dom->id_min, dom->id_max)) {
     467             : 
     468           0 :                     DEBUG(SSSDBG_OP_FAILURE, "User [%s] filtered out! (id out"
     469             :                         " of range)\n", pwd->pw_name);
     470             : 
     471           0 :                     again = true;
     472           0 :                     break;
     473             :                 }
     474             : 
     475           0 :                 ret = save_user(dom, !dom->case_sensitive, pwd,
     476           0 :                         pwd->pw_name, NULL, dom->user_timeout);
     477           0 :                 if (ret) {
     478             :                     /* Do not fail completely on errors.
     479             :                      * Just report the failure to save and go on */
     480           0 :                     DEBUG(SSSDBG_OP_FAILURE, "Failed to store user %s."
     481             :                                 " Ignoring.\n", pwd->pw_name);
     482             :                 }
     483           0 :                 again = true;
     484           0 :                 break;
     485             : 
     486             :             case NSS_STATUS_UNAVAIL:
     487             :                 /* "remote" backend unavailable. Enter offline mode */
     488           0 :                 ret = ENXIO;
     489           0 :                 break;
     490             : 
     491             :             default:
     492           0 :                 ret = EIO;
     493           0 :                 DEBUG(SSSDBG_OP_FAILURE, "proxy -> getpwent_r failed (%d)[%s]"
     494             :                             "\n", ret, strerror(ret));
     495           0 :                 break;
     496             :         }
     497           0 :     } while (again);
     498             : 
     499             : done:
     500           0 :     talloc_zfree(tmpctx);
     501           0 :     if (in_transaction) {
     502           0 :         sret = sysdb_transaction_cancel(sysdb);
     503           0 :         if (sret != EOK) {
     504           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
     505             :         }
     506             :     }
     507           0 :     ctx->ops.endpwent();
     508           0 :     return ret;
     509             : }
     510             : 
     511             : /* =Save-group-utilities=================================================*/
     512             : #define DEBUG_GR_MEM(level, grp) \
     513             :     do { \
     514             :         if (DEBUG_IS_SET(level)) { \
     515             :             if (!grp->gr_mem || !grp->gr_mem[0]) { \
     516             :                 DEBUG(level, "Group %s has no members!\n", \
     517             :                               grp->gr_name); \
     518             :             } else { \
     519             :                 int i = 0; \
     520             :                 while (grp->gr_mem[i]) { \
     521             :                     /* count */ \
     522             :                     i++; \
     523             :                 } \
     524             :                 DEBUG(level, "Group %s has %d members!\n", \
     525             :                               grp->gr_name, i); \
     526             :             } \
     527             :         } \
     528             :     } while(0)
     529             : 
     530             : 
     531             : static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb,
     532             :                                            struct sss_domain_info *domain,
     533             :                                            struct sysdb_attrs *group_attrs,
     534             :                                            struct group *grp,
     535             :                                            time_t now);
     536           0 : static int save_group(struct sysdb_ctx *sysdb, struct sss_domain_info *dom,
     537             :                       struct group *grp, const char *real_name,
     538             :                       const char *alias, uint64_t cache_timeout)
     539             : {
     540             :     errno_t ret, sret;
     541           0 :     struct sysdb_attrs *attrs = NULL;
     542             :     const char *cased_alias;
     543           0 :     const char *lc_gr_name = NULL;
     544             :     TALLOC_CTX *tmp_ctx;
     545           0 :     time_t now = time(NULL);
     546           0 :     bool in_transaction = false;
     547             : 
     548           0 :     tmp_ctx = talloc_new(NULL);
     549           0 :     if (!tmp_ctx) {
     550           0 :         return ENOMEM;
     551             :     }
     552             : 
     553           0 :     DEBUG_GR_MEM(SSSDBG_TRACE_LIBS, grp);
     554             : 
     555           0 :     ret = sysdb_transaction_start(sysdb);
     556           0 :     if (ret != EOK) {
     557           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
     558           0 :         goto done;
     559             :     }
     560           0 :     in_transaction = true;
     561             : 
     562           0 :     if (grp->gr_mem && grp->gr_mem[0]) {
     563           0 :         attrs = sysdb_new_attrs(tmp_ctx);
     564           0 :         if (!attrs) {
     565           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
     566           0 :             ret = ENOMEM;
     567           0 :             goto done;
     568             :         }
     569             : 
     570           0 :         ret = sysdb_attrs_users_from_str_list(
     571           0 :                 attrs, SYSDB_MEMBER, dom->name,
     572           0 :                 (const char *const *)grp->gr_mem);
     573           0 :         if (ret) {
     574           0 :             DEBUG(SSSDBG_OP_FAILURE, "Could not add group members\n");
     575           0 :             goto done;
     576             :         }
     577             : 
     578             :         /* Create ghost users */
     579           0 :         ret = proxy_process_missing_users(sysdb, dom, attrs, grp, now);
     580           0 :         if (ret != EOK) {
     581           0 :             DEBUG(SSSDBG_OP_FAILURE, "Could not add missing members\n");
     582           0 :             goto done;
     583             :         }
     584             :     }
     585             : 
     586           0 :     if (dom->case_sensitive == false || alias) {
     587           0 :         if (!attrs) {
     588           0 :             attrs = sysdb_new_attrs(tmp_ctx);
     589           0 :             if (!attrs) {
     590           0 :                 DEBUG(SSSDBG_CRIT_FAILURE, "Allocation error ?!\n");
     591           0 :                 ret = ENOMEM;
     592           0 :                 goto done;
     593             :             }
     594             :         }
     595             :     }
     596             : 
     597           0 :     if (dom->case_sensitive == false) {
     598           0 :         lc_gr_name = sss_tc_utf8_str_tolower(attrs, grp->gr_name);
     599           0 :         if (lc_gr_name == NULL) {
     600           0 :             DEBUG(SSSDBG_OP_FAILURE, "Cannot convert name to lowercase.\n");
     601           0 :             ret = ENOMEM;
     602           0 :             goto done;
     603             :         }
     604             : 
     605           0 :         ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, lc_gr_name);
     606           0 :         if (ret != EOK) {
     607           0 :             goto done;
     608             :         }
     609             :     }
     610             : 
     611           0 :     if (alias) {
     612           0 :         cased_alias = sss_get_cased_name(attrs, alias, dom->case_sensitive);
     613           0 :         if (!cased_alias) {
     614           0 :             ret = ENOMEM;
     615           0 :             DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
     616           0 :             goto done;
     617             :         }
     618             : 
     619           0 :         if (lc_gr_name == NULL || strcmp(cased_alias, lc_gr_name)) {
     620           0 :             ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, cased_alias);
     621           0 :             if (ret) {
     622           0 :                 DEBUG(SSSDBG_OP_FAILURE, "Could not add name alias\n");
     623           0 :                 goto done;
     624             :             }
     625             :         }
     626             :     }
     627             : 
     628           0 :     ret = sysdb_store_group(dom,
     629             :                             real_name,
     630             :                             grp->gr_gid,
     631             :                             attrs,
     632             :                             cache_timeout,
     633             :                             now);
     634           0 :     if (ret) {
     635           0 :         DEBUG(SSSDBG_OP_FAILURE, "Could not add group to cache\n");
     636           0 :         goto done;
     637             :     }
     638             : 
     639           0 :     ret = sysdb_transaction_commit(sysdb);
     640           0 :     if (ret != EOK) {
     641           0 :         DEBUG(SSSDBG_CRIT_FAILURE,
     642             :               "Could not commit transaction: [%s]\n",
     643             :                strerror(ret));
     644           0 :         goto done;
     645             :     }
     646           0 :     in_transaction = false;
     647             : 
     648             : done:
     649           0 :     if (in_transaction) {
     650           0 :         sret = sysdb_transaction_cancel(sysdb);
     651           0 :         if (sret != EOK) {
     652           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");
     653             :         }
     654             :     }
     655           0 :     talloc_free(tmp_ctx);
     656           0 :     return ret;
     657             : }
     658             : 
     659           0 : static errno_t proxy_process_missing_users(struct sysdb_ctx *sysdb,
     660             :                                            struct sss_domain_info *domain,
     661             :                                            struct sysdb_attrs *group_attrs,
     662             :                                            struct group *grp,
     663             :                                            time_t now)
     664             : {
     665             :     errno_t ret;
     666             :     size_t i;
     667           0 :     TALLOC_CTX *tmp_ctx = NULL;
     668             :     struct ldb_message *msg;
     669             : 
     670           0 :     if (!sysdb || !grp) return EINVAL;
     671             : 
     672           0 :     tmp_ctx = talloc_new(NULL);
     673           0 :     if (!tmp_ctx) return ENOMEM;
     674             : 
     675           0 :     for (i = 0; grp->gr_mem[i]; i++) {
     676           0 :         ret = sysdb_search_user_by_name(tmp_ctx, domain, grp->gr_mem[i],
     677             :                                         NULL, &msg);
     678           0 :         if (ret == EOK) {
     679             :             /* Member already exists in the cache */
     680           0 :             DEBUG(SSSDBG_TRACE_INTERNAL,
     681             :                   "Member [%s] already cached\n", grp->gr_mem[i]);
     682             :             /* clean up */
     683           0 :             talloc_zfree(msg);
     684           0 :             continue;
     685           0 :         } else if (ret == ENOENT) {
     686             :             /* No entry for this user. Create a ghost user */
     687           0 :             DEBUG(SSSDBG_TRACE_LIBS,
     688             :                   "Member [%s] not cached, creating ghost user entry\n",
     689             :                    grp->gr_mem[i]);
     690             : 
     691           0 :             ret = sysdb_attrs_add_string(group_attrs, SYSDB_GHOST, grp->gr_mem[i]);
     692           0 :             if (ret != EOK) {
     693           0 :                 DEBUG(SSSDBG_MINOR_FAILURE,
     694             :                       "Cannot store ghost user entry: [%d]: %s\n",
     695             :                        ret, strerror(ret));
     696           0 :                 goto done;
     697             :             }
     698             :         } else {
     699             :             /* Unexpected error */
     700           0 :             DEBUG(SSSDBG_MINOR_FAILURE,
     701             :                   "Error searching cache for user [%s]: [%s]\n",
     702             :                    grp->gr_mem[i], strerror(ret));
     703           0 :             goto done;
     704             :         }
     705             :     }
     706             : 
     707           0 :     ret = EOK;
     708             : done:
     709           0 :     talloc_free(tmp_ctx);
     710           0 :     return ret;
     711             : }
     712             : 
     713             : /* =Getgrnam-wrapper======================================================*/
     714             : static char *
     715           0 : grow_group_buffer(TALLOC_CTX *mem_ctx,
     716             :                   char **buffer, size_t *buflen)
     717             : {
     718             :     char *newbuf;
     719             : 
     720           0 :     if (*buflen == 0) {
     721           0 :         *buflen = DEFAULT_BUFSIZE;
     722             :     }
     723           0 :     if (*buflen < MAX_BUF_SIZE) {
     724           0 :         *buflen *= 2;
     725             :     }
     726           0 :     if (*buflen > MAX_BUF_SIZE) {
     727           0 :         *buflen = MAX_BUF_SIZE;
     728             :     }
     729             : 
     730           0 :     newbuf = talloc_realloc_size(mem_ctx, *buffer, *buflen);
     731           0 :     if (!newbuf) {
     732           0 :         return NULL;
     733             :     }
     734           0 :     *buffer = newbuf;
     735             : 
     736           0 :     return *buffer;
     737             : }
     738             : 
     739             : static errno_t
     740           0 : handle_getgr_result(enum nss_status status, struct group *grp,
     741             :                     struct sss_domain_info *dom,
     742             :                     bool *delete_group)
     743             : {
     744           0 :     switch (status) {
     745             :     case NSS_STATUS_TRYAGAIN:
     746           0 :         DEBUG(SSSDBG_MINOR_FAILURE, "Buffer too small\n");
     747           0 :         return EAGAIN;
     748             : 
     749             :     case NSS_STATUS_NOTFOUND:
     750           0 :         DEBUG(SSSDBG_MINOR_FAILURE, "Group not found.\n");
     751           0 :         *delete_group = true;
     752           0 :         break;
     753             : 
     754             :     case NSS_STATUS_SUCCESS:
     755           0 :         DEBUG(SSSDBG_FUNC_DATA, "Group found: (%s, %"SPRIgid")\n",
     756             :               grp->gr_name, grp->gr_gid);
     757             : 
     758             :         /* gid=0 is an invalid value */
     759             :         /* also check that the id is in the valid range for this domain */
     760           0 :         if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) {
     761           0 :             DEBUG(SSSDBG_MINOR_FAILURE,
     762             :                   "Group filtered out! (id out of range)\n");
     763           0 :             *delete_group = true;
     764           0 :             break;
     765             :         }
     766           0 :         break;
     767             : 
     768             :     case NSS_STATUS_UNAVAIL:
     769           0 :         DEBUG(SSSDBG_MINOR_FAILURE,
     770             :               "Remote back end is not available. Entering offline mode\n");
     771           0 :         return ENXIO;
     772             : 
     773             :     default:
     774           0 :         DEBUG(SSSDBG_OP_FAILURE, "Unknown return code %d\n", status);
     775           0 :         return EIO;
     776             :     }
     777             : 
     778           0 :     return EOK;
     779             : }
     780             : 
     781           0 : static int get_gr_name(struct proxy_id_ctx *ctx,
     782             :                        struct sysdb_ctx *sysdb,
     783             :                        struct sss_domain_info *dom,
     784             :                        const char *name)
     785             : {
     786             :     TALLOC_CTX *tmpctx;
     787             :     struct group *grp;
     788             :     enum nss_status status;
     789           0 :     char *buffer = 0;
     790           0 :     size_t buflen = 0;
     791           0 :     bool delete_group = false;
     792             :     int ret;
     793             :     gid_t gid;
     794           0 :     struct ldb_result *cached_grp = NULL;
     795           0 :     const char *real_name = NULL;
     796             : 
     797           0 :     DEBUG(SSSDBG_FUNC_DATA, "Searching group by name (%s)\n", name);
     798             : 
     799           0 :     tmpctx = talloc_new(NULL);
     800           0 :     if (!tmpctx) {
     801           0 :         return ENOMEM;
     802             :     }
     803             : 
     804           0 :     grp = talloc(tmpctx, struct group);
     805           0 :     if (!grp) {
     806           0 :         ret = ENOMEM;
     807           0 :         DEBUG(SSSDBG_CRIT_FAILURE,
     808             :               "proxy -> getgrnam_r failed for '%s': [%d] %s\n",
     809             :               name, ret, strerror(ret));
     810           0 :         goto done;
     811             :     }
     812             : 
     813             :     do {
     814             :         /* always zero out the grp structure */
     815           0 :         memset(grp, 0, sizeof(struct group));
     816           0 :         buffer = grow_group_buffer(tmpctx, &buffer, &buflen);
     817           0 :         if (!buffer) {
     818           0 :             ret = ENOMEM;
     819           0 :             goto done;
     820             :         }
     821             : 
     822           0 :         status = ctx->ops.getgrnam_r(name, grp, buffer, buflen, &ret);
     823             : 
     824           0 :         ret = handle_getgr_result(status, grp, dom, &delete_group);
     825           0 :     } while (ret == EAGAIN);
     826             : 
     827           0 :     if (ret != EOK) {
     828           0 :         DEBUG(SSSDBG_OP_FAILURE,
     829             :               "getgrnam failed [%d]: %s\n", ret, strerror(ret));
     830           0 :         goto done;
     831             :     }
     832             : 
     833           0 :     gid = grp->gr_gid;
     834             : 
     835             :     /* Canonicalize the group name in case it was actually an alias */
     836           0 :     if (ctx->fast_alias == true) {
     837           0 :         ret = sysdb_getgrgid(tmpctx, dom, gid, &cached_grp);
     838           0 :         if (ret != EOK) {
     839             :             /* Non-fatal, attempt to canonicalize online */
     840           0 :             DEBUG(SSSDBG_TRACE_FUNC, "Request to cache failed [%d]: %s\n",
     841             :                   ret, strerror(ret));
     842             :         }
     843             : 
     844           0 :         if (ret == EOK && cached_grp->count == 1) {
     845           0 :             real_name = ldb_msg_find_attr_as_string(cached_grp->msgs[0],
     846             :                                                     SYSDB_NAME, NULL);
     847           0 :             if (!real_name) {
     848           0 :                 DEBUG(SSSDBG_MINOR_FAILURE, "Cached group has no name?\n");
     849             :             }
     850             :         }
     851             :     }
     852             : 
     853           0 :     if (real_name == NULL) {
     854           0 :         talloc_zfree(buffer);
     855           0 :         buflen = 0;
     856             : 
     857             :         do {
     858           0 :             memset(grp, 0, sizeof(struct group));
     859           0 :             buffer = grow_group_buffer(tmpctx, &buffer, &buflen);
     860           0 :             if (!buffer) {
     861           0 :                 ret = ENOMEM;
     862           0 :                 goto done;
     863             :             }
     864             : 
     865           0 :             status = ctx->ops.getgrgid_r(gid, grp, buffer, buflen, &ret);
     866             : 
     867           0 :             ret = handle_getgr_result(status, grp, dom, &delete_group);
     868           0 :         } while (ret == EAGAIN);
     869             : 
     870           0 :         if (ret != EOK) {
     871           0 :             DEBUG(SSSDBG_OP_FAILURE,
     872             :                 "getgrgid failed [%d]: %s\n", ret, strerror(ret));
     873           0 :             goto done;
     874             :         }
     875             : 
     876           0 :         real_name = grp->gr_name;
     877             :     }
     878             : 
     879           0 :     if (delete_group) {
     880           0 :         DEBUG(SSSDBG_TRACE_FUNC,
     881             :               "Group %s does not exist (or is invalid) on remote server,"
     882             :                " deleting!\n", name);
     883             : 
     884           0 :         ret = sysdb_delete_group(dom, NULL, gid);
     885           0 :         if (ret == ENOENT) {
     886           0 :             ret = EOK;
     887             :         }
     888           0 :         goto done;
     889             :     }
     890             : 
     891           0 :     ret = save_group(sysdb, dom, grp, real_name, name, dom->group_timeout);
     892           0 :     if (ret) {
     893           0 :         DEBUG(SSSDBG_OP_FAILURE,
     894             :               "Cannot save group [%d]: %s\n", ret, strerror(ret));
     895           0 :         goto done;
     896             :     }
     897             : 
     898             : done:
     899           0 :     talloc_zfree(tmpctx);
     900           0 :     if (ret) {
     901           0 :         DEBUG(SSSDBG_OP_FAILURE,
     902             :               "proxy -> getgrnam_r failed for '%s' <%d>: %s\n",
     903             :               name, ret, strerror(ret));
     904             :     }
     905           0 :     return ret;
     906             : }
     907             : 
     908             : /* =Getgrgid-wrapper======================================================*/
     909           0 : static int get_gr_gid(TALLOC_CTX *mem_ctx,
     910             :                       struct proxy_id_ctx *ctx,
     911             :                       struct sysdb_ctx *sysdb,
     912             :                       struct sss_domain_info *dom,
     913             :                       gid_t gid,
     914             :                       time_t now)
     915             : {
     916             :     TALLOC_CTX *tmpctx;
     917             :     struct group *grp;
     918             :     enum nss_status status;
     919           0 :     char *buffer = NULL;
     920           0 :     size_t buflen = 0;
     921           0 :     bool delete_group = false;
     922             :     int ret;
     923             : 
     924           0 :     DEBUG(SSSDBG_TRACE_FUNC, "Searching group by gid (%"SPRIgid")\n", gid);
     925             : 
     926           0 :     tmpctx = talloc_new(mem_ctx);
     927           0 :     if (!tmpctx) {
     928           0 :         return ENOMEM;
     929             :     }
     930             : 
     931           0 :     grp = talloc(tmpctx, struct group);
     932           0 :     if (!grp) {
     933           0 :         ret = ENOMEM;
     934           0 :         goto done;
     935             :     }
     936             : 
     937             :     do {
     938             :         /* always zero out the grp structure */
     939           0 :         memset(grp, 0, sizeof(struct group));
     940           0 :         buffer = grow_group_buffer(tmpctx, &buffer, &buflen);
     941           0 :         if (!buffer) {
     942           0 :             ret = ENOMEM;
     943           0 :             goto done;
     944             :         }
     945             : 
     946           0 :         status = ctx->ops.getgrgid_r(gid, grp, buffer, buflen, &ret);
     947             : 
     948           0 :         ret = handle_getgr_result(status, grp, dom, &delete_group);
     949           0 :     } while (ret == EAGAIN);
     950             : 
     951           0 :     if (ret != EOK) {
     952           0 :         DEBUG(SSSDBG_OP_FAILURE,
     953             :               "getgrgid failed [%d]: %s\n", ret, strerror(ret));
     954           0 :         goto done;
     955             :     }
     956             : 
     957           0 :     if (delete_group) {
     958           0 :         DEBUG(SSSDBG_TRACE_FUNC,
     959             :               "Group %"SPRIgid" does not exist (or is invalid) on remote "
     960             :                "server, deleting!\n", gid);
     961             : 
     962           0 :         ret = sysdb_delete_group(dom, NULL, gid);
     963           0 :         if (ret == ENOENT) {
     964           0 :             ret = EOK;
     965             :         }
     966           0 :         goto done;
     967             :     }
     968             : 
     969           0 :     ret = save_group(sysdb, dom, grp, grp->gr_name, NULL, dom->group_timeout);
     970           0 :     if (ret) {
     971           0 :         DEBUG(SSSDBG_OP_FAILURE,
     972             :               "Cannot save user [%d]: %s\n", ret, strerror(ret));
     973           0 :         goto done;
     974             :     }
     975             : 
     976             : done:
     977           0 :     talloc_zfree(tmpctx);
     978           0 :     if (ret) {
     979           0 :         DEBUG(SSSDBG_OP_FAILURE,
     980             :               "proxy -> getgrgid_r failed for '%"SPRIgid"' <%d>: %s\n",
     981             :                gid, ret, strerror(ret));
     982             :     }
     983           0 :     return ret;
     984             : }
     985             : 
     986             : /* =Getgrent-wrapper======================================================*/
     987             : 
     988           0 : static int enum_groups(TALLOC_CTX *mem_ctx,
     989             :                        struct proxy_id_ctx *ctx,
     990             :                        struct sysdb_ctx *sysdb,
     991             :                        struct sss_domain_info *dom)
     992             : {
     993             :     TALLOC_CTX *tmpctx;
     994           0 :     bool in_transaction = false;
     995             :     struct group *grp;
     996             :     enum nss_status status;
     997             :     size_t buflen;
     998             :     char *buffer;
     999             :     char *newbuf;
    1000             :     int ret;
    1001             :     errno_t sret;
    1002             :     bool again;
    1003             : 
    1004           0 :     DEBUG(SSSDBG_TRACE_LIBS, "Enumerating groups\n");
    1005             : 
    1006           0 :     tmpctx = talloc_new(mem_ctx);
    1007           0 :     if (!tmpctx) {
    1008           0 :         return ENOMEM;
    1009             :     }
    1010             : 
    1011           0 :     grp = talloc(tmpctx, struct group);
    1012           0 :     if (!grp) {
    1013           0 :         ret = ENOMEM;
    1014           0 :         goto done;
    1015             :     }
    1016             : 
    1017           0 :     buflen = DEFAULT_BUFSIZE;
    1018           0 :     buffer = talloc_size(tmpctx, buflen);
    1019           0 :     if (!buffer) {
    1020           0 :         ret = ENOMEM;
    1021           0 :         goto done;
    1022             :     }
    1023             : 
    1024           0 :     ret = sysdb_transaction_start(sysdb);
    1025           0 :     if (ret) {
    1026           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
    1027           0 :         goto done;
    1028             :     }
    1029           0 :     in_transaction = true;
    1030             : 
    1031           0 :     status = ctx->ops.setgrent();
    1032           0 :     if (status != NSS_STATUS_SUCCESS) {
    1033           0 :         ret = EIO;
    1034           0 :         goto done;
    1035             :     }
    1036             : 
    1037             :     do {
    1038           0 :         again = false;
    1039             : 
    1040             :         /* always zero out the grp structure */
    1041           0 :         memset(grp, 0, sizeof(struct group));
    1042             : 
    1043             :         /* get entry */
    1044           0 :         status = ctx->ops.getgrent_r(grp, buffer, buflen, &ret);
    1045             : 
    1046           0 :         switch (status) {
    1047             :             case NSS_STATUS_TRYAGAIN:
    1048             :                 /* buffer too small ? */
    1049           0 :                 if (buflen < MAX_BUF_SIZE) {
    1050           0 :                     buflen *= 2;
    1051             :                 }
    1052           0 :                 if (buflen > MAX_BUF_SIZE) {
    1053           0 :                     buflen = MAX_BUF_SIZE;
    1054             :                 }
    1055           0 :                 newbuf = talloc_realloc_size(tmpctx, buffer, buflen);
    1056           0 :                 if (!newbuf) {
    1057           0 :                     ret = ENOMEM;
    1058           0 :                     goto done;
    1059             :                 }
    1060           0 :                 buffer = newbuf;
    1061           0 :                 again = true;
    1062           0 :                 break;
    1063             : 
    1064             :             case NSS_STATUS_NOTFOUND:
    1065             : 
    1066             :                 /* we are done here */
    1067           0 :                 DEBUG(SSSDBG_TRACE_LIBS, "Enumeration completed.\n");
    1068             : 
    1069           0 :                 ret = sysdb_transaction_commit(sysdb);
    1070           0 :                 if (ret != EOK) {
    1071           0 :                     DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
    1072           0 :                     goto done;
    1073             :                 }
    1074           0 :                 in_transaction = false;
    1075           0 :                 break;
    1076             : 
    1077             :             case NSS_STATUS_SUCCESS:
    1078             : 
    1079           0 :                 DEBUG(SSSDBG_OP_FAILURE, "Group found (%s, %"SPRIgid")\n",
    1080             :                             grp->gr_name, grp->gr_gid);
    1081             : 
    1082             :                 /* gid=0 is an invalid value */
    1083             :                 /* also check that the id is in the valid range for this domain
    1084             :                  */
    1085           0 :                 if (OUT_OF_ID_RANGE(grp->gr_gid, dom->id_min, dom->id_max)) {
    1086             : 
    1087           0 :                     DEBUG(SSSDBG_OP_FAILURE, "Group [%s] filtered out! (id"
    1088             :                         "out of range)\n", grp->gr_name);
    1089             : 
    1090           0 :                     again = true;
    1091           0 :                     break;
    1092             :                 }
    1093             : 
    1094           0 :                 ret = save_group(sysdb, dom, grp, grp->gr_name,
    1095           0 :                         NULL, dom->group_timeout);
    1096           0 :                 if (ret) {
    1097             :                     /* Do not fail completely on errors.
    1098             :                      * Just report the failure to save and go on */
    1099           0 :                     DEBUG(SSSDBG_OP_FAILURE, "Failed to store group."
    1100             :                                 "Ignoring\n");
    1101             :                 }
    1102           0 :                 again = true;
    1103           0 :                 break;
    1104             : 
    1105             :             case NSS_STATUS_UNAVAIL:
    1106             :                 /* "remote" backend unavailable. Enter offline mode */
    1107           0 :                 ret = ENXIO;
    1108           0 :                 break;
    1109             : 
    1110             :             default:
    1111           0 :                 ret = EIO;
    1112           0 :                 DEBUG(SSSDBG_OP_FAILURE, "proxy -> getgrent_r failed (%d)[%s]"
    1113             :                             "\n", ret, strerror(ret));
    1114           0 :                 break;
    1115             :         }
    1116           0 :     } while (again);
    1117             : 
    1118             : done:
    1119           0 :     talloc_zfree(tmpctx);
    1120           0 :     if (in_transaction) {
    1121           0 :         sret = sysdb_transaction_cancel(sysdb);
    1122           0 :         if (sret != EOK) {
    1123           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
    1124             :         }
    1125             :     }
    1126           0 :     ctx->ops.endgrent();
    1127           0 :     return ret;
    1128             : }
    1129             : 
    1130             : 
    1131             : /* =Initgroups-wrapper====================================================*/
    1132             : 
    1133             : static int get_initgr_groups_process(TALLOC_CTX *memctx,
    1134             :                                      struct proxy_id_ctx *ctx,
    1135             :                                      struct sysdb_ctx *sysdb,
    1136             :                                      struct sss_domain_info *dom,
    1137             :                                      struct passwd *pwd);
    1138             : 
    1139           0 : static int get_initgr(TALLOC_CTX *mem_ctx,
    1140             :                       struct proxy_id_ctx *ctx,
    1141             :                       struct sysdb_ctx *sysdb,
    1142             :                       struct sss_domain_info *dom,
    1143             :                       const char *name)
    1144             : {
    1145             :     TALLOC_CTX *tmpctx;
    1146           0 :     bool in_transaction = false;
    1147             :     struct passwd *pwd;
    1148             :     enum nss_status status;
    1149             :     char *buffer;
    1150             :     size_t buflen;
    1151             :     int ret;
    1152             :     errno_t sret;
    1153             :     bool del_user;
    1154             :     uid_t uid;
    1155           0 :     struct ldb_result *cached_pwd = NULL;
    1156           0 :     const char *real_name = NULL;
    1157             : 
    1158           0 :     tmpctx = talloc_new(mem_ctx);
    1159           0 :     if (!tmpctx) {
    1160           0 :         return ENOMEM;
    1161             :     }
    1162             : 
    1163           0 :     pwd = talloc_zero(tmpctx, struct passwd);
    1164           0 :     if (!pwd) {
    1165           0 :         ret = ENOMEM;
    1166           0 :         goto fail;
    1167             :     }
    1168             : 
    1169           0 :     buflen = DEFAULT_BUFSIZE;
    1170           0 :     buffer = talloc_size(tmpctx, buflen);
    1171           0 :     if (!buffer) {
    1172           0 :         ret = ENOMEM;
    1173           0 :         goto fail;
    1174             :     }
    1175             : 
    1176           0 :     ret = sysdb_transaction_start(sysdb);
    1177           0 :     if (ret) {
    1178           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
    1179           0 :         goto fail;
    1180             :     }
    1181           0 :     in_transaction = true;
    1182             : 
    1183             :     /* FIXME: should we move this call outside the transaction to keep the
    1184             :      * transaction as short as possible ? */
    1185           0 :     status = ctx->ops.getpwnam_r(name, pwd, buffer, buflen, &ret);
    1186           0 :     ret = handle_getpw_result(status, pwd, dom, &del_user);
    1187           0 :     if (ret) {
    1188           0 :         DEBUG(SSSDBG_OP_FAILURE,
    1189             :               "getpwnam failed [%d]: %s\n", ret, strerror(ret));
    1190           0 :         goto fail;
    1191             :     }
    1192             : 
    1193           0 :     if (del_user) {
    1194           0 :         ret = delete_user(dom, name, 0);
    1195           0 :         if (ret) {
    1196           0 :             DEBUG(SSSDBG_OP_FAILURE, "Could not delete user\n");
    1197           0 :             goto fail;
    1198             :         }
    1199           0 :         goto done;
    1200             :     }
    1201             : 
    1202           0 :     uid = pwd->pw_uid;
    1203           0 :     memset(buffer, 0, buflen);
    1204             : 
    1205             :     /* Canonicalize the username in case it was actually an alias */
    1206           0 :     if (ctx->fast_alias == true) {
    1207           0 :         ret = sysdb_getpwuid(tmpctx, dom, uid, &cached_pwd);
    1208           0 :         if (ret != EOK) {
    1209             :             /* Non-fatal, attempt to canonicalize online */
    1210           0 :             DEBUG(SSSDBG_TRACE_FUNC, "Request to cache failed [%d]: %s\n",
    1211             :                   ret, strerror(ret));
    1212             :         }
    1213             : 
    1214           0 :         if (ret == EOK && cached_pwd->count == 1) {
    1215           0 :             real_name = ldb_msg_find_attr_as_string(cached_pwd->msgs[0],
    1216             :                                                     SYSDB_NAME, NULL);
    1217           0 :             if (!real_name) {
    1218           0 :                 DEBUG(SSSDBG_MINOR_FAILURE, "Cached user has no name?\n");
    1219             :             }
    1220             :         }
    1221             :     }
    1222             : 
    1223           0 :     if (real_name == NULL) {
    1224           0 :         memset(buffer, 0, buflen);
    1225             : 
    1226           0 :         status = ctx->ops.getpwuid_r(uid, pwd, buffer, buflen, &ret);
    1227           0 :         ret = handle_getpw_result(status, pwd, dom, &del_user);
    1228           0 :         if (ret) {
    1229           0 :             DEBUG(SSSDBG_OP_FAILURE,
    1230             :                 "getpwuid failed [%d]: %s\n", ret, strerror(ret));
    1231           0 :             goto done;
    1232             :         }
    1233             : 
    1234           0 :         real_name = pwd->pw_name;
    1235             :     }
    1236             : 
    1237           0 :     if (del_user) {
    1238           0 :         ret = delete_user(dom, name, uid);
    1239           0 :         if (ret) {
    1240           0 :             DEBUG(SSSDBG_OP_FAILURE, "Could not delete user\n");
    1241           0 :             goto fail;
    1242             :         }
    1243           0 :         goto done;
    1244             :     }
    1245             : 
    1246           0 :     ret = save_user(dom, !dom->case_sensitive, pwd,
    1247           0 :                     real_name, name, dom->user_timeout);
    1248           0 :     if (ret) {
    1249           0 :         DEBUG(SSSDBG_OP_FAILURE, "Could not save user\n");
    1250           0 :         goto fail;
    1251             :     }
    1252             : 
    1253           0 :     ret = get_initgr_groups_process(tmpctx, ctx, sysdb, dom, pwd);
    1254           0 :     if (ret != EOK) {
    1255           0 :         DEBUG(SSSDBG_OP_FAILURE, "Could not process initgroups\n");
    1256           0 :         goto fail;
    1257             :     }
    1258             : 
    1259             : done:
    1260           0 :     ret = sysdb_transaction_commit(sysdb);
    1261           0 :     if (ret) {
    1262           0 :         DEBUG(SSSDBG_OP_FAILURE, "Failed to commit transaction\n");
    1263           0 :         goto fail;
    1264             :     }
    1265           0 :     in_transaction = false;
    1266             : 
    1267             : fail:
    1268           0 :     talloc_zfree(tmpctx);
    1269           0 :     if (in_transaction) {
    1270           0 :         sret = sysdb_transaction_cancel(sysdb);
    1271           0 :         if (sret != EOK) {
    1272           0 :             DEBUG(SSSDBG_CRIT_FAILURE, "Failed to cancel transaction\n");
    1273             :         }
    1274             :     }
    1275           0 :     return ret;
    1276             : }
    1277             : 
    1278           0 : static int get_initgr_groups_process(TALLOC_CTX *memctx,
    1279             :                                      struct proxy_id_ctx *ctx,
    1280             :                                      struct sysdb_ctx *sysdb,
    1281             :                                      struct sss_domain_info *dom,
    1282             :                                      struct passwd *pwd)
    1283             : {
    1284             :     enum nss_status status;
    1285             :     long int limit;
    1286             :     long int size;
    1287             :     long int num;
    1288             :     long int num_gids;
    1289             :     gid_t *gids;
    1290             :     int ret;
    1291             :     int i;
    1292             :     time_t now;
    1293             : 
    1294           0 :     num_gids = 0;
    1295           0 :     limit = 4096;
    1296           0 :     num = 4096;
    1297           0 :     size = num*sizeof(gid_t);
    1298           0 :     gids = talloc_size(memctx, size);
    1299           0 :     if (!gids) {
    1300           0 :         return ENOMEM;
    1301             :     }
    1302             : 
    1303             :     /* nss modules may skip the primary group when we pass it in so always add
    1304             :      * it in advance */
    1305           0 :     gids[0] = pwd->pw_gid;
    1306           0 :     num_gids++;
    1307             : 
    1308             :     /* FIXME: should we move this call outside the transaction to keep the
    1309             :      * transaction as short as possible ? */
    1310             :     do {
    1311           0 :         status = ctx->ops.initgroups_dyn(pwd->pw_name, pwd->pw_gid, &num_gids,
    1312             :                 &num, &gids, limit, &ret);
    1313             : 
    1314           0 :         if (status == NSS_STATUS_TRYAGAIN) {
    1315             :             /* buffer too small ? */
    1316           0 :             if (size < MAX_BUF_SIZE) {
    1317           0 :                 num *= 2;
    1318           0 :                 size = num*sizeof(gid_t);
    1319             :             }
    1320           0 :             if (size > MAX_BUF_SIZE) {
    1321           0 :                 size = MAX_BUF_SIZE;
    1322           0 :                 num = size/sizeof(gid_t);
    1323             :             }
    1324           0 :             limit = num;
    1325           0 :             gids = talloc_realloc_size(memctx, gids, size);
    1326           0 :             if (!gids) {
    1327           0 :                 return ENOMEM;
    1328             :             }
    1329             :         }
    1330           0 :     } while(status == NSS_STATUS_TRYAGAIN);
    1331             : 
    1332           0 :     switch (status) {
    1333             :     case NSS_STATUS_NOTFOUND:
    1334           0 :         DEBUG(SSSDBG_FUNC_DATA, "The initgroups call returned 'NOTFOUND'. "
    1335             :                                  "Assume the user is only member of its "
    1336             :                                  "primary group (%"SPRIgid")\n", pwd->pw_gid);
    1337             :         /* fall through */
    1338             :     case NSS_STATUS_SUCCESS:
    1339           0 :         DEBUG(SSSDBG_CONF_SETTINGS, "User [%s] appears to be member of %lu "
    1340             :               "groups\n", pwd->pw_name, num_gids);
    1341             : 
    1342           0 :         now = time(NULL);
    1343           0 :         for (i = 0; i < num_gids; i++) {
    1344           0 :             ret = get_gr_gid(memctx, ctx, sysdb, dom, gids[i], now);
    1345           0 :             if (ret) {
    1346           0 :                 return ret;
    1347             :             }
    1348             :         }
    1349           0 :         ret = EOK;
    1350             : 
    1351           0 :         break;
    1352             : 
    1353             :     default:
    1354           0 :         DEBUG(SSSDBG_OP_FAILURE, "proxy -> initgroups_dyn failed (%d)[%s]\n",
    1355             :                   ret, strerror(ret));
    1356           0 :         ret = EIO;
    1357           0 :         break;
    1358             :     }
    1359             : 
    1360           0 :     return ret;
    1361             : }
    1362             : 
    1363             : /* =Proxy_Id-Functions====================================================*/
    1364             : 
    1365           0 : void proxy_get_account_info(struct be_req *breq)
    1366             : {
    1367           0 :     struct be_ctx *be_ctx = be_req_get_be_ctx(breq);
    1368             :     struct be_acct_req *ar;
    1369             :     struct proxy_id_ctx *ctx;
    1370             :     struct sysdb_ctx *sysdb;
    1371             :     struct sss_domain_info *domain;
    1372             :     uid_t uid;
    1373             :     gid_t gid;
    1374             :     int ret;
    1375             :     char *endptr;
    1376             : 
    1377           0 :     ar = talloc_get_type(be_req_get_data(breq), struct be_acct_req);
    1378           0 :     ctx = talloc_get_type(be_ctx->bet_info[BET_ID].pvt_bet_data,
    1379             :                           struct proxy_id_ctx);
    1380           0 :     sysdb = be_ctx->domain->sysdb;
    1381           0 :     domain = be_ctx->domain;
    1382             : 
    1383           0 :     if (be_is_offline(be_ctx)) {
    1384           0 :         return be_req_terminate(breq, DP_ERR_OFFLINE, EAGAIN, "Offline");
    1385             :     }
    1386             : 
    1387             :     /* for now we support only core attrs */
    1388           0 :     if (ar->attr_type != BE_ATTR_CORE) {
    1389           0 :         return be_req_terminate(breq, DP_ERR_FATAL, EINVAL, "Invalid attr type");
    1390             :     }
    1391             : 
    1392             :     /* proxy provider does not support security ID lookups */
    1393           0 :     if (ar->filter_type == BE_FILTER_SECID) {
    1394           0 :         return be_req_terminate(breq, DP_ERR_FATAL, ENOSYS,
    1395             :                                 "Invalid filter type");
    1396             :     }
    1397             : 
    1398           0 :     switch (ar->entry_type & BE_REQ_TYPE_MASK) {
    1399             :     case BE_REQ_USER: /* user */
    1400           0 :         switch (ar->filter_type) {
    1401             :         case BE_FILTER_ENUM:
    1402           0 :             ret = enum_users(breq, ctx, sysdb, domain);
    1403           0 :             break;
    1404             : 
    1405             :         case BE_FILTER_NAME:
    1406           0 :             ret = get_pw_name(ctx, domain, ar->filter_value);
    1407           0 :             break;
    1408             : 
    1409             :         case BE_FILTER_IDNUM:
    1410           0 :             uid = (uid_t) strtouint32(ar->filter_value, &endptr, 10);
    1411           0 :             if (errno || *endptr || (ar->filter_value == endptr)) {
    1412           0 :                 return be_req_terminate(breq, DP_ERR_FATAL,
    1413             :                                    EINVAL, "Invalid attr type");
    1414             :             }
    1415           0 :             ret = get_pw_uid(ctx, domain, uid);
    1416           0 :             break;
    1417             :         default:
    1418           0 :             return be_req_terminate(breq, DP_ERR_FATAL,
    1419             :                                EINVAL, "Invalid filter type");
    1420             :         }
    1421           0 :         break;
    1422             : 
    1423             :     case BE_REQ_GROUP: /* group */
    1424           0 :         switch (ar->filter_type) {
    1425             :         case BE_FILTER_ENUM:
    1426           0 :             ret = enum_groups(breq, ctx, sysdb, domain);
    1427           0 :             break;
    1428             :         case BE_FILTER_NAME:
    1429           0 :             ret = get_gr_name(ctx, sysdb, domain, ar->filter_value);
    1430           0 :             break;
    1431             :         case BE_FILTER_IDNUM:
    1432           0 :             gid = (gid_t) strtouint32(ar->filter_value, &endptr, 10);
    1433           0 :             if (errno || *endptr || (ar->filter_value == endptr)) {
    1434           0 :                 return be_req_terminate(breq, DP_ERR_FATAL,
    1435             :                                    EINVAL, "Invalid attr type");
    1436             :             }
    1437           0 :             ret = get_gr_gid(breq, ctx, sysdb, domain, gid, 0);
    1438           0 :             break;
    1439             :         default:
    1440           0 :             return be_req_terminate(breq, DP_ERR_FATAL,
    1441             :                                EINVAL, "Invalid filter type");
    1442             :         }
    1443           0 :         break;
    1444             : 
    1445             :     case BE_REQ_INITGROUPS: /* init groups for user */
    1446           0 :         if (ar->filter_type != BE_FILTER_NAME) {
    1447           0 :             return be_req_terminate(breq, DP_ERR_FATAL,
    1448             :                                EINVAL, "Invalid filter type");
    1449             :         }
    1450           0 :         if (ctx->ops.initgroups_dyn == NULL) {
    1451           0 :             return be_req_terminate(breq, DP_ERR_FATAL,
    1452             :                                ENODEV, "Initgroups call not supported");
    1453             :         }
    1454           0 :         ret = get_initgr(breq, ctx, sysdb, domain, ar->filter_value);
    1455           0 :         break;
    1456             : 
    1457             :     case BE_REQ_NETGROUP:
    1458           0 :         if (ar->filter_type != BE_FILTER_NAME) {
    1459           0 :             return be_req_terminate(breq, DP_ERR_FATAL,
    1460             :                                EINVAL, "Invalid filter type");
    1461             :         }
    1462           0 :         if (ctx->ops.setnetgrent == NULL || ctx->ops.getnetgrent_r == NULL ||
    1463           0 :             ctx->ops.endnetgrent == NULL) {
    1464           0 :             return be_req_terminate(breq, DP_ERR_FATAL,
    1465             :                                ENODEV, "Netgroups are not supported");
    1466             :         }
    1467             : 
    1468           0 :         ret = get_netgroup(ctx, domain, ar->filter_value);
    1469           0 :         break;
    1470             : 
    1471             :     case BE_REQ_SERVICES:
    1472           0 :         switch (ar->filter_type) {
    1473             :         case BE_FILTER_NAME:
    1474           0 :             if (ctx->ops.getservbyname_r == NULL) {
    1475           0 :                 return be_req_terminate(breq, DP_ERR_FATAL,
    1476             :                                    ENODEV, "Services are not supported");
    1477             :             }
    1478           0 :             ret = get_serv_byname(ctx, domain,
    1479           0 :                                   ar->filter_value,
    1480           0 :                                   ar->extra_value);
    1481           0 :             break;
    1482             :         case BE_FILTER_IDNUM:
    1483           0 :             if (ctx->ops.getservbyport_r == NULL) {
    1484           0 :                 return be_req_terminate(breq, DP_ERR_FATAL,
    1485             :                                    ENODEV, "Services are not supported");
    1486             :             }
    1487           0 :             ret = get_serv_byport(ctx, domain,
    1488           0 :                                   ar->filter_value,
    1489           0 :                                   ar->extra_value);
    1490           0 :             break;
    1491             :         case BE_FILTER_ENUM:
    1492           0 :             if (!ctx->ops.setservent
    1493           0 :                     || !ctx->ops.getservent_r
    1494           0 :                     || !ctx->ops.endservent) {
    1495           0 :                 return be_req_terminate(breq, DP_ERR_FATAL,
    1496             :                                    ENODEV, "Services are not supported");
    1497             :             }
    1498           0 :             ret = enum_services(ctx, sysdb, domain);
    1499           0 :             break;
    1500             :         default:
    1501           0 :             return be_req_terminate(breq, DP_ERR_FATAL,
    1502             :                                EINVAL, "Invalid filter type");
    1503             :         }
    1504           0 :         break;
    1505             : 
    1506             :     default: /*fail*/
    1507           0 :         return be_req_terminate(breq, DP_ERR_FATAL,
    1508             :                            EINVAL, "Invalid request type");
    1509             :     }
    1510             : 
    1511           0 :     if (ret) {
    1512           0 :         if (ret == ENXIO) {
    1513           0 :             DEBUG(SSSDBG_OP_FAILURE,
    1514             :                   "proxy returned UNAVAIL error, going offline!\n");
    1515           0 :             be_mark_offline(be_ctx);
    1516             :         }
    1517           0 :         be_req_terminate(breq, DP_ERR_FATAL, ret, NULL);
    1518           0 :         return;
    1519             :     }
    1520           0 :     be_req_terminate(breq, DP_ERR_OK, EOK, NULL);
    1521             : }

Generated by: LCOV version 1.10