LCOV - code coverage report
Current view: top level - providers - be_dyndns.c (source / functions) Hit Total Coverage
Test: coverage.info Lines: 292 573 51.0 %
Date: 2016-06-29 Functions: 27 36 75.0 %

          Line data    Source code
       1             : /*
       2             :     SSSD
       3             : 
       4             :     dp_dyndns.c
       5             : 
       6             :     Authors:
       7             :         Stephen Gallagher <sgallagh@redhat.com>
       8             :         Jakub Hrozek <jhrozek@redhat.com>
       9             : 
      10             :     Copyright (C) 2013 Red Hat
      11             : 
      12             :     This program is free software; you can redistribute it and/or modify
      13             :     it under the terms of the GNU General Public License as published by
      14             :     the Free Software Foundation; either version 3 of the License, or
      15             :     (at your option) any later version.
      16             : 
      17             :     This program is distributed in the hope that it will be useful,
      18             :     but WITHOUT ANY WARRANTY; without even the implied warranty of
      19             :     MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
      20             :     GNU General Public License for more details.
      21             : 
      22             :     You should have received a copy of the GNU General Public License
      23             :     along with this program.  If not, see <http://www.gnu.org/licenses/>.
      24             : */
      25             : 
      26             : #include <sys/types.h>
      27             : #include <sys/socket.h>
      28             : #include <sys/ioctl.h>
      29             : #include <arpa/inet.h>
      30             : #include <net/if.h>
      31             : #include <ifaddrs.h>
      32             : #include <ctype.h>
      33             : #include "util/util.h"
      34             : #include "confdb/confdb.h"
      35             : #include "util/child_common.h"
      36             : #include "providers/data_provider.h"
      37             : #include "providers/backend.h"
      38             : #include "providers/be_dyndns.h"
      39             : #include "resolv/async_resolv.h"
      40             : 
      41             : #ifndef DYNDNS_TIMEOUT
      42             : #define DYNDNS_TIMEOUT 15
      43             : #endif /* DYNDNS_TIMEOUT */
      44             : 
      45             : /* MASK represents special value for matching all interfaces */
      46             : #define MASK "*"
      47             : 
      48             : struct sss_iface_addr {
      49             :     struct sss_iface_addr *next;
      50             :     struct sss_iface_addr *prev;
      51             : 
      52             :     struct sockaddr_storage *addr;
      53             : };
      54             : 
      55             : struct sockaddr_storage*
      56           4 : sss_iface_addr_get_address(struct sss_iface_addr *address)
      57             : {
      58           4 :     if (address == NULL) {
      59           1 :         return NULL;
      60             :     }
      61             : 
      62           3 :     return address->addr;
      63             : }
      64             : 
      65           4 : struct sss_iface_addr *sss_iface_addr_get_next(struct sss_iface_addr *address)
      66             : {
      67           4 :     if (address) {
      68           3 :         return address->next;
      69             :     }
      70             : 
      71           1 :     return NULL;
      72             : }
      73             : 
      74           0 : void sss_iface_addr_concatenate(struct sss_iface_addr **list,
      75             :                                 struct sss_iface_addr *list2)
      76             : {
      77           0 :     DLIST_CONCATENATE((*list), list2, struct sss_iface_addr*);
      78           0 : }
      79             : 
      80          24 : static errno_t addr_to_str(struct sockaddr_storage *addr,
      81             :                            char *dst, size_t size)
      82             : {
      83             :     const void *src;
      84             :     const char *res;
      85             :     errno_t ret;
      86             : 
      87          24 :     switch(addr->ss_family) {
      88             :     case AF_INET:
      89          12 :         src = &(((struct sockaddr_in *)addr)->sin_addr);
      90          12 :         break;
      91             :     case AF_INET6:
      92          12 :         src = &(((struct sockaddr_in6 *)addr)->sin6_addr);
      93          12 :         break;
      94             :     default:
      95           0 :         ret = ERR_ADDR_FAMILY_NOT_SUPPORTED;
      96           0 :         goto done;
      97             :     }
      98             : 
      99          24 :     res = inet_ntop(addr->ss_family, src, dst, size);
     100          24 :     if (res == NULL) {
     101           0 :         ret = errno;
     102           0 :         DEBUG(SSSDBG_OP_FAILURE, "inet_ntop failed [%d]: %s\n",
     103             :               ret, sss_strerror(ret));
     104           0 :         goto done;
     105             :     }
     106             : 
     107          24 :     ret = EOK;
     108             : 
     109             : done:
     110          24 :     return ret;
     111             : }
     112             : 
     113             : errno_t
     114           1 : sss_iface_addr_list_as_str_list(TALLOC_CTX *mem_ctx,
     115             :                                 struct sss_iface_addr *ifaddr_list,
     116             :                                 char ***_straddrs)
     117             : {
     118             :     struct sss_iface_addr *ifaddr;
     119             :     size_t count;
     120             :     int ai;
     121             :     char **straddrs;
     122             :     char ip_addr[INET6_ADDRSTRLEN];
     123             :     errno_t ret;
     124             : 
     125           1 :     count = 0;
     126           5 :     DLIST_FOR_EACH(ifaddr, ifaddr_list) {
     127           4 :         count++;
     128             :     }
     129             : 
     130           1 :     straddrs = talloc_array(mem_ctx, char *, count+1);
     131           1 :     if (straddrs == NULL) {
     132           0 :         return ENOMEM;
     133             :     }
     134             : 
     135           1 :     ai = 0;
     136           5 :     DLIST_FOR_EACH(ifaddr, ifaddr_list) {
     137             : 
     138           4 :         ret = addr_to_str(ifaddr->addr, ip_addr, INET6_ADDRSTRLEN);
     139           4 :         if (ret == ERR_ADDR_FAMILY_NOT_SUPPORTED) {
     140           0 :             continue;
     141           4 :         } else if (ret != EOK) {
     142           0 :             DEBUG(SSSDBG_MINOR_FAILURE, "addr_to_str failed: %d:[%s],\n",
     143             :                   ret, sss_strerror(ret));
     144           0 :             goto fail;
     145             :         }
     146             : 
     147           4 :         straddrs[ai] = talloc_strdup(straddrs, ip_addr);
     148           4 :         if (straddrs[ai] == NULL) {
     149           0 :             ret = ENOMEM;
     150           0 :             goto fail;
     151             :         }
     152           4 :         ai++;
     153             :     }
     154             : 
     155           1 :     straddrs[count] = NULL;
     156           1 :     *_straddrs = straddrs;
     157           1 :     return EOK;
     158             : 
     159             : fail:
     160           0 :     talloc_free(straddrs);
     161           0 :     return ret;
     162             : }
     163             : 
     164             : static bool
     165          25 : ok_for_dns(struct sockaddr *sa)
     166             : {
     167             :     struct sockaddr_in sa4;
     168             :     struct sockaddr_in6 sa6;
     169             : 
     170          25 :     switch (sa->sa_family) {
     171             :     case AF_INET6:
     172          12 :         memcpy(&sa6, sa, sizeof(struct sockaddr_in6));
     173          12 :         return check_ipv6_addr(&sa6.sin6_addr, SSS_NO_SPECIAL);
     174             :     case AF_INET:
     175          13 :         memcpy(&sa4, sa, sizeof(struct sockaddr_in));
     176          13 :         return check_ipv4_addr(&sa4.sin_addr, SSS_NO_SPECIAL);
     177             :     default:
     178           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "Unknown address family\n");
     179           0 :         return false;
     180             :     }
     181             : 
     182             :     return true;
     183             : }
     184             : 
     185          32 : static bool supported_address_family(sa_family_t sa_family)
     186             : {
     187          32 :     return sa_family == AF_INET || sa_family == AF_INET6;
     188             : }
     189             : 
     190          32 : static bool matching_name(const char *ifname, const char *ifname2)
     191             : {
     192          32 :     return (strcmp(MASK, ifname) == 0) || (strcasecmp(ifname, ifname2) == 0);
     193             : }
     194             : 
     195             : /* Collect IP addresses associated with an interface */
     196             : errno_t
     197          10 : sss_iface_addr_list_get(TALLOC_CTX *mem_ctx, const char *ifname,
     198             :                         struct sss_iface_addr **_addrlist)
     199             : {
     200          10 :     struct ifaddrs *ifaces = NULL;
     201             :     struct ifaddrs *ifa;
     202             :     errno_t ret;
     203             :     size_t addrsize;
     204             :     struct sss_iface_addr *address;
     205          10 :     struct sss_iface_addr *addrlist = NULL;
     206             : 
     207             :     /* Get the IP addresses associated with the
     208             :      * specified interface
     209             :      */
     210          10 :     errno = 0;
     211          10 :     ret = getifaddrs(&ifaces);
     212          10 :     if (ret == -1) {
     213           0 :         ret = errno;
     214           0 :         DEBUG(SSSDBG_OP_FAILURE,
     215             :               "Could not read interfaces [%d][%s]\n", ret, strerror(ret));
     216           0 :         goto done;
     217             :     }
     218             : 
     219          42 :     for (ifa = ifaces; ifa != NULL; ifa = ifa->ifa_next) {
     220             :         /* Some interfaces don't have an ifa_addr */
     221          32 :         if (!ifa->ifa_addr) continue;
     222             : 
     223             :         /* Add IP addresses to the list */
     224          32 :         if (supported_address_family(ifa->ifa_addr->sa_family)
     225          32 :                 && matching_name(ifname, ifa->ifa_name)
     226          25 :                 && ok_for_dns(ifa->ifa_addr)) {
     227             : 
     228             :             /* Add this address to the IP address list */
     229          23 :             address = talloc_zero(mem_ctx, struct sss_iface_addr);
     230          23 :             if (!address) {
     231           0 :                 ret = ENOMEM;
     232           0 :                 goto done;
     233             :             }
     234             : 
     235          46 :             addrsize = ifa->ifa_addr->sa_family == AF_INET ? \
     236          23 :                                 sizeof(struct sockaddr_in) : \
     237             :                                 sizeof(struct sockaddr_in6);
     238             : 
     239          23 :             address->addr = talloc_memdup(address, ifa->ifa_addr,
     240             :                                           addrsize);
     241          23 :             if (address->addr == NULL) {
     242           0 :                 ret = ENOMEM;
     243           0 :                 goto done;
     244             :             }
     245             : 
     246             :             /* steal old dlist to the new head */
     247          23 :             talloc_steal(address, addrlist);
     248          23 :             DLIST_ADD(addrlist, address);
     249             :         }
     250             :     }
     251             : 
     252          10 :     if (addrlist != NULL) {
     253             :         /* OK, some result was found */
     254           9 :         ret = EOK;
     255           9 :         *_addrlist = addrlist;
     256             :     } else {
     257             :         /* No result was found */
     258           1 :         DEBUG(SSSDBG_TRACE_FUNC,
     259             :               "No IPs usable for DNS was found for interface: %s.\n", ifname);
     260           1 :         ret = ENOENT;
     261             :     }
     262             : 
     263             : done:
     264          10 :     freeifaddrs(ifaces);
     265          10 :     return ret;
     266             : }
     267             : 
     268             : static char *
     269           9 : nsupdate_msg_add_fwd(char *update_msg, struct sss_iface_addr *addresses,
     270             :                      const char *hostname, int ttl, uint8_t remove_af)
     271             : {
     272             :     struct sss_iface_addr *new_record;
     273             :     char ip_addr[INET6_ADDRSTRLEN];
     274             :     errno_t ret;
     275             : 
     276             :     /* A addresses first */
     277             :     /* Remove existing entries as needed */
     278           9 :     if (remove_af & DYNDNS_REMOVE_A) {
     279           8 :         update_msg = talloc_asprintf_append(update_msg,
     280             :                                             "update delete %s. in A\n",
     281             :                                             hostname);
     282           8 :         if (update_msg == NULL) {
     283           0 :             return NULL;
     284             :         }
     285             :     }
     286          29 :     DLIST_FOR_EACH(new_record, addresses) {
     287          20 :         if (new_record->addr->ss_family == AF_INET) {
     288          10 :             ret = addr_to_str(new_record->addr, ip_addr, INET6_ADDRSTRLEN);
     289          10 :             if (ret != EOK) {
     290           0 :                 DEBUG(SSSDBG_MINOR_FAILURE, "addr_to_str failed: %d:[%s],\n",
     291             :                       ret, sss_strerror(ret));
     292           0 :                 return NULL;
     293             :             }
     294             : 
     295             :             /* Format the record update */
     296          10 :             update_msg = talloc_asprintf_append(update_msg,
     297             :                                                 "update add %s. %d in %s %s\n",
     298             :                                                 hostname, ttl, "A", ip_addr);
     299          10 :             if (update_msg == NULL) {
     300           0 :                 return NULL;
     301             :             }
     302             :         }
     303             :     }
     304           9 :     update_msg = talloc_asprintf_append(update_msg, "send\n");
     305             : 
     306             :     /* AAAA addresses next */
     307             :     /* Remove existing entries as needed */
     308           9 :     if (remove_af & DYNDNS_REMOVE_AAAA) {
     309           8 :         update_msg = talloc_asprintf_append(update_msg,
     310             :                                             "update delete %s. in AAAA\n",
     311             :                                             hostname);
     312           8 :         if (update_msg == NULL) {
     313           0 :             return NULL;
     314             :         }
     315             :     }
     316          29 :     DLIST_FOR_EACH(new_record, addresses) {
     317          20 :         if (new_record->addr->ss_family == AF_INET6) {
     318          10 :             ret = addr_to_str(new_record->addr, ip_addr, INET6_ADDRSTRLEN);
     319          10 :             if (ret != EOK) {
     320           0 :                 DEBUG(SSSDBG_MINOR_FAILURE, "addr_to_str failed: %d:[%s],\n",
     321             :                       ret, sss_strerror(ret));
     322           0 :                 return NULL;
     323             :             }
     324             : 
     325             :             /* Format the record update */
     326          10 :             update_msg = talloc_asprintf_append(update_msg,
     327             :                                                 "update add %s. %d in %s %s\n",
     328             :                                                 hostname, ttl, "AAAA", ip_addr);
     329          10 :             if (update_msg == NULL) {
     330           0 :                 return NULL;
     331             :             }
     332             :         }
     333             :     }
     334             : 
     335           9 :     return talloc_asprintf_append(update_msg, "send\n");
     336             : }
     337             : 
     338           0 : static uint8_t *nsupdate_convert_address(struct sockaddr_storage *add_address)
     339             : {
     340             :     uint8_t *addr;
     341             : 
     342           0 :     switch(add_address->ss_family) {
     343             :     case AF_INET:
     344           0 :         addr = (uint8_t *) &((struct sockaddr_in *) add_address)->sin_addr;
     345           0 :         break;
     346             :     case AF_INET6:
     347           0 :         addr = (uint8_t *) &((struct sockaddr_in6 *) add_address)->sin6_addr;
     348           0 :         break;
     349             :     default:
     350           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "Unknown address family\n");
     351           0 :         addr = NULL;
     352           0 :         break;
     353             :     }
     354             : 
     355           0 :     return addr;
     356             : }
     357             : 
     358           0 : static char *nsupdate_msg_add_ptr(char *update_msg,
     359             :                                   struct sockaddr_storage *address,
     360             :                                   const char *hostname,
     361             :                                   int ttl,
     362             :                                   bool delete)
     363             : {
     364             :     char *strptr;
     365             :     uint8_t *addr;
     366             : 
     367           0 :     addr = nsupdate_convert_address(address);
     368           0 :     if (addr == NULL) {
     369           0 :         return NULL;
     370             :     }
     371             : 
     372           0 :     strptr = resolv_get_string_ptr_address(update_msg, address->ss_family,
     373             :                                            addr);
     374           0 :     if (strptr == NULL) {
     375           0 :         return NULL;
     376             :     }
     377             : 
     378           0 :     if (delete) {
     379             :         /* example: update delete 38.78.16.10.in-addr.arpa. in PTR */
     380           0 :         update_msg = talloc_asprintf_append(update_msg,
     381             :                                             "update delete %s in PTR\n"
     382             :                                             "send\n",
     383             :                                             strptr);
     384             :     } else {
     385             :         /* example: update delete 38.78.16.10.in-addr.arpa. in PTR */
     386           0 :         update_msg = talloc_asprintf_append(update_msg,
     387             :                                             "update add %s %d in PTR %s.\n"
     388             :                                             "send\n",
     389             :                                             strptr, ttl, hostname);
     390             :     }
     391             : 
     392           0 :     talloc_free(strptr);
     393           0 :     if (update_msg == NULL) {
     394           0 :         return NULL;
     395             :     }
     396             : 
     397           0 :     return update_msg;
     398             : }
     399             : 
     400             : static char *
     401           9 : nsupdate_msg_add_realm_cmd(TALLOC_CTX *mem_ctx, const char *realm)
     402             : {
     403             : #ifdef HAVE_NSUPDATE_REALM
     404           9 :     if (realm != NULL) {
     405           2 :         return talloc_asprintf(mem_ctx, "realm %s\n", realm);
     406             :     }
     407             : #endif
     408           7 :     return talloc_asprintf(mem_ctx, "\n");
     409             : }
     410             : 
     411             : static char *
     412           9 : nsupdate_msg_create_common(TALLOC_CTX *mem_ctx, const char *realm,
     413             :                            const char *servername)
     414             : {
     415             :     char *realm_directive;
     416             :     char *update_msg;
     417             :     TALLOC_CTX *tmp_ctx;
     418             : 
     419           9 :     tmp_ctx = talloc_new(NULL);
     420           9 :     if (tmp_ctx == NULL) return NULL;
     421             : 
     422           9 :     realm_directive = nsupdate_msg_add_realm_cmd(tmp_ctx, realm);
     423           9 :     if (!realm_directive) {
     424           0 :         goto fail;
     425             :     }
     426             : 
     427             :     /* The realm_directive would now either contain an empty string or be
     428             :      * completely empty so we don't need to add another newline here
     429             :      */
     430           9 :     if (servername) {
     431           2 :         DEBUG(SSSDBG_FUNC_DATA,
     432             :               "Creating update message for server [%s] and realm [%s].\n",
     433             :                servername, realm);
     434             : 
     435             :         /* Add the server, realm and headers */
     436           2 :         update_msg = talloc_asprintf(tmp_ctx, "server %s\n%s",
     437             :                                      servername, realm_directive);
     438             :     } else {
     439           7 :         DEBUG(SSSDBG_FUNC_DATA,
     440             :               "Creating update message for realm [%s].\n", realm);
     441             :         /* Add the realm headers */
     442           7 :         update_msg = talloc_asprintf(tmp_ctx, "%s", realm_directive);
     443             :     }
     444           9 :     talloc_free(realm_directive);
     445           9 :     if (update_msg == NULL) {
     446           0 :         goto fail;
     447             :     }
     448             : 
     449           9 :     update_msg = talloc_steal(mem_ctx, update_msg);
     450           9 :     talloc_free(tmp_ctx);
     451           9 :     return update_msg;
     452             : 
     453             : fail:
     454           0 :     talloc_free(tmp_ctx);
     455           0 :     return NULL;
     456             : }
     457             : 
     458             : errno_t
     459           9 : be_nsupdate_create_fwd_msg(TALLOC_CTX *mem_ctx, const char *realm,
     460             :                            const char *servername,
     461             :                            const char *hostname, const unsigned int ttl,
     462             :                            uint8_t remove_af, struct sss_iface_addr *addresses,
     463             :                            char **_update_msg)
     464             : {
     465             :     int ret;
     466             :     char *update_msg;
     467             :     TALLOC_CTX *tmp_ctx;
     468             : 
     469             :     /* in some cases realm could have been NULL if we weren't using TSIG */
     470           9 :     if (hostname == NULL) {
     471           0 :         return EINVAL;
     472             :     }
     473             : 
     474           9 :     tmp_ctx = talloc_new(NULL);
     475           9 :     if (tmp_ctx == NULL) return ENOMEM;
     476             : 
     477           9 :     update_msg = nsupdate_msg_create_common(tmp_ctx, realm, servername);
     478           9 :     if (update_msg == NULL) {
     479           0 :         ret = ENOMEM;
     480           0 :         goto done;
     481             :     }
     482             : 
     483           9 :     update_msg = nsupdate_msg_add_fwd(update_msg, addresses, hostname,
     484             :                                       ttl, remove_af);
     485           9 :     if (update_msg == NULL) {
     486           0 :         ret = ENOMEM;
     487           0 :         goto done;
     488             :     }
     489             : 
     490           9 :     DEBUG(SSSDBG_TRACE_FUNC,
     491             :           " -- Begin nsupdate message -- \n"
     492             :           "%s"
     493             :           " -- End nsupdate message -- \n",
     494             :           update_msg);
     495             : 
     496           9 :     ret = ERR_OK;
     497           9 :     *_update_msg = talloc_steal(mem_ctx, update_msg);
     498             : done:
     499           9 :     talloc_free(tmp_ctx);
     500           9 :     return ret;
     501             : }
     502             : 
     503             : errno_t
     504           0 : be_nsupdate_create_ptr_msg(TALLOC_CTX *mem_ctx, const char *realm,
     505             :                            const char *servername, const char *hostname,
     506             :                            const unsigned int ttl,
     507             :                            struct sockaddr_storage *address,
     508             :                            bool delete,
     509             :                            char **_update_msg)
     510             : {
     511             :     errno_t ret;
     512             :     char *update_msg;
     513             : 
     514             :     /* in some cases realm could have been NULL if we weren't using TSIG */
     515           0 :     if (hostname == NULL) {
     516           0 :         return EINVAL;
     517             :     }
     518             : 
     519           0 :     update_msg = nsupdate_msg_create_common(mem_ctx, realm, servername);
     520           0 :     if (update_msg == NULL) {
     521           0 :         ret = ENOMEM;
     522           0 :         goto done;
     523             :     }
     524             : 
     525           0 :     update_msg = nsupdate_msg_add_ptr(update_msg, address, hostname, ttl,
     526             :                                       delete);
     527           0 :     if (update_msg == NULL) {
     528           0 :         ret = ENOMEM;
     529           0 :         goto done;
     530             :     }
     531             : 
     532           0 :     DEBUG(SSSDBG_TRACE_FUNC,
     533             :           " -- Begin nsupdate message -- \n"
     534             :           "%s"
     535             :           " -- End nsupdate message -- \n",
     536             :           update_msg);
     537             : 
     538           0 :     ret = ERR_OK;
     539           0 :     *_update_msg = update_msg;
     540             : 
     541             : done:
     542           0 :     return ret;
     543             : }
     544             : 
     545             : struct nsupdate_get_addrs_state {
     546             :     struct tevent_context *ev;
     547             :     struct be_resolv_ctx *be_res;
     548             :     enum host_database *db;
     549             :     const char *hostname;
     550             : 
     551             :     /* Use sss_addr in this request */
     552             :     struct sss_iface_addr *addrlist;
     553             :     size_t count;
     554             : };
     555             : 
     556             : static void nsupdate_get_addrs_done(struct tevent_req *subreq);
     557             : 
     558             : struct tevent_req *
     559           0 : nsupdate_get_addrs_send(TALLOC_CTX *mem_ctx,
     560             :                         struct tevent_context *ev,
     561             :                         struct be_resolv_ctx *be_res,
     562             :                         const char *hostname)
     563             : {
     564             :     errno_t ret;
     565             :     struct tevent_req *req;
     566             :     struct tevent_req *subreq;
     567             :     struct nsupdate_get_addrs_state *state;
     568             : 
     569           0 :     req = tevent_req_create(mem_ctx, &state, struct nsupdate_get_addrs_state);
     570           0 :     if (req == NULL) {
     571           0 :         return NULL;
     572             :     }
     573           0 :     state->be_res = be_res;
     574           0 :     state->ev = ev;
     575           0 :     state->hostname = talloc_strdup(state, hostname);
     576           0 :     if (state->hostname == NULL) {
     577           0 :         ret = ENOMEM;
     578           0 :         goto done;
     579             :     }
     580             : 
     581           0 :     state->db = talloc_array(state, enum host_database, 2);
     582           0 :     if (state->db == NULL) {
     583           0 :         ret = ENOMEM;
     584           0 :         goto done;
     585             :     }
     586           0 :     state->db[0] = DB_DNS;
     587           0 :     state->db[1] = DB_SENTINEL;
     588             : 
     589           0 :     subreq = resolv_gethostbyname_send(state, ev, be_res->resolv, hostname,
     590           0 :                                        state->be_res->family_order,
     591           0 :                                        state->db);
     592           0 :     if (subreq == NULL) {
     593           0 :         ret = ENOMEM;
     594           0 :         goto done;
     595             :     }
     596           0 :     tevent_req_set_callback(subreq, nsupdate_get_addrs_done, req);
     597             : 
     598           0 :     ret = ERR_OK;
     599             : done:
     600           0 :     if (ret != ERR_OK) {
     601           0 :         tevent_req_error(req, ret);
     602           0 :         tevent_req_post(req, ev);
     603             :     }
     604           0 :     return req;
     605             : }
     606             : 
     607             : static void
     608           0 : nsupdate_get_addrs_done(struct tevent_req *subreq)
     609             : {
     610             :     errno_t ret;
     611             :     size_t count;
     612           0 :     struct tevent_req *req =
     613           0 :             tevent_req_callback_data(subreq, struct tevent_req);
     614           0 :     struct nsupdate_get_addrs_state *state = tevent_req_data(req,
     615             :                                      struct nsupdate_get_addrs_state);
     616             :     struct resolv_hostent *rhostent;
     617             :     struct sss_iface_addr *addr;
     618             :     int i;
     619             :     int resolv_status;
     620             :     enum restrict_family retry_family_order;
     621             : 
     622           0 :     ret = resolv_gethostbyname_recv(subreq, state, &resolv_status, NULL,
     623             :                                     &rhostent);
     624           0 :     talloc_zfree(subreq);
     625             : 
     626             :     /* If the retry did not match, simply quit */
     627           0 :     if (ret == ENOENT) {
     628             :         /* If the resolver is set to honor both address families
     629             :          * it automatically retries the other one internally, so ENOENT
     630             :          * means neither matched and we can simply quit.
     631             :          */
     632           0 :         ret = EOK;
     633           0 :         goto done;
     634           0 :     } else if (ret != EOK) {
     635           0 :         DEBUG(SSSDBG_OP_FAILURE,
     636             :               "Could not resolve address for this machine, error [%d]: %s, "
     637             :                "resolver returned: [%d]: %s\n", ret, sss_strerror(ret),
     638             :                resolv_status, resolv_strerror(resolv_status));
     639           0 :         goto done;
     640             :     }
     641             : 
     642             :     /* EOK */
     643             : 
     644           0 :     if (rhostent->addr_list) {
     645           0 :         for (count=0; rhostent->addr_list[count]; count++);
     646             :     } else {
     647             :         /* The address list is NULL. This is probably a bug in
     648             :          * c-ares, but we need to handle it gracefully.
     649             :          */
     650           0 :         DEBUG(SSSDBG_MINOR_FAILURE,
     651             :               "Lookup of [%s] returned no addresses. Skipping.\n",
     652             :                rhostent->name);
     653           0 :         count = 0;
     654             :     }
     655             : 
     656           0 :     for (i=0; i < count; i++) {
     657           0 :         addr = talloc(state, struct sss_iface_addr);
     658           0 :         if (addr == NULL) {
     659           0 :             ret = ENOMEM;
     660           0 :             goto done;
     661             :         }
     662             : 
     663           0 :         addr->addr = resolv_get_sockaddr_address_index(addr, rhostent, 0, i);
     664           0 :         if (addr->addr == NULL) {
     665           0 :             ret = ENOMEM;
     666           0 :             goto done;
     667             :         }
     668             : 
     669           0 :         if (state->addrlist) {
     670           0 :             talloc_steal(state->addrlist, addr);
     671             :         }
     672             : 
     673             :         /* steal old dlist to the new head */
     674           0 :         talloc_steal(addr, state->addrlist);
     675           0 :         DLIST_ADD(state->addrlist, addr);
     676             :     }
     677           0 :     state->count += count;
     678             : 
     679             :     /* If the resolver is set to honor both address families
     680             :      * and the first one matched, retry the second one to
     681             :      * get the complete list.
     682             :      */
     683           0 :     if (((state->be_res->family_order == IPV4_FIRST &&
     684           0 :           rhostent->family == AF_INET) ||
     685           0 :         (state->be_res->family_order == IPV6_FIRST &&
     686           0 :          rhostent->family == AF_INET6))) {
     687             : 
     688           0 :         retry_family_order = (state->be_res->family_order == IPV4_FIRST) ? \
     689             :                              IPV6_ONLY : \
     690             :                              IPV4_ONLY;
     691             : 
     692           0 :         subreq = resolv_gethostbyname_send(state, state->ev,
     693           0 :                                            state->be_res->resolv,
     694             :                                            state->hostname,
     695             :                                            retry_family_order,
     696             :                                            state->db);
     697           0 :         if (!subreq) {
     698           0 :             ret = ENOMEM;
     699           0 :             goto done;
     700             :         }
     701           0 :         tevent_req_set_callback(subreq, nsupdate_get_addrs_done, req);
     702           0 :         return;
     703             :     }
     704             : 
     705             :     /* The second address matched either immediatelly or after a retry.
     706             :      * No need to retry again. */
     707           0 :     ret = EOK;
     708             : 
     709             : done:
     710           0 :     if (ret == EOK) {
     711             :         /* All done */
     712           0 :         tevent_req_done(req);
     713           0 :     } else if (ret != EAGAIN) {
     714           0 :         DEBUG(SSSDBG_OP_FAILURE,
     715             :               "nsupdate_get_addrs_done failed: [%d]: [%s]\n",
     716             :                ret, sss_strerror(ret));
     717           0 :         tevent_req_error(req, ret);
     718             :     }
     719             :     /* EAGAIN - another lookup in progress */
     720             : }
     721             : 
     722             : errno_t
     723           0 : nsupdate_get_addrs_recv(struct tevent_req *req,
     724             :                         TALLOC_CTX *mem_ctx,
     725             :                         struct sss_iface_addr **_addrlist,
     726             :                         size_t *_count)
     727             : {
     728           0 :     struct nsupdate_get_addrs_state *state = tevent_req_data(req,
     729             :                                     struct nsupdate_get_addrs_state);
     730             : 
     731           0 :     TEVENT_REQ_RETURN_ON_ERROR(req);
     732             : 
     733           0 :     if (_addrlist) {
     734           0 :         *_addrlist = talloc_steal(mem_ctx, state->addrlist);
     735             :     }
     736             : 
     737           0 :     if (_count) {
     738           0 :         *_count = state->count;
     739             :     }
     740             : 
     741           0 :     return EOK;
     742             : }
     743             : 
     744             : /* Write the nsupdate_msg into the already forked child, wait until
     745             :  * the child finishes
     746             :  *
     747             :  * This is not a typical tevent_req styled request as it ends either after
     748             :  * a timeout or when the child finishes operation.
     749             :  */
     750             : struct nsupdate_child_state {
     751             :     int pipefd_to_child;
     752             :     struct tevent_timer *timeout_handler;
     753             :     struct sss_child_ctx_old *child_ctx;
     754             : 
     755             :     int child_status;
     756             : };
     757             : 
     758             : static void
     759             : nsupdate_child_timeout(struct tevent_context *ev,
     760             :                        struct tevent_timer *te,
     761             :                        struct timeval tv, void *pvt);
     762             : static void
     763             : nsupdate_child_handler(int child_status,
     764             :                        struct tevent_signal *sige,
     765             :                        void *pvt);
     766             : 
     767             : static void nsupdate_child_stdin_done(struct tevent_req *subreq);
     768             : 
     769             : static struct tevent_req *
     770           3 : nsupdate_child_send(TALLOC_CTX *mem_ctx,
     771             :                     struct tevent_context *ev,
     772             :                     int pipefd_to_child,
     773             :                     pid_t child_pid,
     774             :                     char *child_stdin)
     775             : {
     776             :     errno_t ret;
     777             :     struct tevent_req *req;
     778             :     struct tevent_req *subreq;
     779             :     struct nsupdate_child_state *state;
     780             :     struct timeval tv;
     781             : 
     782           3 :     req = tevent_req_create(mem_ctx, &state, struct nsupdate_child_state);
     783           3 :     if (req == NULL) {
     784           0 :         close(pipefd_to_child);
     785           0 :         return NULL;
     786             :     }
     787           3 :     state->pipefd_to_child = pipefd_to_child;
     788             : 
     789             :     /* Set up SIGCHLD handler */
     790           3 :     ret = child_handler_setup(ev, child_pid, nsupdate_child_handler, req,
     791           3 :                               &state->child_ctx);
     792           3 :     if (ret != EOK) {
     793           0 :         DEBUG(SSSDBG_OP_FAILURE, "Could not set up child handlers [%d]: %s\n",
     794             :               ret, sss_strerror(ret));
     795           0 :         ret = ERR_DYNDNS_FAILED;
     796           0 :         goto done;
     797             :     }
     798             : 
     799             :     /* Set up timeout handler */
     800           3 :     tv = tevent_timeval_current_ofs(DYNDNS_TIMEOUT, 0);
     801           3 :     state->timeout_handler = tevent_add_timer(ev, req, tv,
     802             :                                               nsupdate_child_timeout, req);
     803           3 :     if(state->timeout_handler == NULL) {
     804           0 :         ret = ERR_DYNDNS_FAILED;
     805           0 :         goto done;
     806             :     }
     807             : 
     808             :     /* Write the update message to the nsupdate child */
     809           6 :     subreq = write_pipe_send(req, ev,
     810             :                              (uint8_t *) child_stdin,
     811           3 :                              strlen(child_stdin)+1,
     812           3 :                              state->pipefd_to_child);
     813           3 :     if (subreq == NULL) {
     814           0 :         ret = ERR_DYNDNS_FAILED;
     815           0 :         goto done;
     816             :     }
     817           3 :     tevent_req_set_callback(subreq, nsupdate_child_stdin_done, req);
     818             : 
     819           3 :     ret = EOK;
     820             : done:
     821           3 :     if (ret != EOK) {
     822           0 :         tevent_req_error(req, ret);
     823           0 :         tevent_req_post(req, ev);
     824             :     }
     825           3 :     return req;
     826             : }
     827             : 
     828             : static void
     829           1 : nsupdate_child_timeout(struct tevent_context *ev,
     830             :                        struct tevent_timer *te,
     831             :                        struct timeval tv, void *pvt)
     832             : {
     833           1 :     struct tevent_req *req =
     834             :             talloc_get_type(pvt, struct tevent_req);
     835           1 :     struct nsupdate_child_state *state =
     836           1 :             tevent_req_data(req, struct nsupdate_child_state);
     837             : 
     838           1 :     DEBUG(SSSDBG_CRIT_FAILURE, "Timeout reached for dynamic DNS update\n");
     839           1 :     child_handler_destroy(state->child_ctx);
     840           1 :     state->child_ctx = NULL;
     841           1 :     state->child_status = ETIMEDOUT;
     842           1 :     tevent_req_error(req, ERR_DYNDNS_TIMEOUT);
     843           1 : }
     844             : 
     845             : static void
     846           3 : nsupdate_child_stdin_done(struct tevent_req *subreq)
     847             : {
     848             :     errno_t ret;
     849           3 :     struct tevent_req *req =
     850           3 :             tevent_req_callback_data(subreq, struct tevent_req);
     851           3 :     struct nsupdate_child_state *state =
     852           3 :             tevent_req_data(req, struct nsupdate_child_state);
     853             : 
     854             :     /* Verify that the buffer was sent, then return
     855             :      * and wait for the sigchld handler to finish.
     856             :      */
     857           3 :     DEBUG(SSSDBG_TRACE_LIBS, "Sending nsupdate data complete\n");
     858             : 
     859           3 :     ret = write_pipe_recv(subreq);
     860           3 :     talloc_zfree(subreq);
     861           3 :     if (ret != EOK) {
     862           0 :         DEBUG(SSSDBG_OP_FAILURE, "Sending nsupdate data failed [%d]: %s\n",
     863             :               ret, sss_strerror(ret));
     864           0 :         tevent_req_error(req, ERR_DYNDNS_FAILED);
     865           3 :         return;
     866             :     }
     867             : 
     868           3 :     PIPE_FD_CLOSE(state->pipefd_to_child);
     869             : 
     870             :     /* Now either wait for the timeout to fire or the child
     871             :      * to finish
     872             :      */
     873             : }
     874             : 
     875             : static void
     876           2 : nsupdate_child_handler(int child_status,
     877             :                        struct tevent_signal *sige,
     878             :                        void *pvt)
     879             : {
     880           2 :     struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
     881           2 :     struct nsupdate_child_state *state =
     882           2 :             tevent_req_data(req, struct nsupdate_child_state);
     883             : 
     884           2 :     state->child_status = child_status;
     885             : 
     886           2 :     if (WIFEXITED(child_status) && WEXITSTATUS(child_status) != 0) {
     887           1 :         DEBUG(SSSDBG_OP_FAILURE,
     888             :               "Dynamic DNS child failed with status [%d]\n", child_status);
     889           1 :         tevent_req_error(req, ERR_DYNDNS_FAILED);
     890           1 :         return;
     891             :     }
     892             : 
     893           1 :     if (WIFSIGNALED(child_status)) {
     894           0 :         DEBUG(SSSDBG_OP_FAILURE,
     895             :               "Dynamic DNS child was terminated by signal [%d]\n",
     896             :                WTERMSIG(child_status));
     897           0 :         tevent_req_error(req, ERR_DYNDNS_FAILED);
     898           0 :         return;
     899             :     }
     900             : 
     901           1 :     tevent_req_done(req);
     902             : }
     903             : 
     904             : static errno_t
     905           3 : nsupdate_child_recv(struct tevent_req *req, int *child_status)
     906             : {
     907           3 :     struct nsupdate_child_state *state =
     908           3 :             tevent_req_data(req, struct nsupdate_child_state);
     909             : 
     910           3 :     *child_status = state->child_status;
     911             : 
     912           3 :     PIPE_FD_CLOSE(state->pipefd_to_child);
     913             : 
     914           5 :     TEVENT_REQ_RETURN_ON_ERROR(req);
     915             : 
     916           1 :     return ERR_OK;
     917             : }
     918             : 
     919             : /* Fork a nsupdate child, write the nsupdate_msg into stdin and wait for the child
     920             :  * to finish one way or another
     921             :  */
     922             : struct be_nsupdate_state {
     923             :     int child_status;
     924             : };
     925             : 
     926             : static void be_nsupdate_done(struct tevent_req *subreq);
     927             : static char **be_nsupdate_args(TALLOC_CTX *mem_ctx,
     928             :                                enum be_nsupdate_auth auth_type,
     929             :                                bool force_tcp);
     930             : 
     931           3 : struct tevent_req *be_nsupdate_send(TALLOC_CTX *mem_ctx,
     932             :                                     struct tevent_context *ev,
     933             :                                     enum be_nsupdate_auth auth_type,
     934             :                                     char *nsupdate_msg,
     935             :                                     bool force_tcp)
     936             : {
     937           3 :     int pipefd_to_child[2] = PIPE_INIT;
     938             :     pid_t child_pid;
     939             :     errno_t ret;
     940           3 :     struct tevent_req *req = NULL;
     941           3 :     struct tevent_req *subreq = NULL;
     942             :     struct be_nsupdate_state *state;
     943             :     char **args;
     944             :     int debug_fd;
     945             : 
     946           3 :     req = tevent_req_create(mem_ctx, &state, struct be_nsupdate_state);
     947           3 :     if (req == NULL) {
     948           0 :         return NULL;
     949             :     }
     950           3 :     state->child_status = 0;
     951             : 
     952           3 :     ret = pipe(pipefd_to_child);
     953           3 :     if (ret == -1) {
     954           0 :         ret = errno;
     955           0 :         DEBUG(SSSDBG_CRIT_FAILURE,
     956             :               "pipe failed [%d][%s].\n", ret, strerror(ret));
     957           0 :         goto done;
     958             :     }
     959             : 
     960           3 :     child_pid = fork();
     961             : 
     962           3 :     if (child_pid == 0) { /* child */
     963           0 :         PIPE_FD_CLOSE(pipefd_to_child[1]);
     964           0 :         ret = dup2(pipefd_to_child[0], STDIN_FILENO);
     965           0 :         if (ret == -1) {
     966           0 :             ret = errno;
     967           0 :             DEBUG(SSSDBG_CRIT_FAILURE,
     968             :                   "dup2 failed [%d][%s].\n", ret, strerror(ret));
     969           0 :             goto done;
     970             :         }
     971             : 
     972           0 :         if (debug_level >= SSSDBG_TRACE_LIBS) {
     973           0 :             debug_fd = get_fd_from_debug_file();
     974           0 :             ret = dup2(debug_fd, STDERR_FILENO);
     975           0 :             if (ret == -1) {
     976           0 :                 ret = errno;
     977           0 :                 DEBUG(SSSDBG_MINOR_FAILURE,
     978             :                     "dup2 failed [%d][%s].\n", ret, strerror(ret));
     979             :                 /* stderr is not fatal */
     980             :             }
     981             :         }
     982             : 
     983           0 :         args = be_nsupdate_args(state, auth_type, force_tcp);
     984           0 :         if (args == NULL) {
     985           0 :             ret = ENOMEM;
     986           0 :             goto done;
     987             :         }
     988             : 
     989           0 :         errno = 0;
     990           0 :         execv(NSUPDATE_PATH, args);
     991             :         /* The child should never end up here */
     992           0 :         ret = errno;
     993           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "execv failed [%d][%s].\n", ret, strerror(ret));
     994           0 :         goto done;
     995           3 :     } else if (child_pid > 0) { /* parent */
     996           3 :         PIPE_FD_CLOSE(pipefd_to_child[0]);
     997             : 
     998             :         /* the nsupdate_child request now owns the pipefd and is responsible
     999             :          * for closing it
    1000             :          */
    1001           3 :         subreq = nsupdate_child_send(state, ev, pipefd_to_child[1],
    1002             :                                      child_pid, nsupdate_msg);
    1003           3 :         if (subreq == NULL) {
    1004           0 :             ret = ERR_DYNDNS_FAILED;
    1005           0 :             goto done;
    1006             :         }
    1007           3 :         tevent_req_set_callback(subreq, be_nsupdate_done, req);
    1008             :     } else { /* error */
    1009           0 :         ret = errno;
    1010           0 :         DEBUG(SSSDBG_CRIT_FAILURE,
    1011             :               "fork failed [%d][%s].\n", ret, strerror(ret));
    1012           0 :         goto done;
    1013             :     }
    1014             : 
    1015           3 :     ret = EOK;
    1016             : done:
    1017           3 :     if (ret != EOK) {
    1018           0 :         PIPE_CLOSE(pipefd_to_child);
    1019           0 :         tevent_req_error(req, ret);
    1020           0 :         tevent_req_post(req, ev);
    1021             :     }
    1022           3 :     return req;
    1023             : }
    1024             : 
    1025             : static char **
    1026           0 : be_nsupdate_args(TALLOC_CTX *mem_ctx,
    1027             :                  enum be_nsupdate_auth auth_type,
    1028             :                  bool force_tcp)
    1029             : {
    1030             :     char **argv;
    1031           0 :     int argc = 0;
    1032             : 
    1033           0 :     argv = talloc_zero_array(mem_ctx, char *, 6);
    1034           0 :     if (argv == NULL) {
    1035           0 :         return NULL;
    1036             :     }
    1037             : 
    1038           0 :     argv[argc] = talloc_strdup(argv, NSUPDATE_PATH);
    1039           0 :     if (argv[argc] == NULL) {
    1040           0 :         goto fail;
    1041             :     }
    1042           0 :     argc++;
    1043             : 
    1044           0 :     switch (auth_type) {
    1045             :     case BE_NSUPDATE_AUTH_NONE:
    1046           0 :         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: none\n");
    1047           0 :         break;
    1048             :     case BE_NSUPDATE_AUTH_GSS_TSIG:
    1049           0 :         DEBUG(SSSDBG_FUNC_DATA, "nsupdate auth type: GSS-TSIG\n");
    1050           0 :         argv[argc] = talloc_strdup(argv, "-g");
    1051           0 :         if (argv[argc] == NULL) {
    1052           0 :             goto fail;
    1053             :         }
    1054           0 :         argc++;
    1055           0 :         break;
    1056             :     default:
    1057           0 :         DEBUG(SSSDBG_CRIT_FAILURE, "Unknown nsupdate auth type\n");
    1058           0 :         goto fail;
    1059             :     }
    1060             : 
    1061           0 :     if (force_tcp) {
    1062           0 :         DEBUG(SSSDBG_FUNC_DATA, "TCP is set to on\n");
    1063           0 :         argv[argc] = talloc_strdup(argv, "-v");
    1064           0 :         if (argv[argc] == NULL) {
    1065           0 :             goto fail;
    1066             :         }
    1067           0 :         argc++;
    1068             :     }
    1069             : 
    1070           0 :     if (debug_level >= SSSDBG_TRACE_LIBS) {
    1071           0 :         argv[argc] = talloc_strdup(argv, "-d");
    1072           0 :         if (argv[argc] == NULL) {
    1073           0 :             goto fail;
    1074             :         }
    1075           0 :         argc++;
    1076             :     }
    1077             : 
    1078           0 :     if (debug_level >= SSSDBG_TRACE_INTERNAL) {
    1079           0 :         argv[argc] = talloc_strdup(argv, "-D");
    1080           0 :         if (argv[argc] == NULL) {
    1081           0 :             goto fail;
    1082             :         }
    1083           0 :         argc++;
    1084             :     }
    1085             : 
    1086           0 :     return argv;
    1087             : 
    1088             : fail:
    1089           0 :     talloc_free(argv);
    1090           0 :     return NULL;
    1091             : }
    1092             : 
    1093             : static void
    1094           3 : be_nsupdate_done(struct tevent_req *subreq)
    1095             : {
    1096           3 :     struct tevent_req *req =
    1097           3 :             tevent_req_callback_data(subreq, struct tevent_req);
    1098           3 :     struct be_nsupdate_state *state =
    1099           3 :             tevent_req_data(req, struct be_nsupdate_state);
    1100             :     errno_t ret;
    1101             : 
    1102           3 :     ret = nsupdate_child_recv(subreq, &state->child_status);
    1103           3 :     talloc_zfree(subreq);
    1104           3 :     if (ret != EOK) {
    1105           2 :         DEBUG(SSSDBG_OP_FAILURE, "nsupdate child execution failed [%d]: %s\n",
    1106             :               ret, sss_strerror(ret));
    1107           2 :         tevent_req_error(req, ret);
    1108           5 :         return;
    1109             :     }
    1110             : 
    1111           1 :     DEBUG(SSSDBG_FUNC_DATA,
    1112             :            "nsupdate child status: %d\n", state->child_status);
    1113           1 :     tevent_req_done(req);
    1114             : }
    1115             : 
    1116             : errno_t
    1117           3 : be_nsupdate_recv(struct tevent_req *req, int *child_status)
    1118             : {
    1119           3 :     struct be_nsupdate_state *state =
    1120           3 :             tevent_req_data(req, struct be_nsupdate_state);
    1121             : 
    1122           3 :     *child_status = state->child_status;
    1123             : 
    1124           5 :     TEVENT_REQ_RETURN_ON_ERROR(req);
    1125             : 
    1126           1 :     return EOK;
    1127             : }
    1128             : 
    1129           2 : static void be_nsupdate_timer(struct tevent_context *ev,
    1130             :                               struct tevent_timer *te,
    1131             :                               struct timeval current_time,
    1132             :                               void *pvt)
    1133             : {
    1134           2 :     struct be_nsupdate_ctx *ctx = talloc_get_type(pvt, struct be_nsupdate_ctx);
    1135             : 
    1136           2 :     talloc_zfree(ctx->refresh_timer);
    1137           2 :     ctx->timer_callback(ctx->timer_pvt);
    1138             : 
    1139             :     /* timer_callback is responsible for calling be_nsupdate_timer_schedule
    1140             :      * again */
    1141           2 : }
    1142             : 
    1143           2 : void be_nsupdate_timer_schedule(struct tevent_context *ev,
    1144             :                                 struct be_nsupdate_ctx *ctx)
    1145             : {
    1146             :     int refresh;
    1147             :     struct timeval tv;
    1148             : 
    1149           2 :     if (ctx->refresh_timer) {
    1150           0 :         DEBUG(SSSDBG_FUNC_DATA, "Timer already scheduled\n");
    1151           0 :         return;
    1152             :     }
    1153             : 
    1154           2 :     refresh = dp_opt_get_int(ctx->opts, DP_OPT_DYNDNS_REFRESH_INTERVAL);
    1155           2 :     if (refresh == 0) return;
    1156           2 :     DEBUG(SSSDBG_FUNC_DATA, "Scheduling timer in %d seconds\n", refresh);
    1157             : 
    1158           2 :     tv = tevent_timeval_current_ofs(refresh, 0);
    1159           2 :     ctx->refresh_timer = tevent_add_timer(ev, ctx, tv,
    1160             :                                           be_nsupdate_timer, ctx);
    1161             : 
    1162           2 :     if (!ctx->refresh_timer) {
    1163           0 :         DEBUG(SSSDBG_MINOR_FAILURE,
    1164             :                 "Failed to add dyndns refresh timer event\n");
    1165             :     }
    1166             : }
    1167             : 
    1168             : errno_t
    1169           0 : be_nsupdate_check(void)
    1170             : {
    1171             :     errno_t ret;
    1172             :     struct stat stat_buf;
    1173             : 
    1174             :     /* Ensure that nsupdate exists */
    1175           0 :     errno = 0;
    1176           0 :     ret = stat(NSUPDATE_PATH, &stat_buf);
    1177           0 :     if (ret == -1) {
    1178           0 :         ret = errno;
    1179           0 :         if (ret == ENOENT) {
    1180           0 :             DEBUG(SSSDBG_MINOR_FAILURE,
    1181             :                   "%s does not exist. Dynamic DNS updates disabled\n",
    1182             :                   NSUPDATE_PATH);
    1183             :         } else {
    1184           0 :             DEBUG(SSSDBG_OP_FAILURE,
    1185             :                   "Could not set up dynamic DNS updates: [%d][%s]\n",
    1186             :                   ret, strerror(ret));
    1187             :         }
    1188             :     }
    1189             : 
    1190           0 :     return ret;
    1191             : }
    1192             : 
    1193             : static struct dp_option default_dyndns_opts[] = {
    1194             :     { "dyndns_update", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
    1195             :     { "dyndns_refresh_interval", DP_OPT_NUMBER, NULL_NUMBER, NULL_NUMBER },
    1196             :     { "dyndns_iface", DP_OPT_STRING, NULL_STRING, NULL_STRING },
    1197             :     { "dyndns_ttl", DP_OPT_NUMBER, { .number = 1200 }, NULL_NUMBER },
    1198             :     { "dyndns_update_ptr", DP_OPT_BOOL, BOOL_TRUE, BOOL_FALSE },
    1199             :     { "dyndns_force_tcp", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
    1200             :     { "dyndns_auth", DP_OPT_STRING, { "gss-tsig" }, NULL_STRING },
    1201             :     { "dyndns_server", DP_OPT_STRING, NULL_STRING, NULL_STRING },
    1202             : 
    1203             :     DP_OPTION_TERMINATOR
    1204             : };
    1205             : 
    1206             : errno_t
    1207           1 : be_nsupdate_init(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx,
    1208             :                  struct dp_option *defopts,
    1209             :                  struct be_nsupdate_ctx **_ctx)
    1210             : {
    1211             :     errno_t ret;
    1212             :     struct dp_option *src_opts;
    1213             :     struct be_nsupdate_ctx *ctx;
    1214             :     char *strauth;
    1215             : 
    1216           1 :     ctx = talloc_zero(mem_ctx, struct be_nsupdate_ctx);
    1217           1 :     if (ctx == NULL) return ENOMEM;
    1218             : 
    1219           1 :     src_opts = defopts ? defopts : default_dyndns_opts;
    1220             : 
    1221           1 :     ret = dp_get_options(ctx, be_ctx->cdb, be_ctx->conf_path,
    1222             :                          src_opts, DP_OPT_DYNDNS, &ctx->opts);
    1223           1 :     if (ret != EOK) {
    1224           0 :         DEBUG(SSSDBG_OP_FAILURE, "Cannot retrieve dynamic DNS options\n");
    1225           0 :         return ret;
    1226             :     }
    1227             : 
    1228           1 :     strauth = dp_opt_get_string(ctx->opts, DP_OPT_DYNDNS_AUTH);
    1229           1 :     if (strcasecmp(strauth, "gss-tsig") == 0) {
    1230           1 :         ctx->auth_type = BE_NSUPDATE_AUTH_GSS_TSIG;
    1231           0 :     } else if (strcasecmp(strauth, "none") == 0) {
    1232           0 :         ctx->auth_type = BE_NSUPDATE_AUTH_NONE;
    1233             :     } else {
    1234           0 :         DEBUG(SSSDBG_OP_FAILURE, "Uknown dyndns auth type %s\n", strauth);
    1235           0 :         return EINVAL;
    1236             :     }
    1237             : 
    1238           1 :     *_ctx = ctx;
    1239           1 :     return ERR_OK;
    1240             : }
    1241             : 
    1242           1 : errno_t be_nsupdate_init_timer(struct be_nsupdate_ctx *ctx,
    1243             :                                struct tevent_context *ev,
    1244             :                                nsupdate_timer_fn_t timer_callback,
    1245             :                                void *timer_pvt)
    1246             : {
    1247           1 :     if (ctx == NULL) return EINVAL;
    1248             : 
    1249           1 :     ctx->timer_callback = timer_callback;
    1250           1 :     ctx->timer_pvt = timer_pvt;
    1251           1 :     be_nsupdate_timer_schedule(ev, ctx);
    1252             : 
    1253           1 :     return ERR_OK;
    1254             : }
    1255             : 
    1256          10 : static bool match_ip(const struct sockaddr *sa,
    1257             :                      const struct sockaddr *sb)
    1258             : {
    1259             :     size_t addrsize;
    1260             :     bool res;
    1261             :     const void *addr_a;
    1262             :     const void *addr_b;
    1263             : 
    1264          10 :     if (sa->sa_family == AF_INET) {
    1265           9 :         addrsize = sizeof(struct in_addr);
    1266           9 :         addr_a = (const void *) &((const struct sockaddr_in *) sa)->sin_addr;
    1267           9 :         addr_b = (const void *) &((const struct sockaddr_in *) sb)->sin_addr;
    1268           1 :     } else if (sa->sa_family == AF_INET6) {
    1269           1 :         addrsize = sizeof(struct in6_addr);
    1270           1 :         addr_a = (const void *) &((const struct sockaddr_in6 *) sa)->sin6_addr;
    1271           1 :         addr_b = (const void *) &((const struct sockaddr_in6 *) sb)->sin6_addr;
    1272             :     } else {
    1273           0 :         res = false;
    1274           0 :         goto done;
    1275             :     }
    1276             : 
    1277          10 :     if (sa->sa_family != sb->sa_family) {
    1278           2 :         res = false;
    1279           2 :         goto done;
    1280             :     }
    1281             : 
    1282           8 :     res = memcmp(addr_a, addr_b, addrsize) == 0;
    1283             : 
    1284             : done:
    1285          10 :     return res;
    1286             : }
    1287             : 
    1288           7 : static errno_t find_iface_by_addr(TALLOC_CTX *mem_ctx,
    1289             :                                   const struct sockaddr *ss,
    1290             :                                   const char **_iface_name)
    1291             : {
    1292           7 :     struct ifaddrs *ifaces = NULL;
    1293             :     struct ifaddrs *ifa;
    1294             :     errno_t ret;
    1295             : 
    1296           7 :     ret = getifaddrs(&ifaces);
    1297           7 :     if (ret == -1) {
    1298           0 :         ret = errno;
    1299           0 :         DEBUG(SSSDBG_OP_FAILURE,
    1300             :               "Could not read interfaces [%d][%s]\n", ret, sss_strerror(ret));
    1301           0 :         goto done;
    1302             :     }
    1303             : 
    1304          11 :     for (ifa = ifaces; ifa != NULL; ifa = ifa->ifa_next) {
    1305             : 
    1306             :         /* Some interfaces don't have an ifa_addr */
    1307          10 :         if (!ifa->ifa_addr) continue;
    1308             : 
    1309          10 :         if (match_ip(ss, ifa->ifa_addr)) {
    1310             :             const char *iface_name;
    1311           6 :             iface_name = talloc_strdup(mem_ctx, ifa->ifa_name);
    1312           6 :             if (iface_name == NULL) {
    1313           0 :                 ret = ENOMEM;
    1314             :             } else {
    1315           6 :                 *_iface_name = iface_name;
    1316           6 :                 ret = EOK;
    1317             :             }
    1318           6 :             goto done;
    1319             :         }
    1320             :     }
    1321           1 :     ret = ENOENT;
    1322             : 
    1323             : done:
    1324           7 :     freeifaddrs(ifaces);
    1325           7 :     return ret;
    1326             : }
    1327             : 
    1328           7 : errno_t sss_get_dualstack_addresses(TALLOC_CTX *mem_ctx,
    1329             :                                     struct sockaddr *ss,
    1330             :                                     struct sss_iface_addr **_iface_addrs)
    1331             : {
    1332             :     struct sss_iface_addr *iface_addrs;
    1333           7 :     const char *iface_name = NULL;
    1334             :     TALLOC_CTX *tmp_ctx;
    1335             :     errno_t ret;
    1336             : 
    1337           7 :     tmp_ctx = talloc_new(NULL);
    1338           7 :     if (tmp_ctx == NULL) {
    1339           0 :         ret = ENOMEM;
    1340           0 :         goto done;
    1341             :     }
    1342             : 
    1343           7 :     ret = find_iface_by_addr(tmp_ctx, ss, &iface_name);
    1344           7 :     if (ret != EOK) {
    1345           1 :         DEBUG(SSSDBG_MINOR_FAILURE, "find_iface_by_addr failed: %d:[%s]\n",
    1346             :               ret, sss_strerror(ret));
    1347           1 :         goto done;
    1348             :     }
    1349             : 
    1350           6 :     ret = sss_iface_addr_list_get(tmp_ctx, iface_name, &iface_addrs);
    1351           6 :     if (ret != EOK) {
    1352           0 :         DEBUG(SSSDBG_MINOR_FAILURE,
    1353             :               "sss_iface_addr_list_get failed: %d:[%s]\n",
    1354             :               ret, sss_strerror(ret));
    1355           0 :         goto done;
    1356             :     }
    1357             : 
    1358           6 :     ret = EOK;
    1359           6 :     *_iface_addrs = talloc_steal(mem_ctx, iface_addrs);
    1360             : 
    1361             : done:
    1362           7 :     talloc_free(tmp_ctx);
    1363           7 :     return ret;
    1364             : }

Generated by: LCOV version 1.10