diff options
| author | Vince Mele <vmele@inoc.com> | 2017-12-01 19:33:51 -0600 |
|---|---|---|
| committer | Henrik Riomar <henrik.riomar@gmail.com> | 2018-07-22 23:48:52 +0200 |
| commit | 0d728f6131640b7198af4cb998eacb519d86c076 (patch) | |
| tree | 4297b64835ba0a27d994dacb62fd6759eb336b11 /testing/sssd | |
| parent | 205bd021b3c9457a989443d458379467b63218ef (diff) | |
| download | aports-0d728f6131640b7198af4cb998eacb519d86c076.tar.bz2 aports-0d728f6131640b7198af4cb998eacb519d86c076.tar.xz | |
testing/sssd: new aport
Diffstat (limited to 'testing/sssd')
| -rw-r--r-- | testing/sssd/0001-makefile.patch | 36 | ||||
| -rw-r--r-- | testing/sssd/0002-src.patch | 32 | ||||
| -rw-r--r-- | testing/sssd/0003-alpine.patch | 105 | ||||
| -rw-r--r-- | testing/sssd/APKBUILD | 114 | ||||
| -rw-r--r-- | testing/sssd/cifsidmap.h | 160 | ||||
| -rw-r--r-- | testing/sssd/nss.h | 15 | ||||
| -rw-r--r-- | testing/sssd/util.h | 683 |
7 files changed, 1145 insertions, 0 deletions
diff --git a/testing/sssd/0001-makefile.patch b/testing/sssd/0001-makefile.patch new file mode 100644 index 0000000000..5b80e74f0b --- /dev/null +++ b/testing/sssd/0001-makefile.patch @@ -0,0 +1,36 @@ +--- sssd-1.15.3/Makefile.am ++++ sssd-1.15.3-old/Makefile.am +@@ -487,6 +487,7 @@ + -I$(srcdir)/src/sss_client \ + -I$(srcdir)/src \ + -I. \ ++ -I/usr/include/nspr \ + $(POPT_CFLAGS) \ + $(TALLOC_CFLAGS) \ + $(TDB_CFLAGS) \ +@@ -2511,6 +2512,7 @@ + $(POPT_LIBS) \ + libsss_test_common.la \ + libsss_debug.la \ ++ -lintl \ + $(NULL) + + sss_nss_idmap_tests_SOURCES = \ +@@ -4053,7 +4055,8 @@ + $(TALLOC_LIBS) \ + $(POPT_LIBS) \ + $(DHASH_LIBS) \ +- $(KRB5_LIBS) ++ $(KRB5_LIBS) \ ++ -lintl + + if BUILD_SEMANAGE + selinux_child_SOURCES = \ +@@ -4127,6 +4130,7 @@ + $(POPT_LIBS) \ + $(NSS_LIBS) \ + libsss_crypt.la \ ++ -lintl \ + $(NULL) + + memberof_la_SOURCES = \ diff --git a/testing/sssd/0002-src.patch b/testing/sssd/0002-src.patch new file mode 100644 index 0000000000..5e7cbf7625 --- /dev/null +++ b/testing/sssd/0002-src.patch @@ -0,0 +1,32 @@ +Only in sssd-1.15.3-old/src/: cifsidmap.h +--- sssd-1.15.3/src/confdb/confdb.h ++++ sssd-1.15.3-old/src/confdb/confdb.h +@@ -22,6 +22,7 @@ + #ifndef _CONF_DB_H + #define _CONF_DB_H + ++#include <sys/types.h> + #include <stdbool.h> + #include <talloc.h> + #include <tevent.h> +--- sssd-1.15.3/src/util/util.h ++++ sssd-1.15.3-old/src/util/util.h +@@ -31,6 +31,7 @@ + #include <pcre.h> + #include <sys/types.h> + #include <sys/stat.h> ++#include <sys/param.h> + #include <netinet/in.h> + + #include <talloc.h> +@@ -44,6 +45,10 @@ + #include "util/util_safealign.h" + #include "util/sss_format.h" + #include "util/debug.h" ++ ++#ifndef ALLPERMS ++#define ALLPERMS (S_ISUID | S_ISGID | S_IRGRP | S_IRWXU | S_IRWXG | S_IRWXO) ++#endif + + /* name of the monitor server instance */ + #define SSSD_PIDFILE PID_PATH"/sssd.pid" diff --git a/testing/sssd/0003-alpine.patch b/testing/sssd/0003-alpine.patch new file mode 100644 index 0000000000..043975d579 --- /dev/null +++ b/testing/sssd/0003-alpine.patch @@ -0,0 +1,105 @@ +--- sssd-1.15.3/src/external/platform.m4 ++++ sssd-1.15.3-old/src/external/platform.m4 +@@ -1,5 +1,5 @@ + AC_ARG_WITH([os], +- [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo)])] ++ [AC_HELP_STRING([--with-os=OS_TYPE], [Type of your operation system (fedora|redhat|suse|gentoo|alpine)])] + ) + osname="" + if test x"$with_os" != x ; then +@@ -7,6 +7,7 @@ + test x"$with_os" = xredhat || \ + test x"$with_os" = xsuse || \ + test x"$with_os" = xgentoo || \ ++ test x"$with_os" = xalpine || \ + test x"$with_os" = xdebian ; then + osname=$with_os + else +@@ -25,6 +26,8 @@ + osname="debian" + elif test -f /etc/gentoo-release ; then + osname="gentoo" ++ elif test -f /etc/alpine-release ; then ++ osname="alpine" + fi + + AC_MSG_NOTICE([Detected operating system type: $osname]) +@@ -35,6 +38,7 @@ + AM_CONDITIONAL([HAVE_SUSE], [test x"$osname" = xsuse]) + AM_CONDITIONAL([HAVE_DEBIAN], [test x"$osname" = xdebian]) + AM_CONDITIONAL([HAVE_GENTOO], [test x"$osname" = xgentoo]) ++AM_CONDITIONAL([HAVE_ALPINE], [test x"$osname" = xalpine]) + + AC_CHECK_MEMBERS([struct ucred.pid, struct ucred.uid, struct ucred.gid], , , + [[#include <sys/socket.h>]]) +--- sssd-1.15.3/Makefile.am ++++ sssd-1.15.3-old/Makefile.am +@@ -4423,12 +4419,16 @@ + init_SCRIPTS += \ + src/sysv/gentoo/sssd + else ++if HAVE_ALPINE + init_SCRIPTS += \ ++ src/sysv/alpine/sssd ++else ++ init_SCRIPTS += \ + src/sysv/sssd + endif + endif + endif +- ++endif + + dist_sssddata_DATA = \ + src/config/etc/sssd.api.conf \ +--- sssd-1.15.3-old/configure.ac ++++ sssd-1.15.3/configure.ac +@@ -491,7 +491,7 @@ + + AC_CONFIG_FILES([Makefile contrib/sssd.spec src/examples/rwtab src/doxy.config + contrib/sssd-pcsc.rules +- src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd ++ src/sysv/sssd src/sysv/gentoo/sssd src/sysv/SUSE/sssd src/sysv/alpine/sssd + po/Makefile.in src/man/Makefile src/tests/cwrap/Makefile + src/tests/intg/Makefile + src/lib/ipa_hbac/ipa_hbac.pc src/lib/ipa_hbac/ipa_hbac.doxy +--- /dev/null ++++ sssd-1.15.3/src/sysv/alpine/sssd +@@ -0,0 +1,17 @@ ++#!/sbin/openrc-run ++ ++depend(){ ++ need localmount netmount clock ++} ++ ++start(){ ++ ebegin "Starting sssd" ++ start-stop-daemon --start --exec ${exec_prefix}/usr/sbin/sssd -- -Df ${SSSD_OPTIONS} ++ eend ${?} ++} ++ ++stop(){ ++ ebegin "Stopping sssd" ++ start-stop-daemon --stop --pidfile ${prefix}/var/run/sssd.pid ++ eend ${?} ++} +--- /dev/null ++++ sssd-1.15.3/src/sysv/alpine/sssd.in +@@ -0,0 +1,17 @@ ++#!/sbin/openrc-run ++ ++depend(){ ++ need localmount netmount clock ++} ++ ++start(){ ++ ebegin "Starting sssd" ++ start-stop-daemon --start --exec ${exec_prefix}/usr/sbin/sssd -- -Df ${SSSD_OPTIONS} ++ eend ${?} ++} ++ ++stop(){ ++ ebegin "Stopping sssd" ++ start-stop-daemon --stop --pidfile ${prefix}/var/run/sssd.pid ++ eend ${?} ++} diff --git a/testing/sssd/APKBUILD b/testing/sssd/APKBUILD new file mode 100644 index 0000000000..4acae9cbb9 --- /dev/null +++ b/testing/sssd/APKBUILD @@ -0,0 +1,114 @@ +# Contributor: Vince Mele <vmele@inoc.com> +# Maintainer: Vince Mele <vmele@inoc.com> +pkgname=sssd +pkgver=1.15.3 +pkgrel=0 +pkgdesc="System Security Services Daemon" +url="https://pagure.io/SSSD/sssd" +arch="all" +license="GPL3" +depends="bind \ + c-ares \ + curl \ + cyrus-sasl-gssapi \ + ding-libs \ + http-parser \ + jansson \ + libnl \ + libunistring \ + nss \ + " +makedepends="autoconf \ + gettext-dev \ + automake \ + libtool \ + popt-dev \ + talloc-dev \ + tdb-dev \ + tevent-dev \ + cmocka \ + ldb-dev \ + ding-libs \ + linux-pam-dev \ + pcre-dev \ + c-ares-dev \ + bind-tools \ + http-parser-dev \ + curl-dev \ + jansson-dev \ + glib-dev \ + dbus-dev \ + libxslt \ + libxml2-utils \ + docbook-xsl \ + python2-dev \ + python3-dev \ + nss-dev \ + openldap-dev \ + krb5-dev \ + keyutils-dev \ + check \ + " +install="" +subpackages="" +source="https://releases.pagure.org/SSSD/$pkgname/$pkgname-$pkgver.tar.gz \ + 0001-makefile.patch \ + 0002-src.patch \ + 0003-alpine.patch \ + nss.h cifsidmap.h " +builddir="$srcdir/$pkgname-$pkgver" + +prepare() { + default_prepare +} + +build() { + cd "$builddir" + cp $srcdir/nss.h $srcdir/cifsidmap.h $builddir/src/ + autoreconf -i + ./configure \ + --prefix=/usr \ + --exec-prefix=/usr/sbin \ + --sbindir=/usr/sbin \ + --sysconfdir=/etc \ + --localstatedir=/var \ + --libexecdir=/usr/lib/sssd \ + --datadir=/usr/share \ + --enable-pammoddir=/usr/lib/security \ + --with-pid-path=/run \ + --with-initscript=sysv \ + --with-init-dir=/etc/init.d \ + --with-os=alpine \ + --without-selinux \ + --without-semanage \ + --without-autofs \ + --without-ssh \ + --without-sudo \ + --without-samba \ + --without-nfsv4-idmapd-plugin \ + --without-manpages \ + --disable-cifs-idmap-plugin + + make +} + +check() { + cd "$builddir" +} + +package() { + cd "$builddir" + make DESTDIR=$pkgdir install + + rm -rf "$pkgdir"/usr/share + rm -rf "$pkgdir"/lib + rm -rf "$pkgdir"/run + rm -rf "$pkgdir"/usr/lib/ldb/modules/ldb/memberof.la +} + +sha512sums="92478205ee1b1cebc3d35b733576180db51cee8cc84d0c2cb78386924ffa90ae355b6ad9b7b51e5e5f5a7a4588764d1c7afb0673c035b1fe9b1a283beb79a428 sssd-1.15.3.tar.gz +4e5c44bb686144178522a35db85c6eb8979a3dcb328296828e11c9cc84beaa63649ed9402f07d09cee40cc550ab5b768902758c0eb292cc3569a59f9d5ab5ca8 0001-makefile.patch +70284f0820e958c1c091d554cb2dd302f210935fb191deb71af510c52c402d52298143e05dfa161eecf89885d3c2569a4a0c536480971becd4d50a7d5adf3ffa 0002-src.patch +300c1f6750054f61201e0952642f533aa5f572c208fc4f8317b89ec6731734680bf771bd37664e5f907fb30a713ace4b26aad9b6da2245a5cc10f9f0af878246 0003-alpine.patch +5abb1ffd1302eaa25736404ae148c0ffdeb7ce42fa2745be3436e887a2aa96b9620287f19b2790cb59cbccc2c04a9dee1adec4fa8e813d322cde82793500e33b nss.h +b88d4f1ba847477783b43542f1248881d4fb8e8a0d4165c65c358fcb442891d2cc7c96b05e2a8e7c05fdc17ecd76f16295c1ffac3f1c9bfd0375c5e65e56201d cifsidmap.h" diff --git a/testing/sssd/cifsidmap.h b/testing/sssd/cifsidmap.h new file mode 100644 index 0000000000..e13083b199 --- /dev/null +++ b/testing/sssd/cifsidmap.h @@ -0,0 +1,160 @@ +/* + * ID Mapping Plugin interface for cifs-utils + * Copyright (C) 2012 Jeff Layton (jlayton@samba.org) + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see <http://www.gnu.org/licenses/>. + */ +#include <stdint.h> + +#include <sys/types.h> + +#ifndef _CIFSIDMAP_H +#define _CIFSIDMAP_H + +#define NUM_AUTHS (6) /* number of authority fields */ +#define SID_MAX_SUB_AUTHORITIES (15) /* max number of sub authority fields */ + +/* + * Binary representation of a SID as presented to/from the kernel. Note that + * the sub_auth field is always stored in little-endian here. + */ +struct cifs_sid { + uint8_t revision; /* revision level */ + uint8_t num_subauth; + uint8_t authority[NUM_AUTHS]; + uint32_t sub_auth[SID_MAX_SUB_AUTHORITIES]; +} __attribute__((packed)); + + +/* + * The type of the ID stored within cifs_uxid. UNKNOWN generally means that + * the mapping failed for some reason. BOTH means that the ID is usable as + * either a UID or a GID -- IOW, the UID and GID namespaces are unity-mapped. + */ +#define CIFS_UXID_TYPE_UNKNOWN (0) /* mapping type is unknown */ +#define CIFS_UXID_TYPE_UID (1) /* mapping is a UID */ +#define CIFS_UXID_TYPE_GID (2) /* mapping is a GID */ +#define CIFS_UXID_TYPE_BOTH (3) /* usable as UID or GID */ + +/* This struct represents a uid or gid and its type */ +struct cifs_uxid { + union { + uid_t uid; + gid_t gid; + } id; + unsigned char type; +} __attribute__((packed)); + +/* + * Plugins should implement the following functions: + */ + +/** + * cifs_idmap_init_plugin - Initialize the plugin interface + * @handle - return pointer for an opaque handle + * @errmsg - pointer to error message pointer + * + * This function should do whatever is required to establish a context + * for later ID mapping operations. The "handle" is an opaque context + * cookie that will be passed in on subsequent ID mapping operations. + * The errmsg is used to pass back an error string both during the init + * and in subsequent idmapping functions. On any error, the plugin + * should point *errmsg at a string describing that error. Returns 0 + * on success and non-zero on error. + */ +extern int cifs_idmap_init_plugin(void **handle, const char **errmsg); + +/** + * cifs_idmap_exit_plugin - Destroy an idmapping context + * @handle - context handle that should be destroyed + * + * When programs are finished with the idmapping plugin, they'll call + * this function to destroy any context that was created during the + * init_plugin. The handle passed back in was the one given by the init + * routine. + */ +extern void cifs_idmap_exit_plugin(void *handle); + +/** + * cifs_idmap_sid_to_str - convert cifs_sid to a string + * @handle - context handle + * @sid - pointer to a cifs_sid + * @name - return pointer for the name + * + * This function should convert the given cifs_sid to a string + * representation or mapped name in a heap-allocated buffer. The caller + * of this function is expected to free "name" on success. Returns 0 on + * success and non-zero on error. On error, the errmsg pointer passed + * in to the init_plugin function should point to an error string. The + * caller will not free the error string. + */ +extern int cifs_idmap_sid_to_str(void *handle, const struct cifs_sid *sid, + char **name); + +/** + * cifs_idmap_str_to_sid - convert string to struct cifs_sid + * @handle - context handle + * @name - pointer to name string to be converted + * @sid - pointer to struct cifs_sid where result should go + * + * This function converts a name string or string representation of + * a SID to a struct cifs_sid. The cifs_sid should already be + * allocated. Returns 0 on success and non-zero on error. On error, the + * plugin should reset the errmsg pointer passed to the init_plugin + * function to an error string. The caller will not free the error string. + */ +extern int cifs_idmap_str_to_sid(void *handle, const char *name, + struct cifs_sid *sid); + +/** + * cifs_idmap_sids_to_ids - convert struct cifs_sids to struct cifs_uxids + * @handle - context handle + * @sid - pointer to array of struct cifs_sids to be converted + * @num - number of sids to be converted + * @cuxid - pointer to preallocated array of struct cifs_uxids for return + * + * This function should map an array of struct cifs_sids to an array of + * struct cifs_uxids. + * + * Returns 0 if at least one conversion was successful and non-zero on error. + * Any that were not successfully converted will have a cuxid->type of + * CIFS_UXID_TYPE_UNKNOWN. + * + * On any error, the plugin should reset the errmsg pointer passed to the + * init_plugin function to an error string. The caller will not free the error + * string. + */ +extern int cifs_idmap_sids_to_ids(void *handle, const struct cifs_sid *sid, + const size_t num, struct cifs_uxid *cuxid); + +/** + * cifs_idmap_ids_to_sids - convert uid to struct cifs_sid + * @handle - context handle + * @cuxid - pointer to array of struct cifs_uxid to be converted to SIDs + * @num - number of cifs_uxids to be converted to SIDs + * @sid - pointer to preallocated array of struct cifs_sid where results + * should be stored + * + * This function should map an array of cifs_uxids an array of struct cifs_sids. + * Returns 0 if at least one conversion was successful and non-zero on error. + * Any sids that were not successfully converted should have their revision + * number set to 0. + * + * On any error, the plugin should reset the errmsg pointer passed to the + * init_plugin function to an error string. The caller will not free the error + * string. + */ +extern int cifs_idmap_ids_to_sids(void *handle, const struct cifs_uxid *cuxid, + const size_t num, struct cifs_sid *sid); +#endif /* _CIFSIDMAP_H */ diff --git a/testing/sssd/nss.h b/testing/sssd/nss.h new file mode 100644 index 0000000000..e15ee3ee34 --- /dev/null +++ b/testing/sssd/nss.h @@ -0,0 +1,15 @@ +#ifndef NSS__H +#define NSS__H + +#include <nss/nss.h> + +enum nss_status +{ + NSS_STATUS_TRYAGAIN = -2, + NSS_STATUS_UNAVAIL = -1, + NSS_STATUS_NOTFOUND = 0, + NSS_STATUS_SUCCESS = 1, + NSS_STATUS_RETURN = 2 +}; + +#endif diff --git a/testing/sssd/util.h b/testing/sssd/util.h new file mode 100644 index 0000000000..934fae37df --- /dev/null +++ b/testing/sssd/util.h @@ -0,0 +1,683 @@ +/* + Authors: + Simo Sorce <ssorce@redhat.com> + + Copyright (C) 2009 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef __SSSD_UTIL_H__ +#define __SSSD_UTIL_H__ + +#include "config.h" +#include <stdio.h> +#include <stdint.h> +#include <stdbool.h> +#include <libintl.h> +#include <locale.h> +#include <time.h> +#include <pcre.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <netinet/in.h> + +#include <talloc.h> +#include <tevent.h> +#include <ldb.h> +#include <dhash.h> + +#include "confdb/confdb.h" +#include "util/atomic_io.h" +#include "util/util_errors.h" +#include "util/util_safealign.h" +#include "util/sss_format.h" +#include "util/debug.h" + +/* name of the monitor server instance */ +#define SSSD_PIDFILE PID_PATH"/sssd.pid" +#define MAX_PID_LENGTH 10 + +#define _(STRING) gettext (STRING) + +#define ENUM_INDICATOR "*" + +#define CLEAR_MC_FLAG "clear_mc_flag" + +/** Default secure umask */ +#define SSS_DFL_UMASK 0177 + +/** Secure mask with executable bit */ +#define SSS_DFL_X_UMASK 0077 + +#ifndef NULL +#define NULL 0 +#endif + +#define ZERO_STRUCT(x) memset((char *)&(x), 0, sizeof(x)) + +#define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS + +#define SSSD_SERVER_OPTS(uid, gid) \ + {"uid", 0, POPT_ARG_INT, &uid, 0, \ + _("The user ID to run the server as"), NULL}, \ + {"gid", 0, POPT_ARG_INT, &gid, 0, \ + _("The group ID to run the server as"), NULL}, + +extern int socket_activated; +extern int dbus_activated; + +#ifdef HAVE_SYSTEMD +#define SSSD_RESPONDER_OPTS \ + { "socket-activated", 0, POPT_ARG_NONE, &socket_activated, 0, \ + _("Informs that the responder has been socket-activated"), NULL }, \ + { "dbus-activated", 0, POPT_ARG_NONE, &dbus_activated, 0, \ + _("Informs that the responder has been dbus-activated"), NULL }, +#else +#define SSSD_RESPONDER_OPTS +#endif + +#define FLAGS_NONE 0x0000 +#define FLAGS_DAEMON 0x0001 +#define FLAGS_INTERACTIVE 0x0002 +#define FLAGS_PID_FILE 0x0004 +#define FLAGS_GEN_CONF 0x0008 +#define FLAGS_NO_WATCHDOG 0x0010 + +#define PIPE_INIT { -1, -1 } + +#define PIPE_FD_CLOSE(fd) do { \ + if (fd != -1) { \ + close(fd); \ + fd = -1; \ + } \ +} while(0); + +#define PIPE_CLOSE(p) do { \ + PIPE_FD_CLOSE(p[0]); \ + PIPE_FD_CLOSE(p[1]); \ +} while(0); + +#ifndef talloc_zfree +#define talloc_zfree(ptr) do { talloc_free(discard_const(ptr)); ptr = NULL; } while(0) +#endif + +#ifndef discard_const_p +#if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T) +# define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr))) +#else +# define discard_const_p(type, ptr) ((type *)(ptr)) +#endif +#endif + +#define TEVENT_REQ_RETURN_ON_ERROR(req) do { \ + enum tevent_req_state TRROEstate; \ + uint64_t TRROEuint64; \ + errno_t TRROEerr; \ + \ + if (tevent_req_is_error(req, &TRROEstate, &TRROEuint64)) { \ + TRROEerr = (errno_t)TRROEuint64; \ + if (TRROEstate == TEVENT_REQ_USER_ERROR) { \ + if (TRROEerr == 0) { \ + return ERR_INTERNAL; \ + } \ + return TRROEerr; \ + } \ + return ERR_INTERNAL; \ + } \ +} while (0) + +#define OUT_OF_ID_RANGE(id, min, max) \ + (id == 0 || (min && (id < min)) || (max && (id > max))) + +#include "util/dlinklist.h" + +/* From debug.c */ +void ldb_debug_messages(void *context, enum ldb_debug_level level, + const char *fmt, va_list ap); +int chown_debug_file(const char *filename, uid_t uid, gid_t gid); +int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec); +int open_debug_file(void); +int rotate_debug_files(void); +void talloc_log_fn(const char *msg); + +/* From sss_log.c */ +#define SSS_LOG_EMERG 0 /* system is unusable */ +#define SSS_LOG_ALERT 1 /* action must be taken immediately */ +#define SSS_LOG_CRIT 2 /* critical conditions */ +#define SSS_LOG_ERR 3 /* error conditions */ +#define SSS_LOG_WARNING 4 /* warning conditions */ +#define SSS_LOG_NOTICE 5 /* normal but significant condition */ +#define SSS_LOG_INFO 6 /* informational */ +#define SSS_LOG_DEBUG 7 /* debug-level messages */ + +void sss_log(int priority, const char *format, ...) SSS_ATTRIBUTE_PRINTF(2, 3); +void sss_log_ext(int priority, int facility, const char *format, ...) SSS_ATTRIBUTE_PRINTF(3, 4); + +/* from server.c */ +struct main_context { + struct tevent_context *event_ctx; + struct confdb_ctx *confdb_ctx; + pid_t parent_pid; +}; + +errno_t server_common_rotate_logs(struct confdb_ctx *confdb, + const char *conf_entry); +int die_if_parent_died(void); +int pidfile(const char *path, const char *name); +int server_setup(const char *name, int flags, + uid_t uid, gid_t gid, + const char *conf_entry, + struct main_context **main_ctx); +void server_loop(struct main_context *main_ctx); +void orderly_shutdown(int status); + +/* from signal.c */ +void BlockSignals(bool block, int signum); +void (*CatchSignal(int signum,void (*handler)(int )))(int); + +/* from memory.c */ +typedef int (void_destructor_fn_t)(void *); + +struct mem_holder { + void *mem; + void_destructor_fn_t *fn; +}; + +void *sss_mem_attach(TALLOC_CTX *mem_ctx, + void *ptr, + void_destructor_fn_t *fn); + +int password_destructor(void *memctx); + +/* from usertools.c */ +char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name); + +struct sss_names_ctx { + char *re_pattern; + char *fq_fmt; + + pcre *re; +}; + +/* initialize sss_names_ctx directly from arguments */ +int sss_names_init_from_args(TALLOC_CTX *mem_ctx, + const char *re_pattern, + const char *fq_fmt, + struct sss_names_ctx **out); + +/* initialize sss_names_ctx from domain configuration */ +int sss_names_init(TALLOC_CTX *mem_ctx, + struct confdb_ctx *cdb, + const char *domain, + struct sss_names_ctx **out); + +int sss_ad_default_names_ctx(TALLOC_CTX *mem_ctx, + struct sss_names_ctx **_out); + +int sss_parse_name(TALLOC_CTX *memctx, + struct sss_names_ctx *snctx, + const char *orig, char **_domain, char **_name); + +int sss_parse_name_for_domains(TALLOC_CTX *memctx, + struct sss_domain_info *domains, + const char *default_domain, + const char *orig, char **domain, char **name); + +char * +sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name, + bool case_sensitive); + +errno_t +sss_get_cased_name_list(TALLOC_CTX *mem_ctx, const char * const *orig, + bool case_sensitive, const char ***_cased); + +/* Return fully-qualified name according to the fq_fmt. The name is allocated using + * talloc on top of mem_ctx + */ +char * +sss_tc_fqname(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, + struct sss_domain_info *domain, const char *name); + +/* Return fully-qualified name according to the fq_fmt. The name is allocated using + * talloc on top of mem_ctx. In contrast to sss_tc_fqname() sss_tc_fqname2() + * expects the domain and flat domain name as separate arguments. + */ +char * +sss_tc_fqname2(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, + const char *dom_name, const char *flat_dom_name, + const char *name); + +/* Return fully-qualified name formatted according to the fq_fmt. The buffer in "str" is + * "size" bytes long. Returns the number of bytes written on success or a negative + * value of failure. + * + * Pass a zero size to calculate the length that would be needed by the fully-qualified + * name. + */ +int +sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx, + struct sss_domain_info *domain, const char *name); + + +/* Accepts fqname in the format shortname@domname only. */ +errno_t sss_parse_internal_fqname(TALLOC_CTX *mem_ctx, + const char *fqname, + char **_shortname, + char **_dom_name); + +/* Creates internal fqname in format shortname@domname. + * The domain portion is lowercased. */ +char *sss_create_internal_fqname(TALLOC_CTX *mem_ctx, + const char *shortname, + const char *dom_name); + +/* Creates internal fqnames list in format shortname@domname. + * The domain portion is lowercased. */ +char **sss_create_internal_fqname_list(TALLOC_CTX *mem_ctx, + const char * const *shortname_list, + const char *dom_name); + +/* Turn fqname into cased shortname with replaced space. */ +char *sss_output_name(TALLOC_CTX *mem_ctx, + const char *fqname, + bool case_sensitive, + const char replace_space); + +int sss_output_fqname(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name, + char override_space, + char **_output_name); + +const char *sss_get_name_from_msg(struct sss_domain_info *domain, + struct ldb_message *msg); + +/* from backup-file.c */ +int backup_file(const char *src, int dbglvl); + +/* check_file() + * Verify that a file has certain permissions and/or is of a certain + * file type. This function can be used to determine if a file is a + * symlink. + * Warning: use of this function implies a potential race condition + * Opening a file before or after checking it does NOT guarantee that + * it is still the same file. Additional checks should be performed + * on the caller_stat_buf to ensure that it has the same device and + * inode to minimize impact. Permission changes may have occurred, + * however. + */ +errno_t check_file(const char *filename, + uid_t uid, gid_t gid, mode_t mode, mode_t mask, + struct stat *caller_stat_buf, bool follow_symlink); + +/* check_fd() + * Verify that an open file descriptor has certain permissions and/or + * is of a certain file type. This function CANNOT detect symlinks, + * as the file is already open and symlinks have been traversed. This + * is the safer way to perform file checks and should be preferred + * over check_file for nearly all situations. + */ +errno_t check_fd(int fd, uid_t uid, gid_t gid, + mode_t mode, mode_t mask, + struct stat *caller_stat_buf); + +/* check_and_open_readonly() + * Utility function to open a file and verify that it has certain + * permissions and is of a certain file type. This function wraps + * check_fd(), and is considered race-condition safe. + */ +errno_t check_and_open_readonly(const char *filename, int *fd, + uid_t uid, gid_t gid, + mode_t mode, mode_t mask); + +/* from util.c */ +#define SSS_NO_LINKLOCAL 0x01 +#define SSS_NO_LOOPBACK 0x02 +#define SSS_NO_MULTICAST 0x04 +#define SSS_NO_BROADCAST 0x08 + +#define SSS_NO_SPECIAL \ + (SSS_NO_LINKLOCAL|SSS_NO_LOOPBACK|SSS_NO_MULTICAST|SSS_NO_BROADCAST) + +/* These two functions accept addr in network order */ +bool check_ipv4_addr(struct in_addr *addr, uint8_t check); +bool check_ipv6_addr(struct in6_addr *addr, uint8_t check); + +const char * const * get_known_services(void); + +errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid); + +int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, + const char sep, bool trim, bool skip_empty, + char ***_list, int *size); + +char **parse_args(const char *str); + +struct cert_verify_opts { + bool do_ocsp; + bool do_verification; + char *ocsp_default_responder; + char *ocsp_default_responder_signing_cert; +}; + +errno_t parse_cert_verify_opts(TALLOC_CTX *mem_ctx, const char *verify_opts, + struct cert_verify_opts **cert_verify_opts); + +errno_t sss_hash_create(TALLOC_CTX *mem_ctx, + unsigned long count, + hash_table_t **tbl); + +errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx, + unsigned long count, + hash_table_t **tbl, + unsigned int directory_bits, + unsigned int segment_bits, + unsigned long min_load_factor, + unsigned long max_load_factor, + hash_delete_callback *delete_callback, + void *delete_private_data); + +/* Returns true if sudoUser value is a username or a groupname */ +bool is_user_or_group_name(const char *sudo_user_value); + +/* Returns true if the responder has been socket-activated */ +bool is_socket_activated(void); + +/* Returns true if the responder has been dbus-activated */ +bool is_dbus_activated(void); + +/** + * @brief Add two list of strings + * + * Create a new NULL-termintated list of strings by adding two lists together. + * + * @param[in] mem_ctx Talloc memory context for the new list. + * @param[in] l1 First NULL-termintated list of strings. + * @param[in] l2 Second NULL-termintated list of strings. + * @param[in] copy_strings If set to 'true' the list items will be copied + * otherwise only the pointers to the items are + * copied. + * @param[out] new_list New NULL-terminated list of strings. Must be freed + * with talloc_free() by the caller. If copy_strings + * is 'true' the new elements will be freed as well. + */ +errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, + bool copy_strings, char ***_new_list); + +/** + * @brief set file descriptor as nonblocking + * + * Set the O_NONBLOCK flag for the input fd + * + * @param[in] fd The file descriptor to set as nonblocking + * + * @return EOK on success, errno code otherwise + */ +errno_t sss_fd_nonblocking(int fd); + +/* Copy a NULL-terminated string list + * Returns NULL on out of memory error or invalid input + */ +const char **dup_string_list(TALLOC_CTX *memctx, const char **str_list); + +/* Take two string lists (terminated on a NULL char*) + * and return up to three arrays of strings based on + * shared ownership. + * + * Pass NULL to any return type you don't care about + */ +errno_t diff_string_lists(TALLOC_CTX *memctx, + char **string1, + char **string2, + char ***string1_only, + char ***string2_only, + char ***both_strings); + +/* Sanitize an input string (e.g. a username) for use in + * an LDAP/LDB filter + * Returns a newly-constructed string attached to mem_ctx + * It will fail only on an out of memory condition, where it + * will return ENOMEM. + */ +errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, + const char *input, + char **sanitized); + +errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx, + const char *input, + char **sanitized, + const char *ignore); + +errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx, + const char *input, + struct sss_domain_info *dom, + char **sanitized, + char **lc_sanitized); + +char * +sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr); + +/* This function only removes first and last + * character if the first character was '['. + * + * NOTE: This means, that ipv6addr must NOT be followed + * by port number. + */ +errno_t +remove_ipv6_brackets(char *ipv6addr); + + +errno_t add_string_to_list(TALLOC_CTX *mem_ctx, const char *string, + char ***list_p); + +bool string_in_list(const char *string, char **list, bool case_sensitive); + +/** + * @brief Safely zero a segment of memory, + * prevents the compiler from optimizing out + * + * @param data The address of buffer to wipe + * @param size Size of the buffer + */ +void safezero(void *data, size_t size); + +int domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn); + +bool is_host_in_domain(const char *host, const char *domain); + +/* from nscd.c */ +enum nscd_db { + NSCD_DB_PASSWD, + NSCD_DB_GROUP +}; + +int flush_nscd_cache(enum nscd_db flush_db); + +errno_t sss_nscd_parse_conf(const char *conf_path); + +/* from sss_tc_utf8.c */ +char * +sss_tc_utf8_str_tolower(TALLOC_CTX *mem_ctx, const char *s); +uint8_t * +sss_tc_utf8_tolower(TALLOC_CTX *mem_ctx, const uint8_t *s, size_t len, size_t *_nlen); +bool sss_string_equal(bool cs, const char *s1, const char *s2); + +/* len includes terminating '\0' */ +struct sized_string { + const char *str; + size_t len; +}; + +void to_sized_string(struct sized_string *out, const char *in); + +/* from domain_info.c */ +struct sss_domain_info *get_domains_head(struct sss_domain_info *domain); + +#define SSS_GND_DESCEND 0x01 +#define SSS_GND_INCLUDE_DISABLED 0x02 +#define SSS_GND_ALL_DOMAINS (SSS_GND_DESCEND | SSS_GND_INCLUDE_DISABLED) +struct sss_domain_info *get_next_domain(struct sss_domain_info *domain, + uint32_t gnd_flags); +struct sss_domain_info *find_domain_by_name(struct sss_domain_info *domain, + const char *name, + bool match_any); +struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain, + const char *sid); +enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom); +void sss_domain_set_state(struct sss_domain_info *dom, + enum sss_domain_state state); +bool is_email_from_domain(const char *email, struct sss_domain_info *dom); +bool sss_domain_is_forest_root(struct sss_domain_info *dom); +const char *sss_domain_type_str(struct sss_domain_info *dom); + +struct sss_domain_info* +sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain, + const char* sid); + +struct sss_domain_info * +find_domain_by_object_name(struct sss_domain_info *domain, + const char *object_name); + +bool subdomain_enumerates(struct sss_domain_info *parent, + const char *sd_name); + +char *subdomain_create_conf_path(TALLOC_CTX *mem_ctx, + struct sss_domain_info *subdomain); + +errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, + struct confdb_ctx *cdb, + const char *domain_name, + const char *db_path, + struct sss_domain_info **_domain); + +void sss_domain_info_set_output_fqnames(struct sss_domain_info *domain, + bool output_fqname); + +bool sss_domain_info_get_output_fqnames(struct sss_domain_info *domain); + +#define IS_SUBDOMAIN(dom) ((dom)->parent != NULL) + +#define DOM_HAS_VIEWS(dom) ((dom)->has_views) + +/* the directory domain - realm mappings and other krb5 config snippers are + * written to */ +#define KRB5_MAPPING_DIR PUBCONF_PATH"/krb5.include.d" + +errno_t sss_get_domain_mappings_content(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + char **content); + +errno_t sss_write_domain_mappings(struct sss_domain_info *domain); + +errno_t sss_write_krb5_conf_snippet(const char *path, bool canonicalize); + +errno_t get_dom_names(TALLOC_CTX *mem_ctx, + struct sss_domain_info *start_dom, + char ***_dom_names, + int *_dom_names_count); + +/* from util_lock.c */ +errno_t sss_br_lock_file(int fd, size_t start, size_t len, + int num_tries, useconds_t wait); +#include "io.h" + +#ifdef HAVE_PAC_RESPONDER +#define BUILD_WITH_PAC_RESPONDER true +#else +#define BUILD_WITH_PAC_RESPONDER false +#endif + +/* from well_known_sids.c */ +errno_t well_known_sid_to_name(const char *sid, const char **dom, + const char **name); + +errno_t name_to_well_known_sid(const char *dom, const char *name, + const char **sid); + +/* from string_utils.c */ +char *sss_replace_char(TALLOC_CTX *mem_ctx, + const char *in, + const char match, + const char sub); + +char * sss_replace_space(TALLOC_CTX *mem_ctx, + const char *orig_name, + const char replace_char); +char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx, + const char *orig_name, + const char replace_char); + +#define GUID_BIN_LENGTH 16 +/* 16 2-digit hex values + 4 dashes + terminating 0 */ +#define GUID_STR_BUF_SIZE (2 * GUID_BIN_LENGTH + 4 + 1) + +errno_t guid_blob_to_string_buf(const uint8_t *blob, char *str_buf, + size_t buf_size); + +const char *get_last_x_chars(const char *str, size_t x); + +char **concatenate_string_array(TALLOC_CTX *mem_ctx, + char **arr1, size_t len1, + char **arr2, size_t len2); + +/* from become_user.c */ +errno_t become_user(uid_t uid, gid_t gid); +struct sss_creds; +errno_t switch_creds(TALLOC_CTX *mem_ctx, + uid_t uid, gid_t gid, + int num_gids, gid_t *gids, + struct sss_creds **saved_creds); +errno_t restore_creds(struct sss_creds *saved_creds); + +/* from sss_semanage.c */ +/* Please note that libsemange relies on files and directories created with + * certain permissions. Therefore the caller should make sure the umask is + * not too restricted (especially when called from the daemon code). + */ +int set_seuser(const char *login_name, const char *seuser_name, + const char *mlsrange); +int del_seuser(const char *login_name); +int get_seuser(TALLOC_CTX *mem_ctx, const char *login_name, + char **_seuser, char **_mls_range); + +/* convert time from generalized form to unix time */ +errno_t sss_utc_to_time_t(const char *str, const char *format, time_t *unix_time); + +/* Creates a unique file using mkstemp with provided umask. The template + * must end with XXXXXX. Returns the fd, sets _err to an errno value on error. + * + * Prefer using sss_unique_file() as it uses a secure umask internally. + */ +int sss_unique_file_ex(TALLOC_CTX *mem_ctx, + char *path_tmpl, + mode_t file_umask, + errno_t *_err); +int sss_unique_file(TALLOC_CTX *owner, + char *path_tmpl, + errno_t *_err); + +/* Creates a unique filename using mkstemp with secure umask. The template + * must end with XXXXXX + * + * path_tmpl must be a talloc context. Destructor would be set on the filename + * so that it's guaranteed the file is removed. + */ +int sss_unique_filename(TALLOC_CTX *owner, char *path_tmpl); + +/* from util_watchdog.c */ +int setup_watchdog(struct tevent_context *ev, int interval); +void teardown_watchdog(void); + +#endif /* __SSSD_UTIL_H__ */ |