Hi, another cherry-pick mail, this time with the IFP responder. Only the first patch had to be amended in the conf_macros.m4 and confdb.h files.
>From 1f5aef524fe51e572b882c744cb8b483b4aed38b Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Wed, 2 Oct 2013 14:59:35 +0200 Subject: [PATCH 1/3] IFP: Re-add the InfoPipe server Related: https://fedorahosted.org/sssd/ticket/2072 This commit only adds the responder and the needed plumbing. No DBus related code is in yet. (cherry picked from commit cb4d5b588e704114b7090678752d33512baa718e) Conflicts: src/conf_macros.m4 src/confdb/confdb.h --- Makefile.am | 19 +++ configure.ac | 1 + contrib/sssd.spec.in | 17 +++ src/conf_macros.m4 | 16 +++ src/confdb/confdb.h | 3 + src/man/Makefile.am | 9 +- src/man/include/seealso.xml | 6 + src/man/sssd-ifp.5.xml | 46 +++++++ src/man/sssd.conf.5.xml | 1 + src/monitor/monitor.c | 2 +- src/providers/data_provider_be.c | 2 + src/providers/dp_backend.h | 1 + src/responder/common/responder.h | 1 + src/responder/common/responder_sbus.h | 3 + src/responder/ifp/ifp_private.h | 35 ++++++ src/responder/ifp/ifpsrv.c | 227 ++++++++++++++++++++++++++++++++++ src/responder/ifp/ifpsrv_cmd.c | 32 +++++ 17 files changed, 419 insertions(+), 2 deletions(-) create mode 100644 src/man/sssd-ifp.5.xml create mode 100644 src/responder/ifp/ifp_private.h create mode 100644 src/responder/ifp/ifpsrv.c create mode 100644 src/responder/ifp/ifpsrv_cmd.c diff --git a/Makefile.am b/Makefile.am index 79ab0fda5abb2612ce69388351b1225c154404ad..7b756c670f59e30a1e0a07d12b0734faf7c14146 100644 --- a/Makefile.am +++ b/Makefile.am @@ -107,6 +107,10 @@ endif if BUILD_SSH sssdlibexec_PROGRAMS += sssd_ssh endif +if BUILD_IFP +sssdlibexec_PROGRAMS += sssd_ifp +endif + if BUILD_PAC_RESPONDER sssdlibexec_PROGRAMS += sssd_pac @@ -305,6 +309,7 @@ AM_CPPFLAGS = \ -DSSS_SUDO_SOCKET_NAME=\"$(pipepath)/sudo\" \ -DSSS_AUTOFS_SOCKET_NAME=\"$(pipepath)/autofs\" \ -DSSS_SSH_SOCKET_NAME=\"$(pipepath)/ssh\" \ + -DSSS_IFP_SOCKET_NAME=\"$(pipepath)/ifp\" \ -DLOCALEDIR=\"$(localedir)\" EXTRA_DIST = build/config.rpath @@ -441,6 +446,7 @@ dist_noinst_HEADERS = \ src/responder/sudo/sudosrv_private.h \ src/responder/autofs/autofs_private.h \ src/responder/ssh/sshsrv_private.h \ + src/responder/ifp/ifp_private.h \ src/sbus/sbus_client.h \ src/sbus/sssd_dbus.h \ src/sbus/sssd_dbus_meta.h \ @@ -772,6 +778,19 @@ sssd_pac_LDADD = \ libsss_idmap.la \ $(SSSD_INTERNAL_LTLIBS) +if BUILD_IFP +sssd_ifp_SOURCES = \ + src/responder/ifp/ifpsrv.c \ + src/responder/ifp/ifpsrv_cmd.c \ + $(SSSD_UTIL_OBJ) \ + $(SSSD_RESPONDER_OBJ) +sssd_ifp_CFLAGS = \ + $(AM_CFLAGS) +sssd_ifp_LDADD = \ + $(SSSD_LIBS) \ + $(SSSD_INTERNAL_LTLIBS) +endif + sssd_be_SOURCES = \ src/providers/data_provider_be.c \ src/providers/data_provider_fo.c \ diff --git a/configure.ac b/configure.ac index 636f87b259203dd6824eae033271256562e0cf39..49f2a64b39e911803f1816cb25e02ea7dd57a39c 100644 --- a/configure.ac +++ b/configure.ac @@ -124,6 +124,7 @@ WITH_SUDO WITH_SUDO_LIB_PATH WITH_AUTOFS WITH_SSH +WITH_IFP WITH_CRYPTO WITH_SAMBA diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 92924518c9a4ea808d117dc0b8465c57f0f5bef9..61e6e33efd7ee4315bd8e930feef8c33ad1c372e 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -380,6 +380,16 @@ Requires: libsss_nss_idmap = %{version}-%{release} The libsss_nss_idmap-python contains the bindings so that libsss_nss_idmap can be used by Python applications. +%package dbus +Summary: The D-Bus responder of the SSSD +Group: Applications/System +License: GPLv3+ +Requires: sssd-common = %{version}-%{release} + +%description dbus +Provides the D-Bus responder of the SSSD, called the InfoPipe, that allows +the information from the SSSD to be transmitted over the system bus. + %prep %setup -q -n %{name}-%{version} @@ -538,6 +548,7 @@ rm -rf $RPM_BUILD_ROOT %{_libexecdir}/%{servicename}/sssd_autofs %{_libexecdir}/%{servicename}/sssd_ssh %{_libexecdir}/%{servicename}/sssd_sudo +%{_libexecdir}/%{servicename}/sssd_ifp %dir %{_libdir}/%{name} %{_libdir}/%{name}/libsss_simple.so @@ -632,6 +643,12 @@ rm -rf $RPM_BUILD_ROOT %{_libexecdir}/%{servicename}/proxy_child %{_libdir}/%{name}/libsss_proxy.so +%files dbus +%defattr(-,root,root,-) +%doc COPYING +%{_libexecdir}/%{servicename}/sssd_ifp +%{_mandir}/man5/sssd-ifp.5* + %files client -f sssd_client.lang %defattr(-,root,root,-) %doc src/sss_client/COPYING src/sss_client/COPYING.LESSER diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 index 554e303b6879eb8c7caa879b8ea2c70f8747c051..c12175f229a32cddfaa8fef7b37e0ca06a5f8d93 100644 --- a/src/conf_macros.m4 +++ b/src/conf_macros.m4 @@ -608,3 +608,19 @@ AC_DEFUN([WITH_SAMBA], fi AM_CONDITIONAL([BUILD_SAMBA], [test x"$with_samba" = xyes]) ]) + +AC_DEFUN([WITH_IFP], + [ AC_ARG_WITH([infopipe], + [AC_HELP_STRING([--with-infopipe], + [Whether to build with InfoPipe support [yes]] + ) + ], + [with_infopipe=$withval], + with_infopipe=yes + ) + + if test x"$with_infopipe" = xyes; then + AC_DEFINE(BUILD_IFP, 1, [whether to build with InfoPipe support]) + fi + AM_CONDITIONAL([BUILD_IFP], [test x"$with_infopipe" = xyes]) + ]) diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index c997e6e942b0fe57effc7ca602bac9f4647ffa3e..75f272eee58ae66872b6236dfd0c921b00812c14 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -132,6 +132,9 @@ /* Data Provider */ #define CONFDB_DP_CONF_ENTRY "config/dp" +/* InfoPipe */ +#define CONFDB_IFP_CONF_ENTRY "config/ifp" + /* Domains */ #define CONFDB_DOMAIN_PATH_TMPL "config/domain/%s" #define CONFDB_DOMAIN_BASEDN "cn=domain,cn=config" diff --git a/src/man/Makefile.am b/src/man/Makefile.am index ccf1c053e437b00ecc53ef61baf85e6754950628..03caef2ee55689b82769e6b624e3dda619c50a93 100644 --- a/src/man/Makefile.am +++ b/src/man/Makefile.am @@ -21,7 +21,10 @@ endif if BUILD_PAC_RESPONDER PAC_RESPONDER_CONDS = ;with_pac_responder endif -CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS) +if BUILD_IFP +IFP_CONDS = ;with_ifp +endif +CONDS = with_false$(SUDO_CONDS)$(AUTOFS_CONDS)$(SSH_CONDS)$(PAC_RESPONDER_CONDS)$(IFP_CONDS) #Special Rules: @@ -52,6 +55,10 @@ if BUILD_SUDO man_MANS += sssd-sudo.5 endif +if BUILD_IFP +man_MANS += sssd-ifp.5 +endif + SUFFIXES = .1.xml .1 .3.xml .3 .5.xml .5 .8.xml .8 .1.xml.1: $(XMLLINT) $(XMLLINT_FLAGS) $< diff --git a/src/man/include/seealso.xml b/src/man/include/seealso.xml index 4f7943113e2ff50172f652bf919713092d0b985b..992e64b76102f1b8b9a693fa92f35df1bb2048e2 100644 --- a/src/man/include/seealso.xml +++ b/src/man/include/seealso.xml @@ -74,6 +74,12 @@ <manvolnum>8</manvolnum> </citerefentry>, </phrase> + <phrase condition="with_ifp"> + <citerefentry> + <refentrytitle>sssd-ifp</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry>, + </phrase> <citerefentry> <refentrytitle>pam_sss</refentrytitle><manvolnum>8</manvolnum> </citerefentry>. diff --git a/src/man/sssd-ifp.5.xml b/src/man/sssd-ifp.5.xml new file mode 100644 index 0000000000000000000000000000000000000000..dfac252984f365582519c6ceb5e553633813c761 --- /dev/null +++ b/src/man/sssd-ifp.5.xml @@ -0,0 +1,46 @@ +<?xml version="1.0" encoding="UTF-8"?> +<!DOCTYPE reference PUBLIC "-//OASIS//DTD DocBook V4.4//EN" +"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd";> +<reference> +<title>SSSD Manual pages</title> +<refentry> + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/upstream.xml" /> + + <refmeta> + <refentrytitle>sssd-ifp</refentrytitle> + <manvolnum>5</manvolnum> + <refmiscinfo class="manual">File Formats and Conventions</refmiscinfo> + </refmeta> + + <refnamediv id='name'> + <refname>sssd-ifp</refname> + <refpurpose>SSSD InfoPipe responder</refpurpose> + </refnamediv> + + <refsect1 id='description'> + <title>DESCRIPTION</title> + <para> + This manual page describes the configuration of the InfoPipe responder + for + <citerefentry> + <refentrytitle>sssd</refentrytitle> + <manvolnum>8</manvolnum> + </citerefentry>. + For a detailed syntax reference, refer to the <quote>FILE FORMAT</quote> section of the + <citerefentry> + <refentrytitle>sssd.conf</refentrytitle> + <manvolnum>5</manvolnum> + </citerefentry> manual page. + </para> + <para> + The InfoPipe responder provides a public D-Bus interface + accessible over the system bus. The interface allows the user + to query information about remote users and groups over the + system bus. + </para> + </refsect1> + + <xi:include xmlns:xi="http://www.w3.org/2001/XInclude"; href="include/seealso.xml" /> + +</refentry> +</reference> diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index 52a1851b1355dd7277beaecc43684db70d846b88..854b5501995a9a727f0634cf5409000ac9ebc3fa 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -91,6 +91,7 @@ <phrase condition="with_autofs">, autofs</phrase> <phrase condition="with_ssh">, ssh</phrase> <phrase condition="with_pac_responder">, pac</phrase> + <phrase condition="with_ifp">, ifp</phrase> </para> </listitem> </varlistentry> diff --git a/src/monitor/monitor.c b/src/monitor/monitor.c index aaf3e56f08fff8a666f522269758634b064ada0e..4c6ab517edc94c94ce6efbca82c1512a3e55c6a4 100644 --- a/src/monitor/monitor.c +++ b/src/monitor/monitor.c @@ -870,7 +870,7 @@ done: static char *check_services(char **services) { const char *known_services[] = { "nss", "pam", "sudo", "autofs", "ssh", - "pac", NULL }; + "pac", "ifp", NULL }; int i; int ii; diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index ac703b821d1f1bb84542743e5ac03ee0a7058f70..240f60318c2c3b3fd10f1cf91f43071f37c38b6d 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2014,6 +2014,8 @@ static int client_registration(struct sbus_request *dbus_req, void *data) becli->bectx->ssh_cli = becli; } else if (strcasecmp(cli_name, "PAC") == 0) { becli->bectx->pac_cli = becli; + } else if (strcasecmp(cli_name, "InfoPipe") == 0) { + becli->bectx->ifp_cli = becli; } else { DEBUG(SSSDBG_CRIT_FAILURE, "Unknown client! [%s]\n", cli_name); } diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h index ed022c2079b4ca490b86644d279703976188423e..8e3a68a5b46998c3e0bd9752a6aec28e1764ed09 100644 --- a/src/providers/dp_backend.h +++ b/src/providers/dp_backend.h @@ -143,6 +143,7 @@ struct be_ctx { struct be_client *autofs_cli; struct be_client *ssh_cli; struct be_client *pac_cli; + struct be_client *ifp_cli; struct loaded_be loaded_be[BET_MAX]; struct bet_info bet_info[BET_MAX]; diff --git a/src/responder/common/responder.h b/src/responder/common/responder.h index 98e363c3efcc29de3224336c2dbc069861f09b3d..ce89cfa6374e1ea4f1335a86325ba319aaf02bf6 100644 --- a/src/responder/common/responder.h +++ b/src/responder/common/responder.h @@ -33,6 +33,7 @@ #include "dhash.h" #include "sbus/sssd_dbus.h" #include "sss_client/sss_cli.h" +#include "util/util.h" extern hash_table_t *dp_requests; diff --git a/src/responder/common/responder_sbus.h b/src/responder/common/responder_sbus.h index 4927d72a750cf2827710298af638513a30154b54..ca1ce512b83954ab44c1ca7b860d8ecc20b0ccd3 100644 --- a/src/responder/common/responder_sbus.h +++ b/src/responder/common/responder_sbus.h @@ -37,6 +37,9 @@ #define SSS_SSH_SBUS_SERVICE_NAME "ssh" #define SSS_SSH_SBUS_SERVICE_VERSION 0x0001 +#define SSS_IFP_SBUS_SERVICE_NAME "ifp" +#define SSS_IFP_SBUS_SERVICE_VERSION 0x0001 + #define PAC_SBUS_SERVICE_NAME "pac" #define PAC_SBUS_SERVICE_VERSION 0x0001 diff --git a/src/responder/ifp/ifp_private.h b/src/responder/ifp/ifp_private.h new file mode 100644 index 0000000000000000000000000000000000000000..32c7281ea40e3e12c3e2db9b1439bec713399fea --- /dev/null +++ b/src/responder/ifp/ifp_private.h @@ -0,0 +1,35 @@ +/* + Authors: + Jakub Hrozek <jhro...@redhat.com> + Stephen Gallagher <sgall...@redhat.com> + + Copyright (C) 2013 Red Hat + + InfoPipe responder: A private header + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef _IFPSRV_PRIVATE_H_ +#define _IFPSRV_PRIVATE_H_ + +#include "responder/common/responder.h" +#include "providers/data_provider.h" + +struct ifp_ctx { + struct resp_ctx *rctx; + struct sss_names_ctx *snctx; +}; + +#endif /* _IFPSRV_PRIVATE_H_ */ diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c new file mode 100644 index 0000000000000000000000000000000000000000..06434c328359bdbf9e9241252eee0392c3017bce --- /dev/null +++ b/src/responder/ifp/ifpsrv.c @@ -0,0 +1,227 @@ +/* + Authors: + Jakub Hrozek <jhro...@redhat.com> + + Copyright (C) 2013 Red Hat + + InfoPipe responder: the responder server + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include <stdio.h> +#include <unistd.h> +#include <fcntl.h> +#include <sys/types.h> +#include <sys/stat.h> +#include <sys/socket.h> +#include <sys/un.h> +#include <string.h> +#include <sys/time.h> +#include <errno.h> +#include <popt.h> +#include <dbus/dbus.h> + +#include "util/util.h" +#include "sbus/sssd_dbus.h" +#include "monitor/monitor_interfaces.h" +#include "confdb/confdb.h" +#include "responder/ifp/ifp_private.h" +#include "responder/common/responder_sbus.h" + +struct mon_cli_iface monitor_ifp_methods = { + { &mon_cli_iface_meta, 0 }, + .ping = monitor_common_pong, + .resInit = monitor_common_res_init, + .shutDown = NULL, + .goOffline = NULL, + .resetOffline = NULL, + .rotateLogs = responder_logrotate, +}; + +static struct data_provider_iface ifp_dp_methods = { + { &data_provider_iface_meta, 0 }, + .RegisterService = NULL, + .pamHandler = NULL, + .sudoHandler = NULL, + .autofsHandler = NULL, + .hostHandler = NULL, + .getDomains = NULL, + .getAccountInfo = NULL, +}; + +struct sss_cmd_table *get_ifp_cmds(void) +{ + static struct sss_cmd_table ifp_cmds[] = { + { SSS_GET_VERSION, sss_cmd_get_version }, + { SSS_CLI_NULL, NULL} + }; + + return ifp_cmds; +} + +static void ifp_dp_reconnect_init(struct sbus_connection *conn, + int status, void *pvt) +{ + struct be_conn *be_conn = talloc_get_type(pvt, struct be_conn); + int ret; + + /* Did we reconnect successfully? */ + if (status == SBUS_RECONNECT_SUCCESS) { + DEBUG(SSSDBG_TRACE_FUNC, "Reconnected to the Data Provider.\n"); + + /* Identify ourselves to the data provider */ + ret = dp_common_send_id(be_conn->conn, + DATA_PROVIDER_VERSION, + "InfoPipe"); + /* all fine */ + if (ret == EOK) { + handle_requests_after_reconnect(be_conn->rctx); + return; + } + } + + /* Failed to reconnect */ + DEBUG(SSSDBG_FATAL_FAILURE, "Could not reconnect to %s provider.\n", + be_conn->domain->name); +} + +int ifp_process_init(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct confdb_ctx *cdb) +{ + struct resp_ctx *rctx; + struct sss_cmd_table *ifp_cmds; + struct ifp_ctx *ifp_ctx; + struct be_conn *iter; + int ret; + int max_retries; + + ifp_cmds = get_ifp_cmds(); + ret = sss_process_init(mem_ctx, ev, cdb, + ifp_cmds, + SSS_IFP_SOCKET_NAME, NULL, + CONFDB_IFP_CONF_ENTRY, + SSS_IFP_SBUS_SERVICE_NAME, + SSS_IFP_SBUS_SERVICE_VERSION, + &monitor_ifp_methods, + "InfoPipe", + &ifp_dp_methods.vtable, + &rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "sss_process_init() failed\n"); + return ret; + } + + ifp_ctx = talloc_zero(rctx, struct ifp_ctx); + if (ifp_ctx == NULL) { + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing ifp_ctx\n"); + ret = ENOMEM; + goto fail; + } + + ifp_ctx->rctx = rctx; + ifp_ctx->rctx->pvt_ctx = ifp_ctx; + + ret = sss_names_init_from_args(ifp_ctx, + "(?P<name>[^@]+)@?(?P<domain>[^@]*$)", + "%1$s@%2$s", &ifp_ctx->snctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "fatal error initializing regex data\n"); + goto fail; + } + + /* Enable automatic reconnection to the Data Provider */ + ret = confdb_get_int(ifp_ctx->rctx->cdb, + CONFDB_IFP_CONF_ENTRY, + CONFDB_SERVICE_RECON_RETRIES, + 3, &max_retries); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, + "Failed to set up automatic reconnection\n"); + goto fail; + } + + for (iter = ifp_ctx->rctx->be_conns; iter; iter = iter->next) { + sbus_reconnect_init(iter->conn, max_retries, + ifp_dp_reconnect_init, iter); + } + + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); + goto fail; + } + + DEBUG(SSSDBG_TRACE_FUNC, "InfoPipe Initialization complete\n"); + return EOK; + +fail: + talloc_free(rctx); + return ret; +} + +int main(int argc, const char *argv[]) +{ + int opt; + poptContext pc; + struct main_context *main_ctx; + int ret; + + struct poptOption long_options[] = { + POPT_AUTOHELP + SSSD_MAIN_OPTS + POPT_TABLEEND + }; + + /* Set debug level to invalid value so we can deside if -d 0 was used. */ + debug_level = SSSDBG_INVALID; + + pc = poptGetContext(argv[0], argc, argv, long_options, 0); + while((opt = poptGetNextOpt(pc)) != -1) { + switch(opt) { + default: + fprintf(stderr, "\nInvalid option %s: %s\n\n", + poptBadOption(pc, 0), poptStrerror(opt)); + poptPrintUsage(pc, stderr, 0); + return 1; + } + } + + poptFreeContext(pc); + + DEBUG_INIT(debug_level); + + /* set up things like debug, signals, daemonization, etc... */ + debug_log_file = "sssd_ifp"; + + ret = server_setup("sssd[ifp]", 0, CONFDB_IFP_CONF_ENTRY, &main_ctx); + if (ret != EOK) return 2; + + ret = die_if_parent_died(); + if (ret != EOK) { + /* This is not fatal, don't return */ + DEBUG(SSSDBG_MINOR_FAILURE, + "Could not set up to exit when parent process does\n"); + } + + ret = ifp_process_init(main_ctx, + main_ctx->event_ctx, + main_ctx->confdb_ctx); + if (ret != EOK) return 3; + + /* loop on main */ + server_loop(main_ctx); + return 0; +} diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c new file mode 100644 index 0000000000000000000000000000000000000000..b9641ff605dc777fb3279751b08a995d148b12e5 --- /dev/null +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -0,0 +1,32 @@ +/* + Authors: + Jakub Hrozek <jhro...@redhat.com> + + Copyright (C) 2013 Red Hat + + InfoPipe responder: the responder commands + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "responder/ifp/ifp_private.h" + +struct cli_protocol_version *register_cli_protocol_version(void) +{ + static struct cli_protocol_version ssh_cli_protocol_version[] = { + {0, NULL, NULL} + }; + + return ssh_cli_protocol_version; +} -- 1.9.0
>From f5dc28c2f2ea3dd81cf5bc819b22ad7cf8deb2ad Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <jhro...@redhat.com> Date: Mon, 6 Jan 2014 15:15:40 +0100 Subject: [PATCH 2/3] IFP: Connect to the system bus Related: https://fedorahosted.org/sssd/ticket/2072 Adds the possibility for the InfoPipe responder to connect to the system bus. At the moment, only a dummy method "Ping" is provided. The method only accepts a single string parameter that has to be 'ping'. (cherry picked from commit 8214510f125879c3b1d247f2ce981ee20b5375d1) --- Makefile.am | 9 +- contrib/sssd.spec.in | 2 + src/responder/ifp/ifp_iface.xml | 10 ++ src/responder/ifp/ifp_iface_generated.c | 25 +++++ src/responder/ifp/ifp_iface_generated.h | 49 +++++++++ src/responder/ifp/ifp_private.h | 14 +++ src/responder/ifp/ifpsrv.c | 110 ++++++++++++++++++++- src/responder/ifp/ifpsrv_cmd.c | 36 +++++++ .../ifp/org.freedesktop.sssd.infopipe.conf | 22 +++++ 9 files changed, 275 insertions(+), 2 deletions(-) create mode 100644 src/responder/ifp/ifp_iface.xml create mode 100644 src/responder/ifp/ifp_iface_generated.c create mode 100644 src/responder/ifp/ifp_iface_generated.h create mode 100644 src/responder/ifp/org.freedesktop.sssd.infopipe.conf diff --git a/Makefile.am b/Makefile.am index 7b756c670f59e30a1e0a07d12b0734faf7c14146..fe78211fccd77934aeee6488a13c13b5ae295907 100644 --- a/Makefile.am +++ b/Makefile.am @@ -36,6 +36,7 @@ sssdconfdir = $(sysconfdir)/sssd sssddatadir = $(datadir)/sssd sssdapiplugindir = $(sssddatadir)/sssd.api.d dbusintrospectdir = $(datarootdir)/sssd/introspect +dbuspolicydir = $(sysconfdir)/dbus-1/system.d localedir = @localedir@ nsslibdir = @nsslibdir@ pamlibdir = @pammoddir@ @@ -660,7 +661,8 @@ include_HEADERS = \ CODEGEN_XML = \ $(srcdir)/src/tests/sbus_codegen_tests.xml \ $(srcdir)/src/monitor/monitor_iface.xml \ - $(srcdir)/src/providers/data_provider_iface.xml + $(srcdir)/src/providers/data_provider_iface.xml \ + $(srcdir)/src/responder/ifp/ifp_iface.xml SBUS_CODEGEN = src/sbus/sbus_codegen @@ -782,6 +784,8 @@ if BUILD_IFP sssd_ifp_SOURCES = \ src/responder/ifp/ifpsrv.c \ src/responder/ifp/ifpsrv_cmd.c \ + src/responder/ifp/ifp_iface_generated.c \ + src/responder/ifp/ifp_iface_generated.h \ $(SSSD_UTIL_OBJ) \ $(SSSD_RESPONDER_OBJ) sssd_ifp_CFLAGS = \ @@ -789,6 +793,8 @@ sssd_ifp_CFLAGS = \ sssd_ifp_LDADD = \ $(SSSD_LIBS) \ $(SSSD_INTERNAL_LTLIBS) +dist_dbuspolicy_DATA = \ + src/responder/ifp/org.freedesktop.sssd.infopipe.conf endif sssd_be_SOURCES = \ @@ -2163,6 +2169,7 @@ installsssddirs:: $(DESTDIR)$(pluginpath) \ $(DESTDIR)$(libdir)/ldb \ $(DESTDIR)$(dbusintrospectdir) \ + $(DESTDIR)$(dbuspolicydir) \ $(DESTDIR)$(pipepath)/private \ $(DESTDIR)$(sssdlibdir) \ $(DESTDIR)$(pkglibdir) \ diff --git a/contrib/sssd.spec.in b/contrib/sssd.spec.in index 61e6e33efd7ee4315bd8e930feef8c33ad1c372e..916527da7640a01563cd8634032a411a78a066c6 100644 --- a/contrib/sssd.spec.in +++ b/contrib/sssd.spec.in @@ -648,6 +648,8 @@ rm -rf $RPM_BUILD_ROOT %doc COPYING %{_libexecdir}/%{servicename}/sssd_ifp %{_mandir}/man5/sssd-ifp.5* +# InfoPipe DBus plumbing +%{_sysconfdir}/dbus-1/system.d/org.freedesktop.sssd.infopipe.conf %files client -f sssd_client.lang %defattr(-,root,root,-) diff --git a/src/responder/ifp/ifp_iface.xml b/src/responder/ifp/ifp_iface.xml new file mode 100644 index 0000000000000000000000000000000000000000..e3221b577b88dc622b4a467f3ae78aa44c84927d --- /dev/null +++ b/src/responder/ifp/ifp_iface.xml @@ -0,0 +1,10 @@ +<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd";> +<node> + <interface name="org.freedesktop.sssd.infopipe"> + <annotation value="infopipe_iface" name="org.freedesktop.DBus.GLib.CSymbol"/> + <method name="Ping"> + <!-- arguments parsed manually --> + </method> + </interface> +</node> diff --git a/src/responder/ifp/ifp_iface_generated.c b/src/responder/ifp/ifp_iface_generated.c new file mode 100644 index 0000000000000000000000000000000000000000..db5e0e545d8d1a956ae052be52a824ed0bf5d273 --- /dev/null +++ b/src/responder/ifp/ifp_iface_generated.c @@ -0,0 +1,25 @@ +/* The following definitions are auto-generated from ifp_iface.xml */ + +#include "util/util.h" +#include "sbus/sssd_dbus.h" +#include "sbus/sssd_dbus_meta.h" +#include "ifp_iface_generated.h" + +/* methods for org.freedesktop.sssd.infopipe */ +const struct sbus_method_meta infopipe_iface__methods[] = { + { + "Ping", /* name */ + NULL, /* no in_args */ + NULL, /* no out_args */ + offsetof(struct infopipe_iface, Ping), + }, + { NULL, } +}; + +/* interface info for org.freedesktop.sssd.infopipe */ +const struct sbus_interface_meta infopipe_iface_meta = { + "org.freedesktop.sssd.infopipe", /* name */ + infopipe_iface__methods, + NULL, /* no signals */ + NULL, /* no propetries */ +}; diff --git a/src/responder/ifp/ifp_iface_generated.h b/src/responder/ifp/ifp_iface_generated.h new file mode 100644 index 0000000000000000000000000000000000000000..8db83fc115d62390560e9be94ac1480ade48296f --- /dev/null +++ b/src/responder/ifp/ifp_iface_generated.h @@ -0,0 +1,49 @@ +/* The following declarations are auto-generated from ifp_iface.xml */ + +#ifndef __IFP_IFACE_XML__ +#define __IFP_IFACE_XML__ + +#include "sbus/sssd_dbus.h" + +/* ------------------------------------------------------------------------ + * DBus Constants + * + * Various constants of interface and method names mostly for use by clients + */ + +/* constants for org.freedesktop.sssd.infopipe */ +#define INFOPIPE_IFACE "org.freedesktop.sssd.infopipe" +#define INFOPIPE_IFACE_PING "Ping" + +/* ------------------------------------------------------------------------ + * DBus Vtable handler structures + * + * These structures are filled in by implementors of the different + * dbus interfaces to handle method calls. + * + * Handler functions of type sbus_msg_handler_fn accept raw messages, + * other handlers will be typed appropriately. If a handler that is + * set to NULL is invoked it will result in a + * org.freedesktop.DBus.Error.NotSupported error for the caller. + */ + +/* vtable for org.freedesktop.sssd.infopipe */ +struct infopipe_iface { + struct sbus_vtable vtable; /* derive from sbus_vtable */ + sbus_msg_handler_fn Ping; +}; + +/* ------------------------------------------------------------------------ + * DBus Interface Metadata + * + * These structure definitions are filled in with the information about + * the interfaces, methods, properties and so on. + * + * The actual definitions are found in the accompanying C file next + * to this header. + */ + +/* interface info for org.freedesktop.sssd.infopipe */ +extern const struct sbus_interface_meta infopipe_iface_meta; + +#endif /* __IFP_IFACE_XML__ */ diff --git a/src/responder/ifp/ifp_private.h b/src/responder/ifp/ifp_private.h index 32c7281ea40e3e12c3e2db9b1439bec713399fea..b97cb8a7d9e55f550a3eda0e9acc034329d4ba17 100644 --- a/src/responder/ifp/ifp_private.h +++ b/src/responder/ifp/ifp_private.h @@ -26,10 +26,24 @@ #include "responder/common/responder.h" #include "providers/data_provider.h" +#include "responder/ifp/ifp_iface_generated.h" + +#define INFOPIPE_PATH "/org/freedesktop/sssd/infopipe" + +struct sysbus_ctx { + struct sbus_connection *conn; + char *introspect_xml; +}; struct ifp_ctx { struct resp_ctx *rctx; struct sss_names_ctx *snctx; + + struct sysbus_ctx *sysbus; }; +/* This is a throwaway method to ease the review of the patch. + * It will be removed later */ +int ifp_ping(struct sbus_request *dbus_req, void *data); + #endif /* _IFPSRV_PRIVATE_H_ */ diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index 06434c328359bdbf9e9241252eee0392c3017bce..accf679efe3332aa0fb57162e288ef67eaf54adb 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -61,6 +61,11 @@ static struct data_provider_iface ifp_dp_methods = { .getAccountInfo = NULL, }; +struct infopipe_iface ifp_iface = { + { &infopipe_iface_meta, 0 }, + .Ping = ifp_ping, +}; + struct sss_cmd_table *get_ifp_cmds(void) { static struct sss_cmd_table ifp_cmds[] = { @@ -97,6 +102,95 @@ static void ifp_dp_reconnect_init(struct sbus_connection *conn, be_conn->domain->name); } +static errno_t +sysbus_init(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + const char *dbus_name, + const char *dbus_path, + struct sbus_vtable *iface_vtable, + void *pvt, + struct sysbus_ctx **sysbus) +{ + DBusError dbus_error; + DBusConnection *conn = NULL; + struct sysbus_ctx *system_bus = NULL; + struct sbus_interface *sif; + errno_t ret; + + system_bus = talloc_zero(mem_ctx, struct sysbus_ctx); + if (system_bus == NULL) { + return ENOMEM; + } + + dbus_error_init(&dbus_error); + + /* Connect to the well-known system bus */ + conn = dbus_bus_get(DBUS_BUS_SYSTEM, &dbus_error); + if (conn == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("Failed to connect to D-BUS system bus.\n")); + ret = EIO; + goto fail; + } + dbus_connection_set_exit_on_disconnect(conn, FALSE); + + ret = dbus_bus_request_name(conn, dbus_name, + /* We want exclusive access */ + DBUS_NAME_FLAG_DO_NOT_QUEUE, + &dbus_error); + if (ret != DBUS_REQUEST_NAME_REPLY_PRIMARY_OWNER) { + /* We were unable to register on the system bus */ + DEBUG(SSSDBG_CRIT_FAILURE, + ("Unable to request name on the system bus.\n")); + ret = EIO; + goto fail; + } + + DEBUG(SSSDBG_TRACE_FUNC, "Listening on %s\n", dbus_name); + + /* Integrate with tevent loop */ + ret = sbus_init_connection(system_bus, ev, conn, + SBUS_CONN_TYPE_SHARED, + &system_bus->conn); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not integrate D-BUS into mainloop.\n"); + goto fail; + } + + sif = sbus_new_interface(system_bus->conn, + dbus_path, + iface_vtable, + pvt); + if (sif == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add the sbus interface\n"); + goto fail; + } + + ret = sbus_conn_add_interface(system_bus->conn, sif); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Could not add the interface\n"); + goto fail; + } + + *sysbus = system_bus; + return EOK; + +fail: + if (dbus_error_is_set(&dbus_error)) { + DEBUG(SSSDBG_OP_FAILURE, + "DBus error message: %s\n", dbus_error.message); + dbus_error_free(&dbus_error); + } + + if (conn) dbus_connection_unref(conn); + + talloc_free(system_bus); + return ret; +} + int ifp_process_init(TALLOC_CTX *mem_ctx, struct tevent_context *ev, struct confdb_ctx *cdb) @@ -158,9 +252,23 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, ifp_dp_reconnect_init, iter); } + /* Connect to the D-BUS system bus and set up methods */ + ret = sysbus_init(ifp_ctx, ifp_ctx->rctx->ev, + INFOPIPE_IFACE, + INFOPIPE_PATH, + &ifp_iface.vtable, + ifp_ctx, &ifp_ctx->sysbus); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, + "Failed to connect to the system message bus\n"); + talloc_free(ifp_ctx); + return EIO; + } + ret = schedule_get_domains_task(rctx, rctx->ev, rctx); if (ret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "schedule_get_domains_tasks failed.\n"); + DEBUG(SSSDBG_FATAL_FAILURE, + "schedule_get_domains_tasks failed.\n"); goto fail; } diff --git a/src/responder/ifp/ifpsrv_cmd.c b/src/responder/ifp/ifpsrv_cmd.c index b9641ff605dc777fb3279751b08a995d148b12e5..4f73342dd8a8e5ef34a9061634e8f10c52e59964 100644 --- a/src/responder/ifp/ifpsrv_cmd.c +++ b/src/responder/ifp/ifpsrv_cmd.c @@ -30,3 +30,39 @@ struct cli_protocol_version *register_cli_protocol_version(void) return ssh_cli_protocol_version; } + +/* This is a throwaway method to ease the review of the patch. + * It will be removed later */ +int ifp_ping(struct sbus_request *dbus_req, void *data) +{ + struct ifp_ctx *ifp_ctx = talloc_get_type(data, struct ifp_ctx); + static const char *pong = "PONG"; + const char *request; + DBusError dberr; + + if (ifp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "Invalid pointer!\n"); + return sbus_request_return_and_finish(dbus_req, DBUS_TYPE_INVALID); + } + + + if (!sbus_request_parse_or_finish(dbus_req, + DBUS_TYPE_STRING, &request, + DBUS_TYPE_INVALID)) { + return EOK; /* handled */ + } + + DEBUG(SSSDBG_CONF_SETTINGS, "Got request for [%s]\n", request); + + if (strcasecmp(request, "ping") != 0) { + dbus_error_init(&dberr); + dbus_set_error_const(&dberr, + DBUS_ERROR_INVALID_ARGS, + "Ping() only accepts ping as a param\n"); + return sbus_request_fail_and_finish(dbus_req, &dberr); + } + + return sbus_request_return_and_finish(dbus_req, + DBUS_TYPE_STRING, &pong, + DBUS_TYPE_INVALID); +} diff --git a/src/responder/ifp/org.freedesktop.sssd.infopipe.conf b/src/responder/ifp/org.freedesktop.sssd.infopipe.conf new file mode 100644 index 0000000000000000000000000000000000000000..fea847ceed6b3d0f999f4bd747cc7b16df2124a9 --- /dev/null +++ b/src/responder/ifp/org.freedesktop.sssd.infopipe.conf @@ -0,0 +1,22 @@ +<?xml version="1.0"?> <!--*-nxml-*--> +<!DOCTYPE busconfig PUBLIC + "-//freedesktop//DTD D-BUS Bus Configuration 1.0//EN" + "http://www.freedesktop.org/standards/dbus/1.0/busconfig.dtd";> +<busconfig> + + <!-- This configuration file specifies the required security policies + for the SSSD InfoPipe to work. --> + + <!-- Only root can own (provide) the SSSD service --> + <policy user="root"> + <allow own="org.freedesktop.sssd.infopipe"/> + </policy> + + <!-- Allow all methods on the interface --> + <!-- Right now, this will be handled by a limited ACL + within the InfoPipe Daemon. --> + <policy context="default"> + <allow send_interface="org.freedesktop.sssd.infopipe"/> + </policy> + +</busconfig> -- 1.9.0
>From 828e331f446776b1511dbc06de01288af0c59140 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrez...@redhat.com> Date: Fri, 28 Mar 2014 12:51:08 +0100 Subject: [PATCH 3/3] IFP: do not create client socket MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit There is no need for client socket in IFP responder, since it uses D-Bus for communication with clients. Resolves: https://fedorahosted.org/sssd/ticket/2290 Reviewed-by: Pavel Březina <pbrez...@redhat.com> (cherry picked from commit 0a6fa194bad18f417dc8542d3b8f654f898375c5) --- Makefile.am | 1 - src/responder/ifp/ifpsrv.c | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index fe78211fccd77934aeee6488a13c13b5ae295907..f46cc34719e08dee1977d42df6efee09bf9eea69 100644 --- a/Makefile.am +++ b/Makefile.am @@ -310,7 +310,6 @@ AM_CPPFLAGS = \ -DSSS_SUDO_SOCKET_NAME=\"$(pipepath)/sudo\" \ -DSSS_AUTOFS_SOCKET_NAME=\"$(pipepath)/autofs\" \ -DSSS_SSH_SOCKET_NAME=\"$(pipepath)/ssh\" \ - -DSSS_IFP_SOCKET_NAME=\"$(pipepath)/ifp\" \ -DLOCALEDIR=\"$(localedir)\" EXTRA_DIST = build/config.rpath diff --git a/src/responder/ifp/ifpsrv.c b/src/responder/ifp/ifpsrv.c index accf679efe3332aa0fb57162e288ef67eaf54adb..e76f3bdb0afb997ee2bbc0122199e127da34de84 100644 --- a/src/responder/ifp/ifpsrv.c +++ b/src/responder/ifp/ifpsrv.c @@ -205,7 +205,7 @@ int ifp_process_init(TALLOC_CTX *mem_ctx, ifp_cmds = get_ifp_cmds(); ret = sss_process_init(mem_ctx, ev, cdb, ifp_cmds, - SSS_IFP_SOCKET_NAME, NULL, + NULL, NULL, CONFDB_IFP_CONF_ENTRY, SSS_IFP_SBUS_SERVICE_NAME, SSS_IFP_SBUS_SERVICE_VERSION, -- 1.9.0
_______________________________________________ sssd-devel mailing list sssd-devel@lists.fedorahosted.org https://lists.fedorahosted.org/mailman/listinfo/sssd-devel
