[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: [Freeipa-devel] [PATCH] use fixed paths to responders pipes



Sumit Bose schrieb:
> Hi,
> 
> it makes little sense to have the responder socket names configurable
> via confdb, because the pam and nss clients need to know them and will
> not have access to confdb by design. This patch will move these paths
> together with other protocol information to a common header file.
> 
> bye,
> Sumit
> 

accidentally I disabled pam in the default configuration. The new patch
fixes this.

bye,
Sumit
>From 3b648d66f82a6d2e989c42627d3cf8aa8ca33110 Mon Sep 17 00:00:00 2001
From: Sumit Bose <sbose redhat com>
Date: Mon, 9 Mar 2009 10:19:48 +0100
Subject: [PATCH] use fixed paths to responders pipes

Socket paths and other definitions which are relevant for the
responders and their clients are collected in sss/responder.h.
---
 server/confdb/confdb.c                     |    4 +
 server/include/sss/responder.h             |  155 ++++++++++++++++++++++++++++
 server/providers/data_provider_be.c        |    2 +-
 server/providers/ldap_be.c                 |    2 +-
 server/providers/proxy.c                   |    2 +-
 server/responder/common/responder_cmd.h    |    6 +-
 server/responder/common/responder_common.c |  119 ++++++++++++----------
 server/responder/common/responder_common.h |    1 +
 server/responder/common/responder_packet.h |    2 +-
 server/responder/nss/nsssrv.c              |    7 +-
 server/responder/nss/nsssrv.h              |    4 +-
 server/responder/pam/pamsrv.c              |    5 +-
 sss_client/Makefile.in                     |    4 +
 sss_client/common.c                        |    9 +-
 sss_client/configure.ac                    |    4 +
 sss_client/sss_cli.h                       |  126 +----------------------
 16 files changed, 256 insertions(+), 196 deletions(-)
 create mode 100644 server/include/sss/responder.h

diff --git a/server/confdb/confdb.c b/server/confdb/confdb.c
index 462a0f2..e4b37e8 100644
--- a/server/confdb/confdb.c
+++ b/server/confdb/confdb.c
@@ -521,11 +521,13 @@ static int confdb_init_db(struct confdb_ctx *cdb)
     ret = confdb_add_param(cdb, false, "config/services/pam", "command", val);
     if (ret != EOK) goto done;
 
+#if 0 /* for future use */
     /* Set the sssd_pam socket path */
     val[0] = talloc_asprintf(tmp_ctx, "%s/pam", PIPE_PATH);
     CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
     ret = confdb_add_param(cdb, false, "config/services/pam", "unixSocket", val);
     if (ret != EOK) goto done;
+#endif /* for future use */
 
     /* Add PAM to the list of active services */
     val[0] = "pam";
@@ -544,11 +546,13 @@ static int confdb_init_db(struct confdb_ctx *cdb)
     ret = confdb_add_param(cdb, false, "config/services/nss", "command", val);
     if (ret != EOK) goto done;
 
+#if 0 /* for future use */
     /* Set the sssd_nss socket path */
     val[0] = talloc_asprintf(tmp_ctx, "%s/sssd_nss", PIPE_PATH);
     CONFDB_ZERO_CHECK_OR_JUMP(val[0], ret, ENOMEM, done);
     ret = confdb_add_param(cdb, false, "config/services/nss", "unixSocket", val);
     if (ret != EOK) goto done;
+#endif /* for future use */
 
     /* Add NSS to the list of active services */
     val[0] = "nss";
diff --git a/server/include/sss/responder.h b/server/include/sss/responder.h
new file mode 100644
index 0000000..5042687
--- /dev/null
+++ b/server/include/sss/responder.h
@@ -0,0 +1,155 @@
+/*
+   SSSD
+
+   Responder, header file
+
+   Copyright (C) Sumit Bose <sbose redhat com> 2009
+
+   This program is free software; you can redistribute it and/or modify
+   it under the terms of the GNU General Public License as published by
+   the Free Software Foundation; either version 3 of the License, or
+   (at your option) any later version.
+
+   This program is distributed in the hope that it will be useful,
+   but WITHOUT ANY WARRANTY; without even the implied warranty of
+   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+   GNU General Public License for more details.
+
+   You should have received a copy of the GNU General Public License
+   along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __RESPONDER_H__
+#define __RESPONDER_H__
+
+#define RESPONDER_PIPE_PATH "/var/lib/sss/pipes/"
+
+#define NSS_RESPONDER_PIPE_NAME RESPONDER_PIPE_PATH"nss"
+#define PAM_RESPONDER_PIPE_NAME RESPONDER_PIPE_PATH"pam"
+#define PRIVATE_PAM_RESPONDER_PIPE_NAME RESPONDER_PIPE_PATH"private/pam"
+
+
+#define SSS_PROTOCOL_VERSION 0
+
+enum sss_cli_command {
+/* null */
+    SSS_CLI_NULL           = 0x0000,
+
+/* version */
+    SSS_GET_VERSION    = 0x0001,
+
+/* passwd */
+
+    SSS_NSS_GETPWNAM       = 0x0011,
+    SSS_NSS_GETPWUID       = 0x0012,
+    SSS_NSS_SETPWENT       = 0x0013,
+    SSS_NSS_GETPWENT       = 0x0014,
+    SSS_NSS_ENDPWENT       = 0x0015,
+
+/* group */
+
+    SSS_NSS_GETGRNAM       = 0x0021,
+    SSS_NSS_GETGRGID       = 0x0022,
+    SSS_NSS_SETGRENT       = 0x0023,
+    SSS_NSS_GETGRENT       = 0x0024,
+    SSS_NSS_ENDGRENT       = 0x0025,
+    SSS_NSS_INITGR         = 0x0026,
+
+#if 0
+/* aliases */
+
+    SSS_NSS_GETALIASBYNAME = 0x0031,
+    SSS_NSS_GETALIASBYPORT = 0x0032,
+    SSS_NSS_SETALIASENT    = 0x0033,
+    SSS_NSS_GETALIASENT    = 0x0034,
+    SSS_NSS_ENDALIASENT    = 0x0035,
+
+/* ethers */
+
+    SSS_NSS_GETHOSTTON     = 0x0041,
+    SSS_NSS_GETNTOHOST     = 0x0042,
+    SSS_NSS_SETETHERENT    = 0x0043,
+    SSS_NSS_GETETHERENT    = 0x0044,
+    SSS_NSS_ENDETHERENT    = 0x0045,
+
+/* hosts */
+
+    SSS_NSS_GETHOSTBYNAME  = 0x0051,
+    SSS_NSS_GETHOSTBYNAME2 = 0x0052,
+    SSS_NSS_GETHOSTBYADDR  = 0x0053,
+    SSS_NSS_SETHOSTENT     = 0x0054,
+    SSS_NSS_GETHOSTENT     = 0x0055,
+    SSS_NSS_ENDHOSTENT     = 0x0056,
+
+/* netgroup */
+
+    SSS_NSS_SETNETGRENT    = 0x0061,
+    SSS_NSS_GETNETGRENT    = 0x0062,
+    SSS_NSS_ENDNETGRENT    = 0x0063,
+    /* SSS_NSS_INNETGR     = 0x0064, */
+
+/* networks */
+
+    SSS_NSS_GETNETBYNAME   = 0x0071,
+    SSS_NSS_GETNETBYADDR   = 0x0072,
+    SSS_NSS_SETNETENT      = 0x0073,
+    SSS_NSS_GETNETENT      = 0x0074,
+    SSS_NSS_ENDNETENT      = 0x0075,
+
+/* protocols */
+
+    SSS_NSS_GETPROTOBYNAME = 0x0081,
+    SSS_NSS_GETPROTOBYNUM  = 0x0082,
+    SSS_NSS_SETPROTOENT    = 0x0083,
+    SSS_NSS_GETPROTOENT    = 0x0084,
+    SSS_NSS_ENDPROTOENT    = 0x0085,
+
+/* rpc */
+
+    SSS_NSS_GETRPCBYNAME   = 0x0091,
+    SSS_NSS_GETRPCBYNUM    = 0x0092,
+    SSS_NSS_SETRPCENT      = 0x0093,
+    SSS_NSS_GETRPCENT      = 0x0094,
+    SSS_NSS_ENDRPCENT      = 0x0095,
+
+/* services */
+
+    SSS_NSS_GETSERVBYNAME  = 0x00A1,
+    SSS_NSS_GETSERVBYPORT  = 0x00A2,
+    SSS_NSS_SETSERVENT     = 0x00A3,
+    SSS_NSS_GETSERVENT     = 0x00A4,
+    SSS_NSS_ENDSERVENT     = 0x00A5,
+
+/* shadow */
+
+    SSS_NSS_GETSPNAM       = 0x00B1,
+    SSS_NSS_GETSPUID       = 0x00B2,
+    SSS_NSS_SETSPENT       = 0x00B3,
+    SSS_NSS_GETSPENT       = 0x00B4,
+    SSS_NSS_ENDSPENT       = 0x00B5,
+#endif
+
+/* PAM related calls */
+    SSS_PAM_AUTHENTICATE     = 0x00F1,
+    SSS_PAM_SETCRED          = 0x00F2,
+    SSS_PAM_ACCT_MGMT        = 0x00F3,
+    SSS_PAM_OPEN_SESSION     = 0x00F4,
+    SSS_PAM_CLOSE_SESSION    = 0x00F5,
+    SSS_PAM_CHAUTHTOK        = 0x00F6,
+    SSS_PAM_CHAUTHTOK_PRELIM = 0x00F6,
+
+};
+
+enum sss_authtok_type {
+    SSS_AUTHTOK_TYPE_EMPTY    =  0x0000,
+    SSS_AUTHTOK_TYPE_PASSWORD =  0x0001,
+};
+
+#define END_OF_PAM_REQUEST 0x4950414d
+
+#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4)
+
+/* this is in milliseconds, wait up to 300 seconds */
+#define SSS_CLI_SOCKET_TIMEOUT 300000
+
+#endif /* __RESPONDER_H__ */
diff --git a/server/providers/data_provider_be.c b/server/providers/data_provider_be.c
index c9faff9..dacdd08 100644
--- a/server/providers/data_provider_be.c
+++ b/server/providers/data_provider_be.c
@@ -45,7 +45,7 @@
 #include "providers/dp_sbus.h"
 #include "monitor/monitor_sbus.h"
 #include "monitor/monitor_interfaces.h"
-#include "../sss_client/sss_cli.h"
+#include "sss/responder.h"
 
 typedef int (*be_init_fn_t)(TALLOC_CTX *, struct be_mod_ops **, void **);
 
diff --git a/server/providers/ldap_be.c b/server/providers/ldap_be.c
index 8967732..ef1c2df 100644
--- a/server/providers/ldap_be.c
+++ b/server/providers/ldap_be.c
@@ -38,7 +38,7 @@
 #include "util/util.h"
 #include "providers/dp_backend.h"
 #include "db/sysdb.h"
-#include "../sss_client/sss_cli.h"
+#include "sss/responder.h"
 
 struct ldap_ctx {
     char *ldap_uri;
diff --git a/server/providers/proxy.c b/server/providers/proxy.c
index 30f5f5c..a49422f 100644
--- a/server/providers/proxy.c
+++ b/server/providers/proxy.c
@@ -31,7 +31,7 @@
 #include "util/util.h"
 #include "providers/dp_backend.h"
 #include "db/sysdb.h"
-#include "../sss_client/sss_cli.h"
+#include "sss/responder.h"
 
 struct proxy_nss_ops {
     enum nss_status (*getpwnam_r)(const char *name, struct passwd *result,
diff --git a/server/responder/common/responder_cmd.h b/server/responder/common/responder_cmd.h
index e02d5f2..153ca12 100644
--- a/server/responder/common/responder_cmd.h
+++ b/server/responder/common/responder_cmd.h
@@ -27,7 +27,7 @@
 #include "talloc.h"
 #include "tevent.h"
 #include "ldb.h"
-#include "../sss_client/sss_cli.h"
+#include "sss/responder.h"
 
 /* needed until nsssrv.h is updated */
 #ifndef __NSSSRV_H__
@@ -48,8 +48,8 @@ struct nss_ctx {
     int priv_lfd;
     struct sysdb_ctx *sysdb;
     struct confdb_ctx *cdb;
-    char *sock_name;
-    char *priv_sock_name;
+    const char *sock_name;
+    const char *priv_sock_name;
     struct service_sbus_ctx *ss_ctx;
     struct service_sbus_ctx *dp_ctx;
     struct btreemap *domain_map;
diff --git a/server/responder/common/responder_common.c b/server/responder/common/responder_common.c
index 490f4e6..ff94ab1 100644
--- a/server/responder/common/responder_common.c
+++ b/server/responder/common/responder_common.c
@@ -329,9 +329,11 @@ static int sss_sbus_init(struct nss_ctx *nctx)
 static int set_unix_socket(struct nss_ctx *nctx)
 {
     struct sockaddr_un addr;
+
+/* for future use */
+#if 0
     char *default_pipe;
     int ret;
-
     default_pipe = talloc_asprintf(nctx, "%s/%s", PIPE_PATH,
                                    nctx->sss_pipe_name);
     if (!default_pipe) {
@@ -361,74 +363,79 @@ static int set_unix_socket(struct nss_ctx *nctx)
         return ret;
     }
     talloc_free(default_pipe);
+#endif
 
-    nctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (nctx->lfd == -1) {
-        return EIO;
-    }
+    if (nctx->sock_name != NULL ) {
+        nctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (nctx->lfd == -1) {
+            return EIO;
+        }
 
-    nctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0);
-    if (nctx->priv_lfd == -1) {
-        close(nctx->lfd);
-        return EIO;
-    }
+        /* Set the umask so that permissions are set right on the socket.
+         * It must be readable and writable by anybody on the system. */
+        umask(0111);
 
-    /* Set the umask so that permissions are set right on the socket.
-     * It must be readable and writable by anybody on the system. */
-    umask(0111);
+        set_nonblocking(nctx->lfd);
+        set_close_on_exec(nctx->lfd);
 
-    set_nonblocking(nctx->lfd);
-    set_close_on_exec(nctx->lfd);
+        memset(&addr, 0, sizeof(addr));
+        addr.sun_family = AF_UNIX;
+        strncpy(addr.sun_path, nctx->sock_name, sizeof(addr.sun_path));
 
-    memset(&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    strncpy(addr.sun_path, nctx->sock_name, sizeof(addr.sun_path));
+        /* make sure we have no old sockets around */
+        unlink(nctx->sock_name);
 
-    /* make sure we have no old sockets around */
-    unlink(nctx->sock_name);
+        if (bind(nctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+            DEBUG(0,("Unable to bind on socket '%s'\n", nctx->sock_name));
+            goto failed;
+        }
+        if (listen(nctx->lfd, 10) != 0) {
+            DEBUG(0,("Unable to listen on socket '%s'\n", nctx->sock_name));
+            goto failed;
+        }
 
-    if (bind(nctx->lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
-        DEBUG(0,("Unable to bind on socket '%s'\n", nctx->sock_name));
-        goto failed;
-    }
-    if (listen(nctx->lfd, 10) != 0) {
-        DEBUG(0,("Unable to listen on socket '%s'\n", nctx->sock_name));
-        goto failed;
+        nctx->lfde = tevent_add_fd(nctx->ev, nctx, nctx->lfd,
+                                   TEVENT_FD_READ, accept_fd_handler, nctx);
+        if (!nctx->lfde) {
+            DEBUG(0, ("Failed to queue handler on pipe\n"));
+            goto failed;
+        }
     }
 
-    /* create privileged pipe */
-    umask(0177);
+    if (nctx->priv_sock_name != NULL ) {
+        /* create privileged pipe */
+        nctx->priv_lfd = socket(AF_UNIX, SOCK_STREAM, 0);
+        if (nctx->priv_lfd == -1) {
+            close(nctx->lfd);
+            return EIO;
+        }
 
-    set_nonblocking(nctx->priv_lfd);
-    set_close_on_exec(nctx->priv_lfd);
+        umask(0177);
 
-    memset(&addr, 0, sizeof(addr));
-    addr.sun_family = AF_UNIX;
-    strncpy(addr.sun_path, nctx->priv_sock_name, sizeof(addr.sun_path));
+        set_nonblocking(nctx->priv_lfd);
+        set_close_on_exec(nctx->priv_lfd);
 
-    unlink(nctx->priv_sock_name);
+        memset(&addr, 0, sizeof(addr));
+        addr.sun_family = AF_UNIX;
+        strncpy(addr.sun_path, nctx->priv_sock_name, sizeof(addr.sun_path));
 
-    if (bind(nctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
-        DEBUG(0,("Unable to bind on socket '%s'\n", nctx->priv_sock_name));
-        goto failed;
-    }
-    if (listen(nctx->priv_lfd, 10) != 0) {
-        DEBUG(0,("Unable to listen on socket '%s'\n", nctx->priv_sock_name));
-        goto failed;
-    }
+        unlink(nctx->priv_sock_name);
 
-    nctx->lfde = tevent_add_fd(nctx->ev, nctx, nctx->lfd,
-                               TEVENT_FD_READ, accept_fd_handler, nctx);
-    if (!nctx->lfde) {
-        DEBUG(0, ("Failed to queue handler on pipe\n"));
-        goto failed;
-    }
+        if (bind(nctx->priv_lfd, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
+            DEBUG(0,("Unable to bind on socket '%s'\n", nctx->priv_sock_name));
+            goto failed;
+        }
+        if (listen(nctx->priv_lfd, 10) != 0) {
+            DEBUG(0,("Unable to listen on socket '%s'\n", nctx->priv_sock_name));
+            goto failed;
+        }
 
-    nctx->priv_lfde = tevent_add_fd(nctx->ev, nctx, nctx->priv_lfd,
-                               TEVENT_FD_READ, accept_priv_fd_handler, nctx);
-    if (!nctx->priv_lfde) {
-        DEBUG(0, ("Failed to queue handler on privileged pipe\n"));
-        goto failed;
+        nctx->priv_lfde = tevent_add_fd(nctx->ev, nctx, nctx->priv_lfd,
+                                   TEVENT_FD_READ, accept_priv_fd_handler, nctx);
+        if (!nctx->priv_lfde) {
+            DEBUG(0, ("Failed to queue handler on privileged pipe\n"));
+            goto failed;
+        }
     }
 
     /* we want default permissions on created files to be very strict,
@@ -488,6 +495,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
                      struct sbus_method sss_sbus_methods[],
                      struct sss_cmd_table sss_cmds[],
                      const char *sss_pipe_name,
+                     const char *sss_priv_pipe_name,
                      const char *confdb_socket_path,
                      struct sbus_method dp_methods[])
 {
@@ -503,7 +511,8 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
     nctx->cdb = cdb;
     nctx->sss_sbus_methods = sss_sbus_methods;
     nctx->sss_cmds = sss_cmds;
-    nctx->sss_pipe_name = sss_pipe_name;
+    nctx->sock_name = sss_pipe_name;
+    nctx->priv_sock_name = sss_priv_pipe_name;
     nctx->confdb_socket_path = confdb_socket_path;
     nctx->dp_methods = dp_methods;
 
diff --git a/server/responder/common/responder_common.h b/server/responder/common/responder_common.h
index 3818070..0a5b627 100644
--- a/server/responder/common/responder_common.h
+++ b/server/responder/common/responder_common.h
@@ -15,6 +15,7 @@ int sss_process_init(TALLOC_CTX *mem_ctx,
                      struct sbus_method sss_sbus_methods[],
                      struct sss_cmd_table sss_cmds[],
                      const char *sss_pipe_name,
+                     const char *sss_priv_pipe_name,
                      const char *confdb_socket_path,
                      struct sbus_method dp_methods[]);
 
diff --git a/server/responder/common/responder_packet.h b/server/responder/common/responder_packet.h
index 5dc8b01..44a257e 100644
--- a/server/responder/common/responder_packet.h
+++ b/server/responder/common/responder_packet.h
@@ -22,7 +22,7 @@
 #ifndef __SSSSRV_PACKET_H__
 #define __SSSSRV_PACKET_H__
 
-#include "../sss_client/sss_cli.h"
+#include "sss/responder.h"
 
 #define SSS_PACKET_MAX_RECV_SIZE 1024
 
diff --git a/server/responder/nss/nsssrv.c b/server/responder/nss/nsssrv.c
index 248b8a1..2bdb59c 100644
--- a/server/responder/nss/nsssrv.c
+++ b/server/responder/nss/nsssrv.c
@@ -42,6 +42,7 @@
 #include "monitor/monitor_sbus.h"
 #include "monitor/monitor_interfaces.h"
 #include "sbus/sbus_client.h"
+#include "sss/responder.h"
 
 #define SSS_NSS_PIPE_NAME "nss"
 
@@ -330,9 +331,11 @@ static int nss_sbus_init(struct nss_ctx *nctx)
 static int set_unix_socket(struct nss_ctx *nctx)
 {
     struct sockaddr_un addr;
+
+/* for future use */
+#if 0
     char *default_pipe;
     int ret;
-
     default_pipe = talloc_asprintf(nctx, "%s/%s", PIPE_PATH, SSS_NSS_PIPE_NAME);
     if (!default_pipe) {
         return ENOMEM;
@@ -346,6 +349,8 @@ static int set_unix_socket(struct nss_ctx *nctx)
         return ret;
     }
     talloc_free(default_pipe);
+#endif
+    nctx->sock_name = NSS_RESPONDER_PIPE_NAME;
 
     nctx->lfd = socket(AF_UNIX, SOCK_STREAM, 0);
     if (nctx->lfd == -1) {
diff --git a/server/responder/nss/nsssrv.h b/server/responder/nss/nsssrv.h
index b1f1ff7..24cb9ad 100644
--- a/server/responder/nss/nsssrv.h
+++ b/server/responder/nss/nsssrv.h
@@ -28,7 +28,7 @@
 #include "talloc.h"
 #include "tevent.h"
 #include "ldb.h"
-#include "../sss_client/sss_cli.h"
+#include "sss/responder.h"
 #include "dbus/dbus.h"
 #include "sbus/sssd_dbus.h"
 #include "responder/common/responder_cmd.h"
@@ -57,7 +57,7 @@ struct nss_ctx {
     int lfd;
     struct sysdb_ctx *sysdb;
     struct confdb_ctx *cdb;
-    char *sock_name;
+    const char *sock_name;
     struct service_sbus_ctx *ss_ctx;
     struct service_sbus_ctx *dp_ctx;
     struct btreemap *domain_map;
diff --git a/server/responder/pam/pamsrv.c b/server/responder/pam/pamsrv.c
index b6593bc..2dff398 100644
--- a/server/responder/pam/pamsrv.c
+++ b/server/responder/pam/pamsrv.c
@@ -44,8 +44,8 @@
 #include "monitor/monitor_interfaces.h"
 #include "sbus/sbus_client.h"
 #include "responder/pam/pamsrv.h"
+#include "sss/responder.h"
 
-#define SSS_PAM_PIPE_NAME "pam"
 #define PAM_SBUS_SERVICE_VERSION 0x0001
 #define PAM_SBUS_SERVICE_NAME "pam"
 #define CONFDB_SOCKET_PATH "config/services/pam"
@@ -158,7 +158,8 @@ int main(int argc, const char *argv[])
                            main_ctx->confdb_ctx,
                            sss_sbus_methods,
                            sss_cmds,
-                           SSS_PAM_PIPE_NAME,
+                           PAM_RESPONDER_PIPE_NAME,
+                           PRIVATE_PAM_RESPONDER_PIPE_NAME,
                            CONFDB_SOCKET_PATH,
                            pam_dp_methods);
     if (ret != EOK) return 3;
diff --git a/sss_client/Makefile.in b/sss_client/Makefile.in
index 135c8f1..56a14cd 100644
--- a/sss_client/Makefile.in
+++ b/sss_client/Makefile.in
@@ -23,6 +23,8 @@ PICFLAG = @PICFLAG@
 SHLIBEXT = @SHLIBEXT@
 LIB_PATH_VAR = @LIB_PATH_VAR@
 
+SSSD_PATH = @SSSD_PATH@
+
 NSS_SSS_SOLIB = libnss_sss.$(SHLIBEXT).$(PACKAGE_VERSION)
 NSS_SSS_SONAME = libnss_sss.$(SHLIBEXT).2
 
@@ -36,6 +38,8 @@ PAM_CFLAGS = -DDEBUG -g -Wall -Werror
 PAM_CLIENT = pam_test_client
 PAM_CLIENT_OBJS = pam_test_client.o
 
+CFLAGS += -I$(SSSD_PATH)/include
+
 default: all
 
 showflags:
diff --git a/sss_client/common.c b/sss_client/common.c
index d0fb011..c2be69d 100644
--- a/sss_client/common.c
+++ b/sss_client/common.c
@@ -37,6 +37,7 @@
 #include <fcntl.h>
 #include <poll.h>
 #include "sss_cli.h"
+#include "sss/responder.h"
 
 /* common functions */
 
@@ -580,7 +581,7 @@ enum nss_status sss_nss_make_request(enum sss_cli_command cmd,
         return NSS_STATUS_NOTFOUND;
     }
 
-    ret = sss_cli_check_socket(errnop, SSS_NSS_SOCKET_NAME);
+    ret = sss_cli_check_socket(errnop, NSS_RESPONDER_PIPE_NAME);
     if (ret != SSS_STATUS_SUCCESS) {
         return NSS_STATUS_UNAVAIL;
     }
@@ -605,7 +606,7 @@ int sss_pam_make_request(enum sss_cli_command cmd,
 
     /* only root shall use the privileged pipe */
     if (getuid() == 0 && getgid() == 0) {
-        ret = stat(SSS_PAM_PRIV_SOCKET_NAME, &stat_buf);
+        ret = stat(PRIVATE_PAM_RESPONDER_PIPE_NAME, &stat_buf);
         if (ret != 0) return PAM_SERVICE_ERR;
         if ( ! (stat_buf.st_uid == 0 &&
                 stat_buf.st_gid == 0 &&
@@ -613,9 +614,9 @@ int sss_pam_make_request(enum sss_cli_command cmd,
             return PAM_SERVICE_ERR;
         }
 
-        ret = sss_cli_check_socket(errnop, SSS_PAM_PRIV_SOCKET_NAME);
+        ret = sss_cli_check_socket(errnop, PRIVATE_PAM_RESPONDER_PIPE_NAME);
     } else {
-        ret = sss_cli_check_socket(errnop, SSS_PAM_SOCKET_NAME);
+        ret = sss_cli_check_socket(errnop, PAM_RESPONDER_PIPE_NAME);
     }
     if (ret != NSS_STATUS_SUCCESS) {
         return PAM_SERVICE_ERR;
diff --git a/sss_client/configure.ac b/sss_client/configure.ac
index 9bd4f1f..c03319c 100644
--- a/sss_client/configure.ac
+++ b/sss_client/configure.ac
@@ -10,4 +10,8 @@ AC_LIBREPLACE_SHLD
 AC_LIBREPLACE_SHLD_FLAGS
 AC_LIBREPLACE_RUNTIME_LIB_PATH_VAR
 
+SSSD_PATH=../server
+AC_SUBST(SSSD_PATH)
+
+
 AC_OUTPUT(Makefile)
diff --git a/sss_client/sss_cli.h b/sss_client/sss_cli.h
index 1e19e5e..a83c6d7 100644
--- a/sss_client/sss_cli.h
+++ b/sss_client/sss_cli.h
@@ -15,140 +15,16 @@
 #include <pwd.h>
 #include <grp.h>
 
-/* SELinux will have a better way to regulate access if they are seprate
- * Also a change in one of the pipes will not affect the others */
-#define SSS_NSS_SOCKET_NAME "/var/lib/sss/pipes/nss"
-#define SSS_PAM_SOCKET_NAME "/var/lib/sss/pipes/pam"
-#define SSS_PAM_PRIV_SOCKET_NAME "/var/lib/sss/pipes/private/pam"
+#include "sss/responder.h"
 
-#define SSS_PROTOCOL_VERSION 0
 
-enum sss_cli_command {
-/* null */
-    SSS_CLI_NULL           = 0x0000,
-
-/* version */
-    SSS_GET_VERSION    = 0x0001,
-
-/* passwd */
-
-    SSS_NSS_GETPWNAM       = 0x0011,
-    SSS_NSS_GETPWUID       = 0x0012,
-    SSS_NSS_SETPWENT       = 0x0013,
-    SSS_NSS_GETPWENT       = 0x0014,
-    SSS_NSS_ENDPWENT       = 0x0015,
-
-/* group */
-
-    SSS_NSS_GETGRNAM       = 0x0021,
-    SSS_NSS_GETGRGID       = 0x0022,
-    SSS_NSS_SETGRENT       = 0x0023,
-    SSS_NSS_GETGRENT       = 0x0024,
-    SSS_NSS_ENDGRENT       = 0x0025,
-    SSS_NSS_INITGR         = 0x0026,
-
-#if 0
-/* aliases */
-
-    SSS_NSS_GETALIASBYNAME = 0x0031,
-    SSS_NSS_GETALIASBYPORT = 0x0032,
-    SSS_NSS_SETALIASENT    = 0x0033,
-    SSS_NSS_GETALIASENT    = 0x0034,
-    SSS_NSS_ENDALIASENT    = 0x0035,
-
-/* ethers */
-
-    SSS_NSS_GETHOSTTON     = 0x0041,
-    SSS_NSS_GETNTOHOST     = 0x0042,
-    SSS_NSS_SETETHERENT    = 0x0043,
-    SSS_NSS_GETETHERENT    = 0x0044,
-    SSS_NSS_ENDETHERENT    = 0x0045,
-
-/* hosts */
-
-    SSS_NSS_GETHOSTBYNAME  = 0x0051,
-    SSS_NSS_GETHOSTBYNAME2 = 0x0052,
-    SSS_NSS_GETHOSTBYADDR  = 0x0053,
-    SSS_NSS_SETHOSTENT     = 0x0054,
-    SSS_NSS_GETHOSTENT     = 0x0055,
-    SSS_NSS_ENDHOSTENT     = 0x0056,
-
-/* netgroup */
-
-    SSS_NSS_SETNETGRENT    = 0x0061,
-    SSS_NSS_GETNETGRENT    = 0x0062,
-    SSS_NSS_ENDNETGRENT    = 0x0063,
-    /* SSS_NSS_INNETGR     = 0x0064, */
-
-/* networks */
-
-    SSS_NSS_GETNETBYNAME   = 0x0071,
-    SSS_NSS_GETNETBYADDR   = 0x0072,
-    SSS_NSS_SETNETENT      = 0x0073,
-    SSS_NSS_GETNETENT      = 0x0074,
-    SSS_NSS_ENDNETENT      = 0x0075,
-
-/* protocols */
-
-    SSS_NSS_GETPROTOBYNAME = 0x0081,
-    SSS_NSS_GETPROTOBYNUM  = 0x0082,
-    SSS_NSS_SETPROTOENT    = 0x0083,
-    SSS_NSS_GETPROTOENT    = 0x0084,
-    SSS_NSS_ENDPROTOENT    = 0x0085,
-
-/* rpc */
-
-    SSS_NSS_GETRPCBYNAME   = 0x0091,
-    SSS_NSS_GETRPCBYNUM    = 0x0092,
-    SSS_NSS_SETRPCENT      = 0x0093,
-    SSS_NSS_GETRPCENT      = 0x0094,
-    SSS_NSS_ENDRPCENT      = 0x0095,
-
-/* services */
-
-    SSS_NSS_GETSERVBYNAME  = 0x00A1,
-    SSS_NSS_GETSERVBYPORT  = 0x00A2,
-    SSS_NSS_SETSERVENT     = 0x00A3,
-    SSS_NSS_GETSERVENT     = 0x00A4,
-    SSS_NSS_ENDSERVENT     = 0x00A5,
-
-/* shadow */
-
-    SSS_NSS_GETSPNAM       = 0x00B1,
-    SSS_NSS_GETSPUID       = 0x00B2,
-    SSS_NSS_SETSPENT       = 0x00B3,
-    SSS_NSS_GETSPENT       = 0x00B4,
-    SSS_NSS_ENDSPENT       = 0x00B5,
-#endif
-
-/* PAM related calls */
-    SSS_PAM_AUTHENTICATE     = 0x00F1,
-    SSS_PAM_SETCRED          = 0x00F2,
-    SSS_PAM_ACCT_MGMT        = 0x00F3,
-    SSS_PAM_OPEN_SESSION     = 0x00F4,
-    SSS_PAM_CLOSE_SESSION    = 0x00F5,
-    SSS_PAM_CHAUTHTOK        = 0x00F6,
-    SSS_PAM_CHAUTHTOK_PRELIM = 0x00F6,
-
-};
-
-enum sss_authtok_type {
-    SSS_AUTHTOK_TYPE_EMPTY    =  0x0000,
-    SSS_AUTHTOK_TYPE_PASSWORD =  0x0001,
-};
-
-#define END_OF_PAM_REQUEST 0x4950414d
 
 #define SSS_NSS_MAX_ENTRIES 256
-#define SSS_NSS_HEADER_SIZE (sizeof(uint32_t) * 4)
 struct sss_cli_req_data {
     size_t len;
     const void *data;
 };
 
-/* this is in milliseconds, wait up to 300 seconds */
-#define SSS_CLI_SOCKET_TIMEOUT 300000
-
 enum sss_status {
     SSS_STATUS_UNAVAIL,
     SSS_STATUS_SUCCESS
-- 
1.6.0.6


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]