sssd  2.2.3
About: SSSD provides a set of daemons to manage access to remote directories and authentication mechanisms such as LDAP, Kerberos or FreeIPA. It provides also an NSS and PAM interface toward the system.
  Fossies Dox: sssd-2.2.3.tar.gz  ("unofficial" and yet experimental doxygen-generated source code documentation)  

util.h
Go to the documentation of this file.
1 /*
2  Authors:
3  Simo Sorce <ssorce@redhat.com>
4 
5  Copyright (C) 2009 Red Hat
6 
7  This program is free software; you can redistribute it and/or modify
8  it under the terms of the GNU General Public License as published by
9  the Free Software Foundation; either version 3 of the License, or
10  (at your option) any later version.
11 
12  This program is distributed in the hope that it will be useful,
13  but WITHOUT ANY WARRANTY; without even the implied warranty of
14  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15  GNU General Public License for more details.
16 
17  You should have received a copy of the GNU General Public License
18  along with this program. If not, see <http://www.gnu.org/licenses/>.
19 */
20 
21 #ifndef __SSSD_UTIL_H__
22 #define __SSSD_UTIL_H__
23 
24 #include "config.h"
25 #include <stdio.h>
26 #include <stdint.h>
27 #include <stdbool.h>
28 #include <libintl.h>
29 #include <locale.h>
30 #include <time.h>
31 #include <sys/types.h>
32 #include <sys/stat.h>
33 #include <netinet/in.h>
34 
35 #include <talloc.h>
36 #include <tevent.h>
37 #include <ldb.h>
38 #include <dhash.h>
39 
40 #include "confdb/confdb.h"
41 #include "shared/io.h"
42 #include "shared/safealign.h"
43 #include "util/atomic_io.h"
44 #include "util/util_errors.h"
45 #include "util/sss_format.h"
46 #include "util/sss_regexp.h"
47 #include "util/debug.h"
48 
49 /* name of the monitor server instance */
50 #define SSSD_MONITOR_NAME "sssd"
51 #define SSSD_PIDFILE PID_PATH"/"SSSD_MONITOR_NAME".pid"
52 #define MAX_PID_LENGTH 10
53 
54 #define _(STRING) gettext (STRING)
55 
56 #define ENUM_INDICATOR "*"
57 
58 #define CLEAR_MC_FLAG "clear_mc_flag"
59 
61 #define SSS_DFL_UMASK 0177
62 
64 #define SSS_DFL_X_UMASK 0077
65 
66 #ifndef NULL
67 #define NULL 0
68 #endif
69 
70 #ifndef MIN
71 #define MIN(a, b) (((a) < (b)) ? (a) : (b))
72 #endif
73 
74 #ifndef MAX
75 #define MAX(a, b) (((a) > (b)) ? (a) : (b))
76 #endif
77 
78 #define SSSD_MAIN_OPTS SSSD_DEBUG_OPTS
79 
80 #define SSSD_SERVER_OPTS(uid, gid) \
81  {"uid", 0, POPT_ARG_INT, &uid, 0, \
82  _("The user ID to run the server as"), NULL}, \
83  {"gid", 0, POPT_ARG_INT, &gid, 0, \
84  _("The group ID to run the server as"), NULL},
85 
86 extern int socket_activated;
87 extern int dbus_activated;
88 
89 #ifdef HAVE_SYSTEMD
90 #define SSSD_RESPONDER_OPTS \
91  { "socket-activated", 0, POPT_ARG_NONE, &socket_activated, 0, \
92  _("Informs that the responder has been socket-activated"), NULL }, \
93  { "dbus-activated", 0, POPT_ARG_NONE, &dbus_activated, 0, \
94  _("Informs that the responder has been dbus-activated"), NULL },
95 #else
96 #define SSSD_RESPONDER_OPTS
97 #endif
98 
99 #define FLAGS_NONE 0x0000
100 #define FLAGS_DAEMON 0x0001
101 #define FLAGS_INTERACTIVE 0x0002
102 #define FLAGS_PID_FILE 0x0004
103 #define FLAGS_GEN_CONF 0x0008
104 #define FLAGS_NO_WATCHDOG 0x0010
105 
106 #define PIPE_INIT { -1, -1 }
107 
108 #define PIPE_FD_CLOSE(fd) do { \
109  if (fd != -1) { \
110  close(fd); \
111  fd = -1; \
112  } \
113 } while(0);
114 
115 #define PIPE_CLOSE(p) do { \
116  PIPE_FD_CLOSE(p[0]); \
117  PIPE_FD_CLOSE(p[1]); \
118 } while(0);
119 
120 #ifndef talloc_zfree
121 #define talloc_zfree(ptr) do { talloc_free(discard_const(ptr)); ptr = NULL; } while(0)
122 #endif
123 
124 #ifndef discard_const_p
125 #if defined(__intptr_t_defined) || defined(HAVE_INTPTR_T)
126 # define discard_const_p(type, ptr) ((type *)((intptr_t)(ptr)))
127 #else
128 # define discard_const_p(type, ptr) ((type *)(ptr))
129 #endif
130 #endif
131 
132 #define TEVENT_REQ_RETURN_ON_ERROR(req) do { \
133  enum tevent_req_state TRROEstate; \
134  uint64_t TRROEuint64; \
135  errno_t TRROEerr; \
136  \
137  if (tevent_req_is_error(req, &TRROEstate, &TRROEuint64)) { \
138  TRROEerr = (errno_t)TRROEuint64; \
139  if (TRROEstate == TEVENT_REQ_USER_ERROR) { \
140  if (TRROEerr == 0) { \
141  return ERR_INTERNAL; \
142  } \
143  return TRROEerr; \
144  } \
145  return ERR_INTERNAL; \
146  } \
147 } while (0)
148 
149 #define OUT_OF_ID_RANGE(id, min, max) \
150  (id == 0 || (min && (id < min)) || (max && (id > max)))
151 
152 #include "util/dlinklist.h"
153 
154 /* From debug.c */
155 void ldb_debug_messages(void *context, enum ldb_debug_level level,
156  const char *fmt, va_list ap);
157 int chown_debug_file(const char *filename, uid_t uid, gid_t gid);
158 int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec);
159 int open_debug_file(void);
160 int rotate_debug_files(void);
161 void talloc_log_fn(const char *msg);
162 
163 /* From sss_log.c */
164 #define SSS_LOG_EMERG 0 /* system is unusable */
165 #define SSS_LOG_ALERT 1 /* action must be taken immediately */
166 #define SSS_LOG_CRIT 2 /* critical conditions */
167 #define SSS_LOG_ERR 3 /* error conditions */
168 #define SSS_LOG_WARNING 4 /* warning conditions */
169 #define SSS_LOG_NOTICE 5 /* normal but significant condition */
170 #define SSS_LOG_INFO 6 /* informational */
171 #define SSS_LOG_DEBUG 7 /* debug-level messages */
172 
173 void sss_log(int priority, const char *format, ...) SSS_ATTRIBUTE_PRINTF(2, 3);
174 void sss_log_ext(int priority, int facility, const char *format, ...) SSS_ATTRIBUTE_PRINTF(3, 4);
175 
176 /* from server.c */
177 struct main_context {
178  struct tevent_context *event_ctx;
180  pid_t parent_pid;
181 };
182 
184  const char *conf_entry);
185 int die_if_parent_died(void);
186 int pidfile(const char *file);
187 int server_setup(const char *name, int flags,
188  uid_t uid, gid_t gid,
189  const char *conf_entry,
190  struct main_context **main_ctx);
191 void server_loop(struct main_context *main_ctx);
192 void orderly_shutdown(int status);
193 
194 /* from signal.c */
195 void BlockSignals(bool block, int signum);
196 void (*CatchSignal(int signum,void (*handler)(int )))(int);
197 
198 /* from memory.c */
199 typedef int (void_destructor_fn_t)(void *);
200 /* sssd_mem_attach
201  * This function will take a non-talloc pointer and "attach" it to a talloc
202  * memory context. It will accept a destructor for the original pointer
203  * so that when the parent memory context is freed, the non-talloc
204  * pointer will also be freed properly.
205  * Returns EOK in case of success.
206  */
207 int sss_mem_attach(TALLOC_CTX *mem_ctx, void *ptr, void_destructor_fn_t *fn);
208 
209 /* sss_erase_talloc_mem_securely() function always returns 0 as an int value
210  * to make it possible to use it as talloc destructor.
211  */
212 int sss_erase_talloc_mem_securely(void *p);
213 void sss_erase_mem_securely(void *p, size_t size);
214 
215 /* from usertools.c */
216 char *get_uppercase_realm(TALLOC_CTX *memctx, const char *name);
217 
219  char *re_pattern;
220  char *fq_fmt;
221 
223 };
224 
225 /* initialize sss_names_ctx directly from arguments */
226 int sss_names_init_from_args(TALLOC_CTX *mem_ctx,
227  const char *re_pattern,
228  const char *fq_fmt,
229  struct sss_names_ctx **out);
230 
231 /* initialize sss_names_ctx from domain configuration */
232 int sss_names_init(TALLOC_CTX *mem_ctx,
233  struct confdb_ctx *cdb,
234  const char *domain,
235  struct sss_names_ctx **out);
236 
237 int sss_ad_default_names_ctx(TALLOC_CTX *mem_ctx,
238  struct sss_names_ctx **_out);
239 
240 int sss_parse_name(TALLOC_CTX *memctx,
241  struct sss_names_ctx *snctx,
242  const char *orig, char **_domain, char **_name);
243 
244 int sss_parse_name_for_domains(TALLOC_CTX *memctx,
245  struct sss_domain_info *domains,
246  const char *default_domain,
247  const char *orig, char **domain, char **name);
248 
249 char *
250 sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name,
251  bool case_sensitive);
252 
253 errno_t
254 sss_get_cased_name_list(TALLOC_CTX *mem_ctx, const char * const *orig,
255  bool case_sensitive, const char ***_cased);
256 
257 /* Return fully-qualified name according to the fq_fmt. The name is allocated using
258  * talloc on top of mem_ctx
259  */
260 char *
261 sss_tc_fqname(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx,
262  struct sss_domain_info *domain, const char *name);
263 
264 /* Return fully-qualified name according to the fq_fmt. The name is allocated using
265  * talloc on top of mem_ctx. In contrast to sss_tc_fqname() sss_tc_fqname2()
266  * expects the domain and flat domain name as separate arguments.
267  */
268 char *
269 sss_tc_fqname2(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx,
270  const char *dom_name, const char *flat_dom_name,
271  const char *name);
272 
273 /* Return fully-qualified name formatted according to the fq_fmt. The buffer in "str" is
274  * "size" bytes long. Returns the number of bytes written on success or a negative
275  * value of failure.
276  *
277  * Pass a zero size to calculate the length that would be needed by the fully-qualified
278  * name.
279  */
280 int
281 sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx,
282  struct sss_domain_info *domain, const char *name);
283 
284 
285 /* Accepts fqname in the format shortname@domname only. */
286 errno_t sss_parse_internal_fqname(TALLOC_CTX *mem_ctx,
287  const char *fqname,
288  char **_shortname,
289  char **_dom_name);
290 
291 /* Creates internal fqname in format shortname@domname.
292  * The domain portion is lowercased. */
293 char *sss_create_internal_fqname(TALLOC_CTX *mem_ctx,
294  const char *shortname,
295  const char *dom_name);
296 
297 /* Creates internal fqnames list in format shortname@domname.
298  * The domain portion is lowercased. */
299 char **sss_create_internal_fqname_list(TALLOC_CTX *mem_ctx,
300  const char * const *shortname_list,
301  const char *dom_name);
302 
303 /* Turn fqname into cased shortname with replaced space. */
304 char *sss_output_name(TALLOC_CTX *mem_ctx,
305  const char *fqname,
306  bool case_sensitive,
307  const char replace_space);
308 
309 int sss_output_fqname(TALLOC_CTX *mem_ctx,
310  struct sss_domain_info *domain,
311  const char *name,
312  char override_space,
313  char **_output_name);
314 
315 const char *sss_get_name_from_msg(struct sss_domain_info *domain,
316  struct ldb_message *msg);
317 
318 /* from backup-file.c */
319 int backup_file(const char *src, int dbglvl);
320 
321 /* check_file()
322  * Verify that a file has certain permissions and/or is of a certain
323  * file type. This function can be used to determine if a file is a
324  * symlink.
325  * Warning: use of this function implies a potential race condition
326  * Opening a file before or after checking it does NOT guarantee that
327  * it is still the same file. Additional checks should be performed
328  * on the caller_stat_buf to ensure that it has the same device and
329  * inode to minimize impact. Permission changes may have occurred,
330  * however.
331  */
332 errno_t check_file(const char *filename,
333  uid_t uid, gid_t gid, mode_t mode, mode_t mask,
334  struct stat *caller_stat_buf, bool follow_symlink);
335 
336 /* check_fd()
337  * Verify that an open file descriptor has certain permissions and/or
338  * is of a certain file type. This function CANNOT detect symlinks,
339  * as the file is already open and symlinks have been traversed. This
340  * is the safer way to perform file checks and should be preferred
341  * over check_file for nearly all situations.
342  */
343 errno_t check_fd(int fd, uid_t uid, gid_t gid,
344  mode_t mode, mode_t mask,
345  struct stat *caller_stat_buf);
346 
347 /* check_and_open_readonly()
348  * Utility function to open a file and verify that it has certain
349  * permissions and is of a certain file type. This function wraps
350  * check_fd(), and is considered race-condition safe.
351  */
352 errno_t check_and_open_readonly(const char *filename, int *fd,
353  uid_t uid, gid_t gid,
354  mode_t mode, mode_t mask);
355 
356 /* from util.c */
357 #define SSS_NO_LINKLOCAL 0x01
358 #define SSS_NO_LOOPBACK 0x02
359 #define SSS_NO_MULTICAST 0x04
360 #define SSS_NO_BROADCAST 0x08
361 
362 #define SSS_NO_SPECIAL \
363  (SSS_NO_LINKLOCAL|SSS_NO_LOOPBACK|SSS_NO_MULTICAST|SSS_NO_BROADCAST)
364 
365 /* These two functions accept addr in network order */
366 bool check_ipv4_addr(struct in_addr *addr, uint8_t check);
367 bool check_ipv6_addr(struct in6_addr *addr, uint8_t check);
368 
369 const char * const * get_known_services(void);
370 
371 errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid);
372 
373 int split_on_separator(TALLOC_CTX *mem_ctx, const char *str,
374  const char sep, bool trim, bool skip_empty,
375  char ***_list, int *size);
376 
377 char **parse_args(const char *str);
378 
379 errno_t sss_hash_create(TALLOC_CTX *mem_ctx,
380  unsigned long count,
381  hash_table_t **tbl);
382 
383 errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx,
384  unsigned long count,
385  hash_table_t **tbl,
386  unsigned int directory_bits,
387  unsigned int segment_bits,
388  unsigned long min_load_factor,
389  unsigned long max_load_factor,
390  hash_delete_callback *delete_callback,
391  void *delete_private_data);
392 
393 /* Returns true if sudoUser value is a username or a groupname */
394 bool is_user_or_group_name(const char *sudo_user_value);
395 
396 /* Returns true if the responder has been socket-activated */
397 bool is_socket_activated(void);
398 
399 /* Returns true if the responder has been dbus-activated */
400 bool is_dbus_activated(void);
401 
402 /* Returns true if SSSD was built with local provider support */
403 bool local_provider_is_built(void);
404 
420 errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2,
421  bool copy_strings, char ***_new_list);
422 
433 
434 /* Copy a NULL-terminated string list
435  * Returns NULL on out of memory error or invalid input
436  */
437 const char **dup_string_list(TALLOC_CTX *memctx, const char **str_list);
438 
439 /* Take two string lists (terminated on a NULL char*)
440  * and return up to three arrays of strings based on
441  * shared ownership.
442  *
443  * Pass NULL to any return type you don't care about
444  */
445 errno_t diff_string_lists(TALLOC_CTX *memctx,
446  char **string1,
447  char **string2,
448  char ***string1_only,
449  char ***string2_only,
450  char ***both_strings);
451 
452 /* Sanitize an input string (e.g. a username) for use in
453  * an LDAP/LDB filter
454  * Returns a newly-constructed string attached to mem_ctx
455  * It will fail only on an out of memory condition, where it
456  * will return ENOMEM.
457  */
458 errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx,
459  const char *input,
460  char **sanitized);
461 
462 errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx,
463  const char *input,
464  char **sanitized,
465  const char *ignore);
466 
467 errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx,
468  const char *input,
469  struct sss_domain_info *dom,
470  char **sanitized,
471  char **lc_sanitized);
472 
473 char *
474 sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr);
475 
476 /* This function only removes first and last
477  * character if the first character was '['.
478  *
479  * NOTE: This means, that ipv6addr must NOT be followed
480  * by port number.
481  */
482 errno_t
483 remove_ipv6_brackets(char *ipv6addr);
484 
485 
486 errno_t add_string_to_list(TALLOC_CTX *mem_ctx, const char *string,
487  char ***list_p);
488 
489 bool string_in_list(const char *string, char **list, bool case_sensitive);
490 
491 int domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn);
492 
493 bool is_host_in_domain(const char *host, const char *domain);
494 
495 /* This is simple wrapper around libc rand() intended to avoid calling srand()
496  * explicitly, thus *not* suitable to be used in security relevant context.
497  * If CS properties are desired (security relevant functionality/FIPS/etc) then
498  * use sss_crypto.h:sss_generate_csprng_buffer() instead!
499  */
500 int sss_rand(void);
501 
502 /* from nscd.c */
503 enum nscd_db {
506 };
507 
508 int flush_nscd_cache(enum nscd_db flush_db);
509 
510 errno_t sss_nscd_parse_conf(const char *conf_path);
511 
512 /* from sss_tc_utf8.c */
513 char *
514 sss_tc_utf8_str_tolower(TALLOC_CTX *mem_ctx, const char *s);
515 uint8_t *
516 sss_tc_utf8_tolower(TALLOC_CTX *mem_ctx, const uint8_t *s, size_t len, size_t *_nlen);
517 bool sss_string_equal(bool cs, const char *s1, const char *s2);
518 
519 /* len includes terminating '\0' */
520 struct sized_string {
521  const char *str;
522  size_t len;
523 };
524 
525 void to_sized_string(struct sized_string *out, const char *in);
526 
527 /* from domain_info.c */
528 struct sss_domain_info *get_domains_head(struct sss_domain_info *domain);
529 
530 #define SSS_GND_DESCEND 0x01
531 #define SSS_GND_INCLUDE_DISABLED 0x02
532 #define SSS_GND_ALL_DOMAINS (SSS_GND_DESCEND | SSS_GND_INCLUDE_DISABLED)
533 struct sss_domain_info *get_next_domain(struct sss_domain_info *domain,
534  uint32_t gnd_flags);
536  const char *name,
537  bool match_any);
539  const char *name,
540  bool match_any,
541  uint32_t gnd_flags);
542 struct sss_domain_info *find_domain_by_sid(struct sss_domain_info *domain,
543  const char *sid);
545 void sss_domain_set_state(struct sss_domain_info *dom,
546  enum sss_domain_state state);
548 const char *sss_domain_type_str(struct sss_domain_info *dom);
549 
550 struct sss_domain_info*
552  const char* sid);
553 
554 struct sss_domain_info *
556  const char *object_name);
557 
558 struct sss_domain_info *
560  const char *object_name, bool strict,
561  uint32_t gnd_flags);
562 
564  const char *sd_name);
565 
566 char *subdomain_create_conf_path_from_str(TALLOC_CTX *mem_ctx,
567  const char *parent_name,
568  const char *subdom_name);
569 char *subdomain_create_conf_path(TALLOC_CTX *mem_ctx,
570  struct sss_domain_info *subdomain);
571 
572 errno_t sssd_domain_init(TALLOC_CTX *mem_ctx,
573  struct confdb_ctx *cdb,
574  const char *domain_name,
575  const char *db_path,
576  struct sss_domain_info **_domain);
577 
579  bool output_fqname);
580 
582 
583 bool sss_domain_is_mpg(struct sss_domain_info *domain);
584 
587 enum sss_domain_mpg_mode str_to_domain_mpg_mode(const char *str_mpg_mode);
588 
589 #define IS_SUBDOMAIN(dom) ((dom)->parent != NULL)
590 
591 #define DOM_HAS_VIEWS(dom) ((dom)->has_views)
592 
593 /* the directory domain - realm mappings and other krb5 config snippers are
594  * written to */
595 #define KRB5_MAPPING_DIR PUBCONF_PATH"/krb5.include.d"
596 
597 errno_t sss_get_domain_mappings_content(TALLOC_CTX *mem_ctx,
598  struct sss_domain_info *domain,
599  char **content);
600 
602 
603 errno_t sss_write_krb5_conf_snippet(const char *path, bool canonicalize,
604  bool udp_limit);
605 
606 errno_t get_dom_names(TALLOC_CTX *mem_ctx,
607  struct sss_domain_info *start_dom,
608  char ***_dom_names,
609  int *_dom_names_count);
610 
611 /* Returns true if the provider used for the passed domain is the "files"
612  * one. Otherwise returns false. */
613 bool is_files_provider(struct sss_domain_info *domain);
614 
615 /* from util_lock.c */
616 errno_t sss_br_lock_file(int fd, size_t start, size_t len,
617  int num_tries, useconds_t wait);
618 
619 #ifdef HAVE_PAC_RESPONDER
620 #define BUILD_WITH_PAC_RESPONDER true
621 #else
622 #define BUILD_WITH_PAC_RESPONDER false
623 #endif
624 
625 /* from well_known_sids.c */
626 errno_t well_known_sid_to_name(const char *sid, const char **dom,
627  const char **name);
628 
629 errno_t name_to_well_known_sid(const char *dom, const char *name,
630  const char **sid);
631 
632 /* from string_utils.c */
633 char *sss_replace_char(TALLOC_CTX *mem_ctx,
634  const char *in,
635  const char match,
636  const char sub);
637 
638 char * sss_replace_space(TALLOC_CTX *mem_ctx,
639  const char *orig_name,
640  const char replace_char);
641 char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx,
642  const char *orig_name,
643  const char replace_char);
644 
645 #define GUID_BIN_LENGTH 16
646 /* 16 2-digit hex values + 4 dashes + terminating 0 */
647 #define GUID_STR_BUF_SIZE (2 * GUID_BIN_LENGTH + 4 + 1)
648 
649 errno_t guid_blob_to_string_buf(const uint8_t *blob, char *str_buf,
650  size_t buf_size);
651 
652 const char *get_last_x_chars(const char *str, size_t x);
653 
654 char **concatenate_string_array(TALLOC_CTX *mem_ctx,
655  char **arr1, size_t len1,
656  char **arr2, size_t len2);
657 
658 /* from become_user.c */
659 errno_t become_user(uid_t uid, gid_t gid);
660 struct sss_creds;
661 errno_t switch_creds(TALLOC_CTX *mem_ctx,
662  uid_t uid, gid_t gid,
663  int num_gids, gid_t *gids,
664  struct sss_creds **saved_creds);
665 errno_t restore_creds(struct sss_creds *saved_creds);
666 
667 /* from sss_semanage.c */
668 /* Please note that libsemange relies on files and directories created with
669  * certain permissions. Therefore the caller should make sure the umask is
670  * not too restricted (especially when called from the daemon code).
671  */
672 int sss_set_seuser(const char *login_name, const char *seuser_name,
673  const char *mlsrange);
674 int sss_del_seuser(const char *login_name);
675 int sss_get_seuser(const char *linuxuser,
676  char **selinuxuser,
677  char **level);
678 int sss_seuser_exists(const char *linuxuser);
679 
680 /* convert time from generalized form to unix time */
681 errno_t sss_utc_to_time_t(const char *str, const char *format, time_t *unix_time);
682 
683 /* Creates a unique file using mkstemp with provided umask. The template
684  * must end with XXXXXX. Returns the fd, sets _err to an errno value on error.
685  *
686  * Prefer using sss_unique_file() as it uses a secure umask internally.
687  */
688 int sss_unique_file_ex(TALLOC_CTX *mem_ctx,
689  char *path_tmpl,
690  mode_t file_umask,
691  errno_t *_err);
692 int sss_unique_file(TALLOC_CTX *owner,
693  char *path_tmpl,
694  errno_t *_err);
695 
696 /* Creates a unique filename using mkstemp with secure umask. The template
697  * must end with XXXXXX
698  *
699  * path_tmpl must be a talloc context. Destructor would be set on the filename
700  * so that it's guaranteed the file is removed.
701  */
702 int sss_unique_filename(TALLOC_CTX *owner, char *path_tmpl);
703 
704 /* from util_watchdog.c */
705 int setup_watchdog(struct tevent_context *ev, int interval);
706 void teardown_watchdog(void);
707 
708 /* from files.c */
709 int sss_remove_tree(const char *root);
710 int sss_remove_subtree(const char *root);
711 
712 int sss_copy_tree(const char *src_root,
713  const char *dst_root,
714  mode_t mode_root,
715  uid_t uid, gid_t gid);
716 
717 int sss_copy_file_secure(const char *src,
718  const char *dest,
719  mode_t mode,
720  uid_t uid, gid_t gid,
721  bool force);
722 
723 int sss_create_dir(const char *parent_dir_path,
724  const char *dir_name,
725  mode_t mode,
726  uid_t uid, gid_t gid);
727 
728 /* from selinux.c */
729 int selinux_file_context(const char *dst_name);
731 
732 /* from util_preauth.c */
734 
735 #ifdef SSSD_LIBEXEC_PATH
736 #define P11_CHILD_LOG_FILE "p11_child"
737 #define P11_CHILD_PATH SSSD_LIBEXEC_PATH"/p11_child"
738 #define P11_CHILD_TIMEOUT_DEFAULT 10
739 #define P11_WAIT_FOR_CARD_TIMEOUT_DEFAULT 60
740 #endif /* SSSD_LIBEXEC_PATH */
741 
742 #ifndef N_ELEMENTS
743 #define N_ELEMENTS(arr) (sizeof(arr) / sizeof(arr[0]))
744 #endif
745 
746 #endif /* __SSSD_UTIL_H__ */
check_ipv6_addr
bool check_ipv6_addr(struct in6_addr *addr, uint8_t check)
Definition: util.c:703
sss_reverse_replace_space
char * sss_reverse_replace_space(TALLOC_CTX *mem_ctx, const char *orig_name, const char replace_char)
Definition: string_utils.c:69
sss_domain_state
sss_domain_state
sssd domain state
Definition: confdb.h:300
safealign.h
remove_ipv6_brackets
errno_t remove_ipv6_brackets(char *ipv6addr)
Definition: util.c:558
_sss_regexp_t
Definition: sss_regexp.c:131
sss_get_name_from_msg
const char * sss_get_name_from_msg(struct sss_domain_info *domain, struct ldb_message *msg)
Definition: usertools.c:793
string_in_list
bool string_in_list(const char *string, char **list, bool case_sensitive)
Definition: util_ext.c:125
restore_creds
errno_t restore_creds(struct sss_creds *saved_creds)
Definition: become_user.c:200
check_ipv4_addr
bool check_ipv4_addr(struct in_addr *addr, uint8_t check)
Definition: util.c:672
sss_tc_utf8_str_tolower
char * sss_tc_utf8_str_tolower(TALLOC_CTX *mem_ctx, const char *s)
Definition: sss_tc_utf8.c:26
sss_tc_utf8_tolower
uint8_t * sss_tc_utf8_tolower(TALLOC_CTX *mem_ctx, const uint8_t *s, size_t len, size_t *_nlen)
Definition: sss_tc_utf8.c:42
sss_names_ctx
Definition: util.h:218
become_user
errno_t become_user(uid_t uid, gid_t gid)
Definition: become_user.c:28
sss_create_internal_fqname
char * sss_create_internal_fqname(TALLOC_CTX *mem_ctx, const char *shortname, const char *dom_name)
Definition: usertools.c:691
name_to_well_known_sid
errno_t name_to_well_known_sid(const char *dom, const char *name, const char **sid)
Definition: well_known_sids.c:281
sss_names_init
int sss_names_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain, struct sss_names_ctx **out)
Definition: usertools.c:190
pidfile
int pidfile(const char *file)
Definition: server.c:139
sss_domain_set_state
void sss_domain_set_state(struct sss_domain_info *dom, enum sss_domain_state state)
Definition: domain_info_utils.c:892
get_uppercase_realm
char * get_uppercase_realm(TALLOC_CTX *memctx, const char *name)
Definition: usertools.c:38
is_host_in_domain
bool is_host_in_domain(const char *host, const char *domain)
Definition: util.c:656
find_domain_by_object_name
struct sss_domain_info * find_domain_by_object_name(struct sss_domain_info *domain, const char *object_name)
Definition: domain_info_utils.c:227
sss_names_ctx::fq_fmt
char * fq_fmt
Definition: util.h:220
sss_output_name
char * sss_output_name(TALLOC_CTX *mem_ctx, const char *fqname, bool case_sensitive, const char replace_space)
Definition: usertools.c:748
check_and_open_readonly
errno_t check_and_open_readonly(const char *filename, int *fd, uid_t uid, gid_t gid, mode_t mode, mode_t mask)
Definition: check_and_open.c:129
status
Definition: fail_over.c:137
teardown_watchdog
void teardown_watchdog(void)
Definition: util_watchdog.c:240
sss_domain_info
Data structure storing all of the basic features of a domain.
Definition: confdb.h:340
sss_filter_sanitize_ex
errno_t sss_filter_sanitize_ex(TALLOC_CTX *mem_ctx, const char *input, char **sanitized, const char *ignore)
Definition: util.c:439
sss_get_domain_mappings_content
errno_t sss_get_domain_mappings_content(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, char **content)
Definition: domain_info_utils.c:290
talloc_log_fn
void talloc_log_fn(const char *msg)
Definition: debug.c:507
sized_string::str
const char * str
Definition: util.h:521
sss_regexp.h
BlockSignals
void BlockSignals(bool block, int signum)
Block sigs.
Definition: signal.c:35
sss_names_ctx::re_pattern
char * re_pattern
Definition: util.h:219
sss_replace_space
char * sss_replace_space(TALLOC_CTX *mem_ctx, const char *orig_name, const char replace_char)
Definition: string_utils.c:47
guid_blob_to_string_buf
errno_t guid_blob_to_string_buf(const uint8_t *blob, char *str_buf, size_t buf_size)
Definition: string_utils.c:87
get_domain_mpg_mode
enum sss_domain_mpg_mode get_domain_mpg_mode(struct sss_domain_info *domain)
Definition: domain_info_utils.c:965
subdomain_create_conf_path_from_str
char * subdomain_create_conf_path_from_str(TALLOC_CTX *mem_ctx, const char *parent_name, const char *subdom_name)
Definition: domain_info_utils.c:905
ldb_debug_messages
void ldb_debug_messages(void *context, enum ldb_debug_level level, const char *fmt, va_list ap)
Definition: debug.c:342
is_socket_activated
bool is_socket_activated(void)
Definition: util.c:1035
server_setup
int server_setup(const char *name, int flags, uid_t uid, gid_t gid, const char *conf_entry, struct main_context **main_ctx)
Definition: server.c:437
check_file
errno_t check_file(const char *filename, uid_t uid, gid_t gid, mode_t mode, mode_t mask, struct stat *caller_stat_buf, bool follow_symlink)
create_preauth_indicator
errno_t create_preauth_indicator(void)
Definition: util_preauth.c:45
sss_domain_mpg_mode
sss_domain_mpg_mode
Definition: confdb.h:330
split_on_separator
int split_on_separator(TALLOC_CTX *mem_ctx, const char *str, const char sep, bool trim, bool skip_empty, char ***_list, int *size)
Definition: util_ext.c:32
sss_utc_to_time_t
errno_t sss_utc_to_time_t(const char *str, const char *format, time_t *unix_time)
Definition: util.c:827
well_known_sid_to_name
errno_t well_known_sid_to_name(const char *sid, const char **dom, const char **name)
Definition: well_known_sids.c:248
sss_creds::uid
uid_t uid
Definition: become_user.c:75
void_destructor_fn_t
int() void_destructor_fn_t(void *)
Definition: util.h:199
sss_hash_create
errno_t sss_hash_create(TALLOC_CTX *mem_ctx, unsigned long count, hash_table_t **tbl)
Definition: util.c:433
sss_filter_sanitize
errno_t sss_filter_sanitize(TALLOC_CTX *mem_ctx, const char *input, char **sanitized)
Definition: util.c:526
to_sized_string
void to_sized_string(struct sized_string *out, const char *in)
Definition: util.c:541
sss_get_seuser
int sss_get_seuser(const char *linuxuser, char **selinuxuser, char **level)
Definition: sss_semanage.c:476
get_last_x_chars
const char * get_last_x_chars(const char *str, size_t x)
Definition: string_utils.c:112
errno_t
int errno_t
Definition: hbac_evaluator.c:36
sss_domain_get_state
enum sss_domain_state sss_domain_get_state(struct sss_domain_info *dom)
Definition: domain_info_utils.c:885
sss_domain_info_set_output_fqnames
void sss_domain_info_set_output_fqnames(struct sss_domain_info *domain, bool output_fqname)
Definition: domain_info_utils.c:942
die_if_parent_died
int die_if_parent_died(void)
Definition: server.c:335
sss_ad_default_names_ctx
int sss_ad_default_names_ctx(TALLOC_CTX *mem_ctx, struct sss_names_ctx **_out)
Definition: usertools.c:280
sss_remove_subtree
int sss_remove_subtree(const char *root)
Definition: files.c:157
confdb_ctx
Definition: confdb_private.h:25
sized_string
Definition: util.h:520
sss_creds::num_gids
int num_gids
Definition: become_user.c:77
NSCD_DB_PASSWD
@ NSCD_DB_PASSWD
Definition: util.h:504
util_errors.h
open_debug_file
int open_debug_file(void)
Definition: debug.c:463
sss_unique_file
int sss_unique_file(TALLOC_CTX *owner, char *path_tmpl, errno_t *_err)
Definition: util.c:983
sss_copy_file_secure
int sss_copy_file_secure(const char *src, const char *dest, mode_t mode, uid_t uid, gid_t gid, bool force)
Definition: files.c:491
sss_domain_info::mpg_mode
enum sss_domain_mpg_mode mpg_mode
Definition: confdb.h:350
name
const char * name
Definition: sbus_errors.c:30
sss_mem_attach
int sss_mem_attach(TALLOC_CTX *mem_ctx, void *ptr, void_destructor_fn_t *fn)
Definition: memory.c:83
get_next_domain
struct sss_domain_info * get_next_domain(struct sss_domain_info *domain, uint32_t gnd_flags)
Definition: domain_info_utils.c:38
orderly_shutdown
void orderly_shutdown(int status)
Definition: server.c:231
sss_remove_tree
int sss_remove_tree(const char *root)
Definition: files.c:142
sss_seuser_exists
int sss_seuser_exists(const char *linuxuser)
socket_activated
int socket_activated
Definition: util.c:36
sss_names_init_from_args
int sss_names_init_from_args(TALLOC_CTX *mem_ctx, const char *re_pattern, const char *fq_fmt, struct sss_names_ctx **out)
Definition: usertools.c:146
get_domains_head
struct sss_domain_info * get_domains_head(struct sss_domain_info *domain)
Definition: domain_info_utils.c:28
find_domain_by_sid
struct sss_domain_info * find_domain_by_sid(struct sss_domain_info *domain, const char *sid)
Definition: domain_info_utils.c:132
sss_hash_create_ex
errno_t sss_hash_create_ex(TALLOC_CTX *mem_ctx, unsigned long count, hash_table_t **tbl, unsigned int directory_bits, unsigned int segment_bits, unsigned long min_load_factor, unsigned long max_load_factor, hash_delete_callback *delete_callback, void *delete_private_data)
Definition: util.c:382
sss_erase_talloc_mem_securely
int sss_erase_talloc_mem_securely(void *p)
Definition: memory.c:44
sss_fqname
int sss_fqname(char *str, size_t size, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name)
Definition: usertools.c:583
sss_create_internal_fqname_list
char ** sss_create_internal_fqname_list(TALLOC_CTX *mem_ctx, const char *const *shortname_list, const char *dom_name)
Definition: usertools.c:716
add_string_to_list
errno_t add_string_to_list(TALLOC_CTX *mem_ctx, const char *string, char ***list_p)
Definition: util.c:575
domain_to_basedn
int domain_to_basedn(TALLOC_CTX *memctx, const char *domain, char **basedn)
Definition: util.c:621
NSCD_DB_GROUP
@ NSCD_DB_GROUP
Definition: util.h:505
sss_unique_filename
int sss_unique_filename(TALLOC_CTX *owner, char *path_tmpl)
Definition: util.c:990
diff_string_lists
errno_t diff_string_lists(TALLOC_CTX *memctx, char **string1, char **string2, char ***string1_only, char ***string2_only, char ***both_strings)
Definition: util.c:185
sss_get_cased_name
char * sss_get_cased_name(TALLOC_CTX *mem_ctx, const char *orig_name, bool case_sensitive)
Definition: usertools.c:484
sss_create_dir
int sss_create_dir(const char *parent_dir_path, const char *dir_name, mode_t mode, uid_t uid, gid_t gid)
Definition: files.c:811
sss_set_seuser
int sss_set_seuser(const char *login_name, const char *seuser_name, const char *mlsrange)
Definition: sss_semanage.c:465
sized_string::len
size_t len
Definition: util.h:522
sss_creds
Definition: become_user.c:74
sss_creds::gids
gid_t gids[]
Definition: become_user.c:78
is_dbus_activated
bool is_dbus_activated(void)
Definition: util.c:1044
sss_log_ext
void void sss_log_ext(int priority, int facility, const char *format,...) SSS_ATTRIBUTE_PRINTF(3
sss_domain_info::state
enum sss_domain_state state
Definition: confdb.h:400
dbus_activated
int dbus_activated
Definition: util.c:37
sss_creds::gid
gid_t gid
Definition: become_user.c:76
sss_fd_nonblocking
errno_t sss_fd_nonblocking(int fd)
set file descriptor as nonblocking
Definition: util.c:801
sss_filter_sanitize_for_dom
errno_t sss_filter_sanitize_for_dom(TALLOC_CTX *mem_ctx, const char *input, struct sss_domain_info *dom, char **sanitized, char **lc_sanitized)
Definition: sss_tc_utf8.c:59
atomic_io.h
server_common_rotate_logs
errno_t server_common_rotate_logs(struct confdb_ctx *confdb, const char *conf_entry)
Definition: server.c:377
get_known_services
const char *const * get_known_services(void)
Definition: util.c:727
SSS_ATTRIBUTE_PRINTF
#define SSS_ATTRIBUTE_PRINTF(a1, a2)
Definition: debug.h:31
parse_args
char ** parse_args(const char *str)
Definition: util.c:54
subdomain_enumerates
bool subdomain_enumerates(struct sss_domain_info *parent, const char *sd_name)
Definition: domain_info_utils.c:71
sss_parse_name
int sss_parse_name(TALLOC_CTX *memctx, struct sss_names_ctx *snctx, const char *orig, char **_domain, char **_name)
Definition: usertools.c:288
str_to_domain_mpg_mode
enum sss_domain_mpg_mode str_to_domain_mpg_mode(const char *str_mpg_mode)
Definition: domain_info_utils.c:984
sss_get_cased_name_list
errno_t sss_get_cased_name_list(TALLOC_CTX *mem_ctx, const char *const *orig, bool case_sensitive, const char ***_cased)
Definition: usertools.c:493
sss_domain_info::parent
struct sss_domain_info * parent
Definition: confdb.h:386
is_files_provider
bool is_files_provider(struct sss_domain_info *domain)
Definition: domain_info_utils.c:953
subdomain_create_conf_path
char * subdomain_create_conf_path(TALLOC_CTX *mem_ctx, struct sss_domain_info *subdomain)
Definition: domain_info_utils.c:913
check_fd
errno_t check_fd(int fd, uid_t uid, gid_t gid, mode_t mode, mode_t mask, struct stat *caller_stat_buf)
Definition: check_and_open.c:65
rotate_debug_files
int rotate_debug_files(void)
Definition: debug.c:468
chown_debug_file
int chown_debug_file(const char *filename, uid_t uid, gid_t gid)
Definition: debug.c:371
sss_tc_fqname2
char * sss_tc_fqname2(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, const char *dom_name, const char *flat_dom_name, const char *name)
Definition: usertools.c:565
confdb.h
CatchSignal
void(*)(int) CatchSignal(int signum, void(*handler)(int))
Definition: util.h:196
sss_domain_type_str
const char * sss_domain_type_str(struct sss_domain_info *dom)
Definition: domain_info_utils.c:928
local_provider_is_built
bool local_provider_is_built(void)
Definition: util.c:1053
sss_parse_name_for_domains
int sss_parse_name_for_domains(TALLOC_CTX *memctx, struct sss_domain_info *domains, const char *default_domain, const char *orig, char **domain, char **name)
Definition: usertools.c:352
setup_watchdog
int setup_watchdog(struct tevent_context *ev, int interval)
Definition: util_watchdog.c:169
sss_names_ctx::re
sss_regexp_t * re
Definition: util.h:222
sss_get_domain_by_sid_ldap_fallback
struct sss_domain_info * sss_get_domain_by_sid_ldap_fallback(struct sss_domain_info *domain, const char *sid)
Definition: domain_info_utils.c:174
sss_write_domain_mappings
errno_t sss_write_domain_mappings(struct sss_domain_info *domain)
Definition: domain_info_utils.c:417
io.h
sss_domain_info_get_output_fqnames
bool sss_domain_info_get_output_fqnames(struct sss_domain_info *domain)
Definition: domain_info_utils.c:948
selinux_file_context
int selinux_file_context(const char *dst_name)
Definition: selinux.c:74
sss_rand
int sss_rand(void)
Definition: util.c:1062
get_dom_names
errno_t get_dom_names(TALLOC_CTX *mem_ctx, struct sss_domain_info *start_dom, char ***_dom_names, int *_dom_names_count)
Definition: domain_info_utils.c:571
backup_file
int backup_file(const char *src, int dbglvl)
Definition: backup_file.c:29
main_context::event_ctx
struct tevent_context * event_ctx
Definition: util.h:178
find_domain_by_name
struct sss_domain_info * find_domain_by_name(struct sss_domain_info *domain, const char *name, bool match_any)
Definition: domain_info_utils.c:125
sss_erase_mem_securely
void sss_erase_mem_securely(void *p, size_t size)
Definition: memory.c:60
main_context
Definition: util.h:177
sss_log
void sss_log(int priority, const char *format,...) SSS_ATTRIBUTE_PRINTF(2
sss_parse_internal_fqname
errno_t sss_parse_internal_fqname(TALLOC_CTX *mem_ctx, const char *fqname, char **_shortname, char **_dom_name)
Definition: usertools.c:634
flush_nscd_cache
int flush_nscd_cache(enum nscd_db flush_db)
Definition: nscd.c:99
sss_user_by_name_or_uid
errno_t sss_user_by_name_or_uid(const char *input, uid_t *_uid, gid_t *_gid)
Definition: usertools.c:592
add_strings_lists
errno_t add_strings_lists(TALLOC_CTX *mem_ctx, const char **l1, const char **l2, bool copy_strings, char ***_new_list)
Add two list of strings.
Definition: util.c:735
is_user_or_group_name
bool is_user_or_group_name(const char *sudo_user_value)
Definition: util.c:1004
dup_string_list
const char ** dup_string_list(TALLOC_CTX *memctx, const char **str_list)
Definition: util.c:146
sss_nscd_parse_conf
errno_t sss_nscd_parse_conf(const char *conf_path)
Definition: nscd.c:139
find_domain_by_name_ex
struct sss_domain_info * find_domain_by_name_ex(struct sss_domain_info *domain, const char *name, bool match_any, uint32_t gnd_flags)
Definition: domain_info_utils.c:96
server_loop
void server_loop(struct main_context *main_ctx)
Definition: server.c:714
sss_copy_tree
int sss_copy_tree(const char *src_root, const char *dst_root, mode_t mode_root, uid_t uid, gid_t gid)
Definition: files.c:763
concatenate_string_array
char ** concatenate_string_array(TALLOC_CTX *mem_ctx, char **arr1, size_t len1, char **arr2, size_t len2)
Definition: string_utils.c:129
find_domain_by_object_name_ex
struct sss_domain_info * find_domain_by_object_name_ex(struct sss_domain_info *domain, const char *object_name, bool strict, uint32_t gnd_flags)
Definition: domain_info_utils.c:188
main_context::confdb_ctx
struct confdb_ctx * confdb_ctx
Definition: util.h:179
sss_unique_file_ex
int sss_unique_file_ex(TALLOC_CTX *mem_ctx, char *path_tmpl, mode_t file_umask, errno_t *_err)
Definition: util.c:936
main_context::parent_pid
pid_t parent_pid
Definition: util.h:180
tmpfile_watch::filename
const char * filename
Definition: util.c:876
input
Definition: sss_nss_idmap.c:38
sss_string_equal
bool sss_string_equal(bool cs, const char *s1, const char *s2)
Definition: sss_utf8.c:187
switch_creds
errno_t switch_creds(TALLOC_CTX *mem_ctx, uid_t uid, gid_t gid, int num_gids, gid_t *gids, struct sss_creds **saved_creds)
Definition: become_user.c:85
nscd_db
nscd_db
Definition: util.h:503
sss_br_lock_file
errno_t sss_br_lock_file(int fd, size_t start, size_t len, int num_tries, useconds_t wait)
Definition: util_lock.c:31
debug.h
reset_selinux_file_context
int reset_selinux_file_context(void)
Definition: selinux.c:79
sss_format.h
sss_tc_fqname
char * sss_tc_fqname(TALLOC_CTX *mem_ctx, struct sss_names_ctx *nctx, struct sss_domain_info *domain, const char *name)
Definition: usertools.c:545
sss_output_fqname
int sss_output_fqname(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char *name, char override_space, char **_output_name)
Definition: usertools.c:819
sss_domain_is_forest_root
bool sss_domain_is_forest_root(struct sss_domain_info *dom)
Definition: domain_info_utils.c:900
sss_write_krb5_conf_snippet
errno_t sss_write_krb5_conf_snippet(const char *path, bool canonicalize, bool udp_limit)
Definition: domain_info_utils.c:828
open_debug_file_ex
int open_debug_file_ex(const char *filename, FILE **filep, bool want_cloexec)
Definition: debug.c:408
sss_del_seuser
int sss_del_seuser(const char *login_name)
Definition: sss_semanage.c:471
sss_replace_char
char * sss_replace_char(TALLOC_CTX *mem_ctx, const char *in, const char match, const char sub)
Definition: string_utils.c:25
str_domain_mpg_mode
const char * str_domain_mpg_mode(enum sss_domain_mpg_mode mpg_mode)
Definition: domain_info_utils.c:970
sss_domain_is_mpg
bool sss_domain_is_mpg(struct sss_domain_info *domain)
Definition: domain_info_utils.c:960
sss_escape_ip_address
char * sss_escape_ip_address(TALLOC_CTX *mem_ctx, int family, const char *addr)
Definition: util.c:534
sssd_domain_init
errno_t sssd_domain_init(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb, const char *domain_name, const char *db_path, struct sss_domain_info **_domain)
Definition: domain_info_utils.c:234