diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-04-23 15:07:17 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-06-29 11:37:16 -0400 |
commit | 80357fbba7e8251c85aa884749f275eed28eb4eb (patch) | |
tree | bc65ffa47310a477d42f15cdd43730aabcd1a072 | |
parent | 4cab4191f9e0d8d2cc04084964c71454a62852fe (diff) | |
download | sssd-80357fbba7e8251c85aa884749f275eed28eb4eb.tar.gz sssd-80357fbba7e8251c85aa884749f275eed28eb4eb.tar.bz2 sssd-80357fbba7e8251c85aa884749f275eed28eb4eb.zip |
sudo ldap provider: add expiration time to each rule
-rw-r--r-- | src/providers/ldap/sdap_async_sudo.c | 15 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo_cache.c | 19 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo_cache.h | 4 |
3 files changed, 30 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c index 10e613e1..081ed20c 100644 --- a/src/providers/ldap/sdap_async_sudo.c +++ b/src/providers/ldap/sdap_async_sudo.c @@ -87,7 +87,9 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq); static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx, struct sdap_options *opts, size_t rules_count, - struct sysdb_attrs **rules); + struct sysdb_attrs **rules, + int cache_timeout, + time_t now); struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, @@ -440,6 +442,7 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq) int ret; errno_t sret; bool in_transaction = false; + time_t now; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_refresh_state); @@ -468,7 +471,9 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq) } /* store rules */ - ret = sdap_sudo_store_sudoers(state->sysdb, state->opts, rules_count, rules); + now = time(NULL); + ret = sdap_sudo_store_sudoers(state->sysdb, state->opts, rules_count, rules, + state->domain->sudo_timeout, now); if (ret != EOK) { goto done; } @@ -504,7 +509,9 @@ done: static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx, struct sdap_options *opts, size_t rules_count, - struct sysdb_attrs **rules) + struct sysdb_attrs **rules, + int cache_timeout, + time_t now) { errno_t ret; @@ -514,7 +521,7 @@ static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx, } ret = sdap_save_native_sudorule_list(sysdb_ctx, opts->sudorule_map, - rules, rules_count); + rules, rules_count, cache_timeout, now); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("failed to save sudo rules [%d]: %s\n", ret, strerror(ret))); diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c index c58fa1c3..39b028d6 100644 --- a/src/providers/ldap/sdap_sudo_cache.c +++ b/src/providers/ldap/sdap_sudo_cache.c @@ -26,7 +26,9 @@ static errno_t sdap_save_native_sudorule(struct sysdb_ctx *sysdb_ctx, struct sdap_attr_map *map, - struct sysdb_attrs *attrs) + struct sysdb_attrs *attrs, + int cache_timeout, + time_t now) { errno_t ret; const char *rule_name; @@ -39,6 +41,14 @@ sdap_save_native_sudorule(struct sysdb_ctx *sysdb_ctx, return ret; } + ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, + (cache_timeout ? (now + cache_timeout) : 0)); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, ("Could not set sysdb cache expire [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + ret = sysdb_save_sudorule(sysdb_ctx, rule_name, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name)); @@ -52,7 +62,9 @@ errno_t sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx, struct sdap_attr_map *map, struct sysdb_attrs **replies, - size_t replies_count) + size_t replies_count, + int cache_timeout, + time_t now) { errno_t ret, tret; bool in_transaction = false; @@ -66,7 +78,8 @@ sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx, in_transaction = true; for (i=0; i<replies_count; i++) { - ret = sdap_save_native_sudorule(sysdb_ctx, map, replies[i]); + ret = sdap_save_native_sudorule(sysdb_ctx, map, replies[i], + cache_timeout, now); if (ret != EOK) { goto fail; } diff --git a/src/providers/ldap/sdap_sudo_cache.h b/src/providers/ldap/sdap_sudo_cache.h index 6bd94235..146d38f2 100644 --- a/src/providers/ldap/sdap_sudo_cache.h +++ b/src/providers/ldap/sdap_sudo_cache.h @@ -28,6 +28,8 @@ errno_t sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx, struct sdap_attr_map *map, struct sysdb_attrs **replies, - size_t replies_count); + size_t replies_count, + int cache_timeout, + time_t now); #endif /* _SDAP_SUDO_CACHE_H_ */ |