summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-01-08 01:25:47 -0500
committerJakub Hrozek <jhrozek@redhat.com>2013-01-15 10:53:03 +0100
commitb0fa48b0d612b46a86e45f8e4b5d9feae9784c2b (patch)
tree8df34df06567f926284a27b775fb923b39bc4a6d
parent965428847850f1b154130e249f2d942c6065e88d (diff)
downloadsssd-b0fa48b0d612b46a86e45f8e4b5d9feae9784c2b.tar.gz
sssd-b0fa48b0d612b46a86e45f8e4b5d9feae9784c2b.tar.bz2
sssd-b0fa48b0d612b46a86e45f8e4b5d9feae9784c2b.zip
Add domain arguments to sysdb sudo functions
-rw-r--r--src/db/sysdb_sudo.c45
-rw-r--r--src/db/sysdb_sudo.h23
-rw-r--r--src/providers/ldap/sdap_async_sudo.c14
-rw-r--r--src/providers/ldap/sdap_sudo.c9
-rw-r--r--src/providers/ldap/sdap_sudo_cache.c7
-rw-r--r--src/providers/ldap/sdap_sudo_cache.h1
-rw-r--r--src/responder/sudo/sudosrv_get_sudorules.c9
7 files changed, 69 insertions, 39 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 56ac8428..93dea85c 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -307,8 +307,9 @@ done:
}
errno_t
-sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username,
- struct sysdb_ctx *sysdb, uid_t *_uid,
+sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *username, uid_t *_uid,
char ***groupnames)
{
TALLOC_CTX *tmp_ctx;
@@ -332,7 +333,7 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username,
tmp_ctx = talloc_new(NULL);
NULL_CHECK(tmp_ctx, ret, done);
- ret = sysdb_search_user_by_name(tmp_ctx, sysdb, sysdb->domain,
+ ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain,
username, attrs, &msg);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up user %s\n", username));
@@ -378,7 +379,7 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username,
/* resolve primary group */
gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
if (gid != 0) {
- ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, sysdb->domain, gid,
+ ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, domain, gid,
group_attrs, &group_msg);
if (ret == EOK) {
primary_group = ldb_msg_find_attr_as_string(group_msg, SYSDB_NAME,
@@ -420,9 +421,10 @@ done:
}
errno_t
-sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx,
- const char *rule_name,
- struct sysdb_attrs *attrs)
+sysdb_save_sudorule(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *rule_name,
+ struct sysdb_attrs *attrs)
{
errno_t ret;
@@ -443,7 +445,7 @@ sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx,
return ret;
}
- ret = sysdb_store_custom(sysdb_ctx, sysdb_ctx->domain, rule_name, SUDORULE_SUBDIR, attrs);
+ ret = sysdb_store_custom(sysdb, domain, rule_name, SUDORULE_SUBDIR, attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_custom failed [%d]: %s\n",
ret, strerror(ret)));
@@ -454,6 +456,7 @@ sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx,
}
static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *attr_name,
time_t value)
{
@@ -471,7 +474,7 @@ static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb,
}
dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
- SUDORULE_SUBDIR, sysdb->domain->name);
+ SUDORULE_SUBDIR, domain->name);
if (!dn) {
ret = ENOMEM;
goto done;
@@ -530,6 +533,7 @@ done:
}
static errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *attr_name,
time_t *value)
{
@@ -546,7 +550,7 @@ static errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb,
}
dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
- SUDORULE_SUBDIR, sysdb->domain->name);
+ SUDORULE_SUBDIR, domain->name);
if (!dn) {
ret = ENOMEM;
goto done;
@@ -584,16 +588,20 @@ done:
return ret;
}
-errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, time_t value)
+errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ time_t value)
{
- return sysdb_sudo_set_refresh_time(sysdb, SYSDB_SUDO_AT_LAST_FULL_REFRESH,
- value);
+ return sysdb_sudo_set_refresh_time(sysdb, domain,
+ SYSDB_SUDO_AT_LAST_FULL_REFRESH, value);
}
-errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, time_t *value)
+errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ time_t *value)
{
- return sysdb_sudo_get_refresh_time(sysdb, SYSDB_SUDO_AT_LAST_FULL_REFRESH,
- value);
+ return sysdb_sudo_get_refresh_time(sysdb, domain,
+ SYSDB_SUDO_AT_LAST_FULL_REFRESH, value);
}
/* ==================== Purge functions ==================== */
@@ -624,10 +632,11 @@ done:
}
errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name)
{
DEBUG(SSSDBG_TRACE_INTERNAL, ("Deleting sudo rule %s\n", name));
- return sysdb_delete_custom(sysdb, sysdb->domain, name, SUDORULE_SUBDIR);
+ return sysdb_delete_custom(sysdb, domain, name, SUDORULE_SUBDIR);
}
errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
@@ -683,7 +692,7 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
continue;
}
- ret = sysdb_sudo_purge_byname(sysdb, name);
+ ret = sysdb_sudo_purge_byname(sysdb, domain, name);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not delete rule %s\n", name));
goto done;
diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h
index 60911b6e..da019240 100644
--- a/src/db/sysdb_sudo.h
+++ b/src/db/sysdb_sudo.h
@@ -72,19 +72,26 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
char **_filter);
errno_t
-sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username,
- struct sysdb_ctx *sysdb, uid_t *_uid,
+sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *username, uid_t *_uid,
char ***groupnames);
errno_t
-sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx,
- const char *rule_name,
- struct sysdb_attrs *attrs);
-
-errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, time_t value);
-errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, time_t *value);
+sysdb_save_sudorule(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ const char *rule_name,
+ struct sysdb_attrs *attrs);
+
+errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ time_t value);
+errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
+ time_t *value);
errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *name);
errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c
index 974d3b17..2e61fc63 100644
--- a/src/providers/ldap/sdap_async_sudo.c
+++ b/src/providers/ldap/sdap_async_sudo.c
@@ -95,6 +95,7 @@ static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
+ struct sss_domain_info *domain,
struct sdap_options *opts,
size_t rules_count,
struct sysdb_attrs **rules,
@@ -495,8 +496,9 @@ static void sdap_sudo_refresh_load_done(struct tevent_req *subreq)
/* store rules */
now = time(NULL);
- ret = sdap_sudo_store_sudoers(state, state->sysdb, state->opts, rules_count,
- rules, state->domain->sudo_timeout, now,
+ ret = sdap_sudo_store_sudoers(state, state->sysdb, state->domain,
+ state->opts, rules_count, rules,
+ state->domain->sudo_timeout, now,
&state->highest_usn);
if (ret != EOK) {
goto done;
@@ -560,7 +562,7 @@ static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
continue;
}
- ret = sysdb_sudo_purge_byname(sysdb_ctx, name);
+ ret = sysdb_sudo_purge_byname(sysdb_ctx, dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to delete rule %s: [%s]\n",
@@ -589,6 +591,7 @@ done:
static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
+ struct sss_domain_info *domain,
struct sdap_options *opts,
size_t rules_count,
struct sysdb_attrs **rules,
@@ -603,8 +606,9 @@ static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
return EOK;
}
- ret = sdap_save_native_sudorule_list(mem_ctx, sysdb_ctx, opts->sudorule_map,
- rules, rules_count, cache_timeout, now,
+ ret = sdap_save_native_sudorule_list(mem_ctx, sysdb_ctx, domain,
+ opts->sudorule_map, rules,
+ rules_count, cache_timeout, now,
_usn);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("failed to save sudo rules [%d]: %s\n",
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index de16a84c..990eed1a 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -36,6 +36,7 @@ struct sdap_sudo_full_refresh_state {
struct sdap_sudo_ctx *sudo_ctx;
struct sdap_id_ctx *id_ctx;
struct sysdb_ctx *sysdb;
+ struct sss_domain_info *domain;
int dp_error;
int error;
};
@@ -250,7 +251,9 @@ static int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx)
}
}
- ret = sysdb_sudo_get_last_full_refresh(id_ctx->be->sysdb, &last_full);
+ ret = sysdb_sudo_get_last_full_refresh(id_ctx->be->sysdb,
+ id_ctx->be->domain,
+ &last_full);
if (ret != EOK) {
return ret;
}
@@ -553,6 +556,7 @@ static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx,
state->sudo_ctx = sudo_ctx;
state->id_ctx = id_ctx;
state->sysdb = id_ctx->be->sysdb;
+ state->domain = id_ctx->be->domain;
/* Download all rules from LDAP */
ldap_filter = talloc_asprintf(state, SDAP_SUDO_FILTER_CLASS,
@@ -627,7 +631,8 @@ static void sdap_sudo_full_refresh_done(struct tevent_req *subreq)
state->sudo_ctx->full_refresh_done = true;
/* save the time in the sysdb */
- ret = sysdb_sudo_set_last_full_refresh(state->sysdb, time(NULL));
+ ret = sysdb_sudo_set_last_full_refresh(state->sysdb, state->domain,
+ time(NULL));
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to save time of "
"a successful full refresh\n"));
diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c
index 499db02f..3c438b93 100644
--- a/src/providers/ldap/sdap_sudo_cache.c
+++ b/src/providers/ldap/sdap_sudo_cache.c
@@ -57,6 +57,7 @@ static errno_t sdap_sudo_get_usn(TALLOC_CTX *mem_ctx,
static errno_t
sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
+ struct sss_domain_info *domain,
struct sdap_attr_map *map,
struct sysdb_attrs *attrs,
int cache_timeout,
@@ -88,7 +89,7 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
return ret;
}
- ret = sysdb_save_sudorule(sysdb_ctx, rule_name, attrs);
+ ret = sysdb_save_sudorule(sysdb_ctx, domain, rule_name, attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name));
return ret;
@@ -100,6 +101,7 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
errno_t
sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
+ struct sss_domain_info *domain,
struct sdap_attr_map *map,
struct sysdb_attrs **replies,
size_t replies_count,
@@ -129,7 +131,8 @@ sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
for (i=0; i<replies_count; i++) {
usn_value = NULL;
- ret = sdap_save_native_sudorule(tmp_ctx, sysdb_ctx, map, replies[i],
+ ret = sdap_save_native_sudorule(tmp_ctx, sysdb_ctx,
+ domain, map, replies[i],
cache_timeout, now, &usn_value);
if (ret != EOK) {
goto fail;
diff --git a/src/providers/ldap/sdap_sudo_cache.h b/src/providers/ldap/sdap_sudo_cache.h
index 6413d236..d156e5cf 100644
--- a/src/providers/ldap/sdap_sudo_cache.h
+++ b/src/providers/ldap/sdap_sudo_cache.h
@@ -27,6 +27,7 @@
errno_t
sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
+ struct sss_domain_info *domain,
struct sdap_attr_map *map,
struct sysdb_attrs **replies,
size_t replies_count,
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index 4860d878..a8e86666 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -399,8 +399,8 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx)
* expired rules for this user and defaults at once we will save one
* provider call
*/
- ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->orig_username, user_sysdb,
- NULL, &groupnames);
+ ret = sysdb_get_sudo_user_info(tmp_ctx, user_sysdb, cmd_ctx->domain,
+ cmd_ctx->orig_username, NULL, &groupnames);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Unable to retrieve user info [%d]: %s\n", ret, strerror(ret)));
@@ -619,8 +619,9 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx,
switch (cmd_ctx->type) {
case SSS_SUDO_USER:
debug_name = cmd_ctx->cased_username;
- ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->orig_username,
- user_sysdb, NULL, &groupnames);
+ ret = sysdb_get_sudo_user_info(tmp_ctx, user_sysdb, cmd_ctx->domain,
+ cmd_ctx->orig_username,
+ NULL, &groupnames);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
("Unable to retrieve user info [%d]: %s\n", strerror(ret)));