diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-09-10 13:41:08 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-09-12 14:27:37 +0200 |
commit | 30f029ee8e4220cfa03ae06df88860186482b483 (patch) | |
tree | 19607d27a513a03e4a117133c34a6f8ce08f8bb5 | |
parent | ccaad2d59dd3c4a588ef942c1f74e2062da293e3 (diff) | |
download | sssd-30f029ee8e4220cfa03ae06df88860186482b483.tar.gz sssd-30f029ee8e4220cfa03ae06df88860186482b483.tar.bz2 sssd-30f029ee8e4220cfa03ae06df88860186482b483.zip |
backend: initialize sudo only when it is enabled in services
https://fedorahosted.org/sssd/ticket/1458
When the responder is disabled and sudo_provider is set explicitly,
a warning is print and the module will be initialized.
-rw-r--r-- | src/providers/data_provider_be.c | 66 |
1 files changed, 63 insertions, 3 deletions
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index b979ccc6..dcc40c73 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -2076,6 +2076,68 @@ static void signal_be_offline(struct tevent_context *ev, be_mark_offline(ctx); } +int be_process_init_sudo(struct be_ctx *be_ctx) +{ + TALLOC_CTX *tmp_ctx = NULL; + char **services = NULL; + char *provider = NULL; + bool responder_enabled = false; + int i; + int ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_new() failed\n")); + return ENOMEM; + } + + ret = confdb_get_string_as_list(be_ctx->cdb, tmp_ctx, + CONFDB_MONITOR_CONF_ENTRY, + CONFDB_MONITOR_ACTIVE_SERVICES, &services); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to read from confdb [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + for (i = 0; services[i] != NULL; i++) { + if (strcmp(services[i], "sudo") == 0) { + responder_enabled = true; + break; + } + } + + ret = confdb_get_string(be_ctx->cdb, tmp_ctx, be_ctx->conf_path, + CONFDB_DOMAIN_SUDO_PROVIDER, NULL, &provider); + if (ret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, ("Unable to read from confdb [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + if (!responder_enabled && provider == NULL) { + /* provider is not set explicitly */ + DEBUG(SSSDBG_TRACE_FUNC, + ("SUDO is not listed in services, disabling SUDO module.\n")); + ret = ENOENT; + goto done; + } + + if (!responder_enabled && provider != NULL + && strcmp(provider, NO_PROVIDER) != 0) { + /* provider is set but responder is disabled */ + DEBUG(SSSDBG_MINOR_FAILURE, ("SUDO provider is set, but it is not " + "listed in active services. SUDO support will not work!\n")); + } + + ret = load_backend_module(be_ctx, BET_SUDO, &be_ctx->bet_info[BET_SUDO], + be_ctx->bet_info[BET_ID].mod_name); + +done: + talloc_free(tmp_ctx); + return ret; +} + int be_process_init(TALLOC_CTX *mem_ctx, const char *be_domain, struct tevent_context *ev, @@ -2187,9 +2249,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, "from provider [%s].\n", ctx->bet_info[BET_CHPASS].mod_name)); } - ret = load_backend_module(ctx, BET_SUDO, - &ctx->bet_info[BET_SUDO], - ctx->bet_info[BET_ID].mod_name); + ret = be_process_init_sudo(ctx); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, |