summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-04-23 15:07:17 +0200
committerStephen Gallagher <sgallagh@redhat.com>2012-06-29 11:37:16 -0400
commit80357fbba7e8251c85aa884749f275eed28eb4eb (patch)
treebc65ffa47310a477d42f15cdd43730aabcd1a072
parent4cab4191f9e0d8d2cc04084964c71454a62852fe (diff)
downloadsssd-80357fbba7e8251c85aa884749f275eed28eb4eb.tar.gz
sssd-80357fbba7e8251c85aa884749f275eed28eb4eb.tar.bz2
sssd-80357fbba7e8251c85aa884749f275eed28eb4eb.zip
sudo ldap provider: add expiration time to each rule
-rw-r--r--src/providers/ldap/sdap_async_sudo.c15
-rw-r--r--src/providers/ldap/sdap_sudo_cache.c19
-rw-r--r--src/providers/ldap/sdap_sudo_cache.h4
3 files changed, 30 insertions, 8 deletions
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c
index 10e613e1..081ed20c 100644
--- a/src/providers/ldap/sdap_async_sudo.c
+++ b/src/providers/ldap/sdap_async_sudo.c
@@ -87,7 +87,9 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq);
static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx,
struct sdap_options *opts,
size_t rules_count,
- struct sysdb_attrs **rules);
+ struct sysdb_attrs **rules,
+ int cache_timeout,
+ time_t now);
struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx,
struct be_ctx *be_ctx,
@@ -440,6 +442,7 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq)
int ret;
errno_t sret;
bool in_transaction = false;
+ time_t now;
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct sdap_sudo_refresh_state);
@@ -468,7 +471,9 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq)
}
/* store rules */
- ret = sdap_sudo_store_sudoers(state->sysdb, state->opts, rules_count, rules);
+ now = time(NULL);
+ ret = sdap_sudo_store_sudoers(state->sysdb, state->opts, rules_count, rules,
+ state->domain->sudo_timeout, now);
if (ret != EOK) {
goto done;
}
@@ -504,7 +509,9 @@ done:
static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx,
struct sdap_options *opts,
size_t rules_count,
- struct sysdb_attrs **rules)
+ struct sysdb_attrs **rules,
+ int cache_timeout,
+ time_t now)
{
errno_t ret;
@@ -514,7 +521,7 @@ static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx,
}
ret = sdap_save_native_sudorule_list(sysdb_ctx, opts->sudorule_map,
- rules, rules_count);
+ rules, rules_count, cache_timeout, now);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("failed to save sudo rules [%d]: %s\n",
ret, strerror(ret)));
diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c
index c58fa1c3..39b028d6 100644
--- a/src/providers/ldap/sdap_sudo_cache.c
+++ b/src/providers/ldap/sdap_sudo_cache.c
@@ -26,7 +26,9 @@
static errno_t
sdap_save_native_sudorule(struct sysdb_ctx *sysdb_ctx,
struct sdap_attr_map *map,
- struct sysdb_attrs *attrs)
+ struct sysdb_attrs *attrs,
+ int cache_timeout,
+ time_t now)
{
errno_t ret;
const char *rule_name;
@@ -39,6 +41,14 @@ sdap_save_native_sudorule(struct sysdb_ctx *sysdb_ctx,
return ret;
}
+ ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
+ (cache_timeout ? (now + cache_timeout) : 0));
+ if (ret) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Could not set sysdb cache expire [%d]: %s\n",
+ ret, strerror(ret)));
+ return ret;
+ }
+
ret = sysdb_save_sudorule(sysdb_ctx, rule_name, attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name));
@@ -52,7 +62,9 @@ errno_t
sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx,
struct sdap_attr_map *map,
struct sysdb_attrs **replies,
- size_t replies_count)
+ size_t replies_count,
+ int cache_timeout,
+ time_t now)
{
errno_t ret, tret;
bool in_transaction = false;
@@ -66,7 +78,8 @@ sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx,
in_transaction = true;
for (i=0; i<replies_count; i++) {
- ret = sdap_save_native_sudorule(sysdb_ctx, map, replies[i]);
+ ret = sdap_save_native_sudorule(sysdb_ctx, map, replies[i],
+ cache_timeout, now);
if (ret != EOK) {
goto fail;
}
diff --git a/src/providers/ldap/sdap_sudo_cache.h b/src/providers/ldap/sdap_sudo_cache.h
index 6bd94235..146d38f2 100644
--- a/src/providers/ldap/sdap_sudo_cache.h
+++ b/src/providers/ldap/sdap_sudo_cache.h
@@ -28,6 +28,8 @@ errno_t
sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx,
struct sdap_attr_map *map,
struct sysdb_attrs **replies,
- size_t replies_count);
+ size_t replies_count,
+ int cache_timeout,
+ time_t now);
#endif /* _SDAP_SUDO_CACHE_H_ */