diff options
author | Simo Sorce <simo@redhat.com> | 2013-01-07 22:15:14 -0500 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-01-15 10:53:01 +0100 |
commit | 770896b194b7b66b09c2a30545b4d091fd86b1f4 (patch) | |
tree | c2cbe2a448060e73cba6d92bbbe4c191cb20a210 /src/providers/ipa | |
parent | dd7192379e5fc5bb852863e60ad4b6a20c5da183 (diff) | |
download | sssd-770896b194b7b66b09c2a30545b4d091fd86b1f4.tar.gz sssd-770896b194b7b66b09c2a30545b4d091fd86b1f4.tar.bz2 sssd-770896b194b7b66b09c2a30545b4d091fd86b1f4.zip |
Add domain argument to sysdb_search_custom()
Also changes sysdb_search_custom_by_name()
Diffstat (limited to 'src/providers/ipa')
-rw-r--r-- | src/providers/ipa/ipa_access.c | 4 | ||||
-rw-r--r-- | src/providers/ipa/ipa_access.h | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_common.c | 3 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_hosts.c | 11 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_private.h | 3 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_services.c | 5 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux.c | 3 |
7 files changed, 22 insertions, 8 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 47bd91e7..b8be19eb 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -600,6 +600,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) /* Get HBAC rules from the sysdb */ ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, &hbac_ctx->rule_count, &hbac_ctx->rules); if (ret != EOK) { DEBUG(1, ("Could not retrieve rules from the cache\n")); @@ -645,6 +646,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, size_t *_rule_count, struct sysdb_attrs ***_rules) { @@ -680,7 +682,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, goto done; } - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_RULES_SUBDIR, attrs, &rule_count, &msgs); if (ret != EOK && ret != ENOENT) { diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h index 3c389dec..0a13d7be 100644 --- a/src/providers/ipa/ipa_access.h +++ b/src/providers/ipa/ipa_access.h @@ -119,6 +119,7 @@ void ipa_access_handler(struct be_req *be_req); errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, size_t *_rule_count, struct sysdb_attrs ***_rules); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 7fdb2ce6..a4a411ca 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -326,6 +326,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the services */ ret = hbac_service_attrs_to_rule(new_rule, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->services); @@ -338,6 +339,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the target hosts */ ret = hbac_thost_attrs_to_rule(new_rule, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->targethosts); @@ -351,6 +353,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = hbac_shost_attrs_to_rule(new_rule, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, new_rule->name, hbac_ctx->rules[idx], dp_opt_get_bool(hbac_ctx->ipa_options, diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c index 23f7816b..474a3975 100644 --- a/src/providers/ipa/ipa_hbac_hosts.c +++ b/src/providers/ipa/ipa_hbac_hosts.c @@ -30,6 +30,7 @@ */ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, const char *category_attr, @@ -114,7 +115,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* First check if this is a specific host */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_HOSTS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; @@ -150,7 +151,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, num_hosts++; } else { /* ret == ENOENT */ /* Check if this is a hostgroup */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_HOSTGROUPS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; @@ -225,13 +226,14 @@ done: errno_t hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts) { DEBUG(7, ("Processing target hosts for rule [%s]\n", rule_name)); - return hbac_host_attrs_to_rule(mem_ctx, sysdb, + return hbac_host_attrs_to_rule(mem_ctx, sysdb, domain, rule_name, rule_attrs, IPA_HOST_CATEGORY, IPA_MEMBER_HOST, NULL, thosts); @@ -240,6 +242,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, errno_t hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, bool support_srchost, @@ -270,7 +273,7 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb, + ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb, domain, rule_name, rule_attrs, IPA_SOURCE_HOST_CATEGORY, IPA_SOURCE_HOST, &host_count, &shosts); diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h index f313ca13..4f299160 100644 --- a/src/providers/ipa/ipa_hbac_private.h +++ b/src/providers/ipa/ipa_hbac_private.h @@ -94,6 +94,7 @@ hbac_get_category(struct sysdb_attrs *attrs, errno_t hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts); @@ -101,6 +102,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, errno_t hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, bool support_srchost, @@ -131,6 +133,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req, errno_t hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **services); diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c index c086f976..8f656985 100644 --- a/src/providers/ipa/ipa_hbac_services.c +++ b/src/providers/ipa/ipa_hbac_services.c @@ -384,6 +384,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req, errno_t hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **services) @@ -468,7 +469,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* First check if this is a specific service */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_SERVICES_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; @@ -503,7 +504,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, num_services++; } else { /* ret == ENOENT */ /* Check if this is a service group */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_SERVICEGROUPS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 744dc46c..c8093bad 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -643,6 +643,7 @@ ipa_get_selinux_maps_offline(struct tevent_req *req) /* read all the HBAC rules */ ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb, + state->be_req->be_ctx->domain, &state->hbac_rule_count, &state->hbac_rules); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("hbac_get_cached_rules failed [%d]: %s\n", @@ -789,7 +790,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq) access_name = state->be_req->be_ctx->bet_info[BET_ACCESS].mod_name; selinux_name = state->be_req->be_ctx->bet_info[BET_SELINUX].mod_name; if (strcasecmp(access_name, selinux_name) == 0) { - ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb, + ret = hbac_get_cached_rules(state, bctx->sysdb, bctx->domain, &state->hbac_rule_count, &state->hbac_rules); /* Terminates the request */ goto done; |