summaryrefslogtreecommitdiff
path: root/src/providers/ipa
diff options
context:
space:
mode:
authorSimo Sorce <simo@redhat.com>2013-01-07 22:15:14 -0500
committerJakub Hrozek <jhrozek@redhat.com>2013-01-15 10:53:01 +0100
commit770896b194b7b66b09c2a30545b4d091fd86b1f4 (patch)
treec2cbe2a448060e73cba6d92bbbe4c191cb20a210 /src/providers/ipa
parentdd7192379e5fc5bb852863e60ad4b6a20c5da183 (diff)
downloadsssd-770896b194b7b66b09c2a30545b4d091fd86b1f4.tar.gz
sssd-770896b194b7b66b09c2a30545b4d091fd86b1f4.tar.bz2
sssd-770896b194b7b66b09c2a30545b4d091fd86b1f4.zip
Add domain argument to sysdb_search_custom()
Also changes sysdb_search_custom_by_name()
Diffstat (limited to 'src/providers/ipa')
-rw-r--r--src/providers/ipa/ipa_access.c4
-rw-r--r--src/providers/ipa/ipa_access.h1
-rw-r--r--src/providers/ipa/ipa_hbac_common.c3
-rw-r--r--src/providers/ipa/ipa_hbac_hosts.c11
-rw-r--r--src/providers/ipa/ipa_hbac_private.h3
-rw-r--r--src/providers/ipa/ipa_hbac_services.c5
-rw-r--r--src/providers/ipa/ipa_selinux.c3
7 files changed, 22 insertions, 8 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 47bd91e7..b8be19eb 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -600,6 +600,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
/* Get HBAC rules from the sysdb */
ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
&hbac_ctx->rule_count, &hbac_ctx->rules);
if (ret != EOK) {
DEBUG(1, ("Could not retrieve rules from the cache\n"));
@@ -645,6 +646,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx)
errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
size_t *_rule_count,
struct sysdb_attrs ***_rules)
{
@@ -680,7 +682,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
goto done;
}
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_RULES_SUBDIR, attrs,
&rule_count, &msgs);
if (ret != EOK && ret != ENOENT) {
diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h
index 3c389dec..0a13d7be 100644
--- a/src/providers/ipa/ipa_access.h
+++ b/src/providers/ipa/ipa_access.h
@@ -119,6 +119,7 @@ void ipa_access_handler(struct be_req *be_req);
errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
size_t *_rule_count,
struct sysdb_attrs ***_rules);
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 7fdb2ce6..a4a411ca 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -326,6 +326,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the services */
ret = hbac_service_attrs_to_rule(new_rule,
hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->services);
@@ -338,6 +339,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Get the target hosts */
ret = hbac_thost_attrs_to_rule(new_rule,
hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
new_rule->name,
hbac_ctx->rules[idx],
&new_rule->targethosts);
@@ -351,6 +353,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx,
ret = hbac_shost_attrs_to_rule(new_rule,
hbac_ctx_sysdb(hbac_ctx),
+ hbac_ctx->be_req->domain,
new_rule->name,
hbac_ctx->rules[idx],
dp_opt_get_bool(hbac_ctx->ipa_options,
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 23f7816b..474a3975 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -30,6 +30,7 @@
*/
static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
const char *category_attr,
@@ -114,7 +115,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* First check if this is a specific host */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_HOSTS_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
@@ -150,7 +151,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
num_hosts++;
} else { /* ret == ENOENT */
/* Check if this is a hostgroup */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_HOSTGROUPS_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
@@ -225,13 +226,14 @@ done:
errno_t
hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **thosts)
{
DEBUG(7, ("Processing target hosts for rule [%s]\n", rule_name));
- return hbac_host_attrs_to_rule(mem_ctx, sysdb,
+ return hbac_host_attrs_to_rule(mem_ctx, sysdb, domain,
rule_name, rule_attrs,
IPA_HOST_CATEGORY, IPA_MEMBER_HOST,
NULL, thosts);
@@ -240,6 +242,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
errno_t
hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
bool support_srchost,
@@ -270,7 +273,7 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
goto done;
}
- ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb,
+ ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb, domain,
rule_name, rule_attrs,
IPA_SOURCE_HOST_CATEGORY, IPA_SOURCE_HOST,
&host_count, &shosts);
diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h
index f313ca13..4f299160 100644
--- a/src/providers/ipa/ipa_hbac_private.h
+++ b/src/providers/ipa/ipa_hbac_private.h
@@ -94,6 +94,7 @@ hbac_get_category(struct sysdb_attrs *attrs,
errno_t
hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **thosts);
@@ -101,6 +102,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
errno_t
hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
bool support_srchost,
@@ -131,6 +133,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req,
errno_t
hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **services);
diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c
index c086f976..8f656985 100644
--- a/src/providers/ipa/ipa_hbac_services.c
+++ b/src/providers/ipa/ipa_hbac_services.c
@@ -384,6 +384,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req,
errno_t
hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
+ struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *rule_attrs,
struct hbac_rule_element **services)
@@ -468,7 +469,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* First check if this is a specific service */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_SERVICES_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
@@ -503,7 +504,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
num_services++;
} else { /* ret == ENOENT */
/* Check if this is a service group */
- ret = sysdb_search_custom(tmp_ctx, sysdb, filter,
+ ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
HBAC_SERVICEGROUPS_SUBDIR, attrs,
&count, &msgs);
if (ret != EOK && ret != ENOENT) goto done;
diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c
index 744dc46c..c8093bad 100644
--- a/src/providers/ipa/ipa_selinux.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -643,6 +643,7 @@ ipa_get_selinux_maps_offline(struct tevent_req *req)
/* read all the HBAC rules */
ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb,
+ state->be_req->be_ctx->domain,
&state->hbac_rule_count, &state->hbac_rules);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("hbac_get_cached_rules failed [%d]: %s\n",
@@ -789,7 +790,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
access_name = state->be_req->be_ctx->bet_info[BET_ACCESS].mod_name;
selinux_name = state->be_req->be_ctx->bet_info[BET_SELINUX].mod_name;
if (strcasecmp(access_name, selinux_name) == 0) {
- ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb,
+ ret = hbac_get_cached_rules(state, bctx->sysdb, bctx->domain,
&state->hbac_rule_count, &state->hbac_rules);
/* Terminates the request */
goto done;