summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2012-05-09 14:23:57 +0200
committerStephen Gallagher <sgallagh@redhat.com>2012-06-29 11:37:17 -0400
commit6ea68b049dd507409d454100978ee125febc69ea (patch)
tree69e3e5d786677627d71cb6915cc050180a8e29e0 /src/providers/ldap
parentaa6b805fd1f9cd8166ad5de3b5578390df1613d5 (diff)
downloadsssd-6ea68b049dd507409d454100978ee125febc69ea.tar.gz
sssd-6ea68b049dd507409d454100978ee125febc69ea.tar.bz2
sssd-6ea68b049dd507409d454100978ee125febc69ea.zip
sudo ldap provider: when sysdb filter is NULL remove downloaded rules
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/sdap_async_sudo.c66
1 files changed, 61 insertions, 5 deletions
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c
index 8ed216b1..9a7dc857 100644
--- a/src/providers/ldap/sdap_async_sudo.c
+++ b/src/providers/ldap/sdap_async_sudo.c
@@ -85,6 +85,12 @@ static int sdap_sudo_load_sudoers_recv(struct tevent_req *req,
static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq);
+static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
+ const char *filter,
+ struct sdap_attr_map *map,
+ size_t rules_count,
+ struct sysdb_attrs **rules);
+
static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
struct sdap_options *opts,
@@ -473,11 +479,10 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq)
in_transaction = true;
/* purge cache */
- if (state->sysdb_filter != NULL) {
- ret = sysdb_sudo_purge_byfilter(state->sysdb, state->sysdb_filter);
- if (ret != EOK) {
- goto done;
- }
+ ret = sdap_sudo_purge_sudoers(state->sysdb, state->sysdb_filter,
+ state->opts->sudorule_map, rules_count, rules);
+ if (ret != EOK) {
+ goto done;
}
/* store rules */
@@ -517,6 +522,57 @@ done:
}
}
+static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
+ const char *filter,
+ struct sdap_attr_map *map,
+ size_t rules_count,
+ struct sysdb_attrs **rules)
+{
+ const char *name;
+ int i;
+ errno_t ret;
+
+ if (filter == NULL) {
+ /* removes downloaded rules from the cache */
+ if (rules_count == 0 || rules == NULL) {
+ return EOK;
+ }
+
+ for (i = 0; i < rules_count; i++) {
+ ret = sysdb_attrs_get_string(rules[i],
+ map[SDAP_AT_SUDO_NAME].sys_name,
+ &name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Failed to retrieve rule name: [%s]\n", strerror(ret)));
+ continue;
+ }
+
+ ret = sysdb_sudo_purge_byname(sysdb_ctx, name);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Failed to delete rule %s: [%s]\n",
+ name, strerror(ret)));
+ continue;
+ }
+ }
+ } else {
+ /* purge cache by provided filter */
+ ret = sysdb_sudo_purge_byfilter(sysdb_ctx, filter);
+ if (ret != EOK) {
+ goto done;
+ }
+ }
+
+done:
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("failed to purge sudo rules [%d]: %s\n",
+ ret, strerror(ret)));
+ }
+
+ return ret;
+}
+
static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
struct sdap_options *opts,