summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
authorJan Cholasta <jcholast@redhat.com>2012-10-12 10:32:43 -0400
committerJakub Hrozek <jhrozek@redhat.com>2012-10-12 18:23:48 +0200
commitf1c34a30f5c405fa34cdf29dd52b31d5deabe197 (patch)
tree58cc5873d175ad8156c85a3d3c60dc2d770387d6 /src
parent70eaade10feedd7845e39170d0b7eebf3a030af1 (diff)
downloadsssd-f1c34a30f5c405fa34cdf29dd52b31d5deabe197.tar.gz
sssd-f1c34a30f5c405fa34cdf29dd52b31d5deabe197.tar.bz2
sssd-f1c34a30f5c405fa34cdf29dd52b31d5deabe197.zip
SSH: When host keys are removed from LDAP, remove them from the cache as well
https://fedorahosted.org/sssd/ticket/1574
Diffstat (limited to 'src')
-rw-r--r--src/db/sysdb_ssh.c70
1 files changed, 34 insertions, 36 deletions
diff --git a/src/db/sysdb_ssh.c b/src/db/sysdb_ssh.c
index 47969bb5..2f193a5c 100644
--- a/src/db/sysdb_ssh.c
+++ b/src/db/sysdb_ssh.c
@@ -28,29 +28,16 @@ sysdb_update_ssh_host(struct sysdb_ctx *sysdb,
const char *name,
struct sysdb_attrs *attrs)
{
- TALLOC_CTX *tmp_ctx;
errno_t ret;
- DEBUG(SSSDBG_TRACE_FUNC, ("Updating host %s\n", name));
-
- tmp_ctx = talloc_new(NULL);
- if (!tmp_ctx) {
- return ENOMEM;
- }
-
ret = sysdb_store_custom(sysdb, name, SSH_HOSTS_SUBDIR, attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
("Error storing host %s [%d]: %s\n", name, ret, strerror(ret)));
- goto done;
+ return ret;
}
- ret = EOK;
-
-done:
- talloc_free(tmp_ctx);
-
- return ret;
+ return EOK;
}
errno_t
@@ -69,11 +56,26 @@ sysdb_store_ssh_host(struct sysdb_ctx *sysdb,
struct ldb_message_element *el;
unsigned int i;
+ DEBUG(SSSDBG_TRACE_FUNC, ("Storing host %s\n", name));
+
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
+ ret = sysdb_transaction_start(sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
+ goto done;
+ }
+
+ in_transaction = true;
+
+ ret = sysdb_get_ssh_host(tmp_ctx, sysdb, name, search_attrs, &host);
+ if (ret != EOK && ret != ENOENT) {
+ goto done;
+ }
+
ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_SSH_HOST_OC);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
@@ -91,20 +93,7 @@ sysdb_store_ssh_host(struct sysdb_ctx *sysdb,
if (alias) {
new_alias = true;
- ret = sysdb_transaction_start(sysdb);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
- goto done;
- }
-
- in_transaction = true;
-
/* copy aliases from the existing entry */
- ret = sysdb_get_ssh_host(tmp_ctx, sysdb, name, search_attrs, &host);
- if (ret != EOK && ret != ENOENT) {
- goto done;
- }
-
if (host) {
el = ldb_msg_find_element(host, SYSDB_NAME_ALIAS);
@@ -138,6 +127,17 @@ sysdb_store_ssh_host(struct sysdb_ctx *sysdb,
}
}
+ /* make sure sshPublicKey is present when modifying an existing host */
+ if (host) {
+ ret = sysdb_attrs_get_el(attrs, SYSDB_SSH_PUBKEY, &el);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Could not get sysdb sshPublicKey [%d]: %s\n",
+ ret, strerror(ret)));
+ goto done;
+ }
+ }
+
ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE,
@@ -151,16 +151,14 @@ sysdb_store_ssh_host(struct sysdb_ctx *sysdb,
goto done;
}
- if (in_transaction) {
- ret = sysdb_transaction_commit(sysdb);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
- goto done;
- }
-
- in_transaction = false;
+ ret = sysdb_transaction_commit(sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
+ goto done;
}
+ in_transaction = false;
+
ret = EOK;
done: