summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/ldap/ldap_common.c60
-rw-r--r--src/providers/ldap/ldap_common.h12
-rw-r--r--src/providers/ldap/ldap_init.c35
-rw-r--r--src/providers/ldap/sdap_sudo.c107
-rw-r--r--src/providers/ldap/sdap_sudo.h8
5 files changed, 127 insertions, 95 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 737b9156..cce3c0bc 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -26,7 +26,6 @@
#include "providers/fail_over.h"
#include "providers/ldap/sdap_async_private.h"
#include "providers/krb5/krb5_common.h"
-#include "providers/ldap/sdap_sudo_timer.h"
#include "db/sysdb_sudo.h"
#include "db/sysdb_services.h"
@@ -596,65 +595,6 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx,
return EOK;
}
-#ifdef BUILD_SUDO
-int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx)
-{
- struct sdap_sudo_refresh_ctx *refresh_ctx = NULL;
- struct timeval tv;
- int ret = EOK;
- bool refreshed = false;
- bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic,
- SDAP_SUDO_REFRESH_ENABLED);
-
- /* set up periodical update of sudo rules */
- if (refresh_enabled) {
- refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx,
- id_ctx->opts,
- tevent_timeval_zero());
- if (refresh_ctx == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("sdap_sudo_refresh_ctx_init() failed!\n"));
- return ENOMEM;
- }
-
- /* If this is the first startup, we need to kick off
- * an refresh immediately, to close a window where
- * clients requesting sudo information won't get an
- * immediate reply with no entries
- */
- ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed);
- if (ret != EOK) {
- return ret;
- }
- if (refreshed) {
- /* At least one update has previously run,
- * so clients will get cached data. We will delay
- * starting to enumerate by 10s so we don't slow
- * down the startup process if this is happening
- * during system boot.
- */
- tv = tevent_timeval_current_ofs(10, 0);
- DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules "
- "for 10 seconds\n"));
- } else {
- /* This is our first startup. Schedule the
- * update to start immediately once we
- * enter the mainloop.
- */
- tv = tevent_timeval_current();
- }
-
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- talloc_free(refresh_ctx);
- return ret;
- }
- }
-
- return EOK;
-}
-#endif
-
errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx,
struct dp_option *opts, int class,
struct sdap_search_base ***_search_bases)
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index cda21da4..603a1ed9 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -68,6 +68,10 @@ struct sdap_auth_ctx {
struct sdap_service *chpass_service;
};
+int sssm_ldap_id_init(struct be_ctx *bectx,
+ struct bet_ops **ops,
+ void **pvt_data);
+
void sdap_check_online(struct be_req *breq);
void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx);
@@ -85,14 +89,6 @@ void sdap_pam_chpass_handler(struct be_req *breq);
/* access */
void sdap_pam_access_handler(struct be_req *breq);
-#ifdef BUILD_SUDO
-/* sudo */
-void sdap_sudo_handler(struct be_req *breq);
-int sdap_sudo_setup_tasks(struct sdap_id_ctx *ctx);
-#endif
-
-
-
void sdap_handler_done(struct be_req *req, int dp_err,
int error, const char *errstr);
diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c
index 2721b000..dd61a1e1 100644
--- a/src/providers/ldap/ldap_init.c
+++ b/src/providers/ldap/ldap_init.c
@@ -55,14 +55,6 @@ struct bet_ops sdap_access_ops = {
.finalize = sdap_shutdown
};
-/* SUDO Handler */
-#ifdef BUILD_SUDO
-struct bet_ops sdap_sudo_ops = {
- .handler = sdap_sudo_handler,
- .finalize = sdap_shutdown
-};
-#endif
-
/* Please use this only for short lists */
errno_t check_order_list_for_duplicates(char **list,
bool case_sensitive)
@@ -399,35 +391,24 @@ int sssm_ldap_sudo_init(struct be_ctx *be_ctx,
struct bet_ops **ops,
void **pvt_data)
{
-#ifdef BUILD_SUDO
- struct sdap_id_ctx *id_ctx = NULL;
- void *data = NULL;
+ struct sdap_id_ctx *id_ctx;
+ void *data;
int ret;
ret = sssm_ldap_id_init(be_ctx, ops, &data);
if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n",
+ ret, strerror(ret)));
return ret;
}
id_ctx = talloc_get_type(data, struct sdap_id_ctx);
- *ops = &sdap_sudo_ops;
- *pvt_data = id_ctx;
-
- ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb,
- be_ctx->conf_path, id_ctx->opts);
- if (ret != EOK) {
- return ret;
+ if (!id_ctx) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n"));
+ return EIO;
}
- ret = sdap_sudo_setup_tasks(id_ctx);
- if (ret != EOK) {
- return ret;
- }
-
- return ret;
-#else
- return EOK;
-#endif
+ return sdap_sudo_init(be_ctx, id_ctx, ops, &data);
}
static void sdap_shutdown(struct be_req *req)
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index 30afcddf..24425834 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -28,8 +28,115 @@
#include "providers/ldap/sdap_async.h"
#include "providers/ldap/sdap_sudo.h"
#include "providers/ldap/sdap_sudo_cache.h"
+#include "providers/ldap/sdap_sudo_timer.h"
#include "db/sysdb_sudo.h"
+static void
+sdap_sudo_shutdown(struct be_req *req)
+{
+ sdap_handler_done(req, DP_ERR_OK, EOK, NULL);
+}
+
+struct bet_ops sdap_sudo_ops = {
+ .handler = sdap_sudo_handler,
+ .finalize = sdap_sudo_shutdown
+};
+
+int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx);
+
+int sdap_sudo_init(struct be_ctx *be_ctx,
+ struct sdap_id_ctx *id_ctx,
+ struct bet_ops **ops,
+ void **pvt_data)
+{
+#ifdef BUILD_SUDO
+ int ret;
+
+ DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n"));
+
+ *ops = &sdap_sudo_ops;
+ *pvt_data = id_ctx;
+
+ ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb,
+ be_ctx->conf_path, id_ctx->opts);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n",
+ ret, strerror(ret)));
+ return ret;
+ }
+
+ ret = sdap_sudo_setup_tasks(id_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE, ("SUDO setup failed [%d]: %s\n",
+ ret, strerror(ret)));
+ return ret;
+ }
+
+ return EOK;
+#else
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is "
+ "built without sudo support, ignoring\n"));
+ return EOK;
+#endif
+}
+
+int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx)
+{
+ struct sdap_sudo_refresh_ctx *refresh_ctx = NULL;
+ struct timeval tv;
+ int ret = EOK;
+ bool refreshed = false;
+ bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic,
+ SDAP_SUDO_REFRESH_ENABLED);
+
+ /* set up periodical update of sudo rules */
+ if (refresh_enabled) {
+ refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx,
+ id_ctx->opts,
+ tevent_timeval_zero());
+ if (refresh_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE,
+ ("sdap_sudo_refresh_ctx_init() failed!\n"));
+ return ENOMEM;
+ }
+
+ /* If this is the first startup, we need to kick off
+ * an refresh immediately, to close a window where
+ * clients requesting sudo information won't get an
+ * immediate reply with no entries
+ */
+ ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed);
+ if (ret != EOK) {
+ return ret;
+ }
+ if (refreshed) {
+ /* At least one update has previously run,
+ * so clients will get cached data. We will delay
+ * starting to enumerate by 10s so we don't slow
+ * down the startup process if this is happening
+ * during system boot.
+ */
+ tv = tevent_timeval_current_ofs(10, 0);
+ DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules "
+ "for 10 seconds\n"));
+ } else {
+ /* This is our first startup. Schedule the
+ * update to start immediately once we
+ * enter the mainloop.
+ */
+ tv = tevent_timeval_current();
+ }
+
+ ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
+ if (ret != EOK) {
+ talloc_free(refresh_ctx);
+ return ret;
+ }
+ }
+
+ return EOK;
+}
+
struct sdap_sudo_load_sudoers_state {
struct tevent_context *ev;
struct sdap_sudo_ctx *sudo_ctx;
diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h
index b0e66089..dd42f368 100644
--- a/src/providers/ldap/sdap_sudo.h
+++ b/src/providers/ldap/sdap_sudo.h
@@ -21,6 +21,14 @@
#ifndef _SDAP_SUDO_H_
#define _SDAP_SUDO_H_
+/* Common functions from ldap_sudo.c */
+void sdap_sudo_handler(struct be_req *breq);
+int sdap_sudo_init(struct be_ctx *be_ctx,
+ struct sdap_id_ctx *id_ctx,
+ struct bet_ops **ops,
+ void **pvt_data);
+
+/* sdap async interface */
struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx,
struct be_ctx *be_ctx,
struct be_sudo_req *sudo_req,