diff options
-rw-r--r-- | src/providers/ldap/ldap_common.c | 60 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.h | 12 | ||||
-rw-r--r-- | src/providers/ldap/ldap_init.c | 35 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo.c | 107 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo.h | 8 |
5 files changed, 127 insertions, 95 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 737b9156..cce3c0bc 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -26,7 +26,6 @@ #include "providers/fail_over.h" #include "providers/ldap/sdap_async_private.h" #include "providers/krb5/krb5_common.h" -#include "providers/ldap/sdap_sudo_timer.h" #include "db/sysdb_sudo.h" #include "db/sysdb_services.h" @@ -596,65 +595,6 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx, return EOK; } -#ifdef BUILD_SUDO -int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx) -{ - struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; - struct timeval tv; - int ret = EOK; - bool refreshed = false; - bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic, - SDAP_SUDO_REFRESH_ENABLED); - - /* set up periodical update of sudo rules */ - if (refresh_enabled) { - refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx, - id_ctx->opts, - tevent_timeval_zero()); - if (refresh_ctx == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("sdap_sudo_refresh_ctx_init() failed!\n")); - return ENOMEM; - } - - /* If this is the first startup, we need to kick off - * an refresh immediately, to close a window where - * clients requesting sudo information won't get an - * immediate reply with no entries - */ - ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed); - if (ret != EOK) { - return ret; - } - if (refreshed) { - /* At least one update has previously run, - * so clients will get cached data. We will delay - * starting to enumerate by 10s so we don't slow - * down the startup process if this is happening - * during system boot. - */ - tv = tevent_timeval_current_ofs(10, 0); - DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules " - "for 10 seconds\n")); - } else { - /* This is our first startup. Schedule the - * update to start immediately once we - * enter the mainloop. - */ - tv = tevent_timeval_current(); - } - - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - talloc_free(refresh_ctx); - return ret; - } - } - - return EOK; -} -#endif - errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, struct dp_option *opts, int class, struct sdap_search_base ***_search_bases) diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index cda21da4..603a1ed9 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -68,6 +68,10 @@ struct sdap_auth_ctx { struct sdap_service *chpass_service; }; +int sssm_ldap_id_init(struct be_ctx *bectx, + struct bet_ops **ops, + void **pvt_data); + void sdap_check_online(struct be_req *breq); void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx); @@ -85,14 +89,6 @@ void sdap_pam_chpass_handler(struct be_req *breq); /* access */ void sdap_pam_access_handler(struct be_req *breq); -#ifdef BUILD_SUDO -/* sudo */ -void sdap_sudo_handler(struct be_req *breq); -int sdap_sudo_setup_tasks(struct sdap_id_ctx *ctx); -#endif - - - void sdap_handler_done(struct be_req *req, int dp_err, int error, const char *errstr); diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 2721b000..dd61a1e1 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -55,14 +55,6 @@ struct bet_ops sdap_access_ops = { .finalize = sdap_shutdown }; -/* SUDO Handler */ -#ifdef BUILD_SUDO -struct bet_ops sdap_sudo_ops = { - .handler = sdap_sudo_handler, - .finalize = sdap_shutdown -}; -#endif - /* Please use this only for short lists */ errno_t check_order_list_for_duplicates(char **list, bool case_sensitive) @@ -399,35 +391,24 @@ int sssm_ldap_sudo_init(struct be_ctx *be_ctx, struct bet_ops **ops, void **pvt_data) { -#ifdef BUILD_SUDO - struct sdap_id_ctx *id_ctx = NULL; - void *data = NULL; + struct sdap_id_ctx *id_ctx; + void *data; int ret; ret = sssm_ldap_id_init(be_ctx, ops, &data); if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n", + ret, strerror(ret))); return ret; } id_ctx = talloc_get_type(data, struct sdap_id_ctx); - *ops = &sdap_sudo_ops; - *pvt_data = id_ctx; - - ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, - be_ctx->conf_path, id_ctx->opts); - if (ret != EOK) { - return ret; + if (!id_ctx) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n")); + return EIO; } - ret = sdap_sudo_setup_tasks(id_ctx); - if (ret != EOK) { - return ret; - } - - return ret; -#else - return EOK; -#endif + return sdap_sudo_init(be_ctx, id_ctx, ops, &data); } static void sdap_shutdown(struct be_req *req) diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 30afcddf..24425834 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -28,8 +28,115 @@ #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_sudo.h" #include "providers/ldap/sdap_sudo_cache.h" +#include "providers/ldap/sdap_sudo_timer.h" #include "db/sysdb_sudo.h" +static void +sdap_sudo_shutdown(struct be_req *req) +{ + sdap_handler_done(req, DP_ERR_OK, EOK, NULL); +} + +struct bet_ops sdap_sudo_ops = { + .handler = sdap_sudo_handler, + .finalize = sdap_sudo_shutdown +}; + +int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx); + +int sdap_sudo_init(struct be_ctx *be_ctx, + struct sdap_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data) +{ +#ifdef BUILD_SUDO + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n")); + + *ops = &sdap_sudo_ops; + *pvt_data = id_ctx; + + ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, + be_ctx->conf_path, id_ctx->opts); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + + ret = sdap_sudo_setup_tasks(id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("SUDO setup failed [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + + return EOK; +#else + DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is " + "built without sudo support, ignoring\n")); + return EOK; +#endif +} + +int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx) +{ + struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; + struct timeval tv; + int ret = EOK; + bool refreshed = false; + bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic, + SDAP_SUDO_REFRESH_ENABLED); + + /* set up periodical update of sudo rules */ + if (refresh_enabled) { + refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx, + id_ctx->opts, + tevent_timeval_zero()); + if (refresh_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("sdap_sudo_refresh_ctx_init() failed!\n")); + return ENOMEM; + } + + /* If this is the first startup, we need to kick off + * an refresh immediately, to close a window where + * clients requesting sudo information won't get an + * immediate reply with no entries + */ + ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed); + if (ret != EOK) { + return ret; + } + if (refreshed) { + /* At least one update has previously run, + * so clients will get cached data. We will delay + * starting to enumerate by 10s so we don't slow + * down the startup process if this is happening + * during system boot. + */ + tv = tevent_timeval_current_ofs(10, 0); + DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules " + "for 10 seconds\n")); + } else { + /* This is our first startup. Schedule the + * update to start immediately once we + * enter the mainloop. + */ + tv = tevent_timeval_current(); + } + + ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); + if (ret != EOK) { + talloc_free(refresh_ctx); + return ret; + } + } + + return EOK; +} + struct sdap_sudo_load_sudoers_state { struct tevent_context *ev; struct sdap_sudo_ctx *sudo_ctx; diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h index b0e66089..dd42f368 100644 --- a/src/providers/ldap/sdap_sudo.h +++ b/src/providers/ldap/sdap_sudo.h @@ -21,6 +21,14 @@ #ifndef _SDAP_SUDO_H_ #define _SDAP_SUDO_H_ +/* Common functions from ldap_sudo.c */ +void sdap_sudo_handler(struct be_req *breq); +int sdap_sudo_init(struct be_ctx *be_ctx, + struct sdap_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data); + +/* sdap async interface */ struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct be_sudo_req *sudo_req, |