summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/providers/ipa/ipa_access.c17
-rw-r--r--src/providers/ipa/ipa_hbac_common.c38
-rw-r--r--src/providers/ipa/ipa_hbac_private.h6
3 files changed, 25 insertions, 36 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 3f84d6c5..a0158f53 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -463,7 +463,6 @@ static void hbac_sysdb_save(struct tevent_req *req)
struct hbac_ctx *hbac_ctx =
tevent_req_callback_data(req, struct hbac_ctx);
struct sss_domain_info *domain = hbac_ctx_be(hbac_ctx)->domain;
- struct sysdb_ctx *sysdb = hbac_ctx_sysdb(hbac_ctx);
struct ldb_dn *base_dn;
struct be_ctx *be_ctx = hbac_ctx_be(hbac_ctx);
struct ipa_access_ctx *access_ctx =
@@ -488,7 +487,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
/* Delete any rules in the sysdb so offline logins
* are also denied.
*/
- base_dn = sysdb_custom_subtree_dn(sysdb, tmp_ctx,
+ base_dn = sysdb_custom_subtree_dn(domain->sysdb, tmp_ctx,
domain, HBAC_RULES_SUBDIR);
if (base_dn == NULL) {
talloc_free(tmp_ctx);
@@ -496,7 +495,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
return;
}
- ret = sysdb_delete_recursive(sysdb, base_dn, true);
+ ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
talloc_free(tmp_ctx);
if (ret != EOK) {
DEBUG(1, ("sysdb_delete_recursive failed.\n"));
@@ -513,7 +512,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
return;
}
- ret = sysdb_transaction_start(sysdb);
+ ret = sysdb_transaction_start(domain->sysdb);
if (ret != EOK) {
DEBUG(0, ("Could not start transaction\n"));
goto fail;
@@ -521,7 +520,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
in_transaction = true;
/* Save the hosts */
- ret = ipa_hbac_sysdb_save(sysdb, domain,
+ ret = ipa_hbac_sysdb_save(domain,
HBAC_HOSTS_SUBDIR, SYSDB_FQDN,
hbac_ctx->host_count, hbac_ctx->hosts,
HBAC_HOSTGROUPS_SUBDIR, SYSDB_NAME,
@@ -534,7 +533,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
}
/* Save the services */
- ret = ipa_hbac_sysdb_save(sysdb, domain,
+ ret = ipa_hbac_sysdb_save(domain,
HBAC_SERVICES_SUBDIR, IPA_CN,
hbac_ctx->service_count, hbac_ctx->services,
HBAC_SERVICEGROUPS_SUBDIR, IPA_CN,
@@ -546,7 +545,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
goto fail;
}
/* Save the rules */
- ret = ipa_hbac_sysdb_save(sysdb, domain,
+ ret = ipa_hbac_sysdb_save(domain,
HBAC_RULES_SUBDIR, IPA_UNIQUE_ID,
hbac_ctx->rule_count,
hbac_ctx->rules,
@@ -557,7 +556,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
goto fail;
}
- ret = sysdb_transaction_commit(sysdb);
+ ret = sysdb_transaction_commit(domain->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
goto fail;
@@ -580,7 +579,7 @@ static void hbac_sysdb_save(struct tevent_req *req)
fail:
if (in_transaction) {
- ret = sysdb_transaction_cancel(sysdb);
+ ret = sysdb_transaction_cancel(domain->sysdb);
if (ret != EOK) {
DEBUG(0, ("Could not cancel transaction\n"));
}
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index 8f921f82..c8fb1aa1 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -24,9 +24,9 @@
#include "providers/ipa/ipa_hbac.h"
#include "providers/ipa/ipa_common.h"
-errno_t
-ipa_hbac_save_list(struct sysdb_ctx *sysdb, bool delete_subdir,
- const char *subdir, struct sss_domain_info *domain,
+static errno_t
+ipa_hbac_save_list(struct sss_domain_info *domain,
+ bool delete_subdir, const char *subdir,
const char *naming_attribute, size_t count,
struct sysdb_attrs **list)
{
@@ -44,13 +44,14 @@ ipa_hbac_save_list(struct sysdb_ctx *sysdb, bool delete_subdir,
}
if (delete_subdir) {
- base_dn = sysdb_custom_subtree_dn(sysdb, tmp_ctx, domain, subdir);
+ base_dn = sysdb_custom_subtree_dn(domain->sysdb, tmp_ctx,
+ domain, subdir);
if (base_dn == NULL) {
ret = ENOMEM;
goto done;
}
- ret = sysdb_delete_recursive(sysdb, base_dn, true);
+ ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
if (ret != EOK) {
DEBUG(1, ("sysdb_delete_recursive failed.\n"));
goto done;
@@ -77,7 +78,8 @@ ipa_hbac_save_list(struct sysdb_ctx *sysdb, bool delete_subdir,
}
DEBUG(9, ("Object name: [%s].\n", object_name));
- ret = sysdb_store_custom(sysdb, domain, object_name, subdir, list[c]);
+ ret = sysdb_store_custom(domain->sysdb, domain,
+ object_name, subdir, list[c]);
if (ret != EOK) {
DEBUG(1, ("sysdb_store_custom failed.\n"));
goto done;
@@ -92,7 +94,7 @@ done:
}
errno_t
-ipa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
+ipa_hbac_sysdb_save(struct sss_domain_info *domain,
const char *primary_subdir, const char *attr_name,
size_t primary_count, struct sysdb_attrs **primary,
const char *group_subdir, const char *groupattr_name,
@@ -110,7 +112,7 @@ ipa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
}
/* Save the entries and groups to the cache */
- ret = sysdb_transaction_start(sysdb);
+ ret = sysdb_transaction_start(domain->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
goto done;
@@ -118,12 +120,8 @@ ipa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
in_transaction = true;
/* First, save the specific entries */
- ret = ipa_hbac_save_list(sysdb, true,
- primary_subdir,
- domain,
- attr_name,
- primary_count,
- primary);
+ ret = ipa_hbac_save_list(domain, true, primary_subdir,
+ attr_name, primary_count, primary);
if (ret != EOK) {
DEBUG(1, ("Could not save %s. [%d][%s]\n",
primary_subdir, ret, strerror(ret)));
@@ -132,12 +130,8 @@ ipa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
/* Second, save the groups */
if (group_count > 0) {
- ret = ipa_hbac_save_list(sysdb, true,
- group_subdir,
- domain,
- groupattr_name,
- group_count,
- groups);
+ ret = ipa_hbac_save_list(domain, true, group_subdir,
+ groupattr_name, group_count, groups);
if (ret != EOK) {
DEBUG(1, ("Could not save %s. [%d][%s]\n",
group_subdir, ret, strerror(ret)));
@@ -145,7 +139,7 @@ ipa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
}
}
- ret = sysdb_transaction_commit(sysdb);
+ ret = sysdb_transaction_commit(domain->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
goto done;
@@ -154,7 +148,7 @@ ipa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
done:
if (in_transaction) {
- sret = sysdb_transaction_cancel(sysdb);
+ sret = sysdb_transaction_cancel(domain->sysdb);
if (sret != EOK) {
DEBUG(0, ("Could not cancel sysdb transaction\n"));
}
diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h
index d9d98222..c831cd5c 100644
--- a/src/providers/ipa/ipa_hbac_private.h
+++ b/src/providers/ipa/ipa_hbac_private.h
@@ -65,12 +65,8 @@
#define HBAC_SERVICEGROUPS_SUBDIR "hbac_servicegroups"
/* From ipa_hbac_common.c */
-errno_t ipa_hbac_save_list(struct sysdb_ctx *sysdb, bool delete_subdir,
- const char *subdir, struct sss_domain_info *domain,
- const char *naming_attribute, size_t count,
- struct sysdb_attrs **list);
errno_t
-ipa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
+ipa_hbac_sysdb_save(struct sss_domain_info *domain,
const char *primary_subdir, const char *attr_name,
size_t primary_count, struct sysdb_attrs **primary,
const char *group_subdir, const char *groupattr_name,