summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--Makefile.am2
-rw-r--r--src/config/SSSDConfig/__init__.py.in2
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf2
-rw-r--r--src/providers/ipa/ipa_opts.h2
-rw-r--r--src/providers/ldap/ldap_opts.h2
-rw-r--r--src/providers/ldap/sdap.h2
-rw-r--r--src/providers/ldap/sdap_sudo.c67
-rw-r--r--src/providers/ldap/sdap_sudo_timer.c237
-rw-r--r--src/providers/ldap/sdap_sudo_timer.h41
9 files changed, 0 insertions, 357 deletions
diff --git a/Makefile.am b/Makefile.am
index d716755a..89a2dfaf 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -401,7 +401,6 @@ dist_noinst_HEADERS = \
src/providers/ldap/sdap_async.h \
src/providers/ldap/sdap_async_private.h \
src/providers/ldap/sdap_sudo_cache.h \
- src/providers/ldap/sdap_sudo_timer.h \
src/providers/ldap/sdap_sudo.h \
src/providers/ldap/sdap_autofs.h \
src/providers/ldap/sdap_id_op.h \
@@ -1185,7 +1184,6 @@ libsss_ldap_common_la_SOURCES = \
if BUILD_SUDO
libsss_ldap_common_la_SOURCES += \
src/providers/ldap/sdap_sudo_cache.c \
- src/providers/ldap/sdap_sudo_timer.c \
src/providers/ldap/sdap_async_sudo.c \
src/providers/ldap/sdap_sudo.c
endif
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in
index d0831109..8c11384d 100644
--- a/src/config/SSSDConfig/__init__.py.in
+++ b/src/config/SSSDConfig/__init__.py.in
@@ -294,8 +294,6 @@ option_strings = {
# [provider/ldap/sudo]
'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'),
'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'),
- 'ldap_sudo_refresh_enabled' : _('Enable periodical update of all sudo rules'),
- 'ldap_sudo_refresh_timeout' : _('Length of time between rules updates'),
'ldap_sudorule_object_class' : _('Object class for sudo rules'),
'ldap_sudorule_name' : _('Sudo rule name'),
'ldap_sudorule_command' : _('Sudo rule command attribute'),
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 89cd4dd2..477328c8 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -129,8 +129,6 @@ ldap_chpass_dns_service_name = str, None, false
[provider/ldap/sudo]
ldap_sudo_search_base = str, None, false
ldap_sudo_full_refresh_interval = int, None, false
-ldap_sudo_refresh_enabled = bool, None, false
-ldap_sudo_refresh_timeout = int, None, false
ldap_sudorule_object_class = str, None, false
ldap_sudorule_name = str, None, false
ldap_sudorule_command = str, None, false
diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h
index e669c7d7..8db64956 100644
--- a/src/providers/ipa/ipa_opts.h
+++ b/src/providers/ipa/ipa_opts.h
@@ -67,8 +67,6 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
{ "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER },
{ "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING },
diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h
index 27f3ce43..c81b0b1e 100644
--- a/src/providers/ldap/ldap_opts.h
+++ b/src/providers/ldap/ldap_opts.h
@@ -47,8 +47,6 @@ struct dp_option default_basic_opts[] = {
{ "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
- { "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
- { "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
{ "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, /* 360 mins */
{ "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_schema", DP_OPT_STRING, { "rfc2307" }, NULL_STRING },
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index ae5bcb01..68acf2cc 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -166,8 +166,6 @@ enum sdap_basic_opt {
SDAP_GROUP_SEARCH_FILTER,
SDAP_SERVICE_SEARCH_BASE,
SDAP_SUDO_SEARCH_BASE,
- SDAP_SUDO_REFRESH_ENABLED,
- SDAP_SUDO_REFRESH_TIMEOUT,
SDAP_SUDO_FULL_REFRESH_INTERVAL,
SDAP_AUTOFS_SEARCH_BASE,
SDAP_SCHEMA,
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index ba96f2cb..271964d9 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -28,7 +28,6 @@
#include "providers/ldap/sdap_async.h"
#include "providers/ldap/sdap_sudo.h"
#include "providers/ldap/sdap_sudo_cache.h"
-#include "providers/ldap/sdap_sudo_timer.h"
#include "db/sysdb_sudo.h"
struct sdap_sudo_full_refresh_state {
@@ -67,8 +66,6 @@ struct bet_ops sdap_sudo_ops = {
.finalize = sdap_sudo_shutdown
};
-int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx);
-
int sdap_sudo_init(struct be_ctx *be_ctx,
struct sdap_id_ctx *id_ctx,
struct bet_ops **ops,
@@ -89,70 +86,6 @@ int sdap_sudo_init(struct be_ctx *be_ctx,
return ret;
}
- ret = sdap_sudo_setup_tasks(id_ctx);
- if (ret != EOK) {
- DEBUG(SSSDBG_OP_FAILURE, ("SUDO setup failed [%d]: %s\n",
- ret, strerror(ret)));
- return ret;
- }
-
- return EOK;
-}
-
-int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx)
-{
- struct sdap_sudo_refresh_ctx *refresh_ctx = NULL;
- struct timeval tv;
- int ret = EOK;
- bool refreshed = false;
- bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic,
- SDAP_SUDO_REFRESH_ENABLED);
-
- /* set up periodical update of sudo rules */
- if (refresh_enabled) {
- refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx,
- id_ctx->opts,
- tevent_timeval_zero());
- if (refresh_ctx == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("sdap_sudo_refresh_ctx_init() failed!\n"));
- return ENOMEM;
- }
-
- /* If this is the first startup, we need to kick off
- * an refresh immediately, to close a window where
- * clients requesting sudo information won't get an
- * immediate reply with no entries
- */
- ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed);
- if (ret != EOK) {
- return ret;
- }
- if (refreshed) {
- /* At least one update has previously run,
- * so clients will get cached data. We will delay
- * starting to enumerate by 10s so we don't slow
- * down the startup process if this is happening
- * during system boot.
- */
- tv = tevent_timeval_current_ofs(10, 0);
- DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules "
- "for 10 seconds\n"));
- } else {
- /* This is our first startup. Schedule the
- * update to start immediately once we
- * enter the mainloop.
- */
- tv = tevent_timeval_current();
- }
-
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- talloc_free(refresh_ctx);
- return ret;
- }
- }
-
return EOK;
}
diff --git a/src/providers/ldap/sdap_sudo_timer.c b/src/providers/ldap/sdap_sudo_timer.c
deleted file mode 100644
index 56386f42..00000000
--- a/src/providers/ldap/sdap_sudo_timer.c
+++ /dev/null
@@ -1,237 +0,0 @@
-/*
- Authors:
- Pavel Březina <pbrezina@redhat.com>
-
- Copyright (C) 2011 Red Hat
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#include <errno.h>
-#include <tevent.h>
-
-#include "util/util.h"
-#include "providers/ldap/ldap_common.h"
-#include "providers/ldap/sdap_sudo_timer.h"
-#include "providers/ldap/sdap_sudo.h"
-#include "db/sysdb_sudo.h"
-
-struct sdap_sudo_refresh_ctx {
- struct be_ctx *be_ctx;
- struct sdap_id_ctx *id_ctx;
- struct sdap_options *opts;
-
- struct timeval last_refresh;
-};
-
-static void sdap_sudo_refresh_timer(struct tevent_context *ev,
- struct tevent_timer *tt,
- struct timeval tv, void *pvt);
-
-static void sdap_sudo_refresh_reschedule(struct tevent_req *req);
-
-static void sdap_sudo_refresh_timeout(struct tevent_context *ev,
- struct tevent_timer *te,
- struct timeval tv, void *pvt);
-
-struct sdap_sudo_refresh_ctx *
-sdap_sudo_refresh_ctx_init(TALLOC_CTX *mem_ctx,
- struct be_ctx *be_ctx,
- struct sdap_id_ctx *id_ctx,
- struct sdap_options *opts,
- struct timeval last_refresh)
-{
- struct sdap_sudo_refresh_ctx *refresh_ctx = NULL;
-
- refresh_ctx = talloc_zero(mem_ctx, struct sdap_sudo_refresh_ctx);
- if (refresh_ctx == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero() failed!\n"));
- return NULL;
- }
-
- refresh_ctx->be_ctx = be_ctx;
- refresh_ctx->id_ctx = id_ctx;
- refresh_ctx->opts = opts;
- refresh_ctx->last_refresh = last_refresh;
-
- return refresh_ctx;
-}
-
-int sdap_sudo_refresh_set_timer(struct sdap_sudo_refresh_ctx *ctx,
- struct timeval tv)
-{
- struct tevent_timer *enum_task;
-
- DEBUG(SSSDBG_TRACE_FUNC, ("Scheduling next refresh of SUDO rules at "
- "%ld.%ld\n", (long)tv.tv_sec, (long)tv.tv_usec));
-
- enum_task = tevent_add_timer(ctx->be_ctx->ev, ctx,
- tv, sdap_sudo_refresh_timer, ctx);
- if (!enum_task) {
- DEBUG(SSSDBG_FATAL_FAILURE,
- ("FATAL: failed to setup SUDO rules refresh task!\n"));
- return EFAULT;
- }
-
- return EOK;
-}
-
-static void sdap_sudo_refresh_timer(struct tevent_context *ev,
- struct tevent_timer *tt,
- struct timeval tv, void *pvt)
-{
- struct sdap_sudo_refresh_ctx *refresh_ctx = NULL;
- struct be_sudo_req *sudo_req = NULL;
- struct tevent_timer *timeout = NULL;
- struct tevent_req *req = NULL;
- int delay = 0;
- int ret;
-
- refresh_ctx = talloc_get_type(pvt, struct sdap_sudo_refresh_ctx);
-
- delay = dp_opt_get_int(refresh_ctx->opts->basic, SDAP_SUDO_REFRESH_TIMEOUT);
-
- if (be_is_offline(refresh_ctx->be_ctx)) {
- DEBUG(SSSDBG_TRACE_FUNC, ("Backend is marked offline, retry later!\n"));
- tv = tevent_timeval_current_ofs(delay, 0);
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n"));
- }
- return;
- }
-
- /* create sudo context */
- sudo_req = talloc_zero(refresh_ctx, struct be_sudo_req);
- if (sudo_req == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero() failed!\n"));
- tv = tevent_timeval_current_ofs(delay, 0);
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n"));
- }
-
- return;
- }
-
- sudo_req->type = BE_REQ_SUDO_ALL;
- sudo_req->username = NULL;
-
- /* send request */
- req = sdap_sudo_refresh_send(refresh_ctx, refresh_ctx->id_ctx->be,
- refresh_ctx->id_ctx->opts,
- refresh_ctx->id_ctx->conn_cache,
- NULL, NULL);
- if (req == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to schedule refresh of SUDO rules, "
- "retrying later!\n"));
- tv = tevent_timeval_current_ofs(delay, 0);
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n"));
- }
-
- talloc_free(sudo_req);
- return;
- }
- refresh_ctx->last_refresh = tevent_timeval_current();
- talloc_steal(req, sudo_req); /* make it free with req */
-
- tevent_req_set_callback(req, sdap_sudo_refresh_reschedule, refresh_ctx);
-
- /* schedule timeout */
- tv = tevent_timeval_current_ofs(delay, 0);
- timeout = tevent_add_timer(refresh_ctx->be_ctx->ev, req, tv,
- sdap_sudo_refresh_timeout, req);
- if (timeout == NULL) {
- /* If we can't guarantee a timeout, we
- * need to cancel the request, to avoid
- * the possibility of starting another
- * concurrently
- */
- talloc_zfree(req);
-
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to schedule refresh of SUDO rules, "
- "retrying later!\n"));
- tv = tevent_timeval_current_ofs(delay, 0);
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n"));
- }
- }
-
- return;
-}
-
-static void sdap_sudo_refresh_reschedule(struct tevent_req *req)
-{
- struct sdap_sudo_refresh_ctx *refresh_ctx = NULL;
- struct timeval tv;
- int delay;
- int dp_error;
- int error;
- int ret;
-
- refresh_ctx = tevent_req_callback_data(req, struct sdap_sudo_refresh_ctx);
- ret = sdap_sudo_refresh_recv(req, &dp_error, &error);
- talloc_zfree(req);
- if (ret != EOK) {
- tv = tevent_timeval_current();
- } else {
- tv = refresh_ctx->last_refresh;
-
- /* Ok, we've completed a refresh. Save this to the
- * sysdb so we can postpone starting up the refresh
- * process on the next SSSD service restart (to avoid
- * slowing down system boot-up
- */
- ret = sysdb_sudo_set_refreshed(refresh_ctx->be_ctx->sysdb, true);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE,
- ("Could not mark domain as having refreshed.\n"));
- /* This error is non-fatal, so continue */
- }
- }
-
- delay = dp_opt_get_int(refresh_ctx->opts->basic, SDAP_SUDO_REFRESH_TIMEOUT);
- tv = tevent_timeval_add(&tv, delay, 0);
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n"));
- }
-}
-
-static void sdap_sudo_refresh_timeout(struct tevent_context *ev,
- struct tevent_timer *te,
- struct timeval tv, void *pvt)
-{
- struct tevent_req *req = talloc_get_type(pvt, struct tevent_req);
- struct sdap_sudo_refresh_ctx *refresh_ctx = NULL;
- int delay;
- int ret;
-
- refresh_ctx = tevent_req_callback_data(req, struct sdap_sudo_refresh_ctx);
-
- delay = dp_opt_get_int(refresh_ctx->opts->basic, SDAP_SUDO_REFRESH_TIMEOUT);
- DEBUG(SSSDBG_CRIT_FAILURE, ("Refreshing SUDO rules timed out!"
- " Timeout too small? (%ds)!\n", delay));
-
- tv = tevent_timeval_current_ofs(delay, 0);
- ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n"));
- }
-
- talloc_zfree(req);
-}
diff --git a/src/providers/ldap/sdap_sudo_timer.h b/src/providers/ldap/sdap_sudo_timer.h
deleted file mode 100644
index ad7dcad8..00000000
--- a/src/providers/ldap/sdap_sudo_timer.h
+++ /dev/null
@@ -1,41 +0,0 @@
-/*
- Authors:
- Pavel Březina <pbrezina@redhat.com>
-
- Copyright (C) 2011 Red Hat
-
- This program is free software; you can redistribute it and/or modify
- it under the terms of the GNU General Public License as published by
- the Free Software Foundation; either version 3 of the License, or
- (at your option) any later version.
-
- This program is distributed in the hope that it will be useful,
- but WITHOUT ANY WARRANTY; without even the implied warranty of
- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- GNU General Public License for more details.
-
- You should have received a copy of the GNU General Public License
- along with this program. If not, see <http://www.gnu.org/licenses/>.
-*/
-
-#ifndef _SDAP_SUDO_TIMER_H_
-#define _SDAP_SUDO_TIMER_H_
-
-#include <time.h>
-
-#include "providers/dp_backend.h"
-#include "providers/ldap/ldap_common.h"
-
-struct sdap_sudo_refresh_ctx;
-
-int sdap_sudo_refresh_set_timer(struct sdap_sudo_refresh_ctx *ctx,
- struct timeval tv);
-
-struct sdap_sudo_refresh_ctx *
-sdap_sudo_refresh_ctx_init(TALLOC_CTX *mem_ctx,
- struct be_ctx *be_ctx,
- struct sdap_id_ctx *id_ctx,
- struct sdap_options *opts,
- struct timeval last_refresh);
-
-#endif /* _SDAP_SUDO_TIMER_H_ */