diff options
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 2 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_opts.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/ldap_opts.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo.c | 67 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo_timer.c | 237 | ||||
-rw-r--r-- | src/providers/ldap/sdap_sudo_timer.h | 41 |
9 files changed, 0 insertions, 357 deletions
diff --git a/Makefile.am b/Makefile.am index d716755a..89a2dfaf 100644 --- a/Makefile.am +++ b/Makefile.am @@ -401,7 +401,6 @@ dist_noinst_HEADERS = \ src/providers/ldap/sdap_async.h \ src/providers/ldap/sdap_async_private.h \ src/providers/ldap/sdap_sudo_cache.h \ - src/providers/ldap/sdap_sudo_timer.h \ src/providers/ldap/sdap_sudo.h \ src/providers/ldap/sdap_autofs.h \ src/providers/ldap/sdap_id_op.h \ @@ -1185,7 +1184,6 @@ libsss_ldap_common_la_SOURCES = \ if BUILD_SUDO libsss_ldap_common_la_SOURCES += \ src/providers/ldap/sdap_sudo_cache.c \ - src/providers/ldap/sdap_sudo_timer.c \ src/providers/ldap/sdap_async_sudo.c \ src/providers/ldap/sdap_sudo.c endif diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index d0831109..8c11384d 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -294,8 +294,6 @@ option_strings = { # [provider/ldap/sudo] 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'), 'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'), - 'ldap_sudo_refresh_enabled' : _('Enable periodical update of all sudo rules'), - 'ldap_sudo_refresh_timeout' : _('Length of time between rules updates'), 'ldap_sudorule_object_class' : _('Object class for sudo rules'), 'ldap_sudorule_name' : _('Sudo rule name'), 'ldap_sudorule_command' : _('Sudo rule command attribute'), diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 89cd4dd2..477328c8 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -129,8 +129,6 @@ ldap_chpass_dns_service_name = str, None, false [provider/ldap/sudo] ldap_sudo_search_base = str, None, false ldap_sudo_full_refresh_interval = int, None, false -ldap_sudo_refresh_enabled = bool, None, false -ldap_sudo_refresh_timeout = int, None, false ldap_sudorule_object_class = str, None, false ldap_sudorule_name = str, None, false ldap_sudorule_command = str, None, false diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index e669c7d7..8db64956 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -67,8 +67,6 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, - { "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING }, diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 27f3ce43..c81b0b1e 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -47,8 +47,6 @@ struct dp_option default_basic_opts[] = { { "ldap_group_search_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, - { "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, - { "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER }, { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, /* 360 mins */ { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "rfc2307" }, NULL_STRING }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index ae5bcb01..68acf2cc 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -166,8 +166,6 @@ enum sdap_basic_opt { SDAP_GROUP_SEARCH_FILTER, SDAP_SERVICE_SEARCH_BASE, SDAP_SUDO_SEARCH_BASE, - SDAP_SUDO_REFRESH_ENABLED, - SDAP_SUDO_REFRESH_TIMEOUT, SDAP_SUDO_FULL_REFRESH_INTERVAL, SDAP_AUTOFS_SEARCH_BASE, SDAP_SCHEMA, diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index ba96f2cb..271964d9 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -28,7 +28,6 @@ #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_sudo.h" #include "providers/ldap/sdap_sudo_cache.h" -#include "providers/ldap/sdap_sudo_timer.h" #include "db/sysdb_sudo.h" struct sdap_sudo_full_refresh_state { @@ -67,8 +66,6 @@ struct bet_ops sdap_sudo_ops = { .finalize = sdap_sudo_shutdown }; -int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx); - int sdap_sudo_init(struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx, struct bet_ops **ops, @@ -89,70 +86,6 @@ int sdap_sudo_init(struct be_ctx *be_ctx, return ret; } - ret = sdap_sudo_setup_tasks(id_ctx); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("SUDO setup failed [%d]: %s\n", - ret, strerror(ret))); - return ret; - } - - return EOK; -} - -int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx) -{ - struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; - struct timeval tv; - int ret = EOK; - bool refreshed = false; - bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic, - SDAP_SUDO_REFRESH_ENABLED); - - /* set up periodical update of sudo rules */ - if (refresh_enabled) { - refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx, - id_ctx->opts, - tevent_timeval_zero()); - if (refresh_ctx == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("sdap_sudo_refresh_ctx_init() failed!\n")); - return ENOMEM; - } - - /* If this is the first startup, we need to kick off - * an refresh immediately, to close a window where - * clients requesting sudo information won't get an - * immediate reply with no entries - */ - ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed); - if (ret != EOK) { - return ret; - } - if (refreshed) { - /* At least one update has previously run, - * so clients will get cached data. We will delay - * starting to enumerate by 10s so we don't slow - * down the startup process if this is happening - * during system boot. - */ - tv = tevent_timeval_current_ofs(10, 0); - DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules " - "for 10 seconds\n")); - } else { - /* This is our first startup. Schedule the - * update to start immediately once we - * enter the mainloop. - */ - tv = tevent_timeval_current(); - } - - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - talloc_free(refresh_ctx); - return ret; - } - } - return EOK; } diff --git a/src/providers/ldap/sdap_sudo_timer.c b/src/providers/ldap/sdap_sudo_timer.c deleted file mode 100644 index 56386f42..00000000 --- a/src/providers/ldap/sdap_sudo_timer.c +++ /dev/null @@ -1,237 +0,0 @@ -/* - Authors: - Pavel Březina <pbrezina@redhat.com> - - Copyright (C) 2011 Red Hat - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include <errno.h> -#include <tevent.h> - -#include "util/util.h" -#include "providers/ldap/ldap_common.h" -#include "providers/ldap/sdap_sudo_timer.h" -#include "providers/ldap/sdap_sudo.h" -#include "db/sysdb_sudo.h" - -struct sdap_sudo_refresh_ctx { - struct be_ctx *be_ctx; - struct sdap_id_ctx *id_ctx; - struct sdap_options *opts; - - struct timeval last_refresh; -}; - -static void sdap_sudo_refresh_timer(struct tevent_context *ev, - struct tevent_timer *tt, - struct timeval tv, void *pvt); - -static void sdap_sudo_refresh_reschedule(struct tevent_req *req); - -static void sdap_sudo_refresh_timeout(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval tv, void *pvt); - -struct sdap_sudo_refresh_ctx * -sdap_sudo_refresh_ctx_init(TALLOC_CTX *mem_ctx, - struct be_ctx *be_ctx, - struct sdap_id_ctx *id_ctx, - struct sdap_options *opts, - struct timeval last_refresh) -{ - struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; - - refresh_ctx = talloc_zero(mem_ctx, struct sdap_sudo_refresh_ctx); - if (refresh_ctx == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero() failed!\n")); - return NULL; - } - - refresh_ctx->be_ctx = be_ctx; - refresh_ctx->id_ctx = id_ctx; - refresh_ctx->opts = opts; - refresh_ctx->last_refresh = last_refresh; - - return refresh_ctx; -} - -int sdap_sudo_refresh_set_timer(struct sdap_sudo_refresh_ctx *ctx, - struct timeval tv) -{ - struct tevent_timer *enum_task; - - DEBUG(SSSDBG_TRACE_FUNC, ("Scheduling next refresh of SUDO rules at " - "%ld.%ld\n", (long)tv.tv_sec, (long)tv.tv_usec)); - - enum_task = tevent_add_timer(ctx->be_ctx->ev, ctx, - tv, sdap_sudo_refresh_timer, ctx); - if (!enum_task) { - DEBUG(SSSDBG_FATAL_FAILURE, - ("FATAL: failed to setup SUDO rules refresh task!\n")); - return EFAULT; - } - - return EOK; -} - -static void sdap_sudo_refresh_timer(struct tevent_context *ev, - struct tevent_timer *tt, - struct timeval tv, void *pvt) -{ - struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; - struct be_sudo_req *sudo_req = NULL; - struct tevent_timer *timeout = NULL; - struct tevent_req *req = NULL; - int delay = 0; - int ret; - - refresh_ctx = talloc_get_type(pvt, struct sdap_sudo_refresh_ctx); - - delay = dp_opt_get_int(refresh_ctx->opts->basic, SDAP_SUDO_REFRESH_TIMEOUT); - - if (be_is_offline(refresh_ctx->be_ctx)) { - DEBUG(SSSDBG_TRACE_FUNC, ("Backend is marked offline, retry later!\n")); - tv = tevent_timeval_current_ofs(delay, 0); - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n")); - } - return; - } - - /* create sudo context */ - sudo_req = talloc_zero(refresh_ctx, struct be_sudo_req); - if (sudo_req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero() failed!\n")); - tv = tevent_timeval_current_ofs(delay, 0); - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n")); - } - - return; - } - - sudo_req->type = BE_REQ_SUDO_ALL; - sudo_req->username = NULL; - - /* send request */ - req = sdap_sudo_refresh_send(refresh_ctx, refresh_ctx->id_ctx->be, - refresh_ctx->id_ctx->opts, - refresh_ctx->id_ctx->conn_cache, - NULL, NULL); - if (req == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to schedule refresh of SUDO rules, " - "retrying later!\n")); - tv = tevent_timeval_current_ofs(delay, 0); - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n")); - } - - talloc_free(sudo_req); - return; - } - refresh_ctx->last_refresh = tevent_timeval_current(); - talloc_steal(req, sudo_req); /* make it free with req */ - - tevent_req_set_callback(req, sdap_sudo_refresh_reschedule, refresh_ctx); - - /* schedule timeout */ - tv = tevent_timeval_current_ofs(delay, 0); - timeout = tevent_add_timer(refresh_ctx->be_ctx->ev, req, tv, - sdap_sudo_refresh_timeout, req); - if (timeout == NULL) { - /* If we can't guarantee a timeout, we - * need to cancel the request, to avoid - * the possibility of starting another - * concurrently - */ - talloc_zfree(req); - - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to schedule refresh of SUDO rules, " - "retrying later!\n")); - tv = tevent_timeval_current_ofs(delay, 0); - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n")); - } - } - - return; -} - -static void sdap_sudo_refresh_reschedule(struct tevent_req *req) -{ - struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; - struct timeval tv; - int delay; - int dp_error; - int error; - int ret; - - refresh_ctx = tevent_req_callback_data(req, struct sdap_sudo_refresh_ctx); - ret = sdap_sudo_refresh_recv(req, &dp_error, &error); - talloc_zfree(req); - if (ret != EOK) { - tv = tevent_timeval_current(); - } else { - tv = refresh_ctx->last_refresh; - - /* Ok, we've completed a refresh. Save this to the - * sysdb so we can postpone starting up the refresh - * process on the next SSSD service restart (to avoid - * slowing down system boot-up - */ - ret = sysdb_sudo_set_refreshed(refresh_ctx->be_ctx->sysdb, true); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("Could not mark domain as having refreshed.\n")); - /* This error is non-fatal, so continue */ - } - } - - delay = dp_opt_get_int(refresh_ctx->opts->basic, SDAP_SUDO_REFRESH_TIMEOUT); - tv = tevent_timeval_add(&tv, delay, 0); - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n")); - } -} - -static void sdap_sudo_refresh_timeout(struct tevent_context *ev, - struct tevent_timer *te, - struct timeval tv, void *pvt) -{ - struct tevent_req *req = talloc_get_type(pvt, struct tevent_req); - struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; - int delay; - int ret; - - refresh_ctx = tevent_req_callback_data(req, struct sdap_sudo_refresh_ctx); - - delay = dp_opt_get_int(refresh_ctx->opts->basic, SDAP_SUDO_REFRESH_TIMEOUT); - DEBUG(SSSDBG_CRIT_FAILURE, ("Refreshing SUDO rules timed out!" - " Timeout too small? (%ds)!\n", delay)); - - tv = tevent_timeval_current_ofs(delay, 0); - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Error setting up SUDO refresh timer\n")); - } - - talloc_zfree(req); -} diff --git a/src/providers/ldap/sdap_sudo_timer.h b/src/providers/ldap/sdap_sudo_timer.h deleted file mode 100644 index ad7dcad8..00000000 --- a/src/providers/ldap/sdap_sudo_timer.h +++ /dev/null @@ -1,41 +0,0 @@ -/* - Authors: - Pavel Březina <pbrezina@redhat.com> - - Copyright (C) 2011 Red Hat - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#ifndef _SDAP_SUDO_TIMER_H_ -#define _SDAP_SUDO_TIMER_H_ - -#include <time.h> - -#include "providers/dp_backend.h" -#include "providers/ldap/ldap_common.h" - -struct sdap_sudo_refresh_ctx; - -int sdap_sudo_refresh_set_timer(struct sdap_sudo_refresh_ctx *ctx, - struct timeval tv); - -struct sdap_sudo_refresh_ctx * -sdap_sudo_refresh_ctx_init(TALLOC_CTX *mem_ctx, - struct be_ctx *be_ctx, - struct sdap_id_ctx *id_ctx, - struct sdap_options *opts, - struct timeval last_refresh); - -#endif /* _SDAP_SUDO_TIMER_H_ */ |