summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/confdb/confdb.h2
-rw-r--r--src/man/sssd.conf.5.xml15
-rw-r--r--src/providers/data_provider_be.c14
-rw-r--r--src/providers/dp_backend.h2
-rw-r--r--src/providers/ipa/ipa_autofs.c2
-rw-r--r--src/providers/ipa/ipa_init.c30
-rw-r--r--src/providers/ipa/ipa_selinux.c (renamed from src/providers/ipa/ipa_session.c)52
-rw-r--r--src/providers/ipa/ipa_selinux.h (renamed from src/providers/ipa/ipa_session.h)10
8 files changed, 63 insertions, 64 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h
index d06ec7a3..c6611f27 100644
--- a/src/confdb/confdb.h
+++ b/src/confdb/confdb.h
@@ -136,7 +136,7 @@
#define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider"
#define CONFDB_DOMAIN_SUDO_PROVIDER "sudo_provider"
#define CONFDB_DOMAIN_AUTOFS_PROVIDER "autofs_provider"
-#define CONFDB_DOMAIN_SESSION_PROVIDER "session_provider"
+#define CONFDB_DOMAIN_SELINUX_PROVIDER "selinux_provider"
#define CONFDB_DOMAIN_HOSTID_PROVIDER "hostid_provider"
#define CONFDB_DOMAIN_SUBDOMAINS_PROVIDER "subdomains_provider"
#define CONFDB_DOMAIN_COMMAND "command"
diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml
index a6e5e82b..918715a2 100644
--- a/src/man/sssd.conf.5.xml
+++ b/src/man/sssd.conf.5.xml
@@ -1328,15 +1328,16 @@ override_homedir = /home/%u
</listitem>
</varlistentry>
<varlistentry>
- <term>session_provider (string)</term>
+ <term>selinux_provider (string)</term>
<listitem>
<para>
- The provider which should handle loading of session
- settings.
- Supported session providers are:
+ The provider which should handle loading of selinux
+ settings. Note that this provider will be called right
+ after access provider ends.
+ Supported selinux providers are:
</para>
<para>
- <quote>ipa</quote> to load session settings
+ <quote>ipa</quote> to load selinux settings
from an IPA server. See
<citerefentry>
<refentrytitle>sssd-ipa</refentrytitle>
@@ -1344,11 +1345,11 @@ override_homedir = /home/%u
</citerefentry> for more information on configuring IPA.
</para>
<para>
- <quote>none</quote> disallows fetching session settings explicitly.
+ <quote>none</quote> disallows fetching selinux settings explicitly.
</para>
<para>
Default: <quote>id_provider</quote> is used if it
- is set and can handle session loading requests.
+ is set and can handle selinux loading requests.
</para>
</listitem>
</varlistentry>
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index 3b901097..114fde52 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -113,7 +113,7 @@ static struct bet_data bet_data[] = {
{BET_CHPASS, CONFDB_DOMAIN_CHPASS_PROVIDER, "sssm_%s_chpass_init"},
{BET_SUDO, CONFDB_DOMAIN_SUDO_PROVIDER, "sssm_%s_sudo_init"},
{BET_AUTOFS, CONFDB_DOMAIN_AUTOFS_PROVIDER, "sssm_%s_autofs_init"},
- {BET_SESSION, CONFDB_DOMAIN_SESSION_PROVIDER, "sssm_%s_session_init"},
+ {BET_SELINUX, CONFDB_DOMAIN_SELINUX_PROVIDER, "sssm_%s_selinux_init"},
{BET_HOSTID, CONFDB_DOMAIN_HOSTID_PROVIDER, "sssm_%s_hostid_init"},
{BET_SUBDOMAINS, CONFDB_DOMAIN_SUBDOMAINS_PROVIDER, "sssm_%s_subdomains_init"},
{BET_MAX, NULL, NULL}
@@ -858,8 +858,6 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn)
target = BET_CHPASS;
break;
case SSS_PAM_OPEN_SESSION:
- target = BET_SESSION;
- break;
case SSS_PAM_SETCRED:
case SSS_PAM_CLOSE_SESSION:
pd->pam_status = PAM_SUCCESS;
@@ -2170,19 +2168,19 @@ int be_process_init(TALLOC_CTX *mem_ctx,
"from provider [%s].\n", ctx->bet_info[BET_AUTOFS].mod_name));
}
- ret = load_backend_module(ctx, BET_SESSION,
- &ctx->bet_info[BET_SESSION],
+ ret = load_backend_module(ctx, BET_SELINUX,
+ &ctx->bet_info[BET_SELINUX],
ctx->bet_info[BET_ID].mod_name);
if (ret != EOK) {
if (ret != ENOENT) {
DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n"));
return ret;
}
- DEBUG(SSSDBG_CRIT_FAILURE, ("No Session module provided for [%s] !!\n",
+ DEBUG(SSSDBG_CRIT_FAILURE, ("No selinux module provided for [%s] !!\n",
be_domain));
} else {
- DEBUG(SSSDBG_TRACE_ALL, ("Session backend target successfully loaded "
- "from provider [%s].\n", ctx->bet_info[BET_SESSION].mod_name));
+ DEBUG(SSSDBG_TRACE_ALL, ("selinux backend target successfully loaded "
+ "from provider [%s].\n", ctx->bet_info[BET_SELINUX].mod_name));
}
ret = load_backend_module(ctx, BET_HOSTID,
diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h
index 6e5c6e1a..4c703326 100644
--- a/src/providers/dp_backend.h
+++ b/src/providers/dp_backend.h
@@ -51,7 +51,7 @@ enum bet_type {
BET_CHPASS,
BET_SUDO,
BET_AUTOFS,
- BET_SESSION,
+ BET_SELINUX,
BET_HOSTID,
BET_SUBDOMAINS,
BET_MAX
diff --git a/src/providers/ipa/ipa_autofs.c b/src/providers/ipa/ipa_autofs.c
index a050f070..de343212 100644
--- a/src/providers/ipa/ipa_autofs.c
+++ b/src/providers/ipa/ipa_autofs.c
@@ -29,7 +29,7 @@
#include "providers/ipa/ipa_auth.h"
#include "providers/ipa/ipa_access.h"
#include "providers/ipa/ipa_dyndns.h"
-#include "providers/ipa/ipa_session.h"
+#include "providers/ipa/ipa_selinux.h"
struct bet_ops ipa_autofs_ops = {
.handler = sdap_autofs_handler,
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 4fb662c2..670e00fa 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -36,7 +36,7 @@
#include "providers/ipa/ipa_access.h"
#include "providers/ipa/ipa_hostid.h"
#include "providers/ipa/ipa_dyndns.h"
-#include "providers/ipa/ipa_session.h"
+#include "providers/ipa/ipa_selinux.h"
#include "providers/ldap/sdap_access.h"
#include "providers/ipa/ipa_subdomains.h"
@@ -64,8 +64,8 @@ struct bet_ops ipa_access_ops = {
.finalize = NULL
};
-struct bet_ops ipa_session_ops = {
- .handler = ipa_session_handler,
+struct bet_ops ipa_selinux_ops = {
+ .handler = ipa_selinux_handler,
.finalize = NULL
};
@@ -386,38 +386,38 @@ done:
return ret;
}
-int sssm_ipa_session_init(struct be_ctx *bectx,
+int sssm_ipa_selinux_init(struct be_ctx *bectx,
struct bet_ops **ops,
void **pvt_data)
{
int ret;
- struct ipa_session_ctx *session_ctx;
+ struct ipa_selinux_ctx *selinux_ctx;
struct ipa_options *opts;
- session_ctx = talloc_zero(bectx, struct ipa_session_ctx);
- if (session_ctx == NULL) {
+ selinux_ctx = talloc_zero(bectx, struct ipa_selinux_ctx);
+ if (selinux_ctx == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n"));
return ENOMEM;
}
- ret = sssm_ipa_id_init(bectx, ops, (void **) &session_ctx->id_ctx);
+ ret = sssm_ipa_id_init(bectx, ops, (void **) &selinux_ctx->id_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n"));
goto done;
}
- opts = session_ctx->id_ctx->ipa_options;
+ opts = selinux_ctx->id_ctx->ipa_options;
- session_ctx->hbac_search_bases = opts->hbac_search_bases;
- session_ctx->host_search_bases = opts->host_search_bases;
- session_ctx->selinux_search_bases = opts->selinux_search_bases;
+ selinux_ctx->hbac_search_bases = opts->hbac_search_bases;
+ selinux_ctx->host_search_bases = opts->host_search_bases;
+ selinux_ctx->selinux_search_bases = opts->selinux_search_bases;
- *ops = &ipa_session_ops;
- *pvt_data = session_ctx;
+ *ops = &ipa_selinux_ops;
+ *pvt_data = selinux_ctx;
done:
if (ret != EOK) {
- talloc_free(session_ctx);
+ talloc_free(selinux_ctx);
}
return ret;
}
diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_selinux.c
index 9032a8d1..03b7eb45 100644
--- a/src/providers/ipa/ipa_session.c
+++ b/src/providers/ipa/ipa_selinux.c
@@ -1,7 +1,7 @@
/*
SSSD
- IPA Backend Module -- session loading
+ IPA Backend Module -- selinux loading
Authors:
Jan Zeleny <jzeleny@redhat.com>
@@ -29,7 +29,7 @@
#include "providers/ldap/sdap_async.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_config.h"
-#include "providers/ipa/ipa_session.h"
+#include "providers/ipa/ipa_selinux.h"
#include "providers/ipa/ipa_hosts.h"
#include "providers/ipa/ipa_hbac_rules.h"
#include "providers/ipa/ipa_hbac_private.h"
@@ -39,7 +39,7 @@
struct ipa_get_selinux_state {
struct be_req *be_req;
struct pam_data *pd;
- struct ipa_session_ctx *session_ctx;
+ struct ipa_selinux_ctx *selinux_ctx;
struct sdap_id_op *op;
const char *hostname;
@@ -57,8 +57,8 @@ struct ipa_get_selinux_state {
static struct
tevent_req *ipa_get_selinux_send(struct be_req *breq,
struct pam_data *pd,
- struct ipa_session_ctx *session_ctx);
-static void ipa_session_handler_done(struct tevent_req *subreq);
+ struct ipa_selinux_ctx *selinux_ctx);
+static void ipa_selinux_handler_done(struct tevent_req *subreq);
static errno_t ipa_get_selinux_recv(struct tevent_req *req,
TALLOC_CTX *mem_ctx,
size_t *count,
@@ -73,25 +73,25 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq);
static void ipa_get_selinux_maps_done(struct tevent_req *subreq);
static void ipa_get_selinux_hbac_done(struct tevent_req *subreq);
-void ipa_session_handler(struct be_req *be_req)
+void ipa_selinux_handler(struct be_req *be_req)
{
- struct ipa_session_ctx *session_ctx;
+ struct ipa_selinux_ctx *selinux_ctx;
struct tevent_req *req;
struct pam_data *pd;
pd = talloc_get_type(be_req->req_data, struct pam_data);
- session_ctx = talloc_get_type(
- be_req->be_ctx->bet_info[BET_SESSION].pvt_bet_data,
- struct ipa_session_ctx);
+ selinux_ctx = talloc_get_type(
+ be_req->be_ctx->bet_info[BET_SELINUX].pvt_bet_data,
+ struct ipa_selinux_ctx);
- req = ipa_get_selinux_send(be_req, pd, session_ctx);
+ req = ipa_get_selinux_send(be_req, pd, selinux_ctx);
if (req == NULL) {
goto fail;
}
- tevent_req_set_callback(req, ipa_session_handler_done, be_req);
+ tevent_req_set_callback(req, ipa_selinux_handler_done, be_req);
return;
@@ -99,7 +99,7 @@ fail:
be_req->fn(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL);
}
-static void ipa_session_handler_done(struct tevent_req *req)
+static void ipa_selinux_handler_done(struct tevent_req *req)
{
struct be_req *breq = tevent_req_callback_data(req, struct be_req);
struct sysdb_ctx *sysdb = breq->be_ctx->sysdb;
@@ -172,7 +172,7 @@ fail:
static struct tevent_req *ipa_get_selinux_send(struct be_req *breq,
struct pam_data *pd,
- struct ipa_session_ctx *session_ctx)
+ struct ipa_selinux_ctx *selinux_ctx)
{
struct tevent_req *req;
struct tevent_req *subreq;
@@ -189,14 +189,14 @@ static struct tevent_req *ipa_get_selinux_send(struct be_req *breq,
state->be_req = breq;
state->pd = pd;
- state->session_ctx = session_ctx;
+ state->selinux_ctx = selinux_ctx;
offline = be_is_offline(bctx);
DEBUG(SSSDBG_TRACE_INTERNAL, ("Connection status is [%s].\n",
offline ? "offline" : "online"));
if (!offline) {
- state->op = sdap_id_op_create(state, session_ctx->id_ctx->sdap_id_ctx->conn_cache);
+ state->op = sdap_id_op_create(state, selinux_ctx->id_ctx->sdap_id_ctx->conn_cache);
if (!state->op) {
DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n"));
ret = ENOMEM;
@@ -237,7 +237,7 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
struct ipa_get_selinux_state);
int dp_error = DP_ERR_FATAL;
int ret;
- struct ipa_id_ctx *id_ctx = state->session_ctx->id_ctx;
+ struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx;
struct be_ctx *bctx = state->be_req->be_ctx;
ret = sdap_id_op_connect_recv(subreq, &dp_error);
@@ -252,7 +252,7 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
goto fail;
}
- state->hostname = dp_opt_get_string(state->session_ctx->id_ctx->ipa_options->basic,
+ state->hostname = dp_opt_get_string(state->selinux_ctx->id_ctx->ipa_options->basic,
IPA_HOSTNAME);
/* FIXME: detect if HBAC is configured
@@ -265,7 +265,7 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
state->hostname,
id_ctx->ipa_options->host_map,
NULL,
- state->session_ctx->host_search_bases);
+ state->selinux_ctx->host_search_bases);
if (subreq == NULL) {
ret = ENOMEM;
goto fail;
@@ -320,9 +320,9 @@ static void ipa_get_config_step(struct tevent_req *req)
struct ipa_get_selinux_state *state = tevent_req_data(req,
struct ipa_get_selinux_state);
struct be_ctx *bctx = state->be_req->be_ctx;
- struct ipa_id_ctx *id_ctx = state->session_ctx->id_ctx;
+ struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx;
- domain = dp_opt_get_string(state->session_ctx->id_ctx->ipa_options->basic,
+ domain = dp_opt_get_string(state->selinux_ctx->id_ctx->ipa_options->basic,
IPA_KRB5_REALM);
subreq = ipa_get_config_send(state, bctx->ev,
sdap_id_op_handle(state->op),
@@ -341,7 +341,7 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq)
struct ipa_get_selinux_state *state = tevent_req_data(req,
struct ipa_get_selinux_state);
struct be_ctx *bctx = state->be_req->be_ctx;
- struct sdap_id_ctx *id_ctx = state->session_ctx->id_ctx->sdap_id_ctx;
+ struct sdap_id_ctx *id_ctx = state->selinux_ctx->id_ctx->sdap_id_ctx;
errno_t ret;
ret = ipa_get_config_recv(subreq, state, &state->defaults);
@@ -354,8 +354,8 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq)
subreq = ipa_selinux_get_maps_send(state, bctx->ev, bctx->sysdb,
sdap_id_op_handle(state->op),
id_ctx->opts,
- state->session_ctx->id_ctx->ipa_options,
- state->session_ctx->selinux_search_bases);
+ state->selinux_ctx->id_ctx->ipa_options,
+ state->selinux_ctx->selinux_search_bases);
if (!subreq) {
ret = ENOMEM;
goto done;
@@ -387,7 +387,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct ipa_get_selinux_state);
bctx = state->be_req->be_ctx;
- id_ctx = state->session_ctx->id_ctx;
+ id_ctx = state->selinux_ctx->id_ctx;
ret = ipa_selinux_get_maps_recv(subreq, state,
&state->nmaps, &state->selinuxmaps);
@@ -445,7 +445,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
subreq = ipa_hbac_rule_info_send(state, false, bctx->ev,
sdap_id_op_handle(state->op),
id_ctx->sdap_id_ctx->opts,
- state->session_ctx->hbac_search_bases,
+ state->selinux_ctx->hbac_search_bases,
state->host);
if (subreq == NULL) {
ret = ENOMEM;
diff --git a/src/providers/ipa/ipa_session.h b/src/providers/ipa/ipa_selinux.h
index e185799f..60c22110 100644
--- a/src/providers/ipa/ipa_session.h
+++ b/src/providers/ipa/ipa_selinux.h
@@ -1,7 +1,7 @@
/*
SSSD
- IPA Backend Module -- session loading
+ IPA Backend Module -- selinux loading
Authors:
Jan Zeleny <jzeleny@redhat.com>
@@ -22,12 +22,12 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-#ifndef _IPA_SESSION_H_
-#define _IPA_SESSION_H_
+#ifndef _IPA_SELINUX_H_
+#define _IPA_SELINUX_H_
#include "providers/ldap/ldap_common.h"
-struct ipa_session_ctx {
+struct ipa_selinux_ctx {
struct ipa_id_ctx *id_ctx;
struct sdap_search_base **selinux_search_bases;
@@ -35,6 +35,6 @@ struct ipa_session_ctx {
struct sdap_search_base **hbac_search_bases;
};
-void ipa_session_handler(struct be_req *be_req);
+void ipa_selinux_handler(struct be_req *be_req);
#endif