diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/confdb/confdb.h | 2 | ||||
-rw-r--r-- | src/man/sssd.conf.5.xml | 15 | ||||
-rw-r--r-- | src/providers/data_provider_be.c | 14 | ||||
-rw-r--r-- | src/providers/dp_backend.h | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_autofs.c | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_init.c | 30 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux.c (renamed from src/providers/ipa/ipa_session.c) | 52 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux.h (renamed from src/providers/ipa/ipa_session.h) | 10 |
8 files changed, 63 insertions, 64 deletions
diff --git a/src/confdb/confdb.h b/src/confdb/confdb.h index d06ec7a3..c6611f27 100644 --- a/src/confdb/confdb.h +++ b/src/confdb/confdb.h @@ -136,7 +136,7 @@ #define CONFDB_DOMAIN_CHPASS_PROVIDER "chpass_provider" #define CONFDB_DOMAIN_SUDO_PROVIDER "sudo_provider" #define CONFDB_DOMAIN_AUTOFS_PROVIDER "autofs_provider" -#define CONFDB_DOMAIN_SESSION_PROVIDER "session_provider" +#define CONFDB_DOMAIN_SELINUX_PROVIDER "selinux_provider" #define CONFDB_DOMAIN_HOSTID_PROVIDER "hostid_provider" #define CONFDB_DOMAIN_SUBDOMAINS_PROVIDER "subdomains_provider" #define CONFDB_DOMAIN_COMMAND "command" diff --git a/src/man/sssd.conf.5.xml b/src/man/sssd.conf.5.xml index a6e5e82b..918715a2 100644 --- a/src/man/sssd.conf.5.xml +++ b/src/man/sssd.conf.5.xml @@ -1328,15 +1328,16 @@ override_homedir = /home/%u </listitem> </varlistentry> <varlistentry> - <term>session_provider (string)</term> + <term>selinux_provider (string)</term> <listitem> <para> - The provider which should handle loading of session - settings. - Supported session providers are: + The provider which should handle loading of selinux + settings. Note that this provider will be called right + after access provider ends. + Supported selinux providers are: </para> <para> - <quote>ipa</quote> to load session settings + <quote>ipa</quote> to load selinux settings from an IPA server. See <citerefentry> <refentrytitle>sssd-ipa</refentrytitle> @@ -1344,11 +1345,11 @@ override_homedir = /home/%u </citerefentry> for more information on configuring IPA. </para> <para> - <quote>none</quote> disallows fetching session settings explicitly. + <quote>none</quote> disallows fetching selinux settings explicitly. </para> <para> Default: <quote>id_provider</quote> is used if it - is set and can handle session loading requests. + is set and can handle selinux loading requests. </para> </listitem> </varlistentry> diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index 3b901097..114fde52 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -113,7 +113,7 @@ static struct bet_data bet_data[] = { {BET_CHPASS, CONFDB_DOMAIN_CHPASS_PROVIDER, "sssm_%s_chpass_init"}, {BET_SUDO, CONFDB_DOMAIN_SUDO_PROVIDER, "sssm_%s_sudo_init"}, {BET_AUTOFS, CONFDB_DOMAIN_AUTOFS_PROVIDER, "sssm_%s_autofs_init"}, - {BET_SESSION, CONFDB_DOMAIN_SESSION_PROVIDER, "sssm_%s_session_init"}, + {BET_SELINUX, CONFDB_DOMAIN_SELINUX_PROVIDER, "sssm_%s_selinux_init"}, {BET_HOSTID, CONFDB_DOMAIN_HOSTID_PROVIDER, "sssm_%s_hostid_init"}, {BET_SUBDOMAINS, CONFDB_DOMAIN_SUBDOMAINS_PROVIDER, "sssm_%s_subdomains_init"}, {BET_MAX, NULL, NULL} @@ -858,8 +858,6 @@ static int be_pam_handler(DBusMessage *message, struct sbus_connection *conn) target = BET_CHPASS; break; case SSS_PAM_OPEN_SESSION: - target = BET_SESSION; - break; case SSS_PAM_SETCRED: case SSS_PAM_CLOSE_SESSION: pd->pam_status = PAM_SUCCESS; @@ -2170,19 +2168,19 @@ int be_process_init(TALLOC_CTX *mem_ctx, "from provider [%s].\n", ctx->bet_info[BET_AUTOFS].mod_name)); } - ret = load_backend_module(ctx, BET_SESSION, - &ctx->bet_info[BET_SESSION], + ret = load_backend_module(ctx, BET_SELINUX, + &ctx->bet_info[BET_SELINUX], ctx->bet_info[BET_ID].mod_name); if (ret != EOK) { if (ret != ENOENT) { DEBUG(SSSDBG_FATAL_FAILURE, ("fatal error initializing data providers\n")); return ret; } - DEBUG(SSSDBG_CRIT_FAILURE, ("No Session module provided for [%s] !!\n", + DEBUG(SSSDBG_CRIT_FAILURE, ("No selinux module provided for [%s] !!\n", be_domain)); } else { - DEBUG(SSSDBG_TRACE_ALL, ("Session backend target successfully loaded " - "from provider [%s].\n", ctx->bet_info[BET_SESSION].mod_name)); + DEBUG(SSSDBG_TRACE_ALL, ("selinux backend target successfully loaded " + "from provider [%s].\n", ctx->bet_info[BET_SELINUX].mod_name)); } ret = load_backend_module(ctx, BET_HOSTID, diff --git a/src/providers/dp_backend.h b/src/providers/dp_backend.h index 6e5c6e1a..4c703326 100644 --- a/src/providers/dp_backend.h +++ b/src/providers/dp_backend.h @@ -51,7 +51,7 @@ enum bet_type { BET_CHPASS, BET_SUDO, BET_AUTOFS, - BET_SESSION, + BET_SELINUX, BET_HOSTID, BET_SUBDOMAINS, BET_MAX diff --git a/src/providers/ipa/ipa_autofs.c b/src/providers/ipa/ipa_autofs.c index a050f070..de343212 100644 --- a/src/providers/ipa/ipa_autofs.c +++ b/src/providers/ipa/ipa_autofs.c @@ -29,7 +29,7 @@ #include "providers/ipa/ipa_auth.h" #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_dyndns.h" -#include "providers/ipa/ipa_session.h" +#include "providers/ipa/ipa_selinux.h" struct bet_ops ipa_autofs_ops = { .handler = sdap_autofs_handler, diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 4fb662c2..670e00fa 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -36,7 +36,7 @@ #include "providers/ipa/ipa_access.h" #include "providers/ipa/ipa_hostid.h" #include "providers/ipa/ipa_dyndns.h" -#include "providers/ipa/ipa_session.h" +#include "providers/ipa/ipa_selinux.h" #include "providers/ldap/sdap_access.h" #include "providers/ipa/ipa_subdomains.h" @@ -64,8 +64,8 @@ struct bet_ops ipa_access_ops = { .finalize = NULL }; -struct bet_ops ipa_session_ops = { - .handler = ipa_session_handler, +struct bet_ops ipa_selinux_ops = { + .handler = ipa_selinux_handler, .finalize = NULL }; @@ -386,38 +386,38 @@ done: return ret; } -int sssm_ipa_session_init(struct be_ctx *bectx, +int sssm_ipa_selinux_init(struct be_ctx *bectx, struct bet_ops **ops, void **pvt_data) { int ret; - struct ipa_session_ctx *session_ctx; + struct ipa_selinux_ctx *selinux_ctx; struct ipa_options *opts; - session_ctx = talloc_zero(bectx, struct ipa_session_ctx); - if (session_ctx == NULL) { + selinux_ctx = talloc_zero(bectx, struct ipa_selinux_ctx); + if (selinux_ctx == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("talloc_zero failed.\n")); return ENOMEM; } - ret = sssm_ipa_id_init(bectx, ops, (void **) &session_ctx->id_ctx); + ret = sssm_ipa_id_init(bectx, ops, (void **) &selinux_ctx->id_ctx); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); goto done; } - opts = session_ctx->id_ctx->ipa_options; + opts = selinux_ctx->id_ctx->ipa_options; - session_ctx->hbac_search_bases = opts->hbac_search_bases; - session_ctx->host_search_bases = opts->host_search_bases; - session_ctx->selinux_search_bases = opts->selinux_search_bases; + selinux_ctx->hbac_search_bases = opts->hbac_search_bases; + selinux_ctx->host_search_bases = opts->host_search_bases; + selinux_ctx->selinux_search_bases = opts->selinux_search_bases; - *ops = &ipa_session_ops; - *pvt_data = session_ctx; + *ops = &ipa_selinux_ops; + *pvt_data = selinux_ctx; done: if (ret != EOK) { - talloc_free(session_ctx); + talloc_free(selinux_ctx); } return ret; } diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_selinux.c index 9032a8d1..03b7eb45 100644 --- a/src/providers/ipa/ipa_session.c +++ b/src/providers/ipa/ipa_selinux.c @@ -1,7 +1,7 @@ /* SSSD - IPA Backend Module -- session loading + IPA Backend Module -- selinux loading Authors: Jan Zeleny <jzeleny@redhat.com> @@ -29,7 +29,7 @@ #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_common.h" #include "providers/ipa/ipa_config.h" -#include "providers/ipa/ipa_session.h" +#include "providers/ipa/ipa_selinux.h" #include "providers/ipa/ipa_hosts.h" #include "providers/ipa/ipa_hbac_rules.h" #include "providers/ipa/ipa_hbac_private.h" @@ -39,7 +39,7 @@ struct ipa_get_selinux_state { struct be_req *be_req; struct pam_data *pd; - struct ipa_session_ctx *session_ctx; + struct ipa_selinux_ctx *selinux_ctx; struct sdap_id_op *op; const char *hostname; @@ -57,8 +57,8 @@ struct ipa_get_selinux_state { static struct tevent_req *ipa_get_selinux_send(struct be_req *breq, struct pam_data *pd, - struct ipa_session_ctx *session_ctx); -static void ipa_session_handler_done(struct tevent_req *subreq); + struct ipa_selinux_ctx *selinux_ctx); +static void ipa_selinux_handler_done(struct tevent_req *subreq); static errno_t ipa_get_selinux_recv(struct tevent_req *req, TALLOC_CTX *mem_ctx, size_t *count, @@ -73,25 +73,25 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq); static void ipa_get_selinux_maps_done(struct tevent_req *subreq); static void ipa_get_selinux_hbac_done(struct tevent_req *subreq); -void ipa_session_handler(struct be_req *be_req) +void ipa_selinux_handler(struct be_req *be_req) { - struct ipa_session_ctx *session_ctx; + struct ipa_selinux_ctx *selinux_ctx; struct tevent_req *req; struct pam_data *pd; pd = talloc_get_type(be_req->req_data, struct pam_data); - session_ctx = talloc_get_type( - be_req->be_ctx->bet_info[BET_SESSION].pvt_bet_data, - struct ipa_session_ctx); + selinux_ctx = talloc_get_type( + be_req->be_ctx->bet_info[BET_SELINUX].pvt_bet_data, + struct ipa_selinux_ctx); - req = ipa_get_selinux_send(be_req, pd, session_ctx); + req = ipa_get_selinux_send(be_req, pd, selinux_ctx); if (req == NULL) { goto fail; } - tevent_req_set_callback(req, ipa_session_handler_done, be_req); + tevent_req_set_callback(req, ipa_selinux_handler_done, be_req); return; @@ -99,7 +99,7 @@ fail: be_req->fn(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); } -static void ipa_session_handler_done(struct tevent_req *req) +static void ipa_selinux_handler_done(struct tevent_req *req) { struct be_req *breq = tevent_req_callback_data(req, struct be_req); struct sysdb_ctx *sysdb = breq->be_ctx->sysdb; @@ -172,7 +172,7 @@ fail: static struct tevent_req *ipa_get_selinux_send(struct be_req *breq, struct pam_data *pd, - struct ipa_session_ctx *session_ctx) + struct ipa_selinux_ctx *selinux_ctx) { struct tevent_req *req; struct tevent_req *subreq; @@ -189,14 +189,14 @@ static struct tevent_req *ipa_get_selinux_send(struct be_req *breq, state->be_req = breq; state->pd = pd; - state->session_ctx = session_ctx; + state->selinux_ctx = selinux_ctx; offline = be_is_offline(bctx); DEBUG(SSSDBG_TRACE_INTERNAL, ("Connection status is [%s].\n", offline ? "offline" : "online")); if (!offline) { - state->op = sdap_id_op_create(state, session_ctx->id_ctx->sdap_id_ctx->conn_cache); + state->op = sdap_id_op_create(state, selinux_ctx->id_ctx->sdap_id_ctx->conn_cache); if (!state->op) { DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n")); ret = ENOMEM; @@ -237,7 +237,7 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq) struct ipa_get_selinux_state); int dp_error = DP_ERR_FATAL; int ret; - struct ipa_id_ctx *id_ctx = state->session_ctx->id_ctx; + struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx; struct be_ctx *bctx = state->be_req->be_ctx; ret = sdap_id_op_connect_recv(subreq, &dp_error); @@ -252,7 +252,7 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq) goto fail; } - state->hostname = dp_opt_get_string(state->session_ctx->id_ctx->ipa_options->basic, + state->hostname = dp_opt_get_string(state->selinux_ctx->id_ctx->ipa_options->basic, IPA_HOSTNAME); /* FIXME: detect if HBAC is configured @@ -265,7 +265,7 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq) state->hostname, id_ctx->ipa_options->host_map, NULL, - state->session_ctx->host_search_bases); + state->selinux_ctx->host_search_bases); if (subreq == NULL) { ret = ENOMEM; goto fail; @@ -320,9 +320,9 @@ static void ipa_get_config_step(struct tevent_req *req) struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); struct be_ctx *bctx = state->be_req->be_ctx; - struct ipa_id_ctx *id_ctx = state->session_ctx->id_ctx; + struct ipa_id_ctx *id_ctx = state->selinux_ctx->id_ctx; - domain = dp_opt_get_string(state->session_ctx->id_ctx->ipa_options->basic, + domain = dp_opt_get_string(state->selinux_ctx->id_ctx->ipa_options->basic, IPA_KRB5_REALM); subreq = ipa_get_config_send(state, bctx->ev, sdap_id_op_handle(state->op), @@ -341,7 +341,7 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq) struct ipa_get_selinux_state *state = tevent_req_data(req, struct ipa_get_selinux_state); struct be_ctx *bctx = state->be_req->be_ctx; - struct sdap_id_ctx *id_ctx = state->session_ctx->id_ctx->sdap_id_ctx; + struct sdap_id_ctx *id_ctx = state->selinux_ctx->id_ctx->sdap_id_ctx; errno_t ret; ret = ipa_get_config_recv(subreq, state, &state->defaults); @@ -354,8 +354,8 @@ static void ipa_get_selinux_config_done(struct tevent_req *subreq) subreq = ipa_selinux_get_maps_send(state, bctx->ev, bctx->sysdb, sdap_id_op_handle(state->op), id_ctx->opts, - state->session_ctx->id_ctx->ipa_options, - state->session_ctx->selinux_search_bases); + state->selinux_ctx->id_ctx->ipa_options, + state->selinux_ctx->selinux_search_bases); if (!subreq) { ret = ENOMEM; goto done; @@ -387,7 +387,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq) req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct ipa_get_selinux_state); bctx = state->be_req->be_ctx; - id_ctx = state->session_ctx->id_ctx; + id_ctx = state->selinux_ctx->id_ctx; ret = ipa_selinux_get_maps_recv(subreq, state, &state->nmaps, &state->selinuxmaps); @@ -445,7 +445,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq) subreq = ipa_hbac_rule_info_send(state, false, bctx->ev, sdap_id_op_handle(state->op), id_ctx->sdap_id_ctx->opts, - state->session_ctx->hbac_search_bases, + state->selinux_ctx->hbac_search_bases, state->host); if (subreq == NULL) { ret = ENOMEM; diff --git a/src/providers/ipa/ipa_session.h b/src/providers/ipa/ipa_selinux.h index e185799f..60c22110 100644 --- a/src/providers/ipa/ipa_session.h +++ b/src/providers/ipa/ipa_selinux.h @@ -1,7 +1,7 @@ /* SSSD - IPA Backend Module -- session loading + IPA Backend Module -- selinux loading Authors: Jan Zeleny <jzeleny@redhat.com> @@ -22,12 +22,12 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ -#ifndef _IPA_SESSION_H_ -#define _IPA_SESSION_H_ +#ifndef _IPA_SELINUX_H_ +#define _IPA_SELINUX_H_ #include "providers/ldap/ldap_common.h" -struct ipa_session_ctx { +struct ipa_selinux_ctx { struct ipa_id_ctx *id_ctx; struct sdap_search_base **selinux_search_bases; @@ -35,6 +35,6 @@ struct ipa_session_ctx { struct sdap_search_base **hbac_search_bases; }; -void ipa_session_handler(struct be_req *be_req); +void ipa_selinux_handler(struct be_req *be_req); #endif |