diff options
Diffstat (limited to 'src')
-rw-r--r-- | src/providers/ipa/ipa_access.c | 198 | ||||
-rw-r--r-- | src/providers/ipa/ipa_access.h | 2 |
2 files changed, 7 insertions, 193 deletions
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index bd324518..55b833b9 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -50,19 +50,16 @@ #define IPA_CN "cn" #define IPA_MEMBER_SERVICE "memberService" #define IPA_SERVICE_CATEGORY "serviceCategory" -#define IPA_SERVICEGROUP_MEMBER "member" #define IPA_HOST_BASE_TMPL "cn=computers,cn=accounts,%s" #define IPA_HBAC_BASE_TMPL "cn=hbac,%s" #define IPA_SERVICES_BASE_TMPL "cn=hbacservices,cn=accounts,%s" -#define IPA_SERVICEGROUPS_BASE_TMPL "cn=hbacservicegroups,cn=accounts,%s" #define SYSDB_HBAC_BASE_TMPL "cn=hbac,"SYSDB_TMPL_CUSTOM_BASE #define HBAC_RULES_SUBDIR "hbac_rules" #define HBAC_HOSTS_SUBDIR "hbac_hosts" #define HBAC_SERVICES_SUBDIR "hbac_services" -#define HBAC_SERVICEGROUPS_SUBDIR "hbac_servicegroups" static errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count, struct ldb_message **msgs, @@ -120,19 +117,11 @@ struct hbac_get_service_data_state { struct sysdb_attrs **services_reply_list; size_t services_reply_count; - char *servicegroups_filter; - char *servicegroups_search_base; - const char **servicegroups_attrs; - struct sysdb_attrs **servicegroups_reply_list; - size_t servicegroups_reply_count; - size_t current_item; }; static void hbac_get_services_connect_done(struct tevent_req *subreq); static void hbac_services_get_done(struct tevent_req *subreq); -static void hbac_get_servicegroups(struct tevent_req *req); -static void hbac_servicegroups_get_done(struct tevent_req *subreq); struct tevent_req *hbac_get_service_data_send(TALLOC_CTX *memctx, struct tevent_context *ev, @@ -163,12 +152,6 @@ struct tevent_req *hbac_get_service_data_send(TALLOC_CTX *memctx, state->services_reply_list = NULL; state->services_reply_count = 0; - state->servicegroups_filter = NULL; - state->servicegroups_search_base = NULL; - state->servicegroups_attrs = NULL; - state->servicegroups_reply_list = NULL; - state->servicegroups_reply_count = 0; - state->current_item = 0; state->services_search_base = talloc_asprintf(state, IPA_SERVICES_BASE_TMPL, @@ -220,7 +203,7 @@ struct tevent_req *hbac_get_service_data_send(TALLOC_CTX *memctx, DEBUG(1, ("msgs2attrs_array failed.\n")); goto fail; } - hbac_get_servicegroups(req); + tevent_req_done(req); tevent_req_post(req, ev); return req; } @@ -310,130 +293,22 @@ static void hbac_services_get_done(struct tevent_req *subreq) struct hbac_get_service_data_state *state = tevent_req_data(req, struct hbac_get_service_data_state); int ret; - - ret = sdap_get_generic_recv(subreq, state, &state->services_reply_count, - &state->services_reply_list); - talloc_zfree(subreq); - if (ret != EOK) { - tevent_req_error(req, ret); - return; - } - - hbac_get_servicegroups(req); - return; -} - -static void hbac_get_servicegroups(struct tevent_req *req) -{ - struct hbac_get_service_data_state *state = tevent_req_data(req, - struct hbac_get_service_data_state); - int ret; - struct ldb_message **msgs; - struct tevent_req *subreq; - - state->servicegroups_search_base = talloc_asprintf(state, - IPA_SERVICEGROUPS_BASE_TMPL, - state->basedn); - if (state->servicegroups_search_base == NULL) { - DEBUG(1, ("Failed to create service groups search base.\n")); - ret = ENOMEM; - goto fail; - } - - state->servicegroups_attrs = talloc_array(state, const char *, 8); - if (state->servicegroups_attrs == NULL) { - DEBUG(1, ("Failed to allocate servicegroup attribute list.\n")); - ret = ENOMEM; - goto fail; - } - state->servicegroups_attrs[0] = IPA_CN; - state->servicegroups_attrs[1] = IPA_SERVICEGROUP_MEMBER; - state->servicegroups_attrs[2] = SYSDB_ORIG_DN; - state->servicegroups_attrs[3] = IPA_UNIQUE_ID; - state->servicegroups_attrs[4] = IPA_MEMBEROF; - state->servicegroups_attrs[5] = SYSDB_ORIG_MEMBEROF; - state->servicegroups_attrs[6] = OBJECTCLASS; - state->servicegroups_attrs[7] = NULL; - - state->servicegroups_filter = talloc_asprintf(state, - "(objectclass=ipaHBACServiceGroup)"); - if (state->servicegroups_filter == NULL) { - ret = ENOMEM; - goto fail; - } - - DEBUG(9, ("Services filter: [%s].\n", state->servicegroups_filter)); - - if (state->offline) { - ret = sysdb_search_custom(state, state->sysdb, - state->sdap_ctx->be->domain, - state->servicegroups_filter, - HBAC_SERVICEGROUPS_SUBDIR, - state->servicegroups_attrs, - &state->servicegroups_reply_count, &msgs); - if (ret) { - DEBUG(1, ("sysdb_search_custom failed.\n")); - goto fail; - } - - ret = msgs2attrs_array(state, state->servicegroups_reply_count, msgs, - &state->servicegroups_reply_list); - talloc_zfree(msgs); - if (ret != EOK) { - DEBUG(1, ("msgs2attrs_array failed.\n")); - goto fail; - } - tevent_req_done(req); - return; - } - - subreq = sdap_get_generic_send(state, state->ev, - state->sdap_ctx->opts, - state->sdap_ctx->gsh, - state->servicegroups_search_base, - LDAP_SCOPE_SUB, - state->servicegroups_filter, - state->servicegroups_attrs, - NULL, 0); - - if (subreq == NULL) { - DEBUG(1, ("sdap_get_generic_send failed.\n")); - ret = ENOMEM; - goto fail; - } - - tevent_req_set_callback(subreq, hbac_servicegroups_get_done, req); - return; - -fail: - tevent_req_error(req, ret); - return; -} - -static void hbac_servicegroups_get_done(struct tevent_req *subreq) -{ - struct tevent_req *req = tevent_req_callback_data(subreq, - struct tevent_req); - struct hbac_get_service_data_state *state = tevent_req_data(req, - struct hbac_get_service_data_state); - int ret; bool in_transaction = false; struct ldb_dn *base_dn; int i; struct ldb_message_element *el; char *object_name; - ret = sdap_get_generic_recv(subreq, state, - &state->servicegroups_reply_count, - &state->servicegroups_reply_list); + + ret = sdap_get_generic_recv(subreq, state, &state->services_reply_count, + &state->services_reply_list); talloc_zfree(subreq); if (ret != EOK) { tevent_req_error(req, ret); return; } - if ((state->services_reply_count == 0 && - state->servicegroups_reply_count == 0)|| state->offline) { + if (state->services_reply_count == 0 || state->offline) { tevent_req_done(req); return; } @@ -460,20 +335,6 @@ static void hbac_servicegroups_get_done(struct tevent_req *subreq) goto fail; } - base_dn = sysdb_custom_subtree_dn(state->sysdb, state, - state->sdap_ctx->be->domain->name, - HBAC_SERVICEGROUPS_SUBDIR); - if (base_dn == NULL) { - ret = ENOMEM; - goto fail; - } - - ret = sysdb_delete_recursive(state, state->sysdb, base_dn, true); - if (ret) { - DEBUG(1, ("sysdb_delete_recursive failed.\n")); - goto fail; - } - for (i = 0; i < state->services_reply_count; i++) { ret = sysdb_attrs_get_el(state->services_reply_list[i], IPA_UNIQUE_ID, &el); @@ -509,41 +370,6 @@ static void hbac_servicegroups_get_done(struct tevent_req *subreq) goto fail; } } - for (i = 0; i < state->servicegroups_reply_count; i++) { - ret = sysdb_attrs_get_el(state->servicegroups_reply_list[i], - IPA_UNIQUE_ID, &el); - if (ret != EOK) { - DEBUG(1, ("sysdb_attrs_get_el failed.\n")); - goto fail; - } - if (el->num_values == 0) { - ret = EINVAL; - goto fail; - } - object_name = talloc_strndup(state, (const char *)el->values[0].data, - el->values[0].length); - if (object_name == NULL) { - ret = ENOMEM; - goto fail; - } - DEBUG(9, ("Object name: [%s].\n", object_name)); - - ret = sysdb_attrs_replace_name(state->servicegroups_reply_list[i], - IPA_MEMBEROF, SYSDB_ORIG_MEMBEROF); - if (ret != EOK) { - DEBUG(1, ("sysdb_attrs_replace_name failed.\n")); - goto fail; - } - - ret = sysdb_store_custom(state, state->sysdb, - state->sdap_ctx->be->domain, object_name, - HBAC_SERVICEGROUPS_SUBDIR, - state->servicegroups_reply_list[i]); - if (ret) { - DEBUG(1, ("sysdb_store_custom failed.\n")); - goto fail; - } - } ret = sysdb_transaction_commit(state->sysdb); if (ret) { @@ -566,9 +392,7 @@ fail: static int hbac_get_service_data_recv(struct tevent_req *req, TALLOC_CTX *memctx, size_t *hbac_services_count, - struct sysdb_attrs ***hbac_services_list, - size_t *hbac_servicegroups_count, - struct sysdb_attrs ***hbac_servicegroups_list) + struct sysdb_attrs ***hbac_services_list) { struct hbac_get_service_data_state *state = tevent_req_data(req, struct hbac_get_service_data_state); @@ -582,12 +406,6 @@ static int hbac_get_service_data_recv(struct tevent_req *req, talloc_steal(memctx, state->services_reply_list[i]); } - *hbac_servicegroups_count = state->servicegroups_reply_count; - *hbac_servicegroups_list = talloc_steal(memctx, - state->servicegroups_reply_list); - for (i = 0; i < state->servicegroups_reply_count; i++) { - talloc_steal(memctx, state->servicegroups_reply_list[i]); - } return EOK; } @@ -2154,9 +1972,7 @@ static void hbac_get_service_data_done(struct tevent_req *req) ret = hbac_get_service_data_recv(req, hbac_ctx, &hbac_ctx->hbac_services_count, - &hbac_ctx->hbac_services_list, - &hbac_ctx->hbac_servicegroups_count, - &hbac_ctx->hbac_servicegroups_list); + &hbac_ctx->hbac_services_list); talloc_zfree(req); if (ret != EOK) { goto failed; diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h index e3e0c4ff..514afc00 100644 --- a/src/providers/ipa/ipa_access.h +++ b/src/providers/ipa/ipa_access.h @@ -62,8 +62,6 @@ struct hbac_ctx { char *ldap_basedn; struct sysdb_attrs **hbac_services_list; size_t hbac_services_count; - struct sysdb_attrs **hbac_servicegroups_list; - size_t hbac_servicegroups_count; }; void ipa_access_handler(struct be_req *be_req); |