From 770896b194b7b66b09c2a30545b4d091fd86b1f4 Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Mon, 7 Jan 2013 22:15:14 -0500 Subject: Add domain argument to sysdb_search_custom() Also changes sysdb_search_custom_by_name() --- src/db/sysdb.h | 2 ++ src/db/sysdb_autofs.c | 4 ++-- src/db/sysdb_ops.c | 9 +++++---- src/db/sysdb_ssh.c | 3 ++- src/db/sysdb_sudo.c | 2 +- src/providers/ipa/ipa_access.c | 4 +++- src/providers/ipa/ipa_access.h | 1 + src/providers/ipa/ipa_hbac_common.c | 3 +++ src/providers/ipa/ipa_hbac_hosts.c | 11 +++++++---- src/providers/ipa/ipa_hbac_private.h | 3 +++ src/providers/ipa/ipa_hbac_services.c | 5 +++-- src/providers/ipa/ipa_selinux.c | 3 ++- src/responder/sudo/sudosrv_get_sudorules.c | 10 +++++++--- src/tests/sysdb-tests.c | 4 +++- src/tools/sss_cache.c | 7 +++++-- 15 files changed, 49 insertions(+), 22 deletions(-) diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 4d4d3bde..a82363b1 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -723,6 +723,7 @@ int sysdb_store_custom(struct sysdb_ctx *sysdb, int sysdb_search_custom(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *filter, const char *subtree_name, const char **attrs, @@ -731,6 +732,7 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx, int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *object_name, const char *subtree_name, const char **attrs, diff --git a/src/db/sysdb_autofs.c b/src/db/sysdb_autofs.c index d07f1c63..e226662f 100644 --- a/src/db/sysdb_autofs.c +++ b/src/db/sysdb_autofs.c @@ -200,7 +200,7 @@ sysdb_get_map_byname(TALLOC_CTX *mem_ctx, goto done; } - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, sysdb->domain, filter, AUTOFS_MAP_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { @@ -447,7 +447,7 @@ sysdb_invalidate_autofs_maps(struct sysdb_ctx *sysdb) goto done; } - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, sysdb->domain, filter, AUTOFS_MAP_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index 386f94b3..4cd94bd5 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2009,6 +2009,7 @@ fail: int sysdb_search_custom(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *filter, const char *subtree_name, const char **attrs, @@ -2022,8 +2023,7 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx, return EINVAL; } - basedn = sysdb_custom_subtree_dn(sysdb, mem_ctx, - sysdb->domain, subtree_name); + basedn = sysdb_custom_subtree_dn(sysdb, mem_ctx, domain, subtree_name); if (basedn == NULL) { DEBUG(1, ("sysdb_custom_subtree_dn failed.\n")); return ENOMEM; @@ -2041,6 +2041,7 @@ int sysdb_search_custom(TALLOC_CTX *mem_ctx, int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *object_name, const char *subtree_name, const char **attrs, @@ -2063,7 +2064,7 @@ int sysdb_search_custom_by_name(TALLOC_CTX *mem_ctx, } basedn = sysdb_custom_dn(sysdb, tmp_ctx, - sysdb->domain, object_name, subtree_name); + domain, object_name, subtree_name); if (basedn == NULL) { DEBUG(1, ("sysdb_custom_dn failed.\n")); ret = ENOMEM; @@ -2129,7 +2130,7 @@ int sysdb_store_custom(struct sysdb_ctx *sysdb, goto done; } - ret = sysdb_search_custom_by_name(tmp_ctx, sysdb, + ret = sysdb_search_custom_by_name(tmp_ctx, sysdb, domain, object_name, subtree_name, search_attrs, &resp_count, &resp); if (ret != EOK && ret != ENOENT) { diff --git a/src/db/sysdb_ssh.c b/src/db/sysdb_ssh.c index c3e42143..d6563417 100644 --- a/src/db/sysdb_ssh.c +++ b/src/db/sysdb_ssh.c @@ -246,7 +246,8 @@ sysdb_search_ssh_hosts(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, SSH_HOSTS_SUBDIR, attrs, + ret = sysdb_search_custom(tmp_ctx, sysdb, sysdb->domain, filter, + SSH_HOSTS_SUBDIR, attrs, &num_results, &results); if (ret != EOK && ret != ENOENT) { DEBUG(SSSDBG_CRIT_FAILURE, diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index beb8e5e1..7704c02b 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -656,7 +656,7 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, NULL_CHECK(tmp_ctx, ret, done); /* match entries based on the filter and remove them one by one */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, SUDORULE_SUBDIR, attrs, &count, &msgs); if (ret == ENOENT) { diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 47bd91e7..b8be19eb 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -600,6 +600,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) /* Get HBAC rules from the sysdb */ ret = hbac_get_cached_rules(hbac_ctx, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, &hbac_ctx->rule_count, &hbac_ctx->rules); if (ret != EOK) { DEBUG(1, ("Could not retrieve rules from the cache\n")); @@ -645,6 +646,7 @@ void ipa_hbac_evaluate_rules(struct hbac_ctx *hbac_ctx) errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, size_t *_rule_count, struct sysdb_attrs ***_rules) { @@ -680,7 +682,7 @@ errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, goto done; } - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_RULES_SUBDIR, attrs, &rule_count, &msgs); if (ret != EOK && ret != ENOENT) { diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h index 3c389dec..0a13d7be 100644 --- a/src/providers/ipa/ipa_access.h +++ b/src/providers/ipa/ipa_access.h @@ -119,6 +119,7 @@ void ipa_access_handler(struct be_req *be_req); errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, size_t *_rule_count, struct sysdb_attrs ***_rules); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index 7fdb2ce6..a4a411ca 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -326,6 +326,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the services */ ret = hbac_service_attrs_to_rule(new_rule, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->services); @@ -338,6 +339,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Get the target hosts */ ret = hbac_thost_attrs_to_rule(new_rule, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, new_rule->name, hbac_ctx->rules[idx], &new_rule->targethosts); @@ -351,6 +353,7 @@ hbac_attrs_to_rule(TALLOC_CTX *mem_ctx, ret = hbac_shost_attrs_to_rule(new_rule, hbac_ctx_sysdb(hbac_ctx), + hbac_ctx->be_req->domain, new_rule->name, hbac_ctx->rules[idx], dp_opt_get_bool(hbac_ctx->ipa_options, diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c index 23f7816b..474a3975 100644 --- a/src/providers/ipa/ipa_hbac_hosts.c +++ b/src/providers/ipa/ipa_hbac_hosts.c @@ -30,6 +30,7 @@ */ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, const char *category_attr, @@ -114,7 +115,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* First check if this is a specific host */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_HOSTS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; @@ -150,7 +151,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, num_hosts++; } else { /* ret == ENOENT */ /* Check if this is a hostgroup */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_HOSTGROUPS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; @@ -225,13 +226,14 @@ done: errno_t hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts) { DEBUG(7, ("Processing target hosts for rule [%s]\n", rule_name)); - return hbac_host_attrs_to_rule(mem_ctx, sysdb, + return hbac_host_attrs_to_rule(mem_ctx, sysdb, domain, rule_name, rule_attrs, IPA_HOST_CATEGORY, IPA_MEMBER_HOST, NULL, thosts); @@ -240,6 +242,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, errno_t hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, bool support_srchost, @@ -270,7 +273,7 @@ hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, goto done; } - ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb, + ret = hbac_host_attrs_to_rule(tmp_ctx, sysdb, domain, rule_name, rule_attrs, IPA_SOURCE_HOST_CATEGORY, IPA_SOURCE_HOST, &host_count, &shosts); diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h index f313ca13..4f299160 100644 --- a/src/providers/ipa/ipa_hbac_private.h +++ b/src/providers/ipa/ipa_hbac_private.h @@ -94,6 +94,7 @@ hbac_get_category(struct sysdb_attrs *attrs, errno_t hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **thosts); @@ -101,6 +102,7 @@ hbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx, errno_t hbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, bool support_srchost, @@ -131,6 +133,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req, errno_t hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **services); diff --git a/src/providers/ipa/ipa_hbac_services.c b/src/providers/ipa/ipa_hbac_services.c index c086f976..8f656985 100644 --- a/src/providers/ipa/ipa_hbac_services.c +++ b/src/providers/ipa/ipa_hbac_services.c @@ -384,6 +384,7 @@ ipa_hbac_service_info_recv(struct tevent_req *req, errno_t hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *rule_name, struct sysdb_attrs *rule_attrs, struct hbac_rule_element **services) @@ -468,7 +469,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* First check if this is a specific service */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_SERVICES_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; @@ -503,7 +504,7 @@ hbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx, num_services++; } else { /* ret == ENOENT */ /* Check if this is a service group */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, HBAC_SERVICEGROUPS_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) goto done; diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index 744dc46c..c8093bad 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -643,6 +643,7 @@ ipa_get_selinux_maps_offline(struct tevent_req *req) /* read all the HBAC rules */ ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb, + state->be_req->be_ctx->domain, &state->hbac_rule_count, &state->hbac_rules); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("hbac_get_cached_rules failed [%d]: %s\n", @@ -789,7 +790,7 @@ static void ipa_get_selinux_maps_done(struct tevent_req *subreq) access_name = state->be_req->be_ctx->bet_info[BET_ACCESS].mod_name; selinux_name = state->be_req->be_ctx->bet_info[BET_SELINUX].mod_name; if (strcasecmp(access_name, selinux_name) == 0) { - ret = hbac_get_cached_rules(state, state->be_req->be_ctx->sysdb, + ret = hbac_get_cached_rules(state, bctx->sysdb, bctx->domain, &state->hbac_rule_count, &state->hbac_rules); /* Terminates the request */ goto done; diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index ac8cb3ce..4860d878 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -329,6 +329,7 @@ sudosrv_dp_req_done(struct tevent_req *req); static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, enum sss_dp_sudo_type type, const char **attrs, unsigned int flags, @@ -410,7 +411,8 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx) | SYSDB_SUDO_FILTER_INCLUDE_DFL | SYSDB_SUDO_FILTER_ONLY_EXPIRED | SYSDB_SUDO_FILTER_USERINFO; - ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, cmd_ctx->type, + ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, + cmd_ctx->domain, cmd_ctx->type, attrs, flags, cmd_ctx->orig_username, cmd_ctx->uid, groupnames, &expired_rules, &expired_rules_num); @@ -632,7 +634,8 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, break; } - ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, cmd_ctx->type, + ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, + cmd_ctx->domain, cmd_ctx->type, attrs, flags, cmd_ctx->orig_username, cmd_ctx->uid, groupnames, &rules, &num_rules); @@ -664,6 +667,7 @@ sort_sudo_rules(struct sysdb_attrs **rules, size_t count); static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, enum sss_dp_sudo_type type, const char **attrs, unsigned int flags, @@ -694,7 +698,7 @@ static errno_t sudosrv_get_sudorules_query_cache(TALLOC_CTX *mem_ctx, DEBUG(SSSDBG_FUNC_DATA, ("Searching sysdb with [%s]\n", filter)); - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, + ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter, SUDORULE_SUBDIR, attrs, &count, &msgs); if (ret != EOK && ret != ENOENT) { diff --git a/src/tests/sysdb-tests.c b/src/tests/sysdb-tests.c index f08cf7ce..e4a0dd94 100644 --- a/src/tests/sysdb-tests.c +++ b/src/tests/sysdb-tests.c @@ -1329,6 +1329,7 @@ START_TEST (test_sysdb_search_custom_by_name) fail_unless(object_name != NULL, "talloc_asprintf failed"); ret = sysdb_search_custom_by_name(data, data->ctx->sysdb, + data->ctx->domain, object_name, CUSTOM_TEST_CONTAINER, data->attrlist, @@ -1431,6 +1432,7 @@ START_TEST (test_sysdb_search_custom_update) fail_unless(object_name != NULL, "talloc_asprintf failed"); ret = sysdb_search_custom_by_name(data, data->ctx->sysdb, + data->ctx->domain, object_name, CUSTOM_TEST_CONTAINER, data->attrlist, @@ -1496,7 +1498,7 @@ START_TEST (test_sysdb_search_custom) data->attrlist[2] = NULL; ret = sysdb_search_custom(data, data->ctx->sysdb, - filter, + data->ctx->domain, filter, CUSTOM_TEST_CONTAINER, data->attrlist, &data->msgs_count, diff --git a/src/tools/sss_cache.c b/src/tools/sss_cache.c index 180ed02d..9c08b9a2 100644 --- a/src/tools/sss_cache.c +++ b/src/tools/sss_cache.c @@ -47,6 +47,7 @@ enum sss_cache_entry { }; static errno_t search_autofsmaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs); @@ -307,7 +308,8 @@ static bool invalidate_entries(TALLOC_CTX *ctx, break; case TYPE_AUTOFSMAP: type_string = "autofs map"; - ret = search_autofsmaps(ctx, sysdb, filter, attrs, &msg_count, &msgs); + ret = search_autofsmaps(ctx, sysdb, dinfo, + filter, attrs, &msg_count, &msgs); break; } @@ -622,11 +624,12 @@ fini: static errno_t search_autofsmaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *sub_filter, const char **attrs, size_t *msgs_count, struct ldb_message ***msgs) { #ifdef BUILD_AUTOFS - return sysdb_search_custom(mem_ctx, sysdb, sub_filter, + return sysdb_search_custom(mem_ctx, sysdb, domain, sub_filter, AUTOFS_MAP_SUBDIR, attrs, msgs_count, msgs); #else -- cgit