From 80357fbba7e8251c85aa884749f275eed28eb4eb Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 23 Apr 2012 15:07:17 +0200 Subject: sudo ldap provider: add expiration time to each rule --- src/providers/ldap/sdap_async_sudo.c | 15 +++++++++++---- src/providers/ldap/sdap_sudo_cache.c | 19 ++++++++++++++++--- src/providers/ldap/sdap_sudo_cache.h | 4 +++- 3 files changed, 30 insertions(+), 8 deletions(-) diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c index 10e613e1..081ed20c 100644 --- a/src/providers/ldap/sdap_async_sudo.c +++ b/src/providers/ldap/sdap_async_sudo.c @@ -87,7 +87,9 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq); static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx, struct sdap_options *opts, size_t rules_count, - struct sysdb_attrs **rules); + struct sysdb_attrs **rules, + int cache_timeout, + time_t now); struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, @@ -440,6 +442,7 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq) int ret; errno_t sret; bool in_transaction = false; + time_t now; req = tevent_req_callback_data(subreq, struct tevent_req); state = tevent_req_data(req, struct sdap_sudo_refresh_state); @@ -468,7 +471,9 @@ static void sdap_sudo_load_sudoers_done(struct tevent_req *subreq) } /* store rules */ - ret = sdap_sudo_store_sudoers(state->sysdb, state->opts, rules_count, rules); + now = time(NULL); + ret = sdap_sudo_store_sudoers(state->sysdb, state->opts, rules_count, rules, + state->domain->sudo_timeout, now); if (ret != EOK) { goto done; } @@ -504,7 +509,9 @@ done: static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx, struct sdap_options *opts, size_t rules_count, - struct sysdb_attrs **rules) + struct sysdb_attrs **rules, + int cache_timeout, + time_t now) { errno_t ret; @@ -514,7 +521,7 @@ static int sdap_sudo_store_sudoers(struct sysdb_ctx *sysdb_ctx, } ret = sdap_save_native_sudorule_list(sysdb_ctx, opts->sudorule_map, - rules, rules_count); + rules, rules_count, cache_timeout, now); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("failed to save sudo rules [%d]: %s\n", ret, strerror(ret))); diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c index c58fa1c3..39b028d6 100644 --- a/src/providers/ldap/sdap_sudo_cache.c +++ b/src/providers/ldap/sdap_sudo_cache.c @@ -26,7 +26,9 @@ static errno_t sdap_save_native_sudorule(struct sysdb_ctx *sysdb_ctx, struct sdap_attr_map *map, - struct sysdb_attrs *attrs) + struct sysdb_attrs *attrs, + int cache_timeout, + time_t now) { errno_t ret; const char *rule_name; @@ -39,6 +41,14 @@ sdap_save_native_sudorule(struct sysdb_ctx *sysdb_ctx, return ret; } + ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE, + (cache_timeout ? (now + cache_timeout) : 0)); + if (ret) { + DEBUG(SSSDBG_OP_FAILURE, ("Could not set sysdb cache expire [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + ret = sysdb_save_sudorule(sysdb_ctx, rule_name, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name)); @@ -52,7 +62,9 @@ errno_t sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx, struct sdap_attr_map *map, struct sysdb_attrs **replies, - size_t replies_count) + size_t replies_count, + int cache_timeout, + time_t now) { errno_t ret, tret; bool in_transaction = false; @@ -66,7 +78,8 @@ sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx, in_transaction = true; for (i=0; i