From b0fa48b0d612b46a86e45f8e4b5d9feae9784c2b Mon Sep 17 00:00:00 2001 From: Simo Sorce Date: Tue, 8 Jan 2013 01:25:47 -0500 Subject: Add domain arguments to sysdb sudo functions --- src/db/sysdb_sudo.c | 45 ++++++++++++++++++------------ src/db/sysdb_sudo.h | 23 +++++++++------ src/providers/ldap/sdap_async_sudo.c | 14 ++++++---- src/providers/ldap/sdap_sudo.c | 9 ++++-- src/providers/ldap/sdap_sudo_cache.c | 7 +++-- src/providers/ldap/sdap_sudo_cache.h | 1 + src/responder/sudo/sudosrv_get_sudorules.c | 9 +++--- 7 files changed, 69 insertions(+), 39 deletions(-) diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 56ac8428..93dea85c 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -307,8 +307,9 @@ done: } errno_t -sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username, - struct sysdb_ctx *sysdb, uid_t *_uid, +sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *username, uid_t *_uid, char ***groupnames) { TALLOC_CTX *tmp_ctx; @@ -332,7 +333,7 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username, tmp_ctx = talloc_new(NULL); NULL_CHECK(tmp_ctx, ret, done); - ret = sysdb_search_user_by_name(tmp_ctx, sysdb, sysdb->domain, + ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain, username, attrs, &msg); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up user %s\n", username)); @@ -378,7 +379,7 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username, /* resolve primary group */ gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0); if (gid != 0) { - ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, sysdb->domain, gid, + ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, domain, gid, group_attrs, &group_msg); if (ret == EOK) { primary_group = ldb_msg_find_attr_as_string(group_msg, SYSDB_NAME, @@ -420,9 +421,10 @@ done: } errno_t -sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx, - const char *rule_name, - struct sysdb_attrs *attrs) +sysdb_save_sudorule(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *rule_name, + struct sysdb_attrs *attrs) { errno_t ret; @@ -443,7 +445,7 @@ sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx, return ret; } - ret = sysdb_store_custom(sysdb_ctx, sysdb_ctx->domain, rule_name, SUDORULE_SUBDIR, attrs); + ret = sysdb_store_custom(sysdb, domain, rule_name, SUDORULE_SUBDIR, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_custom failed [%d]: %s\n", ret, strerror(ret))); @@ -454,6 +456,7 @@ sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx, } static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *attr_name, time_t value) { @@ -471,7 +474,7 @@ static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb, } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, - SUDORULE_SUBDIR, sysdb->domain->name); + SUDORULE_SUBDIR, domain->name); if (!dn) { ret = ENOMEM; goto done; @@ -530,6 +533,7 @@ done: } static errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *attr_name, time_t *value) { @@ -546,7 +550,7 @@ static errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb, } dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, - SUDORULE_SUBDIR, sysdb->domain->name); + SUDORULE_SUBDIR, domain->name); if (!dn) { ret = ENOMEM; goto done; @@ -584,16 +588,20 @@ done: return ret; } -errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, time_t value) +errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + time_t value) { - return sysdb_sudo_set_refresh_time(sysdb, SYSDB_SUDO_AT_LAST_FULL_REFRESH, - value); + return sysdb_sudo_set_refresh_time(sysdb, domain, + SYSDB_SUDO_AT_LAST_FULL_REFRESH, value); } -errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, time_t *value) +errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + time_t *value) { - return sysdb_sudo_get_refresh_time(sysdb, SYSDB_SUDO_AT_LAST_FULL_REFRESH, - value); + return sysdb_sudo_get_refresh_time(sysdb, domain, + SYSDB_SUDO_AT_LAST_FULL_REFRESH, value); } /* ==================== Purge functions ==================== */ @@ -624,10 +632,11 @@ done: } errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name) { DEBUG(SSSDBG_TRACE_INTERNAL, ("Deleting sudo rule %s\n", name)); - return sysdb_delete_custom(sysdb, sysdb->domain, name, SUDORULE_SUBDIR); + return sysdb_delete_custom(sysdb, domain, name, SUDORULE_SUBDIR); } errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, @@ -683,7 +692,7 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, continue; } - ret = sysdb_sudo_purge_byname(sysdb, name); + ret = sysdb_sudo_purge_byname(sysdb, domain, name); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not delete rule %s\n", name)); goto done; diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h index 60911b6e..da019240 100644 --- a/src/db/sysdb_sudo.h +++ b/src/db/sysdb_sudo.h @@ -72,19 +72,26 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, char **_filter); errno_t -sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username, - struct sysdb_ctx *sysdb, uid_t *_uid, +sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *username, uid_t *_uid, char ***groupnames); errno_t -sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx, - const char *rule_name, - struct sysdb_attrs *attrs); - -errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, time_t value); -errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, time_t *value); +sysdb_save_sudorule(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *rule_name, + struct sysdb_attrs *attrs); + +errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + time_t value); +errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + time_t *value); errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, const char *name); errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c index 974d3b17..2e61fc63 100644 --- a/src/providers/ldap/sdap_async_sudo.c +++ b/src/providers/ldap/sdap_async_sudo.c @@ -95,6 +95,7 @@ static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx, static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, + struct sss_domain_info *domain, struct sdap_options *opts, size_t rules_count, struct sysdb_attrs **rules, @@ -495,8 +496,9 @@ static void sdap_sudo_refresh_load_done(struct tevent_req *subreq) /* store rules */ now = time(NULL); - ret = sdap_sudo_store_sudoers(state, state->sysdb, state->opts, rules_count, - rules, state->domain->sudo_timeout, now, + ret = sdap_sudo_store_sudoers(state, state->sysdb, state->domain, + state->opts, rules_count, rules, + state->domain->sudo_timeout, now, &state->highest_usn); if (ret != EOK) { goto done; @@ -560,7 +562,7 @@ static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx, continue; } - ret = sysdb_sudo_purge_byname(sysdb_ctx, name); + ret = sysdb_sudo_purge_byname(sysdb_ctx, dom, name); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Failed to delete rule %s: [%s]\n", @@ -589,6 +591,7 @@ done: static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, + struct sss_domain_info *domain, struct sdap_options *opts, size_t rules_count, struct sysdb_attrs **rules, @@ -603,8 +606,9 @@ static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx, return EOK; } - ret = sdap_save_native_sudorule_list(mem_ctx, sysdb_ctx, opts->sudorule_map, - rules, rules_count, cache_timeout, now, + ret = sdap_save_native_sudorule_list(mem_ctx, sysdb_ctx, domain, + opts->sudorule_map, rules, + rules_count, cache_timeout, now, _usn); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("failed to save sudo rules [%d]: %s\n", diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index de16a84c..990eed1a 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -36,6 +36,7 @@ struct sdap_sudo_full_refresh_state { struct sdap_sudo_ctx *sudo_ctx; struct sdap_id_ctx *id_ctx; struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; int dp_error; int error; }; @@ -250,7 +251,9 @@ static int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx) } } - ret = sysdb_sudo_get_last_full_refresh(id_ctx->be->sysdb, &last_full); + ret = sysdb_sudo_get_last_full_refresh(id_ctx->be->sysdb, + id_ctx->be->domain, + &last_full); if (ret != EOK) { return ret; } @@ -553,6 +556,7 @@ static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, state->sudo_ctx = sudo_ctx; state->id_ctx = id_ctx; state->sysdb = id_ctx->be->sysdb; + state->domain = id_ctx->be->domain; /* Download all rules from LDAP */ ldap_filter = talloc_asprintf(state, SDAP_SUDO_FILTER_CLASS, @@ -627,7 +631,8 @@ static void sdap_sudo_full_refresh_done(struct tevent_req *subreq) state->sudo_ctx->full_refresh_done = true; /* save the time in the sysdb */ - ret = sysdb_sudo_set_last_full_refresh(state->sysdb, time(NULL)); + ret = sysdb_sudo_set_last_full_refresh(state->sysdb, state->domain, + time(NULL)); if (ret != EOK) { DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to save time of " "a successful full refresh\n")); diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c index 499db02f..3c438b93 100644 --- a/src/providers/ldap/sdap_sudo_cache.c +++ b/src/providers/ldap/sdap_sudo_cache.c @@ -57,6 +57,7 @@ static errno_t sdap_sudo_get_usn(TALLOC_CTX *mem_ctx, static errno_t sdap_save_native_sudorule(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, + struct sss_domain_info *domain, struct sdap_attr_map *map, struct sysdb_attrs *attrs, int cache_timeout, @@ -88,7 +89,7 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx, return ret; } - ret = sysdb_save_sudorule(sysdb_ctx, rule_name, attrs); + ret = sysdb_save_sudorule(sysdb_ctx, domain, rule_name, attrs); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name)); return ret; @@ -100,6 +101,7 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx, errno_t sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb_ctx, + struct sss_domain_info *domain, struct sdap_attr_map *map, struct sysdb_attrs **replies, size_t replies_count, @@ -129,7 +131,8 @@ sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx, for (i=0; iorig_username, user_sysdb, - NULL, &groupnames); + ret = sysdb_get_sudo_user_info(tmp_ctx, user_sysdb, cmd_ctx->domain, + cmd_ctx->orig_username, NULL, &groupnames); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve user info [%d]: %s\n", ret, strerror(ret))); @@ -619,8 +619,9 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, switch (cmd_ctx->type) { case SSS_SUDO_USER: debug_name = cmd_ctx->cased_username; - ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->orig_username, - user_sysdb, NULL, &groupnames); + ret = sysdb_get_sudo_user_info(tmp_ctx, user_sysdb, cmd_ctx->domain, + cmd_ctx->orig_username, + NULL, &groupnames); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve user info [%d]: %s\n", strerror(ret))); -- cgit