From 5f73b623fc72e3b9b3590420825f30e618b4d4dd Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Tue, 26 Jun 2012 13:00:10 +0200 Subject: sudo ldap provider: load host filter configuration on init We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS). --- src/providers/ldap/sdap_sudo.c | 55 +++++++++++++++++++++++++++++++++++++++--- 1 file changed, 52 insertions(+), 3 deletions(-) (limited to 'src/providers/ldap/sdap_sudo.c') diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 80549bfa..806c8b3a 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -104,6 +104,7 @@ struct bet_ops sdap_sudo_ops = { .finalize = sdap_sudo_shutdown }; +static void sdap_sudo_get_hostinfo_done(struct tevent_req *req); int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx); int sdap_sudo_init(struct be_ctx *be_ctx, @@ -112,6 +113,7 @@ int sdap_sudo_init(struct be_ctx *be_ctx, void **pvt_data) { struct sdap_sudo_ctx *sudo_ctx = NULL; + struct tevent_req *req = NULL; int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n")); @@ -127,20 +129,67 @@ int sdap_sudo_init(struct be_ctx *be_ctx, *pvt_data = sudo_ctx; ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, - be_ctx->conf_path, id_ctx->opts); + be_ctx->conf_path, id_ctx->opts, + &sudo_ctx->use_host_filter, + &sudo_ctx->include_regexp, + &sudo_ctx->include_netgroups); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n", ret, strerror(ret))); return ret; } + req = sdap_sudo_get_hostinfo_send(sudo_ctx, id_ctx->opts, be_ctx); + if (req == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - " + "(host filter will be disabled)\n")); + + sudo_ctx->use_host_filter = false; + + ret = sdap_sudo_setup_periodical_refresh(sudo_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Unable to setup periodical refresh" + "of sudo rules [%d]: %s\n", ret, strerror(ret))); + /* periodical updates will not work, but specific-rule update + * is no affected by this, therefore we don't have to fail here */ + } + } else { + tevent_req_set_callback(req, sdap_sudo_get_hostinfo_done, sudo_ctx); + } + + return EOK; +} + +static void sdap_sudo_get_hostinfo_done(struct tevent_req *req) +{ + struct sdap_sudo_ctx *sudo_ctx = NULL; + char **hostnames = NULL; + char **ip_addr = NULL; + int ret; + + sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); + + ret = sdap_sudo_get_hostinfo_recv(sudo_ctx, req, &hostnames, &ip_addr); + talloc_zfree(req); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - " + "(host filter will be disabled) [%d]: %s\n", ret, strerror(ret))); + sudo_ctx->use_host_filter = false; + return; + } + + talloc_zfree(sudo_ctx->hostnames); + talloc_zfree(sudo_ctx->ip_addr); + + sudo_ctx->hostnames = talloc_move(sudo_ctx, &hostnames); + sudo_ctx->ip_addr = talloc_move(sudo_ctx, &ip_addr); + ret = sdap_sudo_setup_periodical_refresh(sudo_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to setup periodical refresh" "of sudo rules [%d]: %s\n", ret, strerror(ret))); } - - return EOK; } int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx) -- cgit