src/db/sysdb_selinux.c

4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny/*
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   SSSD
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   System Database - SELinux support
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   Copyright (C) Jan Zeleny <jzeleny@redhat.com>    2012
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   This program is free software; you can redistribute it and/or modify
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   it under the terms of the GNU General Public License as published by
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   the Free Software Foundation; either version 3 of the License, or
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   (at your option) any later version.
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   This program is distributed in the hope that it will be useful,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   but WITHOUT ANY WARRANTY; without even the implied warranty of
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   GNU General Public License for more details.
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   You should have received a copy of the GNU General Public License
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   along with this program.  If not, see <http://www.gnu.org/licenses/>.
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny*/
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny#include "util/sss_selinux.h"
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny#include "db/sysdb_selinux.h"
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny#include "db/sysdb_private.h"
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny/* Some generic routines */
7a1a56860993475d0025e7411547649abf09d32cJakub Hrozekenum selinux_entity_type {
7a1a56860993475d0025e7411547649abf09d32cJakub Hrozek    SELINUX_CONFIG,
7a1a56860993475d0025e7411547649abf09d32cJakub Hrozek    SELINUX_USER_MAP
7a1a56860993475d0025e7411547649abf09d32cJakub Hrozek};
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenystatic errno_t
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenysysdb_add_selinux_entity(struct sysdb_ctx *sysdb,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         struct ldb_dn *dn,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         const char *objectclass,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         struct sysdb_attrs *attrs,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         time_t now)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_message *msg;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg = ldb_msg_new(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!msg) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, objectclass);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_OP_FAILURE, "Could not set map object class [%d]: %s\n",
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov              ret, strerror(ret));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!now) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        now = time(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_time_t(attrs, SYSDB_CREATE_TIME, now);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg->dn = dn;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg->elements = attrs->a;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg->num_elements = attrs->num;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = ldb_add(sysdb->ldb, msg);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_error_to_errno(ret);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_TRACE_LIBS, "Error: %d (%s)\n", ret, strerror(ret));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_zfree(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozekstatic errno_t sysdb_store_selinux_entity(struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                          struct sysdb_attrs *attrs,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                          enum selinux_entity_type type)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    bool in_transaction = false;
8bbf89c5ab798c112773fe23515c3a9df56dde71Nick Guay    const char *objectclass = NULL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    const char *name;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    char *clean_name;
8bbf89c5ab798c112773fe23515c3a9df56dde71Nick Guay    struct ldb_dn *dn = NULL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t sret = EOK;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    time_t now;
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek    struct sysdb_ctx *sysdb = domain->sysdb;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    switch (type) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        case SELINUX_USER_MAP:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            objectclass = SYSDB_SELINUX_USERMAP_CLASS;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            ret = sysdb_attrs_get_string(attrs, SYSDB_NAME, &name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            ret = sysdb_dn_sanitize(tmp_ctx, name, &clean_name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SEUSERMAP,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                clean_name, domain->name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            break;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        case SELINUX_CONFIG:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            objectclass = SYSDB_SELINUX_CLASS;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SELINUX_BASE,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                domain->name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            break;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (type != SELINUX_CONFIG && type != SELINUX_USER_MAP) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "Bad SELinux entity type: [%d]\n", type);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = EINVAL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!dn) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_transaction_start(sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    in_transaction = true;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    now = time(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek    ret = sysdb_add_selinux_entity(sysdb, dn, objectclass, attrs, now);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek    ret = sysdb_set_entry_attr(sysdb, dn, attrs, SYSDB_MOD_REP);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    ret = sysdb_transaction_commit(sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    in_transaction = false;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (in_transaction) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        sret = sysdb_transaction_cancel(sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (sret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov            DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_MINOR_FAILURE, "Error: %d (%s)\n", ret, strerror(ret));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_zfree(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozekerrno_t sysdb_store_selinux_usermap(struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                    struct sysdb_attrs *attrs)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek    return sysdb_store_selinux_entity(domain, attrs, SELINUX_USER_MAP);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozekerrno_t sysdb_store_selinux_config(struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                   const char *default_user,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                   const char *order)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct sysdb_attrs *attrs;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    attrs = talloc_zero(NULL, struct sysdb_attrs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (attrs == NULL) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek    if (!order) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "The SELinux order is missing\n");
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek        return EINVAL;
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek    }
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek    if (default_user) {
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek        ret = sysdb_attrs_add_string(attrs, SYSDB_SELINUX_DEFAULT_USER,
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek                                    default_user);
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek        if (ret != EOK) {
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek            goto done;
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek        }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_string(attrs, SYSDB_SELINUX_DEFAULT_ORDER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                 order);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek    ret = sysdb_store_selinux_entity(domain, attrs, SELINUX_CONFIG);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_free(attrs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozekerrno_t sysdb_delete_usermaps(struct sss_domain_info *domain)
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek{
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    struct ldb_dn *dn = NULL;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    errno_t ret;
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek    struct sysdb_ctx *sysdb = domain->sysdb;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    dn = ldb_dn_new_fmt(sysdb, sysdb->ldb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                        SYSDB_TMPL_SELINUX_BASE, domain->name);
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    if (!dn) return ENOMEM;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    ret = sysdb_delete_recursive(sysdb, dn, true);
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    talloc_free(dn);
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    if (ret != EOK) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek        return ret;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    return EOK;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny/* --- SYSDB SELinux search routines --- */
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozekerrno_t
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozeksysdb_get_selinux_usermaps(TALLOC_CTX *mem_ctx,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                           struct sss_domain_info *domain,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                           const char **attrs,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                           size_t *count,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                           struct ldb_message ***messages)
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek{
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    errno_t ret;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    char *filter;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    struct ldb_dn *basedn;
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek    struct sysdb_ctx *sysdb = domain->sysdb;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    basedn = ldb_dn_new_fmt(mem_ctx, sysdb_ctx_get_ldb(sysdb),
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                            SYSDB_TMPL_SELINUX_BASE, domain->name);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    if (!basedn) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        return ENOMEM;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    }
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    filter = talloc_asprintf(mem_ctx, "(%s=%s)",
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                             SYSDB_OBJECTCLASS, SYSDB_SELINUX_USERMAP_CLASS);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    if (filter == NULL) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        talloc_free(basedn);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        return ENOMEM;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    }
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                             attrs, count, messages);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    talloc_free(basedn);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    talloc_free(filter);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    if (ret == ENOENT) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        *count = 0;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        *messages = NULL;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    } else if (ret) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        return ret;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    }
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    return EOK;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek}
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenyerrno_t sysdb_search_selinux_config(TALLOC_CTX *mem_ctx,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                    struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                    const char **attrs,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                    struct ldb_message **_config)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    const char *def_attrs[] = { SYSDB_SELINUX_DEFAULT_USER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                SYSDB_SELINUX_DEFAULT_ORDER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                NULL };
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_message **msgs;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    size_t msgs_count;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_dn *basedn;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek    basedn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                            SYSDB_TMPL_SELINUX_BASE, domain->name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!basedn) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek    ret = sysdb_search_entry(tmp_ctx, domain->sysdb, basedn, LDB_SCOPE_BASE,
17759fc794c22898d1db609b736fbcd77536d150Jakub Hrozek                             NULL, attrs?attrs:def_attrs, &msgs_count, &msgs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    *_config = talloc_steal(mem_ctx, msgs[0]);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret == ENOENT) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_TRACE_FUNC, "No SELinux root entry found\n");
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    } else if (ret) {
a3c8390d19593b1e5277d95bfb4ab206d4785150Nikolai Kondrashov        DEBUG(SSSDBG_TRACE_FUNC, "Error: %d (%s)\n", ret, strerror(ret));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_free(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny