src/db/sysdb_selinux.c

	sysdb_selinux.c revision 740870643f337ce70d85f25f9ed057cd1f91028c
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny/*
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   SSSD
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   System Database - SELinux support
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   Copyright (C) Jan Zeleny <jzeleny@redhat.com>    2012
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   This program is free software; you can redistribute it and/or modify
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   it under the terms of the GNU General Public License as published by
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   the Free Software Foundation; either version 3 of the License, or
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   (at your option) any later version.
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   This program is distributed in the hope that it will be useful,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   but WITHOUT ANY WARRANTY; without even the implied warranty of
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   GNU General Public License for more details.
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   You should have received a copy of the GNU General Public License
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny   along with this program.  If not, see <http://www.gnu.org/licenses/>.
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny*/
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny#include "util/sss_selinux.h"
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny#include "db/sysdb_selinux.h"
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny#include "db/sysdb_private.h"
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny/* Some generic routines */
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenystatic errno_t
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenysysdb_add_selinux_entity(struct sysdb_ctx *sysdb,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         struct ldb_dn *dn,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         const char *objectclass,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         struct sysdb_attrs *attrs,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                         time_t now)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_message *msg;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg = ldb_msg_new(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!msg) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, objectclass);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_OP_FAILURE, ("Could not set map object class [%d]: %s\n",
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny              ret, strerror(ret)));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!now) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        now = time(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_time_t(attrs, SYSDB_CREATE_TIME, now);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg->dn = dn;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg->elements = attrs->a;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    msg->num_elements = attrs->num;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = ldb_add(sysdb->ldb, msg);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_error_to_errno(ret);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_TRACE_LIBS, ("Error: %d (%s)\n", ret, strerror(ret)));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_zfree(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenystatic errno_t sysdb_store_selinux_entity(struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                          struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                          struct sysdb_attrs *attrs,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                          enum selinux_entity_type type)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    bool in_transaction = false;
8bbf89c5ab798c112773fe23515c3a9df56dde71Nick Guay    const char *objectclass = NULL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    const char *name;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    char *clean_name;
8bbf89c5ab798c112773fe23515c3a9df56dde71Nick Guay    struct ldb_dn *dn = NULL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t sret = EOK;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    time_t now;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    switch (type) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        case SELINUX_USER_MAP:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            objectclass = SYSDB_SELINUX_USERMAP_CLASS;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            ret = sysdb_attrs_get_string(attrs, SYSDB_NAME, &name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            ret = sysdb_dn_sanitize(tmp_ctx, name, &clean_name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SEUSERMAP,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                clean_name, domain->name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            break;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        case SELINUX_CONFIG:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            objectclass = SYSDB_SELINUX_CLASS;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SELINUX_BASE,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                domain->name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            break;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (type != SELINUX_CONFIG && type != SELINUX_USER_MAP) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_CRIT_FAILURE, ("Bad SELinux entity type: [%d]\n", type));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = EINVAL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!dn) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_transaction_start(sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret != EOK) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    in_transaction = true;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    now = time(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek    ret = sysdb_add_selinux_entity(sysdb, dn, objectclass, attrs, now);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek    ret = sysdb_set_entry_attr(sysdb, dn, attrs, SYSDB_MOD_REP);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    ret = sysdb_transaction_commit(sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    if (ret != EOK) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        goto done;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek    in_transaction = false;
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (in_transaction) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        sret = sysdb_transaction_cancel(sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek        if (sret != EOK) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek            DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_MINOR_FAILURE, ("Error: %d (%s)\n", ret, strerror(ret)));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_zfree(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenyerrno_t sysdb_store_selinux_usermap(struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                    struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                    struct sysdb_attrs *attrs)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce    return sysdb_store_selinux_entity(sysdb, domain, attrs, SELINUX_USER_MAP);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenyerrno_t sysdb_store_selinux_config(struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                   struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                   const char *default_user,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                   const char *order)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct sysdb_attrs *attrs;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    attrs = talloc_zero(NULL, struct sysdb_attrs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (attrs == NULL) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek    if (!order) {
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek        DEBUG(SSSDBG_CRIT_FAILURE, ("The SELinux order is missing\n"));
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek        return EINVAL;
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek    }
ebb1f28998c06984765e3e78d30911c1c3ec84e2Jakub Hrozek
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek    if (default_user) {
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek        ret = sysdb_attrs_add_string(attrs, SYSDB_SELINUX_DEFAULT_USER,
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek                                    default_user);
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek        if (ret != EOK) {
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek            goto done;
894d18ff4178f40a18bbfece8fae270d8307eac6Jakub Hrozek        }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_attrs_add_string(attrs, SYSDB_SELINUX_DEFAULT_ORDER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                 order);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce    ret = sysdb_store_selinux_entity(sysdb, domain, attrs, SELINUX_CONFIG);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_free(attrs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorceerrno_t sysdb_delete_usermaps(struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                              struct sss_domain_info *domain)
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek{
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    struct ldb_dn *dn = NULL;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    errno_t ret;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    dn = ldb_dn_new_fmt(sysdb, sysdb->ldb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                        SYSDB_TMPL_SELINUX_BASE, domain->name);
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    if (!dn) return ENOMEM;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    ret = sysdb_delete_recursive(sysdb, dn, true);
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    talloc_free(dn);
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    if (ret != EOK) {
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek        DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb_delete_recursive failed.\n"));
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek        return ret;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek    return EOK;
ecfd767c65c39414a86937380b9986c6d2e0aecfJakub Hrozek}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny/* --- SYSDB SELinux search routines --- */
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenyerrno_t sysdb_search_selinux_usermap_by_mapname(TALLOC_CTX *mem_ctx,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                                struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                                struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                                const char *name,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                                const char **attrs,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                                struct ldb_message **_usermap)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    const char *def_attrs[] = { SYSDB_NAME,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                SYSDB_USER_CATEGORY,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                SYSDB_HOST_CATEGORY,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                SYSDB_ORIG_MEMBER_USER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                SYSDB_ORIG_MEMBER_HOST,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                SYSDB_SELINUX_USER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                NULL };
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_message **msgs = NULL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_dn *basedn;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    size_t msgs_count = 0;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    char *clean_name;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    int ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_dn_sanitize(tmp_ctx, name, &clean_name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SEUSERMAP,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                            clean_name, domain->name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!basedn) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                             attrs?attrs:def_attrs, &msgs_count, &msgs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    *_usermap = talloc_steal(mem_ctx, msgs[0]);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret == ENOENT) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n"));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    else if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_zfree(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozekerrno_t
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozeksysdb_get_selinux_usermaps(TALLOC_CTX *mem_ctx,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                           struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                           struct sss_domain_info *domain,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                           const char **attrs,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                           size_t *count,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                           struct ldb_message ***messages)
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek{
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    errno_t ret;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    char *filter;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    struct ldb_dn *basedn;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    basedn = ldb_dn_new_fmt(mem_ctx, sysdb_ctx_get_ldb(sysdb),
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                            SYSDB_TMPL_SELINUX_BASE, domain->name);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    if (!basedn) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        return ENOMEM;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    }
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    filter = talloc_asprintf(mem_ctx, "(%s=%s)",
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                             SYSDB_OBJECTCLASS, SYSDB_SELINUX_USERMAP_CLASS);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    if (filter == NULL) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        talloc_free(basedn);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        return ENOMEM;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    }
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    ret = sysdb_search_entry(mem_ctx, sysdb, basedn, LDB_SCOPE_SUBTREE, filter,
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek                             attrs, count, messages);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    talloc_free(basedn);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    talloc_free(filter);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    if (ret == ENOENT) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        *count = 0;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        *messages = NULL;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    } else if (ret) {
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek        return ret;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    }
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    return EOK;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek}
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenyerrno_t sysdb_search_selinux_usermap_by_username(TALLOC_CTX *mem_ctx,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                                 struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                                 struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                                 const char *username,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                                 struct ldb_message ***_usermaps)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    struct ldb_message **msgs = NULL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    const char *attrs[] = { SYSDB_NAME,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                            SYSDB_USER_CATEGORY,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                            SYSDB_HOST_CATEGORY,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                            SYSDB_ORIG_MEMBER_USER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                            SYSDB_ORIG_MEMBER_HOST,
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                            SYSDB_SELINUX_HOST_PRIORITY,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                            SYSDB_SELINUX_USER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                            NULL };
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct sysdb_attrs *user;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct sysdb_attrs *tmp_attrs;
f004e23af14fe020d81b8f97f30b448105b79606Jakub Hrozek    struct ldb_message **usermaps = NULL;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    size_t msgs_count = 0;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    size_t usermaps_cnt;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny    uint32_t priority = 0;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny    uint32_t host_priority = 0;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny    uint32_t top_priority = 0;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    int i;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    /* Now extract user attributes */
2ce00e0d3896bb42db169d1e79553a81ca837a22Simo Sorce    ret = sss_selinux_extract_user(tmp_ctx, sysdb, domain, username, &user);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret != EOK) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    /* Now extract all SELinux user maps */
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce    ret = sysdb_get_selinux_usermaps(tmp_ctx, sysdb, domain,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                     attrs, &msgs_count, &msgs);
6f0daa807ac0bb560353c5d5e25638cf1972f79fJakub Hrozek    if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    /* Now filter those that match */
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_attrs = talloc_zero(tmp_ctx, struct sysdb_attrs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (tmp_attrs == NULL) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    usermaps = talloc_zero_array(tmp_ctx, struct ldb_message *, msgs_count + 1);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (usermaps == NULL) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    usermaps_cnt = 0;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    for (i = 0; i < msgs_count; i++) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        tmp_attrs->a = msgs[i]->elements;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        tmp_attrs->num = msgs[i]->num_elements;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny        if (sss_selinux_match(tmp_attrs, user, NULL, &priority)) {
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            priority &= ~(SELINUX_PRIORITY_HOST_NAME |
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                          SELINUX_PRIORITY_HOST_GROUP |
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                          SELINUX_PRIORITY_HOST_CAT);
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            /* Now figure out host priority */
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            ret = sysdb_attrs_get_uint32_t(tmp_attrs,
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                                           SYSDB_SELINUX_HOST_PRIORITY,
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                                           &host_priority);
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            if (ret != EOK) {
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                continue;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            }
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            priority += host_priority;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            if (priority < top_priority) {
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                /* This rule has lower priority than what we already have,
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                 * skip it */
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                continue;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            } else if (priority > top_priority) {
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                /* If the rule has higher priority, drop what we already
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                 * have */
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                while (usermaps_cnt > 0) {
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                    usermaps_cnt--;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                    talloc_zfree(usermaps[usermaps_cnt]);
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                }
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny                top_priority = priority;
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny            }
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            usermaps[usermaps_cnt] = talloc_steal(usermaps, msgs[i]);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            usermaps_cnt++;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        } else {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny            talloc_zfree(msgs[i]);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    *_usermaps = talloc_steal(mem_ctx, usermaps);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
21b3c8aff20d1987add2a93561653a3d6a9685d4Jakub Hrozek    ret = EOK;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_zfree(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenyerrno_t sysdb_search_selinux_config(TALLOC_CTX *mem_ctx,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                    struct sysdb_ctx *sysdb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                                    struct sss_domain_info *domain,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                    const char **attrs,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                    struct ldb_message **_config)
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny{
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    TALLOC_CTX *tmp_ctx;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    const char *def_attrs[] = { SYSDB_SELINUX_DEFAULT_USER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                SYSDB_SELINUX_DEFAULT_ORDER,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                                NULL };
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_message **msgs;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    size_t msgs_count;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    struct ldb_dn *basedn;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    errno_t ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    tmp_ctx = talloc_new(NULL);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!tmp_ctx) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        return ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce    basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb,
740870643f337ce70d85f25f9ed057cd1f91028cSimo Sorce                            SYSDB_TMPL_SELINUX_BASE, domain->name);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (!basedn) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        ret = ENOMEM;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL,
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny                             attrs?attrs:def_attrs, &msgs_count, &msgs);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        goto done;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    *_config = talloc_steal(mem_ctx, msgs[0]);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zelenydone:
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    if (ret == ENOENT) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_TRACE_FUNC, ("No SELinux root entry found\n"));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    } else if (ret) {
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny        DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret)));
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    }
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    talloc_free(tmp_ctx);
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny    return ret;
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny}
4c11f752e1f10cf5740d53a3206bb795e9e34fe8Jan Zeleny