sysdb_ssh.c revision 3ac7c4fe618ede980a4df8d90341ef1fd0f1f62f
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher/*
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher Authors:
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher Jan Cholasta <jcholast@redhat.com>
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher
8c294c1cd4d721818a59684cf7f2b36123f79163Stephen Gallagher Copyright (C) 2012 Red Hat
c252d148fa8ab50aaaa8bbae7beb4d208025171dNikolai Kondrashov
9542512d7be40f2000298c86d3d2b728f4f0f65aStephen Gallagher This program is free software; you can redistribute it and/or modify
9542512d7be40f2000298c86d3d2b728f4f0f65aStephen Gallagher it under the terms of the GNU General Public License as published by
9542512d7be40f2000298c86d3d2b728f4f0f65aStephen Gallagher the Free Software Foundation; either version 3 of the License, or
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov (at your option) any later version.
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov This program is distributed in the hope that it will be useful,
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov but WITHOUT ANY WARRANTY; without even the implied warranty of
c6e39e15178675d0779e0ae855245774a09b4eb5Nikolai Kondrashov MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
fd5a4eacd56700ffb08a73121aeacdc806cb0132Sumit Bose GNU General Public License for more details.
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher You should have received a copy of the GNU General Public License
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher along with this program. If not, see <http://www.gnu.org/licenses/>.
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher*/
8b1f525acd20f36c836e827de3c251088961c5d9Stephen Gallagher
84ae5edab16ad6be5e3be956cb6fa031c1428eb5Stephen Gallagher#include <talloc.h>
9d453f1e8b28983b363b44c49b7cd701a994fd97Nikolai Kondrashov
428db8a58c0c149d5efccc6d788f70916c1d34d7Jakub Hrozek#include "db/sysdb_ssh.h"
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher#include "db/sysdb_private.h"
df4cc3a83c5d6700b6a09ff96cb4a6b1949b1aa9Stephen Gallagher
df4cc3a83c5d6700b6a09ff96cb4a6b1949b1aa9Stephen Gallagherstatic struct ldb_dn *
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallaghersysdb_ssh_host_dn(TALLOC_CTX *mem_ctx,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher struct sss_domain_info *domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *name)
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher{
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher return sysdb_custom_dn(mem_ctx, domain, name, SSH_HOSTS_SUBDIR);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher}
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherstatic errno_t
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallaghersysdb_update_ssh_host(struct sss_domain_info *domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *name,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher struct sysdb_attrs *attrs)
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher{
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher errno_t ret;
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Bose
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Bose ret = sysdb_store_custom(domain, name, SSH_HOSTS_SUBDIR,
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Bose attrs);
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose if (ret != EOK) {
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose DEBUG(SSSDBG_OP_FAILURE,
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose "Error storing host %s [%d]: %s\n", name, ret, strerror(ret));
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke return ret;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke }
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
f3c85d900c4663854cc7bbae7d9f77867ed1f69bSumit Bose return EOK;
f3c85d900c4663854cc7bbae7d9f77867ed1f69bSumit Bose}
f3c85d900c4663854cc7bbae7d9f77867ed1f69bSumit Bose
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallaghererrno_t
2a552e43581c74f51205c7141ec9f6e9542509f8Stephen Gallaghersysdb_store_ssh_host(struct sss_domain_info *domain,
2a552e43581c74f51205c7141ec9f6e9542509f8Stephen Gallagher const char *name,
8214510f125879c3b1d247f2ce981ee20b5375d1Jakub Hrozek const char *alias,
1a59af8245f183f22d87d067a90197d8e2ea958dJakub Hrozek int cache_timeout,
a5bb518446d5ce565d7ba819590a009cabb0b0b4Jakub Hrozek time_t now,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher struct sysdb_attrs *attrs)
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher{
d921c1eba437662437847279f251a0a5d8f70127Maxim TALLOC_CTX *tmp_ctx;
2cbdd12983eb85eddb90f64cfafb24eae5b448f4Jakub Hrozek errno_t ret, sret;
b9c8ce2bdd4045782c243605a1b999098bedcffcNoam Meltzer bool in_transaction = false;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *search_attrs[] = { SYSDB_NAME_ALIAS, NULL };
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher bool new_alias;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher struct ldb_message *host = NULL;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher struct ldb_message_element *el;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher unsigned int i;
eb2e21b764d03544d8161e9956d7f70b07b75f77Simo Sorce
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, "Storing host %s\n", name);
2a5790216f57e9bdfb2930d52860bb5300366536Jakub Hrozek
5377441d7a846461c2d9a7a870cea711360a529aNikolai Kondrashov tmp_ctx = talloc_new(NULL);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (!tmp_ctx) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher return ENOMEM;
32381402a4a9afc003782c9e2301fc59c9bda2a9Yassir Elley }
dbfc407eef1d9ba2469687c3ffbe7fd8bb111d94Jakub Hrozek
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher ret = sysdb_transaction_start(domain->sysdb);
4b6a0d0b3d42e5fdb457f47d9adfa5e66b160256Stephen Gallagher if (ret != EOK) {
e124844907ed6973915e4d56f5442ecd07535a12Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
5484044ea7bb632b915f706685fce509f6eacc48Jakub Hrozek goto done;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
b32159300fea63222d8dd9200ed634087704ea74Stephen Gallagher
b32159300fea63222d8dd9200ed634087704ea74Stephen Gallagher in_transaction = true;
87d3b47abba6a40fcf809c85a2b138bc1013d9c5Jakub Hrozek
bc13c352ba9c2877f1e9bc62e55ad60fc000a55dJakub Hrozek ret = sysdb_get_ssh_host(tmp_ctx, domain, name, search_attrs, &host);
bc13c352ba9c2877f1e9bc62e55ad60fc000a55dJakub Hrozek if (ret != EOK && ret != ENOENT) {
bc13c352ba9c2877f1e9bc62e55ad60fc000a55dJakub Hrozek goto done;
bc13c352ba9c2877f1e9bc62e55ad60fc000a55dJakub Hrozek }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS, SYSDB_SSH_HOST_OC);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (ret != EOK) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_OP_FAILURE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher "Could not set object class [%d]: %s\n", ret, strerror(ret));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher goto done;
054b5d4bb98973698f74d66b14ccd14394b53f10Lukas Slebodnik }
054b5d4bb98973698f74d66b14ccd14394b53f10Lukas Slebodnik
a3d176d116ceccd6a7547c128fab5df5cdd2c2b6Michal Zidek ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, name);
a3d176d116ceccd6a7547c128fab5df5cdd2c2b6Michal Zidek if (ret != EOK) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_OP_FAILURE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher "Could not set name attribute [%d]: %s\n", ret, strerror(ret));
4f6931e854c698dcb1c09f99eb330ce2fb97e7c6Lukas Slebodnik goto done;
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (alias) {
558998ce664055a75595371118f818084d8f2b23Jan Cholasta new_alias = true;
558998ce664055a75595371118f818084d8f2b23Jan Cholasta
9a3e40dc49c1e38bf58e45be5adff37615f3910bJan Cholasta /* copy aliases from the existing entry */
9a3e40dc49c1e38bf58e45be5adff37615f3910bJan Cholasta if (host) {
558998ce664055a75595371118f818084d8f2b23Jan Cholasta el = ldb_msg_find_element(host, SYSDB_NAME_ALIAS);
558998ce664055a75595371118f818084d8f2b23Jan Cholasta
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (el) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher for (i = 0; i < el->num_values; i++) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (strcmp((char *)el->values[i].data, alias) == 0) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher new_alias = false;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_val(attrs,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher SYSDB_NAME_ALIAS, &el->values[i]);
c737e1444fb186e349e59bfa9dac4995b720b4b1Jan Zeleny if (ret != EOK) {
f1828234a850dd28465425248a83a993f262918fPavel Březina DEBUG(SSSDBG_OP_FAILURE,
6ea6ec5cb7d9985e2730fb9d4657624d10aed4d8Nick Guay "Could not add name alias %s [%d]: %s\n",
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina el->values[i].data, ret, strerror(ret));
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina goto done;
b69cb1787209e85cc246eb9a944242689bfe0c46Pavel Březina }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher /* add alias only if it is not already present */
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (new_alias) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_attrs_add_string(attrs, SYSDB_NAME_ALIAS, alias);
1746e8b8399da2a7a8da4aace186f66055ccfec1Jakub Hrozek if (ret != EOK) {
1746e8b8399da2a7a8da4aace186f66055ccfec1Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE,
1746e8b8399da2a7a8da4aace186f66055ccfec1Jakub Hrozek "Could not add name alias %s [%d]: %s\n",
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina alias, ret, strerror(ret));
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina goto done;
2827b0d03f7b6bafa504d22a5d7ca39cbda048b3Pavel Březina }
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek }
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek }
9e80079370ff3b943832adc3c5ef430e64be0a0cJakub Hrozek
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta /* make sure sshPublicKey is present when modifying an existing host */
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta if (host) {
e7311aec8d691e5427317442387af1bc8fff3742Jan Cholasta ret = sysdb_attrs_get_el(attrs, SYSDB_SSH_PUBKEY, &el);
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek if (ret != EOK) {
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek DEBUG(SSSDBG_OP_FAILURE,
cb4d5b588e704114b7090678752d33512baa718eJakub Hrozek "Could not get sysdb sshPublicKey [%d]: %s\n",
19d3aba12c70528708be9440aca66038a291f29eYassir Elley ret, strerror(ret));
19d3aba12c70528708be9440aca66038a291f29eYassir Elley goto done;
19d3aba12c70528708be9440aca66038a291f29eYassir Elley }
f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozek }
f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozek
f3a25949de81f80c136bb073e4a8f504b080c20cJakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_LAST_UPDATE, now);
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose if (ret != EOK) {
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose DEBUG(SSSDBG_OP_FAILURE,
3be9e26dcd169d44ae105f1b8a0674464c700b77Sumit Bose "Could not set sysdb lastUpdate [%d]: %s\n",
5484044ea7bb632b915f706685fce509f6eacc48Jakub Hrozek ret, strerror(ret));
5484044ea7bb632b915f706685fce509f6eacc48Jakub Hrozek goto done;
3be9e26dcd169d44ae105f1b8a0674464c700b77Sumit Bose }
3be9e26dcd169d44ae105f1b8a0674464c700b77Sumit Bose
45726939a48e605b0166521f94300ae04981a3a7Sumit Bose ret = sysdb_attrs_add_time_t(attrs, SYSDB_CACHE_EXPIRE,
5484044ea7bb632b915f706685fce509f6eacc48Jakub Hrozek cache_timeout ? (now + cache_timeout) : 0);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (ret != EOK) {
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose DEBUG(SSSDBG_OP_FAILURE, "Could not set sysdb cache expire [%d]: %s\n",
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose ret, strerror(ret));
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose goto done;
b9e5bd09a5ff7009537a18914dbebcf10498f592Sumit Bose }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_update_ssh_host(domain, name, attrs);
36ccdecd053a9ad88dce86b8c84770dc2aa11d21Simo Sorce if (ret != EOK) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher goto done;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = sysdb_transaction_commit(domain->sysdb);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (ret != EOK) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher goto done;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher in_transaction = false;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
effcbdb12c7ef892f1fd92a745cb33a08ca4ba30Stephen Gallagher ret = EOK;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
69aaef8719c5cf33ed1c4090fa313ba281bf8a02Jakub Hrozekdone:
4dd615c01357b8715711aad6820ba9595d3ad377Stephen Gallagher if (in_transaction) {
fe60346714a73ac3987f786731389320633dd245Pavel Březina sret = sysdb_transaction_cancel(domain->sysdb);
a6098862048d4bb469130b9ff21be3020d6f2c54Sumit Bose if (sret != EOK) {
2d257ccf620ce1b611f89cec8f0a94c88c2f2881Sumit Bose DEBUG(SSSDBG_CRIT_FAILURE, "Could not cancel transaction\n");
b9d8c6172e48a2633ebe196b2e88bebdf9523c20Stef Walter }
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek }
e5e8252ec48bfdd4e7529debc705c8e090264b9aSumit Bose
71e7918be3ca5d38794a16a17f6b4f19a24d51fcPavel Březina talloc_free(tmp_ctx);
8359bf07a2e6c0181251ce8d5d9160dc57546c55Stephen Gallagher
71e7918be3ca5d38794a16a17f6b4f19a24d51fcPavel Březina return ret;
71e7918be3ca5d38794a16a17f6b4f19a24d51fcPavel Březina}
bbaba8b3ef9bc101863b8687f234f4ee956caacdPavel Březina
80314a6f3ea8d81abe73d501d5b953a256cb2167Pavel Březinaerrno_t
80314a6f3ea8d81abe73d501d5b953a256cb2167Pavel Březinasysdb_set_ssh_host_attr(struct sss_domain_info *domain,
bbaba8b3ef9bc101863b8687f234f4ee956caacdPavel Březina const char *name,
bbaba8b3ef9bc101863b8687f234f4ee956caacdPavel Březina struct sysdb_attrs *attrs,
80314a6f3ea8d81abe73d501d5b953a256cb2167Pavel Březina int mod_op)
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek{
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek errno_t ret;
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek struct ldb_dn *dn;
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek TALLOC_CTX *tmp_ctx;
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek tmp_ctx = talloc_new(NULL);
4bd20c075f0f187db0181dc53d00ab6cd47fdb4dJakub Hrozek if (!tmp_ctx) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher return ENOMEM;
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek }
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek
a65a64aee968bd2ac18156ced15a1e2509a8acbaAbhishek Singh dn = sysdb_ssh_host_dn(tmp_ctx, domain, name);
ae6c1596225c65bec2a2dabff9eee4e3e0691181Abhishek Singh if (!dn) {
2a9af1f71887f02935e2fb6ad5023afba5b6d43eSumit Bose ret = ENOMEM;
d00ffd2cb4e2f17c75b466178bb645b5c9317909Pallavi Jha goto done;
461da2984c747708e8badd27fa55ef879f40e712Pallavi Jha }
9cb46bc62f22e0104f1b41a423b014c281ef5fc2Jakub Hrozek
777374243e15c53e7b0a7345e190c1018920be18Jakub Hrozek ret = sysdb_set_entry_attr(domain->sysdb, dn, attrs, mod_op);
d064fef06dcbcb5f6c1be03e286b1a3433d6dfd7Sumit Bose
e046ae03d0f55b1c8b0ec2fa6139bf86a3449adfPavel Březinadone:
939246537b0b9a4af6862c513d3919501ad57d92Sumit Bose talloc_free(tmp_ctx);
f69f3581658351003a6d9245045e41d0efb85022Sumit Bose return ret;
1ce58f139699dd26b8888f4131c996263b6a80a5Jakub Hrozek}
72ae534f5aef6d2e5d3f2f51299aede5abf9687eJakub Hrozek
90afedb00608547ae1f32aa7aafd552c4b306909Jakub Hrozekerrno_t
7caf7ed4f2eae1ec1c0717b4ee6ce78bdacd5926Jakub Hrozeksysdb_update_ssh_known_host_expire(struct sss_domain_info *domain,
0161a3c5637a0c0092bf54c436bb3d6508d7df26Jakub Hrozek const char *name,
f43c6a9ae2aea13b7a83fd932139f9352efbfcadPavel Březina time_t now,
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek int known_hosts_timeout)
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl{
50b8a36b0932a510e825ed1ad8103f81ead2b7d8Pavel Reichl TALLOC_CTX *tmp_ctx;
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek errno_t ret;
a524965fbe0551f1b3a68f1e5c7a5689a652998fSumit Bose struct sysdb_attrs *attrs;
526a15438525417cd701f837d7085b7f8c8a6325Jakub Hrozek
1d93029624d708119bbf803e6647a2cbb271f001Sumit Bose DEBUG(SSSDBG_TRACE_FUNC,
a5623363d6042290fe652a1ca5ce5a85a821236fPavel Březina "Updating known_hosts expire time of host %s\n", name);
802385896dc1c4e7b8bbd40dcfe3cd131f68e696Sumit Bose
a0ab15ceb80290db80c2052520830a95390de385Sumit Bose tmp_ctx = talloc_new(NULL);
e00c2b5ac4963de9521599c88597b7fb97339d0eJakub Hrozek if (!tmp_ctx) {
360a4be4266d6a72be99dfd252623dc0527f5b84Pavel Březina return ENOMEM;
3a8f6b575f4019f21c9425a26f1b346c08a197aePavel Březina }
8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6dJakub Hrozek
ea422c7061072c125eb53b40d7f3ca444d886913Sumit Bose attrs = sysdb_new_attrs(tmp_ctx);
89ddc9ed474e9ac2b1e7bccb0a58610babf26cf8Jakub Hrozek if (!attrs) {
f4025ea817b3467be1c2e6092014a11fe4547c0dJakub Hrozek ret = ENOMEM;
01ec08efd0e166ac6f390f8627c6d08dcc63ccc4Jakub Hrozek goto done;
bf01e8179cbb2be476805340636098deda7e1366Sumit Bose }
6cb5bad3c8e2f35ca9dce1800a506d626f90c079Lukas Slebodnik
99c5f2f6ba0af6ce52be0d82ec2794bacc215742Jakub Hrozek ret = sysdb_attrs_add_time_t(attrs, SYSDB_SSH_KNOWN_HOSTS_EXPIRE,
b407fe0474a674bb42f0f42ab47c7f530a07a367Pavel Březina now + known_hosts_timeout);
e592d5f157be869151983bd1b46d6f4f7a29daafJakub Hrozek if (ret != EOK) {
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek DEBUG(SSSDBG_OP_FAILURE,
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek "Could not set known_hosts expire time [%d]: %s\n",
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek ret, strerror(ret));
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek goto done;
bf54fbed126ec3d459af40ea370ffadacd31c76dJakub Hrozek }
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek ret = sysdb_update_ssh_host(domain, name, attrs);
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek if (ret != EOK) {
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek goto done;
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik }
99f8be128274eba264ea1434a7eb2800bced5902Lukas Slebodnik
99f8be128274eba264ea1434a7eb2800bced5902Lukas Slebodnik ret = EOK;
99f8be128274eba264ea1434a7eb2800bced5902Lukas Slebodnik
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnikdone:
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik talloc_free(tmp_ctx);
f92ace4a52602e8c38a34f2392bec3deeac2ddddJakub Hrozek
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek return ret;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher}
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
f232789430a080384188d5da89b19d874cf17513Jakub Hrozekerrno_t
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozeksysdb_delete_ssh_host(struct sss_domain_info *domain,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher const char *name)
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher{
9f521c61c17cecd9625ebc1b33c666fa3488622cJakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, "Deleting host %s\n", name);
fb3c5cdfcda069a5fbeb7b9d200c0881911364b8Jakub Hrozek return sysdb_delete_custom(domain, name, SSH_HOSTS_SUBDIR);
9f521c61c17cecd9625ebc1b33c666fa3488622cJakub Hrozek}
9f521c61c17cecd9625ebc1b33c666fa3488622cJakub Hrozek
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallaghererrno_t
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallaghersysdb_search_ssh_hosts(TALLOC_CTX *mem_ctx,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik struct sss_domain_info *domain,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik const char *filter,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik const char **attrs,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik size_t *num_hosts,
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik struct ldb_message ***hosts)
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik{
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik errno_t ret;
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik TALLOC_CTX *tmp_ctx;
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik struct ldb_message **results;
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik size_t num_results;
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher tmp_ctx = talloc_new(NULL);
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher if (!tmp_ctx) {
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik return ENOMEM;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
bf5a808fa92007c325c3996e79694badfab201d4Stephen Gallagher
150b76e13b7c4f3ccf1d709bf517ca2af6b2c9a2Jakub Hrozek ret = sysdb_search_custom(tmp_ctx, domain, filter,
cbff3fcdce5b0377a62fbe74f32e476efbf7ca9cNikolai Kondrashov SSH_HOSTS_SUBDIR, attrs,
cbff3fcdce5b0377a62fbe74f32e476efbf7ca9cNikolai Kondrashov &num_results, &results);
cbff3fcdce5b0377a62fbe74f32e476efbf7ca9cNikolai Kondrashov if (ret != EOK && ret != ENOENT) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_CRIT_FAILURE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher "Error looking up host [%d]: %s\n",
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret, strerror(ret));
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher goto done;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher } if (ret == ENOENT) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher DEBUG(SSSDBG_TRACE_FUNC, "No such host\n");
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher *hosts = NULL;
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik *num_hosts = 0;
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik goto done;
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik }
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik *hosts = talloc_steal(mem_ctx, results);
a2e417f38c57ed87c956ddcecf4dafca93842b65Lukas Slebodnik *num_hosts = num_results;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = EOK;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagherdone:
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher talloc_free(tmp_ctx);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher return ret;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher}
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Boseerrno_t
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Bosesysdb_get_ssh_host(TALLOC_CTX *mem_ctx,
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Bose struct sss_domain_info *domain,
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Bose const char *name,
8a5e793a0576250da80371e53aa3e7eba15cdb63Sumit Bose const char **attrs,
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose struct ldb_message **host)
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose{
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose TALLOC_CTX *tmp_ctx;
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose errno_t ret;
90fd1bbd6035cdab46faa3a695a2fb2be6508b17Sumit Bose const char *filter;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke struct ldb_message **hosts;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke size_t num_hosts;
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke tmp_ctx = talloc_new(NULL);
af4ffe1001adcc0a96897e426d26444f07af9aa1Benjamin Franzke if (!tmp_ctx) {
96453f402831275a39d5fb89c33c9776e148d03fStephen Gallagher return ENOMEM;
96453f402831275a39d5fb89c33c9776e148d03fStephen Gallagher }
25d4435998d0446f7699e7ab0874c7a6f610ab58Lukas Slebodnik
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME, name);
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik if (!filter) {
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik ret = ENOMEM;
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik goto done;
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik }
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik ret = sysdb_search_ssh_hosts(tmp_ctx, domain, filter, attrs,
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik &num_hosts, &hosts);
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik if (ret != EOK) {
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik goto done;
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik }
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik if (num_hosts > 1) {
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik ret = EINVAL;
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik DEBUG(SSSDBG_CRIT_FAILURE,
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik "Found more than one host with name %s\n", name);
4a5a18f489f4d19aa0571528a7f0c7a8d35ac83fLukas Slebodnik goto done;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher }
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher *host = talloc_steal(mem_ctx, hosts[0]);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = EOK;
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher
1467daed400d6c186bd0c99c057c42e764309ff3Stephen Gallagherdone:
1467daed400d6c186bd0c99c057c42e764309ff3Stephen Gallagher talloc_free(tmp_ctx);
15b266d9f14dad26da8678a79019749d0f69532eStephen Gallagher
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik return ret;
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik}
1467daed400d6c186bd0c99c057c42e764309ff3Stephen Gallagher
b97595ae059c69b1960a6e7e56d74660388a683bJan Zelenyerrno_t
6a6a821866091e0f722808566c25b951aa346d7cStephen Gallaghersysdb_get_ssh_known_hosts(TALLOC_CTX *mem_ctx,
48d7840cae22c5ff4d786149b0d8ecee7efb8306Lukas Slebodnik struct sss_domain_info *domain,
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov time_t now,
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov const char **attrs,
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov struct ldb_message ***hosts,
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov size_t *num_hosts)
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov{
60e51fd2764291df2332f36ff478777627d92b57Sumit Bose TALLOC_CTX *tmp_ctx;
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik errno_t ret;
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik const char *filter;
51d65c4ad15c2cc23f38fa09dd6efeb15e4f3e86Jakub Hrozek
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik tmp_ctx = talloc_new(NULL);
18372712592b30638772afb5b7e15bfca92c2058Lukas Slebodnik if (!tmp_ctx) {
51d65c4ad15c2cc23f38fa09dd6efeb15e4f3e86Jakub Hrozek return ENOMEM;
cbff3fcdce5b0377a62fbe74f32e476efbf7ca9cNikolai Kondrashov }
7bb9ba8688ec1ca930d693eea05e936bc38f6d1bSumit Bose
51d65c4ad15c2cc23f38fa09dd6efeb15e4f3e86Jakub Hrozek filter = talloc_asprintf(tmp_ctx,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher "(&(|(!(%s=*))(%s=0)(%s>=%lld))(%s>=%lld))",
84ae5edab16ad6be5e3be956cb6fa031c1428eb5Stephen Gallagher SYSDB_CACHE_EXPIRE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher SYSDB_CACHE_EXPIRE,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher SYSDB_CACHE_EXPIRE, (long long)now + 1,
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher SYSDB_SSH_KNOWN_HOSTS_EXPIRE, (long long)now + 1);
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher if (!filter) {
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher ret = ENOMEM;
17f08cbd0f909181536b93d6c12c7cd69995f09eSumit Bose goto done;
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov }
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov ret = sysdb_search_ssh_hosts(mem_ctx, domain, filter, attrs,
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov num_hosts, hosts);
3ce85a5f5264e7118beb6524e120fd8b53a13da4Nikolai Kondrashov
6398f22526303343193a18e514602f1af6fb29cbNikolai Kondrashovdone:
6398f22526303343193a18e514602f1af6fb29cbNikolai Kondrashov talloc_free(tmp_ctx);
a8d887323f83984679a7d9b827a70146656bb7b2Sumit Bose
a8d887323f83984679a7d9b827a70146656bb7b2Sumit Bose return ret;
6398f22526303343193a18e514602f1af6fb29cbNikolai Kondrashov}
551aa6c36797ed720487f5974dcadabf19e6ff9fStephen Gallagher