sysdb_sudo.c revision 5ff1c3c5a12930692cb6284d14f7fda3a974af8e
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek/*
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek Authors:
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek Jakub Hrozek <jhrozek@redhat.com>
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek Copyright (C) 2011 Red Hat
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek This program is free software; you can redistribute it and/or modify
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek it under the terms of the GNU General Public License as published by
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek the Free Software Foundation; either version 3 of the License, or
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek (at your option) any later version.
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek This program is distributed in the hope that it will be useful,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek but WITHOUT ANY WARRANTY; without even the implied warranty of
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek GNU General Public License for more details.
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek You should have received a copy of the GNU General Public License
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek along with this program. If not, see <http://www.gnu.org/licenses/>.
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek*/
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina#define _XOPEN_SOURCE
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#include <talloc.h>
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina#include <time.h>
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#include "db/sysdb.h"
1a542b3698d8c42cf075b722f8838f106eb09fccPavel Březina#include "db/sysdb_private.h"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#include "db/sysdb_sudo.h"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define NULL_CHECK(val, rval, label) do { \
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (!val) { \
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek rval = ENOMEM; \
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek goto label; \
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek } \
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek} while(0)
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek/* ==================== Utility functions ==================== */
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
80941dd89fd8bc7c4a1272c304f737ce0fd5fc54Sumit Bosestatic errno_t sysdb_sudo_convert_time(const char *str, time_t *unix_time)
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina{
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina struct tm tm;
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina char *tret = NULL;
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina /* SUDO requires times to be in generalized time format:
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina * YYYYMMDDHHMMSS[.|,fraction][(+|-HHMM)|Z]
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina *
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina * We need to use more format strings to parse this with strptime().
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina */
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina const char **format = NULL;
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina const char *formats[] = {"%Y%m%d%H%M%SZ", /* 201212121300Z */
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina "%Y%m%d%H%M%S%z", /* 201212121300+-0200 */
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina "%Y%m%d%H%M%S.0Z",
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina "%Y%m%d%H%M%S.0%z",
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina "%Y%m%d%H%M%S,0Z",
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina "%Y%m%d%H%M%S,0%z",
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina NULL};
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina for (format = formats; *format != NULL; format++) {
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina tret = strptime(str, *format, &tm);
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina if (tret != NULL && *tret == '\0') {
80941dd89fd8bc7c4a1272c304f737ce0fd5fc54Sumit Bose *unix_time = mktime(&tm);
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina return EOK;
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina }
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina }
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina return EINVAL;
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina}
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březinastatic errno_t sysdb_sudo_check_time(struct sysdb_attrs *rule,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina time_t now,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina bool *result)
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina{
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina TALLOC_CTX *tmp_ctx = NULL;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina const char **values = NULL;
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina const char *name = NULL;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek time_t notBefore = 0;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek time_t notAfter = 0;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina time_t converted;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina errno_t ret;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina int i;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek if (!result) return EINVAL;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek *result = false;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina tmp_ctx = talloc_new(NULL);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina NULL_CHECK(tmp_ctx, ret, done);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina ret = sysdb_attrs_get_string(rule, SYSDB_SUDO_CACHE_AT_CN, &name);
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina if (ret == ENOENT) {
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina name = "<missing>";
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina } else if(ret != EOK) {
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina goto done;
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina }
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina /*
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina * From man sudoers.ldap:
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina *
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina * If multiple sudoNotBefore entries are present, the *earliest* is used.
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina * If multiple sudoNotAfter entries are present, the *last one* is used.
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek *
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek * From sudo sources, ldap.c:
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek * If either the sudoNotAfter or sudoNotBefore attributes are missing,
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek * no time restriction shall be imposed.
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina */
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina /* check for sudoNotBefore */
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTBEFORE,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina tmp_ctx, &values);
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina if (ret == ENOENT) {
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek DEBUG(SSSDBG_TRACE_LIBS,
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina ("notBefore attribute is missing, the rule [%s] is valid\n",
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina name));
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek *result = true;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek ret = EOK;
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina goto done;
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina } else if (ret != EOK) {
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina goto done;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek for (i=0; values[i] ; i++) {
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina ret = sysdb_sudo_convert_time(values[i], &converted);
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina if (ret != EOK) {
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n",
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina name));
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina goto done;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek /* Grab the earliest */
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek if (!notBefore) {
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek notBefore = converted;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek } else if (notBefore > converted) {
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek notBefore = converted;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina /* check for sudoNotAfter */
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina ret = sysdb_attrs_get_string_array(rule, SYSDB_SUDO_CACHE_AT_NOTAFTER,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina tmp_ctx, &values);
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina if (ret == ENOENT) {
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek DEBUG(SSSDBG_TRACE_LIBS,
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina ("notAfter attribute is missing, the rule [%s] is valid\n",
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina name));
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek *result = true;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek ret = EOK;
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina goto done;
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina } else if (ret != EOK) {
ed44814e0e7ff9f0ef7ffc98fab7d9542a7822dfPavel Březina goto done;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek for (i=0; values[i] ; i++) {
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina ret = sysdb_sudo_convert_time(values[i], &converted);
5a2cce34cf8843613b0b9dfde054b3d471dd5f3aPavel Březina if (ret != EOK) {
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina DEBUG(SSSDBG_MINOR_FAILURE, ("Invalid time format in rule [%s]!\n",
db419c61035cb262010cc8d5a4047191c2b60f05Pavel Březina name));
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina goto done;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek /* Grab the latest */
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek if (!notAfter) {
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek notAfter = converted;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek } else if (notAfter < converted) {
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek notAfter = converted;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek if (now >= notBefore && now <= notAfter) {
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina *result = true;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozek ret = EOK;
4be402505ba20b43361753f0e6e1589c9b029e81Jakub Hrozekdone:
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina talloc_free(tmp_ctx);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina return ret;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina}
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březinaerrno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx,
5ff1c3c5a12930692cb6284d14f7fda3a974af8ePavel Březina uint32_t in_num_rules,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina struct sysdb_attrs **in_rules,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina time_t now,
5ff1c3c5a12930692cb6284d14f7fda3a974af8ePavel Březina uint32_t *_num_rules,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina struct sysdb_attrs ***_rules)
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek{
5ff1c3c5a12930692cb6284d14f7fda3a974af8ePavel Březina uint32_t num_rules = 0;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina struct sysdb_attrs **rules = NULL;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina TALLOC_CTX *tmp_ctx = NULL;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina bool allowed = false;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina errno_t ret;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina int i;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina tmp_ctx = talloc_new(NULL);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina NULL_CHECK(tmp_ctx, ret, done);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina if (now == 0) {
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina now = time(NULL);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina for (i = 0; i < in_num_rules; i++) {
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina ret = sysdb_sudo_check_time(in_rules[i], now, &allowed);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina if (ret == EOK && allowed) {
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina num_rules++;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina rules = talloc_realloc(tmp_ctx, rules, struct sysdb_attrs *,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina num_rules);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina NULL_CHECK(rules, ret, done);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina rules[num_rules - 1] = in_rules[i];
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina *_num_rules = num_rules;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina *_rules = talloc_steal(mem_ctx, rules);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina ret = EOK;
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březinadone:
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina talloc_free(tmp_ctx);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina return ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek}
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekerrno_t
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozeksysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek uid_t uid, char **groupnames, unsigned int flags,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek char **_filter)
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek{
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina TALLOC_CTX *tmp_ctx = NULL;
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina char *filter = NULL;
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina char *specific_filter = NULL;
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina time_t now;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek errno_t ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek int i;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek tmp_ctx = talloc_new(NULL);
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina NULL_CHECK(tmp_ctx, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina /* build specific filter */
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina specific_filter = talloc_zero(tmp_ctx, char); /* assign to tmp_ctx */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(specific_filter, ret, done);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina if (flags & SYSDB_SUDO_FILTER_INCLUDE_ALL) {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina specific_filter = talloc_asprintf_append(specific_filter, "(%s=ALL)",
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina SYSDB_SUDO_CACHE_AT_USER);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(specific_filter, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina if (flags & SYSDB_SUDO_FILTER_INCLUDE_DFL) {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina specific_filter = talloc_asprintf_append(specific_filter, "(%s=defaults)",
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina SYSDB_NAME);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(specific_filter, ret, done);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina if ((flags & SYSDB_SUDO_FILTER_USERNAME) && (username != NULL)) {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)",
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina SYSDB_SUDO_CACHE_AT_USER,
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina username);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(specific_filter, ret, done);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina }
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina if ((flags & SYSDB_SUDO_FILTER_UID) && (uid != 0)) {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina specific_filter = talloc_asprintf_append(specific_filter, "(%s=#%llu)",
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina SYSDB_SUDO_CACHE_AT_USER,
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina (unsigned long long) uid);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(specific_filter, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina if ((flags & SYSDB_SUDO_FILTER_GROUPS) && (groupnames != NULL)) {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina for (i=0; groupnames[i] != NULL; i++) {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina specific_filter = talloc_asprintf_append(specific_filter, "(%s=%%%s)",
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina SYSDB_SUDO_CACHE_AT_USER,
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina groupnames[i]);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(specific_filter, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (flags & SYSDB_SUDO_FILTER_NGRS) {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina specific_filter = talloc_asprintf_append(specific_filter, "(%s=+*)",
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina SYSDB_SUDO_CACHE_AT_USER);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(specific_filter, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina /* build global filter */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)",
fb4e4c4eb6a6dc732370584f70d23dd4a2c5c7b6Pavel Březina SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina NULL_CHECK(filter, ret, done);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina if (specific_filter[0] != '\0') {
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina filter = talloc_asprintf_append(filter, "(|%s)", specific_filter);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek NULL_CHECK(filter, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina if (flags & SYSDB_SUDO_FILTER_ONLY_EXPIRED) {
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina now = time(NULL);
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina filter = talloc_asprintf_append(filter, "(&(%s<=%lld))",
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina SYSDB_CACHE_EXPIRE, (long long)now);
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina NULL_CHECK(filter, ret, done);
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina }
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina filter = talloc_strdup_append(filter, ")");
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek NULL_CHECK(filter, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret = EOK;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek *_filter = talloc_steal(mem_ctx, filter);
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekdone:
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek talloc_free(tmp_ctx);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek return ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek}
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekerrno_t
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorcesysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce const char *username, uid_t *_uid,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek char ***groupnames)
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek{
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek TALLOC_CTX *tmp_ctx;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek errno_t ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek struct ldb_message *msg;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina struct ldb_message *group_msg = NULL;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek char **sysdb_groupnames = NULL;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina const char *primary_group = NULL;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek struct ldb_message_element *groups;
8bbf89c5ab798c112773fe23515c3a9df56dde71Nick Guay uid_t uid = 0;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina gid_t gid = 0;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina size_t num_groups = 0;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek int i;
9bdb93119ceaf9e2bbcec0c0a4747f1a04b48a12Pavel Březina const char *attrs[] = { SYSDB_MEMBEROF,
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina SYSDB_GIDNUM,
9bdb93119ceaf9e2bbcec0c0a4747f1a04b48a12Pavel Březina SYSDB_UIDNUM,
9bdb93119ceaf9e2bbcec0c0a4747f1a04b48a12Pavel Březina NULL };
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina const char *group_attrs[] = { SYSDB_NAME,
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina NULL };
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek tmp_ctx = talloc_new(NULL);
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina NULL_CHECK(tmp_ctx, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce ret = sysdb_search_user_by_name(tmp_ctx, sysdb, domain,
2ce00e0d3896bb42db169d1e79553a81ca837a22Simo Sorce username, attrs, &msg);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (ret != EOK) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up user %s\n", username));
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek goto done;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina if (_uid != NULL) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina uid = ldb_msg_find_attr_as_uint64(msg, SYSDB_UIDNUM, 0);
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina if (!uid) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("A user with no UID?\n"));
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina ret = EIO;
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina goto done;
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina /* resolve secondary groups */
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina if (groupnames != NULL) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina groups = ldb_msg_find_element(msg, SYSDB_MEMBEROF);
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina if (!groups || groups->num_values == 0) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina /* No groups for this user in sysdb currently */
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina sysdb_groupnames = NULL;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina num_groups = 0;
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina } else {
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina num_groups = groups->num_values;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina sysdb_groupnames = talloc_array(tmp_ctx, char *, num_groups + 1);
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina NULL_CHECK(sysdb_groupnames, ret, done);
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina /* Get a list of the groups by groupname only */
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina for (i = 0; i < groups->num_values; i++) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina ret = sysdb_group_dn_name(sysdb,
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina sysdb_groupnames,
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina (const char *)groups->values[i].data,
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina &sysdb_groupnames[i]);
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina if (ret != EOK) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina ret = ENOMEM;
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina goto done;
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina sysdb_groupnames[groups->num_values] = NULL;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina /* resolve primary group */
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina gid = ldb_msg_find_attr_as_uint64(msg, SYSDB_GIDNUM, 0);
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina if (gid != 0) {
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce ret = sysdb_search_group_by_gid(tmp_ctx, sysdb, domain, gid,
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina group_attrs, &group_msg);
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina if (ret == EOK) {
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina primary_group = ldb_msg_find_attr_as_string(group_msg, SYSDB_NAME,
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina NULL);
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina if (primary_group == NULL) {
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina ret = ENOMEM;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina goto done;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina }
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina num_groups++;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina sysdb_groupnames = talloc_realloc(tmp_ctx, sysdb_groupnames,
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina char *, num_groups + 1);
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina NULL_CHECK(sysdb_groupnames, ret, done);
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina sysdb_groupnames[num_groups - 1] = talloc_strdup(sysdb_groupnames,
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina primary_group);
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina NULL_CHECK(sysdb_groupnames[num_groups - 1], ret, done);
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina sysdb_groupnames[num_groups] = NULL;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina } else if (ret != ENOENT) {
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up group [%d]: %s\n",
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina ret, strerror(ret)));
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina goto done;
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina }
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina }
e7b5b99e5a5d276f32039c4fb8b21ba51bdb1537Pavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret = EOK;
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina if (_uid != NULL) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina *_uid = uid;
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina }
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina if (groupnames != NULL) {
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina *groupnames = talloc_steal(mem_ctx, sysdb_groupnames);
cda8ff6cfdef22356dc3c06ec5204344912f0f0bPavel Březina }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekdone:
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek talloc_free(tmp_ctx);
69e7d6649b58c66675ef38084868fc5356c5a240Jakub Hrozek return ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek}
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekerrno_t
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorcesysdb_save_sudorule(struct sysdb_ctx *sysdb,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce const char *rule_name,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sysdb_attrs *attrs)
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek{
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek errno_t ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("Adding sudo rule %s\n", rule_name));
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret = sysdb_attrs_add_string(attrs, SYSDB_OBJECTCLASS,
fb4e4c4eb6a6dc732370584f70d23dd4a2c5c7b6Pavel Březina SYSDB_SUDO_CACHE_OC);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (ret != EOK) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Could not set rule object class [%d]: %s\n",
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret, strerror(ret)));
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek return ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret = sysdb_attrs_add_string(attrs, SYSDB_NAME, rule_name);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (ret != EOK) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Could not set name attribute [%d]: %s\n",
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret, strerror(ret)));
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek return ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce ret = sysdb_store_custom(sysdb, domain, rule_name, SUDORULE_SUBDIR, attrs);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (ret != EOK) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_custom failed [%d]: %s\n",
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret, strerror(ret)));
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek return ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek return EOK;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek}
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březinastatic errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sss_domain_info *domain,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina const char *attr_name,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina time_t value)
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina{
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina TALLOC_CTX *tmp_ctx;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina struct ldb_dn *dn;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina struct ldb_message *msg = NULL;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina struct ldb_result *res = NULL;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina errno_t ret;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina int lret;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina tmp_ctx = talloc_new(NULL);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (!tmp_ctx) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = ENOMEM;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce SUDORULE_SUBDIR, domain->name);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (!dn) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = ENOMEM;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina NULL, NULL);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (lret != LDB_SUCCESS) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = sysdb_error_to_errno(lret);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina msg = ldb_msg_new(tmp_ctx);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (msg == NULL) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = ENOMEM;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina msg->dn = dn;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (res->count == 0) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina lret = ldb_msg_add_string(msg, "cn", SUDORULE_SUBDIR);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (lret != LDB_SUCCESS) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = sysdb_error_to_errno(lret);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina } else if (res->count != 1) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ("Got more than one reply for base search!\n"));
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = EIO;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina } else {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina lret = ldb_msg_add_empty(msg, attr_name, LDB_FLAG_MOD_REPLACE, NULL);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (lret != LDB_SUCCESS) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = sysdb_error_to_errno(lret);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina lret = ldb_msg_add_fmt(msg, attr_name, "%lld", (long long)value);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (lret != LDB_SUCCESS) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = sysdb_error_to_errno(lret);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (res->count) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina lret = ldb_modify(sysdb->ldb, msg);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina } else {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina lret = ldb_add(sysdb->ldb, msg);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = sysdb_error_to_errno(lret);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březinadone:
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina talloc_free(tmp_ctx);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina return ret;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina}
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březinastatic errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sss_domain_info *domain,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina const char *attr_name,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina time_t *value)
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina{
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina TALLOC_CTX *tmp_ctx;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina struct ldb_dn *dn;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina struct ldb_result *res;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina errno_t ret;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina int lret;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina const char *attrs[2] = {attr_name, NULL};
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina tmp_ctx = talloc_new(NULL);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (tmp_ctx == NULL) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina return ENOMEM;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce SUDORULE_SUBDIR, domain->name);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (!dn) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = ENOMEM;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina attrs, NULL);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (lret != LDB_SUCCESS) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = sysdb_error_to_errno(lret);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina if (res->count == 0) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina /* This entry has not been populated in LDB
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina * This is a common case, as unlike LDAP,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina * LDB does not need to have all of its parent
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina * objects actually exist.
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina */
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina *value = 0;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = EOK;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina } else if (res->count != 1) {
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE,
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ("Got more than one reply for base search!\n"));
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = EIO;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina goto done;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina }
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina *value = ldb_msg_find_attr_as_int(res->msgs[0], attr_name, 0);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina ret = EOK;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březinadone:
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina talloc_free(tmp_ctx);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina return ret;
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina}
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorceerrno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce time_t value)
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina{
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce return sysdb_sudo_set_refresh_time(sysdb, domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce SYSDB_SUDO_AT_LAST_FULL_REFRESH, value);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina}
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorceerrno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce time_t *value)
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina{
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce return sysdb_sudo_get_refresh_time(sysdb, domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce SYSDB_SUDO_AT_LAST_FULL_REFRESH, value);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina}
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina/* ==================== Purge functions ==================== */
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
9675bccabff4e79d224f64611ad9ff3e073b488eSimo Sorcestatic errno_t sysdb_sudo_purge_all(struct sysdb_ctx *sysdb,
9675bccabff4e79d224f64611ad9ff3e073b488eSimo Sorce struct sss_domain_info *domain)
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina{
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina struct ldb_dn *base_dn = NULL;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina TALLOC_CTX *tmp_ctx = NULL;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina errno_t ret;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina tmp_ctx = talloc_new(NULL);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina NULL_CHECK(tmp_ctx, ret, done);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
9675bccabff4e79d224f64611ad9ff3e073b488eSimo Sorce base_dn = sysdb_custom_subtree_dn(sysdb, tmp_ctx, domain, SUDORULE_SUBDIR);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina NULL_CHECK(base_dn, ret, done);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina ret = sysdb_delete_recursive(sysdb, base_dn, true);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina if (ret != EOK) {
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_recursive failed.\n"));
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina goto done;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina }
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina ret = EOK;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březinadone:
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina talloc_free(tmp_ctx);
2d34690ae92215d355b0272001d9e68214dc80f6Jakub Hrozek return ret;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina}
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březinaerrno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce struct sss_domain_info *domain,
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina const char *name)
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina{
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina DEBUG(SSSDBG_TRACE_INTERNAL, ("Deleting sudo rule %s\n", name));
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce return sysdb_delete_custom(sysdb, domain, name, SUDORULE_SUBDIR);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina}
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březinaerrno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
9675bccabff4e79d224f64611ad9ff3e073b488eSimo Sorce struct sss_domain_info *domain,
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina const char *filter)
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek{
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek TALLOC_CTX *tmp_ctx;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek size_t count;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek struct ldb_message **msgs;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek const char *name;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek int i;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek errno_t ret;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina errno_t sret;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina bool in_transaction = false;
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina const char *attrs[] = { SYSDB_OBJECTCLASS,
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina SYSDB_NAME,
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina SYSDB_SUDO_CACHE_AT_CN,
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina NULL };
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek /* just purge all if there's no filter */
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (!filter) {
9675bccabff4e79d224f64611ad9ff3e073b488eSimo Sorce return sysdb_sudo_purge_all(sysdb, domain);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek tmp_ctx = talloc_new(NULL);
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina NULL_CHECK(tmp_ctx, ret, done);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek /* match entries based on the filter and remove them one by one */
770896b194b7b66b09c2a30545b4d091fd86b1f4Simo Sorce ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek SUDORULE_SUBDIR, attrs,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek &count, &msgs);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina if (ret == ENOENT) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_TRACE_FUNC, ("No rules matched\n"));
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek ret = EOK;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek goto done;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina } else if (ret != EOK) {
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up SUDO rules"));
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina goto done;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina ret = sysdb_transaction_start(sysdb);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina if (ret != EOK) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina goto done;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina }
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina in_transaction = true;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek for (i = 0; i < count; i++) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (name == NULL) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("A rule without a name?\n"));
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina /* skip this one but still delete other entries */
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina continue;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce ret = sysdb_sudo_purge_byname(sysdb, domain, name);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek if (ret != EOK) {
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek DEBUG(SSSDBG_OP_FAILURE, ("Could not delete rule %s\n", name));
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek goto done;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek }
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina ret = sysdb_transaction_commit(sysdb);
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek if (ret != EOK) {
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek goto done;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina }
3a59cbd0b7b9c5dd3c62ac1679876070c264d80fMichal Zidek in_transaction = false;
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekdone:
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina if (in_transaction) {
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina sret = sysdb_transaction_cancel(sysdb);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina if (sret != EOK) {
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n"));
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina }
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina }
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek talloc_free(tmp_ctx);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek return ret;
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek}