providers/ipa/ipa_rules_common.c

	ipa_rules_common.c revision d2a0b4a6a220bf9a58c7306c3f673891efc419eb
5a580c3a38ced62d4bcc95b8ac7c4f2935b5d294Timo Sirainen/*
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    SSSD
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
c3a636e4c9ae776e0eed06b6d7ad1ccfb6003afdTimo Sirainen    Authors:
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        Stephen Gallagher <sgallagh@redhat.com>
fa2a11210f20fb8998ed656f75e163191c8047e6Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    Copyright (C) 2011 Red Hat
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
abf015c9682f0f723db87a7c97bc284ef814818fTimo Sirainen    This program is free software; you can redistribute it and/or modify
70afae43cc78ea6ecca83f6c587072c442a15ec1Timo Sirainen    it under the terms of the GNU General Public License as published by
fa2a11210f20fb8998ed656f75e163191c8047e6Timo Sirainen    the Free Software Foundation; either version 3 of the License, or
fa2a11210f20fb8998ed656f75e163191c8047e6Timo Sirainen    (at your option) any later version.
fa2a11210f20fb8998ed656f75e163191c8047e6Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    This program is distributed in the hope that it will be useful,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    but WITHOUT ANY WARRANTY; without even the implied warranty of
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    GNU General Public License for more details.
5d03d9f439e41c90215a3c938ffebe4c2a8ae257Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    You should have received a copy of the GNU General Public License
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    along with this program.  If not, see <http://www.gnu.org/licenses/>.
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen*/
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen#include "providers/ipa/ipa_rules_common.h"
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenstatic errno_t
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenipa_common_save_list(struct sss_domain_info *domain,
542e28b384a6b26695f3e8de38fd5727d06f3333Timo Sirainen                     bool delete_subdir,
542e28b384a6b26695f3e8de38fd5727d06f3333Timo Sirainen                     const char *subdir,
542e28b384a6b26695f3e8de38fd5727d06f3333Timo Sirainen                     const char *naming_attribute,
542e28b384a6b26695f3e8de38fd5727d06f3333Timo Sirainen                     size_t count,
542e28b384a6b26695f3e8de38fd5727d06f3333Timo Sirainen                     struct sysdb_attrs **list)
542e28b384a6b26695f3e8de38fd5727d06f3333Timo Sirainen{
542e28b384a6b26695f3e8de38fd5727d06f3333Timo Sirainen    int ret;
c3a636e4c9ae776e0eed06b6d7ad1ccfb6003afdTimo Sirainen    size_t c;
c3a636e4c9ae776e0eed06b6d7ad1ccfb6003afdTimo Sirainen    struct ldb_dn *base_dn;
c3a636e4c9ae776e0eed06b6d7ad1ccfb6003afdTimo Sirainen    const char *object_name;
c3a636e4c9ae776e0eed06b6d7ad1ccfb6003afdTimo Sirainen    struct ldb_message_element *el;
3b22894b8805b186c73d8b754001e8d7e944be85Timo Sirainen    TALLOC_CTX *tmp_ctx;
3b22894b8805b186c73d8b754001e8d7e944be85Timo Sirainen
3b22894b8805b186c73d8b754001e8d7e944be85Timo Sirainen    tmp_ctx = talloc_new(NULL);
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen    if (tmp_ctx == NULL) {
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen        DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen        return ENOMEM;
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen    }
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen    if (delete_subdir) {
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen        base_dn = sysdb_custom_subtree_dn(tmp_ctx, domain, subdir);
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen        if (base_dn == NULL) {
13b063ba3ea51256fd97d7fa883f14cb08842b0dTimo Sirainen            ret = ENOMEM;
4da8c6cdefabd31262318c32da3c13de1d9ea953Timo Sirainen            goto done;
5d03d9f439e41c90215a3c938ffebe4c2a8ae257Timo Sirainen        }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
1388b590dbd85245b591346f860bc1319953318aTimo Sirainen        ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
1388b590dbd85245b591346f860bc1319953318aTimo Sirainen        if (ret != EOK) {
49621bf0ef1d55aaaa2dc7d76011cbfeabdcfbe1Timo Sirainen            DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
fa2433aebcf3fccfa30ca9eed9b1a9166cf92ee2Timo Sirainen            goto done;
4da8c6cdefabd31262318c32da3c13de1d9ea953Timo Sirainen        }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
5d03d9f439e41c90215a3c938ffebe4c2a8ae257Timo Sirainen    for (c = 0; c < count; c++) {
5d03d9f439e41c90215a3c938ffebe4c2a8ae257Timo Sirainen        ret = sysdb_attrs_get_el(list[c], naming_attribute, &el);
5d03d9f439e41c90215a3c938ffebe4c2a8ae257Timo Sirainen        if (ret != EOK) {
3482fee0e3733456512ba110780824e6daa7ff9fTimo Sirainen            DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
3482fee0e3733456512ba110780824e6daa7ff9fTimo Sirainen            goto done;
3482fee0e3733456512ba110780824e6daa7ff9fTimo Sirainen        }
4da8c6cdefabd31262318c32da3c13de1d9ea953Timo Sirainen        if (el->num_values == 0) {
12797080b552a3c1727b73b61cc7427bec0c7472Timo Sirainen            DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute);
49fd8c950e3da2ed32506e617a4b1480a07f874fTimo Sirainen            ret = EINVAL;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen            goto done;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        }
4da8c6cdefabd31262318c32da3c13de1d9ea953Timo Sirainen        object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data,
367e28a16854ee9f7247b2518f36f5e9163fcc10Timo Sirainen                                     el->values[0].length);
1388b590dbd85245b591346f860bc1319953318aTimo Sirainen        if (object_name == NULL) {
d1fff80640050631b06bfab904a34b2ad24601e8Timo Sirainen            DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
b9b841558c5f91db7f5fc71c0ac62aad1bbf6418Timo Sirainen            ret = ENOMEM;
d1fff80640050631b06bfab904a34b2ad24601e8Timo Sirainen            goto done;
1388b590dbd85245b591346f860bc1319953318aTimo Sirainen        }
ab90f702ceedb7ba445a9a592be0b213b27cbafaStephan Bosch        DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name);
1388b590dbd85245b591346f860bc1319953318aTimo Sirainen
f3e17726502b6cf1912f30aae7e283b5d31ea69cTimo Sirainen        ret = sysdb_store_custom(domain, object_name, subdir, list[c]);
367e28a16854ee9f7247b2518f36f5e9163fcc10Timo Sirainen        if (ret != EOK) {
2fb9ae42f9e36388ec6db24188b9108434043fd0Timo Sirainen            DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n");
367e28a16854ee9f7247b2518f36f5e9163fcc10Timo Sirainen            goto done;
e438c85a6b0f77889e25913bbbba808d6078282dStephan Bosch        }
e438c85a6b0f77889e25913bbbba808d6078282dStephan Bosch    }
367e28a16854ee9f7247b2518f36f5e9163fcc10Timo Sirainen
367e28a16854ee9f7247b2518f36f5e9163fcc10Timo Sirainen    ret = EOK;
38f227941bcf673e0e523c1ac7267bca9cbcd2c4Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainendone:
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    talloc_free(tmp_ctx);
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    return ret;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen}
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainenerrno_t
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainenipa_common_entries_and_groups_sysdb_save(struct sss_domain_info *domain,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                         const char *primary_subdir,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                         const char *attr_name,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                         size_t primary_count,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                         struct sysdb_attrs **primary,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                         const char *group_subdir,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                         const char *groupattr_name,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                         size_t group_count,
2eb2cf8eeb763bd5ca9b6848dce32f0303e88ec1Timo Sirainen                                         struct sysdb_attrs **groups)
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen{
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    errno_t ret, sret;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    bool in_transaction = false;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    if ((primary_count == 0 || primary == NULL)
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        || (group_count > 0 && groups == NULL)) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        /* There always has to be at least one
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen         * primary entry.
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen         */
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        return EINVAL;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    }
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    /* Save the entries and groups to the cache */
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    ret = sysdb_transaction_start(domain->sysdb);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    if (ret != EOK) {
367e28a16854ee9f7247b2518f36f5e9163fcc10Timo Sirainen        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        goto done;
367e28a16854ee9f7247b2518f36f5e9163fcc10Timo Sirainen    };
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    in_transaction = true;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    /* First, save the specific entries */
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    ret = ipa_common_save_list(domain, true, primary_subdir,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                               attr_name, primary_count, primary);
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    if (ret != EOK) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                  primary_subdir, ret, strerror(ret));
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        goto done;
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen    }
7af5f78e9fee296e42430d94ef252ff0333d8024Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    /* Second, save the groups */
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    if (group_count > 0) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        ret = ipa_common_save_list(domain, true, group_subdir,
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen                                   groupattr_name, group_count, groups);
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        if (ret != EOK) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen            DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen                      group_subdir, ret, strerror(ret));
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen            goto done;
7af5f78e9fee296e42430d94ef252ff0333d8024Timo Sirainen        }
7af5f78e9fee296e42430d94ef252ff0333d8024Timo Sirainen    }
7af5f78e9fee296e42430d94ef252ff0333d8024Timo Sirainen
7af5f78e9fee296e42430d94ef252ff0333d8024Timo Sirainen    ret = sysdb_transaction_commit(domain->sysdb);
7af5f78e9fee296e42430d94ef252ff0333d8024Timo Sirainen    if (ret != EOK) {
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen        DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        goto done;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    }
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    in_transaction = false;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainendone:
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    if (in_transaction) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        sret = sysdb_transaction_cancel(domain->sysdb);
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        if (sret != EOK) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen            DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n");
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        }
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    }
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    if (ret != EOK) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret));
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    }
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    return ret;
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen}
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainenerrno_t
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainenipa_common_get_cached_rules(TALLOC_CTX *mem_ctx,
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen                            struct sss_domain_info *domain,
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen                            const char *rule,
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen                            const char *subtree_name,
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen                            const char **attrs,
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen                            size_t *_rule_count,
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen                            struct sysdb_attrs ***_rules)
1f5597beba229acd914e30a6da3c0e62d83b6e8fTimo Sirainen{
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen    errno_t ret;
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen    struct ldb_message **msgs;
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen    struct sysdb_attrs **rules;
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen    size_t rule_count;
47569a4b2b4d3cc55e786177798c922c3c44233dTimo Sirainen    TALLOC_CTX *tmp_ctx;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    char *filter;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen
417642ddac19708bea6dd2c2bbeaf6a9578d521bTimo Sirainen    tmp_ctx = talloc_new(mem_ctx);
417642ddac19708bea6dd2c2bbeaf6a9578d521bTimo Sirainen    if (tmp_ctx == NULL) {
417642ddac19708bea6dd2c2bbeaf6a9578d521bTimo Sirainen        return ENOMEM;
417642ddac19708bea6dd2c2bbeaf6a9578d521bTimo Sirainen    }
417642ddac19708bea6dd2c2bbeaf6a9578d521bTimo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    filter = talloc_asprintf(tmp_ctx, "(objectClass=%s)", rule);
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    if (filter == NULL) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        ret = ENOMEM;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        goto done;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    }
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    ret = sysdb_search_custom(tmp_ctx, domain, filter,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen                              subtree_name, attrs,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen                              &rule_count, &msgs);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    if (ret != EOK && ret != ENOENT) {
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        DEBUG(SSSDBG_CRIT_FAILURE, "Error looking up HBAC rules\n");
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        goto done;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    if (ret == ENOENT) {
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen       rule_count = 0;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    ret = sysdb_msg2attrs(tmp_ctx, rule_count, msgs, &rules);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    if (ret != EOK) {
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        DEBUG(SSSDBG_CRIT_FAILURE,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen              "Could not convert ldb message to sysdb_attrs\n");
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        goto done;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    if (_rules) {
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen        *_rules = talloc_steal(mem_ctx, rules);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    if (_rule_count) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        *_rule_count = rule_count;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    }
4da8c6cdefabd31262318c32da3c13de1d9ea953Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    ret = EOK;
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainendone:
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    talloc_free(tmp_ctx);
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    return ret;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen}
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenerrno_t
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainenipa_common_purge_rules(struct sss_domain_info *domain,
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen                       const char *subtree_name)
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen{
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    TALLOC_CTX *tmp_ctx;
f3e17726502b6cf1912f30aae7e283b5d31ea69cTimo Sirainen    struct ldb_dn *base_dn;
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen    errno_t ret;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
f3e17726502b6cf1912f30aae7e283b5d31ea69cTimo Sirainen    tmp_ctx = talloc_new(NULL);
f3e17726502b6cf1912f30aae7e283b5d31ea69cTimo Sirainen    if (tmp_ctx == NULL) {
c07d7eb3ca9754367697c98f5e66a3982a45d142Timo Sirainen        return ENOMEM;
f3e17726502b6cf1912f30aae7e283b5d31ea69cTimo Sirainen    }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    base_dn = sysdb_custom_subtree_dn(tmp_ctx, domain, subtree_name);
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    if (base_dn == NULL) {
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen        ret = ENOMEM;
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen        goto done;
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    }
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    if (ret != EOK) {
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen        DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen        goto done;
e30b9e07f9657c35ca09ac36d57d60cbe2ebbc66Timo Sirainen    }
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    ret = EOK;
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainendone:
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen    talloc_free(tmp_ctx);
002179a890bf4f1942cad6463787719eaa9fd6c0Timo Sirainen    return ret;
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen}
8d3278a82b964217d95c340ec6f82037cdc59d19Timo Sirainen