0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina Pavel Březina <pbrezina@redhat.com>
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina Copyright (C) 2015 Red Hat
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik This program is free software; you can redistribute it and/or modify
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik it under the terms of the GNU General Public License as published by
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik the Free Software Foundation; either version 3 of the License, or
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik (at your option) any later version.
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik This program is distributed in the hope that it will be useful,
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik but WITHOUT ANY WARRANTY; without even the implied warranty of
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik GNU General Public License for more details.
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik You should have received a copy of the GNU General Public License
b24e4bec819b29f1ec8e77083d4e7610c5dd9c77Lukas Slebodnik along with this program. If not, see <http://www.gnu.org/licenses/>.
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_sudo_handler_done(struct tevent_req *subreq);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic struct tevent_req *
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_create(mem_ctx, &state, struct ipa_sudo_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Issuing a full refresh of sudo rules\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_sudo_full_refresh_send(state, params->ev, sudo_ctx);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Issuing a refresh of specific sudo rules\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina subreq = ipa_sudo_rules_refresh_send(state, params->ev, sudo_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Invalid request type: %d\n", data->type);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to send request: %d\n", data->type);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina tevent_req_set_callback(subreq, ipa_sudo_handler_done, req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&state->reply, DP_ERR_DECIDE, ret, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* TODO For backward compatibility we always return EOK to DP now. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březinastatic void ipa_sudo_handler_done(struct tevent_req *subreq)
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina req = tevent_req_callback_data(subreq, struct tevent_req);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_sudo_handler_state);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_sudo_full_refresh_recv(subreq, &dp_error);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_sudo_rules_refresh_recv(subreq, &dp_error, &deleted);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Invalid request type: %d\n", state->type);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina /* TODO For backward compatibility we always return EOK to DP now. */
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina dp_reply_std_set(&state->reply, dp_error, ret, NULL);
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina state = tevent_req_data(req, struct ipa_sudo_handler_state);
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březinaipa_sudo_choose_schema(struct dp_option *ipa_opts,
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new() failed\n");
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina ret = domain_to_basedn(tmp_ctx, dp_opt_get_string(ipa_opts,
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to obtain basedn\n");
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina ipa_search_base = talloc_asprintf(tmp_ctx, "cn=sudo,%s", basedn);
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina search_base = dp_opt_get_string(sdap_opts, SDAP_SUDO_SEARCH_BASE);
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina ret = dp_opt_set_string(sdap_opts, SDAP_SUDO_SEARCH_BASE,
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Option %s set to %s\n",
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina sdap_opts[SDAP_SUDO_SEARCH_BASE].opt_name, ipa_search_base);
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina /* Use IPA schema only if search base is cn=sudo,$dc. */
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina if (strcmp(ipa_search_base, search_base) == 0) {
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina sudo_ctx = talloc_zero(be_ctx, struct ipa_sudo_ctx);
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina sudo_ctx->sdap_opts = id_ctx->sdap_id_ctx->opts;
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina ret = sdap_get_map(sudo_ctx, be_ctx->cdb, be_ctx->conf_path,
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map "
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina ret = sdap_get_map(sudo_ctx, be_ctx->cdb, be_ctx->conf_path,
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map "
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina ret = sdap_get_map(sudo_ctx, be_ctx->cdb, be_ctx->conf_path,
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map "
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson ret = confdb_get_int(be_ctx->cdb, CONFDB_SUDO_CONF_ENTRY,
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson CONFDB_SUDO_THRESHOLD, CONFDB_DEFAULT_SUDO_THRESHOLD,
bc854800cc67271205d63136daaf68d7863cea6bJustin Stephenson DEBUG(SSSDBG_OP_FAILURE, "Could not parse sudo search base\n");
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina ret = sdap_parse_search_base(sudo_ctx, sudo_ctx->sdap_opts->basic,
4ddd5591c50e27dffa55f03fbce0dcc85cd50a8bPavel Březina DEBUG(SSSDBG_OP_FAILURE, "Could not parse sudo search base\n");
a641a13889d617aca6bd998025e9087e822ff7f0Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to setup periodic tasks "
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ipa_sudo_handler_send, ipa_sudo_handler_recv, sudo_ctx,
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina struct ipa_sudo_ctx, struct dp_sudo_data, struct dp_reply_std);
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_TRACE_INTERNAL, "Initializing IPA sudo back end\n");
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina ret = ipa_sudo_choose_schema(id_ctx->ipa_options->basic,
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to choose sudo schema [%d]: %s\n",
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Using IPA schema for sudo\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = ipa_sudo_init_ipa_schema(mem_ctx, be_ctx, id_ctx, dp_methods);
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_TRACE_FUNC, "Using LDAP schema for sudo\n");
dea636af4d1902a081ee891f1b19ee2f8729d759Pavel Březina ret = sdap_sudo_init(mem_ctx, be_ctx, id_ctx->sdap_id_ctx, dp_methods);
0f04241fc90f134af0272eb0999e75fb6749b595Pavel Březina DEBUG(SSSDBG_CRIT_FAILURE, "Unable to initialize sudo provider"