382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov Copyright (C) 2017 Red Hat
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov This program is free software; you can redistribute it and/or modify
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov it under the terms of the GNU General Public License as published by
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov the Free Software Foundation; either version 3 of the License, or
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov (at your option) any later version.
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov This program is distributed in the hope that it will be useful,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov but WITHOUT ANY WARRANTY; without even the implied warranty of
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov GNU General Public License for more details.
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov You should have received a copy of the GNU General Public License
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov along with this program. If not, see <http://www.gnu.org/licenses/>.
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov#include "responder/common/cache_req/cache_req_private.h"
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Input data */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Work data */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstatic errno_t cache_req_sr_overlay_match_users(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov struct cache_req_sr_overlay_state *state);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstatic errno_t cache_req_sr_overlay_match_users(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov struct cache_req_sr_overlay_state *state);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstatic struct tevent_req *cache_req_sr_overlay_match_all_step_send(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov struct cache_req_sr_overlay_state *state);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstatic void cache_req_sr_overlay_match_all_step_done(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstruct tevent_req *cache_req_sr_overlay_send(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov struct cache_req_sr_overlay_state *state;
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* If session recording is selective */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov if (rctx->sr_conf.scope == SESSION_RECORDING_SCOPE_SOME) {
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* If it's a request for a user/users */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* If we have group names to match against */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Pull and match group and user names for each user entry */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov subreq = cache_req_sr_overlay_match_all_step_send(state);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, state->cr,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed allocating a session recording "
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "user overlay request\n");
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov subreq, cache_req_sr_overlay_match_all_step_done, req);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Only match user names for each user entry */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov ret = cache_req_sr_overlay_match_users(state);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstatic errno_t cache_req_sr_overlay_match_users(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov struct cache_req_sr_overlay_state *state)
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Create per-message talloc context */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed creating temporary talloc context\n");
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* For each result */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* For each message */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Format output username */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov name = sss_get_name_from_msg(result->domain, msg);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov ret = sss_output_fqname(tmp_ctx, result->domain, name,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed formatting output username from %s: %s\n",
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* For each user name in session recording config */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov for (; *conf_user != NULL; conf_user++) {
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* If it matches the requested user name */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov if (strcmp(*conf_user, output_name) == 0) {
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Set sessionRecording attribute to enabled value */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov ldb_msg_remove_attr(msg, SYSDB_SESSION_RECORDING);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov enabled_str = talloc_strdup(tmp_ctx, enabled ? "TRUE" : "FALSE");
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed to allocate a %s attribute value\n",
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov lret = ldb_msg_add_string(msg, SYSDB_SESSION_RECORDING, enabled_str);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed adding %s attribute: %s\n",
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov SYSDB_SESSION_RECORDING, sss_strerror(ret));
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Free per-message allocations */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstatic struct tevent_req *cache_req_sr_overlay_match_all_step_send(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov struct cache_req_sr_overlay_state *state)
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov name = ldb_msg_find_attr_as_string(result->msgs[state->msg_idx],
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov return cache_req_initgr_by_name_send(state, state->ev, cr->rctx, cr->ncache,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashovstatic void cache_req_sr_overlay_match_all_step_done(
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov struct cache_req_sr_overlay_state *state;
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov req = tevent_req_callback_data(subreq, struct tevent_req);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov state = tevent_req_data(req, struct cache_req_sr_overlay_state);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Create temporary allocation context */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, state->cr,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed creating temporary talloc context\n");
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Get initgroups result */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov ret = cache_req_initgr_by_name_recv(tmp_ctx, subreq, &result);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, state->cr,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed retrieving initgr request results: %s\n",
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Overwrite sessionRecording attribute */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov ldb_msg_remove_attr(msg, SYSDB_SESSION_RECORDING);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov enabled = ldb_msg_find_attr_as_string(result->msgs[0],
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov enabled_copy = talloc_strdup(tmp_ctx, enabled);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, state->cr,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed to allocate a copy of %s attribute\n",
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov lret = ldb_msg_add_string(msg, SYSDB_SESSION_RECORDING, enabled_copy);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, state->cr,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed adding %s attribute: %s\n",
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov SYSDB_SESSION_RECORDING, sss_strerror(ret));
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Move onto next entry, if any */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov if (state->res_idx >= state->num_results) {
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov /* Schedule next entry overlay */
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov subreq = cache_req_sr_overlay_match_all_step_send(state);
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov CACHE_REQ_DEBUG(SSSDBG_CRIT_FAILURE, state->cr,
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "Failed allocating a session recording "
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov "user overlay request\n");
382a972a80ac571cdbf70d88571f6de49fe1cd23Nikolai Kondrashov cache_req_sr_overlay_match_all_step_done, req);