sdap_async_sudo.c revision 6ea68b049dd507409d454100978ee125febc69ea
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny/*
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny SSSD
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny Async LDAP Helper routines for sudo
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny Authors:
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny Pavel Březina <pbrezina@redhat.com>
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny Copyright (C) 2012 Red Hat
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny This program is free software; you can redistribute it and/or modify
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny it under the terms of the GNU General Public License as published by
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny the Free Software Foundation; either version 3 of the License, or
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny (at your option) any later version.
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny This program is distributed in the hope that it will be useful,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny but WITHOUT ANY WARRANTY; without even the implied warranty of
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny GNU General Public License for more details.
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny You should have received a copy of the GNU General Public License
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny along with this program. If not, see <http://www.gnu.org/licenses/>.
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny*/
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include <errno.h>
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include <talloc.h>
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny#include <tevent.h>
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include "providers/dp_backend.h"
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include "providers/ldap/ldap_common.h"
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include "providers/ldap/sdap.h"
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include "providers/ldap/sdap_async.h"
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include "providers/ldap/sdap_sudo.h"
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny#include "providers/ldap/sdap_sudo_cache.h"
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny#include "db/sysdb_sudo.h"
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystruct sdap_sudo_refresh_state {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct be_ctx *be_ctx;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_options *opts;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_id_op *sdap_op;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_id_conn_cache *sdap_conn_cache;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_ctx *sysdb;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sss_domain_info *domain;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny const char *ldap_filter; /* search */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny const char *sysdb_filter; /* delete */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int dp_error;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int error;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny char *highest_usn;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny};
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystruct sdap_sudo_load_sudoers_state {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_context *ev;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_options *opts;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_handle *sh;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_attrs **ldap_rules; /* search result will be stored here */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny size_t ldap_rules_count; /* search result will be stored here */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny const char **attrs;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny const char *filter;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny size_t base_iter;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_search_base **search_bases;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int timeout;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny};
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic int sdap_sudo_refresh_retry(struct tevent_req *req);
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zelenystatic void sdap_sudo_refresh_connect_done(struct tevent_req *subreq);
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zelenystatic struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny struct tevent_context *ev,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny struct sdap_options *opts,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_handle *sh,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny const char *ldap_filter);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic errno_t sdap_sudo_load_sudoers_next_base(struct tevent_req *req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic void sdap_sudo_load_sudoers_process(struct tevent_req *subreq);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zelenystatic int sdap_sudo_load_sudoers_recv(struct tevent_req *req,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny TALLOC_CTX *mem_ctx,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny size_t *rules_count,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_attrs ***rules);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic void sdap_sudo_load_sudoers_done(struct tevent_req *subreq);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny const char *filter,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_attr_map *map,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny size_t rules_count,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_attrs **rules);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_ctx *sysdb_ctx,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_options *opts,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny size_t rules_count,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_attrs **rules,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int cache_timeout,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny time_t now,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny char **_usn);
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zelenystruct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny struct be_ctx *be_ctx,
ca4b7b92738f3dd463914e3de5757cd98d37a983Stephen Gallagher struct sdap_options *opts,
ca4b7b92738f3dd463914e3de5757cd98d37a983Stephen Gallagher struct sdap_id_conn_cache *conn_cache,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny const char *ldap_filter,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny const char *sysdb_filter)
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny{
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_req *req = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_refresh_state *state = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int ret;
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_refresh_state);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (!req) {
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny return NULL;
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny }
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* if we don't have a search filter, this request is meaningless */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (ldap_filter == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = EINVAL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny goto immediately;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->be_ctx = be_ctx;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->opts = opts;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->sdap_op = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->sdap_conn_cache = conn_cache;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->sysdb = be_ctx->sysdb;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->domain = be_ctx->domain;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_filter = talloc_strdup(state, ldap_filter);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->sysdb_filter = talloc_strdup(state, sysdb_filter);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->dp_error = DP_ERR_OK;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->error = EOK;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->highest_usn = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (state->ldap_filter == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = ENOMEM;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny goto immediately;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (sysdb_filter != NULL && state->sysdb_filter == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = ENOMEM;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny goto immediately;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = sdap_sudo_refresh_retry(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (ret == EAGAIN) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* asynchronous processing */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return req;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenyimmediately:
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (ret == EOK) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_done(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny } else {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_error(req, ret);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_post(req, be_ctx->ev);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return req;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenyint sdap_sudo_refresh_recv(TALLOC_CTX *mem_ctx,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_req *req,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int *dp_error,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int *error,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny char **usn)
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny{
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_refresh_state *state = NULL;
2f3ee3f49019f5b60adbe073070f31e6e2d7c7abStephen Gallagher
2f3ee3f49019f5b60adbe073070f31e6e2d7c7abStephen Gallagher state = tevent_req_data(req, struct sdap_sudo_refresh_state);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny TEVENT_REQ_RETURN_ON_ERROR(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny *dp_error = state->dp_error;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny *error = state->error;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (usn != NULL && state->highest_usn != NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny *usn = talloc_steal(mem_ctx, state->highest_usn);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return EOK;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic int sdap_sudo_refresh_retry(struct tevent_req *req)
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny{
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_req *subreq = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_refresh_state *state = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int ret;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state = tevent_req_data(req, struct sdap_sudo_refresh_state);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (be_is_offline(state->be_ctx)) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->dp_error = DP_ERR_OFFLINE;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->error = EAGAIN;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return EOK;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (state->sdap_op == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->sdap_op = sdap_id_op_create(state, state->sdap_conn_cache);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (state->sdap_op == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_create() failed\n"));
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->dp_error = DP_ERR_FATAL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->error = EIO;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return EIO;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny subreq = sdap_id_op_connect_send(state->sdap_op, state, &ret);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (subreq == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny DEBUG(SSSDBG_CRIT_FAILURE,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ("sdap_id_op_connect_send() failed: %d(%s)\n", ret, strerror(ret)));
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny talloc_zfree(state->sdap_op);
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny state->dp_error = DP_ERR_FATAL;
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny state->error = ret;
ca4b7b92738f3dd463914e3de5757cd98d37a983Stephen Gallagher return ret;
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_set_callback(subreq, sdap_sudo_refresh_connect_done, req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return EAGAIN;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic void sdap_sudo_refresh_connect_done(struct tevent_req *subreq)
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny{
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny struct tevent_req *req = NULL; /* req from sdap_sudo_refresh_send() */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_refresh_state *state = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int dp_error;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int ret;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny req = tevent_req_callback_data(subreq, struct tevent_req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state = tevent_req_data(req, struct sdap_sudo_refresh_state);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = sdap_id_op_connect_recv(subreq, &dp_error);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny talloc_zfree(subreq);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (dp_error == DP_ERR_OFFLINE) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny talloc_zfree(state->sdap_op);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->dp_error = DP_ERR_OFFLINE;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->error = EAGAIN;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_done(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return;
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny } else if (ret != EOK) {
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny DEBUG(SSSDBG_CRIT_FAILURE,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ("SUDO LDAP connection failed - %s\n", strerror(ret)));
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny goto fail;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny DEBUG(SSSDBG_TRACE_FUNC, ("SUDO LDAP connection successful\n"));
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny subreq = sdap_sudo_load_sudoers_send(state, state->be_ctx->ev,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->opts,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny sdap_id_op_handle(state->sdap_op),
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_filter);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (subreq == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = EFAULT;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny goto fail;
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny }
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny tevent_req_set_callback(subreq, sdap_sudo_load_sudoers_done, req);
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenyfail:
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->dp_error = DP_ERR_FATAL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->error = ret;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_error(req, ret);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
74f857536411b46712f9b3dc0f1c53924b36dc02Stephen Gallagher
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic struct tevent_req * sdap_sudo_load_sudoers_send(TALLOC_CTX *mem_ctx,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_context *ev,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_options *opts,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_handle *sh,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny const char *ldap_filter)
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny{
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_req *req = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_load_sudoers_state *state = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int ret;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_load_sudoers_state);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (!req) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ev = ev;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->opts = opts;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->sh = sh;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->base_iter = 0;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->search_bases = opts->sudo_search_bases;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->filter = ldap_filter;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->timeout = dp_opt_get_int(opts->basic, SDAP_SEARCH_TIMEOUT);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_rules = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_rules_count = 0;
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny if (!state->search_bases) {
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny DEBUG(SSSDBG_CRIT_FAILURE,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ("SUDOERS lookup request without a search base\n"));
2f3ee3f49019f5b60adbe073070f31e6e2d7c7abStephen Gallagher ret = EINVAL;
2f3ee3f49019f5b60adbe073070f31e6e2d7c7abStephen Gallagher goto done;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* create attrs from map */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = build_attrs_from_map(state, opts->sudorule_map, SDAP_OPTS_SUDO,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny NULL, &state->attrs, NULL);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (ret != EOK) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny goto fail;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* begin search */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = sdap_sudo_load_sudoers_next_base(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenydone:
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (ret != EOK) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_error(req, ret);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_post(req, ev);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return req;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenyfail:
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny talloc_zfree(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic errno_t sdap_sudo_load_sudoers_next_base(struct tevent_req *req)
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny{
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_req *subreq = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_load_sudoers_state *state = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_search_base *search_base = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny char *filter = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
07002c911aa643000856f78707f1fee72b5eea29Jakub Hrozek state = tevent_req_data(req, struct sdap_sudo_load_sudoers_state);
07002c911aa643000856f78707f1fee72b5eea29Jakub Hrozek search_base = state->search_bases[state->base_iter];
07002c911aa643000856f78707f1fee72b5eea29Jakub Hrozek if (search_base == NULL) {
07002c911aa643000856f78707f1fee72b5eea29Jakub Hrozek /* should not happen */
07002c911aa643000856f78707f1fee72b5eea29Jakub Hrozek DEBUG(SSSDBG_CRIT_FAILURE, ("search_base is null\n"));
07002c911aa643000856f78707f1fee72b5eea29Jakub Hrozek return EFAULT;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* create filter */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny filter = sdap_get_id_specific_filter(state, state->filter,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny search_base->filter);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (filter == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return ENOMEM;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* send request */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny DEBUG(SSSDBG_TRACE_FUNC,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ("Searching for sudo rules with base [%s]\n",
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny search_base->basedn));
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny subreq = sdap_get_generic_send(state,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ev,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->opts,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->sh,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny search_base->basedn,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny search_base->scope,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny filter,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->attrs,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->opts->sudorule_map,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny SDAP_OPTS_SUDO,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->timeout,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny true);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (subreq == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return ENOMEM;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_set_callback(subreq, sdap_sudo_load_sudoers_process, req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return EOK;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic void sdap_sudo_load_sudoers_process(struct tevent_req *subreq)
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny{
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct tevent_req *req = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_load_sudoers_state *state = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_search_base *search_base = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_attrs **attrs = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny size_t count;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int ret;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny int i;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny req = tevent_req_callback_data(subreq, struct tevent_req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state = tevent_req_data(req, struct sdap_sudo_load_sudoers_state);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny search_base = state->search_bases[state->base_iter];
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny DEBUG(SSSDBG_TRACE_FUNC,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ("Receiving sudo rules with base [%s]\n",
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny search_base->basedn));
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = sdap_get_generic_recv(subreq, state, &count, &attrs);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny talloc_zfree(subreq);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (ret) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_error(req, ret);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* add rules to result */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (count > 0) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_rules = talloc_realloc(state, state->ldap_rules,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny struct sysdb_attrs *,
fdab7bbf8933351f6254438c30ff361cd748b15aJan Zeleny state->ldap_rules_count + count);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (state->ldap_rules == NULL) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_error(req, ENOMEM);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny for (i = 0; i < count; i++) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_rules[state->ldap_rules_count + i] = talloc_steal(
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_rules, attrs[i]);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->ldap_rules_count += count;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* go to next base */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state->base_iter++;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (state->search_bases[state->base_iter]) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny ret = sdap_sudo_load_sudoers_next_base(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny if (ret != EOK) {
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_error(req, ret);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny return;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny }
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny /* we are done */
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny tevent_req_done(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic int sdap_sudo_load_sudoers_recv(struct tevent_req *req,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny TALLOC_CTX *mem_ctx,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny size_t *rules_count,
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sysdb_attrs ***rules)
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny{
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny struct sdap_sudo_load_sudoers_state *state = NULL;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny state = tevent_req_data(req, struct sdap_sudo_load_sudoers_state);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny TEVENT_REQ_RETURN_ON_ERROR(req);
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny *rules_count = state->ldap_rules_count;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny *rules = talloc_steal(mem_ctx, state->ldap_rules);
1a7d1977037864e52858058777af8ff8401547ddJan Cholasta
1a7d1977037864e52858058777af8ff8401547ddJan Cholasta return EOK;
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny}
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zeleny
ad07ed37b6b51ef134d4524edaf2259e19ac984fJan Zelenystatic void sdap_sudo_load_sudoers_done(struct tevent_req *subreq)
{
struct tevent_req *req = NULL; /* req from sdap_sudo_refresh_send() */
struct sdap_sudo_refresh_state *state = NULL;
struct sysdb_attrs **rules = NULL;
size_t rules_count;
int ret;
errno_t sret;
bool in_transaction = false;
time_t now;
req = tevent_req_callback_data(subreq, struct tevent_req);
state = tevent_req_data(req, struct sdap_sudo_refresh_state);
ret = sdap_sudo_load_sudoers_recv(subreq, state, &rules_count, &rules);
talloc_zfree(subreq);
if (ret != EOK) {
goto done;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Received %d rules\n", rules_count));
/* start transaction */
ret = sysdb_transaction_start(state->sysdb);
if (ret != EOK) {
goto done;
}
in_transaction = true;
/* purge cache */
ret = sdap_sudo_purge_sudoers(state->sysdb, state->sysdb_filter,
state->opts->sudorule_map, rules_count, rules);
if (ret != EOK) {
goto done;
}
/* store rules */
now = time(NULL);
ret = sdap_sudo_store_sudoers(state, state->sysdb, state->opts, rules_count,
rules, state->domain->sudo_timeout, now,
&state->highest_usn);
if (ret != EOK) {
goto done;
}
/* commit transaction */
ret = sysdb_transaction_commit(state->sysdb);
if (ret == EOK) {
in_transaction = false;
}
DEBUG(SSSDBG_TRACE_FUNC, ("Sudoers is successfuly stored in cache\n"));
ret = EOK;
done:
if (in_transaction) {
sret = sysdb_transaction_cancel(state->sysdb);
if (sret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n"));
}
}
state->error = ret;
if (ret == EOK) {
state->dp_error = DP_ERR_OK;
tevent_req_done(req);
} else {
state->dp_error = DP_ERR_FATAL;
tevent_req_error(req, ret);
}
}
static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
const char *filter,
struct sdap_attr_map *map,
size_t rules_count,
struct sysdb_attrs **rules)
{
const char *name;
int i;
errno_t ret;
if (filter == NULL) {
/* removes downloaded rules from the cache */
if (rules_count == 0 || rules == NULL) {
return EOK;
}
for (i = 0; i < rules_count; i++) {
ret = sysdb_attrs_get_string(rules[i],
map[SDAP_AT_SUDO_NAME].sys_name,
&name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to retrieve rule name: [%s]\n", strerror(ret)));
continue;
}
ret = sysdb_sudo_purge_byname(sysdb_ctx, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to delete rule %s: [%s]\n",
name, strerror(ret)));
continue;
}
}
} else {
/* purge cache by provided filter */
ret = sysdb_sudo_purge_byfilter(sysdb_ctx, filter);
if (ret != EOK) {
goto done;
}
}
done:
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("failed to purge sudo rules [%d]: %s\n",
ret, strerror(ret)));
}
return ret;
}
static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb_ctx,
struct sdap_options *opts,
size_t rules_count,
struct sysdb_attrs **rules,
int cache_timeout,
time_t now,
char **_usn)
{
errno_t ret;
/* Empty sudoers? Done. */
if (rules_count == 0 || rules == NULL) {
return EOK;
}
ret = sdap_save_native_sudorule_list(mem_ctx, sysdb_ctx, opts->sudorule_map,
rules, rules_count, cache_timeout, now,
_usn);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("failed to save sudo rules [%d]: %s\n",
ret, strerror(ret)));
return ret;
}
return EOK;
}