sdap_sudo_refresh.c revision 3b99f7a97553a0a357d50abe507d4f0060c4ecea
81d182b21020b815887e9057959228546cf61b6bChristian Maeder Pavel Březina <pbrezina@redhat.com>
97018cf5fa25b494adffd7e9b4e87320dae6bf47Christian Maeder Copyright (C) 2015 Red Hat
3f69b6948966979163bdfe8331c38833d5d90ecdChristian Maeder This program is free software; you can redistribute it and/or modify
967e5f3c25249c779575864692935627004d3f9eChristian Maeder it under the terms of the GNU General Public License as published by
89054b2b95a3f92e78324dc852f3d34704e2ca49Christian Maeder the Free Software Foundation; either version 3 of the License, or
f3a94a197960e548ecd6520bb768cb0d547457bbChristian Maeder (at your option) any later version.
717686b54b9650402e2ebfbaadf433eab8ba5171Christian Maeder This program is distributed in the hope that it will be useful,
967e5f3c25249c779575864692935627004d3f9eChristian Maeder but WITHOUT ANY WARRANTY; without even the implied warranty of
967e5f3c25249c779575864692935627004d3f9eChristian Maeder MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
967e5f3c25249c779575864692935627004d3f9eChristian Maeder GNU General Public License for more details.
fd896e2068ad7e50aed66ac18c3720ea7ff2619fChristian Maeder You should have received a copy of the GNU General Public License
7221c71b38c871ce66eee4537cb681d468308dfbChristian Maeder along with this program. If not, see <http://www.gnu.org/licenses/>.
551af0e4ba6d96bb24f3555f3b30ed648e22e34aChristian Maeder#include "providers/ldap/sdap_sudo_shared.h"
551af0e4ba6d96bb24f3555f3b30ed648e22e34aChristian Maederstatic void sdap_sudo_full_refresh_done(struct tevent_req *subreq);
551af0e4ba6d96bb24f3555f3b30ed648e22e34aChristian Maederstruct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx,
51fb5d7edd9369c367dda2f8b15ddd6f8a146606Christian Maeder struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx;
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder struct sdap_sudo_full_refresh_state *state = NULL;
67d92da5e9610aabad39055a16031154b4dc3748Christian Maeder req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_full_refresh_state);
67d92da5e9610aabad39055a16031154b4dc3748Christian Maeder DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
7a879b08ae0ca30006f9be887a73212b07f10204Christian Maeder /* Download all rules from LDAP */
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder search_filter = talloc_asprintf(state, SDAP_SUDO_FILTER_CLASS,
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder id_ctx->opts->sudorule_map[SDAP_OC_SUDORULE].name);
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder /* Remove all rules from cache */
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder delete_filter = talloc_asprintf(state, "(%s=%s)",
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder DEBUG(SSSDBG_TRACE_FUNC, "Issuing a full refresh of sudo rules\n");
b66eb6038bfbcd2fe520d87c151bb4f1f510e985Christian Maeder subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter,
a89389521ddf76109168a0b339031575aafbd512Christian Maeder tevent_req_set_callback(subreq, sdap_sudo_full_refresh_done, req);
ee93fb771fcf3000d73c8e2f2000adb4b9a5158cChristian Maederstatic void sdap_sudo_full_refresh_done(struct tevent_req *subreq)
ee93fb771fcf3000d73c8e2f2000adb4b9a5158cChristian Maeder struct sdap_sudo_full_refresh_state *state = NULL;
51fb5d7edd9369c367dda2f8b15ddd6f8a146606Christian Maeder req = tevent_req_callback_data(subreq, struct tevent_req);
e7ce154edb906685b3fa7f6c0a764e18a4658068Christian Maeder state = tevent_req_data(req, struct sdap_sudo_full_refresh_state);
67086e0fe40a985c5e8a3cf50e611f43234580c2Christian Maeder ret = sdap_sudo_refresh_recv(state, subreq, &state->dp_error, NULL);
ee93fb771fcf3000d73c8e2f2000adb4b9a5158cChristian Maeder if (ret != EOK || state->dp_error != DP_ERR_OK) {
67d92da5e9610aabad39055a16031154b4dc3748Christian Maeder /* save the time in the sysdb */
ee93fb771fcf3000d73c8e2f2000adb4b9a5158cChristian Maeder ret = sysdb_sudo_set_last_full_refresh(state->domain, time(NULL));
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder DEBUG(SSSDBG_MINOR_FAILURE, "Unable to save time of "
717686b54b9650402e2ebfbaadf433eab8ba5171Christian Maeder "a successful full refresh\n");
717686b54b9650402e2ebfbaadf433eab8ba5171Christian Maeder /* this is only a minor error that does not affect the functionality,
d48085f765fca838c1d972d2123601997174583dChristian Maeder * therefore there is no need to report it with tevent_req_error()
d48085f765fca838c1d972d2123601997174583dChristian Maeder * which would cause problems in the consumers */
d48085f765fca838c1d972d2123601997174583dChristian Maeder DEBUG(SSSDBG_TRACE_FUNC, "Successful full refresh of sudo rules\n");
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maederint sdap_sudo_full_refresh_recv(struct tevent_req *req,
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder struct sdap_sudo_full_refresh_state *state = NULL;
b66eb6038bfbcd2fe520d87c151bb4f1f510e985Christian Maeder state = tevent_req_data(req, struct sdap_sudo_full_refresh_state);
58b5ac21d1c88344246aaedab0c0bdc7b759d7c6Christian Maederstatic void sdap_sudo_smart_refresh_done(struct tevent_req *subreq);
3c8d067accf18572352351ec42ff905c7297a8a5Christian Maederstruct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx,
58b5ac21d1c88344246aaedab0c0bdc7b759d7c6Christian Maeder struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx;
242397ba0f1cc490e892130bf0df239deeecf5daChristian Maeder struct sdap_attr_map *map = id_ctx->opts->sudorule_map;
2e9985cd67e4f2414becb670ef33b8f16513e41dChristian Maeder struct sdap_server_opts *srv_opts = id_ctx->srv_opts;
242397ba0f1cc490e892130bf0df239deeecf5daChristian Maeder struct sdap_sudo_smart_refresh_state *state = NULL;
551af0e4ba6d96bb24f3555f3b30ed648e22e34aChristian Maeder req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_smart_refresh_state);
d769b9ca726a9b50d661847c0e58c41d6ef334b4Christian Maeder DEBUG(SSSDBG_CRIT_FAILURE, "tevent_req_create() failed\n");
ad187062b0009820118c1b773a232e29b879a2faChristian Maeder /* Download all rules from LDAP that are newer than usn */
551af0e4ba6d96bb24f3555f3b30ed648e22e34aChristian Maeder if (srv_opts == NULL || srv_opts->max_sudo_value == 0) {
dedabc954aa15f6ad0764472a9434dc6dafe3db2Christian Maeder DEBUG(SSSDBG_TRACE_FUNC, "USN value is unknown, assuming zero.\n");
588c0c022a0f4e129a89c3bc569daf6a835e182dChristian Maeder search_filter = talloc_asprintf(state, "(objectclass=%s)",
bfa9e03532243ceb487f0384d0f6a447f1ce7670Till Mossakowski search_filter = talloc_asprintf(state, "(&(objectclass=%s)(%s>=%s))",
a95f5379cabb30d3beb0545002cf50e9e4fc2c86Christian Maeder /* Do not remove any rules that are already in the sysdb
a95f5379cabb30d3beb0545002cf50e9e4fc2c86Christian Maeder * sysdb_filter = NULL; */
a95f5379cabb30d3beb0545002cf50e9e4fc2c86Christian Maeder DEBUG(SSSDBG_TRACE_FUNC, "Issuing a smart refresh of sudo rules "
a95f5379cabb30d3beb0545002cf50e9e4fc2c86Christian Maeder subreq = sdap_sudo_refresh_send(state, sudo_ctx, search_filter, NULL);
a95f5379cabb30d3beb0545002cf50e9e4fc2c86Christian Maeder tevent_req_set_callback(subreq, sdap_sudo_smart_refresh_done, req);
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maederstatic void sdap_sudo_smart_refresh_done(struct tevent_req *subreq)
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder struct sdap_sudo_smart_refresh_state *state = NULL;
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder req = tevent_req_callback_data(subreq, struct tevent_req);
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder state = tevent_req_data(req, struct sdap_sudo_smart_refresh_state);
ad187062b0009820118c1b773a232e29b879a2faChristian Maeder ret = sdap_sudo_refresh_recv(state, subreq, &state->dp_error, NULL);
a95f5379cabb30d3beb0545002cf50e9e4fc2c86Christian Maeder if (ret != EOK || state->dp_error != DP_ERR_OK) {
ad187062b0009820118c1b773a232e29b879a2faChristian Maeder DEBUG(SSSDBG_TRACE_FUNC, "Successful smart refresh of sudo rules\n");
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maederint sdap_sudo_smart_refresh_recv(struct tevent_req *req,
a95f5379cabb30d3beb0545002cf50e9e4fc2c86Christian Maeder struct sdap_sudo_smart_refresh_state *state = NULL;
9659c509ce5e78adc51d7b02a76274eddcba9338Christian Maeder state = tevent_req_data(req, struct sdap_sudo_smart_refresh_state);
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maederstatic void sdap_sudo_rules_refresh_done(struct tevent_req *subreq);
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maederstruct tevent_req *sdap_sudo_rules_refresh_send(TALLOC_CTX *mem_ctx,
1a75698c909ad515d59c76e65bd783f015c21c4dChristian Maeder struct sdap_sudo_rules_refresh_state *state = NULL;
dedabc954aa15f6ad0764472a9434dc6dafe3db2Christian Maeder struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx;
return NULL;
return NULL;
return NULL;
goto immediately;
goto immediately;
goto immediately;
goto immediately;
goto immediately;
goto immediately;
return req;
int ret;
goto done;
done:
int *dp_error,
bool *deleted)
return EOK;
static struct tevent_req *
void *pvt)
static errno_t
int dp_error;
static struct tevent_req *
void *pvt)
static errno_t
int dp_error;
sudo_ctx);