diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-12 11:08:12 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2013-11-15 20:19:27 +0100 |
commit | 7a1a56860993475d0025e7411547649abf09d32c (patch) | |
tree | 6198ab4f152dd4fa17b9eb5c500a15c91407069e | |
parent | c1284d966d351e5c42fb23a0d0ef6c268a11b7f8 (diff) | |
download | sssd-7a1a56860993475d0025e7411547649abf09d32c.tar.gz sssd-7a1a56860993475d0025e7411547649abf09d32c.tar.xz sssd-7a1a56860993475d0025e7411547649abf09d32c.zip |
Merge ipa_selinux_common.c and ipa_selinux.c
Moved unused functions and merged ipa_selinux_common.c into
ipa_selinux.c
-rw-r--r-- | Makefile.am | 2 | ||||
-rw-r--r-- | src/db/sysdb_selinux.c | 61 | ||||
-rw-r--r-- | src/db/sysdb_selinux.h | 18 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux.c | 47 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux_common.c | 73 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux_common.h | 36 |
6 files changed, 50 insertions, 187 deletions
diff --git a/Makefile.am b/Makefile.am index 992d5796e..f43ddee8f 100644 --- a/Makefile.am +++ b/Makefile.am @@ -482,7 +482,6 @@ dist_noinst_HEADERS = \ src/providers/ipa/ipa_access.h \ src/providers/ipa/ipa_selinux.h \ src/providers/ipa/ipa_hosts.h \ - src/providers/ipa/ipa_selinux_common.h \ src/providers/ipa/ipa_selinux_maps.h \ src/providers/ipa/ipa_auth.h \ src/providers/ipa/ipa_dyndns.h \ @@ -1685,7 +1684,6 @@ libsss_ipa_la_SOURCES = \ src/providers/ipa/ipa_hbac_common.c \ src/providers/ipa/ipa_selinux.c \ src/providers/ipa/ipa_selinux_maps.c \ - src/providers/ipa/ipa_selinux_common.c \ src/providers/ipa/ipa_srv.c \ src/providers/ipa/ipa_idmap.c \ src/providers/ad/ad_common.c \ diff --git a/src/db/sysdb_selinux.c b/src/db/sysdb_selinux.c index 80cfe5390..905b43a79 100644 --- a/src/db/sysdb_selinux.c +++ b/src/db/sysdb_selinux.c @@ -24,6 +24,10 @@ #include "db/sysdb_private.h" /* Some generic routines */ +enum selinux_entity_type { + SELINUX_CONFIG, + SELINUX_USER_MAP +}; static errno_t sysdb_add_selinux_entity(struct sysdb_ctx *sysdb, @@ -240,63 +244,6 @@ errno_t sysdb_delete_usermaps(struct sysdb_ctx *sysdb, } /* --- SYSDB SELinux search routines --- */ -errno_t sysdb_search_selinux_usermap_by_mapname(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *name, - const char **attrs, - struct ldb_message **_usermap) -{ - TALLOC_CTX *tmp_ctx; - const char *def_attrs[] = { SYSDB_NAME, - SYSDB_USER_CATEGORY, - SYSDB_HOST_CATEGORY, - SYSDB_ORIG_MEMBER_USER, - SYSDB_ORIG_MEMBER_HOST, - SYSDB_SELINUX_USER, - NULL }; - struct ldb_message **msgs = NULL; - struct ldb_dn *basedn; - size_t msgs_count = 0; - char *clean_name; - int ret; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - ret = sysdb_dn_sanitize(tmp_ctx, name, &clean_name); - if (ret != EOK) { - goto done; - } - - basedn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_SEUSERMAP, - clean_name, domain->name); - if (!basedn) { - ret = ENOMEM; - goto done; - } - - ret = sysdb_search_entry(tmp_ctx, sysdb, basedn, LDB_SCOPE_BASE, NULL, - attrs?attrs:def_attrs, &msgs_count, &msgs); - if (ret) { - goto done; - } - - *_usermap = talloc_steal(mem_ctx, msgs[0]); - -done: - if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_FUNC, ("No such entry\n")); - } - else if (ret) { - DEBUG(SSSDBG_TRACE_FUNC, ("Error: %d (%s)\n", ret, strerror(ret))); - } - talloc_zfree(tmp_ctx); - return ret; -} - errno_t sysdb_get_selinux_usermaps(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, diff --git a/src/db/sysdb_selinux.h b/src/db/sysdb_selinux.h index 752f2206f..a40e7b52f 100644 --- a/src/db/sysdb_selinux.h +++ b/src/db/sysdb_selinux.h @@ -36,11 +36,6 @@ #define SYSDB_SELINUX_DEFAULT_ORDER "order" #define SYSDB_SELINUX_HOST_PRIORITY "hostPriority" -enum selinux_entity_type { - SELINUX_CONFIG, - SELINUX_USER_MAP -}; - errno_t sysdb_store_selinux_usermap(struct sysdb_ctx *sysdb, struct sss_domain_info *domain, struct sysdb_attrs *attrs); @@ -57,19 +52,6 @@ errno_t sysdb_get_selinux_usermaps(TALLOC_CTX *mem_ctx, size_t *count, struct ldb_message ***messages); -errno_t sysdb_search_selinux_usermap_by_mapname(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *name, - const char **attrs, - struct ldb_message **_usermap); - -errno_t sysdb_search_selinux_usermap_by_username(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *username, - struct ldb_message ***_usermaps); - errno_t sysdb_search_selinux_config(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, diff --git a/src/providers/ipa/ipa_selinux.c b/src/providers/ipa/ipa_selinux.c index c227db937..bb7b40452 100644 --- a/src/providers/ipa/ipa_selinux.c +++ b/src/providers/ipa/ipa_selinux.c @@ -33,7 +33,6 @@ #include "providers/ipa/ipa_hbac_rules.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ipa/ipa_access.h" -#include "providers/ipa/ipa_selinux_common.h" #include "providers/ipa/ipa_selinux_maps.h" #include "providers/ipa/ipa_subdomains.h" @@ -153,6 +152,52 @@ fail: be_req_terminate(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL); } +static errno_t +ipa_save_user_maps(struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + size_t map_count, + struct sysdb_attrs **maps) +{ + errno_t ret; + errno_t sret; + bool in_transaction = false; + int i; + + ret = sysdb_transaction_start(sysdb); + if (ret) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); + goto done; + } + in_transaction = true; + + for (i = 0; i < map_count; i++) { + ret = sysdb_store_selinux_usermap(sysdb ,domain, maps[i]); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Failed to store user map %d. " + "Ignoring.\n", i)); + } else { + DEBUG(SSSDBG_TRACE_FUNC, ("User map %d processed.\n", i)); + } + } + + ret = sysdb_transaction_commit(sysdb); + if (ret) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); + goto done; + } + in_transaction = false; + ret = EOK; + +done: + if (in_transaction) { + sret = sysdb_transaction_cancel(sysdb); + if (sret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction")); + } + } + return ret; +} + static struct ipa_selinux_op_ctx * ipa_selinux_create_op_ctx(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, diff --git a/src/providers/ipa/ipa_selinux_common.c b/src/providers/ipa/ipa_selinux_common.c deleted file mode 100644 index 2276d0c98..000000000 --- a/src/providers/ipa/ipa_selinux_common.c +++ /dev/null @@ -1,73 +0,0 @@ -/* - SSSD - - IPA Backend Module -- SELinux common routines - - Authors: - Jan Zeleny <jzeleny@redhat.com> - - Copyright (C) 2012 Red Hat - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#include "db/sysdb_selinux.h" -#include "providers/ldap/sdap_async.h" -#include "providers/ipa/ipa_selinux_common.h" - - -errno_t ipa_save_user_maps(struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - size_t map_count, - struct sysdb_attrs **maps) -{ - errno_t ret; - errno_t sret; - bool in_transaction = false; - int i; - - ret = sysdb_transaction_start(sysdb); - if (ret) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n")); - goto done; - } - in_transaction = true; - - for (i = 0; i < map_count; i++) { - ret = sysdb_store_selinux_usermap(sysdb, domain, maps[i]); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("Failed to store user map %d. " - "Ignoring.\n", i)); - } else { - DEBUG(SSSDBG_TRACE_FUNC, ("User map %d processed.\n", i)); - } - } - - ret = sysdb_transaction_commit(sysdb); - if (ret) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction!\n")); - goto done; - } - in_transaction = false; - ret = EOK; - -done: - if (in_transaction) { - sret = sysdb_transaction_cancel(sysdb); - if (sret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to cancel transaction")); - } - } - return ret; -} diff --git a/src/providers/ipa/ipa_selinux_common.h b/src/providers/ipa/ipa_selinux_common.h deleted file mode 100644 index 8a6595566..000000000 --- a/src/providers/ipa/ipa_selinux_common.h +++ /dev/null @@ -1,36 +0,0 @@ -/* - SSSD - - IPA Backend Module -- SELinux common routines - - Authors: - Jan Zeleny <jzeleny@redhat.com> - - Copyright (C) 2012 Red Hat - - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 3 of the License, or - (at your option) any later version. - - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with this program. If not, see <http://www.gnu.org/licenses/>. -*/ - -#ifndef IPA_SELINUX_COMMON_H_ -#define IPA_SELINUX_COMMON_H_ - -errno_t ipa_save_host(struct sysdb_ctx *sysdb, - struct sysdb_attrs *host); - -errno_t ipa_save_user_maps(struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - size_t map_count, - struct sysdb_attrs **maps); - -#endif /* IPA_SELINUX_COMMON_H_ */ |