summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2009-01-13 14:13:06 -0500
committerSimo Sorce <idra@samba.org>2009-01-13 16:41:02 -0500
commit9ca78970073ca9466cb85dceb560e2b925c9580b (patch)
tree9aeb6d3d7647554d703c5d64037a849334ce9f1e
parentbe1a20d965497c96b6cf1ca14832a30fa7c140b7 (diff)
downloadsssd-9ca78970073ca9466cb85dceb560e2b925c9580b.tar.gz
sssd-9ca78970073ca9466cb85dceb560e2b925c9580b.tar.xz
sssd-9ca78970073ca9466cb85dceb560e2b925c9580b.zip
Monitor will now start services asynchronously. This means that forked services can no longer start before the monitor is running its mainloop. This avoids the race condition where the child services attempted to connect to the monitor SBUS before it was able to answer requests.
Diffstat
-rw-r--r--server/monitor.c78
1 files changed, 57 insertions, 21 deletions
diff --git a/server/monitor.c b/server/monitor.c
index 18fb3255b..921e8b59a 100644
--- a/server/monitor.c
+++ b/server/monitor.c
@@ -35,8 +35,6 @@
#include "sbus/sssd_dbus.h"
#include "sbus_interfaces.h"
-static int start_service(const char *name, const char *command, pid_t *retpid);
-
/* ping time cannot be less then once every few seconds or the
* monitor will get crazy hammering children with messages */
#define MONITOR_MIN_PING_TIME 10
@@ -73,6 +71,8 @@ struct mt_ctx {
int service_ping_time;
};
+static int start_service(struct mt_svc *mt_svc);
+
static int dbus_service_init(struct sbus_conn_ctx *conn_ctx, void *data);
static void identity_check(DBusPendingCall *pending, void *data);
@@ -223,6 +223,7 @@ static void tasks_check_handler(struct event_context *ev,
}
if (!process_alive) {
+ DLIST_REMOVE(svc->mt_ctx->svc_list, svc);
if (svc->last_restart != 0) {
if ((now - svc->last_restart) > 30) { /* TODO: get val from config */
/* it was long ago reset restart threshold */
@@ -237,7 +238,7 @@ static void tasks_check_handler(struct event_context *ev,
return;
}
- ret = start_service(svc->name, svc->command, &svc->pid);
+ ret = start_service(svc);
if (ret != EOK) {
DEBUG(0,("Failed to restart service '%s'\n", svc->name));
talloc_free(svc);
@@ -246,7 +247,7 @@ static void tasks_check_handler(struct event_context *ev,
svc->restarts++;
svc->last_restart = now;
- svc->last_pong = 0;
+ return;
}
/* all fine, set up the task checker again */
@@ -356,16 +357,15 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
}
talloc_free(path);
- ret = start_service(svc->name, svc->command, &svc->pid);
+ /* Add this service to the queue to be started once the monitor
+ * enters its mainloop.
+ */
+ ret = start_service(svc);
if (ret != EOK) {
DEBUG(0,("Failed to start service '%s'\n", svc->name));
talloc_free(svc);
continue;
}
-
- DLIST_ADD(ctx->svc_list, svc);
-
- set_tasks_checker(svc);
}
/* now start the data providers */
@@ -407,7 +407,7 @@ int monitor_process_init(TALLOC_CTX *mem_ctx,
continue;
}
- ret = start_service(doms[i], svc->command, &svc->pid);
+ ret = start_service(svc);
if (ret != EOK) {
DEBUG(0,("Failed to start provider for '%s'\n", doms[i]));
talloc_free(svc);
@@ -862,32 +862,68 @@ fail:
return NULL;
}
-static int start_service(const char *name, const char *command, pid_t *retpid)
+static void service_startup_handler(struct event_context *ev,
+ struct timed_event *te,
+ struct timeval t, void *ptr);
+
+static int start_service(struct mt_svc *svc)
{
+ struct timed_event *te;
+ struct timeval tv;
+
+ DEBUG(4,("Queueing service %s for startup\n", svc->name));
+
+ /* Add a timed event to start up the service.
+ * We have to do this in order to avoid a race
+ * condition where the service being started forks
+ * and attempts to connect to the SBUS before
+ * the monitor is serving it.
+ */
+ gettimeofday(&tv, NULL);
+ te = event_add_timed(svc->mt_ctx->ev, svc, tv,
+ service_startup_handler, svc);
+ if (te == NULL) {
+ DEBUG(0, ("Unable to queue service %s for startup\n", svc->name));
+ return ENOMEM;
+ }
+ return EOK;
+}
+
+static void service_startup_handler(struct event_context *ev,
+ struct timed_event *te,
+ struct timeval t, void *ptr)
+{
+ struct mt_svc *mt_svc;
char **args;
- pid_t pid;
- DEBUG(4,("Starting service %s\n", name));
+ mt_svc = talloc_get_type(ptr, struct mt_svc);
+ if (mt_svc == NULL) {
+ return;
+ }
- pid = fork();
- if (pid != 0) {
- if (pid == -1) {
- return ECHILD;
+ mt_svc->pid = fork();
+ if (mt_svc->pid != 0) {
+ if (mt_svc->pid == -1) {
+ DEBUG(0, ("Could not fork child to start service [%s]. Continuing.\n", mt_svc->name))
+ return;
}
- *retpid = pid;
+ /* Parent */
+ mt_svc->last_pong = time(NULL);
+ DLIST_ADD(mt_svc->mt_ctx->svc_list, mt_svc);
+ set_tasks_checker(mt_svc);
- return EOK;
+ return;
}
/* child */
- args = parse_args(command);
+ args = parse_args(mt_svc->command);
execvp(args[0], args);
/* If we are here, exec() has failed
* Print errno and abort quickly */
- DEBUG(0,("Could not exec %s, reason: %s\n", command, strerror(errno)));
+ DEBUG(0,("Could not exec %s, reason: %s\n", mt_svc->command, strerror(errno)));
/* We have to call _exit() instead of exit() here
* because a bug in D-BUS will cause the server to
generated by cgit (git 2.34.1) at 2024-06-21 18:17:51 +0000
372 373 374 375 376 377 378 379 380 381 382 383 384 385 386 387 388 389 390 391 392 393 394 395 396 397 398 399 400 401 402 403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432 433 434 435 436 437 438 439 440 441 442 443 444 445 446 447 448 449 450 451 452 453 454 455 456 457 458 459 460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525 526 527 528 529 530 531 532 533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559 560 561 562 563 564 565 566 567 568 569 570 571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615 616 617 
/*
    SSSD

    IPA Backend Module -- session loading

    Authors:
        Jan Zeleny <jzeleny@redhat.com>

    Copyright (C) 2012 Red Hat

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#include <security/pam_modules.h>

#include "db/sysdb_selinux.h"
#include "util/sss_selinux.h"
#include "providers/ldap/sdap_async.h"
#include "providers/ipa/ipa_common.h"
#include "providers/ipa/ipa_config.h"
#include "providers/ipa/ipa_session.h"
#include "providers/ipa/ipa_hosts.h"
#include "providers/ipa/ipa_hbac_rules.h"
#include "providers/ipa/ipa_selinux_common.h"
#include "providers/ipa/ipa_selinux_maps.h"

/* FIXME: this is temporary until host map is implemented in ipa_common.c */
#include "providers/ipa/ipa_hbac_private.h"

struct ipa_get_selinux_state {
    struct be_req *be_req;
    struct pam_data *pd;
    struct ipa_session_ctx *session_ctx;
    struct sdap_id_op *op;

    /* Just tmp stuff so we can free it after query */
    const char **attrs;

    const char *hostname;
    struct sysdb_attrs *host;
    struct sysdb_attrs *user;

    struct sysdb_attrs *defaults;

    struct sysdb_attrs **possible_match;
    struct sysdb_attrs **confirmed_match;
};

static struct
tevent_req *ipa_get_selinux_send(struct be_req *breq,
                                 struct pam_data *pd,
                                 struct ipa_session_ctx *session_ctx);
static void ipa_session_handler_done(struct tevent_req *subreq);
static errno_t ipa_get_selinux_recv(struct tevent_req *req,
                                    TALLOC_CTX *mem_ctx,
                                    size_t *count,
                                    struct sysdb_attrs ***maps,
                                    char **default_user,
                                    char **map_order);

static void ipa_get_selinux_connect_done(struct tevent_req *subreq);
static void ipa_get_selinux_hosts_done(struct tevent_req *subreq);
static void ipa_get_selinux_maps_done(struct tevent_req *subreq);
static void ipa_get_selinux_hbac_done(struct tevent_req *subreq);
static void ipa_get_selinux_config_done(struct tevent_req *subreq);

void ipa_session_handler(struct be_req *be_req)
{
    struct ipa_session_ctx *session_ctx;
    struct tevent_req *req;
    struct pam_data *pd;

    pd = talloc_get_type(be_req->req_data, struct pam_data);

    session_ctx = talloc_get_type(
                             be_req->be_ctx->bet_info[BET_SESSION].pvt_bet_data,
                             struct ipa_session_ctx);


    req = ipa_get_selinux_send(be_req, pd, session_ctx);
    if (req == NULL) {
        goto fail;
    }

    tevent_req_set_callback(req, ipa_session_handler_done, be_req);

    return;

fail:
    be_req->fn(be_req, DP_ERR_FATAL, PAM_SYSTEM_ERR, NULL);
}

static void ipa_session_handler_done(struct tevent_req *req)
{
    struct be_req *breq = tevent_req_callback_data(req, struct be_req);
    struct sysdb_ctx *sysdb = breq->be_ctx->sysdb;
    errno_t ret, sret;
    size_t map_count;
    struct sysdb_attrs **maps;
    bool in_transaction = false;
    char *default_user;
    char *map_order;

    ret = ipa_get_selinux_recv(req, breq, &map_count, &maps,
                               &default_user, &map_order);
    if (ret != EOK) {
        goto fail;
    }

    ret = sysdb_transaction_start(sysdb);
    if (ret != EOK) goto fail;
    in_transaction = true;

    if (default_user != NULL && map_order != NULL) {
        ret = sysdb_store_selinux_config(sysdb, default_user, map_order);
        if (ret != EOK) {
            goto fail;
        }
    }

    if (map_count > 0 && maps != NULL) {
        ret = ipa_save_user_maps(sysdb, map_count, maps);
        if (ret != EOK) {
            goto fail;
        }
    }

    ret = sysdb_transaction_commit(sysdb);
    if (ret != EOK) {
        DEBUG(SSSDBG_OP_FAILURE, ("Could not commit transaction\n"));
        goto fail;
    }

    /* Just in case more code will follow after this place in the future */
    in_transaction = false;


    breq->fn(breq, DP_ERR_OK, EOK, "Success");
    return;

fail:
    if (in_transaction) {
        sret = sysdb_transaction_cancel(sysdb);
        if (sret != EOK) {
            DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n"));
        }
    }
    if (ret == EAGAIN) {
        breq->fn(breq, DP_ERR_OFFLINE, EAGAIN, "Offline");
    } else {
        breq->fn(breq, DP_ERR_FATAL, ret, NULL);
    }
}

static struct tevent_req *ipa_get_selinux_send(struct be_req *breq,
                                               struct pam_data *pd,
                                               struct ipa_session_ctx *session_ctx)
{
    struct tevent_req *req;
    struct tevent_req *subreq;
    struct be_ctx *bctx = breq->be_ctx;
    struct ipa_get_selinux_state *state;
    bool offline;
    int ret = EOK;

    DEBUG(SSSDBG_TRACE_FUNC, ("Retrieving SELinux user mapping\n"));
    req = tevent_req_create(breq, &state, struct ipa_get_selinux_state);
    if (req == NULL) {
        return NULL;
    }

    state->be_req = breq;
    state->pd = pd;
    state->session_ctx = session_ctx;

    offline = be_is_offline(bctx);
    DEBUG(SSSDBG_TRACE_INTERNAL, ("Connection status is [%s].\n",
                                  offline ? "offline" : "online"));

    if (!offline) {
        state->op = sdap_id_op_create(state, session_ctx->id_ctx->sdap_id_ctx->conn_cache);
        if (!state->op) {
            DEBUG(SSSDBG_OP_FAILURE, ("sdap_id_op_create failed\n"));
            ret = ENOMEM;
            goto immediate;
        }

        subreq = sdap_id_op_connect_send(state->op, state, &ret);
        if (!subreq) {
            DEBUG(SSSDBG_CRIT_FAILURE, ("sdap_id_op_connect_send failed: "
                                        "%d(%s).\n", ret, strerror(ret)));
            talloc_zfree(state->op);
            goto immediate;
        }

        tevent_req_set_callback(subreq, ipa_get_selinux_connect_done, req);
    } else {
        ret = EAGAIN;
        goto immediate;
    }

    return req;

immediate:
    if (ret == EOK) {
        tevent_req_done(req);
    } else {
        tevent_req_error(req, ret);
    }
    tevent_req_post(req, bctx->ev);
    return req;
}

static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
{
    struct tevent_req *req = tevent_req_callback_data(subreq,
                                                  struct tevent_req);
    struct ipa_get_selinux_state *state = tevent_req_data(req,
                                                  struct ipa_get_selinux_state);
    int dp_error = DP_ERR_FATAL;
    int ret;
    struct ipa_id_ctx *id_ctx = state->session_ctx->id_ctx;
    struct be_ctx *bctx = state->be_req->be_ctx;

    ret = sdap_id_op_connect_recv(subreq, &dp_error);
    talloc_zfree(subreq);

    if (dp_error == DP_ERR_OFFLINE) {
        talloc_zfree(state->op);
        ret = EAGAIN;
    }

    if (ret != EOK) {
        goto fail;
    }

    state->hostname = dp_opt_get_string(state->session_ctx->id_ctx->ipa_options->basic,
                                        IPA_HOSTNAME);

    /* FIXME: detect if HBAC is configured
     * - if yes, we can skip host retrieval and get it directly from sysdb
     */
    state->attrs = talloc_array(state, const char *, 3);
    if (state->attrs == NULL) {
        ret = ENOMEM;
        goto fail;
    }
    state->attrs[0] = "objectClass";
    state->attrs[1] = IPA_MEMBEROF;
    state->attrs[2] = NULL;

    subreq = ipa_host_info_send(state, bctx->ev, bctx->sysdb,
                                sdap_id_op_handle(state->op),
                                id_ctx->sdap_id_ctx->opts,
                                state->hostname,
                                state->attrs, NULL, 0,
                                false, state->session_ctx->host_search_bases);
    if (subreq == NULL) {
        ret = ENOMEM;
        goto fail;
    }

    tevent_req_set_callback(subreq, ipa_get_selinux_hosts_done, req);

    return;

fail:
    tevent_req_error(req, ret);
}

static void ipa_get_selinux_hosts_done(struct tevent_req *subreq)
{
    errno_t ret;
    struct tevent_req *req = tevent_req_callback_data(subreq,
                                                  struct tevent_req);
    struct ipa_get_selinux_state *state = tevent_req_data(req,
                                                  struct ipa_get_selinux_state);
    struct be_ctx *bctx = state->be_req->be_ctx;
    struct sdap_id_ctx *id_ctx = state->session_ctx->id_ctx->sdap_id_ctx;
    size_t host_count, hostgroup_count;
    struct sysdb_attrs **hostgroups;
    struct sysdb_attrs **host;

    ret = ipa_host_info_recv(subreq, state, &host_count, &host,
                             &hostgroup_count, &hostgroups);
    talloc_free(subreq);
    if (ret != EOK) {
        goto done;
    }
    state->host = host[0];

    ret = sysdb_attrs_add_string(state->host, SYSDB_NAME, state->hostname);
    if (ret != EOK) {
        goto done;
    }

    ret = sss_selinux_extract_user(state, bctx->sysdb,
                                   state->pd->user, &state->user);
    if (ret != EOK) {
        goto done;
    }

    subreq = ipa_selinux_get_maps_send(state, bctx->ev, bctx->sysdb,
                                       sdap_id_op_handle(state->op),
                                       id_ctx->opts,
                                       state->session_ctx->selinux_search_bases);
    if (subreq == NULL) {
        ret = ENOMEM;
        goto done;
    }

    tevent_req_set_callback(subreq, ipa_get_selinux_maps_done, req);

done:
    if (ret != EOK) {
        tevent_req_error(req, ret);
    }
}

static void ipa_get_selinux_maps_done(struct tevent_req *subreq)
{
    struct tevent_req *req;
    struct ipa_get_selinux_state *state;

    struct be_ctx *bctx;
    struct ipa_id_ctx *id_ctx;

    struct sysdb_attrs **results;
    size_t count;
    const char *domain;
    const char *tmp_str;
    size_t conf_cnt = 0;
    size_t pos_cnt = 0;
    errno_t ret;
    int i;

    req = tevent_req_callback_data(subreq, struct tevent_req);
    state = tevent_req_data(req, struct ipa_get_selinux_state);
    bctx = state->be_req->be_ctx;
    id_ctx = state->session_ctx->id_ctx;

    ret = ipa_selinux_get_maps_recv(subreq, state, &count, &results);
    talloc_free(subreq);
    if (ret != EOK) {
        if (ret == ENOENT) {
            /* This is returned if no SELinux mapping
             * rules were found. In that case no error
             * occurred, but we don't want any more processing.*/
            ret = EOK;
        }
        goto done;
    }

    DEBUG(SSSDBG_TRACE_FUNC, ("Found %d SELinux user maps in total, "
                              "filtering ...\n", count));
    state->confirmed_match = talloc_zero_array(state, struct sysdb_attrs *,
                                               count + 1);
    state->possible_match = talloc_zero_array(state, struct sysdb_attrs *,
                                              count + 1);
    if (state->confirmed_match == NULL || state->possible_match == NULL) {
        ret = ENOMEM;
        goto done;
    }

    for (i = 0; i < count; i++) {
        if (sss_selinux_match(results[i], state->user, state->host)) {
            state->confirmed_match[conf_cnt] = talloc_steal(state->confirmed_match,
                                                            results[i]);
            conf_cnt++;
            continue;
        }

        ret = sysdb_attrs_get_string(results[i], SYSDB_SELINUX_SEEALSO, &tmp_str);
        if (ret == ENOENT) {
            continue;
        }

        state->possible_match[pos_cnt] = talloc_steal(state->possible_match,
                                                      results[i]);
        pos_cnt++;
    }
    DEBUG(SSSDBG_TRACE_FUNC, ("Filtering done. Results: %d confirmed and %d "
                              "possible maps remained.\n", conf_cnt, pos_cnt));

    /* Don't shrink the confirmed list, it could be later filled by HBAC rules */
    state->possible_match = talloc_realloc(state, state->possible_match,
                                           struct sysdb_attrs *, pos_cnt + 1);
    if (state->possible_match == NULL) {
        ret = ENOMEM;
        goto done;
    }

    /* This will free all rules that are neither confirmed nor possible */
    talloc_free(results);

    if (pos_cnt) {
        /* FIXME: detect if HBAC is configured
         * - if yes, we can skip HBAC retrieval and get it directly from sysdb
         */
        subreq = ipa_hbac_rule_info_send(state, false, bctx->ev,
                                         sdap_id_op_handle(state->op),
                                         id_ctx->sdap_id_ctx->opts,
                                         state->session_ctx->hbac_search_bases,
                                         state->host);
        if (subreq == NULL) {
            ret = ENOMEM;
            goto done;
        }

        tevent_req_set_callback(subreq, ipa_get_selinux_hbac_done, req);
        return;
    }

    domain = dp_opt_get_string(state->session_ctx->id_ctx->ipa_options->basic,
                               IPA_KRB5_REALM);
    subreq = ipa_get_config_send(state, bctx->ev,
                                 sdap_id_op_handle(state->op),
                                 id_ctx->sdap_id_ctx->opts,
                                 domain, NULL);
    if (subreq == NULL) {
        ret = ENOMEM;
        goto done;
    }

    tevent_req_set_callback(subreq, ipa_get_selinux_config_done, req);

    return;

done:
    if (ret == EOK) {
        tevent_req_done(req);
    } else {
        tevent_req_error(req, ret);
    }
}

static void ipa_get_selinux_hbac_done(struct tevent_req *subreq)
{
    struct tevent_req *req = tevent_req_callback_data(subreq,
                                                      struct tevent_req);
    struct ipa_get_selinux_state *state = tevent_req_data(req,
                                                  struct ipa_get_selinux_state);
    struct be_ctx *bctx = state->be_req->be_ctx;
    struct ipa_id_ctx *id_ctx = state->session_ctx->id_ctx;
    struct sysdb_attrs **rules;
    struct sysdb_attrs *usermap;
    const char *hbac_dn;
    const char *seealso_dn;
    const char *domain;
    size_t rule_count;
    size_t conf_cnt;
    size_t pos_cnt;
    errno_t ret;
    int i, j;

    ret = ipa_hbac_rule_info_recv(subreq, state, &rule_count,
                                  &rules);
    talloc_free(subreq);
    if (ret != EOK) {
        goto done;
    }
    for (conf_cnt = 0 ; state->confirmed_match[conf_cnt]; conf_cnt++) ;
    for (pos_cnt = 0 ; state->possible_match[pos_cnt]; pos_cnt++) ;

    for (i = 0; i < rule_count; i++) {
        if (!sss_selinux_match(rules[i], state->user, state->host)) {
            continue;
        }

        ret = sysdb_attrs_get_string(rules[i], SYSDB_ORIG_DN, &hbac_dn);
        if (ret != EOK) {
            goto done;
        }

        /* HBAC rule matched, find if it is in the "possible" list */
        for (j = 0; state->possible_match[j]; j++) {
            usermap = state->possible_match[j];
            if (usermap == NULL) {
                continue;
            }

            ret = sysdb_attrs_get_string(usermap, SYSDB_SELINUX_SEEALSO, &seealso_dn);
            if (ret != EOK) {
                goto done;
            }

            if (strcasecmp(hbac_dn, seealso_dn) == 0) {
                state->confirmed_match[conf_cnt++] = talloc_steal(
                                                        state->confirmed_match,
                                                        usermap);
                /* Just to boost the following lookup */
                state->possible_match[j] = NULL;

                ret = ipa_selinux_map_merge(usermap, rules[i], SYSDB_ORIG_MEMBER_USER);
                if (ret != EOK) {
                    goto done;
                }

                ret = ipa_selinux_map_merge(usermap, rules[i], SYSDB_ORIG_MEMBER_HOST);
                if (ret != EOK) {
                    goto done;
                }
            }
        }
    }

    /* Now we can dispose all possible rules, since they aren't possible any more */
    talloc_zfree(state->possible_match);

    domain = dp_opt_get_string(state->session_ctx->id_ctx->ipa_options->basic,
                               IPA_KRB5_REALM);
    subreq = ipa_get_config_send(state, bctx->ev,
                                 sdap_id_op_handle(state->op),
                                 id_ctx->sdap_id_ctx->opts,
                                 domain, NULL);
    if (subreq == NULL) {
        ret = ENOMEM;
        goto done;
    }

    tevent_req_set_callback(subreq, ipa_get_selinux_config_done, req);

done:
    if (ret != EOK) {
        tevent_req_error(req, ret);
    }
}

static void ipa_get_selinux_config_done(struct tevent_req *subreq)
{
    struct tevent_req *req = tevent_req_callback_data(subreq,
                                                  struct tevent_req);
    struct ipa_get_selinux_state *state = tevent_req_data(req,
                                                  struct ipa_get_selinux_state);
    errno_t ret;

    ret = ipa_get_config_recv(subreq, state, &state->defaults);
    talloc_free(subreq);
    if (ret != EOK) {
        goto done;
    }

done:
    if (ret != EOK) {
        tevent_req_error(req, ret);
    } else {
        tevent_req_done(req);
    }
}

static errno_t
ipa_get_selinux_recv(struct tevent_req *req,
                     TALLOC_CTX *mem_ctx,
                     size_t *count,
                     struct sysdb_attrs ***maps,
                     char **default_user,
                     char **map_order)
{
    struct ipa_get_selinux_state *state =
            tevent_req_data(req, struct ipa_get_selinux_state);
    const char *tmp_str;
    errno_t ret;
    int i;

    TEVENT_REQ_RETURN_ON_ERROR(req);

    if (state->defaults != NULL) {
        ret = sysdb_attrs_get_string(state->defaults, IPA_CONFIG_SELINUX_DEFAULT_MAP,
                                     &tmp_str);
        if (ret != EOK) {
            return ret;
        }

        *default_user = talloc_strdup(mem_ctx, tmp_str);
        if (*default_user == NULL) {
            return ENOMEM;
        }

        ret = sysdb_attrs_get_string(state->defaults, IPA_CONFIG_SELINUX_MAP_ORDER,
                                     &tmp_str);
        if (ret != EOK) {
            return ret;
        }

        *map_order = talloc_strdup(mem_ctx, tmp_str);
        if (*map_order == NULL) {
            talloc_zfree(*default_user);
            return ENOMEM;
        }
    } else {
        *map_order = NULL;
        *default_user = NULL;
    }

    if (state->confirmed_match != NULL) {
        for (i = 0; state->confirmed_match[i]; i++) ;

        *count = i;
        *maps = talloc_steal(mem_ctx, state->confirmed_match);
    } else {
        *count = 0;
        *maps = NULL;
    }

    return EOK;
}
generated by cgit (git 2.34.1) at 2024-06-21 18:17:51 +0000