SUDO Integration - LDAP provider - save sudo rules functions

3 files changed, 129 insertions, 0 deletions

diff --git a/Makefile.am b/Makefile.am
index 5fd492e7e..2ac93ab9b 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -333,6 +333,7 @@ dist_noinst_HEADERS = \
     src/providers/ldap/sdap_access.h \
     src/providers/ldap/sdap_async.h \
     src/providers/ldap/sdap_async_private.h \
+    src/providers/ldap/sdap_sudo_cache.h \
     src/providers/ldap/sdap_id_op.h \
     src/providers/ipa/ipa_common.h \
     src/providers/ipa/ipa_access.h \
@@ -870,6 +871,9 @@ libsss_ldap_la_LIBADD = \
 libsss_ldap_la_LDFLAGS = \
     -avoid-version \
     -module
+if BUILD_SUDO
+libsss_ldap_la_SOURCES += src/providers/ldap/sdap_sudo_cache.c
+endif
 
 libsss_proxy_la_SOURCES = \
     src/providers/proxy/proxy_common.c \
diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c
new file mode 100644
index 000000000..c58fa1c3f
--- /dev/null
+++ b/src/providers/ldap/sdap_sudo_cache.c
@@ -0,0 +1,92 @@
+/*
+    Authors:
+        Jakub Hrozek <jhrozek@redhat.com>
+
+    Copyright (C) 2011 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "db/sysdb.h"
+#include "db/sysdb_sudo.h"
+#include "providers/ldap/sdap_sudo_cache.h"
+
+/* ==========  Functions specific for the native sudo LDAP schema ========== */
+static errno_t
+sdap_save_native_sudorule(struct sysdb_ctx *sysdb_ctx,
+                          struct sdap_attr_map *map,
+                          struct sysdb_attrs *attrs)
+{
+    errno_t ret;
+    const char *rule_name;
+
+    ret = sysdb_attrs_get_string(attrs, map[SDAP_AT_SUDO_NAME].sys_name,
+                                 &rule_name);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("Could not get rule name [%d]: %s\n",
+              ret, strerror(ret)));
+        return ret;
+    }
+
+    ret = sysdb_save_sudorule(sysdb_ctx, rule_name, attrs);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name));
+        return ret;
+    }
+
+    return ret;
+}
+
+errno_t
+sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx,
+                               struct sdap_attr_map *map,
+                               struct sysdb_attrs **replies,
+                               size_t replies_count)
+{
+    errno_t ret, tret;
+    bool in_transaction = false;
+    size_t i;
+
+    ret = sysdb_transaction_start(sysdb_ctx);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Could not start transaction\n"));
+        goto fail;
+    }
+    in_transaction = true;
+
+    for (i=0; i<replies_count; i++) {
+        ret = sdap_save_native_sudorule(sysdb_ctx, map, replies[i]);
+        if (ret != EOK) {
+            goto fail;
+        }
+    }
+
+    ret = sysdb_transaction_commit(sysdb_ctx);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
+        goto fail;
+    }
+    in_transaction = false;
+
+    ret = EOK;
+fail:
+    if (in_transaction) {
+        tret = sysdb_transaction_cancel(sysdb_ctx);
+        if (tret != EOK) {
+            DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
+        }
+    }
+
+    return ret;
+}
diff --git a/src/providers/ldap/sdap_sudo_cache.h b/src/providers/ldap/sdap_sudo_cache.h
new file mode 100644
index 000000000..6bd942357
--- /dev/null
+++ b/src/providers/ldap/sdap_sudo_cache.h
@@ -0,0 +1,33 @@
+/*
+    Authors:
+        Jakub Hrozek <jhrozek@redhat.com>
+
+    Copyright (C) 2011 Red Hat
+
+    This program is free software; you can redistribute it and/or modify
+    it under the terms of the GNU General Public License as published by
+    the Free Software Foundation; either version 3 of the License, or
+    (at your option) any later version.
+
+    This program is distributed in the hope that it will be useful,
+    but WITHOUT ANY WARRANTY; without even the implied warranty of
+    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+    GNU General Public License for more details.
+
+    You should have received a copy of the GNU General Public License
+    along with this program.  If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SDAP_SUDO_CACHE_H_
+#define _SDAP_SUDO_CACHE_H_
+
+#include "src/providers/ldap/sdap.h"
+
+/* Cache functions specific for the native sudo LDAP schema */
+errno_t
+sdap_save_native_sudorule_list(struct sysdb_ctx *sysdb_ctx,
+                               struct sdap_attr_map *map,
+                               struct sysdb_attrs **replies,
+                               size_t replies_count);
+
+#endif /* _SDAP_SUDO_CACHE_H_ */