sudo ldap provider: load host filter configuration on init

We need to load host information during provider initialization.
Currently it loads only values from configuration files, but it is
implemented as an asynchrounous request as it will later try to
autodetect these settings (which will need to contact DNS).

1 files changed, 52 insertions, 3 deletions

diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index 80549bfa5..806c8b3a7 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -104,6 +104,7 @@ struct bet_ops sdap_sudo_ops = {
     .finalize = sdap_sudo_shutdown
 };
 
+static void sdap_sudo_get_hostinfo_done(struct tevent_req *req);
 int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx);
 
 int sdap_sudo_init(struct be_ctx *be_ctx,
@@ -112,6 +113,7 @@ int sdap_sudo_init(struct be_ctx *be_ctx,
                    void **pvt_data)
 {
     struct sdap_sudo_ctx *sudo_ctx = NULL;
+    struct tevent_req *req = NULL;
     int ret;
 
     DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n"));
@@ -127,20 +129,67 @@ int sdap_sudo_init(struct be_ctx *be_ctx,
     *pvt_data = sudo_ctx;
 
     ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb,
-                                be_ctx->conf_path, id_ctx->opts);
+                                be_ctx->conf_path, id_ctx->opts,
+                                &sudo_ctx->use_host_filter,
+                                &sudo_ctx->include_regexp,
+                                &sudo_ctx->include_netgroups);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n",
                                   ret, strerror(ret)));
         return ret;
     }
 
+    req = sdap_sudo_get_hostinfo_send(sudo_ctx, id_ctx->opts, be_ctx);
+    if (req == NULL) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - "
+              "(host filter will be disabled)\n"));
+
+        sudo_ctx->use_host_filter = false;
+
+        ret = sdap_sudo_setup_periodical_refresh(sudo_ctx);
+        if (ret != EOK) {
+             DEBUG(SSSDBG_OP_FAILURE,
+                   ("Unable to setup periodical refresh"
+                    "of sudo rules [%d]: %s\n", ret, strerror(ret)));
+             /* periodical updates will not work, but specific-rule update
+              * is no affected by this, therefore we don't have to fail here */
+        }
+    } else {
+        tevent_req_set_callback(req, sdap_sudo_get_hostinfo_done, sudo_ctx);
+    }
+
+    return EOK;
+}
+
+static void sdap_sudo_get_hostinfo_done(struct tevent_req *req)
+{
+    struct sdap_sudo_ctx *sudo_ctx = NULL;
+    char **hostnames = NULL;
+    char **ip_addr = NULL;
+    int ret;
+
+    sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx);
+
+    ret = sdap_sudo_get_hostinfo_recv(sudo_ctx, req, &hostnames, &ip_addr);
+    talloc_zfree(req);
+    if (ret != EOK) {
+        DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - "
+              "(host filter will be disabled) [%d]: %s\n", ret, strerror(ret)));
+        sudo_ctx->use_host_filter = false;
+        return;
+    }
+
+    talloc_zfree(sudo_ctx->hostnames);
+    talloc_zfree(sudo_ctx->ip_addr);
+
+    sudo_ctx->hostnames = talloc_move(sudo_ctx, &hostnames);
+    sudo_ctx->ip_addr = talloc_move(sudo_ctx, &ip_addr);
+
     ret = sdap_sudo_setup_periodical_refresh(sudo_ctx);
     if (ret != EOK) {
         DEBUG(SSSDBG_OP_FAILURE, ("Unable to setup periodical refresh"
                                   "of sudo rules [%d]: %s\n", ret, strerror(ret)));
     }
-
-    return EOK;
 }
 
 int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx)