diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2012-01-29 20:13:35 +0100 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-04 08:27:16 -0500 |
commit | 5d00ee0e07dea78806df780db69e94900e5bb8c0 (patch) | |
tree | 4dca6af0b8c1d85bc9d1835efc9e79faea70c5ac /src/providers/ldap/sdap_sudo.c | |
parent | be65f065fef1d387281096ef095a2acef39ecc12 (diff) | |
download | sssd-5d00ee0e07dea78806df780db69e94900e5bb8c0.tar.gz sssd-5d00ee0e07dea78806df780db69e94900e5bb8c0.tar.xz sssd-5d00ee0e07dea78806df780db69e94900e5bb8c0.zip |
Move BUILD_SUDO outside the generic LDAP source files
Avoid #ifdefs in the general part of the code
Diffstat (limited to 'src/providers/ldap/sdap_sudo.c')
-rw-r--r-- | src/providers/ldap/sdap_sudo.c | 107 |
1 files changed, 107 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 30afcddfe..24425834a 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -28,8 +28,115 @@ #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_sudo.h" #include "providers/ldap/sdap_sudo_cache.h" +#include "providers/ldap/sdap_sudo_timer.h" #include "db/sysdb_sudo.h" +static void +sdap_sudo_shutdown(struct be_req *req) +{ + sdap_handler_done(req, DP_ERR_OK, EOK, NULL); +} + +struct bet_ops sdap_sudo_ops = { + .handler = sdap_sudo_handler, + .finalize = sdap_sudo_shutdown +}; + +int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx); + +int sdap_sudo_init(struct be_ctx *be_ctx, + struct sdap_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data) +{ +#ifdef BUILD_SUDO + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n")); + + *ops = &sdap_sudo_ops; + *pvt_data = id_ctx; + + ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, + be_ctx->conf_path, id_ctx->opts); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + + ret = sdap_sudo_setup_tasks(id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("SUDO setup failed [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + + return EOK; +#else + DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is " + "built without sudo support, ignoring\n")); + return EOK; +#endif +} + +int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx) +{ + struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; + struct timeval tv; + int ret = EOK; + bool refreshed = false; + bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic, + SDAP_SUDO_REFRESH_ENABLED); + + /* set up periodical update of sudo rules */ + if (refresh_enabled) { + refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx, + id_ctx->opts, + tevent_timeval_zero()); + if (refresh_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("sdap_sudo_refresh_ctx_init() failed!\n")); + return ENOMEM; + } + + /* If this is the first startup, we need to kick off + * an refresh immediately, to close a window where + * clients requesting sudo information won't get an + * immediate reply with no entries + */ + ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed); + if (ret != EOK) { + return ret; + } + if (refreshed) { + /* At least one update has previously run, + * so clients will get cached data. We will delay + * starting to enumerate by 10s so we don't slow + * down the startup process if this is happening + * during system boot. + */ + tv = tevent_timeval_current_ofs(10, 0); + DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules " + "for 10 seconds\n")); + } else { + /* This is our first startup. Schedule the + * update to start immediately once we + * enter the mainloop. + */ + tv = tevent_timeval_current(); + } + + ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); + if (ret != EOK) { + talloc_free(refresh_ctx); + return ret; + } + } + + return EOK; +} + struct sdap_sudo_load_sudoers_state { struct tevent_context *ev; struct sdap_sudo_ctx *sudo_ctx; |