diff options
author | Pavel Březina <pbrezina@redhat.com> | 2012-10-30 12:01:51 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-11-14 17:15:42 +0100 |
commit | cc255b733a7bfd7a1c0ca28c815c5e143f74f9a2 (patch) | |
tree | 8e6a7a38ef5c4ff9c0dbcb701fa42de597f9f62c /src/responder/sudo/sudosrv_get_sudorules.c | |
parent | 3cc3ecc5ba9d40fa092616ebcb98ad212d22b418 (diff) | |
download | sssd-cc255b733a7bfd7a1c0ca28c815c5e143f74f9a2.tar.gz sssd-cc255b733a7bfd7a1c0ca28c815c5e143f74f9a2.tar.xz sssd-cc255b733a7bfd7a1c0ca28c815c5e143f74f9a2.zip |
sudo: support users from subdomains
https://fedorahosted.org/sssd/ticket/1616
Diffstat (limited to 'src/responder/sudo/sudosrv_get_sudorules.c')
-rw-r--r-- | src/responder/sudo/sudosrv_get_sudorules.c | 64 |
1 files changed, 52 insertions, 12 deletions
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index 9081cbd70..6d6b95d3f 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -29,6 +29,22 @@ #include "db/sysdb_sudo.h" #include "responder/sudo/sudosrv_private.h" +static struct sysdb_ctx* sudosrv_get_user_sysdb(struct sss_domain_info *domain) +{ + return domain->sysdb; +} + +static struct sysdb_ctx* sudosrv_get_rules_sysdb(struct sss_domain_info *domain) +{ + if (domain->parent == NULL) { + return domain->sysdb; + } else { + /* sudo rules are stored under parent domain basedn, so we will return + * parent's sysdb context */ + return domain->parent->sysdb; + } +} + static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx); errno_t sudosrv_get_sudorules(struct sudo_dom_ctx *dctx) @@ -112,7 +128,7 @@ static errno_t sudosrv_get_user(struct sudo_dom_ctx *dctx) DEBUG(SSSDBG_FUNC_DATA, ("Requesting info about [%s@%s]\n", name, dom->name)); - sysdb = dctx->domain->sysdb; + sysdb = sudosrv_get_user_sysdb(dctx->domain); if (sysdb == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("sysdb context not found for this domain!\n")); @@ -327,7 +343,8 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx) TALLOC_CTX *tmp_ctx = NULL; struct tevent_req *dpreq = NULL; struct dp_callback_ctx *cb_ctx = NULL; - struct sysdb_ctx *sysdb; + struct sysdb_ctx *user_sysdb = NULL; + struct sysdb_ctx *rules_sysdb = NULL; char **groupnames = NULL; size_t expired_rules_num = 0; struct sysdb_attrs **expired_rules = NULL; @@ -341,7 +358,21 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx) return EFAULT; } - sysdb = cmd_ctx->domain->sysdb; + user_sysdb = sudosrv_get_user_sysdb(cmd_ctx->domain); + if (user_sysdb == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("user sysdb context not found for this domain!\n")); + ret = EIO; + goto done; + } + + rules_sysdb = sudosrv_get_rules_sysdb(cmd_ctx->domain); + if (rules_sysdb == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("rules sysdb context not found for this domain!\n")); + ret = EIO; + goto done; + } tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -367,7 +398,7 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx) * expired rules for this user and defaults at once we will save one * provider call */ - ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->orig_username, sysdb, + ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->orig_username, user_sysdb, NULL, &groupnames); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, @@ -379,7 +410,7 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx) | SYSDB_SUDO_FILTER_INCLUDE_DFL | SYSDB_SUDO_FILTER_ONLY_EXPIRED | SYSDB_SUDO_FILTER_USERINFO; - ret = sudosrv_get_sudorules_query_cache(tmp_ctx, sysdb, cmd_ctx->type, + ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, cmd_ctx->type, attrs, flags, cmd_ctx->orig_username, cmd_ctx->uid, groupnames, &expired_rules, &expired_rules_num); @@ -535,7 +566,8 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, { TALLOC_CTX *tmp_ctx; errno_t ret; - struct sysdb_ctx *sysdb; + struct sysdb_ctx *user_sysdb = NULL; + struct sysdb_ctx *rules_sysdb = NULL; char **groupnames = NULL; const char *debug_name = NULL; unsigned int flags = SYSDB_SUDO_FILTER_NONE; @@ -565,10 +597,18 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, return ENOMEM; } - sysdb = cmd_ctx->domain->sysdb; - if (sysdb == NULL) { + user_sysdb = sudosrv_get_user_sysdb(cmd_ctx->domain); + if (user_sysdb == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("user sysdb context not found for this domain!\n")); + ret = EIO; + goto done; + } + + rules_sysdb = sudosrv_get_rules_sysdb(cmd_ctx->domain); + if (rules_sysdb == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, - ("sysdb context not found for this domain!\n")); + ("rules sysdb context not found for this domain!\n")); ret = EIO; goto done; } @@ -576,8 +616,8 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, switch (cmd_ctx->type) { case SSS_SUDO_USER: debug_name = cmd_ctx->cased_username; - ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->orig_username, sysdb, - NULL, &groupnames); + ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->orig_username, + user_sysdb, NULL, &groupnames); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve user info [%d]: %s\n", strerror(ret))); @@ -591,7 +631,7 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx, break; } - ret = sudosrv_get_sudorules_query_cache(tmp_ctx, sysdb, cmd_ctx->type, + ret = sudosrv_get_sudorules_query_cache(tmp_ctx, rules_sysdb, cmd_ctx->type, attrs, flags, cmd_ctx->orig_username, cmd_ctx->uid, groupnames, &rules, &num_rules); |