summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--src/db/sysdb_sudo.c66
-rw-r--r--src/db/sysdb_sudo.h17
-rw-r--r--src/providers/ldap/sdap_async_sudo.c18
-rw-r--r--src/providers/ldap/sdap_sudo.c6
-rw-r--r--src/providers/ldap/sdap_sudo_cache.c15
-rw-r--r--src/providers/ldap/sdap_sudo_cache.h1
-rw-r--r--src/responder/sudo/sudosrv_get_sudorules.c4
7 files changed, 53 insertions, 74 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c
index 6338ed660..b56fdd6cb 100644
--- a/src/db/sysdb_sudo.c
+++ b/src/db/sysdb_sudo.c
@@ -302,7 +302,7 @@ done:
}
errno_t
-sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *username, uid_t *_uid,
char ***groupnames)
@@ -357,7 +357,7 @@ sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
/* Get a list of the groups by groupname only */
for (i = 0; i < groups->num_values; i++) {
- ret = sysdb_group_dn_name(sysdb,
+ ret = sysdb_group_dn_name(domain->sysdb,
sysdb_groupnames,
(const char *)groups->values[i].data,
&sysdb_groupnames[i]);
@@ -415,8 +415,7 @@ done:
}
errno_t
-sysdb_save_sudorule(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+sysdb_save_sudorule(struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *attrs)
{
@@ -439,7 +438,8 @@ sysdb_save_sudorule(struct sysdb_ctx *sysdb,
return ret;
}
- ret = sysdb_store_custom(sysdb, domain, rule_name, SUDORULE_SUBDIR, attrs);
+ ret = sysdb_store_custom(domain->sysdb, domain, rule_name,
+ SUDORULE_SUBDIR, attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_store_custom failed [%d]: %s\n",
ret, strerror(ret)));
@@ -449,8 +449,7 @@ sysdb_save_sudorule(struct sysdb_ctx *sysdb,
return EOK;
}
-static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+static errno_t sysdb_sudo_set_refresh_time(struct sss_domain_info *domain,
const char *attr_name,
time_t value)
{
@@ -467,14 +466,15 @@ static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb,
goto done;
}
- dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
+ dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb,
+ SYSDB_TMPL_CUSTOM_SUBTREE,
SUDORULE_SUBDIR, domain->name);
if (!dn) {
ret = ENOMEM;
goto done;
}
- lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
+ lret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
NULL, NULL);
if (lret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(lret);
@@ -514,9 +514,9 @@ static errno_t sysdb_sudo_set_refresh_time(struct sysdb_ctx *sysdb,
}
if (res->count) {
- lret = ldb_modify(sysdb->ldb, msg);
+ lret = ldb_modify(domain->sysdb->ldb, msg);
} else {
- lret = ldb_add(sysdb->ldb, msg);
+ lret = ldb_add(domain->sysdb->ldb, msg);
}
ret = sysdb_error_to_errno(lret);
@@ -526,8 +526,7 @@ done:
return ret;
}
-static errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+static errno_t sysdb_sudo_get_refresh_time(struct sss_domain_info *domain,
const char *attr_name,
time_t *value)
{
@@ -543,14 +542,14 @@ static errno_t sysdb_sudo_get_refresh_time(struct sysdb_ctx *sysdb,
return ENOMEM;
}
- dn = ldb_dn_new_fmt(tmp_ctx, sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
+ dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE,
SUDORULE_SUBDIR, domain->name);
if (!dn) {
ret = ENOMEM;
goto done;
}
- lret = ldb_search(sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
+ lret = ldb_search(domain->sysdb->ldb, tmp_ctx, &res, dn, LDB_SCOPE_BASE,
attrs, NULL);
if (lret != LDB_SUCCESS) {
ret = sysdb_error_to_errno(lret);
@@ -582,26 +581,23 @@ done:
return ret;
}
-errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_set_last_full_refresh(struct sss_domain_info *domain,
time_t value)
{
- return sysdb_sudo_set_refresh_time(sysdb, domain,
+ return sysdb_sudo_set_refresh_time(domain,
SYSDB_SUDO_AT_LAST_FULL_REFRESH, value);
}
-errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_get_last_full_refresh(struct sss_domain_info *domain,
time_t *value)
{
- return sysdb_sudo_get_refresh_time(sysdb, domain,
+ return sysdb_sudo_get_refresh_time(domain,
SYSDB_SUDO_AT_LAST_FULL_REFRESH, value);
}
/* ==================== Purge functions ==================== */
-static errno_t sysdb_sudo_purge_all(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain)
+static errno_t sysdb_sudo_purge_all(struct sss_domain_info *domain)
{
struct ldb_dn *base_dn = NULL;
TALLOC_CTX *tmp_ctx = NULL;
@@ -610,10 +606,10 @@ static errno_t sysdb_sudo_purge_all(struct sysdb_ctx *sysdb,
tmp_ctx = talloc_new(NULL);
NULL_CHECK(tmp_ctx, ret, done);
- base_dn = sysdb_custom_subtree_dn(sysdb, tmp_ctx, domain, SUDORULE_SUBDIR);
+ base_dn = sysdb_custom_subtree_dn(domain->sysdb, tmp_ctx, domain, SUDORULE_SUBDIR);
NULL_CHECK(base_dn, ret, done);
- ret = sysdb_delete_recursive(sysdb, base_dn, true);
+ ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("sysdb_delete_recursive failed.\n"));
goto done;
@@ -625,16 +621,14 @@ done:
return ret;
}
-errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_purge_byname(struct sss_domain_info *domain,
const char *name)
{
DEBUG(SSSDBG_TRACE_INTERNAL, ("Deleting sudo rule %s\n", name));
- return sysdb_delete_custom(sysdb, domain, name, SUDORULE_SUBDIR);
+ return sysdb_delete_custom(domain->sysdb, domain, name, SUDORULE_SUBDIR);
}
-errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_purge_byfilter(struct sss_domain_info *domain,
const char *filter)
{
TALLOC_CTX *tmp_ctx;
@@ -652,14 +646,14 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
/* just purge all if there's no filter */
if (!filter) {
- return sysdb_sudo_purge_all(sysdb, domain);
+ return sysdb_sudo_purge_all(domain);
}
tmp_ctx = talloc_new(NULL);
NULL_CHECK(tmp_ctx, ret, done);
/* match entries based on the filter and remove them one by one */
- ret = sysdb_search_custom(tmp_ctx, sysdb, domain, filter,
+ ret = sysdb_search_custom(tmp_ctx, domain->sysdb, domain, filter,
SUDORULE_SUBDIR, attrs,
&count, &msgs);
if (ret == ENOENT) {
@@ -671,7 +665,7 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
goto done;
}
- ret = sysdb_transaction_start(sysdb);
+ ret = sysdb_transaction_start(domain->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to start transaction\n"));
goto done;
@@ -686,14 +680,14 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
continue;
}
- ret = sysdb_sudo_purge_byname(sysdb, domain, name);
+ ret = sysdb_sudo_purge_byname(domain, name);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not delete rule %s\n", name));
goto done;
}
}
- ret = sysdb_transaction_commit(sysdb);
+ ret = sysdb_transaction_commit(domain->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
goto done;
@@ -702,7 +696,7 @@ errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
done:
if (in_transaction) {
- sret = sysdb_transaction_cancel(sysdb);
+ sret = sysdb_transaction_cancel(domain->sysdb);
if (sret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n"));
}
diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h
index 7a34591cd..f8e214f9f 100644
--- a/src/db/sysdb_sudo.h
+++ b/src/db/sysdb_sudo.h
@@ -72,30 +72,25 @@ sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
char **_filter);
errno_t
-sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb,
+sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char *username, uid_t *_uid,
char ***groupnames);
errno_t
-sysdb_save_sudorule(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+sysdb_save_sudorule(struct sss_domain_info *domain,
const char *rule_name,
struct sysdb_attrs *attrs);
-errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_set_last_full_refresh(struct sss_domain_info *domain,
time_t value);
-errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_get_last_full_refresh(struct sss_domain_info *domain,
time_t *value);
-errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_purge_byname(struct sss_domain_info *domain,
const char *name);
-errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb,
- struct sss_domain_info *domain,
+errno_t sysdb_sudo_purge_byfilter(struct sss_domain_info *domain,
const char *filter);
#endif /* _SYSDB_SUDO_H_ */
diff --git a/src/providers/ldap/sdap_async_sudo.c b/src/providers/ldap/sdap_async_sudo.c
index 0d4882bd1..b6a5cac75 100644
--- a/src/providers/ldap/sdap_async_sudo.c
+++ b/src/providers/ldap/sdap_async_sudo.c
@@ -86,15 +86,13 @@ static int sdap_sudo_load_sudoers_recv(struct tevent_req *req,
static void sdap_sudo_refresh_load_done(struct tevent_req *subreq);
-static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
- struct sss_domain_info *dom,
+static int sdap_sudo_purge_sudoers(struct sss_domain_info *dom,
const char *filter,
struct sdap_attr_map *map,
size_t rules_count,
struct sysdb_attrs **rules);
static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb_ctx,
struct sss_domain_info *domain,
struct sdap_options *opts,
size_t rules_count,
@@ -488,7 +486,7 @@ static void sdap_sudo_refresh_load_done(struct tevent_req *subreq)
in_transaction = true;
/* purge cache */
- ret = sdap_sudo_purge_sudoers(state->sysdb, state->domain, state->sysdb_filter,
+ ret = sdap_sudo_purge_sudoers(state->domain, state->sysdb_filter,
state->opts->sudorule_map, rules_count, rules);
if (ret != EOK) {
goto done;
@@ -496,7 +494,7 @@ static void sdap_sudo_refresh_load_done(struct tevent_req *subreq)
/* store rules */
now = time(NULL);
- ret = sdap_sudo_store_sudoers(state, state->sysdb, state->domain,
+ ret = sdap_sudo_store_sudoers(state, state->domain,
state->opts, rules_count, rules,
state->domain->sudo_timeout, now,
&state->highest_usn);
@@ -535,8 +533,7 @@ done:
}
}
-static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
- struct sss_domain_info *dom,
+static int sdap_sudo_purge_sudoers(struct sss_domain_info *dom,
const char *filter,
struct sdap_attr_map *map,
size_t rules_count,
@@ -562,7 +559,7 @@ static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
continue;
}
- ret = sysdb_sudo_purge_byname(sysdb_ctx, dom, name);
+ ret = sysdb_sudo_purge_byname(dom, name);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
("Failed to delete rule %s: [%s]\n",
@@ -574,7 +571,7 @@ static int sdap_sudo_purge_sudoers(struct sysdb_ctx *sysdb_ctx,
ret = EOK;
} else {
/* purge cache by provided filter */
- ret = sysdb_sudo_purge_byfilter(sysdb_ctx, dom, filter);
+ ret = sysdb_sudo_purge_byfilter(dom, filter);
if (ret != EOK) {
goto done;
}
@@ -590,7 +587,6 @@ done:
}
static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb_ctx,
struct sss_domain_info *domain,
struct sdap_options *opts,
size_t rules_count,
@@ -606,7 +602,7 @@ static int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
return EOK;
}
- ret = sdap_save_native_sudorule_list(mem_ctx, sysdb_ctx, domain,
+ ret = sdap_save_native_sudorule_list(mem_ctx, domain,
opts->sudorule_map, rules,
rules_count, cache_timeout, now,
_usn);
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index b8bc409ef..9da549ac8 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -250,8 +250,7 @@ static int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx)
}
}
- ret = sysdb_sudo_get_last_full_refresh(id_ctx->be->domain->sysdb,
- id_ctx->be->domain,
+ ret = sysdb_sudo_get_last_full_refresh(id_ctx->be->domain,
&last_full);
if (ret != EOK) {
return ret;
@@ -631,8 +630,7 @@ static void sdap_sudo_full_refresh_done(struct tevent_req *subreq)
state->sudo_ctx->full_refresh_done = true;
/* save the time in the sysdb */
- ret = sysdb_sudo_set_last_full_refresh(state->sysdb, state->domain,
- time(NULL));
+ ret = sysdb_sudo_set_last_full_refresh(state->domain, time(NULL));
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE, ("Unable to save time of "
"a successful full refresh\n"));
diff --git a/src/providers/ldap/sdap_sudo_cache.c b/src/providers/ldap/sdap_sudo_cache.c
index de4f65c41..c57082c1a 100644
--- a/src/providers/ldap/sdap_sudo_cache.c
+++ b/src/providers/ldap/sdap_sudo_cache.c
@@ -56,7 +56,6 @@ static errno_t sdap_sudo_get_usn(TALLOC_CTX *mem_ctx,
static errno_t
sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb_ctx,
struct sss_domain_info *domain,
struct sdap_attr_map *map,
struct sysdb_attrs *attrs,
@@ -94,7 +93,7 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
/* but we will store the rule anyway */
}
- ret = sysdb_save_sudorule(sysdb_ctx, domain, rule_name, attrs);
+ ret = sysdb_save_sudorule(domain, rule_name, attrs);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Could not save sudorule %s\n", rule_name));
return ret;
@@ -105,7 +104,6 @@ sdap_save_native_sudorule(TALLOC_CTX *mem_ctx,
errno_t
sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb_ctx,
struct sss_domain_info *domain,
struct sdap_attr_map *map,
struct sysdb_attrs **replies,
@@ -127,17 +125,16 @@ sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
return ENOMEM;
}
- ret = sysdb_transaction_start(sysdb_ctx);
+ ret = sysdb_transaction_start(domain->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Could not start transaction\n"));
goto fail;
}
in_transaction = true;
- for (i=0; i<replies_count; i++) {
+ for (i=0; i < replies_count; i++) {
usn_value = NULL;
- ret = sdap_save_native_sudorule(tmp_ctx, sysdb_ctx,
- domain, map, replies[i],
+ ret = sdap_save_native_sudorule(tmp_ctx, domain, map, replies[i],
cache_timeout, now, &usn_value);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to save sudo rule, "
@@ -161,7 +158,7 @@ sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
}
}
- ret = sysdb_transaction_commit(sysdb_ctx);
+ ret = sysdb_transaction_commit(domain->sysdb);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to commit transaction\n"));
goto fail;
@@ -175,7 +172,7 @@ sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
ret = EOK;
fail:
if (in_transaction) {
- tret = sysdb_transaction_cancel(sysdb_ctx);
+ tret = sysdb_transaction_cancel(domain->sysdb);
if (tret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, ("Could not cancel transaction\n"));
}
diff --git a/src/providers/ldap/sdap_sudo_cache.h b/src/providers/ldap/sdap_sudo_cache.h
index d156e5cfb..5a756bf31 100644
--- a/src/providers/ldap/sdap_sudo_cache.h
+++ b/src/providers/ldap/sdap_sudo_cache.h
@@ -26,7 +26,6 @@
/* Cache functions specific for the native sudo LDAP schema */
errno_t
sdap_save_native_sudorule_list(TALLOC_CTX *mem_ctx,
- struct sysdb_ctx *sysdb_ctx,
struct sss_domain_info *domain,
struct sdap_attr_map *map,
struct sysdb_attrs **replies,
diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c
index e609677cf..0738233d1 100644
--- a/src/responder/sudo/sudosrv_get_sudorules.c
+++ b/src/responder/sudo/sudosrv_get_sudorules.c
@@ -355,7 +355,7 @@ errno_t sudosrv_get_rules(struct sudo_cmd_ctx *cmd_ctx)
* expired rules for this user and defaults at once we will save one
* provider call
*/
- ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->domain->sysdb, cmd_ctx->domain,
+ ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->domain,
cmd_ctx->orig_username, NULL, &groupnames);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
@@ -559,7 +559,7 @@ static errno_t sudosrv_get_sudorules_from_cache(TALLOC_CTX *mem_ctx,
switch (cmd_ctx->type) {
case SSS_SUDO_USER:
debug_name = cmd_ctx->cased_username;
- ret = sysdb_get_sudo_user_info(tmp_ctx, cmd_ctx->domain->sysdb,
+ ret = sysdb_get_sudo_user_info(tmp_ctx,
cmd_ctx->domain,
cmd_ctx->orig_username,
NULL, &groupnames);
generated by cgit (git 2.34.1) at 2024-11-16 03:13:05 +0000