diff options
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb_selinux.c | 107 |
1 files changed, 0 insertions, 107 deletions
diff --git a/src/db/sysdb_selinux.c b/src/db/sysdb_selinux.c index b27e0a922..80cfe5390 100644 --- a/src/db/sysdb_selinux.c +++ b/src/db/sysdb_selinux.c @@ -336,113 +336,6 @@ sysdb_get_selinux_usermaps(TALLOC_CTX *mem_ctx, return EOK; } -errno_t sysdb_search_selinux_usermap_by_username(TALLOC_CTX *mem_ctx, - struct sysdb_ctx *sysdb, - struct sss_domain_info *domain, - const char *username, - struct ldb_message ***_usermaps) -{ - TALLOC_CTX *tmp_ctx; - struct ldb_message **msgs = NULL; - const char *attrs[] = { SYSDB_NAME, - SYSDB_USER_CATEGORY, - SYSDB_HOST_CATEGORY, - SYSDB_ORIG_MEMBER_USER, - SYSDB_ORIG_MEMBER_HOST, - SYSDB_SELINUX_HOST_PRIORITY, - SYSDB_SELINUX_USER, - NULL }; - struct sysdb_attrs *user; - struct sysdb_attrs *tmp_attrs; - struct ldb_message **usermaps = NULL; - size_t msgs_count = 0; - size_t usermaps_cnt; - uint32_t priority = 0; - uint32_t host_priority = 0; - uint32_t top_priority = 0; - errno_t ret; - int i; - - tmp_ctx = talloc_new(NULL); - if (!tmp_ctx) { - return ENOMEM; - } - - /* Now extract user attributes */ - ret = sss_selinux_extract_user(tmp_ctx, sysdb, domain, username, &user); - if (ret != EOK) { - goto done; - } - - /* Now extract all SELinux user maps */ - ret = sysdb_get_selinux_usermaps(tmp_ctx, sysdb, domain, - attrs, &msgs_count, &msgs); - if (ret) { - goto done; - } - - /* Now filter those that match */ - tmp_attrs = talloc_zero(tmp_ctx, struct sysdb_attrs); - if (tmp_attrs == NULL) { - ret = ENOMEM; - goto done; - } - - usermaps = talloc_zero_array(tmp_ctx, struct ldb_message *, msgs_count + 1); - if (usermaps == NULL) { - ret = ENOMEM; - goto done; - } - - usermaps_cnt = 0; - for (i = 0; i < msgs_count; i++) { - tmp_attrs->a = msgs[i]->elements; - tmp_attrs->num = msgs[i]->num_elements; - - if (sss_selinux_match(tmp_attrs, user, NULL, &priority)) { - priority &= ~(SELINUX_PRIORITY_HOST_NAME | - SELINUX_PRIORITY_HOST_GROUP | - SELINUX_PRIORITY_HOST_CAT); - - /* Now figure out host priority */ - ret = sysdb_attrs_get_uint32_t(tmp_attrs, - SYSDB_SELINUX_HOST_PRIORITY, - &host_priority); - if (ret != EOK) { - continue; - } - - priority += host_priority; - if (priority < top_priority) { - /* This rule has lower priority than what we already have, - * skip it */ - continue; - } else if (priority > top_priority) { - /* If the rule has higher priority, drop what we already - * have */ - while (usermaps_cnt > 0) { - usermaps_cnt--; - talloc_zfree(usermaps[usermaps_cnt]); - } - top_priority = priority; - } - - - usermaps[usermaps_cnt] = talloc_steal(usermaps, msgs[i]); - usermaps_cnt++; - } else { - talloc_zfree(msgs[i]); - } - } - - *_usermaps = talloc_steal(mem_ctx, usermaps); - - ret = EOK; -done: - talloc_zfree(tmp_ctx); - return ret; -} - errno_t sysdb_search_selinux_config(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sss_domain_info *domain, |