diff options
author | Jan Cholasta <jcholast@redhat.com> | 2012-09-25 04:29:29 -0400 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2012-10-05 10:51:55 +0200 |
commit | 3882325ff60f89d0c312e9519bdfd1351978fd73 (patch) | |
tree | 1eb9a5b850ced04673a69c53f46d40d51384caa4 /src/db/sysdb_ssh.c | |
parent | 2d6836a90bd326391782a5753f70e8ba666b5def (diff) | |
download | sssd2-3882325ff60f89d0c312e9519bdfd1351978fd73.tar.gz sssd2-3882325ff60f89d0c312e9519bdfd1351978fd73.tar.xz sssd2-3882325ff60f89d0c312e9519bdfd1351978fd73.zip |
SSH: Expire hosts in known_hosts
Diffstat (limited to 'src/db/sysdb_ssh.c')
-rw-r--r-- | src/db/sysdb_ssh.c | 72 |
1 files changed, 70 insertions, 2 deletions
diff --git a/src/db/sysdb_ssh.c b/src/db/sysdb_ssh.c index 48d54a44..47969bb5 100644 --- a/src/db/sysdb_ssh.c +++ b/src/db/sysdb_ssh.c @@ -177,6 +177,52 @@ done: } errno_t +sysdb_update_ssh_known_host_expire(struct sysdb_ctx *sysdb, + const char *name, + time_t now, + int known_hosts_timeout) +{ + TALLOC_CTX *tmp_ctx; + errno_t ret; + struct sysdb_attrs *attrs; + + DEBUG(SSSDBG_TRACE_FUNC, + ("Updating known_hosts expire time of host %s\n", name)); + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + attrs = sysdb_new_attrs(tmp_ctx); + if (!attrs) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_attrs_add_time_t(attrs, SYSDB_SSH_KNOWN_HOSTS_EXPIRE, + now + known_hosts_timeout); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not set known_hosts expire time [%d]: %s\n", + ret, strerror(ret))); + goto done; + } + + ret = sysdb_update_ssh_host(sysdb, name, attrs); + if (ret != EOK) { + goto done; + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + + return ret; +} + +errno_t sysdb_delete_ssh_host(struct sysdb_ctx *sysdb, const char *name) { @@ -275,10 +321,32 @@ done: errno_t sysdb_get_ssh_known_hosts(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, + time_t now, const char **attrs, struct ldb_message ***hosts, size_t *num_hosts) { - return sysdb_search_ssh_hosts(mem_ctx, sysdb, NULL, attrs, - hosts, num_hosts); + TALLOC_CTX *tmp_ctx; + errno_t ret; + const char *filter; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + filter = talloc_asprintf(tmp_ctx, "(%s>=%ld)", + SYSDB_SSH_KNOWN_HOSTS_EXPIRE, (long)now); + if (!filter) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_search_ssh_hosts(mem_ctx, sysdb, filter, attrs, + hosts, num_hosts); + +done: + talloc_free(tmp_ctx); + + return ret; } |