diff options
| author | Justin Stephenson <jstephen@redhat.com> | 2017-01-20 15:43:34 -0500 |
|---|---|---|
| committer | Lukas Slebodnik <lslebodn@redhat.com> | 2017-02-07 17:27:21 +0100 |
| commit | d0aae3c1e87e2e51ab178b7b343261443094a974 (patch) | |
| tree | 1de82683e5f163f4f5890be29a087db5ca3b5cc4 /src/providers | |
| parent | c029f707d4847b01ff64bf3bb1fd46c0b5927cdb (diff) | |
| download | sssd-d0aae3c1e87e2e51ab178b7b343261443094a974.tar.gz sssd-d0aae3c1e87e2e51ab178b7b343261443094a974.tar.xz sssd-d0aae3c1e87e2e51ab178b7b343261443094a974.zip | |
SUDO: Add skip_entry boolean to sudo conversions
Add boolean to convert_attributes function and pass boolean as argument
to sudo conversion functions to add logic for skipping unexpected
entries like replication conflicts.
Resolves:
https://fedorahosted.org/sssd/ticket/3288
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Diffstat (limited to 'src/providers')
| -rw-r--r-- | src/providers/ipa/ipa_sudo_conversion.c | 55 |
1 files changed, 41 insertions, 14 deletions
diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index 9dbc8604d..05d863c20 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -746,12 +746,15 @@ struct ipa_sudo_conv_result_ctx { static const char * convert_host(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, - const char *value) + const char *value, + bool *skip_entry) { char *rdn; const char *group; errno_t ret; + *skip_entry = false; + ret = ipa_get_rdn(mem_ctx, conv->dom->sysdb, value, &rdn, MATCHRDN_HOST(conv->map_host)); if (ret == EOK) { @@ -765,7 +768,8 @@ convert_host(TALLOC_CTX *mem_ctx, ret = ipa_get_rdn(mem_ctx, conv->dom->sysdb, value, &rdn, MATCHRDN_HOSTGROUP(conv->map_hostgroup)); if (ret == ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s\n", value); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s: Skipping\n", value); + *skip_entry = true; return NULL; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", @@ -782,12 +786,15 @@ convert_host(TALLOC_CTX *mem_ctx, static const char * convert_user(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, - const char *value) + const char *value, + bool *skip_entry) { char *rdn; const char *group; errno_t ret; + *skip_entry = false; + ret = ipa_get_rdn(mem_ctx, conv->dom->sysdb, value, &rdn, MATCHRDN_USER(conv->map_user)); if (ret == EOK) { @@ -801,7 +808,8 @@ convert_user(TALLOC_CTX *mem_ctx, ret = ipa_get_rdn(mem_ctx, conv->dom->sysdb, value, &rdn, MATCHRDN_GROUP(conv->map_group)); if (ret == ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s\n", value); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s: Skipping\n", value); + *skip_entry = true; return NULL; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", @@ -818,12 +826,15 @@ convert_user(TALLOC_CTX *mem_ctx, static const char * convert_user_fqdn(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, - const char *value) + const char *value, + bool *skip_entry) { const char *shortname = NULL; char *fqdn = NULL; - shortname = convert_user(mem_ctx, conv, value); + *skip_entry = false; + + shortname = convert_user(mem_ctx, conv, value, skip_entry); if (shortname == NULL) { return NULL; } @@ -836,15 +847,19 @@ convert_user_fqdn(TALLOC_CTX *mem_ctx, static const char * convert_group(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, - const char *value) + const char *value, + bool *skip_entry) { char *rdn; errno_t ret; + *skip_entry = false; + ret = ipa_get_rdn(mem_ctx, conv->dom->sysdb, value, &rdn, MATCHRDN_GROUP(conv->map_group)); if (ret == ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s\n", value); + DEBUG(SSSDBG_CRIT_FAILURE, "Unexpected DN %s: Skipping\n", value); + *skip_entry = true; return NULL; } else if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, "ipa_get_rdn() failed on value %s [%d]: %s\n", @@ -858,7 +873,8 @@ convert_group(TALLOC_CTX *mem_ctx, static const char * convert_runasextusergroup(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, - const char *value) + const char *value, + bool *skip_entry) { return talloc_asprintf(mem_ctx, "%%%s", value); } @@ -866,8 +882,12 @@ convert_runasextusergroup(TALLOC_CTX *mem_ctx, static const char * convert_cat(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, - const char *value) + const char *value, + bool *skip_entry) { + + *skip_entry = false; + if (strcmp(value, "all") == 0) { return talloc_strdup(mem_ctx, "ALL"); } @@ -885,12 +905,14 @@ convert_attributes(struct ipa_sudo_conv *conv, const char *value; errno_t ret; int i, j; + bool skip_entry; static struct { const char *ipa; const char *sudo; const char *(*conv_fn)(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, - const char *value); + const char *value, + bool *skip_entry); } table[] = {{SYSDB_NAME, SYSDB_SUDO_CACHE_AT_CN , NULL}, {SYSDB_IPA_SUDORULE_HOST, SYSDB_SUDO_CACHE_AT_HOST , convert_host}, {SYSDB_IPA_SUDORULE_USER, SYSDB_SUDO_CACHE_AT_USER , convert_user_fqdn}, @@ -931,10 +953,15 @@ convert_attributes(struct ipa_sudo_conv *conv, for (j = 0; values[j] != NULL; j++) { if (table[i].conv_fn != NULL) { - value = table[i].conv_fn(tmp_ctx, conv, values[j]); + value = table[i].conv_fn(tmp_ctx, conv, values[j], &skip_entry); if (value == NULL) { - ret = ENOMEM; - goto done; + if (skip_entry) { + ret = ENOENT; + continue; + } else { + ret = ENOMEM; + goto done; + } } } else { value = values[j]; |