From dfafb437f49d31e015184e212571e9917aa94eef Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Mon, 14 May 2012 16:28:58 +0200 Subject: sudo: clean up --- src/db/sysdb_sudo.c | 206 ---------------------------------------------------- src/db/sysdb_sudo.h | 6 -- 2 files changed, 212 deletions(-) (limited to 'src/db') diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 0f9d9994..be7df651 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -534,57 +534,6 @@ errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, time_t *value) value); } -char **sysdb_sudo_build_sudouser(TALLOC_CTX *mem_ctx, const char *username, - uid_t uid, char **groupnames, bool include_all) -{ - char **sudouser = NULL; - int count = 0; - errno_t ret; - int i; - - if (username == NULL || uid == 0) { - return NULL; - } - - count = include_all ? 3 : 2; - sudouser = talloc_array(NULL, char*, count + 1); - NULL_CHECK(sudouser, ret, done); - - sudouser[0] = talloc_strdup(sudouser, username); - NULL_CHECK(sudouser[0], ret, done); - - sudouser[1] = talloc_asprintf(sudouser, "#%llu", (unsigned long long)uid); - NULL_CHECK(sudouser[1], ret, done); - - if (include_all) { - sudouser[2] = talloc_strdup(sudouser, "ALL"); - NULL_CHECK(sudouser[2], ret, done); - } - - if (groupnames != NULL) { - for (i = 0; groupnames[i] != NULL; i++) { - count++; - sudouser = talloc_realloc(NULL, sudouser, char*, count + 1); - NULL_CHECK(sudouser, ret, done); - - sudouser[count - 1] = talloc_asprintf(sudouser, "%s", groupnames[i]); - NULL_CHECK(sudouser[count - 1], ret, done); - } - } - - sudouser[count] = NULL; - - ret = EOK; - -done: - if (ret != EOK) { - talloc_free(sudouser); - return NULL; - } - - return talloc_steal(mem_ctx, sudouser); -} - /* ==================== Purge functions ==================== */ errno_t sysdb_sudo_purge_all(struct sysdb_ctx *sysdb) @@ -694,158 +643,3 @@ done: talloc_free(tmp_ctx); return ret; } - -errno_t sysdb_sudo_purge_bysudouser(struct sysdb_ctx *sysdb, - char **sudouser) -{ - TALLOC_CTX *tmp_ctx = NULL; - char *filter = NULL; - char *value = NULL; - const char *rule_name = NULL; - struct ldb_message_element *attr = NULL; - struct ldb_message *msg = NULL; - struct ldb_message **rules = NULL; - size_t num_rules; - errno_t ret; - errno_t sret; - int lret; - int i, j, k; - bool in_transaction = false; - const char *attrs[] = { SYSDB_OBJECTCLASS, - SYSDB_NAME, - SYSDB_SUDO_CACHE_AT_USER, - NULL }; - - if (sudouser == NULL || sudouser[0] == NULL) { - return EOK; - } - - tmp_ctx = talloc_new(NULL); - NULL_CHECK(tmp_ctx, ret, done); - - /* create search filter */ - filter = talloc_strdup(tmp_ctx, "(|"); - NULL_CHECK(filter, ret, done); - for (i = 0; sudouser[i] != NULL; i++) { - filter = talloc_asprintf_append(filter, "(%s=%s)", - SYSDB_SUDO_CACHE_AT_USER, sudouser[i]); - NULL_CHECK(filter, ret, done); - } - filter = talloc_strdup_append(filter, ")"); - NULL_CHECK(filter, ret, done); - - /* search the rules */ - ret = sysdb_search_custom(tmp_ctx, sysdb, filter, SUDORULE_SUBDIR, attrs, - &num_rules, &rules); - if (ret != EOK && ret != ENOENT) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Error looking up SUDO rules")); - goto done; - } if (ret == ENOENT) { - DEBUG(SSSDBG_TRACE_FUNC, ("No rules matched\n")); - ret = EOK; - goto done; - } - - ret = sysdb_transaction_start(sysdb); - if (ret != EOK) { - goto done; - } - in_transaction = true; - - /* - * remove values from sudoUser and delete the rule - * if the attribute is empty afterwards - */ - - for (i = 0; i < num_rules; i++) { - /* find name */ - rule_name = ldb_msg_find_attr_as_string(rules[i], SYSDB_NAME, NULL); - if (rule_name == NULL) { - DEBUG(SSSDBG_OP_FAILURE, ("A rule without a name?\n")); - /* skip this one but still delete other entries */ - continue; - } - - /* find sudoUser */ - attr = ldb_msg_find_element(rules[i], SYSDB_SUDO_CACHE_AT_USER); - if (attr == NULL) { - /* this should never happen because we search by this attribute */ - DEBUG(SSSDBG_CRIT_FAILURE, ("BUG: sudoUser attribute is missing\n")); - continue; - } - - /* create message */ - msg = ldb_msg_new(tmp_ctx); - NULL_CHECK(msg, ret, done); - - msg->dn = ldb_dn_new_fmt(msg, sysdb->ldb, SYSDB_TMPL_CUSTOM, rule_name, - SUDORULE_SUBDIR, sysdb->domain->name); - NULL_CHECK(msg->dn, ret, done); - - /* create empty sudoUser */ - lret = ldb_msg_add_empty(msg, SYSDB_SUDO_CACHE_AT_USER, - LDB_FLAG_MOD_DELETE, NULL); - if (lret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(lret); - goto done; - } - - /* filter values */ - for (j = 0; j < attr->num_values; j++) { - value = (char*)(attr->values[j].data); - for (k = 0; sudouser[k] != NULL; k++) { - if (strcmp(value, sudouser[k]) == 0) { - /* delete value from cache */ - lret = ldb_msg_add_string(msg, SYSDB_SUDO_CACHE_AT_USER, - sudouser[k]); - if (lret != LDB_SUCCESS) { - ret = sysdb_error_to_errno(lret); - goto done; - } - break; - } - } - } - - /* update the cache */ - if (msg->elements[0].num_values == attr->num_values) { - /* sudoUser would remain empty, delete the rule */ - ret = sysdb_sudo_purge_byname(sysdb, rule_name); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("Could not delete rule %s\n", - rule_name)); - goto done; - } - } else { - /* sudoUser will not be empty, modify the rule */ - DEBUG(SSSDBG_TRACE_INTERNAL, ("Modifying sudoUser of rule %s\n", - rule_name)); - lret = ldb_modify(sysdb->ldb, msg); - if (lret != LDB_SUCCESS) { - DEBUG(SSSDBG_OP_FAILURE, ("Could not modify rule %s\n", - rule_name)); - ret = sysdb_error_to_errno(lret); - goto done; - } - } - - talloc_free(msg); - } - - ret = sysdb_transaction_commit(sysdb); - if (ret == EOK) { - in_transaction = false; - } - -done: - if (in_transaction) { - sret = sysdb_transaction_cancel(sysdb); - if (sret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, ("Could not cancel transaction\n")); - } - } - - talloc_free(tmp_ctx); - return ret; -} - diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h index b8ed2bc4..0d11b110 100644 --- a/src/db/sysdb_sudo.h +++ b/src/db/sysdb_sudo.h @@ -86,9 +86,6 @@ sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx, errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, time_t value); errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, time_t *value); -char **sysdb_sudo_build_sudouser(TALLOC_CTX *mem_ctx, const char *username, - uid_t uid, char **groupnames, bool include_all); - errno_t sysdb_sudo_purge_all(struct sysdb_ctx *sysdb); errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb, @@ -97,7 +94,4 @@ errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb, errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, const char *filter); -errno_t sysdb_sudo_purge_bysudouser(struct sysdb_ctx *sysdb, - char **sudoUser); - #endif /* _SYSDB_SUDO_H_ */ -- cgit