From 7b74632f498dd1edf69294b597a4d92ec6d73b9f Mon Sep 17 00:00:00 2001 From: Pavel Březina Date: Tue, 26 Jun 2012 09:51:52 +0200 Subject: sudo ldap provider: pass sudo_ctx instead of id_ctx I had to create a new context structure to store additional information such as ip addresses and hostnames. --- src/providers/ldap/sdap_async_sudo_timer.c | 8 +-- src/providers/ldap/sdap_sudo.c | 96 ++++++++++++++++++------------ src/providers/ldap/sdap_sudo.h | 14 ++++- 3 files changed, 73 insertions(+), 45 deletions(-) (limited to 'src/providers/ldap') diff --git a/src/providers/ldap/sdap_async_sudo_timer.c b/src/providers/ldap/sdap_async_sudo_timer.c index 3e24b6ed..ed32cd90 100644 --- a/src/providers/ldap/sdap_async_sudo_timer.c +++ b/src/providers/ldap/sdap_async_sudo_timer.c @@ -29,7 +29,7 @@ struct sdap_sudo_timer_state { struct tevent_context *ev; - struct sdap_id_ctx *id_ctx; + struct sdap_sudo_ctx *sudo_ctx; time_t timeout; /* relative time how many seconds wait before canceling fn request */ sdap_sudo_timer_fn_t fn; /* request executed on 'when' */ @@ -50,7 +50,7 @@ static void sdap_sudo_timer_timeout(struct tevent_context *ev, struct tevent_req * sdap_sudo_timer_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct sdap_id_ctx *id_ctx, + struct sdap_sudo_ctx *sudo_ctx, struct timeval when, time_t timeout, sdap_sudo_timer_fn_t fn) @@ -68,7 +68,7 @@ struct tevent_req * sdap_sudo_timer_send(TALLOC_CTX *mem_ctx, } state->ev = ev; - state->id_ctx = id_ctx; + state->sudo_ctx = sudo_ctx; state->timeout = timeout; state->fn = fn; @@ -118,7 +118,7 @@ static void sdap_sudo_timer(struct tevent_context *ev, state = tevent_req_data(req, struct sdap_sudo_timer_state); /* issue request */ - state->subreq = state->fn(state, state->id_ctx); + state->subreq = state->fn(state, state->sudo_ctx); if (state->subreq == NULL) { DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to issue timed request!\n")); tevent_req_error(req, ENOMEM); diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index 002f138e..80549bfa 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -38,7 +38,7 @@ struct sdap_sudo_full_refresh_state { }; static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, - struct sdap_id_ctx *id_ctx); + struct sdap_sudo_ctx *sudo_ctx); static void sdap_sudo_full_refresh_done(struct tevent_req *subreq); @@ -54,7 +54,7 @@ struct sdap_sudo_rules_refresh_state { }; static struct tevent_req *sdap_sudo_rules_refresh_send(TALLOC_CTX *mem_ctx, - struct sdap_id_ctx *id_ctx, + struct sdap_sudo_ctx *sudo_ctx, struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_id_conn_cache *conn_cache, @@ -73,7 +73,7 @@ struct sdap_sudo_smart_refresh_state { }; static struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, - struct sdap_id_ctx *id_ctx); + struct sdap_sudo_ctx *sudo_ctx); static void sdap_sudo_smart_refresh_done(struct tevent_req *subreq); @@ -87,10 +87,10 @@ static void sdap_sudo_periodical_full_refresh_done(struct tevent_req *req); static void sdap_sudo_periodical_smart_refresh_done(struct tevent_req *req); -static int sdap_sudo_schedule_full_refresh(struct sdap_id_ctx *id_ctx, +static int sdap_sudo_schedule_full_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay); -static int sdap_sudo_schedule_smart_refresh(struct sdap_id_ctx *id_ctx, +static int sdap_sudo_schedule_smart_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay); static void @@ -104,19 +104,27 @@ struct bet_ops sdap_sudo_ops = { .finalize = sdap_sudo_shutdown }; -int sdap_sudo_setup_periodical_refresh(struct sdap_id_ctx *id_ctx); +int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx); int sdap_sudo_init(struct be_ctx *be_ctx, struct sdap_id_ctx *id_ctx, struct bet_ops **ops, void **pvt_data) { + struct sdap_sudo_ctx *sudo_ctx = NULL; int ret; DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n")); + sudo_ctx = talloc_zero(be_ctx, struct sdap_sudo_ctx); + if (sudo_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, ("talloc() failed\n")); + return ENOMEM; + } + + sudo_ctx->id_ctx = id_ctx; *ops = &sdap_sudo_ops; - *pvt_data = id_ctx; + *pvt_data = sudo_ctx; ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, be_ctx->conf_path, id_ctx->opts); @@ -126,7 +134,7 @@ int sdap_sudo_init(struct be_ctx *be_ctx, return ret; } - ret = sdap_sudo_setup_periodical_refresh(id_ctx); + ret = sdap_sudo_setup_periodical_refresh(sudo_ctx); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to setup periodical refresh" "of sudo rules [%d]: %s\n", ret, strerror(ret))); @@ -135,8 +143,9 @@ int sdap_sudo_init(struct be_ctx *be_ctx, return EOK; } -int sdap_sudo_setup_periodical_refresh(struct sdap_id_ctx *id_ctx) +int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx) { + struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx; struct tevent_req *req; time_t smart_default; time_t smart_interval; @@ -202,7 +211,7 @@ int sdap_sudo_setup_periodical_refresh(struct sdap_id_ctx *id_ctx) tv = tevent_timeval_current_ofs(10, 0); } - req = sdap_sudo_timer_send(id_ctx, id_ctx->be->ev, id_ctx, + req = sdap_sudo_timer_send(sudo_ctx, id_ctx->be->ev, sudo_ctx, tv, full_interval, sdap_sudo_full_refresh_send); if (req == NULL) { @@ -212,7 +221,7 @@ int sdap_sudo_setup_periodical_refresh(struct sdap_id_ctx *id_ctx) } tevent_req_set_callback(req, sdap_sudo_periodical_first_refresh_done, - id_ctx); + sudo_ctx); DEBUG(SSSDBG_TRACE_FUNC, ("Full refresh scheduled at: %lld\n", (long long)tv.tv_sec)); @@ -279,22 +288,24 @@ void sdap_sudo_handler(struct be_req *be_req) { struct tevent_req *req = NULL; struct be_sudo_req *sudo_req = NULL; + struct sdap_sudo_ctx *sudo_ctx = NULL; struct sdap_id_ctx *id_ctx = NULL; int ret = EOK; - id_ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_SUDO].pvt_bet_data, - struct sdap_id_ctx); + sudo_ctx = talloc_get_type(be_req->be_ctx->bet_info[BET_SUDO].pvt_bet_data, + struct sdap_sudo_ctx); + id_ctx = sudo_ctx->id_ctx; sudo_req = talloc_get_type(be_req->req_data, struct be_sudo_req); switch (sudo_req->type) { case BE_REQ_SUDO_FULL: DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a full refresh of sudo rules\n")); - req = sdap_sudo_full_refresh_send(be_req, id_ctx); + req = sdap_sudo_full_refresh_send(be_req, sudo_ctx); break; case BE_REQ_SUDO_RULES: DEBUG(SSSDBG_TRACE_FUNC, ("Issuing a refresh of specific sudo rules\n")); - req = sdap_sudo_rules_refresh_send(be_req, id_ctx, id_ctx->be, + req = sdap_sudo_rules_refresh_send(be_req, sudo_ctx, id_ctx->be, id_ctx->opts, id_ctx->conn_cache, sudo_req->rules); break; @@ -322,10 +333,11 @@ fail: /* issue full refresh of sudo rules */ static struct tevent_req *sdap_sudo_full_refresh_send(TALLOC_CTX *mem_ctx, - struct sdap_id_ctx *id_ctx) + struct sdap_sudo_ctx *sudo_ctx) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; + struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx; struct sdap_sudo_full_refresh_state *state = NULL; char *ldap_filter = NULL; char *sysdb_filter = NULL; @@ -440,7 +452,7 @@ static int sdap_sudo_full_refresh_recv(struct tevent_req *req, /* issue refresh of specific sudo rules */ static struct tevent_req *sdap_sudo_rules_refresh_send(TALLOC_CTX *mem_ctx, - struct sdap_id_ctx *id_ctx, + struct sdap_sudo_ctx *sudo_ctx, struct be_ctx *be_ctx, struct sdap_options *opts, struct sdap_id_conn_cache *conn_cache, @@ -501,7 +513,7 @@ static struct tevent_req *sdap_sudo_rules_refresh_send(TALLOC_CTX *mem_ctx, } } - state->id_ctx = id_ctx; + state->id_ctx = sudo_ctx->id_ctx; state->num_rules = i; ldap_filter = talloc_asprintf(tmp_ctx, "(&"SDAP_SUDO_FILTER_CLASS"(|%s))", @@ -588,10 +600,11 @@ static int sdap_sudo_rules_refresh_recv(struct tevent_req *req, /* issue smart refresh of sudo rules */ static struct tevent_req *sdap_sudo_smart_refresh_send(TALLOC_CTX *mem_ctx, - struct sdap_id_ctx *id_ctx) + struct sdap_sudo_ctx *sudo_ctx) { struct tevent_req *req = NULL; struct tevent_req *subreq = NULL; + struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx; struct sdap_attr_map *map = id_ctx->opts->sudorule_map; struct sdap_server_opts *srv_opts = id_ctx->srv_opts; struct sdap_sudo_smart_refresh_state *state = NULL; @@ -704,7 +717,7 @@ static int sdap_sudo_smart_refresh_recv(struct tevent_req *req, static void sdap_sudo_periodical_first_refresh_done(struct tevent_req *req) { struct tevent_req *subreq = NULL; /* req from sdap_sudo_full_refresh_send() */ - struct sdap_id_ctx *id_ctx = NULL; + struct sdap_sudo_ctx *sudo_ctx = NULL; time_t delay; int dp_error; int error; @@ -726,11 +739,12 @@ static void sdap_sudo_periodical_first_refresh_done(struct tevent_req *req) } schedule: - id_ctx = tevent_req_callback_data(req, struct sdap_id_ctx); + sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); talloc_zfree(req); /* full refresh */ - delay = dp_opt_get_int(id_ctx->opts->basic, SDAP_SUDO_FULL_REFRESH_INTERVAL); + delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, + SDAP_SUDO_FULL_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical full refresh of sudo rules " @@ -738,13 +752,14 @@ schedule: return; } - ret = sdap_sudo_schedule_full_refresh(id_ctx, delay); + ret = sdap_sudo_schedule_full_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Full periodical refresh will not work.\n")); } /* smart refresh */ - delay = dp_opt_get_int(id_ctx->opts->basic, SDAP_SUDO_SMART_REFRESH_INTERVAL); + delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, + SDAP_SUDO_SMART_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical smart refresh of sudo rules " @@ -752,7 +767,7 @@ schedule: return; } - ret = sdap_sudo_schedule_smart_refresh(id_ctx, delay); + ret = sdap_sudo_schedule_smart_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Smart periodical refresh will not work.\n")); } @@ -761,7 +776,7 @@ schedule: static void sdap_sudo_periodical_full_refresh_done(struct tevent_req *req) { struct tevent_req *subreq = NULL; /* req from sdap_sudo_full_refresh_send() */ - struct sdap_id_ctx *id_ctx = NULL; + struct sdap_sudo_ctx *sudo_ctx = NULL; time_t delay; int dp_error; int error; @@ -783,10 +798,11 @@ static void sdap_sudo_periodical_full_refresh_done(struct tevent_req *req) } schedule: - id_ctx = tevent_req_callback_data(req, struct sdap_id_ctx); + sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); talloc_zfree(req); - delay = dp_opt_get_int(id_ctx->opts->basic, SDAP_SUDO_FULL_REFRESH_INTERVAL); + delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, + SDAP_SUDO_FULL_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical full refresh of sudo rules " @@ -794,7 +810,7 @@ schedule: return; } - ret = sdap_sudo_schedule_full_refresh(id_ctx, delay); + ret = sdap_sudo_schedule_full_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Full periodical refresh will not work.\n")); } @@ -803,7 +819,7 @@ schedule: static void sdap_sudo_periodical_smart_refresh_done(struct tevent_req *req) { struct tevent_req *subreq = NULL; /* req from sdap_sudo_smart_refresh_send() */ - struct sdap_id_ctx *id_ctx = NULL; + struct sdap_sudo_ctx *sudo_ctx = NULL; time_t delay; int dp_error; int error; @@ -825,10 +841,11 @@ static void sdap_sudo_periodical_smart_refresh_done(struct tevent_req *req) } schedule: - id_ctx = tevent_req_callback_data(req, struct sdap_id_ctx); + sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx); talloc_zfree(req); - delay = dp_opt_get_int(id_ctx->opts->basic, SDAP_SUDO_SMART_REFRESH_INTERVAL); + delay = dp_opt_get_int(sudo_ctx->id_ctx->opts->basic, + SDAP_SUDO_SMART_REFRESH_INTERVAL); if (delay == 0) { /* runtime configuration change? */ DEBUG(SSSDBG_TRACE_FUNC, ("Periodical smart refresh of sudo rules " @@ -836,13 +853,13 @@ schedule: return; } - ret = sdap_sudo_schedule_smart_refresh(id_ctx, delay); + ret = sdap_sudo_schedule_smart_refresh(sudo_ctx, delay); if (ret != EOK) { DEBUG(SSSDBG_OP_FAILURE, ("Smart periodical refresh will not work.\n")); } } -static int sdap_sudo_schedule_full_refresh(struct sdap_id_ctx *id_ctx, +static int sdap_sudo_schedule_full_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay) { struct tevent_req *req = NULL; @@ -850,7 +867,7 @@ static int sdap_sudo_schedule_full_refresh(struct sdap_id_ctx *id_ctx, /* schedule new refresh */ tv = tevent_timeval_current_ofs(delay, 0); - req = sdap_sudo_timer_send(id_ctx, id_ctx->be->ev, id_ctx, + req = sdap_sudo_timer_send(sudo_ctx, sudo_ctx->id_ctx->be->ev, sudo_ctx, tv, delay, sdap_sudo_full_refresh_send); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule full refresh of sudo " @@ -859,7 +876,7 @@ static int sdap_sudo_schedule_full_refresh(struct sdap_id_ctx *id_ctx, } tevent_req_set_callback(req, sdap_sudo_periodical_full_refresh_done, - id_ctx); + sudo_ctx); DEBUG(SSSDBG_TRACE_FUNC, ("Full refresh scheduled at: %lld\n", (long long)tv.tv_sec)); @@ -867,15 +884,16 @@ static int sdap_sudo_schedule_full_refresh(struct sdap_id_ctx *id_ctx, return EOK; } -static int sdap_sudo_schedule_smart_refresh(struct sdap_id_ctx *id_ctx, +static int sdap_sudo_schedule_smart_refresh(struct sdap_sudo_ctx *sudo_ctx, time_t delay) { + struct sdap_id_ctx *id_ctx = sudo_ctx->id_ctx; struct tevent_req *req = NULL; struct timeval tv; /* schedule new refresh */ tv = tevent_timeval_current_ofs(delay, 0); - req = sdap_sudo_timer_send(id_ctx, id_ctx->be->ev, id_ctx, + req = sdap_sudo_timer_send(sudo_ctx, id_ctx->be->ev, sudo_ctx, tv, delay, sdap_sudo_smart_refresh_send); if (req == NULL) { DEBUG(SSSDBG_OP_FAILURE, ("Unable to schedule smart refresh of sudo " @@ -884,7 +902,7 @@ static int sdap_sudo_schedule_smart_refresh(struct sdap_id_ctx *id_ctx, } tevent_req_set_callback(req, sdap_sudo_periodical_smart_refresh_done, - id_ctx); + sudo_ctx); DEBUG(SSSDBG_TRACE_FUNC, ("Smart refresh scheduled at: %lld\n", (long long)tv.tv_sec)); diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h index 3eab74f2..25277271 100644 --- a/src/providers/ldap/sdap_sudo.h +++ b/src/providers/ldap/sdap_sudo.h @@ -21,6 +21,16 @@ #ifndef _SDAP_SUDO_H_ #define _SDAP_SUDO_H_ +struct sdap_sudo_ctx { + struct sdap_id_ctx *id_ctx; + + char **hostnames; + char **ip_addr; + bool include_netgroups; + bool include_regexp; + bool use_host_filter; +}; + /* Common functions from ldap_sudo.c */ void sdap_sudo_handler(struct be_req *breq); int sdap_sudo_init(struct be_ctx *be_ctx, @@ -46,11 +56,11 @@ int sdap_sudo_refresh_recv(TALLOC_CTX *mem_ctx, /* timer */ typedef struct tevent_req * (*sdap_sudo_timer_fn_t)(TALLOC_CTX *mem_ctx, - struct sdap_id_ctx *id_ctx); + struct sdap_sudo_ctx *sudo_ctx); struct tevent_req * sdap_sudo_timer_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, - struct sdap_id_ctx *id_ctx, + struct sdap_sudo_ctx *sudo_ctx, struct timeval when, time_t timeout, sdap_sudo_timer_fn_t fn); -- cgit