diff options
-rw-r--r-- | src/db/sysdb_sudo.c | 185 | ||||
-rw-r--r-- | src/db/sysdb_sudo.h | 21 | ||||
-rw-r--r-- | src/responder/sudo/sudosrv_get_sudorules.c | 269 | ||||
-rw-r--r-- | src/tests/cmocka/test_sysdb_sudo.c | 72 |
4 files changed, 378 insertions, 169 deletions
diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index 5f1a8a13e..601fb63f2 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -215,105 +215,156 @@ done: return ret; } -errno_t -sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, - uid_t uid, char **groupnames, unsigned int flags, - char **_filter) +static char * +sysdb_sudo_filter_userinfo(TALLOC_CTX *mem_ctx, + const char *username, + char **groupnames, + uid_t uid) { - TALLOC_CTX *tmp_ctx = NULL; - char *filter = NULL; - char *specific_filter = NULL; - char *sanitized = NULL; - time_t now; + const char *attr = SYSDB_SUDO_CACHE_AT_USER; + TALLOC_CTX *tmp_ctx; + char *sanitized_name; + char *filter; errno_t ret; int i; tmp_ctx = talloc_new(NULL); - NULL_CHECK(tmp_ctx, ret, done); - - /* build specific filter */ + if (tmp_ctx == NULL) { + return NULL; + } - specific_filter = talloc_zero(tmp_ctx, char); /* assign to tmp_ctx */ - NULL_CHECK(specific_filter, ret, done); + filter = talloc_asprintf(tmp_ctx, "(%s=ALL)", attr); + if (filter == NULL) { + ret = ENOMEM; + goto done; + } - if (flags & SYSDB_SUDO_FILTER_INCLUDE_ALL) { - specific_filter = talloc_asprintf_append(specific_filter, "(%s=ALL)", - SYSDB_SUDO_CACHE_AT_USER); - NULL_CHECK(specific_filter, ret, done); + ret = sss_filter_sanitize(tmp_ctx, username, &sanitized_name); + if (ret != EOK) { + goto done; } - if (flags & SYSDB_SUDO_FILTER_INCLUDE_DFL) { - specific_filter = talloc_asprintf_append(specific_filter, "(%s=defaults)", - SYSDB_NAME); - NULL_CHECK(specific_filter, ret, done); + filter = talloc_asprintf_append(filter, "(%s=%s)", attr, sanitized_name); + if (filter == NULL) { + ret = ENOMEM; + goto done; } - if ((flags & SYSDB_SUDO_FILTER_USERNAME) && (username != NULL)) { - ret = sss_filter_sanitize(tmp_ctx, username, &sanitized); - if (ret != EOK) { + if (uid != 0) { + filter = talloc_asprintf_append(filter, "(%s=#%"SPRIuid")", attr, uid); + if (filter == NULL) { + ret = ENOMEM; goto done; } - - specific_filter = talloc_asprintf_append(specific_filter, "(%s=%s)", - SYSDB_SUDO_CACHE_AT_USER, - sanitized); - NULL_CHECK(specific_filter, ret, done); - } - - if ((flags & SYSDB_SUDO_FILTER_UID) && (uid != 0)) { - specific_filter = talloc_asprintf_append(specific_filter, "(%s=#%llu)", - SYSDB_SUDO_CACHE_AT_USER, - (unsigned long long) uid); - NULL_CHECK(specific_filter, ret, done); } - if ((flags & SYSDB_SUDO_FILTER_GROUPS) && (groupnames != NULL)) { + if (groupnames != NULL) { for (i=0; groupnames[i] != NULL; i++) { - ret = sss_filter_sanitize(tmp_ctx, groupnames[i], &sanitized); + ret = sss_filter_sanitize(tmp_ctx, groupnames[i], &sanitized_name); if (ret != EOK) { goto done; } - specific_filter = talloc_asprintf_append(specific_filter, "(%s=%%%s)", - SYSDB_SUDO_CACHE_AT_USER, - sanitized); - NULL_CHECK(specific_filter, ret, done); + filter = talloc_asprintf_append(filter, "(%s=%%%s)", attr, + sanitized_name); + if (filter == NULL) { + ret = ENOMEM; + goto done; + } } } - if (flags & SYSDB_SUDO_FILTER_NGRS) { - specific_filter = talloc_asprintf_append(specific_filter, "(%s=+*)", - SYSDB_SUDO_CACHE_AT_USER); - NULL_CHECK(specific_filter, ret, done); + talloc_steal(mem_ctx, filter); + +done: + talloc_free(tmp_ctx); + + if (ret != EOK) { + return NULL; } - /* build global filter */ + return filter; +} - filter = talloc_asprintf(tmp_ctx, "(&(%s=%s)", - SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC); - NULL_CHECK(filter, ret, done); +char * +sysdb_sudo_filter_expired(TALLOC_CTX *mem_ctx, + const char *username, + char **groupnames, + uid_t uid) +{ + char *userfilter; + char *filter; + time_t now; - if (specific_filter[0] != '\0') { - filter = talloc_asprintf_append(filter, "(|%s)", specific_filter); - NULL_CHECK(filter, ret, done); + userfilter = sysdb_sudo_filter_userinfo(mem_ctx, username, groupnames, uid); + if (userfilter == NULL) { + return NULL; } - if (flags & SYSDB_SUDO_FILTER_ONLY_EXPIRED) { - now = time(NULL); - filter = talloc_asprintf_append(filter, "(&(%s<=%lld))", - SYSDB_CACHE_EXPIRE, (long long)now); - NULL_CHECK(filter, ret, done); + now = time(NULL); + filter = talloc_asprintf(mem_ctx, + "(&(%s=%s)(%s<=%lld)(|(%s=defaults)%s(%s=+*)))", + SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC, + SYSDB_CACHE_EXPIRE, (long long)now, + SYSDB_NAME, + userfilter, + SYSDB_SUDO_CACHE_AT_USER); + talloc_free(userfilter); + + return filter; +} + +char * +sysdb_sudo_filter_defaults(TALLOC_CTX *mem_ctx) +{ + return talloc_asprintf(mem_ctx, "(&(%s=%s)(%s=defaults))", + SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC, + SYSDB_NAME); +} + +char * +sysdb_sudo_filter_user(TALLOC_CTX *mem_ctx, + const char *username, + char **groupnames, + uid_t uid) +{ + char *userfilter; + char *filter; + + userfilter = sysdb_sudo_filter_userinfo(mem_ctx, username, groupnames, uid); + if (userfilter == NULL) { + return NULL; } - filter = talloc_strdup_append(filter, ")"); - NULL_CHECK(filter, ret, done); + filter = talloc_asprintf(mem_ctx, "(&(%s=%s)(|%s))", + SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC, + userfilter); + talloc_free(userfilter); - ret = EOK; - *_filter = talloc_steal(mem_ctx, filter); + return filter; +} -done: - talloc_free(tmp_ctx); - return ret; +char * +sysdb_sudo_filter_netgroups(TALLOC_CTX *mem_ctx, + const char *username, + char **groupnames, + uid_t uid) +{ + char *userfilter; + char *filter; + + userfilter = sysdb_sudo_filter_userinfo(mem_ctx, username, groupnames, uid); + if (userfilter == NULL) { + return NULL; + } + + filter = talloc_asprintf(mem_ctx, "(&(%s=%s)(%s=+*)(!(|%s)))", + SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_OC, + SYSDB_SUDO_CACHE_AT_USER, + userfilter); + talloc_free(userfilter); + + return filter; } errno_t @@ -985,4 +1036,4 @@ sysdb_set_sudo_rule_attr(struct sss_domain_info *domain, done: talloc_free(tmp_ctx); return ret; -}
\ No newline at end of file +} diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h index c9dadb799..9c2456cf8 100644 --- a/src/db/sysdb_sudo.h +++ b/src/db/sysdb_sudo.h @@ -96,6 +96,27 @@ errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx, uint32_t *_num_rules, struct sysdb_attrs ***_rules); +char * +sysdb_sudo_filter_expired(TALLOC_CTX *mem_ctx, + const char *username, + char **groupnames, + uid_t uid); + +char * +sysdb_sudo_filter_defaults(TALLOC_CTX *mem_ctx); + +char * +sysdb_sudo_filter_user(TALLOC_CTX *mem_ctx, + const char *username, + char **groupnames, + uid_t uid); + +char * +sysdb_sudo_filter_netgroups(TALLOC_CTX *mem_ctx, + const char *username, + char **groupnames, + uid_t uid); + errno_t sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, uid_t uid, char **groupnames, unsigned int flags, diff --git a/src/responder/sudo/sudosrv_get_sudorules.c b/src/responder/sudo/sudosrv_get_sudorules.c index 0cf8c9be3..0608888ff 100644 --- a/src/responder/sudo/sudosrv_get_sudorules.c +++ b/src/responder/sudo/sudosrv_get_sudorules.c @@ -116,16 +116,11 @@ sort_sudo_rules(struct sysdb_attrs **rules, size_t count, bool lower_wins) static errno_t sudosrv_query_cache(TALLOC_CTX *mem_ctx, struct sss_domain_info *domain, const char **attrs, - unsigned int flags, - const char *username, - uid_t uid, - char **groupnames, - bool inverse_order, + const char *filter, struct sysdb_attrs ***_rules, uint32_t *_count) { TALLOC_CTX *tmp_ctx; - char *filter; errno_t ret; size_t count; struct sysdb_attrs **rules; @@ -136,14 +131,6 @@ static errno_t sudosrv_query_cache(TALLOC_CTX *mem_ctx, return ENOMEM; } - ret = sysdb_get_sudo_filter(tmp_ctx, username, uid, groupnames, - flags, &filter); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not construct the search filter " - "[%d]: %s\n", ret, sss_strerror(ret)); - goto done; - } - DEBUG(SSSDBG_FUNC_DATA, "Searching sysdb with [%s]\n", filter); if (IS_SUBDOMAIN(domain)) { @@ -170,12 +157,6 @@ static errno_t sudosrv_query_cache(TALLOC_CTX *mem_ctx, goto done; } - ret = sort_sudo_rules(rules, count, inverse_order); - if (ret != EOK) { - DEBUG(SSSDBG_OP_FAILURE, "Could not sort rules by sudoOrder\n"); - goto done; - } - *_rules = talloc_steal(mem_ctx, rules); *_count = (uint32_t)count; @@ -194,24 +175,131 @@ static errno_t sudosrv_expired_rules(TALLOC_CTX *mem_ctx, struct sysdb_attrs ***_rules, uint32_t *_num_rules) { - unsigned int flags = SYSDB_SUDO_FILTER_NONE; const char *attrs[] = { SYSDB_NAME, NULL }; + char *filter; errno_t ret; - flags = SYSDB_SUDO_FILTER_INCLUDE_ALL - | SYSDB_SUDO_FILTER_INCLUDE_DFL - | SYSDB_SUDO_FILTER_ONLY_EXPIRED - | SYSDB_SUDO_FILTER_USERINFO; + filter = sysdb_sudo_filter_expired(NULL, username, groups, uid); + if (filter == NULL) { + return ENOMEM; + } + + ret = sudosrv_query_cache(mem_ctx, domain, attrs, filter, + _rules, _num_rules); + talloc_free(filter); + + return ret; +} + +static errno_t sudosrv_cached_rules_by_user(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + uid_t uid, + const char *username, + char **groupnames, + struct sysdb_attrs ***_rules, + uint32_t *_num_rules) +{ + TALLOC_CTX *tmp_ctx; + struct sysdb_attrs **rules; + uint32_t num_rules; + uint32_t i; + const char *filter; + const char *val; + errno_t ret; + const char *attrs[] = { SYSDB_OBJECTCLASS, + SYSDB_SUDO_CACHE_AT_CN, + SYSDB_SUDO_CACHE_AT_HOST, + SYSDB_SUDO_CACHE_AT_COMMAND, + SYSDB_SUDO_CACHE_AT_OPTION, + SYSDB_SUDO_CACHE_AT_RUNAS, + SYSDB_SUDO_CACHE_AT_RUNASUSER, + SYSDB_SUDO_CACHE_AT_RUNASGROUP, + SYSDB_SUDO_CACHE_AT_NOTBEFORE, + SYSDB_SUDO_CACHE_AT_NOTAFTER, + SYSDB_SUDO_CACHE_AT_ORDER, + NULL }; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + filter = sysdb_sudo_filter_user(tmp_ctx, username, groupnames, uid); + if (filter == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sudosrv_query_cache(tmp_ctx, domain, attrs, filter, + &rules, &num_rules); + if (ret != EOK) { + goto done; + } + + val = talloc_asprintf(tmp_ctx, "#%"SPRIuid, uid); + if (val == NULL) { + ret = ENOMEM; + goto done; + } + + /* Add sudoUser: #uid to prevent conflicts with fqnames. */ + DEBUG(SSSDBG_TRACE_FUNC, "Replacing sudoUser attribute with " + "sudoUser: %s\n", val); + for (i = 0; i < num_rules; i++) { + ret = sysdb_attrs_add_string(rules[i], SYSDB_SUDO_CACHE_AT_USER, val); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to alter sudoUser attribute " + "[%d]: %s\n", ret, sss_strerror(ret)); + } + } + + *_rules = talloc_steal(mem_ctx, rules); + *_num_rules = num_rules; + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + +static errno_t sudosrv_cached_rules_by_ng(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + uid_t uid, + const char *username, + char **groupnames, + struct sysdb_attrs ***_rules, + uint32_t *_num_rules) +{ + char *filter; + errno_t ret; + const char *attrs[] = { SYSDB_OBJECTCLASS, + SYSDB_SUDO_CACHE_AT_CN, + SYSDB_SUDO_CACHE_AT_USER, + SYSDB_SUDO_CACHE_AT_HOST, + SYSDB_SUDO_CACHE_AT_COMMAND, + SYSDB_SUDO_CACHE_AT_OPTION, + SYSDB_SUDO_CACHE_AT_RUNAS, + SYSDB_SUDO_CACHE_AT_RUNASUSER, + SYSDB_SUDO_CACHE_AT_RUNASGROUP, + SYSDB_SUDO_CACHE_AT_NOTBEFORE, + SYSDB_SUDO_CACHE_AT_NOTAFTER, + SYSDB_SUDO_CACHE_AT_ORDER, + NULL }; + + filter = sysdb_sudo_filter_netgroups(NULL, username, groupnames, uid); + if (filter == NULL) { + return ENOMEM; + } - ret = sudosrv_query_cache(mem_ctx, domain, attrs, flags, - username, uid, groups, false, + ret = sudosrv_query_cache(mem_ctx, domain, attrs, filter, _rules, _num_rules); + talloc_free(filter); return ret; } static errno_t sudosrv_cached_rules(TALLOC_CTX *mem_ctx, - enum sss_sudo_type type, struct sss_domain_info *domain, uid_t uid, const char *username, @@ -220,10 +308,78 @@ static errno_t sudosrv_cached_rules(TALLOC_CTX *mem_ctx, struct sysdb_attrs ***_rules, uint32_t *_num_rules) { - unsigned int flags = SYSDB_SUDO_FILTER_NONE; + TALLOC_CTX *tmp_ctx; + struct sysdb_attrs **user_rules; + struct sysdb_attrs **ng_rules; struct sysdb_attrs **rules; - const char *debug_name = "unknown"; + uint32_t num_user_rules; + uint32_t num_ng_rules; uint32_t num_rules; + uint32_t rule_iter, i; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + ret = sudosrv_cached_rules_by_user(tmp_ctx, domain, uid, username, groups, + &user_rules, &num_user_rules); + if (ret != EOK) { + goto done; + } + + ret = sudosrv_cached_rules_by_ng(tmp_ctx, domain, uid, username, groups, + &ng_rules, &num_ng_rules); + if (ret != EOK) { + goto done; + } + + num_rules = num_user_rules + num_ng_rules; + if (num_rules == 0) { + *_rules = NULL; + *_num_rules = 0; + ret = EOK; + goto done; + } + + rules = talloc_array(tmp_ctx, struct sysdb_attrs *, num_rules); + if (rules == NULL) { + ret = ENOMEM; + goto done; + } + + rule_iter = 0; + for (i = 0; i < num_user_rules; rule_iter++, i++) { + rules[rule_iter] = talloc_steal(rules, user_rules[i]); + } + + for (i = 0; i < num_ng_rules; rule_iter++, i++) { + rules[rule_iter] = talloc_steal(rules, ng_rules[i]); + } + + ret = sort_sudo_rules(rules, num_rules, inverse_order); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Could not sort rules by sudoOrder\n"); + goto done; + } + + *_rules = talloc_steal(mem_ctx, rules); + *_num_rules = num_rules; + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + +static errno_t sudosrv_cached_defaults(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + struct sysdb_attrs ***_rules, + uint32_t *_num_rules) +{ + char *filter; errno_t ret; const char *attrs[] = { SYSDB_OBJECTCLASS, SYSDB_SUDO_CACHE_AT_CN, @@ -239,31 +395,60 @@ static errno_t sudosrv_cached_rules(TALLOC_CTX *mem_ctx, SYSDB_SUDO_CACHE_AT_ORDER, NULL }; + filter = sysdb_sudo_filter_defaults(NULL); + if (filter == NULL) { + return ENOMEM; + } + + ret = sudosrv_query_cache(mem_ctx, domain, attrs, filter, + _rules, _num_rules); + talloc_free(filter); + + return ret; +} + +static errno_t sudosrv_fetch_rules(TALLOC_CTX *mem_ctx, + enum sss_sudo_type type, + struct sss_domain_info *domain, + uid_t uid, + const char *username, + char **groups, + bool inverse_order, + struct sysdb_attrs ***_rules, + uint32_t *_num_rules) +{ + struct sysdb_attrs **rules; + const char *debug_name = "unknown"; + uint32_t num_rules; + errno_t ret; + switch (type) { case SSS_SUDO_USER: DEBUG(SSSDBG_TRACE_FUNC, "Retrieving rules for [%s@%s]\n", username, domain->name); debug_name = "rules"; - flags = SYSDB_SUDO_FILTER_USERINFO | SYSDB_SUDO_FILTER_INCLUDE_ALL; + + ret = sudosrv_cached_rules(mem_ctx, domain, uid, username, groups, + inverse_order, &rules, &num_rules); + break; case SSS_SUDO_DEFAULTS: debug_name = "default options"; DEBUG(SSSDBG_TRACE_FUNC, "Retrieving default options for [%s@%s]\n", username, domain->name); - flags = SYSDB_SUDO_FILTER_INCLUDE_DFL; + + ret = sudosrv_cached_defaults(mem_ctx, domain, &rules, &num_rules); + break; } - ret = sudosrv_query_cache(mem_ctx, domain, attrs, flags, - username, uid, groups, - inverse_order, &rules, &num_rules); if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, - "Unable to retrieve sudo rules [%d]: %s\n", ret, strerror(ret)); + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to retrieve %s [%d]: %s\n", + debug_name, ret, sss_strerror(ret)); return ret; } - DEBUG(SSSDBG_TRACE_FUNC, "Returning %d %s for [%s@%s]\n", + DEBUG(SSSDBG_TRACE_FUNC, "Returning %u %s for [%s@%s]\n", num_rules, debug_name, username, domain->name); *_rules = rules; @@ -541,10 +726,10 @@ static void sudosrv_get_rules_done(struct tevent_req *subreq) "in cache.\n"); } - ret = sudosrv_cached_rules(state, state->type, state->domain, state->uid, - state->username, state->groups, - state->inverse_order, - &state->rules, &state->num_rules); + ret = sudosrv_fetch_rules(state, state->type, state->domain, state->uid, + state->username, state->groups, + state->inverse_order, + &state->rules, &state->num_rules); if (ret != EOK) { tevent_req_error(req, ret); diff --git a/src/tests/cmocka/test_sysdb_sudo.c b/src/tests/cmocka/test_sysdb_sudo.c index aebad88eb..889de7237 100644 --- a/src/tests/cmocka/test_sysdb_sudo.c +++ b/src/tests/cmocka/test_sysdb_sudo.c @@ -167,8 +167,6 @@ void test_store_sudo(void **state) { errno_t ret; char *filter; - int uid = 0; - char **groupnames = NULL; const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_HOST, SYSDB_SUDO_CACHE_AT_RUNASUSER, SYSDB_SUDO_CACHE_AT_USER, NULL }; @@ -186,10 +184,8 @@ void test_store_sudo(void **state) ret = sysdb_sudo_store(test_ctx->tctx->dom, &rule, 1); assert_int_equal(ret, EOK); - ret = sysdb_get_sudo_filter(test_ctx, users[0].name, - uid, groupnames, SYSDB_SUDO_FILTER_USERNAME, - &filter); - assert_int_equal(ret, EOK); + filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0); + assert_non_null(filter); ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter, attrs, &msgs_count, &msgs); @@ -226,8 +222,6 @@ void test_sudo_purge_by_filter(void **state) errno_t ret; struct sysdb_attrs *rule; char *delete_filter; - int uid = 0; - char **groupnames = NULL; struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state, struct sysdb_test_ctx); @@ -239,12 +233,8 @@ void test_sudo_purge_by_filter(void **state) assert_int_equal(ret, EOK); assert_int_equal(get_stored_rules_count(test_ctx), 1); - ret = sysdb_get_sudo_filter(test_ctx, users[0].name, - uid, groupnames, SYSDB_SUDO_FILTER_USERNAME, - &delete_filter); - assert_int_equal(ret, EOK); - assert_string_equal(delete_filter, - "(&(objectClass=sudoRule)(|(sudoUser=test_user1)))"); + delete_filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0); + assert_non_null(delete_filter); ret = sysdb_sudo_purge(test_ctx->tctx->dom, delete_filter, NULL, 0); assert_int_equal(ret, EOK); @@ -293,25 +283,6 @@ void test_sudo_set_get_last_full_refresh(void **state) assert_int_equal(now, loaded_time); } -void test_sudo_get_filter(void **state) -{ - errno_t ret; - char *filter; - int uid = 0; - char **groupnames = NULL; - struct sysdb_test_ctx *test_ctx = talloc_get_type_abort(*state, - struct sysdb_test_ctx); - - ret = sysdb_get_sudo_filter(test_ctx, users[0].name, - uid, groupnames, SYSDB_SUDO_FILTER_USERNAME, - &filter); - assert_int_equal(ret, EOK); - assert_string_equal(filter, - "(&(objectClass=sudoRule)(|(sudoUser=test_user1)))"); - - talloc_zfree(filter); -} - void test_get_sudo_user_info(void **state) { errno_t ret; @@ -364,8 +335,6 @@ void test_set_sudo_rule_attr_add(void **state) const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_COMMAND, NULL }; char *filter; - int uid = 0; - char **groupnames = NULL; struct ldb_message **msgs = NULL; size_t msgs_count; const char *result; @@ -390,10 +359,8 @@ void test_set_sudo_rule_attr_add(void **state) new_rule, SYSDB_MOD_ADD); assert_int_equal(ret, EOK); - ret = sysdb_get_sudo_filter(test_ctx, users[0].name, - uid, groupnames, SYSDB_SUDO_FILTER_USERNAME, - &filter); - assert_int_equal(ret, EOK); + filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0); + assert_non_null(filter); ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter, attrs, &msgs_count, &msgs); @@ -422,8 +389,6 @@ void test_set_sudo_rule_attr_replace(void **state) struct sysdb_attrs *new_rule; const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_CACHE_EXPIRE, NULL }; char *filter; - int uid = 0; - char **groupnames = NULL; struct ldb_message **msgs = NULL; size_t msgs_count; const char *result; @@ -447,10 +412,8 @@ void test_set_sudo_rule_attr_replace(void **state) new_rule, SYSDB_MOD_REP); assert_int_equal(ret, EOK); - ret = sysdb_get_sudo_filter(test_ctx, users[0].name, - uid, groupnames, SYSDB_SUDO_FILTER_USERNAME, - &filter); - assert_int_equal(ret, EOK); + filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0); + assert_non_null(filter); ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter, attrs, &msgs_count, &msgs); @@ -479,8 +442,6 @@ void test_set_sudo_rule_attr_delete(void **state) const char *attrs[] = { SYSDB_SUDO_CACHE_AT_CN, SYSDB_SUDO_CACHE_AT_HOST, NULL }; char *filter; - int uid = 0; - char **groupnames = NULL; struct ldb_message **msgs = NULL; size_t msgs_count; const char *result; @@ -505,10 +466,8 @@ void test_set_sudo_rule_attr_delete(void **state) new_rule, LDB_FLAG_MOD_DELETE); assert_int_equal(ret, EOK); - ret = sysdb_get_sudo_filter(test_ctx, users[0].name, - uid, groupnames, SYSDB_SUDO_FILTER_USERNAME, - &filter); - assert_int_equal(ret, EOK); + filter = sysdb_sudo_filter_user(test_ctx, users[0].name, NULL, 0); + assert_non_null(filter); ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter, attrs, &msgs_count, &msgs); @@ -533,7 +492,7 @@ void test_set_sudo_rule_attr_delete(void **state) void test_search_sudo_rules(void **state) { errno_t ret; - char *filter; + const char *filter; const char *attrs[] = { SYSDB_NAME, NULL }; struct ldb_message **msgs = NULL; size_t msgs_count; @@ -556,9 +515,7 @@ void test_search_sudo_rules(void **state) assert_int_equal(ret, EOK); assert_int_equal(get_stored_rules_count(test_ctx), 2); - ret = sysdb_get_sudo_filter(test_ctx, NULL, 0, NULL, - SYSDB_SUDO_FILTER_NONE, &filter); - assert_int_equal(ret, EOK); + filter = "(objectClass=" SYSDB_SUDO_CACHE_OC ")"; ret = sysdb_search_sudo_rules(test_ctx, test_ctx->tctx->dom, filter, attrs, &msgs_count, &msgs); @@ -581,7 +538,6 @@ void test_search_sudo_rules(void **state) talloc_zfree(tmp_rules[0]); talloc_zfree(tmp_rules[1]); talloc_zfree(msgs); - talloc_zfree(filter); } void test_filter_rules_by_time(void **state) @@ -710,10 +666,6 @@ int main(int argc, const char *argv[]) test_sysdb_setup, test_sysdb_teardown), - /* sysdb_get_sudo_filter() */ - cmocka_unit_test_setup_teardown(test_sudo_get_filter, - test_sysdb_setup, - test_sysdb_teardown), /* sysdb_get_sudo_user_info() */ cmocka_unit_test_setup_teardown(test_get_sudo_user_info, test_sysdb_setup, |