From e2d26e97d62f06f65e8228b28746471cc5f73fe5 Mon Sep 17 00:00:00 2001 From: Petr Cech Date: Wed, 24 Feb 2016 09:12:41 -0500 Subject: SYSDB: Add new funtions into sysdb_sudo MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This patch adds two new functions into public API of sysdb_sudo: * sysdb_search_sudo_rules * sysdb_set_sudo_rule_attr Resolves: https://fedorahosted.org/sssd/ticket/2081 Reviewed-by: Pavel Březina --- src/db/sysdb_sudo.c | 97 +++++++++++++++++++++++++++++++++++++++++++++++++++++ src/db/sysdb_sudo.h | 14 ++++++++ 2 files changed, 111 insertions(+) (limited to 'src/db') diff --git a/src/db/sysdb_sudo.c b/src/db/sysdb_sudo.c index cdea5beed..5f1a8a13e 100644 --- a/src/db/sysdb_sudo.c +++ b/src/db/sysdb_sudo.c @@ -889,3 +889,100 @@ done: return ret; } + +errno_t sysdb_search_sudo_rules(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *_msgs_count, + struct ldb_message ***_msgs) +{ + TALLOC_CTX *tmp_ctx; + size_t msgs_count; + struct ldb_message **msgs; + struct ldb_dn *dn; + char *filter; + int ret; + + tmp_ctx = talloc_new(NULL); + NULL_CHECK(tmp_ctx, ret, done); + + dn = ldb_dn_new_fmt(tmp_ctx, domain->sysdb->ldb, SYSDB_TMPL_CUSTOM_SUBTREE, + SUDORULE_SUBDIR, domain->name); + if (dn == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to build base dn\n"); + ret = ENOMEM; + goto done; + } + + if (sub_filter == NULL) { + filter = talloc_asprintf(tmp_ctx, "(%s)", SUDO_ALL_FILTER); + } else { + filter = talloc_asprintf(tmp_ctx, "(&%s%s)", + SUDO_ALL_FILTER, sub_filter); + } + if (filter == NULL) { + DEBUG(SSSDBG_OP_FAILURE, "Failed to build filter\n"); + ret = ENOMEM; + goto done; + } + + DEBUG(SSSDBG_TRACE_INTERNAL, + "Search sudo rules with filter: %s\n", filter); + + ret = sysdb_search_entry(tmp_ctx, domain->sysdb, dn, + LDB_SCOPE_SUBTREE, filter, attrs, + &msgs_count, &msgs); + + if (ret == ENOENT) { + DEBUG(SSSDBG_TRACE_INTERNAL, "No such entry\n"); + *_msgs = NULL; + *_msgs_count = 0; + goto done; + } else if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Error: %d (%s)\n", ret, sss_strerror(ret)); + goto done; + } + + *_msgs_count = msgs_count; + *_msgs = talloc_steal(mem_ctx, msgs); + + ret = EOK; + +done: + talloc_zfree(tmp_ctx); + return ret; +} + +static struct ldb_dn * +sysdb_sudo_rule_dn(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *name) +{ + return sysdb_custom_dn(mem_ctx, domain, name, SUDORULE_SUBDIR); +} + +errno_t +sysdb_set_sudo_rule_attr(struct sss_domain_info *domain, + const char *name, + struct sysdb_attrs *attrs, + int mod_op) +{ + errno_t ret; + struct ldb_dn *dn; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + return ENOMEM; + } + + dn = sysdb_sudo_rule_dn(tmp_ctx, domain, name); + NULL_CHECK(dn, ret, done); + + ret = sysdb_set_entry_attr(domain->sysdb, dn, attrs, mod_op); + +done: + talloc_free(tmp_ctx); + return ret; +} \ No newline at end of file diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h index 515f45ab8..c9dadb799 100644 --- a/src/db/sysdb_sudo.h +++ b/src/db/sysdb_sudo.h @@ -122,4 +122,18 @@ sysdb_sudo_store(struct sss_domain_info *domain, struct sysdb_attrs **rules, size_t num_rules); +errno_t +sysdb_search_sudo_rules(TALLOC_CTX *mem_ctx, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *_msgs_count, + struct ldb_message ***_msgs); + +errno_t +sysdb_set_sudo_rule_attr(struct sss_domain_info *domain, + const char *name, + struct sysdb_attrs *attrs, + int mod_op); + #endif /* _SYSDB_SUDO_H_ */ -- cgit