rpms/sssd
3
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
4c80037896
sssd/0043-IPA-Make-ipa_hbac_sysdb_save-more-generic.patch

498 lines
18 KiB
Diff
Raw Normal View History

Backport few upstream patches/fixes (cherry picked from commit fa4807ec456a6e246d387bcadc4a1f237a3065b9) (cherry picked from commit 323dbdee02385eee933a04c0e86db88d00351f24) (cherry picked from commit 7e532024f07845d03735f64dbf10fcc285967722)
2017-09-01 18:52:07 +00:00
From 9a18f78f38e274f4906af6ef8e1a82d844fde4cc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fidencio@redhat.com>
Date: Mon, 10 Apr 2017 12:40:59 +0200
Subject: [PATCH 43/93] IPA: Make ipa_hbac_sysdb_save() more generic
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Although there's no change in the ipa_hbac_sysdb_save() itself, its name
has been changed to ipa_common_entries_and_groups_sysdb_save() and its
been split out from HBAC related files and moved to the newly created
ipa_rules_common.[ch] files, which will also be used in the future for
new backend modules.
ipa_rules_common.[ch] is not exactly the best name for those files, IMO,
but I really cannot come up with something better.
Related:
https://pagure.io/SSSD/sssd/issue/2995
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
---
Makefile.am | 2 +
src/providers/ipa/ipa_access.c | 37 +++++---
src/providers/ipa/ipa_hbac_common.c | 134 ----------------------------
src/providers/ipa/ipa_hbac_private.h | 7 --
src/providers/ipa/ipa_rules_common.c | 163 +++++++++++++++++++++++++++++++++++
src/providers/ipa/ipa_rules_common.h | 40 +++++++++
6 files changed, 230 insertions(+), 153 deletions(-)
create mode 100644 src/providers/ipa/ipa_rules_common.c
create mode 100644 src/providers/ipa/ipa_rules_common.h
diff --git a/Makefile.am b/Makefile.am
index faa2fbabab1ac727edbb1b5bdcbbebebc4a9fbf2..161db198061f1a636b77721b42997158543be68d 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3890,6 +3890,8 @@ libsss_ipa_la_SOURCES = \
src/providers/ipa/ipa_hbac_services.c \
src/providers/ipa/ipa_hbac_users.c \
src/providers/ipa/ipa_hbac_common.c \
+ src/providers/ipa/ipa_rules_common.c \
+ src/providers/ipa/ipa_rules_common.h \
src/providers/ipa/ipa_srv.c \
src/providers/ipa/ipa_idmap.c \
src/providers/ipa/ipa_dn.c \
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 67838cd92f3a926139fccee262544fcb14a25e4d..262f146dae788a68a394cc44e3719f5e16ef5f03 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -32,6 +32,7 @@
#include "providers/ipa/ipa_hosts.h"
#include "providers/ipa/ipa_hbac_private.h"
#include "providers/ipa/ipa_hbac_rules.h"
+#include "providers/ipa/ipa_rules_common.h"
/* External logging function for HBAC. */
void hbac_debug_messages(const char *file, int line,
@@ -515,10 +516,15 @@ static errno_t ipa_save_hbac(struct sss_domain_info *domain,
in_transaction = true;
/* Save the hosts */
- ret = ipa_hbac_sysdb_save(domain, HBAC_HOSTS_SUBDIR, SYSDB_FQDN,
- state->host_count, state->hosts,
- HBAC_HOSTGROUPS_SUBDIR, SYSDB_NAME,
- state->hostgroup_count, state->hostgroups);
+ ret = ipa_common_entries_and_groups_sysdb_save(domain,
+ HBAC_HOSTS_SUBDIR,
+ SYSDB_FQDN,
+ state->host_count,
+ state->hosts,
+ HBAC_HOSTGROUPS_SUBDIR,
+ SYSDB_NAME,
+ state->hostgroup_count,
+ state->hostgroups);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Error saving hosts [%d]: %s\n",
ret, sss_strerror(ret));
@@ -526,20 +532,27 @@ static errno_t ipa_save_hbac(struct sss_domain_info *domain,
}
/* Save the services */
- ret = ipa_hbac_sysdb_save(domain, HBAC_SERVICES_SUBDIR, IPA_CN,
- state->service_count, state->services,
- HBAC_SERVICEGROUPS_SUBDIR, IPA_CN,
- state->servicegroup_count,
- state->servicegroups);
+ ret = ipa_common_entries_and_groups_sysdb_save(domain,
+ HBAC_SERVICES_SUBDIR,
+ IPA_CN,
+ state->service_count,
+ state->services,
+ HBAC_SERVICEGROUPS_SUBDIR,
+ IPA_CN,
+ state->servicegroup_count,
+ state->servicegroups);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Error saving services [%d]: %s\n",
ret, sss_strerror(ret));
goto done;
}
/* Save the rules */
- ret = ipa_hbac_sysdb_save(domain, HBAC_RULES_SUBDIR, IPA_UNIQUE_ID,
- state->rule_count, state->rules,
- NULL, NULL, 0, NULL);
+ ret = ipa_common_entries_and_groups_sysdb_save(domain,
+ HBAC_RULES_SUBDIR,
+ IPA_UNIQUE_ID,
+ state->rule_count,
+ state->rules,
+ NULL, NULL, 0, NULL);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Error saving rules [%d]: %s\n",
ret, sss_strerror(ret));
diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c
index ba677965a3eb68a54baf99b1875bca2acbb76c99..3866ee2385b262a137c1521ee78a277158777c1a 100644
--- a/src/providers/ipa/ipa_hbac_common.c
+++ b/src/providers/ipa/ipa_hbac_common.c
@@ -23,140 +23,6 @@
#include "providers/ipa/ipa_hbac_private.h"
#include "providers/ipa/ipa_common.h"
-static errno_t
-ipa_hbac_save_list(struct sss_domain_info *domain,
- bool delete_subdir, const char *subdir,
- const char *naming_attribute, size_t count,
- struct sysdb_attrs **list)
-{
- int ret;
- size_t c;
- struct ldb_dn *base_dn;
- const char *object_name;
- struct ldb_message_element *el;
- TALLOC_CTX *tmp_ctx;
-
- tmp_ctx = talloc_new(NULL);
- if (tmp_ctx == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
- return ENOMEM;
- }
-
- if (delete_subdir) {
- base_dn = sysdb_custom_subtree_dn(tmp_ctx, domain, subdir);
- if (base_dn == NULL) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
- goto done;
- }
- }
-
- for (c = 0; c < count; c++) {
- ret = sysdb_attrs_get_el(list[c], naming_attribute, &el);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
- goto done;
- }
- if (el->num_values == 0) {
- DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute);
- ret = EINVAL;
- goto done;
- }
- object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data,
- el->values[0].length);
- if (object_name == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
- ret = ENOMEM;
- goto done;
- }
- DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name);
-
- ret = sysdb_store_custom(domain, object_name, subdir, list[c]);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n");
- goto done;
- }
- }
-
- ret = EOK;
-
-done:
- talloc_free(tmp_ctx);
- return ret;
-}
-
-errno_t
-ipa_hbac_sysdb_save(struct sss_domain_info *domain,
- const char *primary_subdir, const char *attr_name,
- size_t primary_count, struct sysdb_attrs **primary,
- const char *group_subdir, const char *groupattr_name,
- size_t group_count, struct sysdb_attrs **groups)
-{
- errno_t ret, sret;
- bool in_transaction = false;
-
- if ((primary_count == 0 || primary == NULL)
- || (group_count > 0 && groups == NULL)) {
- /* There always has to be at least one
- * primary entry.
- */
- return EINVAL;
- }
-
- /* Save the entries and groups to the cache */
- ret = sysdb_transaction_start(domain->sysdb);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
- goto done;
- };
- in_transaction = true;
-
- /* First, save the specific entries */
- ret = ipa_hbac_save_list(domain, true, primary_subdir,
- attr_name, primary_count, primary);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
- primary_subdir, ret, strerror(ret));
- goto done;
- }
-
- /* Second, save the groups */
- if (group_count > 0) {
- ret = ipa_hbac_save_list(domain, true, group_subdir,
- groupattr_name, group_count, groups);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
- group_subdir, ret, strerror(ret));
- goto done;
- }
- }
-
- ret = sysdb_transaction_commit(domain->sysdb);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
- goto done;
- }
- in_transaction = false;
-
-done:
- if (in_transaction) {
- sret = sysdb_transaction_cancel(domain->sysdb);
- if (sret != EOK) {
- DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n");
- }
- }
-
- if (ret != EOK) {
- DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret));
- }
- return ret;
-}
-
errno_t
replace_attribute_name(const char *old_name,
const char *new_name, const size_t count,
diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h
index 8fc5dc6d03cc2373e32641a399157c900ec18107..ca0bd4710f40206a7c236f86ec7af01f266317fa 100644
--- a/src/providers/ipa/ipa_hbac_private.h
+++ b/src/providers/ipa/ipa_hbac_private.h
@@ -65,13 +65,6 @@
#define HBAC_SERVICEGROUPS_SUBDIR "hbac_servicegroups"
/* From ipa_hbac_common.c */
-errno_t
-ipa_hbac_sysdb_save(struct sss_domain_info *domain,
- const char *primary_subdir, const char *attr_name,
- size_t primary_count, struct sysdb_attrs **primary,
- const char *group_subdir, const char *groupattr_name,
- size_t group_count, struct sysdb_attrs **groups);
-
errno_t
replace_attribute_name(const char *old_name,
const char *new_name, const size_t count,
diff --git a/src/providers/ipa/ipa_rules_common.c b/src/providers/ipa/ipa_rules_common.c
new file mode 100644
index 0000000000000000000000000000000000000000..056d04dd1b622284634995f21dc0f2f0087c7741
--- /dev/null
+++ b/src/providers/ipa/ipa_rules_common.c
@@ -0,0 +1,163 @@
+/*
+ SSSD
+
+ Authors:
+ Stephen Gallagher <sgallagh@redhat.com>
+
+ Copyright (C) 2011 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "providers/ipa/ipa_rules_common.h"
+
+static errno_t
+ipa_common_save_list(struct sss_domain_info *domain,
+ bool delete_subdir,
+ const char *subdir,
+ const char *naming_attribute,
+ size_t count,
+ struct sysdb_attrs **list)
+{
+ int ret;
+ size_t c;
+ struct ldb_dn *base_dn;
+ const char *object_name;
+ struct ldb_message_element *el;
+ TALLOC_CTX *tmp_ctx;
+
+ tmp_ctx = talloc_new(NULL);
+ if (tmp_ctx == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n");
+ return ENOMEM;
+ }
+
+ if (delete_subdir) {
+ base_dn = sysdb_custom_subtree_dn(tmp_ctx, domain, subdir);
+ if (base_dn == NULL) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = sysdb_delete_recursive(domain->sysdb, base_dn, true);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n");
+ goto done;
+ }
+ }
+
+ for (c = 0; c < count; c++) {
+ ret = sysdb_attrs_get_el(list[c], naming_attribute, &el);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n");
+ goto done;
+ }
+ if (el->num_values == 0) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute);
+ ret = EINVAL;
+ goto done;
+ }
+ object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data,
+ el->values[0].length);
+ if (object_name == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n");
+ ret = ENOMEM;
+ goto done;
+ }
+ DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name);
+
+ ret = sysdb_store_custom(domain, object_name, subdir, list[c]);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n");
+ goto done;
+ }
+ }
+
+ ret = EOK;
+
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+errno_t
+ipa_common_entries_and_groups_sysdb_save(struct sss_domain_info *domain,
+ const char *primary_subdir,
+ const char *attr_name,
+ size_t primary_count,
+ struct sysdb_attrs **primary,
+ const char *group_subdir,
+ const char *groupattr_name,
+ size_t group_count,
+ struct sysdb_attrs **groups)
+{
+ errno_t ret, sret;
+ bool in_transaction = false;
+
+ if ((primary_count == 0 || primary == NULL)
+ || (group_count > 0 && groups == NULL)) {
+ /* There always has to be at least one
+ * primary entry.
+ */
+ return EINVAL;
+ }
+
+ /* Save the entries and groups to the cache */
+ ret = sysdb_transaction_start(domain->sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n");
+ goto done;
+ };
+ in_transaction = true;
+
+ /* First, save the specific entries */
+ ret = ipa_common_save_list(domain, true, primary_subdir,
+ attr_name, primary_count, primary);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
+ primary_subdir, ret, strerror(ret));
+ goto done;
+ }
+
+ /* Second, save the groups */
+ if (group_count > 0) {
+ ret = ipa_common_save_list(domain, true, group_subdir,
+ groupattr_name, group_count, groups);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n",
+ group_subdir, ret, strerror(ret));
+ goto done;
+ }
+ }
+
+ ret = sysdb_transaction_commit(domain->sysdb);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n");
+ goto done;
+ }
+ in_transaction = false;
+
+done:
+ if (in_transaction) {
+ sret = sysdb_transaction_cancel(domain->sysdb);
+ if (sret != EOK) {
+ DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n");
+ }
+ }
+
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret));
+ }
+ return ret;
+}
diff --git a/src/providers/ipa/ipa_rules_common.h b/src/providers/ipa/ipa_rules_common.h
new file mode 100644
index 0000000000000000000000000000000000000000..38a6ba3a51f1553483e43a0a2dd186077f5089d4
--- /dev/null
+++ b/src/providers/ipa/ipa_rules_common.h
@@ -0,0 +1,40 @@
+/*
+ SSSD
+
+ Authors:
+ Stephen Gallagher <sgallagh@redhat.com>
+
+ Copyright (C) 2011 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef IPA_RULES_COMMON_H_
+#define IPA_RULES_COMMON_H_
+
+#include "providers/backend.h"
+
+/* From ipa_rules_common.c */
+errno_t
+ipa_common_entries_and_groups_sysdb_save(struct sss_domain_info *domain,
+ const char *primary_subdir,
+ const char *attr_name,
+ size_t primary_count,
+ struct sysdb_attrs **primary,
+ const char *group_subdir,
+ const char *groupattr_name,
+ size_t group_count,
+ struct sysdb_attrs **groups);
+
+#endif /* IPA_RULES_COMMON_H_ */
--
2.14.1
Reference in New Issue Copy Permalink