From 9a18f78f38e274f4906af6ef8e1a82d844fde4cc Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Mon, 10 Apr 2017 12:40:59 +0200 Subject: [PATCH 43/93] IPA: Make ipa_hbac_sysdb_save() more generic MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Although there's no change in the ipa_hbac_sysdb_save() itself, its name has been changed to ipa_common_entries_and_groups_sysdb_save() and its been split out from HBAC related files and moved to the newly created ipa_rules_common.[ch] files, which will also be used in the future for new backend modules. ipa_rules_common.[ch] is not exactly the best name for those files, IMO, but I really cannot come up with something better. Related: https://pagure.io/SSSD/sssd/issue/2995 Signed-off-by: Fabiano Fidêncio Reviewed-by: Pavel Březina Reviewed-by: Jakub Hrozek --- Makefile.am | 2 + src/providers/ipa/ipa_access.c | 37 +++++--- src/providers/ipa/ipa_hbac_common.c | 134 ---------------------------- src/providers/ipa/ipa_hbac_private.h | 7 -- src/providers/ipa/ipa_rules_common.c | 163 +++++++++++++++++++++++++++++++++++ src/providers/ipa/ipa_rules_common.h | 40 +++++++++ 6 files changed, 230 insertions(+), 153 deletions(-) create mode 100644 src/providers/ipa/ipa_rules_common.c create mode 100644 src/providers/ipa/ipa_rules_common.h diff --git a/Makefile.am b/Makefile.am index faa2fbabab1ac727edbb1b5bdcbbebebc4a9fbf2..161db198061f1a636b77721b42997158543be68d 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3890,6 +3890,8 @@ libsss_ipa_la_SOURCES = \ src/providers/ipa/ipa_hbac_services.c \ src/providers/ipa/ipa_hbac_users.c \ src/providers/ipa/ipa_hbac_common.c \ + src/providers/ipa/ipa_rules_common.c \ + src/providers/ipa/ipa_rules_common.h \ src/providers/ipa/ipa_srv.c \ src/providers/ipa/ipa_idmap.c \ src/providers/ipa/ipa_dn.c \ diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 67838cd92f3a926139fccee262544fcb14a25e4d..262f146dae788a68a394cc44e3719f5e16ef5f03 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -32,6 +32,7 @@ #include "providers/ipa/ipa_hosts.h" #include "providers/ipa/ipa_hbac_private.h" #include "providers/ipa/ipa_hbac_rules.h" +#include "providers/ipa/ipa_rules_common.h" /* External logging function for HBAC. */ void hbac_debug_messages(const char *file, int line, @@ -515,10 +516,15 @@ static errno_t ipa_save_hbac(struct sss_domain_info *domain, in_transaction = true; /* Save the hosts */ - ret = ipa_hbac_sysdb_save(domain, HBAC_HOSTS_SUBDIR, SYSDB_FQDN, - state->host_count, state->hosts, - HBAC_HOSTGROUPS_SUBDIR, SYSDB_NAME, - state->hostgroup_count, state->hostgroups); + ret = ipa_common_entries_and_groups_sysdb_save(domain, + HBAC_HOSTS_SUBDIR, + SYSDB_FQDN, + state->host_count, + state->hosts, + HBAC_HOSTGROUPS_SUBDIR, + SYSDB_NAME, + state->hostgroup_count, + state->hostgroups); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Error saving hosts [%d]: %s\n", ret, sss_strerror(ret)); @@ -526,20 +532,27 @@ static errno_t ipa_save_hbac(struct sss_domain_info *domain, } /* Save the services */ - ret = ipa_hbac_sysdb_save(domain, HBAC_SERVICES_SUBDIR, IPA_CN, - state->service_count, state->services, - HBAC_SERVICEGROUPS_SUBDIR, IPA_CN, - state->servicegroup_count, - state->servicegroups); + ret = ipa_common_entries_and_groups_sysdb_save(domain, + HBAC_SERVICES_SUBDIR, + IPA_CN, + state->service_count, + state->services, + HBAC_SERVICEGROUPS_SUBDIR, + IPA_CN, + state->servicegroup_count, + state->servicegroups); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Error saving services [%d]: %s\n", ret, sss_strerror(ret)); goto done; } /* Save the rules */ - ret = ipa_hbac_sysdb_save(domain, HBAC_RULES_SUBDIR, IPA_UNIQUE_ID, - state->rule_count, state->rules, - NULL, NULL, 0, NULL); + ret = ipa_common_entries_and_groups_sysdb_save(domain, + HBAC_RULES_SUBDIR, + IPA_UNIQUE_ID, + state->rule_count, + state->rules, + NULL, NULL, 0, NULL); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Error saving rules [%d]: %s\n", ret, sss_strerror(ret)); diff --git a/src/providers/ipa/ipa_hbac_common.c b/src/providers/ipa/ipa_hbac_common.c index ba677965a3eb68a54baf99b1875bca2acbb76c99..3866ee2385b262a137c1521ee78a277158777c1a 100644 --- a/src/providers/ipa/ipa_hbac_common.c +++ b/src/providers/ipa/ipa_hbac_common.c @@ -23,140 +23,6 @@ #include "providers/ipa/ipa_hbac_private.h" #include "providers/ipa/ipa_common.h" -static errno_t -ipa_hbac_save_list(struct sss_domain_info *domain, - bool delete_subdir, const char *subdir, - const char *naming_attribute, size_t count, - struct sysdb_attrs **list) -{ - int ret; - size_t c; - struct ldb_dn *base_dn; - const char *object_name; - struct ldb_message_element *el; - TALLOC_CTX *tmp_ctx; - - tmp_ctx = talloc_new(NULL); - if (tmp_ctx == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); - return ENOMEM; - } - - if (delete_subdir) { - base_dn = sysdb_custom_subtree_dn(tmp_ctx, domain, subdir); - if (base_dn == NULL) { - ret = ENOMEM; - goto done; - } - - ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); - goto done; - } - } - - for (c = 0; c < count; c++) { - ret = sysdb_attrs_get_el(list[c], naming_attribute, &el); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); - goto done; - } - if (el->num_values == 0) { - DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute); - ret = EINVAL; - goto done; - } - object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data, - el->values[0].length); - if (object_name == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); - ret = ENOMEM; - goto done; - } - DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name); - - ret = sysdb_store_custom(domain, object_name, subdir, list[c]); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n"); - goto done; - } - } - - ret = EOK; - -done: - talloc_free(tmp_ctx); - return ret; -} - -errno_t -ipa_hbac_sysdb_save(struct sss_domain_info *domain, - const char *primary_subdir, const char *attr_name, - size_t primary_count, struct sysdb_attrs **primary, - const char *group_subdir, const char *groupattr_name, - size_t group_count, struct sysdb_attrs **groups) -{ - errno_t ret, sret; - bool in_transaction = false; - - if ((primary_count == 0 || primary == NULL) - || (group_count > 0 && groups == NULL)) { - /* There always has to be at least one - * primary entry. - */ - return EINVAL; - } - - /* Save the entries and groups to the cache */ - ret = sysdb_transaction_start(domain->sysdb); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); - goto done; - }; - in_transaction = true; - - /* First, save the specific entries */ - ret = ipa_hbac_save_list(domain, true, primary_subdir, - attr_name, primary_count, primary); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", - primary_subdir, ret, strerror(ret)); - goto done; - } - - /* Second, save the groups */ - if (group_count > 0) { - ret = ipa_hbac_save_list(domain, true, group_subdir, - groupattr_name, group_count, groups); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", - group_subdir, ret, strerror(ret)); - goto done; - } - } - - ret = sysdb_transaction_commit(domain->sysdb); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); - goto done; - } - in_transaction = false; - -done: - if (in_transaction) { - sret = sysdb_transaction_cancel(domain->sysdb); - if (sret != EOK) { - DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); - } - } - - if (ret != EOK) { - DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); - } - return ret; -} - errno_t replace_attribute_name(const char *old_name, const char *new_name, const size_t count, diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h index 8fc5dc6d03cc2373e32641a399157c900ec18107..ca0bd4710f40206a7c236f86ec7af01f266317fa 100644 --- a/src/providers/ipa/ipa_hbac_private.h +++ b/src/providers/ipa/ipa_hbac_private.h @@ -65,13 +65,6 @@ #define HBAC_SERVICEGROUPS_SUBDIR "hbac_servicegroups" /* From ipa_hbac_common.c */ -errno_t -ipa_hbac_sysdb_save(struct sss_domain_info *domain, - const char *primary_subdir, const char *attr_name, - size_t primary_count, struct sysdb_attrs **primary, - const char *group_subdir, const char *groupattr_name, - size_t group_count, struct sysdb_attrs **groups); - errno_t replace_attribute_name(const char *old_name, const char *new_name, const size_t count, diff --git a/src/providers/ipa/ipa_rules_common.c b/src/providers/ipa/ipa_rules_common.c new file mode 100644 index 0000000000000000000000000000000000000000..056d04dd1b622284634995f21dc0f2f0087c7741 --- /dev/null +++ b/src/providers/ipa/ipa_rules_common.c @@ -0,0 +1,163 @@ +/* + SSSD + + Authors: + Stephen Gallagher + + Copyright (C) 2011 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "providers/ipa/ipa_rules_common.h" + +static errno_t +ipa_common_save_list(struct sss_domain_info *domain, + bool delete_subdir, + const char *subdir, + const char *naming_attribute, + size_t count, + struct sysdb_attrs **list) +{ + int ret; + size_t c; + struct ldb_dn *base_dn; + const char *object_name; + struct ldb_message_element *el; + TALLOC_CTX *tmp_ctx; + + tmp_ctx = talloc_new(NULL); + if (tmp_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_new failed.\n"); + return ENOMEM; + } + + if (delete_subdir) { + base_dn = sysdb_custom_subtree_dn(tmp_ctx, domain, subdir); + if (base_dn == NULL) { + ret = ENOMEM; + goto done; + } + + ret = sysdb_delete_recursive(domain->sysdb, base_dn, true); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_delete_recursive failed.\n"); + goto done; + } + } + + for (c = 0; c < count; c++) { + ret = sysdb_attrs_get_el(list[c], naming_attribute, &el); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_attrs_get_el failed.\n"); + goto done; + } + if (el->num_values == 0) { + DEBUG(SSSDBG_CRIT_FAILURE, "[%s] not found.\n", naming_attribute); + ret = EINVAL; + goto done; + } + object_name = talloc_strndup(tmp_ctx, (const char *)el->values[0].data, + el->values[0].length); + if (object_name == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "talloc_strndup failed.\n"); + ret = ENOMEM; + goto done; + } + DEBUG(SSSDBG_TRACE_ALL, "Object name: [%s].\n", object_name); + + ret = sysdb_store_custom(domain, object_name, subdir, list[c]); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "sysdb_store_custom failed.\n"); + goto done; + } + } + + ret = EOK; + +done: + talloc_free(tmp_ctx); + return ret; +} + +errno_t +ipa_common_entries_and_groups_sysdb_save(struct sss_domain_info *domain, + const char *primary_subdir, + const char *attr_name, + size_t primary_count, + struct sysdb_attrs **primary, + const char *group_subdir, + const char *groupattr_name, + size_t group_count, + struct sysdb_attrs **groups) +{ + errno_t ret, sret; + bool in_transaction = false; + + if ((primary_count == 0 || primary == NULL) + || (group_count > 0 && groups == NULL)) { + /* There always has to be at least one + * primary entry. + */ + return EINVAL; + } + + /* Save the entries and groups to the cache */ + ret = sysdb_transaction_start(domain->sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to start transaction\n"); + goto done; + }; + in_transaction = true; + + /* First, save the specific entries */ + ret = ipa_common_save_list(domain, true, primary_subdir, + attr_name, primary_count, primary); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", + primary_subdir, ret, strerror(ret)); + goto done; + } + + /* Second, save the groups */ + if (group_count > 0) { + ret = ipa_common_save_list(domain, true, group_subdir, + groupattr_name, group_count, groups); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Could not save %s. [%d][%s]\n", + group_subdir, ret, strerror(ret)); + goto done; + } + } + + ret = sysdb_transaction_commit(domain->sysdb); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Failed to commit transaction\n"); + goto done; + } + in_transaction = false; + +done: + if (in_transaction) { + sret = sysdb_transaction_cancel(domain->sysdb); + if (sret != EOK) { + DEBUG(SSSDBG_FATAL_FAILURE, "Could not cancel sysdb transaction\n"); + } + } + + if (ret != EOK) { + DEBUG(SSSDBG_MINOR_FAILURE, "Error [%d][%s]\n", ret, strerror(ret)); + } + return ret; +} diff --git a/src/providers/ipa/ipa_rules_common.h b/src/providers/ipa/ipa_rules_common.h new file mode 100644 index 0000000000000000000000000000000000000000..38a6ba3a51f1553483e43a0a2dd186077f5089d4 --- /dev/null +++ b/src/providers/ipa/ipa_rules_common.h @@ -0,0 +1,40 @@ +/* + SSSD + + Authors: + Stephen Gallagher + + Copyright (C) 2011 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#ifndef IPA_RULES_COMMON_H_ +#define IPA_RULES_COMMON_H_ + +#include "providers/backend.h" + +/* From ipa_rules_common.c */ +errno_t +ipa_common_entries_and_groups_sysdb_save(struct sss_domain_info *domain, + const char *primary_subdir, + const char *attr_name, + size_t primary_count, + struct sysdb_attrs **primary, + const char *group_subdir, + const char *groupattr_name, + size_t group_count, + struct sysdb_attrs **groups); + +#endif /* IPA_RULES_COMMON_H_ */ -- 2.14.1