errno_t
sysdb_get_ssh_known_hosts(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *domain,
time_t now,
const char **attrs,
struct ldb_message ***hosts,
size_t *num_hosts)
{
TALLOC_CTX *tmp_ctx;
errno_t ret;
const char *filter;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
filter = talloc_asprintf(tmp_ctx, "(%s>=%ld)",
SYSDB_SSH_KNOWN_HOSTS_EXPIRE, (long)now);
if (!filter) {
ret = ENOMEM;
goto done;
}
ret = sysdb_search_ssh_hosts(mem_ctx, sysdb, domain, filter, attrs,
hosts, num_hosts);
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t
sysdb_get_ssh_host(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sss_domain_info *domain,
const char *name,
const char **attrs,
struct ldb_message **host)
{
TALLOC_CTX *tmp_ctx;
errno_t ret;
const char *filter;
struct ldb_message **hosts;
size_t num_hosts;
tmp_ctx = talloc_new(NULL);
if (!tmp_ctx) {
return ENOMEM;
}
filter = talloc_asprintf(tmp_ctx, "(%s=%s)", SYSDB_NAME, name);
if (!filter) {
ret = ENOMEM;
goto done;
}
ret = sysdb_search_ssh_hosts(tmp_ctx, sysdb, domain, filter, attrs,
&hosts, &num_hosts);
if (ret != EOK) {
goto done;
}
if (num_hosts > 1) {
ret = EINVAL;
DEBUG(SSSDBG_CRIT_FAILURE,
("Found more than one host with name %s\n", name));
goto done;
}
*host = talloc_steal(mem_ctx, hosts[0]);
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
static bool invalidate_entries(TALLOC_CTX *ctx,
struct sss_domain_info *dinfo,
enum sss_cache_entry entry_type,
const char *filter, const char *name)
{
const char *attrs[] = {SYSDB_NAME, NULL};
size_t msg_count;
struct ldb_message **msgs;
const char *type_string = "unknown";
errno_t ret = EINVAL;
int i;
const char *c_name;
bool iret;
if (!filter) return false;
switch (entry_type) {
case TYPE_USER:
type_string = "user";
ret = sysdb_search_users(ctx, dinfo,
filter, attrs, &msg_count, &msgs);
break;
case TYPE_GROUP:
type_string = "group";
ret = sysdb_search_groups(ctx, dinfo,
filter, attrs, &msg_count, &msgs);
break;
case TYPE_NETGROUP:
type_string = "netgroup";
ret = sysdb_search_netgroups(ctx, dinfo,
filter, attrs, &msg_count, &msgs);
break;
case TYPE_SERVICE:
type_string = "service";
ret = sysdb_search_services(ctx, dinfo,
filter, attrs, &msg_count, &msgs);
break;
case TYPE_AUTOFSMAP:
type_string = "autofs map";
ret = search_autofsmaps(ctx, dinfo, filter, attrs, &msg_count, &msgs);
break;
case TYPE_SSH_HOST:
type_string = "ssh_host";
#ifdef BUILD_SSH
ret = sysdb_search_ssh_hosts(ctx, dinfo,
filter, attrs, &msg_count, &msgs);
#else /* BUILD_SSH */
ret = ENOSYS;
#endif /* BUILD_SSH */
break;
}
if (ret != EOK) {
if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_FUNC, "'%s' %s: Not found in domain '%s'\n",
type_string, name ? name : "", dinfo->name);
} else {
DEBUG(SSSDBG_CRIT_FAILURE,
"Searching for %s in domain %s with filter %s failed\n",
type_string, dinfo->name, filter);
}
return false;
}
iret = true;
for (i = 0; i < msg_count; i++) {
c_name = ldb_msg_find_attr_as_string(msgs[i], SYSDB_NAME, NULL);
if (c_name == NULL) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Something bad happened, can't find attribute %s\n",
SYSDB_NAME);
ERROR("Couldn't invalidate %1$s\n", type_string);
iret = false;
} else {
ret = invalidate_entry(ctx, dinfo, c_name, entry_type);
if (ret != EOK) {
DEBUG(SSSDBG_MINOR_FAILURE,
"Couldn't invalidate %s %s\n", type_string, c_name);
ERROR("Couldn't invalidate %1$s %2$s\n", type_string, c_name);
iret = false;
}
}
}
talloc_zfree(msgs);
return iret;
}
