static errno_t be_refresh_get_values_ex(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
time_t period,
const char *objectclass,
struct ldb_dn *base_dn,
const char *attr,
char ***_values)
{
TALLOC_CTX *tmp_ctx = NULL;
const char *attrs[] = {attr, NULL};
const char *filter = NULL;
char **values = NULL;
struct ldb_message **msgs = NULL;
struct sysdb_attrs **records = NULL;
size_t count;
time_t now = time(NULL);
errno_t ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
filter = talloc_asprintf(tmp_ctx, "(&(%s<=%lld))",
SYSDB_CACHE_EXPIRE, (long long) now + period);
if (filter == NULL) {
ret = ENOMEM;
goto done;
}
ret = sysdb_search_entry(tmp_ctx, domain->sysdb, base_dn,
LDB_SCOPE_SUBTREE, filter, attrs,
&count, &msgs);
if (ret == ENOENT) {
count = 0;
} else if (ret != EOK) {
goto done;
}
ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &records);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not convert ldb message to sysdb_attrs\n");
goto done;
}
ret = sysdb_attrs_to_list(tmp_ctx, records, count, attr, &values);
if (ret != EOK) {
goto done;
}
*_values = talloc_steal(mem_ctx, values);
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
static errno_t sudosrv_query_cache(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
const char **attrs,
const char *filter,
struct sysdb_attrs ***_rules,
uint32_t *_count)
{
TALLOC_CTX *tmp_ctx;
errno_t ret;
size_t count;
struct sysdb_attrs **rules;
struct ldb_message **msgs;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
return ENOMEM;
}
DEBUG(SSSDBG_FUNC_DATA, "Searching sysdb with [%s]\n", filter);
if (IS_SUBDOMAIN(domain)) {
/* rules are stored inside parent domain tree */
domain = domain->parent;
}
ret = sysdb_search_custom(tmp_ctx, domain, filter, SUDORULE_SUBDIR,
attrs, &count, &msgs);
if (ret == ENOENT) {
*_rules = NULL;
*_count = 0;
ret = EOK;
goto done;
} else if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Error looking up SUDO rules\n");
goto done;
}
ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &rules);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE,
"Could not convert ldb message to sysdb_attrs\n");
goto done;
}
*_rules = talloc_steal(mem_ctx, rules);
*_count = (uint32_t)count;
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
static errno_t sssctl_query_cache(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct ldb_dn *base_dn,
const char *filter,
const char **attrs,
struct sysdb_attrs **_entry)
{
TALLOC_CTX *tmp_ctx;
struct sysdb_attrs **sysdb_attrs;
struct ldb_message **msgs;
size_t count;
errno_t ret;
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Out of memory!\n");
return ENOMEM;
}
ret = sysdb_search_entry(tmp_ctx, sysdb, base_dn, LDB_SCOPE_SUBTREE,
filter, attrs, &count, &msgs);
if (ret == ENOENT) {
DEBUG(SSSDBG_TRACE_FUNC, "No result\n");
goto done;
} else if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to search sysdb "
"[%d]: %s\n", ret, sss_strerror(ret));
goto done;
}
if (count != 1) {
DEBUG(SSSDBG_CRIT_FAILURE, "Search returned more than one result!\n");
ret = ERR_INTERNAL;
goto done;
}
ret = sysdb_msg2attrs(tmp_ctx, count, msgs, &sysdb_attrs);
if (ret != EOK) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to convert message to sysdb attrs "
"[%d]: %s\n", ret, sss_strerror(ret));
goto done;
}
*_entry = talloc_steal(mem_ctx, sysdb_attrs[0]);
done:
talloc_free(tmp_ctx);
return ret;
}
errno_t hbac_get_cached_rules(TALLOC_CTX *mem_ctx,
struct sss_domain_info *domain,
size_t *_rule_count,
struct sysdb_attrs ***_rules)
{
errno_t ret;
struct ldb_message **msgs;
struct sysdb_attrs **rules;
size_t rule_count;
TALLOC_CTX *tmp_ctx;
char *filter;
const char *attrs[] = { OBJECTCLASS,
IPA_CN,
SYSDB_ORIG_DN,
IPA_UNIQUE_ID,
IPA_ENABLED_FLAG,
IPA_ACCESS_RULE_TYPE,
IPA_MEMBER_USER,
IPA_USER_CATEGORY,
IPA_MEMBER_SERVICE,
IPA_SERVICE_CATEGORY,
IPA_SOURCE_HOST,
IPA_SOURCE_HOST_CATEGORY,
IPA_EXTERNAL_HOST,
IPA_MEMBER_HOST,
IPA_HOST_CATEGORY,
NULL };
tmp_ctx = talloc_new(NULL);
if (tmp_ctx == NULL) return ENOMEM;
filter = talloc_asprintf(tmp_ctx, "(objectClass=%s)", IPA_HBAC_RULE);
if (filter == NULL) {
ret = ENOMEM;
goto done;
}
ret = sysdb_search_custom(tmp_ctx, domain->sysdb, domain, filter,
HBAC_RULES_SUBDIR, attrs,
&rule_count, &msgs);
if (ret != EOK && ret != ENOENT) {
DEBUG(1, ("Error looking up HBAC rules"));
goto done;
} if (ret == ENOENT) {
rule_count = 0;
}
ret = sysdb_msg2attrs(tmp_ctx, rule_count, msgs, &rules);
if (ret != EOK) {
DEBUG(1, ("Could not convert ldb message to sysdb_attrs\n"));
goto done;
}
if (_rules) *_rules = talloc_steal(mem_ctx, rules);
if (_rule_count) *_rule_count = rule_count;
ret = EOK;
done:
talloc_free(tmp_ctx);
return ret;
}
