|
 |
ced1f5 |
From 42f16ffa434de2efcdb9010df39dfe7cc619dfb0 Mon Sep 17 00:00:00 2001
|
|
|
ced1f5 |
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
|
ced1f5 |
Date: Thu, 2 Nov 2017 14:59:19 +0100
|
|
|
ced1f5 |
Subject: [PATCH 51/57] ipa: implement method to refresh HBAC rules
|
|
|
ced1f5 |
MIME-Version: 1.0
|
|
|
ced1f5 |
Content-Type: text/plain; charset=UTF-8
|
|
|
ced1f5 |
Content-Transfer-Encoding: 8bit
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Related:
|
|
|
ced1f5 |
https://pagure.io/SSSD/sssd/issue/2840
|
|
|
ced1f5 |
|
|
|
ced1f5 |
Reviewed-by: Fabiano FidĂȘncio <fidencio@redhat.com>
|
|
|
ced1f5 |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
ced1f5 |
(cherry picked from commit 2754a8dcfa937d45b024a2e57419248bfd4c4919)
|
|
|
ced1f5 |
---
|
|
|
ced1f5 |
src/providers/ipa/ipa_access.c | 68 ++++++++++++++++++++++++++++++++++++++++--
|
|
|
ced1f5 |
src/providers/ipa/ipa_access.h | 10 +++++++
|
|
|
ced1f5 |
src/providers/ipa/ipa_init.c | 4 +++
|
|
|
ced1f5 |
3 files changed, 80 insertions(+), 2 deletions(-)
|
|
|
ced1f5 |
|
|
|
ced1f5 |
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
|
|
|
ced1f5 |
index 32ccf541c9436b633e7724b2c44ee545810a7fb8..de9f68170b6e9c38fd8b6d23f1d565250bbf78d2 100644
|
|
|
ced1f5 |
--- a/src/providers/ipa/ipa_access.c
|
|
|
ced1f5 |
+++ b/src/providers/ipa/ipa_access.c
|
|
|
ced1f5 |
@@ -682,8 +682,8 @@ done:
|
|
|
ced1f5 |
|
|
|
ced1f5 |
errno_t
|
|
|
ced1f5 |
ipa_pam_access_handler_recv(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
- struct tevent_req *req,
|
|
|
ced1f5 |
- struct pam_data **_data)
|
|
|
ced1f5 |
+ struct tevent_req *req,
|
|
|
ced1f5 |
+ struct pam_data **_data)
|
|
|
ced1f5 |
{
|
|
|
ced1f5 |
struct ipa_pam_access_handler_state *state = NULL;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
@@ -695,3 +695,67 @@ ipa_pam_access_handler_recv(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
|
|
|
ced1f5 |
return EOK;
|
|
|
ced1f5 |
}
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+struct ipa_refresh_access_rules_state {
|
|
|
ced1f5 |
+ int dummy;
|
|
|
ced1f5 |
+};
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+static void ipa_refresh_access_rules_done(struct tevent_req *subreq);
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+struct tevent_req *
|
|
|
ced1f5 |
+ipa_refresh_access_rules_send(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
+ struct ipa_access_ctx *access_ctx,
|
|
|
ced1f5 |
+ void *no_input_data,
|
|
|
ced1f5 |
+ struct dp_req_params *params)
|
|
|
ced1f5 |
+{
|
|
|
ced1f5 |
+ struct ipa_refresh_access_rules_state *state;
|
|
|
ced1f5 |
+ struct tevent_req *subreq;
|
|
|
ced1f5 |
+ struct tevent_req *req;
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ DEBUG(SSSDBG_TRACE_FUNC, "Refreshing HBAC rules\n");
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ req = tevent_req_create(mem_ctx, &state,
|
|
|
ced1f5 |
+ struct ipa_refresh_access_rules_state);
|
|
|
ced1f5 |
+ if (req == NULL) {
|
|
|
ced1f5 |
+ DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n");
|
|
|
ced1f5 |
+ return NULL;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ subreq = ipa_fetch_hbac_send(state, params->ev, params->be_ctx, access_ctx);
|
|
|
ced1f5 |
+ if (subreq == NULL) {
|
|
|
ced1f5 |
+ tevent_req_error(req, ENOMEM);
|
|
|
ced1f5 |
+ tevent_req_post(req, params->ev);
|
|
|
ced1f5 |
+ return req;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ tevent_req_set_callback(subreq, ipa_refresh_access_rules_done, req);
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ return req;
|
|
|
ced1f5 |
+}
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+static void ipa_refresh_access_rules_done(struct tevent_req *subreq)
|
|
|
ced1f5 |
+{
|
|
|
ced1f5 |
+ struct tevent_req *req;
|
|
|
ced1f5 |
+ errno_t ret;
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ req = tevent_req_callback_data(subreq, struct tevent_req);
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ ret = ipa_fetch_hbac_recv(subreq);
|
|
|
ced1f5 |
+ talloc_zfree(subreq);
|
|
|
ced1f5 |
+ if (ret != EOK) {
|
|
|
ced1f5 |
+ tevent_req_error(req, ret);
|
|
|
ced1f5 |
+ return;
|
|
|
ced1f5 |
+ }
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ tevent_req_done(req);
|
|
|
ced1f5 |
+ return;
|
|
|
ced1f5 |
+}
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+errno_t ipa_refresh_access_rules_recv(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
+ struct tevent_req *req,
|
|
|
ced1f5 |
+ void **_no_output_data)
|
|
|
ced1f5 |
+{
|
|
|
ced1f5 |
+ TEVENT_REQ_RETURN_ON_ERROR(req);
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+ return EOK;
|
|
|
ced1f5 |
+}
|
|
|
ced1f5 |
diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h
|
|
|
ced1f5 |
index de690350218bd47165a2b48c10059b8de96b718a..9cec0d1063fd39380a77093526e3240523752075 100644
|
|
|
ced1f5 |
--- a/src/providers/ipa/ipa_access.h
|
|
|
ced1f5 |
+++ b/src/providers/ipa/ipa_access.h
|
|
|
ced1f5 |
@@ -63,4 +63,14 @@ ipa_pam_access_handler_recv(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
struct tevent_req *req,
|
|
|
ced1f5 |
struct pam_data **_data);
|
|
|
ced1f5 |
|
|
|
ced1f5 |
+struct tevent_req *
|
|
|
ced1f5 |
+ipa_refresh_access_rules_send(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
+ struct ipa_access_ctx *access_ctx,
|
|
|
ced1f5 |
+ void *no_input_data,
|
|
|
ced1f5 |
+ struct dp_req_params *params);
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
+errno_t ipa_refresh_access_rules_recv(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
+ struct tevent_req *req,
|
|
|
ced1f5 |
+ void **_no_output_data);
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
#endif /* _IPA_ACCESS_H_ */
|
|
|
ced1f5 |
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
|
|
|
ced1f5 |
index 5b7c8e1348f561901782c872078a0e7391d4ff75..f335d51fd65959d256c54a5d92c594a24e895b7c 100644
|
|
|
ced1f5 |
--- a/src/providers/ipa/ipa_init.c
|
|
|
ced1f5 |
+++ b/src/providers/ipa/ipa_init.c
|
|
|
ced1f5 |
@@ -831,6 +831,10 @@ errno_t sssm_ipa_access_init(TALLOC_CTX *mem_ctx,
|
|
|
ced1f5 |
ipa_pam_access_handler_send, ipa_pam_access_handler_recv, access_ctx,
|
|
|
ced1f5 |
struct ipa_access_ctx, struct pam_data, struct pam_data *);
|
|
|
ced1f5 |
|
|
|
ced1f5 |
+ dp_set_method(dp_methods, DPM_REFRESH_ACCESS_RULES,
|
|
|
ced1f5 |
+ ipa_refresh_access_rules_send, ipa_refresh_access_rules_recv, access_ctx,
|
|
|
ced1f5 |
+ struct ipa_access_ctx, void, void *);
|
|
|
ced1f5 |
+
|
|
|
ced1f5 |
ret = EOK;
|
|
|
ced1f5 |
|
|
|
ced1f5 |
done:
|
|
|
ced1f5 |
--
|
|
|
ced1f5 |
2.14.3
|
|
|
ced1f5 |
|