On Thu, Feb 02, 2012 at 09:01:29PM -0500, Stephen Gallagher wrote: > On Thu, 2012-02-02 at 12:36 +0100, Jakub Hrozek wrote: > > On Tue, Jan 31, 2012 at 08:28:37PM -0500, Stephen Gallagher wrote: > > > On Tue, 2012-01-31 at 16:02 +0100, Jakub Hrozek wrote: > > > > We will want to set this option (but perhaps not > > > > --enable-all-experimental-features) for F17 to be able to build the sudo > > > > library. > > > > > > > > https://fedorahosted.org/sssd/ticket/1145 > > > > > > > > At the time being the option is also turned on when > > > > --enable-all-experimental-features is specified. > > > > > > > > The second patch does the refactoring mentioned in #1145 - just moves > > > > code around so that there are no #ifdefs in the main part of LDAP code. > > > > > > Ack to the first, Nack to the second. > > > > > > There's no need for ldap_sudo.c AND sdap_sudo.c. > > > > > > > I thought the difference was that the ldap_*.c files contain > > one-shot initialization-time functions and the sdap_*.c files contain > > the actual async functions. > > > > > The only reason we still have ldap_*.c in the code is legacy. We > > > switched to the 'sdap' prefix a long while ago to avoid potential > > > conflicts (as well as confusion whether a particular file was part of > > > SSSD or openldap). Just put it into sdap_sudo.c please. > > > > > > (One of these days we should just rename those old files to avoid > > > confusion...) > > > > New patches attached. > > > Ack.
Sorry, self-nack. I realized that the patch would break IPA provider. We can't use sssm_ldap_*_init in sdap_sudo.c because that is also used by the IPA provider which wouldn't be able to resolve symbols. New patches attached.
From 172787289e0c891df38ee0968b9442f49560809c Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <[email protected]> Date: Sun, 29 Jan 2012 19:04:12 +0100 Subject: [PATCH 1/2] SUDO: introduce a new config option --with-sudo At the time being the option is also turned on when --enable-all-experimental-features is specified. https://fedorahosted.org/sssd/ticket/1145 --- configure.ac | 6 +----- src/conf_macros.m4 | 23 +++++++++++++++++++++++ 2 files changed, 24 insertions(+), 5 deletions(-) diff --git a/configure.ac b/configure.ac index baea45ca19db9cb8b1b3a9b4e261bb6ca3d0721e..65136e1cdb3f3f50f74373cad82d4e00c176901b 100644 --- a/configure.ac +++ b/configure.ac @@ -94,6 +94,7 @@ WITH_SEMANAGE WITH_LIBNL WITH_NOLOGIN_SHELL WITH_APP_LIBS +WITH_SUDO m4_include([src/external/pkg.m4]) m4_include([src/external/libpopt.m4]) @@ -236,11 +237,6 @@ AM_CONDITIONAL([HAVE_DOXYGEN], [test x$DOXYGEN != xfalse ]) AM_CONDITIONAL([HAVE_CHECK], [test x$have_check != x]) -AM_CONDITIONAL([BUILD_SUDO], [test x$build_all_experimental_features != xno]) -if test x$build_all_experimental_features != xno; then - AC_DEFINE(BUILD_SUDO, 1, [whether to build with SUDO support]) -fi - abs_build_dir=`pwd` AC_DEFINE_UNQUOTED([ABS_BUILD_DIR], ["$abs_build_dir"], [Absolute path to the build directory]) AC_SUBST([abs_builddir], $abs_build_dir) diff --git a/src/conf_macros.m4 b/src/conf_macros.m4 index 537b9857aaf74675a45b4bf62b5612d09a28ca3c..f33194444058247537c135623732df95bc17235f 100644 --- a/src/conf_macros.m4 +++ b/src/conf_macros.m4 @@ -401,3 +401,26 @@ AC_DEFUN([WITH_APP_LIBS], AC_SUBST(appmodpath) AC_DEFINE_UNQUOTED(APP_MODULES_PATH, "$config_appmodpath", [Path to the 3rd party modules]) ]) + +AC_DEFUN([WITH_SUDO], + [ AC_ARG_WITH([sudo], + [AC_HELP_STRING([--with-sudo], + [Whether to build with sudo support [no]] + ) + ], + [with_sudo=$withval], + [] + ) + + dnl Remove when sudo goes out of experimental + if test x"$enable_all_experimental_features" = xyes; then + if test x"$with_sudo" != xno; then + with_sudo=yes + fi + fi + + if test x"$with_sudo" = xyes; then + AC_DEFINE(BUILD_SUDO, 1, [whether to build with SUDO support]) + fi + AM_CONDITIONAL([BUILD_SUDO], [test x"$with_sudo" = xyes]) + ]) -- 1.7.7.6
From 1e749153dd1f2f3d8319e7b55d03413b439c25dc Mon Sep 17 00:00:00 2001 From: Jakub Hrozek <[email protected]> Date: Sun, 29 Jan 2012 20:13:35 +0100 Subject: [PATCH 2/2] Move BUILD_SUDO outside the generic LDAP source files Avoid #ifdefs in the general part of the code --- src/providers/ldap/ldap_common.c | 60 --------------------- src/providers/ldap/ldap_common.h | 12 ++--- src/providers/ldap/ldap_init.c | 35 +++---------- src/providers/ldap/sdap_sudo.c | 107 ++++++++++++++++++++++++++++++++++++++ src/providers/ldap/sdap_sudo.h | 8 +++ 5 files changed, 127 insertions(+), 95 deletions(-) diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 786e06b3d936f0cb2c86b0df2a399c14913e03fe..f13ce3f8728eca43de24cdc1e6f9010e5567cb7e 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -26,7 +26,6 @@ #include "providers/fail_over.h" #include "providers/ldap/sdap_async_private.h" #include "providers/krb5/krb5_common.h" -#include "providers/ldap/sdap_sudo_timer.h" #include "db/sysdb_sudo.h" #include "db/sysdb_services.h" @@ -598,65 +597,6 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx, return EOK; } -#ifdef BUILD_SUDO -int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx) -{ - struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; - struct timeval tv; - int ret = EOK; - bool refreshed = false; - bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic, - SDAP_SUDO_REFRESH_ENABLED); - - /* set up periodical update of sudo rules */ - if (refresh_enabled) { - refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx, - id_ctx->opts, - tevent_timeval_zero()); - if (refresh_ctx == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, - ("sdap_sudo_refresh_ctx_init() failed!\n")); - return ENOMEM; - } - - /* If this is the first startup, we need to kick off - * an refresh immediately, to close a window where - * clients requesting sudo information won't get an - * immediate reply with no entries - */ - ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed); - if (ret != EOK) { - return ret; - } - if (refreshed) { - /* At least one update has previously run, - * so clients will get cached data. We will delay - * starting to enumerate by 10s so we don't slow - * down the startup process if this is happening - * during system boot. - */ - tv = tevent_timeval_current_ofs(10, 0); - DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules " - "for 10 seconds\n")); - } else { - /* This is our first startup. Schedule the - * update to start immediately once we - * enter the mainloop. - */ - tv = tevent_timeval_current(); - } - - ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); - if (ret != EOK) { - talloc_free(refresh_ctx); - return ret; - } - } - - return EOK; -} -#endif - errno_t sdap_parse_search_base(TALLOC_CTX *mem_ctx, struct dp_option *opts, int class, struct sdap_search_base ***_search_bases) diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index cda21da41248cb693ccfc6a85b74c797b451424f..603a1ed921f7246b0362d457539a16c2163e2834 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -68,6 +68,10 @@ struct sdap_auth_ctx { struct sdap_service *chpass_service; }; +int sssm_ldap_id_init(struct be_ctx *bectx, + struct bet_ops **ops, + void **pvt_data); + void sdap_check_online(struct be_req *breq); void sdap_do_online_check(struct be_req *be_req, struct sdap_id_ctx *ctx); @@ -85,14 +89,6 @@ void sdap_pam_chpass_handler(struct be_req *breq); /* access */ void sdap_pam_access_handler(struct be_req *breq); -#ifdef BUILD_SUDO -/* sudo */ -void sdap_sudo_handler(struct be_req *breq); -int sdap_sudo_setup_tasks(struct sdap_id_ctx *ctx); -#endif - - - void sdap_handler_done(struct be_req *req, int dp_err, int error, const char *errstr); diff --git a/src/providers/ldap/ldap_init.c b/src/providers/ldap/ldap_init.c index 2721b00027bf6397f8952de1e50507e820a868da..dd61a1e1a8b8f5361052361bc8b1a8784c52bd69 100644 --- a/src/providers/ldap/ldap_init.c +++ b/src/providers/ldap/ldap_init.c @@ -55,14 +55,6 @@ struct bet_ops sdap_access_ops = { .finalize = sdap_shutdown }; -/* SUDO Handler */ -#ifdef BUILD_SUDO -struct bet_ops sdap_sudo_ops = { - .handler = sdap_sudo_handler, - .finalize = sdap_shutdown -}; -#endif - /* Please use this only for short lists */ errno_t check_order_list_for_duplicates(char **list, bool case_sensitive) @@ -399,35 +391,24 @@ int sssm_ldap_sudo_init(struct be_ctx *be_ctx, struct bet_ops **ops, void **pvt_data) { -#ifdef BUILD_SUDO - struct sdap_id_ctx *id_ctx = NULL; - void *data = NULL; + struct sdap_id_ctx *id_ctx; + void *data; int ret; ret = sssm_ldap_id_init(be_ctx, ops, &data); if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot init LDAP ID provider [%d]: %s\n", + ret, strerror(ret))); return ret; } id_ctx = talloc_get_type(data, struct sdap_id_ctx); - *ops = &sdap_sudo_ops; - *pvt_data = id_ctx; - - ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, - be_ctx->conf_path, id_ctx->opts); - if (ret != EOK) { - return ret; - } - - ret = sdap_sudo_setup_tasks(id_ctx); - if (ret != EOK) { - return ret; + if (!id_ctx) { + DEBUG(SSSDBG_CRIT_FAILURE, ("No ID provider?\n")); + return EIO; } - return ret; -#else - return EOK; -#endif + return sdap_sudo_init(be_ctx, id_ctx, ops, &data); } static void sdap_shutdown(struct be_req *req) diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c index aed937f9f3008df7ef30fd624689f685ca9aefbc..81dcb0d7c44df88525dcf14dbee62b5e74d03708 100644 --- a/src/providers/ldap/sdap_sudo.c +++ b/src/providers/ldap/sdap_sudo.c @@ -28,8 +28,115 @@ #include "providers/ldap/sdap_async.h" #include "providers/ldap/sdap_sudo.h" #include "providers/ldap/sdap_sudo_cache.h" +#include "providers/ldap/sdap_sudo_timer.h" #include "db/sysdb_sudo.h" +static void +sdap_sudo_shutdown(struct be_req *req) +{ + sdap_handler_done(req, DP_ERR_OK, EOK, NULL); +} + +struct bet_ops sdap_sudo_ops = { + .handler = sdap_sudo_handler, + .finalize = sdap_sudo_shutdown +}; + +int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx); + +int sdap_sudo_init(struct be_ctx *be_ctx, + struct sdap_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data) +{ +#ifdef BUILD_SUDO + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n")); + + *ops = &sdap_sudo_ops; + *pvt_data = id_ctx; + + ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb, + be_ctx->conf_path, id_ctx->opts); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + + ret = sdap_sudo_setup_tasks(id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, ("SUDO setup failed [%d]: %s\n", + ret, strerror(ret))); + return ret; + } + + return EOK; +#else + DEBUG(SSSDBG_MINOR_FAILURE, ("Sudo init handler called but SSSD is " + "built without sudo support, ignoring\n")); + return EOK; +#endif +} + +int sdap_sudo_setup_tasks(struct sdap_id_ctx *id_ctx) +{ + struct sdap_sudo_refresh_ctx *refresh_ctx = NULL; + struct timeval tv; + int ret = EOK; + bool refreshed = false; + bool refresh_enabled = dp_opt_get_bool(id_ctx->opts->basic, + SDAP_SUDO_REFRESH_ENABLED); + + /* set up periodical update of sudo rules */ + if (refresh_enabled) { + refresh_ctx = sdap_sudo_refresh_ctx_init(id_ctx, id_ctx->be, id_ctx, + id_ctx->opts, + tevent_timeval_zero()); + if (refresh_ctx == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, + ("sdap_sudo_refresh_ctx_init() failed!\n")); + return ENOMEM; + } + + /* If this is the first startup, we need to kick off + * an refresh immediately, to close a window where + * clients requesting sudo information won't get an + * immediate reply with no entries + */ + ret = sysdb_sudo_get_refreshed(id_ctx->be->sysdb, &refreshed); + if (ret != EOK) { + return ret; + } + if (refreshed) { + /* At least one update has previously run, + * so clients will get cached data. We will delay + * starting to enumerate by 10s so we don't slow + * down the startup process if this is happening + * during system boot. + */ + tv = tevent_timeval_current_ofs(10, 0); + DEBUG(SSSDBG_FUNC_DATA, ("Delaying first refresh of SUDO rules " + "for 10 seconds\n")); + } else { + /* This is our first startup. Schedule the + * update to start immediately once we + * enter the mainloop. + */ + tv = tevent_timeval_current(); + } + + ret = sdap_sudo_refresh_set_timer(refresh_ctx, tv); + if (ret != EOK) { + talloc_free(refresh_ctx); + return ret; + } + } + + return EOK; +} + struct sdap_sudo_load_sudoers_state { struct tevent_context *ev; struct sdap_sudo_ctx *sudo_ctx; diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h index b0e66089ae3bf3ac15fe6b9ea04b796b475f4b49..dd42f368e47ffdf54d0c3c0caa7c999227150263 100644 --- a/src/providers/ldap/sdap_sudo.h +++ b/src/providers/ldap/sdap_sudo.h @@ -21,6 +21,14 @@ #ifndef _SDAP_SUDO_H_ #define _SDAP_SUDO_H_ +/* Common functions from ldap_sudo.c */ +void sdap_sudo_handler(struct be_req *breq); +int sdap_sudo_init(struct be_ctx *be_ctx, + struct sdap_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data); + +/* sdap async interface */ struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx, struct be_ctx *be_ctx, struct be_sudo_req *sudo_req, -- 1.7.7.6
_______________________________________________ sssd-devel mailing list [email protected] https://fedorahosted.org/mailman/listinfo/sssd-devel
