Skip to content

Commit

Permalink
ipa: implement method to refresh HBAC rules
Browse files Browse the repository at this point in the history 
Related:
https://pagure.io/SSSD/sssd/issue/2840

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
  • Loading branch information
@pbrezina @jhrozek
pbrezina authored and jhrozek committed Nov 21, 2017
1 parent e737cdf commit 2754a8d
Show file tree
Hide file tree
Showing 3 changed files with 80 additions and 2 deletions.
68 changes: 66 additions & 2 deletions src/providers/ipa/ipa_access.c
View file
Expand Up @@ -682,8 +682,8 @@ static void ipa_pam_access_handler_done(struct tevent_req *subreq)

errno_t
ipa_pam_access_handler_recv(TALLOC_CTX *mem_ctx,
struct tevent_req *req,
struct pam_data **_data)
struct tevent_req *req,
struct pam_data **_data)
{
struct ipa_pam_access_handler_state *state = NULL;

Expand All @@ -695,3 +695,67 @@ ipa_pam_access_handler_recv(TALLOC_CTX *mem_ctx,

return EOK;
}

struct ipa_refresh_access_rules_state {
int dummy;
};

static void ipa_refresh_access_rules_done(struct tevent_req *subreq);

struct tevent_req *
ipa_refresh_access_rules_send(TALLOC_CTX *mem_ctx,
struct ipa_access_ctx *access_ctx,
void *no_input_data,
struct dp_req_params *params)
{
struct ipa_refresh_access_rules_state *state;
struct tevent_req *subreq;
struct tevent_req *req;

DEBUG(SSSDBG_TRACE_FUNC, "Refreshing HBAC rules\n");

req = tevent_req_create(mem_ctx, &state,
struct ipa_refresh_access_rules_state);
if (req == NULL) {
DEBUG(SSSDBG_CRIT_FAILURE, "Unable to create tevent request!\n");
return NULL;
}

subreq = ipa_fetch_hbac_send(state, params->ev, params->be_ctx, access_ctx);
if (subreq == NULL) {
tevent_req_error(req, ENOMEM);
tevent_req_post(req, params->ev);
return req;
}

tevent_req_set_callback(subreq, ipa_refresh_access_rules_done, req);

return req;
}

static void ipa_refresh_access_rules_done(struct tevent_req *subreq)
{
struct tevent_req *req;
errno_t ret;

req = tevent_req_callback_data(subreq, struct tevent_req);

ret = ipa_fetch_hbac_recv(subreq);
talloc_zfree(subreq);
if (ret != EOK) {
tevent_req_error(req, ret);
return;
}

tevent_req_done(req);
return;
}

errno_t ipa_refresh_access_rules_recv(TALLOC_CTX *mem_ctx,
struct tevent_req *req,
void **_no_output_data)
{
TEVENT_REQ_RETURN_ON_ERROR(req);

return EOK;
}
10 changes: 10 additions & 0 deletions src/providers/ipa/ipa_access.h
View file
Expand Up @@ -63,4 +63,14 @@ ipa_pam_access_handler_recv(TALLOC_CTX *mem_ctx,
struct tevent_req *req,
struct pam_data **_data);

struct tevent_req *
ipa_refresh_access_rules_send(TALLOC_CTX *mem_ctx,
struct ipa_access_ctx *access_ctx,
void *no_input_data,
struct dp_req_params *params);

errno_t ipa_refresh_access_rules_recv(TALLOC_CTX *mem_ctx,
struct tevent_req *req,
void **_no_output_data);

#endif /* _IPA_ACCESS_H_ */
4 changes: 4 additions & 0 deletions src/providers/ipa/ipa_init.c
View file
Expand Up @@ -831,6 +831,10 @@ errno_t sssm_ipa_access_init(TALLOC_CTX *mem_ctx,
ipa_pam_access_handler_send, ipa_pam_access_handler_recv, access_ctx,
struct ipa_access_ctx, struct pam_data, struct pam_data *);

dp_set_method(dp_methods, DPM_REFRESH_ACCESS_RULES,
ipa_refresh_access_rules_send, ipa_refresh_access_rules_recv, access_ctx,
struct ipa_access_ctx, void, void *);

ret = EOK;

done:
Expand Down

0 comments on commit 2754a8d

Please sign in to comment.