diff options
author | Jan Zeleny <jzeleny@redhat.com> | 2012-02-07 07:01:20 -0500 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-24 14:58:26 -0500 |
commit | fdab7bbf8933351f6254438c30ff361cd748b15a (patch) | |
tree | f782a369096adae55d1d7776219414c4a4d309e5 | |
parent | 2f3ee3f49019f5b60adbe073070f31e6e2d7c7ab (diff) | |
download | sssd-fdab7bbf8933351f6254438c30ff361cd748b15a.tar.gz sssd-fdab7bbf8933351f6254438c30ff361cd748b15a.tar.xz sssd-fdab7bbf8933351f6254438c30ff361cd748b15a.zip |
IPA hosts refactoring
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 20 | ||||
-rw-r--r-- | src/db/sysdb.h | 4 | ||||
-rw-r--r-- | src/providers/ipa/ipa_access.c | 24 | ||||
-rw-r--r-- | src/providers/ipa/ipa_access.h | 3 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.c | 52 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.h | 17 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_hosts.c | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hbac_private.h | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hostid.c | 13 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hostid.h | 2 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hosts.c | 101 | ||||
-rw-r--r-- | src/providers/ipa/ipa_hosts.h | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_init.c | 10 | ||||
-rw-r--r-- | src/providers/ipa/ipa_netgroups.c | 6 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux_maps.c | 11 | ||||
-rw-r--r-- | src/providers/ipa/ipa_selinux_maps.h | 1 | ||||
-rw-r--r-- | src/providers/ipa/ipa_session.c | 26 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 2 |
18 files changed, 156 insertions, 154 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 3e3384d94..6ed92eabe 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -124,9 +124,29 @@ krb5_fast_principal = str, None, false ipa_hbac_refresh = int, None, false ipa_hbac_treat_deny_as = str, None, false ipa_hbac_support_srchost = bool, None, false +ipa_host_object_class = str, None, false +ipa_host_name = str, None, false +ipa_host_fqdn = str, None, false +ipa_host_serverhostname = str, None, false +ipa_host_member_of = str, None, false +ipa_host_ssh_public_key = str, None, false +ipa_host_uuid = str, None, false +ipa_hostgroup_objectclass = str, None, false +ipa_hostgroup_name = str, None, false +ipa_hostgroup_member = str, None, false +ipa_hostgroup_memberof = str, None, false +ipa_hostgroup_uuid = str, None, false [provider/ipa/autofs] ipa_automount_location = str, None, false [provider/ipa/chpass] +[provider/ipa/session] +ipa_host_object_class = str, None, false +ipa_host_name = str, None, false +ipa_host_fqdn = str, None, false +ipa_host_serverhostname = str, None, false +ipa_host_member_of = str, None, false +ipa_host_ssh_public_key = str, None, false +ipa_host_uuid = str, None, false diff --git a/src/db/sysdb.h b/src/db/sysdb.h index e9a89606b..a9d4b0f8f 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -45,6 +45,7 @@ #define SYSDB_GROUP_CLASS "group" #define SYSDB_NETGROUP_CLASS "netgroup" #define SYSDB_HOST_CLASS "host" +#define SYSDB_HOSTGROUP_CLASS "hostgroup" #define SYSDB_SELINUX_USERMAP_CLASS "selinuxusermap" #define SYSDB_SELINUX_CLASS "selinux" @@ -95,6 +96,9 @@ #define SYSDB_NETGROUP_MEMBER "memberNisNetgroup" #define SYSDB_DESCRIPTION "description" +#define SYSDB_FQDN "fqdn" +#define SYSDB_SERVERHOSTNAME "serverHostname" + #define SYSDB_SELINUX_SEEALSO "seeAlso" #define SYSDB_SELINUX_USER "selinuxUser" #define SYSDB_SELINUX_ENABLED "enabled" diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c index 1eed86c33..523bba258 100644 --- a/src/providers/ipa/ipa_access.c +++ b/src/providers/ipa/ipa_access.c @@ -272,20 +272,6 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) const char *hostname; struct tevent_req *req; - hbac_ctx->host_attrs = talloc_array(hbac_ctx, const char *, 8); - if (hbac_ctx->host_attrs == NULL) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to allocate host attribute list.\n")); - return ENOMEM; - } - hbac_ctx->host_attrs[0] = "objectClass"; - hbac_ctx->host_attrs[1] = IPA_HOST_SERVERHOSTNAME; - hbac_ctx->host_attrs[2] = IPA_HOST_FQDN; - hbac_ctx->host_attrs[3] = IPA_UNIQUE_ID; - hbac_ctx->host_attrs[4] = IPA_MEMBER; - hbac_ctx->host_attrs[5] = IPA_MEMBEROF; - hbac_ctx->host_attrs[6] = IPA_CN; - hbac_ctx->host_attrs[7] = NULL; - if (dp_opt_get_bool(hbac_ctx->ipa_options, IPA_HBAC_SUPPORT_SRCHOST)) { /* Support srchost * -> we don't want any particular host, @@ -301,7 +287,9 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx) hbac_ctx_sysdb(hbac_ctx), sdap_id_op_handle(hbac_ctx->sdap_op), hbac_ctx_sdap_id_ctx(hbac_ctx)->opts, - hostname, hbac_ctx->host_attrs, NULL, 0, true, + hostname, + hbac_ctx->access_ctx->host_map, + hbac_ctx->access_ctx->hostgroup_map, hbac_ctx->access_ctx->host_search_bases); if (req == NULL) { DEBUG(1, ("Could not get host info\n")); @@ -375,7 +363,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req) for (i = 0; i < hbac_ctx->host_count; i++) { ret = sysdb_attrs_get_string(hbac_ctx->hosts[i], - IPA_HOST_FQDN, + SYSDB_FQDN, &hostname); if (ret != EOK) { DEBUG(1, ("Could not locate IPA host\n")); @@ -480,9 +468,9 @@ static void hbac_sysdb_save(struct tevent_req *req) /* Save the hosts */ ret = ipa_hbac_sysdb_save(sysdb, domain, - HBAC_HOSTS_SUBDIR, IPA_HOST_FQDN, + HBAC_HOSTS_SUBDIR, SYSDB_FQDN, hbac_ctx->host_count, hbac_ctx->hosts, - HBAC_HOSTGROUPS_SUBDIR, IPA_CN, + HBAC_HOSTGROUPS_SUBDIR, SYSDB_NAME, hbac_ctx->hostgroup_count, hbac_ctx->hostgroups); if (ret != EOK) { diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h index ddfb2cf56..f6b08af3c 100644 --- a/src/providers/ipa/ipa_access.h +++ b/src/providers/ipa/ipa_access.h @@ -38,6 +38,8 @@ struct ipa_access_ctx { struct time_rules_ctx *tr_ctx; time_t last_update; + struct sdap_attr_map *host_map; + struct sdap_attr_map *hostgroup_map; struct sdap_search_base **host_search_bases; struct sdap_search_base **hbac_search_bases; }; @@ -54,7 +56,6 @@ struct hbac_ctx { struct sdap_search_base **search_bases; /* Hosts */ - const char **host_attrs; size_t host_count; struct sysdb_attrs **hosts; size_t hostgroup_count; diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 8307f6abf..fc909deea 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -183,22 +183,33 @@ struct sdap_attr_map ipa_netgroup_map[] = { struct sdap_attr_map ipa_host_map[] = { { "ipa_host_object_class", "ipaHost", SYSDB_HOST_CLASS, NULL }, - { "ipa_host_fqdn", "fqdn", SYSDB_NAME, NULL }, - { "ipa_host_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, - { "ipa_host_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL } + { "ipa_host_name", "cn", SYSDB_NAME, NULL }, + { "ipa_host_fqdn", "fqdn", SYSDB_FQDN, NULL }, + { "ipa_host_serverhostname", "serverHostname", SYSDB_SERVERHOSTNAME, NULL }, + { "ipa_host_member_of", "memberOf", SYSDB_ORIG_MEMBEROF, NULL }, + { "ipa_host_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL }, + { "ipa_host_uuid", "ipaUniqueID", SYSDB_UUID, NULL} +}; + +static struct sdap_attr_map ipa_hostgroup_map[] = { + { "ipa_hostgroup_objectclass", "ipaHostgroup", SYSDB_HOSTGROUP_CLASS, NULL}, + { "ipa_hostgroup_name", "cn", SYSDB_NAME, NULL}, + { "ipa_hostgroup_member", "member", SYSDB_MEMBER, NULL}, + { "ipa_hostgroup_memberof", "memberOf", SYSDB_ORIG_MEMBEROF, NULL}, + { "ipa_hostgroup_uuid", "ipaUniqueID", SYSDB_UUID, NULL} }; static struct sdap_attr_map ipa_selinux_user_map[] = { - {"ipa_selinux_usermap_object_class", "ipaselinuxusermap", SYSDB_SELINUX_USERMAP_CLASS, NULL}, - {"ipa_selinux_usermap_name", "cn", SYSDB_NAME, NULL}, - {"ipa_selinux_usermap_member_user", "memberUser", SYSDB_ORIG_MEMBER_USER, NULL}, - {"ipa_selinux_usermap_member_host", "memberHost", SYSDB_ORIG_MEMBER_HOST, NULL}, - {"ipa_selinux_usermap_see_also", "seeAlso", SYSDB_SELINUX_SEEALSO, NULL}, - {"ipa_selinux_usermap_selinux_user", "ipaSELinuxUser", SYSDB_SELINUX_USER, NULL}, - {"ipa_selinux_usermap_enabled", "ipaEnabledFlag", SYSDB_SELINUX_ENABLED, NULL}, - {"ipa_selinux_usermap_user_category", "userCategory", SYSDB_USER_CATEGORY, NULL}, - {"ipa_selinux_usermap_host_category", "hostCategory", SYSDB_HOST_CATEGORY, NULL}, - {"ipa_selinux_usermap_uuid", "ipaUniqueID", SYSDB_UUID, NULL} + { "ipa_selinux_usermap_object_class", "ipaselinuxusermap", SYSDB_SELINUX_USERMAP_CLASS, NULL}, + { "ipa_selinux_usermap_name", "cn", SYSDB_NAME, NULL}, + { "ipa_selinux_usermap_member_user", "memberUser", SYSDB_ORIG_MEMBER_USER, NULL}, + { "ipa_selinux_usermap_member_host", "memberHost", SYSDB_ORIG_MEMBER_HOST, NULL}, + { "ipa_selinux_usermap_see_also", "seeAlso", SYSDB_SELINUX_SEEALSO, NULL}, + { "ipa_selinux_usermap_selinux_user", "ipaSELinuxUser", SYSDB_SELINUX_USER, NULL}, + { "ipa_selinux_usermap_enabled", "ipaEnabledFlag", SYSDB_SELINUX_ENABLED, NULL}, + { "ipa_selinux_usermap_user_category", "userCategory", SYSDB_USER_CATEGORY, NULL}, + { "ipa_selinux_usermap_host_category", "hostCategory", SYSDB_HOST_CATEGORY, NULL}, + { "ipa_selinux_usermap_uuid", "ipaUniqueID", SYSDB_UUID, NULL} }; struct dp_option ipa_def_krb5_opts[] = { @@ -737,7 +748,16 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, cdb, conf_path, ipa_host_map, IPA_OPTS_HOST, - &ipa_opts->id->host_map); + &ipa_opts->host_map); + if (ret != EOK) { + goto done; + } + + ret = sdap_get_map(ipa_opts->id, + cdb, conf_path, + ipa_hostgroup_map, + IPA_OPTS_HOSTGROUP, + &ipa_opts->hostgroup_map); if (ret != EOK) { goto done; } @@ -745,7 +765,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_service_map, - IPA_OPTS_HOST, + SDAP_OPTS_SERVICES, &ipa_opts->id->service_map); if (ret != EOK) { goto done; @@ -755,7 +775,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, cdb, conf_path, ipa_selinux_user_map, IPA_OPTS_SELINUX_USERMAP, - &ipa_opts->id->selinuxuser_map); + &ipa_opts->selinuxuser_map); if (ret != EOK) { goto done; } diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 84c726c85..26a6f9d9b 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -81,13 +81,26 @@ enum ipa_netgroup_attrs { enum ipa_host_attrs { IPA_OC_HOST = 0, + IPA_AT_HOST_NAME, IPA_AT_HOST_FQDN, + IPA_AT_HOST_SERVERHOSTNAME, IPA_AT_HOST_MEMBER_OF, IPA_AT_HOST_SSH_PUBLIC_KEY, + IPA_AT_HOST_UUID, IPA_OPTS_HOST /* attrs counter */ }; +enum ipa_hostgroup_attrs { + IPA_OC_HOSTGROUP = 0, + IPA_AT_HOSTGROUP_NAME, + IPA_AT_HOSTGROUP_MEMBER, + IPA_AT_HOSTGROUP_MEMBER_OF, + IPA_AT_HOSTGROUP_UUID, + + IPA_OPTS_HOSTGROUP /* attrs counter */ +}; + enum ipa_selinux_usermap_attrs { IPA_OC_SELINUX_USERMAP = 0, IPA_AT_SELINUX_USERMAP_NAME, @@ -118,6 +131,10 @@ struct ipa_id_ctx { struct ipa_options { struct dp_option *basic; + struct sdap_attr_map *host_map; + struct sdap_attr_map *hostgroup_map; + struct sdap_attr_map *selinuxuser_map; + struct sdap_search_base **host_search_bases; struct sdap_search_base **hbac_search_bases; struct sdap_search_base **selinux_search_bases; diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c index 1626f178a..23f7816be 100644 --- a/src/providers/ipa/ipa_hbac_hosts.c +++ b/src/providers/ipa/ipa_hbac_hosts.c @@ -40,7 +40,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, errno_t ret; TALLOC_CTX *tmp_ctx; struct hbac_rule_element *new_hosts; - const char *attrs[] = { IPA_HOST_FQDN, IPA_CN, NULL }; + const char *attrs[] = { SYSDB_FQDN, SYSDB_NAME, NULL }; struct ldb_message_element *el; size_t num_hosts = 0; size_t num_hostgroups = 0; @@ -131,7 +131,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, /* Original DN matched a single host. Get the hostname */ name = ldb_msg_find_attr_as_string(msgs[0], - IPA_HOST_FQDN, + SYSDB_FQDN, NULL); if (name == NULL) { DEBUG(1, ("FQDN is missing!\n")); @@ -167,7 +167,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx, } /* Original DN matched a single group. Get the groupname */ - name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL); + name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL); if (name == NULL) { DEBUG(1, ("Hostgroup name is missing!\n")); ret = EFAULT; diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h index acf567157..bb1ea4ec1 100644 --- a/src/providers/ipa/ipa_hbac_private.h +++ b/src/providers/ipa/ipa_hbac_private.h @@ -28,14 +28,9 @@ #define IPA_HBAC_RULE "ipaHBACRule" -#define IPA_HOST "ipaHost" -#define IPA_HOSTGROUP "ipaHostGroup" - #define IPA_HBAC_SERVICE "ipaHBACService" #define IPA_HBAC_SERVICE_GROUP "ipaHBACServiceGroup" -#define IPA_HOST_SERVERHOSTNAME "serverHostName" -#define IPA_HOST_FQDN "fqdn" #define IPA_UNIQUE_ID "ipauniqueid" #define IPA_MEMBER "member" @@ -61,7 +56,6 @@ #define IPA_SERVICE_CATEGORY "serviceCategory" #define IPA_TRUE_VALUE "TRUE" -#define IPA_HOST_BASE_TMPL "cn=computers,cn=accounts,%s" #define IPA_HBAC_BASE_TMPL "cn=hbac,%s" #define IPA_SERVICES_BASE_TMPL "cn=hbacservices,cn=accounts,%s" diff --git a/src/providers/ipa/ipa_hostid.c b/src/providers/ipa/ipa_hostid.c index 873cc5296..6121f15a3 100644 --- a/src/providers/ipa/ipa_hostid.c +++ b/src/providers/ipa/ipa_hostid.c @@ -33,7 +33,6 @@ struct hosts_get_state { struct sysdb_ctx *sysdb; struct sss_domain_info *domain; const char *name; - const char **attrs; size_t count; struct sysdb_attrs **hosts; @@ -176,11 +175,6 @@ hosts_get_send(TALLOC_CTX *memctx, state->domain = ctx->be->domain; state->name = name; - /* TODO: handle attrs_type */ - ret = build_attrs_from_map(state, ctx->opts->host_map, - IPA_OPTS_HOST, &state->attrs); - if (ret != EOK) goto fail; - ret = hosts_get_retry(req); if (ret != EOK) { goto fail; @@ -220,7 +214,6 @@ hosts_get_connect_done(struct tevent_req *subreq) struct hosts_get_state); int dp_error = DP_ERR_FATAL; errno_t ret; - struct sdap_id_ctx *ctx = state->ctx->sdap_id_ctx; ret = sdap_id_op_connect_recv(subreq, &dp_error); talloc_zfree(subreq); @@ -233,9 +226,9 @@ hosts_get_connect_done(struct tevent_req *subreq) subreq = ipa_host_info_send(state, state->ev, state->sysdb, sdap_id_op_handle(state->op), - ctx->opts, state->name, - state->attrs, ctx->opts->host_map, - IPA_OPTS_HOST, false, + state->ctx->sdap_id_ctx->opts, state->name, + state->ctx->ipa_opts->host_map, + state->ctx->ipa_opts->hostgroup_map, state->ctx->host_search_bases); if (!subreq) { tevent_req_error(req, ENOMEM); diff --git a/src/providers/ipa/ipa_hostid.h b/src/providers/ipa/ipa_hostid.h index 40ad6bc47..f88c2a21d 100644 --- a/src/providers/ipa/ipa_hostid.h +++ b/src/providers/ipa/ipa_hostid.h @@ -23,7 +23,7 @@ struct ipa_hostid_ctx { struct sdap_id_ctx *sdap_id_ctx; - struct dp_option *ipa_options; + struct ipa_options *ipa_opts; struct sdap_search_base **host_search_bases; }; diff --git a/src/providers/ipa/ipa_hosts.c b/src/providers/ipa/ipa_hosts.c index 5e41c1ee2..b8982054f 100644 --- a/src/providers/ipa/ipa_hosts.c +++ b/src/providers/ipa/ipa_hosts.c @@ -24,8 +24,7 @@ #include "db/sysdb.h" #include "providers/ldap/sdap_async.h" #include "providers/ipa/ipa_hosts.h" -/* FIXME: this is temporary, use proper map instead */ -#include "providers/ipa/ipa_hbac_private.h" +#include "providers/ipa/ipa_common.h" struct ipa_host_state { struct tevent_context *ev; @@ -33,8 +32,8 @@ struct ipa_host_state { struct sdap_handle *sh; struct sdap_options *opts; const char **attrs; - struct sdap_attr_map *map; - int map_num_attrs; + struct sdap_attr_map *host_map; + struct sdap_attr_map *hostgroup_map; struct sdap_search_base **search_bases; int search_base_iter; @@ -48,19 +47,9 @@ struct ipa_host_state { size_t host_count; struct sysdb_attrs **hosts; - bool fetch_hostgroups; size_t hostgroup_count; struct sysdb_attrs **hostgroups; - struct sdap_attr_map_info *hostgroup_map; -}; - -#define HOSTGROUP_MAP_ATTRS_COUNT 5 -static struct sdap_attr_map hostgroup_map[] = { - {"objectclass", "ipahostgroup", "hostgroup", NULL}, - {"name_attr", IPA_CN, IPA_CN, NULL}, - {"member", IPA_MEMBER, SYSDB_ORIG_MEMBER, NULL}, - {"memberof", IPA_MEMBEROF, SYSDB_ORIG_MEMBEROF, NULL}, - {"ipa_id", IPA_UNIQUE_ID, IPA_UNIQUE_ID, NULL} + struct sdap_attr_map_info *ipa_hostgroup_map; }; static void @@ -76,6 +65,12 @@ static errno_t ipa_hostgroup_info_next(struct tevent_req *req, struct ipa_host_state *state); +/** + * hostname == NULL -> look up all hosts / host groups + * hostname != NULL -> look up only given host and groups + * it's member of + * hostgroup_map == NULL -> skip looking up hostgroups + */ struct tevent_req * ipa_host_info_send(TALLOC_CTX *mem_ctx, struct tevent_context *ev, @@ -83,10 +78,8 @@ ipa_host_info_send(TALLOC_CTX *mem_ctx, struct sdap_handle *sh, struct sdap_options *opts, const char *hostname, - const char **attrs, - struct sdap_attr_map *map, - int map_num_attrs, - bool fetch_hostgroups, + struct sdap_attr_map *host_map, + struct sdap_attr_map *hostgroup_map, struct sdap_search_base **search_bases) { errno_t ret; @@ -106,17 +99,22 @@ ipa_host_info_send(TALLOC_CTX *mem_ctx, state->search_bases = search_bases; state->search_base_iter = 0; state->cur_filter = NULL; - state->attrs = attrs; - state->map = map; - state->map_num_attrs = map_num_attrs; - state->fetch_hostgroups = fetch_hostgroups; + state->host_map = host_map; + state->hostgroup_map = hostgroup_map; + + ret = build_attrs_from_map(state, host_map, IPA_OPTS_HOST, &state->attrs); + if (ret != EOK) { + goto immediate; + } if (hostname == NULL) { state->host_filter = talloc_asprintf(state, "(objectClass=%s)", - IPA_HOST); + host_map[IPA_OC_HOST].name); } else { state->host_filter = talloc_asprintf(state, "(&(objectClass=%s)(%s=%s))", - IPA_HOST, IPA_HOST_FQDN, hostname); + host_map[IPA_OC_HOST].name, + host_map[IPA_AT_HOST_FQDN].name, + hostname); } if (state->host_filter == NULL) { ret = ENOMEM; @@ -166,8 +164,8 @@ static errno_t ipa_host_info_next(struct tevent_req *req, subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, state->cur_filter, - state->attrs, state->map, - state->map_num_attrs, + state->attrs, state->host_map, + IPA_OPTS_HOST, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); @@ -190,7 +188,6 @@ ipa_host_info_done(struct tevent_req *subreq) struct ipa_host_state *state = tevent_req_data(req, struct ipa_host_state); const char *host_dn; - int i; ret = sdap_get_generic_recv(subreq, state, &state->host_count, @@ -213,34 +210,20 @@ ipa_host_info_done(struct tevent_req *subreq) return; } - ret = replace_attribute_name(IPA_MEMBEROF, SYSDB_ORIG_MEMBEROF, - state->host_count, - state->hosts); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("Could not replace attribute names\n")); - tevent_req_error(req, ret); - return; - } - - /* Complete the map */ - for (i = 0; i < HOSTGROUP_MAP_ATTRS_COUNT; i++) { - /* These are allocated on the state, so the next time they'll - * have to be allocated again - */ - hostgroup_map[i].name = talloc_strdup(state, - hostgroup_map[i].def_name); - if (hostgroup_map[i].name == NULL) { + if (state->hostgroup_map) { + talloc_free(state->attrs); + ret = build_attrs_from_map(state, state->hostgroup_map, + IPA_OPTS_HOSTGROUP, &state->attrs); + if (ret != EOK) { tevent_req_error(req, ret); return; } - } - if (state->fetch_hostgroups) { /* Look up host groups */ if (state->hostname == NULL) { talloc_zfree(state->host_filter); state->host_filter = talloc_asprintf(state, "(objectClass=%s)", - IPA_HOSTGROUP); + state->hostgroup_map[IPA_OC_HOSTGROUP].name); if (state->host_filter == NULL) { tevent_req_error(req, ENOMEM); return; @@ -257,13 +240,13 @@ ipa_host_info_done(struct tevent_req *subreq) return; } } else { - state->hostgroup_map = talloc_zero(state, struct sdap_attr_map_info); - if (state->hostgroup_map == NULL) { + state->ipa_hostgroup_map = talloc_zero(state, struct sdap_attr_map_info); + if (state->ipa_hostgroup_map == NULL) { tevent_req_error(req, ENOMEM); return; } - state->hostgroup_map->map = hostgroup_map; - state->hostgroup_map->num_attrs = HOSTGROUP_MAP_ATTRS_COUNT; + state->ipa_hostgroup_map->map = state->hostgroup_map; + state->ipa_hostgroup_map->num_attrs = IPA_OPTS_HOSTGROUP; ret = sysdb_attrs_get_string(state->hosts[0], SYSDB_ORIG_DN, &host_dn); if (ret != EOK) { @@ -272,8 +255,10 @@ ipa_host_info_done(struct tevent_req *subreq) } subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh, - host_dn, IPA_MEMBEROF, state->attrs, - 1, state->hostgroup_map, + host_dn, + state->hostgroup_map[IPA_AT_HOSTGROUP_MEMBER_OF].name, + state->attrs, + 1, state->ipa_hostgroup_map, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT)); if (subreq == NULL) { @@ -309,8 +294,9 @@ static errno_t ipa_hostgroup_info_next(struct tevent_req *req, subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, base->basedn, base->scope, - state->cur_filter, state->attrs, hostgroup_map, - HOSTGROUP_MAP_ATTRS_COUNT, + state->cur_filter, state->attrs, + state->hostgroup_map, + IPA_OPTS_HOSTGROUP, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), true); @@ -409,7 +395,8 @@ ipa_hostgroup_info_done(struct tevent_req *subreq) } ret = sysdb_attrs_get_string(deref_result[i]->attrs, - IPA_CN, &hostgroup_name); + state->hostgroup_map[IPA_AT_HOSTGROUP_NAME].sys_name, + &hostgroup_name); if (ret != EOK) goto done; DEBUG(SSSDBG_FUNC_DATA, ("Dereferenced host group: %s\n", diff --git a/src/providers/ipa/ipa_hosts.h b/src/providers/ipa/ipa_hosts.h index 53cabbb79..34ceec905 100644 --- a/src/providers/ipa/ipa_hosts.h +++ b/src/providers/ipa/ipa_hosts.h @@ -30,10 +30,8 @@ ipa_host_info_send(TALLOC_CTX *mem_ctx, struct sdap_handle *sh, struct sdap_options *opts, const char *hostname, - const char **attrs, - struct sdap_attr_map *map, - int map_num_attrs, - bool fetch_hostgroups, + struct sdap_attr_map *host_map, + struct sdap_attr_map *hostgroup_map, struct sdap_search_base **search_bases); errno_t diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 20745c11f..bb85632df 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -386,6 +386,8 @@ int sssm_ipa_access_init(struct be_ctx *bectx, goto done; } ipa_access_ctx->sdap_ctx = id_ctx->sdap_id_ctx; + ipa_access_ctx->host_map = id_ctx->ipa_options->host_map; + ipa_access_ctx->hostgroup_map = id_ctx->ipa_options->hostgroup_map; ipa_access_ctx->host_search_bases = id_ctx->ipa_options->host_search_bases; ipa_access_ctx->hbac_search_bases = id_ctx->ipa_options->hbac_search_bases; @@ -464,13 +466,7 @@ int sssm_ipa_hostid_init(struct be_ctx *bectx, } hostid_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx; hostid_ctx->host_search_bases = id_ctx->ipa_options->host_search_bases; - - ret = dp_copy_options(hostid_ctx, ipa_options->basic, - IPA_OPTS_BASIC, &hostid_ctx->ipa_options); - if (ret != EOK) { - DEBUG(SSSDBG_CRIT_FAILURE, ("dp_copy_options failed.\n")); - goto done; - } + hostid_ctx->ipa_opts = ipa_options; *ops = &ipa_hostid_ops; *pvt_data = hostid_ctx; diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c index 5acab31f8..05c7e2301 100644 --- a/src/providers/ipa/ipa_netgroups.c +++ b/src/providers/ipa/ipa_netgroups.c @@ -523,11 +523,11 @@ static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state, filter = talloc_asprintf(state, "(&%s%s(objectclass=%s))", state->filter, base_filter?base_filter:"", - state->opts->host_map[IPA_OC_HOST].name); + state->ipa_opts->host_map[IPA_OC_HOST].name); if (filter == NULL) return ENOMEM; - ret = build_attrs_from_map(state, state->opts->host_map, + ret = build_attrs_from_map(state, state->ipa_opts->host_map, IPA_OPTS_HOST, &attrs); if (ret != EOK) { talloc_free(filter); @@ -537,7 +537,7 @@ static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state, subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh, bases[state->host_base_iter]->basedn, bases[state->host_base_iter]->scope, - filter, attrs, state->opts->host_map, + filter, attrs, state->ipa_opts->host_map, IPA_OPTS_HOST, state->timeout, true); state->current_entity = ENTITY_HOST; diff --git a/src/providers/ipa/ipa_selinux_maps.c b/src/providers/ipa/ipa_selinux_maps.c index d642da7d0..7a54d24a7 100644 --- a/src/providers/ipa/ipa_selinux_maps.c +++ b/src/providers/ipa/ipa_selinux_maps.c @@ -30,6 +30,7 @@ struct ipa_selinux_get_maps_state { struct sysdb_ctx *sysdb; struct sdap_handle *sh; struct sdap_options *opts; + struct ipa_options *ipa_opts; const char **attrs; struct sdap_search_base **search_bases; @@ -53,6 +54,7 @@ struct tevent_req *ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sdap_handle *sh, struct sdap_options *opts, + struct ipa_options *ipa_opts, struct sdap_search_base **search_bases) { struct tevent_req *req; @@ -68,20 +70,21 @@ struct tevent_req *ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx, state->sysdb = sysdb; state->sh = sh; state->opts = opts; + state->ipa_opts = ipa_opts; state->search_bases = search_bases; state->search_base_iter = 0; state->map_count = 0; state->maps = NULL; - ret = build_attrs_from_map(state, opts->selinuxuser_map, + ret = build_attrs_from_map(state, ipa_opts->selinuxuser_map, IPA_OPTS_SELINUX_USERMAP, &state->attrs); if (ret != EOK) goto fail; state->cur_filter = NULL; state->maps_filter = talloc_asprintf(state, "(&(objectclass=%s)(%s=TRUE))", - opts->selinuxuser_map[IPA_OC_SELINUX_USERMAP].name, - opts->selinuxuser_map[IPA_AT_SELINUX_USERMAP_ENABLED].name); + ipa_opts->selinuxuser_map[IPA_OC_SELINUX_USERMAP].name, + ipa_opts->selinuxuser_map[IPA_AT_SELINUX_USERMAP_ENABLED].name); if (state->maps_filter == NULL) { ret = ENOMEM; goto fail; @@ -130,7 +133,7 @@ ipa_selinux_get_maps_next(struct tevent_req *req, state->sh, base->basedn, base->scope, state->cur_filter, state->attrs, - state->opts->selinuxuser_map, + state->ipa_opts->selinuxuser_map, IPA_OPTS_SELINUX_USERMAP, dp_opt_get_int(state->opts->basic, SDAP_ENUM_SEARCH_TIMEOUT), diff --git a/src/providers/ipa/ipa_selinux_maps.h b/src/providers/ipa/ipa_selinux_maps.h index efd10bf4e..d3abec15d 100644 --- a/src/providers/ipa/ipa_selinux_maps.h +++ b/src/providers/ipa/ipa_selinux_maps.h @@ -33,6 +33,7 @@ ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx, struct sysdb_ctx *sysdb, struct sdap_handle *sh, struct sdap_options *opts, + struct ipa_options *ipa_opts, struct sdap_search_base **search_bases); errno_t diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c index 6b7fc8efb..e23b0120e 100644 --- a/src/providers/ipa/ipa_session.c +++ b/src/providers/ipa/ipa_session.c @@ -35,18 +35,12 @@ #include "providers/ipa/ipa_selinux_common.h" #include "providers/ipa/ipa_selinux_maps.h" -/* FIXME: this is temporary until host map is implemented in ipa_common.c */ -#include "providers/ipa/ipa_hbac_private.h" - struct ipa_get_selinux_state { struct be_req *be_req; struct pam_data *pd; struct ipa_session_ctx *session_ctx; struct sdap_id_op *op; - /* Just tmp stuff so we can free it after query */ - const char **attrs; - const char *hostname; struct sysdb_attrs *host; struct sysdb_attrs *user; @@ -251,21 +245,13 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq) /* FIXME: detect if HBAC is configured * - if yes, we can skip host retrieval and get it directly from sysdb */ - state->attrs = talloc_array(state, const char *, 3); - if (state->attrs == NULL) { - ret = ENOMEM; - goto fail; - } - state->attrs[0] = "objectClass"; - state->attrs[1] = IPA_MEMBEROF; - state->attrs[2] = NULL; - subreq = ipa_host_info_send(state, bctx->ev, bctx->sysdb, sdap_id_op_handle(state->op), id_ctx->sdap_id_ctx->opts, state->hostname, - state->attrs, NULL, 0, - false, state->session_ctx->host_search_bases); + id_ctx->ipa_options->host_map, + NULL, + state->session_ctx->host_search_bases); if (subreq == NULL) { ret = ENOMEM; goto fail; @@ -300,11 +286,6 @@ static void ipa_get_selinux_hosts_done(struct tevent_req *subreq) } state->host = host[0]; - ret = sysdb_attrs_add_string(state->host, SYSDB_NAME, state->hostname); - if (ret != EOK) { - goto done; - } - ret = sss_selinux_extract_user(state, bctx->sysdb, state->pd->user, &state->user); if (ret != EOK) { @@ -314,6 +295,7 @@ static void ipa_get_selinux_hosts_done(struct tevent_req *subreq) subreq = ipa_selinux_get_maps_send(state, bctx->ev, bctx->sysdb, sdap_id_op_handle(state->op), id_ctx->opts, + state->session_ctx->id_ctx->ipa_options, state->session_ctx->selinux_search_bases); if (subreq == NULL) { ret = ENOMEM; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 5d4238466..941c27918 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -348,14 +348,12 @@ struct sdap_options { struct sdap_attr_map *user_map; struct sdap_attr_map *group_map; struct sdap_attr_map *netgroup_map; - struct sdap_attr_map *host_map; struct sdap_attr_map *service_map; /* FIXME - should this go to a special struct to avoid mixing with name-service-switch maps? */ struct sdap_attr_map *sudorule_map; struct sdap_attr_map *autofs_mobject_map; struct sdap_attr_map *autofs_entry_map; - struct sdap_attr_map *selinuxuser_map; /* supported schema types */ enum schema_type { |