diff options
| author | Jan Zeleny <jzeleny@redhat.com> | 2012-02-05 15:59:20 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-06 08:25:22 -0500 |
| commit | 1a853121ca2ba8ede6df429ee76942131ffb0f65 (patch) | |
| tree | b724db01bf92a61809c25a62c634f0e8da5dc257 /src/providers/ipa/ipa_common.c | |
| parent | 2d0550acbe07024d034fb616c1ec5b81929c4844 (diff) | |
| download | sssd-1a853121ca2ba8ede6df429ee76942131ffb0f65.tar.gz sssd-1a853121ca2ba8ede6df429ee76942131ffb0f65.tar.xz sssd-1a853121ca2ba8ede6df429ee76942131ffb0f65.zip | |
Session target in IPA provider
Diffstat (limited to 'src/providers/ipa/ipa_common.c')
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 58db9e78d..02485b801 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -26,6 +26,7 @@ #include <ctype.h> #include <arpa/inet.h> +#include "db/sysdb_selinux.h" #include "providers/ipa/ipa_common.h" #include "providers/ldap/sdap_async_private.h" #include "util/sss_krb5.h" @@ -39,6 +40,7 @@ struct dp_option ipa_basic_opts[] = { { "ipa_dyndns_iface", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_hbac_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_host_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ipa_selinux_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER }, { "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING }, @@ -181,6 +183,19 @@ struct sdap_attr_map ipa_host_map[] = { { "ipa_host_member_of", "memberOf", SYSDB_MEMBEROF, NULL }, }; +static struct sdap_attr_map ipa_selinux_user_map[] = { + {"ipa_selinux_usermap_object_class", "ipaselinuxusermap", SYSDB_SELINUX_USERMAP_CLASS, NULL}, + {"ipa_selinux_usermap_name", "cn", SYSDB_NAME, NULL}, + {"ipa_selinux_usermap_member_user", "memberUser", SYSDB_ORIG_MEMBER_USER, NULL}, + {"ipa_selinux_usermap_member_host", "memberHost", SYSDB_ORIG_MEMBER_HOST, NULL}, + {"ipa_selinux_usermap_see_also", "seeAlso", SYSDB_SELINUX_SEEALSO, NULL}, + {"ipa_selinux_usermap_selinux_user", "ipaSELinuxUser", SYSDB_SELINUX_USER, NULL}, + {"ipa_selinux_usermap_enabled", "ipaEnabledFlag", SYSDB_SELINUX_ENABLED, NULL}, + {"ipa_selinux_usermap_user_category", "userCategory", SYSDB_USER_CATEGORY, NULL}, + {"ipa_selinux_usermap_host_category", "hostCategory", SYSDB_HOST_CATEGORY, NULL}, + {"ipa_selinux_usermap_uuid", "ipaUniqueID", SYSDB_UUID, NULL} +}; + struct dp_option ipa_def_krb5_opts[] = { { "krb5_server", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, @@ -605,6 +620,29 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, &ipa_opts->hbac_search_bases); if (ret != EOK) goto done; + if (NULL == dp_opt_get_string(ipa_opts->basic, + IPA_SELINUX_SEARCH_BASE)) { + value = talloc_asprintf(tmpctx, "cn=selinux,%s", basedn); + if (!value) { + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->basic, IPA_SELINUX_SEARCH_BASE, value); + if (ret != EOK) { + goto done; + } + + DEBUG(SSSDBG_CONF_SETTINGS, ("Option %s set to %s\n", + ipa_opts->basic[IPA_SELINUX_SEARCH_BASE].opt_name, + dp_opt_get_string(ipa_opts->basic, + IPA_SELINUX_SEARCH_BASE))); + } + ret = sdap_parse_search_base(ipa_opts->basic, ipa_opts->basic, + IPA_SELINUX_SEARCH_BASE, + &ipa_opts->selinux_search_bases); + if (ret != EOK) goto done; + value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF); if (value != NULL) { ret = deref_string_to_val(value, &i); @@ -686,6 +724,15 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } + ret = sdap_get_map(ipa_opts->id, + cdb, conf_path, + ipa_selinux_user_map, + IPA_OPTS_SELINUX_USERMAP, + &ipa_opts->id->selinuxuser_map); + if (ret != EOK) { + goto done; + } + ret = EOK; *_opts = ipa_opts->id; |