diff options
Diffstat (limited to 'src/providers/ad/ad_gpo.h')
-rw-r--r-- | src/providers/ad/ad_gpo.h | 55 |
1 files changed, 55 insertions, 0 deletions
diff --git a/src/providers/ad/ad_gpo.h b/src/providers/ad/ad_gpo.h new file mode 100644 index 000000000..856013e43 --- /dev/null +++ b/src/providers/ad/ad_gpo.h @@ -0,0 +1,55 @@ +/* + SSSD + + Authors: + Yassir Elley <yelley@redhat.com> + + Copyright (C) 2013 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#ifndef AD_GPO_H_ +#define AD_GPO_H_ + +/* + * This pair of functions provides client-side GPO processing. + * + * While a GPO can target both user and computer objects, this + * implementation only supports targetting of computer objects. + * + * A GPO overview is at https://fedorahosted.org/sssd/wiki/GpoOverview + * + * In summary, client-side processing involves: + * - determining the target's DN + * - extracting the SOM object DNs (i.e. OUs and Domain) from target's DN + * - including the target's Site as another SOM object + * - determining which GPOs apply to the target's SOMs + * - prioritizing GPOs based on SOM, link order, and whether GPO is "enforced" + * - retrieving the corresponding GPO objects + * - sending the GPO DNs to the CSE processing engine for policy application + * - policy application currently consists of HBAC-like functionality + */ +struct tevent_req * +ad_gpo_access_send(TALLOC_CTX *mem_ctx, + struct tevent_context *ev, + struct sss_domain_info *domain, + struct ad_access_ctx *ctx, + const char *user); + +errno_t ad_gpo_access_recv(struct tevent_req *req); + +struct security_descriptor; + +#endif /* AD_GPO_H_ */ |