summaryrefslogtreecommitdiffstats
path: root/src/providers
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ipa/ipa_common.c70
-rw-r--r--src/providers/ipa/ipa_common.h23
2 files changed, 69 insertions, 24 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index a06578227..3e848e322 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -37,6 +37,7 @@ struct dp_option ipa_basic_opts[] = {
{ "ipa_dyndns_update", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ipa_dyndns_iface", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ipa_hbac_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING},
+ { "ipa_host_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
{ "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING }
@@ -154,12 +155,20 @@ struct sdap_attr_map ipa_group_map[] = {
};
struct sdap_attr_map ipa_netgroup_map[] = {
- { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
- { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL },
- { "ldap_netgroup_member", "memberNisNetgroup", SYSDB_ORIG_NETGROUP_MEMBER, NULL },
- { "ldap_netgroup_triple", "nisNetgroupTriple", SYSDB_NETGROUP_TRIPLE, NULL },
- { "ldap_netgroup_uuid", "nsUniqueId", SYSDB_UUID, NULL },
- { "ldap_netgroup_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
+ { "ipa_netgroup_object_class", "ipaNisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
+ { "ipa_netgroup_name", "cn", SYSDB_NAME, NULL },
+ { "ipa_netgroup_member", "member", SYSDB_ORIG_NETGROUP_MEMBER, NULL },
+ { "ipa_netgroup_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
+ { "ipa_netgroup_member_user", "memberUser", SYSDB_ORIG_NETGROUP_MEMBER_USER, NULL },
+ { "ipa_netgroup_member_host", "memberHost", SYSDB_ORIG_NETGROUP_MEMBER_HOST, NULL },
+ { "ipa_netgroup_member_ext_host", "externalHost", SYSDB_ORIG_NETGROUP_EXTERNAL_HOST, NULL },
+ { "ipa_netgroup_domain", "nisDomainName", SYSDB_NETGROUP_DOMAIN, NULL },
+ { "ipa_netgroup_uuid", "ipaUniqueID", SYSDB_UUID, NULL },
+};
+
+struct sdap_attr_map ipa_host_map[] = {
+ { "ipa_host_object_class", "ipaHost", SYSDB_HOST_CLASS, NULL },
+ { "ipa_host_fqdn", "fqdn", SYSDB_NAME, NULL },
};
struct dp_option ipa_def_krb5_opts[] = {
@@ -453,31 +462,16 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
if (NULL == dp_opt_get_string(ipa_opts->id->basic,
SDAP_NETGROUP_SEARCH_BASE)) {
-#if 0
- ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE,
- dp_opt_get_string(ipa_opts->id->basic,
- SDAP_SEARCH_BASE));
- if (ret != EOK) {
- goto done;
- }
-#else
- /* We don't yet have support for the native representation
- * of netgroups in IPA. For now, we need to point at the
- * compat tree
- */
- value = talloc_asprintf(tmpctx, "cn=ng,cn=compat,%s", basedn);
+ value = talloc_asprintf(tmpctx, "cn=ng,cn=alt,%s", basedn);
if (!value) {
ret = ENOMEM;
goto done;
}
-
- ret = dp_opt_set_string(ipa_opts->id->basic,
- SDAP_NETGROUP_SEARCH_BASE,
+ ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE,
value);
if (ret != EOK) {
goto done;
}
-#endif
DEBUG(6, ("Option %s set to %s\n",
ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
@@ -489,6 +483,25 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
&ipa_opts->id->netgroup_search_bases);
if (ret != EOK) goto done;
+ if (NULL == dp_opt_get_string(ipa_opts->basic,
+ IPA_HOST_SEARCH_BASE)) {
+ ret = dp_opt_set_string(ipa_opts->basic, IPA_HOST_SEARCH_BASE,
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_SEARCH_BASE));
+ if (ret != EOK) {
+ goto done;
+ }
+
+ DEBUG(6, ("Option %s set to %s\n",
+ ipa_opts->basic[IPA_HOST_SEARCH_BASE].opt_name,
+ dp_opt_get_string(ipa_opts->basic,
+ IPA_HOST_SEARCH_BASE)));
+ }
+ ret = sdap_parse_search_base(ipa_opts->basic, ipa_opts->basic,
+ IPA_HOST_SEARCH_BASE,
+ &ipa_opts->host_search_bases);
+ if (ret != EOK) goto done;
+
value = dp_opt_get_string(ipa_opts->id->basic, SDAP_DEREF);
if (value != NULL) {
ret = deref_string_to_val(value, &i);
@@ -527,12 +540,21 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
ret = sdap_get_map(ipa_opts->id,
cdb, conf_path,
ipa_netgroup_map,
- SDAP_OPTS_NETGROUP,
+ IPA_OPTS_NETGROUP,
&ipa_opts->id->netgroup_map);
if (ret != EOK) {
goto done;
}
+ ret = sdap_get_map(ipa_opts->id,
+ cdb, conf_path,
+ ipa_host_map,
+ IPA_OPTS_HOST,
+ &ipa_opts->id->host_map);
+ if (ret != EOK) {
+ goto done;
+ }
+
ret = EOK;
*_opts = ipa_opts->id;
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 40c5e5320..5b959c8cf 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -49,6 +49,7 @@ enum ipa_basic_opt {
IPA_DYNDNS_UPDATE,
IPA_DYNDNS_IFACE,
IPA_HBAC_SEARCH_BASE,
+ IPA_HOST_SEARCH_BASE,
IPA_KRB5_REALM,
IPA_HBAC_REFRESH,
IPA_HBAC_DENY_METHOD,
@@ -56,6 +57,27 @@ enum ipa_basic_opt {
IPA_OPTS_BASIC /* opts counter */
};
+enum ipa_netgroup_attrs {
+ IPA_OC_NETGROUP = 0,
+ IPA_AT_NETGROUP_NAME,
+ IPA_AT_NETGROUP_MEMBER,
+ IPA_AT_NETGROUP_MEMBER_OF,
+ IPA_AT_NETGROUP_MEMBER_USER,
+ IPA_AT_NETGROUP_MEMBER_HOST,
+ IPA_AT_NETGROUP_EXTERNAL_HOST,
+ IPA_AT_NETGROUP_DOMAIN,
+ IPA_AT_NETGROUP_UUID,
+
+ IPA_OPTS_NETGROUP /* attrs counter */
+};
+
+enum ipa_host_attrs {
+ IPA_OC_HOST = 0,
+ IPA_AT_HOST_FQDN,
+
+ IPA_OPTS_HOST /* attrs counter */
+};
+
struct ipa_auth_ctx {
struct krb5_ctx *krb5_auth_ctx;
struct sdap_auth_ctx *sdap_auth_ctx;
@@ -65,6 +87,7 @@ struct ipa_auth_ctx {
struct ipa_options {
struct dp_option *basic;
+ struct sdap_search_base **host_search_bases;
struct ipa_service *service;
/* id provider */