From e4f77780ea92074671e5408cc1599441b168efc0 Mon Sep 17 00:00:00 2001 From: Jakub Hrozek Date: Mon, 6 Feb 2012 13:28:53 +0100 Subject: AUTOFS: IPA provider --- Makefile.am | 3 +- src/config/SSSDConfig.py | 1 + src/config/SSSDConfigTest.py | 4 +- src/config/etc/sssd.api.d/sssd-ipa.conf | 3 + src/config/etc/sssd.api.d/sssd-ldap.conf | 3 + src/man/sssd-ipa.5.xml | 12 ++++ src/providers/data_provider_be.c | 2 +- src/providers/ipa/ipa_autofs.c | 62 +++++++++++++++++ src/providers/ipa/ipa_common.c | 116 ++++++++++++++++++++++++------- src/providers/ipa/ipa_common.h | 14 ++++ src/providers/ipa/ipa_init.c | 26 ++++++- src/providers/ldap/ldap_common.h | 3 + src/tests/ipa_ldap_opt-tests.c | 2 + 13 files changed, 220 insertions(+), 31 deletions(-) create mode 100644 src/providers/ipa/ipa_autofs.c diff --git a/Makefile.am b/Makefile.am index 85d990420..c0af34c76 100644 --- a/Makefile.am +++ b/Makefile.am @@ -1187,7 +1187,8 @@ libsss_ipa_la_SOURCES += src/providers/ldap/sdap_sudo_cache.c \ endif if BUILD_AUTOFS libsss_ipa_la_SOURCES += src/providers/ldap/sdap_autofs.c \ - src/providers/ldap/sdap_async_autofs.c + src/providers/ldap/sdap_async_autofs.c \ + src/providers/ipa/ipa_autofs.c endif if BUILD_SSH libsss_ipa_la_SOURCES += src/providers/ipa/ipa_hostid.c diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py index 50cc4e295..9fbe67429 100644 --- a/src/config/SSSDConfig.py +++ b/src/config/SSSDConfig.py @@ -120,6 +120,7 @@ option_strings = { 'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"), 'ipa_hbac_treat_deny_as' : _("If DENY rules are present, either DENY_ALL or IGNORE"), 'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"), + 'ipa_automount_location' : _("The automounter location this IPA client is using"), # [provider/krb5] 'krb5_kdcip' : _('Kerberos server address'), diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py index bfc89a122..5bad40edb 100755 --- a/src/config/SSSDConfigTest.py +++ b/src/config/SSSDConfigTest.py @@ -688,9 +688,9 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase): domain = SSSDConfig.SSSDDomain('sssd', self.schema) control_provider_dict = { - 'ipa': ['id', 'auth', 'access', 'chpass'], + 'ipa': ['id', 'auth', 'access', 'chpass', 'autofs' ], 'local': ['id', 'auth', 'chpass'], - 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo'], + 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo', 'autofs'], 'krb5': ['auth', 'access', 'chpass'], 'proxy': ['id', 'auth'], 'simple': ['access'], diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 88c33f8b3..3e3384d94 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -125,5 +125,8 @@ ipa_hbac_refresh = int, None, false ipa_hbac_treat_deny_as = str, None, false ipa_hbac_support_srchost = bool, None, false +[provider/ipa/autofs] +ipa_automount_location = str, None, false + [provider/ipa/chpass] diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 4fa7ed0ba..0a5b7f1f3 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -129,3 +129,6 @@ ldap_sudorule_runasgroup = str, None, false ldap_sudorule_notbefore = str, None, false ldap_sudorule_notafter = str, None, false ldap_sudorule_order = str, None, false + +[provider/ldap/autofs] + diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml index bddd3db1d..b5bd2816d 100644 --- a/src/man/sssd-ipa.5.xml +++ b/src/man/sssd-ipa.5.xml @@ -303,6 +303,18 @@ + + ipa_automount_location (string) + + + The automounter location this IPA client will be using + + + Default: The location named "default" + + + + ipa_netgroup_member_of (string) diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c index a48ba107e..992ab3103 100644 --- a/src/providers/data_provider_be.c +++ b/src/providers/data_provider_be.c @@ -1893,7 +1893,7 @@ int be_process_init(TALLOC_CTX *mem_ctx, be_domain)); } else { DEBUG(SSSDBG_TRACE_ALL, ("Session backend target successfully loaded " - "from provider [%s].\n", ctx->bet_info[BET_SUDO].mod_name)); + "from provider [%s].\n", ctx->bet_info[BET_SESSION].mod_name)); } ret = load_backend_module(ctx, BET_HOSTID, diff --git a/src/providers/ipa/ipa_autofs.c b/src/providers/ipa/ipa_autofs.c new file mode 100644 index 000000000..f4262590f --- /dev/null +++ b/src/providers/ipa/ipa_autofs.c @@ -0,0 +1,62 @@ +/* + SSSD + + IPA Provider Initialization functions + + Authors: + Simo Sorce + + Copyright (C) 2009 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see . +*/ + +#include "util/child_common.h" +#include "providers/ipa/ipa_common.h" +#include "providers/krb5/krb5_auth.h" +#include "providers/ipa/ipa_id.h" +#include "providers/ipa/ipa_auth.h" +#include "providers/ipa/ipa_access.h" +#include "providers/ipa/ipa_dyndns.h" +#include "providers/ipa/ipa_session.h" + +struct bet_ops ipa_autofs_ops = { + .handler = sdap_autofs_handler, + .finalize = NULL, + .check_online = sdap_check_online +}; + +int ipa_autofs_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data) +{ + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing autofs LDAP back end\n")); + + *ops = &ipa_autofs_ops; + *pvt_data = id_ctx->sdap_id_ctx; + + DEBUG(0, ("sleeping\n")); + + ret = ipa_get_autofs_options(id_ctx->ipa_options, be_ctx->cdb, + be_ctx->conf_path, &id_ctx->sdap_id_ctx->opts); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get IPA autofs options\n")); + return ret; + } + + return ret; +} diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 3620c35de..4fd448362 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -31,6 +31,7 @@ #include "providers/ldap/sdap_async_private.h" #include "util/sss_krb5.h" #include "db/sysdb_services.h" +#include "db/sysdb_autofs.h" struct dp_option ipa_basic_opts[] = { { "ipa_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, @@ -44,7 +45,8 @@ struct dp_option ipa_basic_opts[] = { { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER }, { "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING }, - { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } + { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING } }; struct dp_option ipa_def_ldap_opts[] = { @@ -225,6 +227,17 @@ struct sdap_attr_map ipa_service_map[] = { { "ldap_service_entry_usn", NULL, SYSDB_USN, NULL } }; +struct sdap_attr_map ipa_autofs_mobject_map[] = { + { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, + { "ldap_autofs_map_name", "automountMapName", SYSDB_AUTOFS_MAP_NAME, NULL } +}; + +struct sdap_attr_map ipa_autofs_entry_map[] = { + { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, + { "ldap_autofs_entry_key", "automountKey", SYSDB_AUTOFS_ENTRY_KEY, NULL }, + { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, +}; + int ipa_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, @@ -496,30 +509,6 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, &ipa_opts->id->group_search_bases); if (ret != EOK) goto done; - if (NULL == dp_opt_get_string(ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE)) { - value = talloc_asprintf(tmpctx, "cn=default,cn=automount,%s", basedn); - if (!value) { - ret = ENOMEM; - goto done; - } - - ret = dp_opt_set_string(ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE, - value); - if (ret != EOK) { - goto done; - } - - DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n", - ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name, - dp_opt_get_string(ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE))); - } - ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE, - &ipa_opts->id->autofs_search_bases); - if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE)) { #if 0 @@ -1024,3 +1013,80 @@ done: return ret; } +int ipa_get_autofs_options(struct ipa_options *ipa_opts, + struct confdb_ctx *cdb, + const char *conf_path, + struct sdap_options **_opts) +{ + TALLOC_CTX *tmp_ctx; + char *basedn; + char *autofs_base; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + ret = domain_to_basedn(tmp_ctx, + dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM), + &basedn); + if (ret != EOK) { + goto done; + } + + if (NULL == dp_opt_get_string(ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE)) { + + autofs_base = talloc_asprintf(tmp_ctx, "cn=%s,cn=automount,%s", + dp_opt_get_string(ipa_opts->basic, + IPA_AUTOMOUNT_LOCATION), + basedn); + if (!autofs_base) { + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE, + autofs_base); + if (ret != EOK) { + goto done; + } + + DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n", + ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name, + dp_opt_get_string(ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE))); + } + + ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE, + &ipa_opts->id->autofs_search_bases); + + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, + ipa_autofs_mobject_map, + SDAP_OPTS_AUTOFS_MAP, + &ipa_opts->id->autofs_mobject_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not get autofs map object attribute map\n")); + return ret; + } + + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, + ipa_autofs_entry_map, + SDAP_OPTS_AUTOFS_ENTRY, + &ipa_opts->id->autofs_entry_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not get autofs entry object attribute map\n")); + return ret; + } + + *_opts = ipa_opts->id; + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 2d0e0e1d4..84c726c85 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -39,6 +39,9 @@ struct ipa_service { #define IPA_OPTS_SVC_TEST 5 +#define IPA_OPTS_AUTOMNTMAP_TEST 2 +#define IPA_OPTS_AUTOMNTENTRY_TEST 3 + /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ @@ -57,6 +60,7 @@ enum ipa_basic_opt { IPA_HBAC_REFRESH, IPA_HBAC_DENY_METHOD, IPA_HBAC_SUPPORT_SRCHOST, + IPA_AUTOMOUNT_LOCATION, IPA_OPTS_BASIC /* opts counter */ }; @@ -148,6 +152,16 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, const char *conf_path, struct dp_option **_opts); +int ipa_get_autofs_options(struct ipa_options *ipa_opts, + struct confdb_ctx *cdb, + const char *conf_path, + struct sdap_options **_opts); + +int ipa_autofs_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data); + int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *servers, struct ipa_options *options, diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 1165048b2..20745c11f 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -180,8 +180,6 @@ int sssm_ipa_id_init(struct be_ctx *bectx, } } - - ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { DEBUG(1, ("setup_tls_config failed [%d][%s].\n", @@ -484,3 +482,27 @@ done: return ret; } #endif + +int sssm_ipa_autofs_init(struct be_ctx *bectx, + struct bet_ops **ops, + void **pvt_data) +{ +#ifdef BUILD_AUTOFS + struct ipa_id_ctx *id_ctx; + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing IPA autofs handler\n")); + + ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); + return ret; + } + + return ipa_autofs_init(bectx, id_ctx, ops, pvt_data); +#else + DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs init handler called but SSSD is " + "built without autofs support, ignoring\n")); + return EOK; +#endif +} diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index c377bcb67..c91257634 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -89,6 +89,9 @@ void sdap_pam_chpass_handler(struct be_req *breq); /* access */ void sdap_pam_access_handler(struct be_req *breq); +/* autofs */ +void sdap_autofs_handler(struct be_req *breq); + void sdap_handler_done(struct be_req *req, int dp_err, int error, const char *errstr); diff --git a/src/tests/ipa_ldap_opt-tests.c b/src/tests/ipa_ldap_opt-tests.c index 121a0610b..2497c97c2 100644 --- a/src/tests/ipa_ldap_opt-tests.c +++ b/src/tests/ipa_ldap_opt-tests.c @@ -78,6 +78,8 @@ START_TEST(test_check_num_opts) { fail_if(IPA_OPTS_BASIC_TEST != SDAP_OPTS_BASIC); fail_if(IPA_OPTS_SVC_TEST != SDAP_OPTS_SERVICES); + fail_if(IPA_OPTS_AUTOMNTMAP_TEST != SDAP_OPTS_AUTOFS_MAP); + fail_if(IPA_OPTS_AUTOMNTENTRY_TEST != SDAP_OPTS_AUTOFS_ENTRY); fail_if(IPA_KRB5_OPTS_TEST != KRB5_OPTS); } END_TEST -- cgit