diff options
| -rw-r--r-- | src/providers/ldap/ldap_options.c | 20 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_opts.h | 31 | ||||
| -rw-r--r-- | src/providers/ldap/sdap.h | 35 |
3 files changed, 86 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_options.c b/src/providers/ldap/ldap_options.c index 7ad607150..c5af1f551 100644 --- a/src/providers/ldap/ldap_options.c +++ b/src/providers/ldap/ldap_options.c @@ -394,6 +394,26 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx, return ret; } + /* attrs map for IPA SUDO Provider */ + ret = sdap_get_map(opts, cdb, conf_path, + ipa_sudorule_map, + SDAP_OPTS_IPA_SUDO, + &opts->ipa_sudorule_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Could not get IPA SUDO attribute map\n"); + return ret; + } + + /* attrs map for IPA SUDO commands */ + ret = sdap_get_map(opts, cdb, conf_path, + ipa_sudocmds_map, + SDAP_OPTS_SUDO_CMD, + &opts->ipa_sudocmds_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Could not get IPA SUDO commnads attribute map\n"); + return ret; + } + /* host filter */ *use_host_filter = dp_opt_get_bool(opts->basic, SDAP_SUDO_USE_HOST_FILTER); *include_netgroups = dp_opt_get_bool(opts->basic, SDAP_SUDO_INCLUDE_NETGROUPS); diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 9f58db5bd..0e961dbee 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -338,6 +338,37 @@ struct sdap_attr_map native_sudorule_map[] = { SDAP_ATTR_MAP_TERMINATOR }; +struct sdap_attr_map ipa_sudorule_map[] = { + { "ipa_sudorule_object_class", "ipasudorule", "ipasudorule", NULL }, + { "ldap_sudorule_name", "cn", SYSDB_SUDO_CACHE_AT_CN, NULL }, + { "ldap_sudorule_usercategory", "userCategory", "userCategory", NULL }, + { "ldap_sudorule_memberuser", "memberUser", "memberUser", NULL }, + { "ldap_sudorule_externaluser", "externalUser", SYSDB_SUDO_CACHE_AT_USER, NULL }, + { "ldap_sudorule_hostcategory", "hostCategory", "hostCategory", NULL }, + { "ldap_sudorule_memberhost", "memberHost", "memberHost", NULL }, + { "ldap_sudorule_externalhost", "externalHost", SYSDB_SUDO_CACHE_AT_HOST, NULL }, + { "ldap_sudorule_cmdcategory", "cmdCategory", "cmdCategory", NULL }, + { "ldap_sudorule_memberallowcmd", "memberAllowCmd", "memberAllowCmd", NULL }, + { "ldap_sudorule_memberdenycmd", "memberDenyCmd", "memberDenyCmd", NULL }, + { "ldap_sudorule_ipasudoopt", "ipaSudoOpt", SYSDB_SUDO_CACHE_AT_OPTION, NULL }, + { "ldap_sudorule_ipasudorunasusercategory", "ipaSudoRunAsUserCategory", "ipaSudoRunAsUserCategory", NULL }, + { "ldap_sudorule_ipasudorunas", "ipaSudoRunAs", "ipaSudoRunAs", NULL }, + { "ldap_sudorule_ipasudorunasextuser", "ipaSudoRunAsExtUser", SYSDB_SUDO_CACHE_AT_RUNASUSER, NULL }, + { "ldap_sudorule_ipasudorunasgroupcategory", "ipaSudoRunAsGroupCategory", "ipaSudoRunAsGroupCategory", NULL }, + { "ldap_sudorule_ipasudorunasgroup", "ipaSudoRunAsGroup", "ipaSudoRunAsGroup", NULL }, + { "ldap_sudorule_ipasudorunasextgroup", "ipaSudoRunAsExtGroup", SYSDB_SUDO_CACHE_AT_RUNASGROUP, NULL }, + { "ldap_sudorule_entry_usn", "entryUSN", SYSDB_USN, NULL }, + SDAP_ATTR_MAP_TERMINATOR +}; + +struct sdap_attr_map ipa_sudocmds_map[] = { + { "ipa_sudocmd_object_class", "ipasudocmd", "ipasudocmd", NULL }, + { "ipa_sudocmd_ipauniqueid", "ipaUniqueID", "ipaUniqueID", NULL }, + { "ipa_sudocmd_command", "sudoCmd", "sudoCmd", NULL }, + { "ipa_sudocmd_memberof", "memberOf", "memberOf", NULL }, + SDAP_ATTR_MAP_TERMINATOR +}; + struct sdap_attr_map service_map[] = { { "ldap_service_object_class", "ipService", SYSDB_SVC_CLASS, NULL }, { "ldap_service_name", "cn", SYSDB_NAME, NULL }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index edfbf229b..e6f8c22ed 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -335,6 +335,39 @@ enum sdap_sudorule_attrs { SDAP_OPTS_SUDO /* attrs counter */ }; +enum sdap_ipa_sudorule_attrs { + SDAP_OC_IPA_SUDORULE = 0, + SDAP_AT_IPA_SUDO_NAME, + SDAP_AT_IPA_SUDO_USER_CAT, + SDAP_AT_IPA_SUDO_MEM_USER, + SDAP_AT_IPA_SUDO_EXT_USER, + SDAP_AT_IPA_SUDO_HOST_CAT, + SDAP_AT_IPA_SUDO_MEM_HOST, + SDAP_AT_IPA_SUDO_EXT_HOST, + SDAP_AT_IPA_SUDO_CMD_CAT, + SDAP_AT_IPA_SUDO_MEM_ALLOW_CMD, + SDAP_AT_IPA_SUDO_MEM_DENY_CMD, + SDAP_AT_IPA_SUDO_OPT, + SDAP_AT_IPA_SUDO_RUN_AS_USER_CAT, + SDAP_AT_IPA_SUDO_RUN_AS, + SDAP_AT_IPA_SUDO_RUN_AS_EXT_USER, + SDAP_AT_IPA_SUDO_RUN_AS_GROUP_CAT, + SDAP_AT_IPA_SUDO_RUN_AS_GROUP, + SDAP_AT_IPA_SUDO_RUN_AS_EXT_GROUP, + SDAP_AT_IPA_SUDO_USN, + + SDAP_OPTS_IPA_SUDO /* attrs counter */ +}; + +enum sdap_ipa_sudocmds_attrs { + SDAP_OC_SUDO_CMD = 0, + SDAP_OC_SUDO_CMD_CMD, + SDAP_OC_SUDO_CMD_MEMBEROF, + SDAP_OC_SUDO_CMD_IPAUNIQUEID, + + SDAP_OPTS_SUDO_CMD /* attrs counter */ +}; + enum sdap_service_attrs { SDAP_OC_SERVICE = 0, SDAP_AT_SERVICE_NAME, @@ -435,6 +468,8 @@ struct sdap_options { /* FIXME - should this go to a special struct to avoid mixing with name-service-switch maps? */ struct sdap_attr_map *sudorule_map; + struct sdap_attr_map *ipa_sudorule_map; /* map for IPA SUDO scheme */ + struct sdap_attr_map *ipa_sudocmds_map; /* map for IPA SUDO commands */ struct sdap_attr_map *autofs_mobject_map; struct sdap_attr_map *autofs_entry_map; |