src/providers/ldap/sdap_sudo.h


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151

/*
    Authors:
        Pavel Březina <pbrezina@redhat.com>

    Copyright (C) 2011 Red Hat

    This program is free software; you can redistribute it and/or modify
    it under the terms of the GNU General Public License as published by
    the Free Software Foundation; either version 3 of the License, or
    (at your option) any later version.

    This program is distributed in the hope that it will be useful,
    but WITHOUT ANY WARRANTY; without even the implied warranty of
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
    GNU General Public License for more details.

    You should have received a copy of the GNU General Public License
    along with this program.  If not, see <http://www.gnu.org/licenses/>.
*/

#ifndef _SDAP_SUDO_H_
#define _SDAP_SUDO_H_

/* these two structures are used by both LDAP and IPA SUDO Providers */
struct sdap_sudo_ctx {
    struct be_ctx *be_ctx;
    struct sdap_id_ctx *id_ctx;

    char **hostnames;
    char **ip_addr;

    char *ipa_hostname;
    char **ipa_hostgroups;

    bool include_netgroups;
    bool include_regexp;
    bool use_host_filter;

    bool full_refresh_done;
    bool full_refresh_in_progress;
    int full_refresh_attempts;
    struct be_cb *first_refresh_online_cb;
    struct tevent_req *first_refresh_timer;
};

struct sdap_sudo_refresh_state {
    struct be_ctx *be_ctx;
    struct sdap_options *opts;
    struct sdap_id_op *sdap_op;
    struct sdap_id_conn_cache *sdap_conn_cache;
    struct sysdb_ctx *sysdb;
    struct sss_domain_info *domain;

    const char *ldap_filter; /* search */
    const char *sysdb_filter; /* delete */

    struct sysdb_attrs **ldap_rules; /* search result will be stored here */
    size_t ldap_rules_count;

    int dp_error;
    int error;
    char *highest_usn;
    size_t num_rules;
};

enum sdap_sudo_refresh_type {
    SDAP_SUDO_REFRESH_FULL,
    SDAP_SUDO_REFRESH_SMART,
    SDAP_SUDO_REFRESH_RULES
};

/* Common functions from ldap_sudo.c */
void sdap_sudo_handler(struct be_req *breq);
int sdap_sudo_init(struct be_ctx *be_ctx,
                   struct sdap_id_ctx *id_ctx,
                   struct bet_ops **ops,
                   void **pvt_data);
void sdap_sudo_set_usn(struct sdap_server_opts *srv_opts, char *usn);

/* sdap async interface */
struct tevent_req *sdap_sudo_refresh_send(TALLOC_CTX *mem_ctx,
                                          struct be_ctx *be_ctx,
                                          struct sdap_options *opts,
                                          struct sdap_id_conn_cache *conn_cache,
                                          const char *ldap_filter,
                                          const char *sysdb_filter);

int sdap_sudo_load_sudoers_recv(struct tevent_req *req,
                                TALLOC_CTX *mem_ctx,
                                size_t *rules_count,
                                struct sysdb_attrs ***rules);

int sdap_sudo_refresh_recv(TALLOC_CTX *mem_ctx,
                           struct tevent_req *req,
                           int *dp_error,
                           int *error,
                           char **usn,
                           size_t *num_rules,
                           struct sysdb_attrs ***rules);

/* sysdb */
int sdap_sudo_purge_sudoers(struct sss_domain_info *dom,
                            const char *filter,
                            struct sdap_attr_map *map,
                            size_t rules_count,
                            struct sysdb_attrs **rules);

int sdap_sudo_store_sudoers(TALLOC_CTX *mem_ctx,
                            struct sss_domain_info *domain,
                            struct sdap_options *opts,
                            size_t rules_count,
                            struct sysdb_attrs **rules,
                            int cache_timeout,
                            time_t now,
                            char **_usn);

typedef struct tevent_req * (*sdap_sudo_timer_fn_t)(TALLOC_CTX *mem_ctx,
                                                    struct sdap_sudo_ctx *sudo_ctx);

struct tevent_req * sdap_sudo_timer_send(TALLOC_CTX *mem_ctx,
                                         struct tevent_context *ev,
                                         struct sdap_sudo_ctx *sudo_ctx,
                                         struct timeval when,
                                         time_t timeout,
                                         sdap_sudo_timer_fn_t fn);

int sdap_sudo_timer_recv(TALLOC_CTX *mem_ctx,
                         struct tevent_req *req,
                         struct tevent_req **_subreq);

/* host info */
struct tevent_req * sdap_sudo_get_hostinfo_send(TALLOC_CTX *mem_ctx,
                                                struct sdap_options *opts,
                                                struct be_ctx *be_ctx);

int sdap_sudo_get_hostinfo_recv(TALLOC_CTX *mem_ctx,
                                struct tevent_req *req,
                                char ***hostnames, char ***ip_addr);

/* (&(objectClass=sudoRole)(|(cn=defaults)(sudoUser=ALL)%s)) */
#define SDAP_SUDO_FILTER_USER "(&(objectClass=%s)(|(%s=%s)(%s=ALL)%s))"
#define SDAP_SUDO_FILTER_CLASS "(objectClass=%s)"
#define SDAP_SUDO_FILTER_DEFAULTS  "(&(objectClass=%s)(%s=%s))"
#define SDAP_SUDO_DEFAULTS    "defaults"

#define SDAP_SUDO_FILTER_USERNAME "(%s=%s)"
#define SDAP_SUDO_FILTER_UID "(%s=#%u)"
#define SDAP_SUDO_FILTER_GROUP "(%s=%%%s)"
#define SDAP_SUDO_FILTER_NETGROUP "(%s=+%s)"

#endif /* _SDAP_SUDO_H_ */