diff options
author | Pavel Březina <pbrezina@redhat.com> | 2015-11-25 13:14:57 +0100 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-19 14:33:32 +0100 |
commit | 4ddd5591c50e27dffa55f03fbce0dcc85cd50a8b (patch) | |
tree | e643c03b2f692402ca797d66331590aa1ee3d1bf /src/providers/ipa/ipa_sudo.c | |
parent | cc7766c8456653ab5d7dedbf432cb1711a905804 (diff) | |
download | sssd-4ddd5591c50e27dffa55f03fbce0dcc85cd50a8b.tar.gz sssd-4ddd5591c50e27dffa55f03fbce0dcc85cd50a8b.tar.xz sssd-4ddd5591c50e27dffa55f03fbce0dcc85cd50a8b.zip |
IPA SUDO: Implement sudo handler
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
Reviewed-by: Sumit Bose <sbose@redhat.com>
Diffstat (limited to 'src/providers/ipa/ipa_sudo.c')
-rw-r--r-- | src/providers/ipa/ipa_sudo.c | 82 |
1 files changed, 82 insertions, 0 deletions
diff --git a/src/providers/ipa/ipa_sudo.c b/src/providers/ipa/ipa_sudo.c index 529fb5f07..e1b0c8288 100644 --- a/src/providers/ipa/ipa_sudo.c +++ b/src/providers/ipa/ipa_sudo.c @@ -18,10 +18,19 @@ along with this program. If not, see <http://www.gnu.org/licenses/>. */ +#include "providers/ipa/ipa_opts.h" #include "providers/ipa/ipa_common.h" #include "providers/ldap/sdap_sudo.h" +#include "providers/ipa/ipa_sudo.h" #include "db/sysdb_sudo.h" +static void ipa_sudo_handler(struct be_req *breq); + +struct bet_ops ipa_sudo_ops = { + .handler = ipa_sudo_handler, + .finalize = NULL, +}; + enum sudo_schema { SUDO_SCHEMA_IPA, SUDO_SCHEMA_LDAP @@ -85,6 +94,72 @@ done: return ret; } +static int +ipa_sudo_init_ipa_schema(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data) +{ + struct ipa_sudo_ctx *sudo_ctx; + errno_t ret; + + sudo_ctx = talloc_zero(be_ctx, struct ipa_sudo_ctx); + if (sudo_ctx == NULL) { + return ENOMEM; + } + + sudo_ctx->id_ctx = id_ctx->sdap_id_ctx; + sudo_ctx->ipa_opts = id_ctx->ipa_options; + sudo_ctx->sdap_opts = id_ctx->sdap_id_ctx->opts; + + ret = sdap_get_map(sudo_ctx, be_ctx->cdb, be_ctx->conf_path, + ipa_sudorule_map, IPA_OPTS_SUDORULE, + &sudo_ctx->sudorule_map); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map " + "[%d]: %s\n", ret, sss_strerror(ret)); + goto done; + } + + ret = sdap_get_map(sudo_ctx, be_ctx->cdb, be_ctx->conf_path, + ipa_sudocmdgroup_map, IPA_OPTS_SUDOCMDGROUP, + &sudo_ctx->sudocmdgroup_map); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map " + "[%d]: %s\n", ret, sss_strerror(ret)); + goto done; + } + + ret = sdap_get_map(sudo_ctx, be_ctx->cdb, be_ctx->conf_path, + ipa_sudocmd_map, IPA_OPTS_SUDOCMD, + &sudo_ctx->sudocmd_map); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, "Unable to parse attribute map " + "[%d]: %s\n", ret, sss_strerror(ret)); + goto done; + } + + ret = sdap_parse_search_base(sudo_ctx, sudo_ctx->sdap_opts->basic, + SDAP_SUDO_SEARCH_BASE, + &sudo_ctx->sudo_sb); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, "Could not parse sudo search base\n"); + return ret; + } + + *ops = &ipa_sudo_ops; + *pvt_data = sudo_ctx; + + ret = EOK; + +done: + if (ret != EOK) { + talloc_free(sudo_ctx); + } + + return ret; +} + int ipa_sudo_init(struct be_ctx *be_ctx, struct ipa_id_ctx *id_ctx, struct bet_ops **ops, @@ -107,6 +182,7 @@ int ipa_sudo_init(struct be_ctx *be_ctx, switch (schema) { case SUDO_SCHEMA_IPA: DEBUG(SSSDBG_TRACE_FUNC, "Using IPA schema for sudo\n"); + ret = ipa_sudo_init_ipa_schema(be_ctx, id_ctx, ops, pvt_data); break; case SUDO_SCHEMA_LDAP: DEBUG(SSSDBG_TRACE_FUNC, "Using LDAP schema for sudo\n"); @@ -122,3 +198,9 @@ int ipa_sudo_init(struct be_ctx *be_ctx, return EOK; } + +static void +ipa_sudo_handler(struct be_req *be_req) +{ + sdap_handler_done(be_req, DP_ERR_FATAL, ERR_INTERNAL, "Not implemented yet."); +} |