2 files changed, 79 insertions, 0 deletions

diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index 1eac748c..d8c0c78c 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -30,21 +30,35 @@
 #define CACHE_SYSDB_FILE "cache_%s.ldb"
 #define LOCAL_SYSDB_FILE "sssd.ldb"
 
+#define SUDO_RULE_OBJ_CLASS "sudoRole"
 #define SYSDB_BASE "cn=sysdb"
 #define SYSDB_DOM_BASE "cn=%s,cn=sysdb"
 #define SYSDB_USERS_CONTAINER "cn=users"
 #define SYSDB_GROUPS_CONTAINER "cn=groups"
 #define SYSDB_CUSTOM_CONTAINER "cn=custom"
 #define SYSDB_NETGROUP_CONTAINER "cn=Netgroups"
+#define SYSDB_SUDO_CONTAINER "ou=sudoers"
 #define SYSDB_TMPL_USER_BASE SYSDB_USERS_CONTAINER",cn=%s,"SYSDB_BASE
 #define SYSDB_TMPL_GROUP_BASE SYSDB_GROUPS_CONTAINER",cn=%s,"SYSDB_BASE
 #define SYSDB_TMPL_CUSTOM_BASE SYSDB_CUSTOM_CONTAINER",cn=%s,"SYSDB_BASE
 #define SYSDB_TMPL_NETGROUP_BASE SYSDB_NETGROUP_CONTAINER",cn=%s,"SYSDB_BASE
+#define SYSDB_TMPL_SUDO_BASE SYSDB_SUDO_CONTAINER",cn=%s,"SYSDB_BASE
+#define SYSDB_SUDORULE SYSDB_OBJECTCLASS"="SUDO_RULE_OBJ_CLASS
 
 #define SYSDB_USER_CLASS "user"
 #define SYSDB_GROUP_CLASS "group"
 #define SYSDB_NETGROUP_CLASS "netgroup"
 
+#define SYSDB_SUDO_USER_ATTR "sudoUser"
+#define SYSDB_SUDO_HOST_ATTR "sudoHost"
+#define SYSDB_SUDO_OPTION_ATTR "sudoOption"
+#define SYSDB_SUDO_COMMAND_ATTR "sudoCommand"
+#define SYSDB_SUDO_RUNAS_USER_ATTR "sudoRunAsUser"
+#define SYSDB_SUDO_RUNAS_GROUP_ATTR "sudoRunAsGroup"
+#define SYSDB_SUDO_NOT_BEFORE_ATTR "sudoNotBefore"
+#define SYSDB_SUDO_NOT_AFTER_ATTR "sudoNotAfter"
+#define SYSDB_SUDO_ORDER_ATTR "sudoOrder"
+
 #define SYSDB_NAME "name"
 #define SYSDB_OBJECTCLASS "objectClass"
 
@@ -400,6 +414,15 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx,
                        size_t *msgs_count,
                        struct ldb_message ***msgs);
 
+/* search sudo rules */
+int sysdb_search_sudo_rules(TALLOC_CTX *mem_ctx,
+                       struct sysdb_ctx *sysdb,
+                       struct sss_domain_info *domain,
+                       const char *sub_filter,
+                       const char **attrs,
+                       size_t *msgs_count,
+                       struct ldb_message ***msgs);
+
 /* Search User (by uid or name) */
 int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx,
                               struct sysdb_ctx *ctx,
diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c
index a7911de4..77e0fe9f 100644
--- a/src/db/sysdb_ops.c
+++ b/src/db/sysdb_ops.c
@@ -2096,6 +2096,62 @@ fail:
     return ret;
 }
 
+int sysdb_search_sudo_rules(TALLOC_CTX *mem_ctx,
+                       struct sysdb_ctx *sysdb,
+                       struct sss_domain_info *domain,
+                       const char *sub_filter,
+                       const char **attrs,
+                       size_t *msgs_count,
+                       struct ldb_message ***msgs)
+{
+    TALLOC_CTX *tmpctx;
+    struct ldb_dn *basedn;
+    char *filter;
+    int ret;
+
+    tmpctx = talloc_new(mem_ctx);
+    if (!tmpctx) {
+        return ENOMEM;
+    }
+
+    if (!domain) {
+        domain = sysdb->domain;
+    }
+
+    basedn = ldb_dn_new_fmt(tmpctx, sysdb->ldb,SYSDB_TMPL_SUDO_BASE, domain->name);
+    if (!basedn) {
+        DEBUG(2, ("Failed to build base dn\n"));
+        ret = ENOMEM;
+        goto fail;
+    }
+
+    filter = talloc_asprintf(tmpctx, "(&(%s)(%s))", SYSDB_SUDORULE, sub_filter);
+    if (!filter) {
+        DEBUG(2, ("Failed to build filter\n"));
+        ret = ENOMEM;
+        goto fail;
+    }
+
+    DEBUG(6, ("Search users with filter: %s\n", filter));
+
+    ret = sysdb_search_entry(mem_ctx, sysdb, basedn,
+                             LDB_SCOPE_SUBTREE, filter, attrs,
+                             msgs_count, msgs);
+    if (ret) {
+        goto fail;
+    }
+
+    talloc_zfree(tmpctx);
+    return EOK;
+
+fail:
+    DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret)));
+    talloc_zfree(tmpctx);
+    return ret;
+}
+
+
+
 /* =Search-Users-with-Custom-Filter====================================== */
 
 int sysdb_search_users(TALLOC_CTX *mem_ctx,