diff options
Diffstat (limited to 'src/db')
-rw-r--r-- | src/db/sysdb.h | 23 | ||||
-rw-r--r-- | src/db/sysdb_ops.c | 56 |
2 files changed, 79 insertions, 0 deletions
diff --git a/src/db/sysdb.h b/src/db/sysdb.h index 1eac748c..d8c0c78c 100644 --- a/src/db/sysdb.h +++ b/src/db/sysdb.h @@ -30,21 +30,35 @@ #define CACHE_SYSDB_FILE "cache_%s.ldb" #define LOCAL_SYSDB_FILE "sssd.ldb" +#define SUDO_RULE_OBJ_CLASS "sudoRole" #define SYSDB_BASE "cn=sysdb" #define SYSDB_DOM_BASE "cn=%s,cn=sysdb" #define SYSDB_USERS_CONTAINER "cn=users" #define SYSDB_GROUPS_CONTAINER "cn=groups" #define SYSDB_CUSTOM_CONTAINER "cn=custom" #define SYSDB_NETGROUP_CONTAINER "cn=Netgroups" +#define SYSDB_SUDO_CONTAINER "ou=sudoers" #define SYSDB_TMPL_USER_BASE SYSDB_USERS_CONTAINER",cn=%s,"SYSDB_BASE #define SYSDB_TMPL_GROUP_BASE SYSDB_GROUPS_CONTAINER",cn=%s,"SYSDB_BASE #define SYSDB_TMPL_CUSTOM_BASE SYSDB_CUSTOM_CONTAINER",cn=%s,"SYSDB_BASE #define SYSDB_TMPL_NETGROUP_BASE SYSDB_NETGROUP_CONTAINER",cn=%s,"SYSDB_BASE +#define SYSDB_TMPL_SUDO_BASE SYSDB_SUDO_CONTAINER",cn=%s,"SYSDB_BASE +#define SYSDB_SUDORULE SYSDB_OBJECTCLASS"="SUDO_RULE_OBJ_CLASS #define SYSDB_USER_CLASS "user" #define SYSDB_GROUP_CLASS "group" #define SYSDB_NETGROUP_CLASS "netgroup" +#define SYSDB_SUDO_USER_ATTR "sudoUser" +#define SYSDB_SUDO_HOST_ATTR "sudoHost" +#define SYSDB_SUDO_OPTION_ATTR "sudoOption" +#define SYSDB_SUDO_COMMAND_ATTR "sudoCommand" +#define SYSDB_SUDO_RUNAS_USER_ATTR "sudoRunAsUser" +#define SYSDB_SUDO_RUNAS_GROUP_ATTR "sudoRunAsGroup" +#define SYSDB_SUDO_NOT_BEFORE_ATTR "sudoNotBefore" +#define SYSDB_SUDO_NOT_AFTER_ATTR "sudoNotAfter" +#define SYSDB_SUDO_ORDER_ATTR "sudoOrder" + #define SYSDB_NAME "name" #define SYSDB_OBJECTCLASS "objectClass" @@ -400,6 +414,15 @@ int sysdb_search_entry(TALLOC_CTX *mem_ctx, size_t *msgs_count, struct ldb_message ***msgs); +/* search sudo rules */ +int sysdb_search_sudo_rules(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *msgs_count, + struct ldb_message ***msgs); + /* Search User (by uid or name) */ int sysdb_search_user_by_name(TALLOC_CTX *mem_ctx, struct sysdb_ctx *ctx, diff --git a/src/db/sysdb_ops.c b/src/db/sysdb_ops.c index a7911de4..77e0fe9f 100644 --- a/src/db/sysdb_ops.c +++ b/src/db/sysdb_ops.c @@ -2096,6 +2096,62 @@ fail: return ret; } +int sysdb_search_sudo_rules(TALLOC_CTX *mem_ctx, + struct sysdb_ctx *sysdb, + struct sss_domain_info *domain, + const char *sub_filter, + const char **attrs, + size_t *msgs_count, + struct ldb_message ***msgs) +{ + TALLOC_CTX *tmpctx; + struct ldb_dn *basedn; + char *filter; + int ret; + + tmpctx = talloc_new(mem_ctx); + if (!tmpctx) { + return ENOMEM; + } + + if (!domain) { + domain = sysdb->domain; + } + + basedn = ldb_dn_new_fmt(tmpctx, sysdb->ldb,SYSDB_TMPL_SUDO_BASE, domain->name); + if (!basedn) { + DEBUG(2, ("Failed to build base dn\n")); + ret = ENOMEM; + goto fail; + } + + filter = talloc_asprintf(tmpctx, "(&(%s)(%s))", SYSDB_SUDORULE, sub_filter); + if (!filter) { + DEBUG(2, ("Failed to build filter\n")); + ret = ENOMEM; + goto fail; + } + + DEBUG(6, ("Search users with filter: %s\n", filter)); + + ret = sysdb_search_entry(mem_ctx, sysdb, basedn, + LDB_SCOPE_SUBTREE, filter, attrs, + msgs_count, msgs); + if (ret) { + goto fail; + } + + talloc_zfree(tmpctx); + return EOK; + +fail: + DEBUG(6, ("Error: %d (%s)\n", ret, strerror(ret))); + talloc_zfree(tmpctx); + return ret; +} + + + /* =Search-Users-with-Custom-Filter====================================== */ int sysdb_search_users(TALLOC_CTX *mem_ctx, |