diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2016-03-01 14:00:26 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-03-09 15:24:43 +0100 |
| commit | 991c9f47fcb24704b880f60ab8ee77cfda056e2c (patch) | |
| tree | ee991e99f81dc8017bcc0c40fe952ad423720725 | |
| parent | 2d84b65383f2d13d6f94ac561ad92907b59062f3 (diff) | |
| download | sssd-991c9f47fcb24704b880f60ab8ee77cfda056e2c.tar.gz sssd-991c9f47fcb24704b880f60ab8ee77cfda056e2c.tar.xz sssd-991c9f47fcb24704b880f60ab8ee77cfda056e2c.zip | |
IPA SUDO: download externalUser attribute
This allows configuration with id_provider = proxy
and sudo_provider = ipa when someone needs to fetch
rules for local users.
https://fedorahosted.org/sssd/ticket/2972
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 1 | ||||
| -rw-r--r-- | src/db/sysdb_sudo.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.c | 1 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_sudo_conversion.c | 1 |
5 files changed, 5 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 8cd20c0c6..67a46102b 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -258,6 +258,7 @@ ipa_sudorule_runasgroupcategory = str, None, false ipa_sudorule_runasextuser = str, None, false ipa_sudorule_runasextgroup = str, None, false ipa_sudorule_runasextusergroup = str, None, false +ipa_sudorule_externaluser = str, None, false ipa_sudorule_entry_usn = str, None, false ipa_sudocmdgroup_object_class = str, None, false ipa_sudocmdgroup_uuid = str, None, false diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h index ba90a6851..515f45ab8 100644 --- a/src/db/sysdb_sudo.h +++ b/src/db/sysdb_sudo.h @@ -68,6 +68,7 @@ #define SYSDB_IPA_SUDORULE_RUNASEXTUSER "ipaSudoRunAsExtUser" #define SYSDB_IPA_SUDORULE_RUNASEXTGROUP "ipaSudoRunAsExtGroup" #define SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP "ipaSudoRunAsExtUserGroup" +#define SYSDB_IPA_SUDORULE_EXTUSER "externalUser" #define SYSDB_IPA_SUDOCMDGROUP_OC "ipasudocmdgrp" diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 24898ee38..d1688bb6a 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -156,6 +156,7 @@ enum ipa_sudorule_attrs { IPA_AT_SUDORULE_RUNASEXTUSER, IPA_AT_SUDORULE_RUNASEXTGROUP, IPA_AT_SUDORULE_RUNASEXTUSERGROUP, + IPA_AT_SUDORULE_EXTUSER, IPA_AT_SUDORULE_ENTRYUSN, IPA_OPTS_SUDORULE diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c index fe469852b..5b0b44e24 100644 --- a/src/providers/ipa/ipa_opts.c +++ b/src/providers/ipa/ipa_opts.c @@ -361,6 +361,7 @@ struct sdap_attr_map ipa_sudorule_map[] = { { "ipa_sudorule_runasextuser", "ipaSudoRunAsExtUser", SYSDB_IPA_SUDORULE_RUNASEXTUSER, NULL }, { "ipa_sudorule_runasextgroup", "ipaSudoRunAsExtGroup", SYSDB_IPA_SUDORULE_RUNASEXTGROUP, NULL }, { "ipa_sudorule_runasextusergroup", "ipaSudoRunAsExtUserGroup", SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP, NULL }, + { "ipa_sudorule_externaluser", "externalUser", SYSDB_IPA_SUDORULE_EXTUSER, NULL }, { "ipa_sudorule_entry_usn", "entryUSN", SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index 02d7ebd5d..ff63551c0 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -809,6 +809,7 @@ convert_attributes(struct ipa_sudo_conv *conv, {SYSDB_IPA_SUDORULE_RUNASEXTUSER, SYSDB_SUDO_CACHE_AT_RUNASUSER , NULL}, {SYSDB_IPA_SUDORULE_RUNASEXTGROUP, SYSDB_SUDO_CACHE_AT_RUNASGROUP , NULL}, {SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP, SYSDB_SUDO_CACHE_AT_RUNASUSER , convert_runasextusergroup}, + {SYSDB_IPA_SUDORULE_EXTUSER, SYSDB_SUDO_CACHE_AT_USER , NULL}, {SYSDB_IPA_SUDORULE_ALLOWCMD, SYSDB_IPA_SUDORULE_ORIGCMD , NULL}, {SYSDB_IPA_SUDORULE_DENYCMD, SYSDB_IPA_SUDORULE_ORIGCMD , NULL}, {NULL, NULL, NULL}}; |