diff options
| author | Pavel Březina <pbrezina@redhat.com> | 2016-01-18 12:15:47 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2016-01-19 14:34:02 +0100 |
| commit | a7d2b4f157194c14bc4a40c74f6416b82befa460 (patch) | |
| tree | e616a054442ffe88b5229b15558719153e1ecd2b | |
| parent | 1476d5348fcf387e7481d833becbd993d91f8019 (diff) | |
| download | sssd-a7d2b4f157194c14bc4a40c74f6416b82befa460.tar.gz sssd-a7d2b4f157194c14bc4a40c74f6416b82befa460.tar.xz sssd-a7d2b4f157194c14bc4a40c74f6416b82befa460.zip | |
IPA SUDO: Add support for ipaSudoRunAsExt* attributes
Reviewed-by: Sumit Bose <sbose@redhat.com>
| -rw-r--r-- | src/config/etc/sssd.api.d/sssd-ipa.conf | 3 | ||||
| -rw-r--r-- | src/db/sysdb_sudo.h | 3 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 3 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_opts.c | 3 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_sudo_conversion.c | 11 |
5 files changed, 23 insertions, 0 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf index 2784a01e7..13715ec34 100644 --- a/src/config/etc/sssd.api.d/sssd-ipa.conf +++ b/src/config/etc/sssd.api.d/sssd-ipa.conf @@ -253,6 +253,9 @@ ipa_sudorule_hostcategory = str, None, false ipa_sudorule_usercategory = str, None, false ipa_sudorule_runasusercategory = str, None, false ipa_sudorule_runasgroupcategory = str, None, false +ipa_sudorule_runasextuser = str, None, false +ipa_sudorule_runasextgroup = str, None, false +ipa_sudorule_runasextusergroup = str, None, false ipa_sudorule_entry_usn = str, None, false ipa_sudocmdgroup_object_class = str, None, false ipa_sudocmdgroup_uuid = str, None, false diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h index 8635e7804..ba90a6851 100644 --- a/src/db/sysdb_sudo.h +++ b/src/db/sysdb_sudo.h @@ -65,6 +65,9 @@ #define SYSDB_IPA_SUDORULE_USERCATEGORY "userCategory" #define SYSDB_IPA_SUDORULE_RUNASUSERCATEGORY "ipaSudoRunAsUserCategory" #define SYSDB_IPA_SUDORULE_RUNASGROUPCATEGORY "ipaSudoRunAsGroupCategory" +#define SYSDB_IPA_SUDORULE_RUNASEXTUSER "ipaSudoRunAsExtUser" +#define SYSDB_IPA_SUDORULE_RUNASEXTGROUP "ipaSudoRunAsExtGroup" +#define SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP "ipaSudoRunAsExtUserGroup" #define SYSDB_IPA_SUDOCMDGROUP_OC "ipasudocmdgrp" diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 8cb2058fe..24898ee38 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -153,6 +153,9 @@ enum ipa_sudorule_attrs { IPA_AT_SUDORULE_USERCATEGORY, IPA_AT_SUDORULE_RUNASUSERCATEGORY, IPA_AT_SUDORULE_RUNASGROUPCATEGORY, + IPA_AT_SUDORULE_RUNASEXTUSER, + IPA_AT_SUDORULE_RUNASEXTGROUP, + IPA_AT_SUDORULE_RUNASEXTUSERGROUP, IPA_AT_SUDORULE_ENTRYUSN, IPA_OPTS_SUDORULE diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c index 725e51235..cda10f89a 100644 --- a/src/providers/ipa/ipa_opts.c +++ b/src/providers/ipa/ipa_opts.c @@ -356,6 +356,9 @@ struct sdap_attr_map ipa_sudorule_map[] = { { "ipa_sudorule_usercategory", "userCategory", SYSDB_IPA_SUDORULE_USERCATEGORY, NULL }, { "ipa_sudorule_runasusercategory", "ipaSudoRunAsUserCategory", SYSDB_IPA_SUDORULE_RUNASUSERCATEGORY, NULL }, { "ipa_sudorule_runasgroupcategory", "ipaSudoRunAsGroupCategory", SYSDB_IPA_SUDORULE_RUNASGROUPCATEGORY, NULL }, + { "ipa_sudorule_runasextuser", "ipaSudoRunAsExtUser", SYSDB_IPA_SUDORULE_RUNASEXTUSER, NULL }, + { "ipa_sudorule_runasextgroup", "ipaSudoRunAsExtGroup", SYSDB_IPA_SUDORULE_RUNASEXTGROUP, NULL }, + { "ipa_sudorule_runasextusergroup", "ipaSudoRunAsExtUserGroup", SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP, NULL }, { "ipa_sudorule_entry_usn", "entryUSN", SYSDB_USN, NULL }, SDAP_ATTR_MAP_TERMINATOR }; diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c index 195e40f24..02d7ebd5d 100644 --- a/src/providers/ipa/ipa_sudo_conversion.c +++ b/src/providers/ipa/ipa_sudo_conversion.c @@ -757,6 +757,14 @@ convert_group(TALLOC_CTX *mem_ctx, } static const char * +convert_runasextusergroup(TALLOC_CTX *mem_ctx, + struct ipa_sudo_conv *conv, + const char *value) +{ + return talloc_asprintf(mem_ctx, "%%%s", value); +} + +static const char * convert_cat(TALLOC_CTX *mem_ctx, struct ipa_sudo_conv *conv, const char *value) @@ -798,6 +806,9 @@ convert_attributes(struct ipa_sudo_conv *conv, {SYSDB_IPA_SUDORULE_USERCATEGORY, SYSDB_SUDO_CACHE_AT_USER , convert_cat}, {SYSDB_IPA_SUDORULE_RUNASUSERCATEGORY, SYSDB_SUDO_CACHE_AT_RUNASUSER , convert_cat}, {SYSDB_IPA_SUDORULE_RUNASGROUPCATEGORY, SYSDB_SUDO_CACHE_AT_RUNASGROUP , convert_cat}, + {SYSDB_IPA_SUDORULE_RUNASEXTUSER, SYSDB_SUDO_CACHE_AT_RUNASUSER , NULL}, + {SYSDB_IPA_SUDORULE_RUNASEXTGROUP, SYSDB_SUDO_CACHE_AT_RUNASGROUP , NULL}, + {SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP, SYSDB_SUDO_CACHE_AT_RUNASUSER , convert_runasextusergroup}, {SYSDB_IPA_SUDORULE_ALLOWCMD, SYSDB_IPA_SUDORULE_ORIGCMD , NULL}, {SYSDB_IPA_SUDORULE_DENYCMD, SYSDB_IPA_SUDORULE_ORIGCMD , NULL}, {NULL, NULL, NULL}}; |