summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorStephen Gallagher <sgallagh@redhat.com>2012-01-28 11:40:36 -0500
committerStephen Gallagher <sgallagh@redhat.com>2012-01-31 09:37:41 -0500
commitca73004be606fe1a3003f2bc82eede4945fd0f08 (patch)
treeeb9eb6119262f5978fe9062fe3a9912902c43a36
parente2925c2d7d10cbb51098402233784044168f1a77 (diff)
downloadsssd-ca73004be606fe1a3003f2bc82eede4945fd0f08.tar.gz
sssd-ca73004be606fe1a3003f2bc82eede4945fd0f08.tar.xz
sssd-ca73004be606fe1a3003f2bc82eede4945fd0f08.zip
IPA: Add support for services lookups (non-enum)
-rw-r--r--Makefile.am2
-rw-r--r--src/providers/ipa/ipa_common.c38
-rw-r--r--src/providers/ipa/ipa_common.h4
-rw-r--r--src/tests/ipa_ldap_opt-tests.c1
4 files changed, 44 insertions, 1 deletions
diff --git a/Makefile.am b/Makefile.am
index d2f099b3..710f33c6 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1018,6 +1018,7 @@ libsss_ipa_la_SOURCES = \
src/providers/ldap/ldap_id_enum.c \
src/providers/ldap/ldap_id_cleanup.c \
src/providers/ldap/ldap_id_netgroup.c \
+ src/providers/ldap/ldap_id_services.c \
src/providers/ldap/ldap_auth.c \
src/providers/ldap/ldap_common.c \
src/providers/ldap/sdap_async.c \
@@ -1026,6 +1027,7 @@ libsss_ipa_la_SOURCES = \
src/providers/ldap/sdap_async_initgroups.c \
src/providers/ldap/sdap_async_connection.c \
src/providers/ldap/sdap_async_netgroups.c \
+ src/providers/ldap/sdap_async_services.c \
src/providers/ldap/sdap_child_helpers.c \
src/providers/ldap/sdap_fd_events.c \
src/providers/ldap/sdap_id_op.c \
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 00231ddf..07e87bbb 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -29,6 +29,7 @@
#include "providers/ipa/ipa_common.h"
#include "providers/ldap/sdap_async_private.h"
#include "util/sss_krb5.h"
+#include "db/sysdb_services.h"
struct dp_option ipa_basic_opts[] = {
{ "ipa_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
@@ -63,6 +64,7 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_sudo_refresh_enabled", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
{ "ldap_sudo_refresh_timeout", DP_OPT_NUMBER, { .number = 300 }, NULL_NUMBER },
+ { "ldap_service_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING },
{ "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER },
{ "ldap_force_upper_case_realm", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE },
@@ -197,6 +199,14 @@ struct dp_option ipa_def_krb5_opts[] = {
{ "krb5_canonicalize", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }
};
+struct sdap_attr_map ipa_service_map[] = {
+ { "ldap_service_object_class", "ipService", SYSDB_SVC_CLASS, NULL },
+ { "ldap_service_name", "cn", SYSDB_NAME, NULL },
+ { "ldap_service_port", "ipServicePort", SYSDB_SVC_PORT, NULL },
+ { "ldap_service_proto", "ipServiceProtocol", SYSDB_SVC_PROTO, NULL },
+ { "ldap_service_entry_usn", NULL, SYSDB_USN, NULL }
+};
+
int ipa_get_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
@@ -557,6 +567,25 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
}
}
+ if (NULL == dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_SERVICE_SEARCH_BASE)) {
+ ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SERVICE_SEARCH_BASE,
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_SEARCH_BASE));
+ if (ret != EOK) {
+ goto done;
+ }
+
+ DEBUG(6, ("Option %s set to %s\n",
+ ipa_opts->id->basic[SDAP_GROUP_SEARCH_BASE].opt_name,
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_GROUP_SEARCH_BASE)));
+ }
+ ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
+ SDAP_SERVICE_SEARCH_BASE,
+ &ipa_opts->id->service_search_bases);
+ if (ret != EOK) goto done;
+
ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
ipa_attr_map,
SDAP_AT_GENERAL,
@@ -601,6 +630,15 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
+ ret = sdap_get_map(ipa_opts->id,
+ cdb, conf_path,
+ ipa_service_map,
+ IPA_OPTS_HOST,
+ &ipa_opts->id->service_map);
+ if (ret != EOK) {
+ goto done;
+ }
+
ret = EOK;
*_opts = ipa_opts->id;
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 238fdeea..9cbd993f 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,9 @@ struct ipa_service {
/* the following defines are used to keep track of the options in the ldap
* module, so that if they change and ipa is not updated correspondingly
* this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 59
+#define IPA_OPTS_BASIC_TEST 60
+
+#define IPA_OPTS_SVC_TEST 5
/* the following define is used to keep track of the options in the krb5
* module, so that if they change and ipa is not updated correspondingly
diff --git a/src/tests/ipa_ldap_opt-tests.c b/src/tests/ipa_ldap_opt-tests.c
index 574aa091..121a0610 100644
--- a/src/tests/ipa_ldap_opt-tests.c
+++ b/src/tests/ipa_ldap_opt-tests.c
@@ -77,6 +77,7 @@ END_TEST
START_TEST(test_check_num_opts)
{
fail_if(IPA_OPTS_BASIC_TEST != SDAP_OPTS_BASIC);
+ fail_if(IPA_OPTS_SVC_TEST != SDAP_OPTS_SERVICES);
fail_if(IPA_KRB5_OPTS_TEST != KRB5_OPTS);
}
END_TEST