summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJakub Hrozek <jhrozek@redhat.com>2012-02-06 13:28:53 +0100
committerStephen Gallagher <sgallagh@redhat.com>2012-02-07 09:22:45 -0500
commit620033ce66f4827be9d508c77483fab0270d9869 (patch)
treec949e6e0cc2d4cbc2bc417de90e7ea5dcae8d562
parent9715ac17d4abc5cd73d5d672ac0ab32320a17e83 (diff)
downloadsssd-620033ce66f4827be9d508c77483fab0270d9869.tar.gz
sssd-620033ce66f4827be9d508c77483fab0270d9869.tar.bz2
sssd-620033ce66f4827be9d508c77483fab0270d9869.zip
AUTOFS: IPA provider
-rw-r--r--Makefile.am3
-rw-r--r--src/config/SSSDConfig.py1
-rwxr-xr-xsrc/config/SSSDConfigTest.py4
-rw-r--r--src/config/etc/sssd.api.d/sssd-ipa.conf3
-rw-r--r--src/config/etc/sssd.api.d/sssd-ldap.conf3
-rw-r--r--src/man/sssd-ipa.5.xml12
-rw-r--r--src/providers/data_provider_be.c2
-rw-r--r--src/providers/ipa/ipa_autofs.c62
-rw-r--r--src/providers/ipa/ipa_common.c116
-rw-r--r--src/providers/ipa/ipa_common.h14
-rw-r--r--src/providers/ipa/ipa_init.c26
-rw-r--r--src/providers/ldap/ldap_common.h3
-rw-r--r--src/tests/ipa_ldap_opt-tests.c2
13 files changed, 220 insertions, 31 deletions
diff --git a/Makefile.am b/Makefile.am
index 85d99042..c0af34c7 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1187,7 +1187,8 @@ libsss_ipa_la_SOURCES += src/providers/ldap/sdap_sudo_cache.c \
endif
if BUILD_AUTOFS
libsss_ipa_la_SOURCES += src/providers/ldap/sdap_autofs.c \
- src/providers/ldap/sdap_async_autofs.c
+ src/providers/ldap/sdap_async_autofs.c \
+ src/providers/ipa/ipa_autofs.c
endif
if BUILD_SSH
libsss_ipa_la_SOURCES += src/providers/ipa/ipa_hostid.c
diff --git a/src/config/SSSDConfig.py b/src/config/SSSDConfig.py
index 50cc4e29..9fbe6742 100644
--- a/src/config/SSSDConfig.py
+++ b/src/config/SSSDConfig.py
@@ -120,6 +120,7 @@ option_strings = {
'ipa_hbac_refresh' : _("The amount of time between lookups of the HBAC rules against the IPA server"),
'ipa_hbac_treat_deny_as' : _("If DENY rules are present, either DENY_ALL or IGNORE"),
'ipa_hbac_support_srchost' : _("If set to false, host argument given by PAM will be ignored"),
+ 'ipa_automount_location' : _("The automounter location this IPA client is using"),
# [provider/krb5]
'krb5_kdcip' : _('Kerberos server address'),
diff --git a/src/config/SSSDConfigTest.py b/src/config/SSSDConfigTest.py
index bfc89a12..5bad40ed 100755
--- a/src/config/SSSDConfigTest.py
+++ b/src/config/SSSDConfigTest.py
@@ -688,9 +688,9 @@ class SSSDConfigTestSSSDDomain(unittest.TestCase):
domain = SSSDConfig.SSSDDomain('sssd', self.schema)
control_provider_dict = {
- 'ipa': ['id', 'auth', 'access', 'chpass'],
+ 'ipa': ['id', 'auth', 'access', 'chpass', 'autofs' ],
'local': ['id', 'auth', 'chpass'],
- 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo'],
+ 'ldap': ['id', 'auth', 'access', 'chpass', 'sudo', 'autofs'],
'krb5': ['auth', 'access', 'chpass'],
'proxy': ['id', 'auth'],
'simple': ['access'],
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 88c33f8b..3e3384d9 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -125,5 +125,8 @@ ipa_hbac_refresh = int, None, false
ipa_hbac_treat_deny_as = str, None, false
ipa_hbac_support_srchost = bool, None, false
+[provider/ipa/autofs]
+ipa_automount_location = str, None, false
+
[provider/ipa/chpass]
diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf
index 4fa7ed0b..0a5b7f1f 100644
--- a/src/config/etc/sssd.api.d/sssd-ldap.conf
+++ b/src/config/etc/sssd.api.d/sssd-ldap.conf
@@ -129,3 +129,6 @@ ldap_sudorule_runasgroup = str, None, false
ldap_sudorule_notbefore = str, None, false
ldap_sudorule_notafter = str, None, false
ldap_sudorule_order = str, None, false
+
+[provider/ldap/autofs]
+
diff --git a/src/man/sssd-ipa.5.xml b/src/man/sssd-ipa.5.xml
index bddd3db1..b5bd2816 100644
--- a/src/man/sssd-ipa.5.xml
+++ b/src/man/sssd-ipa.5.xml
@@ -303,6 +303,18 @@
</listitem>
</varlistentry>
+ <varlistentry condition="with_autofs">
+ <term>ipa_automount_location (string)</term>
+ <listitem>
+ <para>
+ The automounter location this IPA client will be using
+ </para>
+ <para>
+ Default: The location named "default"
+ </para>
+ </listitem>
+ </varlistentry>
+
<varlistentry>
<term>ipa_netgroup_member_of (string)</term>
<listitem>
diff --git a/src/providers/data_provider_be.c b/src/providers/data_provider_be.c
index a48ba107..992ab310 100644
--- a/src/providers/data_provider_be.c
+++ b/src/providers/data_provider_be.c
@@ -1893,7 +1893,7 @@ int be_process_init(TALLOC_CTX *mem_ctx,
be_domain));
} else {
DEBUG(SSSDBG_TRACE_ALL, ("Session backend target successfully loaded "
- "from provider [%s].\n", ctx->bet_info[BET_SUDO].mod_name));
+ "from provider [%s].\n", ctx->bet_info[BET_SESSION].mod_name));
}
ret = load_backend_module(ctx, BET_HOSTID,
diff --git a/src/providers/ipa/ipa_autofs.c b/src/providers/ipa/ipa_autofs.c
new file mode 100644
index 00000000..f4262590
--- /dev/null
+++ b/src/providers/ipa/ipa_autofs.c
@@ -0,0 +1,62 @@
+/*
+ SSSD
+
+ IPA Provider Initialization functions
+
+ Authors:
+ Simo Sorce <ssorce@redhat.com>
+
+ Copyright (C) 2009 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "util/child_common.h"
+#include "providers/ipa/ipa_common.h"
+#include "providers/krb5/krb5_auth.h"
+#include "providers/ipa/ipa_id.h"
+#include "providers/ipa/ipa_auth.h"
+#include "providers/ipa/ipa_access.h"
+#include "providers/ipa/ipa_dyndns.h"
+#include "providers/ipa/ipa_session.h"
+
+struct bet_ops ipa_autofs_ops = {
+ .handler = sdap_autofs_handler,
+ .finalize = NULL,
+ .check_online = sdap_check_online
+};
+
+int ipa_autofs_init(struct be_ctx *be_ctx,
+ struct ipa_id_ctx *id_ctx,
+ struct bet_ops **ops,
+ void **pvt_data)
+{
+ int ret;
+
+ DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing autofs LDAP back end\n"));
+
+ *ops = &ipa_autofs_ops;
+ *pvt_data = id_ctx->sdap_id_ctx;
+
+ DEBUG(0, ("sleeping\n"));
+
+ ret = ipa_get_autofs_options(id_ctx->ipa_options, be_ctx->cdb,
+ be_ctx->conf_path, &id_ctx->sdap_id_ctx->opts);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get IPA autofs options\n"));
+ return ret;
+ }
+
+ return ret;
+}
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 3620c35d..4fd44836 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -31,6 +31,7 @@
#include "providers/ldap/sdap_async_private.h"
#include "util/sss_krb5.h"
#include "db/sysdb_services.h"
+#include "db/sysdb_autofs.h"
struct dp_option ipa_basic_opts[] = {
{ "ipa_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING },
@@ -44,7 +45,8 @@ struct dp_option ipa_basic_opts[] = {
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING},
{ "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER },
{ "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING },
- { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }
+ { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE },
+ { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING }
};
struct dp_option ipa_def_ldap_opts[] = {
@@ -225,6 +227,17 @@ struct sdap_attr_map ipa_service_map[] = {
{ "ldap_service_entry_usn", NULL, SYSDB_USN, NULL }
};
+struct sdap_attr_map ipa_autofs_mobject_map[] = {
+ { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL },
+ { "ldap_autofs_map_name", "automountMapName", SYSDB_AUTOFS_MAP_NAME, NULL }
+};
+
+struct sdap_attr_map ipa_autofs_entry_map[] = {
+ { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL },
+ { "ldap_autofs_entry_key", "automountKey", SYSDB_AUTOFS_ENTRY_KEY, NULL },
+ { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL },
+};
+
int ipa_get_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
@@ -497,30 +510,6 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
if (ret != EOK) goto done;
if (NULL == dp_opt_get_string(ipa_opts->id->basic,
- SDAP_AUTOFS_SEARCH_BASE)) {
- value = talloc_asprintf(tmpctx, "cn=default,cn=automount,%s", basedn);
- if (!value) {
- ret = ENOMEM;
- goto done;
- }
-
- ret = dp_opt_set_string(ipa_opts->id->basic,
- SDAP_AUTOFS_SEARCH_BASE,
- value);
- if (ret != EOK) {
- goto done;
- }
-
- DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n",
- ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name,
- dp_opt_get_string(ipa_opts->id->basic,
- SDAP_AUTOFS_SEARCH_BASE)));
- }
- ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
- SDAP_AUTOFS_SEARCH_BASE,
- &ipa_opts->id->autofs_search_bases);
-
- if (NULL == dp_opt_get_string(ipa_opts->id->basic,
SDAP_SUDO_SEARCH_BASE)) {
#if 0
ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE,
@@ -1024,3 +1013,80 @@ done:
return ret;
}
+int ipa_get_autofs_options(struct ipa_options *ipa_opts,
+ struct confdb_ctx *cdb,
+ const char *conf_path,
+ struct sdap_options **_opts)
+{
+ TALLOC_CTX *tmp_ctx;
+ char *basedn;
+ char *autofs_base;
+ errno_t ret;
+
+ tmp_ctx = talloc_new(NULL);
+ if (!tmp_ctx) {
+ return ENOMEM;
+ }
+
+ ret = domain_to_basedn(tmp_ctx,
+ dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM),
+ &basedn);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ if (NULL == dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_AUTOFS_SEARCH_BASE)) {
+
+ autofs_base = talloc_asprintf(tmp_ctx, "cn=%s,cn=automount,%s",
+ dp_opt_get_string(ipa_opts->basic,
+ IPA_AUTOMOUNT_LOCATION),
+ basedn);
+ if (!autofs_base) {
+ ret = ENOMEM;
+ goto done;
+ }
+
+ ret = dp_opt_set_string(ipa_opts->id->basic,
+ SDAP_AUTOFS_SEARCH_BASE,
+ autofs_base);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n",
+ ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name,
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_AUTOFS_SEARCH_BASE)));
+ }
+
+ ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic,
+ SDAP_AUTOFS_SEARCH_BASE,
+ &ipa_opts->id->autofs_search_bases);
+
+ ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
+ ipa_autofs_mobject_map,
+ SDAP_OPTS_AUTOFS_MAP,
+ &ipa_opts->id->autofs_mobject_map);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Could not get autofs map object attribute map\n"));
+ return ret;
+ }
+
+ ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
+ ipa_autofs_entry_map,
+ SDAP_OPTS_AUTOFS_ENTRY,
+ &ipa_opts->id->autofs_entry_map);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Could not get autofs entry object attribute map\n"));
+ return ret;
+ }
+
+ *_opts = ipa_opts->id;
+ ret = EOK;
+done:
+ talloc_free(tmp_ctx);
+ return ret;
+}
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 2d0e0e1d..84c726c8 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -39,6 +39,9 @@ struct ipa_service {
#define IPA_OPTS_SVC_TEST 5
+#define IPA_OPTS_AUTOMNTMAP_TEST 2
+#define IPA_OPTS_AUTOMNTENTRY_TEST 3
+
/* the following define is used to keep track of the options in the krb5
* module, so that if they change and ipa is not updated correspondingly
* this will trigger a runtime abort error */
@@ -57,6 +60,7 @@ enum ipa_basic_opt {
IPA_HBAC_REFRESH,
IPA_HBAC_DENY_METHOD,
IPA_HBAC_SUPPORT_SRCHOST,
+ IPA_AUTOMOUNT_LOCATION,
IPA_OPTS_BASIC /* opts counter */
};
@@ -148,6 +152,16 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts,
const char *conf_path,
struct dp_option **_opts);
+int ipa_get_autofs_options(struct ipa_options *ipa_opts,
+ struct confdb_ctx *cdb,
+ const char *conf_path,
+ struct sdap_options **_opts);
+
+int ipa_autofs_init(struct be_ctx *be_ctx,
+ struct ipa_id_ctx *id_ctx,
+ struct bet_ops **ops,
+ void **pvt_data);
+
int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx,
const char *servers,
struct ipa_options *options,
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 1165048b..20745c11 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -180,8 +180,6 @@ int sssm_ipa_id_init(struct be_ctx *bectx,
}
}
-
-
ret = setup_tls_config(sdap_ctx->opts->basic);
if (ret != EOK) {
DEBUG(1, ("setup_tls_config failed [%d][%s].\n",
@@ -484,3 +482,27 @@ done:
return ret;
}
#endif
+
+int sssm_ipa_autofs_init(struct be_ctx *bectx,
+ struct bet_ops **ops,
+ void **pvt_data)
+{
+#ifdef BUILD_AUTOFS
+ struct ipa_id_ctx *id_ctx;
+ int ret;
+
+ DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing IPA autofs handler\n"));
+
+ ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n"));
+ return ret;
+ }
+
+ return ipa_autofs_init(bectx, id_ctx, ops, pvt_data);
+#else
+ DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs init handler called but SSSD is "
+ "built without autofs support, ignoring\n"));
+ return EOK;
+#endif
+}
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index c377bcb6..c9125763 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -89,6 +89,9 @@ void sdap_pam_chpass_handler(struct be_req *breq);
/* access */
void sdap_pam_access_handler(struct be_req *breq);
+/* autofs */
+void sdap_autofs_handler(struct be_req *breq);
+
void sdap_handler_done(struct be_req *req, int dp_err,
int error, const char *errstr);
diff --git a/src/tests/ipa_ldap_opt-tests.c b/src/tests/ipa_ldap_opt-tests.c
index 121a0610..2497c97c 100644
--- a/src/tests/ipa_ldap_opt-tests.c
+++ b/src/tests/ipa_ldap_opt-tests.c
@@ -78,6 +78,8 @@ START_TEST(test_check_num_opts)
{
fail_if(IPA_OPTS_BASIC_TEST != SDAP_OPTS_BASIC);
fail_if(IPA_OPTS_SVC_TEST != SDAP_OPTS_SERVICES);
+ fail_if(IPA_OPTS_AUTOMNTMAP_TEST != SDAP_OPTS_AUTOFS_MAP);
+ fail_if(IPA_OPTS_AUTOMNTENTRY_TEST != SDAP_OPTS_AUTOFS_ENTRY);
fail_if(IPA_KRB5_OPTS_TEST != KRB5_OPTS);
}
END_TEST