diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2012-02-06 13:28:53 +0100 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2012-02-07 09:22:45 -0500 |
| commit | 620033ce66f4827be9d508c77483fab0270d9869 (patch) | |
| tree | c949e6e0cc2d4cbc2bc417de90e7ea5dcae8d562 /src/providers/ipa | |
| parent | 9715ac17d4abc5cd73d5d672ac0ab32320a17e83 (diff) | |
| download | sssd-620033ce66f4827be9d508c77483fab0270d9869.tar.gz sssd-620033ce66f4827be9d508c77483fab0270d9869.tar.bz2 sssd-620033ce66f4827be9d508c77483fab0270d9869.zip | |
AUTOFS: IPA provider
Diffstat (limited to 'src/providers/ipa')
| -rw-r--r-- | src/providers/ipa/ipa_autofs.c | 62 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.c | 116 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_common.h | 14 | ||||
| -rw-r--r-- | src/providers/ipa/ipa_init.c | 26 |
4 files changed, 191 insertions, 27 deletions
diff --git a/src/providers/ipa/ipa_autofs.c b/src/providers/ipa/ipa_autofs.c new file mode 100644 index 00000000..f4262590 --- /dev/null +++ b/src/providers/ipa/ipa_autofs.c @@ -0,0 +1,62 @@ +/* + SSSD + + IPA Provider Initialization functions + + Authors: + Simo Sorce <ssorce@redhat.com> + + Copyright (C) 2009 Red Hat + + This program is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this program. If not, see <http://www.gnu.org/licenses/>. +*/ + +#include "util/child_common.h" +#include "providers/ipa/ipa_common.h" +#include "providers/krb5/krb5_auth.h" +#include "providers/ipa/ipa_id.h" +#include "providers/ipa/ipa_auth.h" +#include "providers/ipa/ipa_access.h" +#include "providers/ipa/ipa_dyndns.h" +#include "providers/ipa/ipa_session.h" + +struct bet_ops ipa_autofs_ops = { + .handler = sdap_autofs_handler, + .finalize = NULL, + .check_online = sdap_check_online +}; + +int ipa_autofs_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data) +{ + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing autofs LDAP back end\n")); + + *ops = &ipa_autofs_ops; + *pvt_data = id_ctx->sdap_id_ctx; + + DEBUG(0, ("sleeping\n")); + + ret = ipa_get_autofs_options(id_ctx->ipa_options, be_ctx->cdb, + be_ctx->conf_path, &id_ctx->sdap_id_ctx->opts); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("Cannot get IPA autofs options\n")); + return ret; + } + + return ret; +} diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index 3620c35d..4fd44836 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -31,6 +31,7 @@ #include "providers/ldap/sdap_async_private.h" #include "util/sss_krb5.h" #include "db/sysdb_services.h" +#include "db/sysdb_autofs.h" struct dp_option ipa_basic_opts[] = { { "ipa_domain", DP_OPT_STRING, NULL_STRING, NULL_STRING }, @@ -44,7 +45,8 @@ struct dp_option ipa_basic_opts[] = { { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING}, { "ipa_hbac_refresh", DP_OPT_NUMBER, { .number = 5 }, NULL_NUMBER }, { "ipa_hbac_treat_deny_as", DP_OPT_STRING, { "DENY_ALL" }, NULL_STRING }, - { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE } + { "ipa_hbac_support_srchost", DP_OPT_BOOL, BOOL_FALSE, BOOL_FALSE }, + { "ipa_automount_location", DP_OPT_STRING, { "default" }, NULL_STRING } }; struct dp_option ipa_def_ldap_opts[] = { @@ -225,6 +227,17 @@ struct sdap_attr_map ipa_service_map[] = { { "ldap_service_entry_usn", NULL, SYSDB_USN, NULL } }; +struct sdap_attr_map ipa_autofs_mobject_map[] = { + { "ldap_autofs_map_object_class", "automountMap", SYSDB_AUTOFS_MAP_OC, NULL }, + { "ldap_autofs_map_name", "automountMapName", SYSDB_AUTOFS_MAP_NAME, NULL } +}; + +struct sdap_attr_map ipa_autofs_entry_map[] = { + { "ldap_autofs_entry_object_class", "automount", SYSDB_AUTOFS_ENTRY_OC, NULL }, + { "ldap_autofs_entry_key", "automountKey", SYSDB_AUTOFS_ENTRY_KEY, NULL }, + { "ldap_autofs_entry_value", "automountInformation", SYSDB_AUTOFS_ENTRY_VALUE, NULL }, +}; + int ipa_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, @@ -497,30 +510,6 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, if (ret != EOK) goto done; if (NULL == dp_opt_get_string(ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE)) { - value = talloc_asprintf(tmpctx, "cn=default,cn=automount,%s", basedn); - if (!value) { - ret = ENOMEM; - goto done; - } - - ret = dp_opt_set_string(ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE, - value); - if (ret != EOK) { - goto done; - } - - DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n", - ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name, - dp_opt_get_string(ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE))); - } - ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, - SDAP_AUTOFS_SEARCH_BASE, - &ipa_opts->id->autofs_search_bases); - - if (NULL == dp_opt_get_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE)) { #if 0 ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_SUDO_SEARCH_BASE, @@ -1024,3 +1013,80 @@ done: return ret; } +int ipa_get_autofs_options(struct ipa_options *ipa_opts, + struct confdb_ctx *cdb, + const char *conf_path, + struct sdap_options **_opts) +{ + TALLOC_CTX *tmp_ctx; + char *basedn; + char *autofs_base; + errno_t ret; + + tmp_ctx = talloc_new(NULL); + if (!tmp_ctx) { + return ENOMEM; + } + + ret = domain_to_basedn(tmp_ctx, + dp_opt_get_string(ipa_opts->basic, IPA_KRB5_REALM), + &basedn); + if (ret != EOK) { + goto done; + } + + if (NULL == dp_opt_get_string(ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE)) { + + autofs_base = talloc_asprintf(tmp_ctx, "cn=%s,cn=automount,%s", + dp_opt_get_string(ipa_opts->basic, + IPA_AUTOMOUNT_LOCATION), + basedn); + if (!autofs_base) { + ret = ENOMEM; + goto done; + } + + ret = dp_opt_set_string(ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE, + autofs_base); + if (ret != EOK) { + goto done; + } + + DEBUG(SSSDBG_TRACE_LIBS, ("Option %s set to %s\n", + ipa_opts->id->basic[SDAP_AUTOFS_SEARCH_BASE].opt_name, + dp_opt_get_string(ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE))); + } + + ret = sdap_parse_search_base(ipa_opts->id, ipa_opts->id->basic, + SDAP_AUTOFS_SEARCH_BASE, + &ipa_opts->id->autofs_search_bases); + + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, + ipa_autofs_mobject_map, + SDAP_OPTS_AUTOFS_MAP, + &ipa_opts->id->autofs_mobject_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not get autofs map object attribute map\n")); + return ret; + } + + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, + ipa_autofs_entry_map, + SDAP_OPTS_AUTOFS_ENTRY, + &ipa_opts->id->autofs_entry_map); + if (ret != EOK) { + DEBUG(SSSDBG_OP_FAILURE, + ("Could not get autofs entry object attribute map\n")); + return ret; + } + + *_opts = ipa_opts->id; + ret = EOK; +done: + talloc_free(tmp_ctx); + return ret; +} diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 2d0e0e1d..84c726c8 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -39,6 +39,9 @@ struct ipa_service { #define IPA_OPTS_SVC_TEST 5 +#define IPA_OPTS_AUTOMNTMAP_TEST 2 +#define IPA_OPTS_AUTOMNTENTRY_TEST 3 + /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ @@ -57,6 +60,7 @@ enum ipa_basic_opt { IPA_HBAC_REFRESH, IPA_HBAC_DENY_METHOD, IPA_HBAC_SUPPORT_SRCHOST, + IPA_AUTOMOUNT_LOCATION, IPA_OPTS_BASIC /* opts counter */ }; @@ -148,6 +152,16 @@ int ipa_get_auth_options(struct ipa_options *ipa_opts, const char *conf_path, struct dp_option **_opts); +int ipa_get_autofs_options(struct ipa_options *ipa_opts, + struct confdb_ctx *cdb, + const char *conf_path, + struct sdap_options **_opts); + +int ipa_autofs_init(struct be_ctx *be_ctx, + struct ipa_id_ctx *id_ctx, + struct bet_ops **ops, + void **pvt_data); + int ipa_service_init(TALLOC_CTX *memctx, struct be_ctx *ctx, const char *servers, struct ipa_options *options, diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c index 1165048b..20745c11 100644 --- a/src/providers/ipa/ipa_init.c +++ b/src/providers/ipa/ipa_init.c @@ -180,8 +180,6 @@ int sssm_ipa_id_init(struct be_ctx *bectx, } } - - ret = setup_tls_config(sdap_ctx->opts->basic); if (ret != EOK) { DEBUG(1, ("setup_tls_config failed [%d][%s].\n", @@ -484,3 +482,27 @@ done: return ret; } #endif + +int sssm_ipa_autofs_init(struct be_ctx *bectx, + struct bet_ops **ops, + void **pvt_data) +{ +#ifdef BUILD_AUTOFS + struct ipa_id_ctx *id_ctx; + int ret; + + DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing IPA autofs handler\n")); + + ret = sssm_ipa_id_init(bectx, ops, (void **) &id_ctx); + if (ret != EOK) { + DEBUG(SSSDBG_CRIT_FAILURE, ("sssm_ipa_id_init failed.\n")); + return ret; + } + + return ipa_autofs_init(bectx, id_ctx, ops, pvt_data); +#else + DEBUG(SSSDBG_MINOR_FAILURE, ("Autofs init handler called but SSSD is " + "built without autofs support, ignoring\n")); + return EOK; +#endif +} |