summaryrefslogtreecommitdiff
path: root/src/providers/ldap/sdap_sudo.h
diff options
context:
space:
mode:
authorPavel Březina <pbrezina@redhat.com>2011-11-08 14:42:46 +0100
committerStephen Gallagher <sgallagh@redhat.com>2011-12-16 14:46:17 -0500
commite9eeb4302e0e426c6cc1a4e65b95a6f7066e80b9 (patch)
tree4cdf74a32b28d49f74aaf6460bf1d1903f697828 /src/providers/ldap/sdap_sudo.h
parent4af1d1869d659fec84c518c26844132fa1df8f64 (diff)
downloadsssd-e9eeb4302e0e426c6cc1a4e65b95a6f7066e80b9.tar.gz
sssd-e9eeb4302e0e426c6cc1a4e65b95a6f7066e80b9.tar.bz2
sssd-e9eeb4302e0e426c6cc1a4e65b95a6f7066e80b9.zip
SUDO integration - LDAP provider
Diffstat (limited to 'src/providers/ldap/sdap_sudo.h')
-rw-r--r--src/providers/ldap/sdap_sudo.h47
1 files changed, 47 insertions, 0 deletions
diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h
new file mode 100644
index 00000000..2a8bc8da
--- /dev/null
+++ b/src/providers/ldap/sdap_sudo.h
@@ -0,0 +1,47 @@
+/*
+ Authors:
+ Pavel Březina <pbrezina@redhat.com>
+
+ Copyright (C) 2011 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef _SDAP_SUDO_H_
+#define _SDAP_SUDO_H_
+
+struct sdap_sudo_ctx {
+ struct be_ctx *be_ctx;
+ struct be_req *be_req;
+ struct be_sudo_req *req;
+ struct sdap_id_ctx *sdap_ctx;
+ struct sdap_id_op *sdap_op;
+ struct sdap_id_conn_cache *sdap_conn_cache;
+
+ const char *username;
+ uint_t uid;
+ char **groups;
+};
+
+/* (&(objectClass=sudoRole)(|(cn=defaults)(sudoUser=ALL)%s)) */
+#define SDAP_SUDO_FILTER_USER "(&(objectClass=%s)(|(%s=%s)(%s=ALL)%s))"
+#define SDAP_SUDO_FILTER_ALL "(objectClass=%s)"
+#define SDAP_SUDO_DEFAULTS "defaults"
+
+#define SDAP_SUDO_FILTER_USERNAME "(%s=%s)"
+#define SDAP_SUDO_FILTER_UID "(%s=#%u)"
+#define SDAP_SUDO_FILTER_GROUP "(%s=%%%s)"
+#define SDAP_SUDO_FILTER_NETGROUP "(%s=+%s)"
+
+#endif /* _SDAP_SUDO_H_ */