diff options
author | Sumit Bose <sbose@redhat.com> | 2010-09-28 15:43:31 +0200 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-10-13 09:49:38 -0400 |
commit | d9ed57c641b91c9c499a53329d606d5061ed47d1 (patch) | |
tree | 7f5c5ac4ff7bfa6d9ae7592a3d667580da2e50aa /src/providers | |
parent | 8c64b46e923ec590984325beedb29fcd09aac0e4 (diff) | |
download | sssd-d9ed57c641b91c9c499a53329d606d5061ed47d1.tar.gz sssd-d9ed57c641b91c9c499a53329d606d5061ed47d1.tar.bz2 sssd-d9ed57c641b91c9c499a53329d606d5061ed47d1.zip |
Add infrastructure to LDAP provider for netgroup support
Diffstat (limited to 'src/providers')
-rw-r--r-- | src/providers/ipa/ipa_common.c | 35 | ||||
-rw-r--r-- | src/providers/ipa/ipa_common.h | 2 | ||||
-rw-r--r-- | src/providers/ldap/ldap_common.c | 40 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 13 |
4 files changed, 86 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c index dea1a73f..2acd72a6 100644 --- a/src/providers/ipa/ipa_common.c +++ b/src/providers/ipa/ipa_common.c @@ -73,7 +73,8 @@ struct dp_option ipa_def_ldap_opts[] = { { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }, { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER }, - { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING } }; struct sdap_attr_map ipa_attr_map[] = { @@ -117,6 +118,15 @@ struct sdap_attr_map ipa_group_map[] = { { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } }; +struct sdap_attr_map ipa_netgroup_map[] = { + { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL }, + { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL }, + { "ldap_netgroup_member", "memberNisNetgroup", SYSDB_ORIG_NETGROUP_MEMBER, NULL }, + { "ldap_netgroup_triple", "nisNetgroupTriple", SYSDB_NETGROUP_TRIPLE, NULL }, + { "ldap_netgroup_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_netgroup_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } +}; + struct dp_option ipa_def_krb5_opts[] = { { "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING }, @@ -334,6 +344,20 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, SDAP_GROUP_SEARCH_BASE))); } + if (NULL == dp_opt_get_string(ipa_opts->id->basic, + SDAP_NETGROUP_SEARCH_BASE)) { + ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE, + dp_opt_get_string(ipa_opts->id->basic, + SDAP_SEARCH_BASE)); + if (ret != EOK) { + goto done; + } + DEBUG(6, ("Option %s set to %s\n", + ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name, + dp_opt_get_string(ipa_opts->id->basic, + SDAP_NETGROUP_SEARCH_BASE))); + } + ret = sdap_get_map(ipa_opts->id, cdb, conf_path, ipa_attr_map, SDAP_AT_GENERAL, @@ -360,6 +384,15 @@ int ipa_get_id_options(struct ipa_options *ipa_opts, goto done; } + ret = sdap_get_map(ipa_opts->id, + cdb, conf_path, + ipa_netgroup_map, + SDAP_OPTS_NETGROUP, + &ipa_opts->id->netgroup_map); + if (ret != EOK) { + goto done; + } + ret = EOK; *_opts = ipa_opts->id; diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h index 1638f2a8..144ebf0c 100644 --- a/src/providers/ipa/ipa_common.h +++ b/src/providers/ipa/ipa_common.h @@ -35,7 +35,7 @@ struct ipa_service { /* the following defines are used to keep track of the options in the ldap * module, so that if they change and ipa is not updated correspondingly * this will trigger a runtime abort error */ -#define IPA_OPTS_BASIC_TEST 36 +#define IPA_OPTS_BASIC_TEST 37 /* the following define is used to keep track of the options in the krb5 * module, so that if they change and ipa is not updated correspondingly diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index 87fd43a1..6925e694 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -69,7 +69,8 @@ struct dp_option default_basic_opts[] = { { "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER }, { "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING }, { "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER }, - { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING } + { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, }; struct sdap_attr_map generic_attr_map[] = { @@ -161,6 +162,16 @@ struct sdap_attr_map rfc2307bis_group_map[] = { { "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } }; +struct sdap_attr_map netgroup_map[] = { + { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL }, + { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL }, + { "ldap_netgroup_member", "memberNisNetgroup", SYSDB_ORIG_NETGROUP_MEMBER, NULL }, + { "ldap_netgroup_triple", "nisNetgroupTriple", SYSDB_NETGROUP_TRIPLE, NULL }, + /* FIXME: this is 389ds specific */ + { "ldap_netgroup_uuid", "nsUniqueId", SYSDB_UUID, NULL }, + { "ldap_netgroup_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL } +}; + int ldap_get_options(TALLOC_CTX *memctx, struct confdb_ctx *cdb, const char *conf_path, @@ -169,6 +180,7 @@ int ldap_get_options(TALLOC_CTX *memctx, struct sdap_attr_map *default_attr_map; struct sdap_attr_map *default_user_map; struct sdap_attr_map *default_group_map; + struct sdap_attr_map *default_netgroup_map; struct sdap_options *opts; char *schema; const char *pwd_policy; @@ -187,7 +199,7 @@ int ldap_get_options(TALLOC_CTX *memctx, goto done; } - /* set user/group search bases if they are not */ + /* set user/group/netgroup search bases if they are not */ if (NULL == dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE)) { ret = dp_opt_set_string(opts->basic, SDAP_USER_SEARCH_BASE, dp_opt_get_string(opts->basic, @@ -212,6 +224,18 @@ int ldap_get_options(TALLOC_CTX *memctx, dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE))); } + if (NULL == dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE)) { + ret = dp_opt_set_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE, + dp_opt_get_string(opts->basic, + SDAP_SEARCH_BASE)); + if (ret != EOK) { + goto done; + } + DEBUG(6, ("Option %s set to %s\n", + opts->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name, + dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE))); + } + pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY); if (pwd_policy == NULL) { DEBUG(1, ("Missing password policy, this may not happen.\n")); @@ -287,24 +311,28 @@ int ldap_get_options(TALLOC_CTX *memctx, default_attr_map = generic_attr_map; default_user_map = rfc2307_user_map; default_group_map = rfc2307_group_map; + default_netgroup_map = netgroup_map; } else if (strcasecmp(schema, "rfc2307bis") == 0) { opts->schema_type = SDAP_SCHEMA_RFC2307BIS; default_attr_map = generic_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; + default_netgroup_map = netgroup_map; } else if (strcasecmp(schema, "IPA") == 0) { opts->schema_type = SDAP_SCHEMA_IPA_V1; default_attr_map = gen_ipa_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; + default_netgroup_map = netgroup_map; } else if (strcasecmp(schema, "AD") == 0) { opts->schema_type = SDAP_SCHEMA_AD; default_attr_map = gen_ad_attr_map; default_user_map = rfc2307bis_user_map; default_group_map = rfc2307bis_group_map; + default_netgroup_map = netgroup_map; } else { DEBUG(0, ("Unrecognized schema type: %s\n", schema)); ret = EINVAL; @@ -335,6 +363,14 @@ int ldap_get_options(TALLOC_CTX *memctx, goto done; } + ret = sdap_get_map(opts, cdb, conf_path, + default_netgroup_map, + SDAP_OPTS_NETGROUP, + &opts->netgroup_map); + if (ret != EOK) { + goto done; + } + ret = EOK; *_opts = opts; diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 2b4318e6..bb50db8e 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -176,6 +176,7 @@ enum sdap_basic_opt { SDAP_DNS_SERVICE_NAME, SDAP_KRB5_TICKET_LIFETIME, SDAP_ACCESS_FILTER, + SDAP_NETGROUP_SEARCH_BASE, SDAP_OPTS_BASIC /* opts counter */ }; @@ -233,6 +234,17 @@ enum sdap_group_attrs { SDAP_OPTS_GROUP /* attrs counter */ }; +enum sdap_netgroup_attrs { + SDAP_OC_NETGROUP = 0, + SDAP_AT_NETGROUP_NAME, + SDAP_AT_NETGROUP_MEMBER, + SDAP_AT_NETGROUP_TRIPLE, + SDAP_AT_NETGROUP_UUID, + SDAP_AT_NETGROUP_MODSTAMP, + + SDAP_OPTS_NETGROUP /* attrs counter */ +}; + struct sdap_attr_map { const char *opt_name; const char *def_name; @@ -245,6 +257,7 @@ struct sdap_options { struct sdap_attr_map *gen_map; struct sdap_attr_map *user_map; struct sdap_attr_map *group_map; + struct sdap_attr_map *netgroup_map; /* supported schema types */ enum schema_type { |