summaryrefslogtreecommitdiff
path: root/src/providers
diff options
context:
space:
mode:
authorSumit Bose <sbose@redhat.com>2010-09-28 15:43:31 +0200
committerStephen Gallagher <sgallagh@redhat.com>2010-10-13 09:49:38 -0400
commitd9ed57c641b91c9c499a53329d606d5061ed47d1 (patch)
tree7f5c5ac4ff7bfa6d9ae7592a3d667580da2e50aa /src/providers
parent8c64b46e923ec590984325beedb29fcd09aac0e4 (diff)
downloadsssd-d9ed57c641b91c9c499a53329d606d5061ed47d1.tar.gz
sssd-d9ed57c641b91c9c499a53329d606d5061ed47d1.tar.bz2
sssd-d9ed57c641b91c9c499a53329d606d5061ed47d1.zip
Add infrastructure to LDAP provider for netgroup support
Diffstat (limited to 'src/providers')
-rw-r--r--src/providers/ipa/ipa_common.c35
-rw-r--r--src/providers/ipa/ipa_common.h2
-rw-r--r--src/providers/ldap/ldap_common.c40
-rw-r--r--src/providers/ldap/sdap.h13
4 files changed, 86 insertions, 4 deletions
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index dea1a73f..2acd72a6 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -73,7 +73,8 @@ struct dp_option ipa_def_ldap_opts[] = {
{ "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
{ "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING },
{ "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER },
- { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }
+ { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }
};
struct sdap_attr_map ipa_attr_map[] = {
@@ -117,6 +118,15 @@ struct sdap_attr_map ipa_group_map[] = {
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
};
+struct sdap_attr_map ipa_netgroup_map[] = {
+ { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
+ { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL },
+ { "ldap_netgroup_member", "memberNisNetgroup", SYSDB_ORIG_NETGROUP_MEMBER, NULL },
+ { "ldap_netgroup_triple", "nisNetgroupTriple", SYSDB_NETGROUP_TRIPLE, NULL },
+ { "ldap_netgroup_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_netgroup_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
+};
+
struct dp_option ipa_def_krb5_opts[] = {
{ "krb5_kdcip", DP_OPT_STRING, NULL_STRING, NULL_STRING },
{ "krb5_realm", DP_OPT_STRING, NULL_STRING, NULL_STRING },
@@ -334,6 +344,20 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
SDAP_GROUP_SEARCH_BASE)));
}
+ if (NULL == dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_NETGROUP_SEARCH_BASE)) {
+ ret = dp_opt_set_string(ipa_opts->id->basic, SDAP_NETGROUP_SEARCH_BASE,
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_SEARCH_BASE));
+ if (ret != EOK) {
+ goto done;
+ }
+ DEBUG(6, ("Option %s set to %s\n",
+ ipa_opts->id->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
+ dp_opt_get_string(ipa_opts->id->basic,
+ SDAP_NETGROUP_SEARCH_BASE)));
+ }
+
ret = sdap_get_map(ipa_opts->id, cdb, conf_path,
ipa_attr_map,
SDAP_AT_GENERAL,
@@ -360,6 +384,15 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
goto done;
}
+ ret = sdap_get_map(ipa_opts->id,
+ cdb, conf_path,
+ ipa_netgroup_map,
+ SDAP_OPTS_NETGROUP,
+ &ipa_opts->id->netgroup_map);
+ if (ret != EOK) {
+ goto done;
+ }
+
ret = EOK;
*_opts = ipa_opts->id;
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 1638f2a8..144ebf0c 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -35,7 +35,7 @@ struct ipa_service {
/* the following defines are used to keep track of the options in the ldap
* module, so that if they change and ipa is not updated correspondingly
* this will trigger a runtime abort error */
-#define IPA_OPTS_BASIC_TEST 36
+#define IPA_OPTS_BASIC_TEST 37
/* the following define is used to keep track of the options in the krb5
* module, so that if they change and ipa is not updated correspondingly
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index 87fd43a1..6925e694 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -69,7 +69,8 @@ struct dp_option default_basic_opts[] = {
{ "account_cache_expiration", DP_OPT_NUMBER, { .number = 0 }, NULL_NUMBER },
{ "ldap_dns_service_name", DP_OPT_STRING, { SSS_LDAP_SRV_NAME }, NULL_STRING },
{ "ldap_krb5_ticket_lifetime", DP_OPT_NUMBER, { .number = (24 * 60 * 60) }, NULL_NUMBER },
- { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING }
+ { "ldap_access_filter", DP_OPT_STRING, NULL_STRING, NULL_STRING },
+ { "ldap_netgroup_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING },
};
struct sdap_attr_map generic_attr_map[] = {
@@ -161,6 +162,16 @@ struct sdap_attr_map rfc2307bis_group_map[] = {
{ "ldap_group_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
};
+struct sdap_attr_map netgroup_map[] = {
+ { "ldap_netgroup_object_class", "nisNetgroup", SYSDB_NETGROUP_CLASS, NULL },
+ { "ldap_netgroup_name", "cn", SYSDB_NAME, NULL },
+ { "ldap_netgroup_member", "memberNisNetgroup", SYSDB_ORIG_NETGROUP_MEMBER, NULL },
+ { "ldap_netgroup_triple", "nisNetgroupTriple", SYSDB_NETGROUP_TRIPLE, NULL },
+ /* FIXME: this is 389ds specific */
+ { "ldap_netgroup_uuid", "nsUniqueId", SYSDB_UUID, NULL },
+ { "ldap_netgroup_modify_timestamp", "modifyTimestamp", SYSDB_ORIG_MODSTAMP, NULL }
+};
+
int ldap_get_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
@@ -169,6 +180,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
struct sdap_attr_map *default_attr_map;
struct sdap_attr_map *default_user_map;
struct sdap_attr_map *default_group_map;
+ struct sdap_attr_map *default_netgroup_map;
struct sdap_options *opts;
char *schema;
const char *pwd_policy;
@@ -187,7 +199,7 @@ int ldap_get_options(TALLOC_CTX *memctx,
goto done;
}
- /* set user/group search bases if they are not */
+ /* set user/group/netgroup search bases if they are not */
if (NULL == dp_opt_get_string(opts->basic, SDAP_USER_SEARCH_BASE)) {
ret = dp_opt_set_string(opts->basic, SDAP_USER_SEARCH_BASE,
dp_opt_get_string(opts->basic,
@@ -212,6 +224,18 @@ int ldap_get_options(TALLOC_CTX *memctx,
dp_opt_get_string(opts->basic, SDAP_GROUP_SEARCH_BASE)));
}
+ if (NULL == dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE)) {
+ ret = dp_opt_set_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE,
+ dp_opt_get_string(opts->basic,
+ SDAP_SEARCH_BASE));
+ if (ret != EOK) {
+ goto done;
+ }
+ DEBUG(6, ("Option %s set to %s\n",
+ opts->basic[SDAP_NETGROUP_SEARCH_BASE].opt_name,
+ dp_opt_get_string(opts->basic, SDAP_NETGROUP_SEARCH_BASE)));
+ }
+
pwd_policy = dp_opt_get_string(opts->basic, SDAP_PWD_POLICY);
if (pwd_policy == NULL) {
DEBUG(1, ("Missing password policy, this may not happen.\n"));
@@ -287,24 +311,28 @@ int ldap_get_options(TALLOC_CTX *memctx,
default_attr_map = generic_attr_map;
default_user_map = rfc2307_user_map;
default_group_map = rfc2307_group_map;
+ default_netgroup_map = netgroup_map;
} else
if (strcasecmp(schema, "rfc2307bis") == 0) {
opts->schema_type = SDAP_SCHEMA_RFC2307BIS;
default_attr_map = generic_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
+ default_netgroup_map = netgroup_map;
} else
if (strcasecmp(schema, "IPA") == 0) {
opts->schema_type = SDAP_SCHEMA_IPA_V1;
default_attr_map = gen_ipa_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
+ default_netgroup_map = netgroup_map;
} else
if (strcasecmp(schema, "AD") == 0) {
opts->schema_type = SDAP_SCHEMA_AD;
default_attr_map = gen_ad_attr_map;
default_user_map = rfc2307bis_user_map;
default_group_map = rfc2307bis_group_map;
+ default_netgroup_map = netgroup_map;
} else {
DEBUG(0, ("Unrecognized schema type: %s\n", schema));
ret = EINVAL;
@@ -335,6 +363,14 @@ int ldap_get_options(TALLOC_CTX *memctx,
goto done;
}
+ ret = sdap_get_map(opts, cdb, conf_path,
+ default_netgroup_map,
+ SDAP_OPTS_NETGROUP,
+ &opts->netgroup_map);
+ if (ret != EOK) {
+ goto done;
+ }
+
ret = EOK;
*_opts = opts;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 2b4318e6..bb50db8e 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -176,6 +176,7 @@ enum sdap_basic_opt {
SDAP_DNS_SERVICE_NAME,
SDAP_KRB5_TICKET_LIFETIME,
SDAP_ACCESS_FILTER,
+ SDAP_NETGROUP_SEARCH_BASE,
SDAP_OPTS_BASIC /* opts counter */
};
@@ -233,6 +234,17 @@ enum sdap_group_attrs {
SDAP_OPTS_GROUP /* attrs counter */
};
+enum sdap_netgroup_attrs {
+ SDAP_OC_NETGROUP = 0,
+ SDAP_AT_NETGROUP_NAME,
+ SDAP_AT_NETGROUP_MEMBER,
+ SDAP_AT_NETGROUP_TRIPLE,
+ SDAP_AT_NETGROUP_UUID,
+ SDAP_AT_NETGROUP_MODSTAMP,
+
+ SDAP_OPTS_NETGROUP /* attrs counter */
+};
+
struct sdap_attr_map {
const char *opt_name;
const char *def_name;
@@ -245,6 +257,7 @@ struct sdap_options {
struct sdap_attr_map *gen_map;
struct sdap_attr_map *user_map;
struct sdap_attr_map *group_map;
+ struct sdap_attr_map *netgroup_map;
/* supported schema types */
enum schema_type {