summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--src/config/etc/sssd.api.d/sssd-ipa.conf20
-rw-r--r--src/db/sysdb.h4
-rw-r--r--src/providers/ipa/ipa_access.c24
-rw-r--r--src/providers/ipa/ipa_access.h3
-rw-r--r--src/providers/ipa/ipa_common.c52
-rw-r--r--src/providers/ipa/ipa_common.h17
-rw-r--r--src/providers/ipa/ipa_hbac_hosts.c6
-rw-r--r--src/providers/ipa/ipa_hbac_private.h6
-rw-r--r--src/providers/ipa/ipa_hostid.c13
-rw-r--r--src/providers/ipa/ipa_hostid.h2
-rw-r--r--src/providers/ipa/ipa_hosts.c101
-rw-r--r--src/providers/ipa/ipa_hosts.h6
-rw-r--r--src/providers/ipa/ipa_init.c10
-rw-r--r--src/providers/ipa/ipa_netgroups.c6
-rw-r--r--src/providers/ipa/ipa_selinux_maps.c11
-rw-r--r--src/providers/ipa/ipa_selinux_maps.h1
-rw-r--r--src/providers/ipa/ipa_session.c26
-rw-r--r--src/providers/ldap/sdap.h2
18 files changed, 156 insertions, 154 deletions
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
index 3e3384d9..6ed92eab 100644
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
@@ -124,9 +124,29 @@ krb5_fast_principal = str, None, false
ipa_hbac_refresh = int, None, false
ipa_hbac_treat_deny_as = str, None, false
ipa_hbac_support_srchost = bool, None, false
+ipa_host_object_class = str, None, false
+ipa_host_name = str, None, false
+ipa_host_fqdn = str, None, false
+ipa_host_serverhostname = str, None, false
+ipa_host_member_of = str, None, false
+ipa_host_ssh_public_key = str, None, false
+ipa_host_uuid = str, None, false
+ipa_hostgroup_objectclass = str, None, false
+ipa_hostgroup_name = str, None, false
+ipa_hostgroup_member = str, None, false
+ipa_hostgroup_memberof = str, None, false
+ipa_hostgroup_uuid = str, None, false
[provider/ipa/autofs]
ipa_automount_location = str, None, false
[provider/ipa/chpass]
+[provider/ipa/session]
+ipa_host_object_class = str, None, false
+ipa_host_name = str, None, false
+ipa_host_fqdn = str, None, false
+ipa_host_serverhostname = str, None, false
+ipa_host_member_of = str, None, false
+ipa_host_ssh_public_key = str, None, false
+ipa_host_uuid = str, None, false
diff --git a/src/db/sysdb.h b/src/db/sysdb.h
index e9a89606..a9d4b0f8 100644
--- a/src/db/sysdb.h
+++ b/src/db/sysdb.h
@@ -45,6 +45,7 @@
#define SYSDB_GROUP_CLASS "group"
#define SYSDB_NETGROUP_CLASS "netgroup"
#define SYSDB_HOST_CLASS "host"
+#define SYSDB_HOSTGROUP_CLASS "hostgroup"
#define SYSDB_SELINUX_USERMAP_CLASS "selinuxusermap"
#define SYSDB_SELINUX_CLASS "selinux"
@@ -95,6 +96,9 @@
#define SYSDB_NETGROUP_MEMBER "memberNisNetgroup"
#define SYSDB_DESCRIPTION "description"
+#define SYSDB_FQDN "fqdn"
+#define SYSDB_SERVERHOSTNAME "serverHostname"
+
#define SYSDB_SELINUX_SEEALSO "seeAlso"
#define SYSDB_SELINUX_USER "selinuxUser"
#define SYSDB_SELINUX_ENABLED "enabled"
diff --git a/src/providers/ipa/ipa_access.c b/src/providers/ipa/ipa_access.c
index 1eed86c3..523bba25 100644
--- a/src/providers/ipa/ipa_access.c
+++ b/src/providers/ipa/ipa_access.c
@@ -272,20 +272,6 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx)
const char *hostname;
struct tevent_req *req;
- hbac_ctx->host_attrs = talloc_array(hbac_ctx, const char *, 8);
- if (hbac_ctx->host_attrs == NULL) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Failed to allocate host attribute list.\n"));
- return ENOMEM;
- }
- hbac_ctx->host_attrs[0] = "objectClass";
- hbac_ctx->host_attrs[1] = IPA_HOST_SERVERHOSTNAME;
- hbac_ctx->host_attrs[2] = IPA_HOST_FQDN;
- hbac_ctx->host_attrs[3] = IPA_UNIQUE_ID;
- hbac_ctx->host_attrs[4] = IPA_MEMBER;
- hbac_ctx->host_attrs[5] = IPA_MEMBEROF;
- hbac_ctx->host_attrs[6] = IPA_CN;
- hbac_ctx->host_attrs[7] = NULL;
-
if (dp_opt_get_bool(hbac_ctx->ipa_options, IPA_HBAC_SUPPORT_SRCHOST)) {
/* Support srchost
* -> we don't want any particular host,
@@ -301,7 +287,9 @@ static int hbac_get_host_info_step(struct hbac_ctx *hbac_ctx)
hbac_ctx_sysdb(hbac_ctx),
sdap_id_op_handle(hbac_ctx->sdap_op),
hbac_ctx_sdap_id_ctx(hbac_ctx)->opts,
- hostname, hbac_ctx->host_attrs, NULL, 0, true,
+ hostname,
+ hbac_ctx->access_ctx->host_map,
+ hbac_ctx->access_ctx->hostgroup_map,
hbac_ctx->access_ctx->host_search_bases);
if (req == NULL) {
DEBUG(1, ("Could not get host info\n"));
@@ -375,7 +363,7 @@ static void hbac_get_rule_info_step(struct tevent_req *req)
for (i = 0; i < hbac_ctx->host_count; i++) {
ret = sysdb_attrs_get_string(hbac_ctx->hosts[i],
- IPA_HOST_FQDN,
+ SYSDB_FQDN,
&hostname);
if (ret != EOK) {
DEBUG(1, ("Could not locate IPA host\n"));
@@ -480,9 +468,9 @@ static void hbac_sysdb_save(struct tevent_req *req)
/* Save the hosts */
ret = ipa_hbac_sysdb_save(sysdb, domain,
- HBAC_HOSTS_SUBDIR, IPA_HOST_FQDN,
+ HBAC_HOSTS_SUBDIR, SYSDB_FQDN,
hbac_ctx->host_count, hbac_ctx->hosts,
- HBAC_HOSTGROUPS_SUBDIR, IPA_CN,
+ HBAC_HOSTGROUPS_SUBDIR, SYSDB_NAME,
hbac_ctx->hostgroup_count,
hbac_ctx->hostgroups);
if (ret != EOK) {
diff --git a/src/providers/ipa/ipa_access.h b/src/providers/ipa/ipa_access.h
index ddfb2cf5..f6b08af3 100644
--- a/src/providers/ipa/ipa_access.h
+++ b/src/providers/ipa/ipa_access.h
@@ -38,6 +38,8 @@ struct ipa_access_ctx {
struct time_rules_ctx *tr_ctx;
time_t last_update;
+ struct sdap_attr_map *host_map;
+ struct sdap_attr_map *hostgroup_map;
struct sdap_search_base **host_search_bases;
struct sdap_search_base **hbac_search_bases;
};
@@ -54,7 +56,6 @@ struct hbac_ctx {
struct sdap_search_base **search_bases;
/* Hosts */
- const char **host_attrs;
size_t host_count;
struct sysdb_attrs **hosts;
size_t hostgroup_count;
diff --git a/src/providers/ipa/ipa_common.c b/src/providers/ipa/ipa_common.c
index 8307f6ab..fc909dee 100644
--- a/src/providers/ipa/ipa_common.c
+++ b/src/providers/ipa/ipa_common.c
@@ -183,22 +183,33 @@ struct sdap_attr_map ipa_netgroup_map[] = {
struct sdap_attr_map ipa_host_map[] = {
{ "ipa_host_object_class", "ipaHost", SYSDB_HOST_CLASS, NULL },
- { "ipa_host_fqdn", "fqdn", SYSDB_NAME, NULL },
- { "ipa_host_member_of", "memberOf", SYSDB_MEMBEROF, NULL },
- { "ipa_host_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL }
+ { "ipa_host_name", "cn", SYSDB_NAME, NULL },
+ { "ipa_host_fqdn", "fqdn", SYSDB_FQDN, NULL },
+ { "ipa_host_serverhostname", "serverHostname", SYSDB_SERVERHOSTNAME, NULL },
+ { "ipa_host_member_of", "memberOf", SYSDB_ORIG_MEMBEROF, NULL },
+ { "ipa_host_ssh_public_key", "ipaSshPubKey", SYSDB_SSH_PUBKEY, NULL },
+ { "ipa_host_uuid", "ipaUniqueID", SYSDB_UUID, NULL}
+};
+
+static struct sdap_attr_map ipa_hostgroup_map[] = {
+ { "ipa_hostgroup_objectclass", "ipaHostgroup", SYSDB_HOSTGROUP_CLASS, NULL},
+ { "ipa_hostgroup_name", "cn", SYSDB_NAME, NULL},
+ { "ipa_hostgroup_member", "member", SYSDB_MEMBER, NULL},
+ { "ipa_hostgroup_memberof", "memberOf", SYSDB_ORIG_MEMBEROF, NULL},
+ { "ipa_hostgroup_uuid", "ipaUniqueID", SYSDB_UUID, NULL}
};
static struct sdap_attr_map ipa_selinux_user_map[] = {
- {"ipa_selinux_usermap_object_class", "ipaselinuxusermap", SYSDB_SELINUX_USERMAP_CLASS, NULL},
- {"ipa_selinux_usermap_name", "cn", SYSDB_NAME, NULL},
- {"ipa_selinux_usermap_member_user", "memberUser", SYSDB_ORIG_MEMBER_USER, NULL},
- {"ipa_selinux_usermap_member_host", "memberHost", SYSDB_ORIG_MEMBER_HOST, NULL},
- {"ipa_selinux_usermap_see_also", "seeAlso", SYSDB_SELINUX_SEEALSO, NULL},
- {"ipa_selinux_usermap_selinux_user", "ipaSELinuxUser", SYSDB_SELINUX_USER, NULL},
- {"ipa_selinux_usermap_enabled", "ipaEnabledFlag", SYSDB_SELINUX_ENABLED, NULL},
- {"ipa_selinux_usermap_user_category", "userCategory", SYSDB_USER_CATEGORY, NULL},
- {"ipa_selinux_usermap_host_category", "hostCategory", SYSDB_HOST_CATEGORY, NULL},
- {"ipa_selinux_usermap_uuid", "ipaUniqueID", SYSDB_UUID, NULL}
+ { "ipa_selinux_usermap_object_class", "ipaselinuxusermap", SYSDB_SELINUX_USERMAP_CLASS, NULL},
+ { "ipa_selinux_usermap_name", "cn", SYSDB_NAME, NULL},
+ { "ipa_selinux_usermap_member_user", "memberUser", SYSDB_ORIG_MEMBER_USER, NULL},
+ { "ipa_selinux_usermap_member_host", "memberHost", SYSDB_ORIG_MEMBER_HOST, NULL},
+ { "ipa_selinux_usermap_see_also", "seeAlso", SYSDB_SELINUX_SEEALSO, NULL},
+ { "ipa_selinux_usermap_selinux_user", "ipaSELinuxUser", SYSDB_SELINUX_USER, NULL},
+ { "ipa_selinux_usermap_enabled", "ipaEnabledFlag", SYSDB_SELINUX_ENABLED, NULL},
+ { "ipa_selinux_usermap_user_category", "userCategory", SYSDB_USER_CATEGORY, NULL},
+ { "ipa_selinux_usermap_host_category", "hostCategory", SYSDB_HOST_CATEGORY, NULL},
+ { "ipa_selinux_usermap_uuid", "ipaUniqueID", SYSDB_UUID, NULL}
};
struct dp_option ipa_def_krb5_opts[] = {
@@ -737,7 +748,16 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
cdb, conf_path,
ipa_host_map,
IPA_OPTS_HOST,
- &ipa_opts->id->host_map);
+ &ipa_opts->host_map);
+ if (ret != EOK) {
+ goto done;
+ }
+
+ ret = sdap_get_map(ipa_opts->id,
+ cdb, conf_path,
+ ipa_hostgroup_map,
+ IPA_OPTS_HOSTGROUP,
+ &ipa_opts->hostgroup_map);
if (ret != EOK) {
goto done;
}
@@ -745,7 +765,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
ret = sdap_get_map(ipa_opts->id,
cdb, conf_path,
ipa_service_map,
- IPA_OPTS_HOST,
+ SDAP_OPTS_SERVICES,
&ipa_opts->id->service_map);
if (ret != EOK) {
goto done;
@@ -755,7 +775,7 @@ int ipa_get_id_options(struct ipa_options *ipa_opts,
cdb, conf_path,
ipa_selinux_user_map,
IPA_OPTS_SELINUX_USERMAP,
- &ipa_opts->id->selinuxuser_map);
+ &ipa_opts->selinuxuser_map);
if (ret != EOK) {
goto done;
}
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
index 84c726c8..26a6f9d9 100644
--- a/src/providers/ipa/ipa_common.h
+++ b/src/providers/ipa/ipa_common.h
@@ -81,13 +81,26 @@ enum ipa_netgroup_attrs {
enum ipa_host_attrs {
IPA_OC_HOST = 0,
+ IPA_AT_HOST_NAME,
IPA_AT_HOST_FQDN,
+ IPA_AT_HOST_SERVERHOSTNAME,
IPA_AT_HOST_MEMBER_OF,
IPA_AT_HOST_SSH_PUBLIC_KEY,
+ IPA_AT_HOST_UUID,
IPA_OPTS_HOST /* attrs counter */
};
+enum ipa_hostgroup_attrs {
+ IPA_OC_HOSTGROUP = 0,
+ IPA_AT_HOSTGROUP_NAME,
+ IPA_AT_HOSTGROUP_MEMBER,
+ IPA_AT_HOSTGROUP_MEMBER_OF,
+ IPA_AT_HOSTGROUP_UUID,
+
+ IPA_OPTS_HOSTGROUP /* attrs counter */
+};
+
enum ipa_selinux_usermap_attrs {
IPA_OC_SELINUX_USERMAP = 0,
IPA_AT_SELINUX_USERMAP_NAME,
@@ -118,6 +131,10 @@ struct ipa_id_ctx {
struct ipa_options {
struct dp_option *basic;
+ struct sdap_attr_map *host_map;
+ struct sdap_attr_map *hostgroup_map;
+ struct sdap_attr_map *selinuxuser_map;
+
struct sdap_search_base **host_search_bases;
struct sdap_search_base **hbac_search_bases;
struct sdap_search_base **selinux_search_bases;
diff --git a/src/providers/ipa/ipa_hbac_hosts.c b/src/providers/ipa/ipa_hbac_hosts.c
index 1626f178..23f7816b 100644
--- a/src/providers/ipa/ipa_hbac_hosts.c
+++ b/src/providers/ipa/ipa_hbac_hosts.c
@@ -40,7 +40,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
errno_t ret;
TALLOC_CTX *tmp_ctx;
struct hbac_rule_element *new_hosts;
- const char *attrs[] = { IPA_HOST_FQDN, IPA_CN, NULL };
+ const char *attrs[] = { SYSDB_FQDN, SYSDB_NAME, NULL };
struct ldb_message_element *el;
size_t num_hosts = 0;
size_t num_hostgroups = 0;
@@ -131,7 +131,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
/* Original DN matched a single host. Get the hostname */
name = ldb_msg_find_attr_as_string(msgs[0],
- IPA_HOST_FQDN,
+ SYSDB_FQDN,
NULL);
if (name == NULL) {
DEBUG(1, ("FQDN is missing!\n"));
@@ -167,7 +167,7 @@ static errno_t hbac_host_attrs_to_rule(TALLOC_CTX *mem_ctx,
}
/* Original DN matched a single group. Get the groupname */
- name = ldb_msg_find_attr_as_string(msgs[0], IPA_CN, NULL);
+ name = ldb_msg_find_attr_as_string(msgs[0], SYSDB_NAME, NULL);
if (name == NULL) {
DEBUG(1, ("Hostgroup name is missing!\n"));
ret = EFAULT;
diff --git a/src/providers/ipa/ipa_hbac_private.h b/src/providers/ipa/ipa_hbac_private.h
index acf56715..bb1ea4ec 100644
--- a/src/providers/ipa/ipa_hbac_private.h
+++ b/src/providers/ipa/ipa_hbac_private.h
@@ -28,14 +28,9 @@
#define IPA_HBAC_RULE "ipaHBACRule"
-#define IPA_HOST "ipaHost"
-#define IPA_HOSTGROUP "ipaHostGroup"
-
#define IPA_HBAC_SERVICE "ipaHBACService"
#define IPA_HBAC_SERVICE_GROUP "ipaHBACServiceGroup"
-#define IPA_HOST_SERVERHOSTNAME "serverHostName"
-#define IPA_HOST_FQDN "fqdn"
#define IPA_UNIQUE_ID "ipauniqueid"
#define IPA_MEMBER "member"
@@ -61,7 +56,6 @@
#define IPA_SERVICE_CATEGORY "serviceCategory"
#define IPA_TRUE_VALUE "TRUE"
-#define IPA_HOST_BASE_TMPL "cn=computers,cn=accounts,%s"
#define IPA_HBAC_BASE_TMPL "cn=hbac,%s"
#define IPA_SERVICES_BASE_TMPL "cn=hbacservices,cn=accounts,%s"
diff --git a/src/providers/ipa/ipa_hostid.c b/src/providers/ipa/ipa_hostid.c
index 873cc529..6121f15a 100644
--- a/src/providers/ipa/ipa_hostid.c
+++ b/src/providers/ipa/ipa_hostid.c
@@ -33,7 +33,6 @@ struct hosts_get_state {
struct sysdb_ctx *sysdb;
struct sss_domain_info *domain;
const char *name;
- const char **attrs;
size_t count;
struct sysdb_attrs **hosts;
@@ -176,11 +175,6 @@ hosts_get_send(TALLOC_CTX *memctx,
state->domain = ctx->be->domain;
state->name = name;
- /* TODO: handle attrs_type */
- ret = build_attrs_from_map(state, ctx->opts->host_map,
- IPA_OPTS_HOST, &state->attrs);
- if (ret != EOK) goto fail;
-
ret = hosts_get_retry(req);
if (ret != EOK) {
goto fail;
@@ -220,7 +214,6 @@ hosts_get_connect_done(struct tevent_req *subreq)
struct hosts_get_state);
int dp_error = DP_ERR_FATAL;
errno_t ret;
- struct sdap_id_ctx *ctx = state->ctx->sdap_id_ctx;
ret = sdap_id_op_connect_recv(subreq, &dp_error);
talloc_zfree(subreq);
@@ -233,9 +226,9 @@ hosts_get_connect_done(struct tevent_req *subreq)
subreq = ipa_host_info_send(state, state->ev, state->sysdb,
sdap_id_op_handle(state->op),
- ctx->opts, state->name,
- state->attrs, ctx->opts->host_map,
- IPA_OPTS_HOST, false,
+ state->ctx->sdap_id_ctx->opts, state->name,
+ state->ctx->ipa_opts->host_map,
+ state->ctx->ipa_opts->hostgroup_map,
state->ctx->host_search_bases);
if (!subreq) {
tevent_req_error(req, ENOMEM);
diff --git a/src/providers/ipa/ipa_hostid.h b/src/providers/ipa/ipa_hostid.h
index 40ad6bc4..f88c2a21 100644
--- a/src/providers/ipa/ipa_hostid.h
+++ b/src/providers/ipa/ipa_hostid.h
@@ -23,7 +23,7 @@
struct ipa_hostid_ctx {
struct sdap_id_ctx *sdap_id_ctx;
- struct dp_option *ipa_options;
+ struct ipa_options *ipa_opts;
struct sdap_search_base **host_search_bases;
};
diff --git a/src/providers/ipa/ipa_hosts.c b/src/providers/ipa/ipa_hosts.c
index 5e41c1ee..b8982054 100644
--- a/src/providers/ipa/ipa_hosts.c
+++ b/src/providers/ipa/ipa_hosts.c
@@ -24,8 +24,7 @@
#include "db/sysdb.h"
#include "providers/ldap/sdap_async.h"
#include "providers/ipa/ipa_hosts.h"
-/* FIXME: this is temporary, use proper map instead */
-#include "providers/ipa/ipa_hbac_private.h"
+#include "providers/ipa/ipa_common.h"
struct ipa_host_state {
struct tevent_context *ev;
@@ -33,8 +32,8 @@ struct ipa_host_state {
struct sdap_handle *sh;
struct sdap_options *opts;
const char **attrs;
- struct sdap_attr_map *map;
- int map_num_attrs;
+ struct sdap_attr_map *host_map;
+ struct sdap_attr_map *hostgroup_map;
struct sdap_search_base **search_bases;
int search_base_iter;
@@ -48,19 +47,9 @@ struct ipa_host_state {
size_t host_count;
struct sysdb_attrs **hosts;
- bool fetch_hostgroups;
size_t hostgroup_count;
struct sysdb_attrs **hostgroups;
- struct sdap_attr_map_info *hostgroup_map;
-};
-
-#define HOSTGROUP_MAP_ATTRS_COUNT 5
-static struct sdap_attr_map hostgroup_map[] = {
- {"objectclass", "ipahostgroup", "hostgroup", NULL},
- {"name_attr", IPA_CN, IPA_CN, NULL},
- {"member", IPA_MEMBER, SYSDB_ORIG_MEMBER, NULL},
- {"memberof", IPA_MEMBEROF, SYSDB_ORIG_MEMBEROF, NULL},
- {"ipa_id", IPA_UNIQUE_ID, IPA_UNIQUE_ID, NULL}
+ struct sdap_attr_map_info *ipa_hostgroup_map;
};
static void
@@ -76,6 +65,12 @@ static errno_t
ipa_hostgroup_info_next(struct tevent_req *req,
struct ipa_host_state *state);
+/**
+ * hostname == NULL -> look up all hosts / host groups
+ * hostname != NULL -> look up only given host and groups
+ * it's member of
+ * hostgroup_map == NULL -> skip looking up hostgroups
+ */
struct tevent_req *
ipa_host_info_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
@@ -83,10 +78,8 @@ ipa_host_info_send(TALLOC_CTX *mem_ctx,
struct sdap_handle *sh,
struct sdap_options *opts,
const char *hostname,
- const char **attrs,
- struct sdap_attr_map *map,
- int map_num_attrs,
- bool fetch_hostgroups,
+ struct sdap_attr_map *host_map,
+ struct sdap_attr_map *hostgroup_map,
struct sdap_search_base **search_bases)
{
errno_t ret;
@@ -106,17 +99,22 @@ ipa_host_info_send(TALLOC_CTX *mem_ctx,
state->search_bases = search_bases;
state->search_base_iter = 0;
state->cur_filter = NULL;
- state->attrs = attrs;
- state->map = map;
- state->map_num_attrs = map_num_attrs;
- state->fetch_hostgroups = fetch_hostgroups;
+ state->host_map = host_map;
+ state->hostgroup_map = hostgroup_map;
+
+ ret = build_attrs_from_map(state, host_map, IPA_OPTS_HOST, &state->attrs);
+ if (ret != EOK) {
+ goto immediate;
+ }
if (hostname == NULL) {
state->host_filter = talloc_asprintf(state, "(objectClass=%s)",
- IPA_HOST);
+ host_map[IPA_OC_HOST].name);
} else {
state->host_filter = talloc_asprintf(state, "(&(objectClass=%s)(%s=%s))",
- IPA_HOST, IPA_HOST_FQDN, hostname);
+ host_map[IPA_OC_HOST].name,
+ host_map[IPA_AT_HOST_FQDN].name,
+ hostname);
}
if (state->host_filter == NULL) {
ret = ENOMEM;
@@ -166,8 +164,8 @@ static errno_t ipa_host_info_next(struct tevent_req *req,
subreq = sdap_get_generic_send(state, state->ev, state->opts,
state->sh, base->basedn,
base->scope, state->cur_filter,
- state->attrs, state->map,
- state->map_num_attrs,
+ state->attrs, state->host_map,
+ IPA_OPTS_HOST,
dp_opt_get_int(state->opts->basic,
SDAP_ENUM_SEARCH_TIMEOUT),
true);
@@ -190,7 +188,6 @@ ipa_host_info_done(struct tevent_req *subreq)
struct ipa_host_state *state =
tevent_req_data(req, struct ipa_host_state);
const char *host_dn;
- int i;
ret = sdap_get_generic_recv(subreq, state,
&state->host_count,
@@ -213,34 +210,20 @@ ipa_host_info_done(struct tevent_req *subreq)
return;
}
- ret = replace_attribute_name(IPA_MEMBEROF, SYSDB_ORIG_MEMBEROF,
- state->host_count,
- state->hosts);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("Could not replace attribute names\n"));
- tevent_req_error(req, ret);
- return;
- }
-
- /* Complete the map */
- for (i = 0; i < HOSTGROUP_MAP_ATTRS_COUNT; i++) {
- /* These are allocated on the state, so the next time they'll
- * have to be allocated again
- */
- hostgroup_map[i].name = talloc_strdup(state,
- hostgroup_map[i].def_name);
- if (hostgroup_map[i].name == NULL) {
+ if (state->hostgroup_map) {
+ talloc_free(state->attrs);
+ ret = build_attrs_from_map(state, state->hostgroup_map,
+ IPA_OPTS_HOSTGROUP, &state->attrs);
+ if (ret != EOK) {
tevent_req_error(req, ret);
return;
}
- }
- if (state->fetch_hostgroups) {
/* Look up host groups */
if (state->hostname == NULL) {
talloc_zfree(state->host_filter);
state->host_filter = talloc_asprintf(state, "(objectClass=%s)",
- IPA_HOSTGROUP);
+ state->hostgroup_map[IPA_OC_HOSTGROUP].name);
if (state->host_filter == NULL) {
tevent_req_error(req, ENOMEM);
return;
@@ -257,13 +240,13 @@ ipa_host_info_done(struct tevent_req *subreq)
return;
}
} else {
- state->hostgroup_map = talloc_zero(state, struct sdap_attr_map_info);
- if (state->hostgroup_map == NULL) {
+ state->ipa_hostgroup_map = talloc_zero(state, struct sdap_attr_map_info);
+ if (state->ipa_hostgroup_map == NULL) {
tevent_req_error(req, ENOMEM);
return;
}
- state->hostgroup_map->map = hostgroup_map;
- state->hostgroup_map->num_attrs = HOSTGROUP_MAP_ATTRS_COUNT;
+ state->ipa_hostgroup_map->map = state->hostgroup_map;
+ state->ipa_hostgroup_map->num_attrs = IPA_OPTS_HOSTGROUP;
ret = sysdb_attrs_get_string(state->hosts[0], SYSDB_ORIG_DN, &host_dn);
if (ret != EOK) {
@@ -272,8 +255,10 @@ ipa_host_info_done(struct tevent_req *subreq)
}
subreq = sdap_deref_search_send(state, state->ev, state->opts, state->sh,
- host_dn, IPA_MEMBEROF, state->attrs,
- 1, state->hostgroup_map,
+ host_dn,
+ state->hostgroup_map[IPA_AT_HOSTGROUP_MEMBER_OF].name,
+ state->attrs,
+ 1, state->ipa_hostgroup_map,
dp_opt_get_int(state->opts->basic,
SDAP_ENUM_SEARCH_TIMEOUT));
if (subreq == NULL) {
@@ -309,8 +294,9 @@ static errno_t ipa_hostgroup_info_next(struct tevent_req *req,
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
base->basedn, base->scope,
- state->cur_filter, state->attrs, hostgroup_map,
- HOSTGROUP_MAP_ATTRS_COUNT,
+ state->cur_filter, state->attrs,
+ state->hostgroup_map,
+ IPA_OPTS_HOSTGROUP,
dp_opt_get_int(state->opts->basic,
SDAP_ENUM_SEARCH_TIMEOUT),
true);
@@ -409,7 +395,8 @@ ipa_hostgroup_info_done(struct tevent_req *subreq)
}
ret = sysdb_attrs_get_string(deref_result[i]->attrs,
- IPA_CN, &hostgroup_name);
+ state->hostgroup_map[IPA_AT_HOSTGROUP_NAME].sys_name,
+ &hostgroup_name);
if (ret != EOK) goto done;
DEBUG(SSSDBG_FUNC_DATA, ("Dereferenced host group: %s\n",
diff --git a/src/providers/ipa/ipa_hosts.h b/src/providers/ipa/ipa_hosts.h
index 53cabbb7..34ceec90 100644
--- a/src/providers/ipa/ipa_hosts.h
+++ b/src/providers/ipa/ipa_hosts.h
@@ -30,10 +30,8 @@ ipa_host_info_send(TALLOC_CTX *mem_ctx,
struct sdap_handle *sh,
struct sdap_options *opts,
const char *hostname,
- const char **attrs,
- struct sdap_attr_map *map,
- int map_num_attrs,
- bool fetch_hostgroups,
+ struct sdap_attr_map *host_map,
+ struct sdap_attr_map *hostgroup_map,
struct sdap_search_base **search_bases);
errno_t
diff --git a/src/providers/ipa/ipa_init.c b/src/providers/ipa/ipa_init.c
index 20745c11..bb85632d 100644
--- a/src/providers/ipa/ipa_init.c
+++ b/src/providers/ipa/ipa_init.c
@@ -386,6 +386,8 @@ int sssm_ipa_access_init(struct be_ctx *bectx,
goto done;
}
ipa_access_ctx->sdap_ctx = id_ctx->sdap_id_ctx;
+ ipa_access_ctx->host_map = id_ctx->ipa_options->host_map;
+ ipa_access_ctx->hostgroup_map = id_ctx->ipa_options->hostgroup_map;
ipa_access_ctx->host_search_bases = id_ctx->ipa_options->host_search_bases;
ipa_access_ctx->hbac_search_bases = id_ctx->ipa_options->hbac_search_bases;
@@ -464,13 +466,7 @@ int sssm_ipa_hostid_init(struct be_ctx *bectx,
}
hostid_ctx->sdap_id_ctx = id_ctx->sdap_id_ctx;
hostid_ctx->host_search_bases = id_ctx->ipa_options->host_search_bases;
-
- ret = dp_copy_options(hostid_ctx, ipa_options->basic,
- IPA_OPTS_BASIC, &hostid_ctx->ipa_options);
- if (ret != EOK) {
- DEBUG(SSSDBG_CRIT_FAILURE, ("dp_copy_options failed.\n"));
- goto done;
- }
+ hostid_ctx->ipa_opts = ipa_options;
*ops = &ipa_hostid_ops;
*pvt_data = hostid_ctx;
diff --git a/src/providers/ipa/ipa_netgroups.c b/src/providers/ipa/ipa_netgroups.c
index 5acab31f..05c7e230 100644
--- a/src/providers/ipa/ipa_netgroups.c
+++ b/src/providers/ipa/ipa_netgroups.c
@@ -523,11 +523,11 @@ static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state,
filter = talloc_asprintf(state, "(&%s%s(objectclass=%s))",
state->filter,
base_filter?base_filter:"",
- state->opts->host_map[IPA_OC_HOST].name);
+ state->ipa_opts->host_map[IPA_OC_HOST].name);
if (filter == NULL)
return ENOMEM;
- ret = build_attrs_from_map(state, state->opts->host_map,
+ ret = build_attrs_from_map(state, state->ipa_opts->host_map,
IPA_OPTS_HOST, &attrs);
if (ret != EOK) {
talloc_free(filter);
@@ -537,7 +537,7 @@ static int ipa_netgr_fetch_hosts(struct ipa_get_netgroups_state *state,
subreq = sdap_get_generic_send(state, state->ev, state->opts, state->sh,
bases[state->host_base_iter]->basedn,
bases[state->host_base_iter]->scope,
- filter, attrs, state->opts->host_map,
+ filter, attrs, state->ipa_opts->host_map,
IPA_OPTS_HOST, state->timeout, true);
state->current_entity = ENTITY_HOST;
diff --git a/src/providers/ipa/ipa_selinux_maps.c b/src/providers/ipa/ipa_selinux_maps.c
index d642da7d..7a54d24a 100644
--- a/src/providers/ipa/ipa_selinux_maps.c
+++ b/src/providers/ipa/ipa_selinux_maps.c
@@ -30,6 +30,7 @@ struct ipa_selinux_get_maps_state {
struct sysdb_ctx *sysdb;
struct sdap_handle *sh;
struct sdap_options *opts;
+ struct ipa_options *ipa_opts;
const char **attrs;
struct sdap_search_base **search_bases;
@@ -53,6 +54,7 @@ struct tevent_req *ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sdap_handle *sh,
struct sdap_options *opts,
+ struct ipa_options *ipa_opts,
struct sdap_search_base **search_bases)
{
struct tevent_req *req;
@@ -68,20 +70,21 @@ struct tevent_req *ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx,
state->sysdb = sysdb;
state->sh = sh;
state->opts = opts;
+ state->ipa_opts = ipa_opts;
state->search_bases = search_bases;
state->search_base_iter = 0;
state->map_count = 0;
state->maps = NULL;
- ret = build_attrs_from_map(state, opts->selinuxuser_map,
+ ret = build_attrs_from_map(state, ipa_opts->selinuxuser_map,
IPA_OPTS_SELINUX_USERMAP, &state->attrs);
if (ret != EOK) goto fail;
state->cur_filter = NULL;
state->maps_filter = talloc_asprintf(state,
"(&(objectclass=%s)(%s=TRUE))",
- opts->selinuxuser_map[IPA_OC_SELINUX_USERMAP].name,
- opts->selinuxuser_map[IPA_AT_SELINUX_USERMAP_ENABLED].name);
+ ipa_opts->selinuxuser_map[IPA_OC_SELINUX_USERMAP].name,
+ ipa_opts->selinuxuser_map[IPA_AT_SELINUX_USERMAP_ENABLED].name);
if (state->maps_filter == NULL) {
ret = ENOMEM;
goto fail;
@@ -130,7 +133,7 @@ ipa_selinux_get_maps_next(struct tevent_req *req,
state->sh, base->basedn,
base->scope, state->cur_filter,
state->attrs,
- state->opts->selinuxuser_map,
+ state->ipa_opts->selinuxuser_map,
IPA_OPTS_SELINUX_USERMAP,
dp_opt_get_int(state->opts->basic,
SDAP_ENUM_SEARCH_TIMEOUT),
diff --git a/src/providers/ipa/ipa_selinux_maps.h b/src/providers/ipa/ipa_selinux_maps.h
index efd10bf4..d3abec15 100644
--- a/src/providers/ipa/ipa_selinux_maps.h
+++ b/src/providers/ipa/ipa_selinux_maps.h
@@ -33,6 +33,7 @@ ipa_selinux_get_maps_send(TALLOC_CTX *mem_ctx,
struct sysdb_ctx *sysdb,
struct sdap_handle *sh,
struct sdap_options *opts,
+ struct ipa_options *ipa_opts,
struct sdap_search_base **search_bases);
errno_t
diff --git a/src/providers/ipa/ipa_session.c b/src/providers/ipa/ipa_session.c
index 6b7fc8ef..e23b0120 100644
--- a/src/providers/ipa/ipa_session.c
+++ b/src/providers/ipa/ipa_session.c
@@ -35,18 +35,12 @@
#include "providers/ipa/ipa_selinux_common.h"
#include "providers/ipa/ipa_selinux_maps.h"
-/* FIXME: this is temporary until host map is implemented in ipa_common.c */
-#include "providers/ipa/ipa_hbac_private.h"
-
struct ipa_get_selinux_state {
struct be_req *be_req;
struct pam_data *pd;
struct ipa_session_ctx *session_ctx;
struct sdap_id_op *op;
- /* Just tmp stuff so we can free it after query */
- const char **attrs;
-
const char *hostname;
struct sysdb_attrs *host;
struct sysdb_attrs *user;
@@ -251,21 +245,13 @@ static void ipa_get_selinux_connect_done(struct tevent_req *subreq)
/* FIXME: detect if HBAC is configured
* - if yes, we can skip host retrieval and get it directly from sysdb
*/
- state->attrs = talloc_array(state, const char *, 3);
- if (state->attrs == NULL) {
- ret = ENOMEM;
- goto fail;
- }
- state->attrs[0] = "objectClass";
- state->attrs[1] = IPA_MEMBEROF;
- state->attrs[2] = NULL;
-
subreq = ipa_host_info_send(state, bctx->ev, bctx->sysdb,
sdap_id_op_handle(state->op),
id_ctx->sdap_id_ctx->opts,
state->hostname,
- state->attrs, NULL, 0,
- false, state->session_ctx->host_search_bases);
+ id_ctx->ipa_options->host_map,
+ NULL,
+ state->session_ctx->host_search_bases);
if (subreq == NULL) {
ret = ENOMEM;
goto fail;
@@ -300,11 +286,6 @@ static void ipa_get_selinux_hosts_done(struct tevent_req *subreq)
}
state->host = host[0];
- ret = sysdb_attrs_add_string(state->host, SYSDB_NAME, state->hostname);
- if (ret != EOK) {
- goto done;
- }
-
ret = sss_selinux_extract_user(state, bctx->sysdb,
state->pd->user, &state->user);
if (ret != EOK) {
@@ -314,6 +295,7 @@ static void ipa_get_selinux_hosts_done(struct tevent_req *subreq)
subreq = ipa_selinux_get_maps_send(state, bctx->ev, bctx->sysdb,
sdap_id_op_handle(state->op),
id_ctx->opts,
+ state->session_ctx->id_ctx->ipa_options,
state->session_ctx->selinux_search_bases);
if (subreq == NULL) {
ret = ENOMEM;
diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h
index 5d423846..941c2791 100644
--- a/src/providers/ldap/sdap.h
+++ b/src/providers/ldap/sdap.h
@@ -348,14 +348,12 @@ struct sdap_options {
struct sdap_attr_map *user_map;
struct sdap_attr_map *group_map;
struct sdap_attr_map *netgroup_map;
- struct sdap_attr_map *host_map;
struct sdap_attr_map *service_map;
/* FIXME - should this go to a special struct to avoid mixing with name-service-switch maps? */
struct sdap_attr_map *sudorule_map;
struct sdap_attr_map *autofs_mobject_map;
struct sdap_attr_map *autofs_entry_map;
- struct sdap_attr_map *selinuxuser_map;
/* supported schema types */
enum schema_type {