diff options
-rw-r--r-- | src/config/SSSDConfig/__init__.py.in | 5 | ||||
-rw-r--r-- | src/config/etc/sssd.api.d/sssd-ldap.conf | 5 | ||||
-rw-r--r-- | src/providers/ipa/ipa_opts.h | 5 | ||||
-rw-r--r-- | src/providers/ldap/ldap_opts.h | 5 | ||||
-rw-r--r-- | src/providers/ldap/sdap.h | 5 |
5 files changed, 25 insertions, 0 deletions
diff --git a/src/config/SSSDConfig/__init__.py.in b/src/config/SSSDConfig/__init__.py.in index 2bd6e349..99ccc5ab 100644 --- a/src/config/SSSDConfig/__init__.py.in +++ b/src/config/SSSDConfig/__init__.py.in @@ -294,6 +294,11 @@ option_strings = { 'ldap_sudo_search_base' : _('Base DN for sudo rules lookups'), 'ldap_sudo_full_refresh_interval' : _('Automatic full refresh period'), 'ldap_sudo_smart_refresh_interval' : _('Automatic smart refresh period'), + 'ldap_sudo_use_host_filter' : _('Whether to filter rules by hostname, IP addresses and network'), + 'ldap_sudo_hostnames' : _('Hostnames and/or fully qualified domain names of this machine to filter sudo rules'), + 'ldap_sudo_ip' : _('IPv4 or IPv6 addresses or network of this machine to filter sudo rules'), + 'ldap_sudo_include_netgroups' : _('Whether to include rules that contains netgroup in host attribute'), + 'ldap_sudo_include_regexp' : _('Whether to include rules that contains regular expression in host attribute'), 'ldap_sudorule_object_class' : _('Object class for sudo rules'), 'ldap_sudorule_name' : _('Sudo rule name'), 'ldap_sudorule_command' : _('Sudo rule command attribute'), diff --git a/src/config/etc/sssd.api.d/sssd-ldap.conf b/src/config/etc/sssd.api.d/sssd-ldap.conf index 6838a71f..2af849ff 100644 --- a/src/config/etc/sssd.api.d/sssd-ldap.conf +++ b/src/config/etc/sssd.api.d/sssd-ldap.conf @@ -130,6 +130,11 @@ ldap_chpass_dns_service_name = str, None, false ldap_sudo_search_base = str, None, false ldap_sudo_full_refresh_interval = int, None, false ldap_sudo_smart_refresh_interval = int, None, false +ldap_sudo_use_host_filter = bool, None, false +ldap_sudo_hostnames = str, None, false +ldap_sudo_ip = str, None, false +ldap_sudo_include_netgroups = bool, None, false +ldap_sudo_include_regexp = bool, None, false ldap_sudorule_object_class = str, None, false ldap_sudorule_name = str, None, false ldap_sudorule_command = str, None, false diff --git a/src/providers/ipa/ipa_opts.h b/src/providers/ipa/ipa_opts.h index 6fb73999..6eedc001 100644 --- a/src/providers/ipa/ipa_opts.h +++ b/src/providers/ipa/ipa_opts.h @@ -69,6 +69,11 @@ struct dp_option ipa_def_ldap_opts[] = { { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, { "ldap_sudo_smart_refresh_interval", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, /* 15 mins */ + { "ldap_sudo_use_host_filter", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "ldap_sudo_hostnames", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sudo_ip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sudo_include_netgroups", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "ldap_sudo_include_regexp", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "ipa_v1" }, NULL_STRING }, { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, diff --git a/src/providers/ldap/ldap_opts.h b/src/providers/ldap/ldap_opts.h index 5f41060f..f62e372f 100644 --- a/src/providers/ldap/ldap_opts.h +++ b/src/providers/ldap/ldap_opts.h @@ -49,6 +49,11 @@ struct dp_option default_basic_opts[] = { { "ldap_sudo_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_sudo_full_refresh_interval", DP_OPT_NUMBER, { .number = 21600 }, NULL_NUMBER }, /* 360 mins */ { "ldap_sudo_smart_refresh_interval", DP_OPT_NUMBER, { .number = 900 }, NULL_NUMBER }, /* 15 mins */ + { "ldap_sudo_use_host_filter", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "ldap_sudo_hostnames", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sudo_ip", DP_OPT_STRING, NULL_STRING, NULL_STRING }, + { "ldap_sudo_include_netgroups", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, + { "ldap_sudo_include_regexp", DP_OPT_BOOL, BOOL_TRUE, BOOL_TRUE }, { "ldap_autofs_search_base", DP_OPT_STRING, NULL_STRING, NULL_STRING }, { "ldap_schema", DP_OPT_STRING, { "rfc2307" }, NULL_STRING }, { "ldap_offline_timeout", DP_OPT_NUMBER, { .number = 60 }, NULL_NUMBER }, diff --git a/src/providers/ldap/sdap.h b/src/providers/ldap/sdap.h index 2b5ac8ad..4ca755e3 100644 --- a/src/providers/ldap/sdap.h +++ b/src/providers/ldap/sdap.h @@ -168,6 +168,11 @@ enum sdap_basic_opt { SDAP_SUDO_SEARCH_BASE, SDAP_SUDO_FULL_REFRESH_INTERVAL, SDAP_SUDO_SMART_REFRESH_INTERVAL, + SDAP_SUDO_USE_HOST_FILTER, + SDAP_SUDO_HOSTNAMES, + SDAP_SUDO_IP, + SDAP_SUDO_INCLUDE_NETGROUPS, + SDAP_SUDO_INCLUDE_REGEXP, SDAP_AUTOFS_SEARCH_BASE, SDAP_SCHEMA, SDAP_OFFLINE_TIMEOUT, |