summaryrefslogtreecommitdiff
path: root/src/providers/ldap
diff options
context:
space:
mode:
Diffstat (limited to 'src/providers/ldap')
-rw-r--r--src/providers/ldap/ldap_common.c10
-rw-r--r--src/providers/ldap/ldap_common.h5
-rw-r--r--src/providers/ldap/sdap_async_sudo_hostinfo.c111
-rw-r--r--src/providers/ldap/sdap_sudo.c55
-rw-r--r--src/providers/ldap/sdap_sudo.h9
5 files changed, 185 insertions, 5 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c
index b578ad74..64c06cd5 100644
--- a/src/providers/ldap/ldap_common.c
+++ b/src/providers/ldap/ldap_common.c
@@ -345,7 +345,10 @@ done:
int ldap_get_sudo_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
- struct sdap_options *opts)
+ struct sdap_options *opts,
+ bool *use_host_filter,
+ bool *include_regexp,
+ bool *include_netgroups)
{
const char *search_base;
int ret;
@@ -390,6 +393,11 @@ int ldap_get_sudo_options(TALLOC_CTX *memctx,
return ret;
}
+ /* host filter */
+ *use_host_filter = dp_opt_get_bool(opts->basic, SDAP_SUDO_USE_HOST_FILTER);
+ *include_netgroups = dp_opt_get_bool(opts->basic, SDAP_SUDO_INCLUDE_NETGROUPS);
+ *include_regexp = dp_opt_get_bool(opts->basic, SDAP_SUDO_INCLUDE_REGEXP);
+
return EOK;
}
diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h
index 8bd2584e..1a458ec9 100644
--- a/src/providers/ldap/ldap_common.h
+++ b/src/providers/ldap/ldap_common.h
@@ -126,7 +126,10 @@ int ldap_get_options(TALLOC_CTX *memctx,
int ldap_get_sudo_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
const char *conf_path,
- struct sdap_options *opts);
+ struct sdap_options *opts,
+ bool *use_host_filter,
+ bool *include_regexp,
+ bool *include_netgroups);
int ldap_get_autofs_options(TALLOC_CTX *memctx,
struct confdb_ctx *cdb,
diff --git a/src/providers/ldap/sdap_async_sudo_hostinfo.c b/src/providers/ldap/sdap_async_sudo_hostinfo.c
new file mode 100644
index 00000000..0b8f4405
--- /dev/null
+++ b/src/providers/ldap/sdap_async_sudo_hostinfo.c
@@ -0,0 +1,111 @@
+/*
+ Authors:
+ Pavel Březina <pbrezina@redhat.com>
+
+ Copyright (C) 2012 Red Hat
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <errno.h>
+#include <tevent.h>
+#include <talloc.h>
+
+#include "util/util.h"
+#include "providers/ldap/sdap.h"
+#include "providers/ldap/sdap_id_op.h"
+#include "providers/ldap/sdap_sudo.h"
+
+struct sdap_sudo_get_hostinfo_state {
+ char **hostnames;
+ char **ip_addr;
+};
+
+struct tevent_req * sdap_sudo_get_hostinfo_send(TALLOC_CTX *mem_ctx,
+ struct sdap_options *opts,
+ struct be_ctx *be_ctx)
+{
+ struct tevent_req *req = NULL;
+ struct sdap_sudo_get_hostinfo_state *state = NULL;
+ char *conf_hostnames = NULL;
+ char *conf_ip_addr = NULL;
+ int ret;
+
+ /* create request */
+ req = tevent_req_create(mem_ctx, &state, struct sdap_sudo_get_hostinfo_state);
+ if (req == NULL) {
+ DEBUG(SSSDBG_FATAL_FAILURE, ("tevent_req_create() failed\n"));
+ return NULL;
+ }
+
+ state->hostnames = NULL;
+ state->ip_addr = NULL;
+
+ /* load info from configuration */
+ conf_hostnames = dp_opt_get_string(opts->basic, SDAP_SUDO_HOSTNAMES);
+ conf_ip_addr = dp_opt_get_string(opts->basic, SDAP_SUDO_IP);
+
+ if (conf_hostnames != NULL) {
+ ret = split_on_separator(state, conf_hostnames, ' ', true,
+ &state->hostnames, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Unable to parse hostnames [%d]: %s\n", ret, strerror(ret)));
+ goto done;
+ } else {
+ DEBUG(SSSDBG_CONF_SETTINGS, ("Hostnames set to: %s\n", conf_hostnames));
+ }
+ }
+
+ if (conf_ip_addr != NULL) {
+ ret = split_on_separator(state, conf_ip_addr, ' ', true,
+ &state->ip_addr, NULL);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_MINOR_FAILURE,
+ ("Unable to parse IP addresses [%d]: %s\n", ret, strerror(ret)));
+ goto done;
+ } else {
+ DEBUG(SSSDBG_CONF_SETTINGS, ("IP addresses set to: %s\n", conf_ip_addr));
+ }
+ }
+
+ /* auto configuration will be supported later */
+
+done:
+ if (ret != EAGAIN) {
+ if (ret == EOK) {
+ tevent_req_done(req);
+ } else {
+ tevent_req_error(req, ret);
+ }
+ tevent_req_post(req, be_ctx->ev);
+ }
+
+ return req;
+}
+
+int sdap_sudo_get_hostinfo_recv(TALLOC_CTX *mem_ctx,
+ struct tevent_req *req,
+ char ***hostnames, char ***ip_addr)
+{
+ struct sdap_sudo_get_hostinfo_state *state = NULL;
+ state = tevent_req_data(req, struct sdap_sudo_get_hostinfo_state);
+
+ TEVENT_REQ_RETURN_ON_ERROR(req);
+
+ *hostnames = talloc_steal(mem_ctx, state->hostnames);
+ *ip_addr = talloc_steal(mem_ctx, state->ip_addr);
+
+ return EOK;
+}
diff --git a/src/providers/ldap/sdap_sudo.c b/src/providers/ldap/sdap_sudo.c
index 80549bfa..806c8b3a 100644
--- a/src/providers/ldap/sdap_sudo.c
+++ b/src/providers/ldap/sdap_sudo.c
@@ -104,6 +104,7 @@ struct bet_ops sdap_sudo_ops = {
.finalize = sdap_sudo_shutdown
};
+static void sdap_sudo_get_hostinfo_done(struct tevent_req *req);
int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx);
int sdap_sudo_init(struct be_ctx *be_ctx,
@@ -112,6 +113,7 @@ int sdap_sudo_init(struct be_ctx *be_ctx,
void **pvt_data)
{
struct sdap_sudo_ctx *sudo_ctx = NULL;
+ struct tevent_req *req = NULL;
int ret;
DEBUG(SSSDBG_TRACE_INTERNAL, ("Initializing sudo LDAP back end\n"));
@@ -127,20 +129,67 @@ int sdap_sudo_init(struct be_ctx *be_ctx,
*pvt_data = sudo_ctx;
ret = ldap_get_sudo_options(id_ctx, be_ctx->cdb,
- be_ctx->conf_path, id_ctx->opts);
+ be_ctx->conf_path, id_ctx->opts,
+ &sudo_ctx->use_host_filter,
+ &sudo_ctx->include_regexp,
+ &sudo_ctx->include_netgroups);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Cannot get SUDO options [%d]: %s\n",
ret, strerror(ret)));
return ret;
}
+ req = sdap_sudo_get_hostinfo_send(sudo_ctx, id_ctx->opts, be_ctx);
+ if (req == NULL) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - "
+ "(host filter will be disabled)\n"));
+
+ sudo_ctx->use_host_filter = false;
+
+ ret = sdap_sudo_setup_periodical_refresh(sudo_ctx);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_OP_FAILURE,
+ ("Unable to setup periodical refresh"
+ "of sudo rules [%d]: %s\n", ret, strerror(ret)));
+ /* periodical updates will not work, but specific-rule update
+ * is no affected by this, therefore we don't have to fail here */
+ }
+ } else {
+ tevent_req_set_callback(req, sdap_sudo_get_hostinfo_done, sudo_ctx);
+ }
+
+ return EOK;
+}
+
+static void sdap_sudo_get_hostinfo_done(struct tevent_req *req)
+{
+ struct sdap_sudo_ctx *sudo_ctx = NULL;
+ char **hostnames = NULL;
+ char **ip_addr = NULL;
+ int ret;
+
+ sudo_ctx = tevent_req_callback_data(req, struct sdap_sudo_ctx);
+
+ ret = sdap_sudo_get_hostinfo_recv(sudo_ctx, req, &hostnames, &ip_addr);
+ talloc_zfree(req);
+ if (ret != EOK) {
+ DEBUG(SSSDBG_CRIT_FAILURE, ("Unable to retrieve host information - "
+ "(host filter will be disabled) [%d]: %s\n", ret, strerror(ret)));
+ sudo_ctx->use_host_filter = false;
+ return;
+ }
+
+ talloc_zfree(sudo_ctx->hostnames);
+ talloc_zfree(sudo_ctx->ip_addr);
+
+ sudo_ctx->hostnames = talloc_move(sudo_ctx, &hostnames);
+ sudo_ctx->ip_addr = talloc_move(sudo_ctx, &ip_addr);
+
ret = sdap_sudo_setup_periodical_refresh(sudo_ctx);
if (ret != EOK) {
DEBUG(SSSDBG_OP_FAILURE, ("Unable to setup periodical refresh"
"of sudo rules [%d]: %s\n", ret, strerror(ret)));
}
-
- return EOK;
}
int sdap_sudo_setup_periodical_refresh(struct sdap_sudo_ctx *sudo_ctx)
diff --git a/src/providers/ldap/sdap_sudo.h b/src/providers/ldap/sdap_sudo.h
index 25277271..d2c5e80f 100644
--- a/src/providers/ldap/sdap_sudo.h
+++ b/src/providers/ldap/sdap_sudo.h
@@ -69,6 +69,15 @@ int sdap_sudo_timer_recv(TALLOC_CTX *mem_ctx,
struct tevent_req *req,
struct tevent_req **_subreq);
+/* host info */
+struct tevent_req * sdap_sudo_get_hostinfo_send(TALLOC_CTX *mem_ctx,
+ struct sdap_options *opts,
+ struct be_ctx *be_ctx);
+
+int sdap_sudo_get_hostinfo_recv(TALLOC_CTX *mem_ctx,
+ struct tevent_req *req,
+ char ***hostnames, char ***ip_addr);
+
/* (&(objectClass=sudoRole)(|(cn=defaults)(sudoUser=ALL)%s)) */
#define SDAP_SUDO_FILTER_USER "(&(objectClass=%s)(|(%s=%s)(%s=ALL)%s))"
#define SDAP_SUDO_FILTER_CLASS "(objectClass=%s)"