/* Authors: Jakub Hrozek <jhrozek@redhat.com> Copyright (C) 2011 Red Hat This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see <http://www.gnu.org/licenses/>. */ #ifndef _SYSDB_SUDO_H_ #define _SYSDB_SUDO_H_ #include "db/sysdb.h" /* subdirs in cn=custom in sysdb. We don't store sudo stuff in sysdb directly * b/c it's not name-service-switch data */ #define SUDORULE_SUBDIR "sudorules" /* attribute of SUDORULE_SUBDIR * should be true if we have downloaded all rules atleast once */ #define SYSDB_SUDO_AT_REFRESHED "refreshed" #define SYSDB_SUDO_AT_LAST_FULL_REFRESH "sudoLastFullRefreshTime" /* sysdb attributes */ #define SYSDB_SUDO_CACHE_AT_OC "sudoRule" #define SYSDB_SUDO_CACHE_AT_CN "cn" #define SYSDB_SUDO_CACHE_AT_USER "sudoUser" #define SYSDB_SUDO_CACHE_AT_HOST "sudoHost" #define SYSDB_SUDO_CACHE_AT_COMMAND "sudoCommand" #define SYSDB_SUDO_CACHE_AT_OPTION "sudoOption" #define SYSDB_SUDO_CACHE_AT_RUNASUSER "sudoRunAsUser" #define SYSDB_SUDO_CACHE_AT_RUNASGROUP "sudoRunAsGroup" #define SYSDB_SUDO_CACHE_AT_NOTBEFORE "sudoNotBefore" #define SYSDB_SUDO_CACHE_AT_NOTAFTER "sudoNotAfter" #define SYSDB_SUDO_CACHE_AT_ORDER "sudoOrder" #define SYSDB_SUDO_TIME_FORMAT "%Y%m%d%H%M%SZ" /* When constructing a sysdb filter, OR these values to include.. */ #define SYSDB_SUDO_FILTER_NONE 0x00 /* no additional filter */ #define SYSDB_SUDO_FILTER_USERNAME 0x01 /* username */ #define SYSDB_SUDO_FILTER_UID 0x02 /* uid */ #define SYSDB_SUDO_FILTER_GROUPS 0x04 /* groups */ #define SYSDB_SUDO_FILTER_NGRS 0x08 /* netgroups */ #define SYSDB_SUDO_FILTER_ONLY_EXPIRED 0x10 /* only expired */ #define SYSDB_SUDO_FILTER_INCLUDE_ALL 0x20 /* ALL */ #define SYSDB_SUDO_FILTER_INCLUDE_DFL 0x40 /* include cn=default */ #define SYSDB_SUDO_FILTER_USERINFO SYSDB_SUDO_FILTER_USERNAME \ | SYSDB_SUDO_FILTER_UID \ | SYSDB_SUDO_FILTER_GROUPS \ | SYSDB_SUDO_FILTER_NGRS errno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx, size_t in_num_rules, struct sysdb_attrs **in_rules, time_t now, size_t *_num_rules, struct sysdb_attrs ***_rules); errno_t sysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username, uid_t uid, char **groupnames, unsigned int flags, char **_filter); errno_t sysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx, const char *username, struct sysdb_ctx *sysdb, uid_t *_uid, char ***groupnames); errno_t sysdb_save_sudorule(struct sysdb_ctx *sysdb_ctx, const char *rule_name, struct sysdb_attrs *attrs); errno_t sysdb_sudo_set_last_full_refresh(struct sysdb_ctx *sysdb, time_t value); errno_t sysdb_sudo_get_last_full_refresh(struct sysdb_ctx *sysdb, time_t *value); errno_t sysdb_sudo_purge_all(struct sysdb_ctx *sysdb); errno_t sysdb_sudo_purge_byname(struct sysdb_ctx *sysdb, const char *name); errno_t sysdb_sudo_purge_byfilter(struct sysdb_ctx *sysdb, const char *filter); #endif /* _SYSDB_SUDO_H_ */