104 lines
5.3 KiB
Diff
104 lines
5.3 KiB
Diff
From d652bd9483243485ce86617fc070773f684c113b Mon Sep 17 00:00:00 2001
|
|
From: =?UTF-8?q?Pavel=20B=C5=99ezina?= <pbrezina@redhat.com>
|
|
Date: Mon, 18 Jan 2016 12:15:47 +0100
|
|
Subject: [PATCH 38/49] IPA SUDO: Add support for ipaSudoRunAsExt* attributes
|
|
|
|
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
(cherry picked from commit a7d2b4f157194c14bc4a40c74f6416b82befa460)
|
|
---
|
|
src/config/etc/sssd.api.d/sssd-ipa.conf | 3 +++
|
|
src/db/sysdb_sudo.h | 3 +++
|
|
src/providers/ipa/ipa_common.h | 3 +++
|
|
src/providers/ipa/ipa_opts.c | 3 +++
|
|
src/providers/ipa/ipa_sudo_conversion.c | 11 +++++++++++
|
|
5 files changed, 23 insertions(+)
|
|
|
|
diff --git a/src/config/etc/sssd.api.d/sssd-ipa.conf b/src/config/etc/sssd.api.d/sssd-ipa.conf
|
|
index 2784a01e7a012f642377ae9c89d1ed03be88c7ae..13715ec34666f2dbc66df037565b495b9df42511 100644
|
|
--- a/src/config/etc/sssd.api.d/sssd-ipa.conf
|
|
+++ b/src/config/etc/sssd.api.d/sssd-ipa.conf
|
|
@@ -253,6 +253,9 @@ ipa_sudorule_hostcategory = str, None, false
|
|
ipa_sudorule_usercategory = str, None, false
|
|
ipa_sudorule_runasusercategory = str, None, false
|
|
ipa_sudorule_runasgroupcategory = str, None, false
|
|
+ipa_sudorule_runasextuser = str, None, false
|
|
+ipa_sudorule_runasextgroup = str, None, false
|
|
+ipa_sudorule_runasextusergroup = str, None, false
|
|
ipa_sudorule_entry_usn = str, None, false
|
|
ipa_sudocmdgroup_object_class = str, None, false
|
|
ipa_sudocmdgroup_uuid = str, None, false
|
|
diff --git a/src/db/sysdb_sudo.h b/src/db/sysdb_sudo.h
|
|
index 8635e78041687f386ec15d45e5d1d3f1f0551e3d..ba90a68512c6c29134ab2f746220db9533a93dda 100644
|
|
--- a/src/db/sysdb_sudo.h
|
|
+++ b/src/db/sysdb_sudo.h
|
|
@@ -65,6 +65,9 @@
|
|
#define SYSDB_IPA_SUDORULE_USERCATEGORY "userCategory"
|
|
#define SYSDB_IPA_SUDORULE_RUNASUSERCATEGORY "ipaSudoRunAsUserCategory"
|
|
#define SYSDB_IPA_SUDORULE_RUNASGROUPCATEGORY "ipaSudoRunAsGroupCategory"
|
|
+#define SYSDB_IPA_SUDORULE_RUNASEXTUSER "ipaSudoRunAsExtUser"
|
|
+#define SYSDB_IPA_SUDORULE_RUNASEXTGROUP "ipaSudoRunAsExtGroup"
|
|
+#define SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP "ipaSudoRunAsExtUserGroup"
|
|
|
|
#define SYSDB_IPA_SUDOCMDGROUP_OC "ipasudocmdgrp"
|
|
|
|
diff --git a/src/providers/ipa/ipa_common.h b/src/providers/ipa/ipa_common.h
|
|
index 8cb2058fef98fc8eef0d769a6f62882d1da7ae53..24898ee3809b0bcb682321ba4cfa500acd7c795b 100644
|
|
--- a/src/providers/ipa/ipa_common.h
|
|
+++ b/src/providers/ipa/ipa_common.h
|
|
@@ -153,6 +153,9 @@ enum ipa_sudorule_attrs {
|
|
IPA_AT_SUDORULE_USERCATEGORY,
|
|
IPA_AT_SUDORULE_RUNASUSERCATEGORY,
|
|
IPA_AT_SUDORULE_RUNASGROUPCATEGORY,
|
|
+ IPA_AT_SUDORULE_RUNASEXTUSER,
|
|
+ IPA_AT_SUDORULE_RUNASEXTGROUP,
|
|
+ IPA_AT_SUDORULE_RUNASEXTUSERGROUP,
|
|
IPA_AT_SUDORULE_ENTRYUSN,
|
|
|
|
IPA_OPTS_SUDORULE
|
|
diff --git a/src/providers/ipa/ipa_opts.c b/src/providers/ipa/ipa_opts.c
|
|
index 725e512352ff40cb4de6daba88efa3b8dfefdc62..cda10f89a60264ffd998da73ebadd09dff35ed79 100644
|
|
--- a/src/providers/ipa/ipa_opts.c
|
|
+++ b/src/providers/ipa/ipa_opts.c
|
|
@@ -356,6 +356,9 @@ struct sdap_attr_map ipa_sudorule_map[] = {
|
|
{ "ipa_sudorule_usercategory", "userCategory", SYSDB_IPA_SUDORULE_USERCATEGORY, NULL },
|
|
{ "ipa_sudorule_runasusercategory", "ipaSudoRunAsUserCategory", SYSDB_IPA_SUDORULE_RUNASUSERCATEGORY, NULL },
|
|
{ "ipa_sudorule_runasgroupcategory", "ipaSudoRunAsGroupCategory", SYSDB_IPA_SUDORULE_RUNASGROUPCATEGORY, NULL },
|
|
+ { "ipa_sudorule_runasextuser", "ipaSudoRunAsExtUser", SYSDB_IPA_SUDORULE_RUNASEXTUSER, NULL },
|
|
+ { "ipa_sudorule_runasextgroup", "ipaSudoRunAsExtGroup", SYSDB_IPA_SUDORULE_RUNASEXTGROUP, NULL },
|
|
+ { "ipa_sudorule_runasextusergroup", "ipaSudoRunAsExtUserGroup", SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP, NULL },
|
|
{ "ipa_sudorule_entry_usn", "entryUSN", SYSDB_USN, NULL },
|
|
SDAP_ATTR_MAP_TERMINATOR
|
|
};
|
|
diff --git a/src/providers/ipa/ipa_sudo_conversion.c b/src/providers/ipa/ipa_sudo_conversion.c
|
|
index 195e40f248e15756a224335208276f6f7a646cd0..02d7ebd5dd819f54b6d97b2251eca294d95a224b 100644
|
|
--- a/src/providers/ipa/ipa_sudo_conversion.c
|
|
+++ b/src/providers/ipa/ipa_sudo_conversion.c
|
|
@@ -757,6 +757,14 @@ convert_group(TALLOC_CTX *mem_ctx,
|
|
}
|
|
|
|
static const char *
|
|
+convert_runasextusergroup(TALLOC_CTX *mem_ctx,
|
|
+ struct ipa_sudo_conv *conv,
|
|
+ const char *value)
|
|
+{
|
|
+ return talloc_asprintf(mem_ctx, "%%%s", value);
|
|
+}
|
|
+
|
|
+static const char *
|
|
convert_cat(TALLOC_CTX *mem_ctx,
|
|
struct ipa_sudo_conv *conv,
|
|
const char *value)
|
|
@@ -798,6 +806,9 @@ convert_attributes(struct ipa_sudo_conv *conv,
|
|
{SYSDB_IPA_SUDORULE_USERCATEGORY, SYSDB_SUDO_CACHE_AT_USER , convert_cat},
|
|
{SYSDB_IPA_SUDORULE_RUNASUSERCATEGORY, SYSDB_SUDO_CACHE_AT_RUNASUSER , convert_cat},
|
|
{SYSDB_IPA_SUDORULE_RUNASGROUPCATEGORY, SYSDB_SUDO_CACHE_AT_RUNASGROUP , convert_cat},
|
|
+ {SYSDB_IPA_SUDORULE_RUNASEXTUSER, SYSDB_SUDO_CACHE_AT_RUNASUSER , NULL},
|
|
+ {SYSDB_IPA_SUDORULE_RUNASEXTGROUP, SYSDB_SUDO_CACHE_AT_RUNASGROUP , NULL},
|
|
+ {SYSDB_IPA_SUDORULE_RUNASEXTUSERGROUP, SYSDB_SUDO_CACHE_AT_RUNASUSER , convert_runasextusergroup},
|
|
{SYSDB_IPA_SUDORULE_ALLOWCMD, SYSDB_IPA_SUDORULE_ORIGCMD , NULL},
|
|
{SYSDB_IPA_SUDORULE_DENYCMD, SYSDB_IPA_SUDORULE_ORIGCMD , NULL},
|
|
{NULL, NULL, NULL}};
|
|
--
|
|
2.5.0
|
|
|