Add sudo entry to ldap when creating clubs

pull/5/head
David Bartley 15 years ago
parent a2a5e3771a
commit c7aea5c7cf
  1. 6
      src/addclub.c
  2. 5
      src/config.c
  3. 1
      src/config.h
  4. 70
      src/ldap.c
  5. 1
      src/ldap.h

@ -41,7 +41,7 @@ static void usage() {
}
int addclub() {
int krb_ok, user_ok, group_ok, home_ok, quota_ok;
int krb_ok, user_ok, group_ok, sudo_ok, home_ok, quota_ok;
int id;
char homedir[1024];
@ -78,6 +78,10 @@ int addclub() {
if (!group_ok)
logmsg("successfully created group for %s", userid);
sudo_ok = user_ok || ceo_add_group_sudo(userid, sudo_base);
if (!sudo_ok)
logmsg("successfully added group sudo entry for %s", userid);
home_ok = user_ok || ceo_create_home(homedir, id, id);
if (!home_ok)
logmsg("successfully created home directory for %s", userid);

@ -12,6 +12,7 @@ char *server_url = DEF_STR;
char *users_base = DEF_STR;
char *groups_base = DEF_STR;
char *sudo_base = DEF_STR;
char *skeleton_dir = DEF_STR;
char *quota_prototype = DEF_STR;
@ -47,12 +48,12 @@ static char *strvarnames[] = { "server_url", "users_base", "admin_principal",
"admin_keytab", "skeleton_dir", "quota_prototype", "member_home",
"member_shell", "club_home", "club_shell", "realm", "admin_bind_userid",
"admin_bind_keytab", "groups_base", "privileged_group", "notify_hook",
"sasl_realm", "sasl_mech" };
"sasl_realm", "sasl_mech", "sudo_base" };
static char **strvars[] = { &server_url, &users_base, &admin_principal,
&admin_keytab, &skeleton_dir, &quota_prototype, &member_home,
&member_shell, &club_home, &club_shell, &realm, &admin_bind_userid,
&admin_bind_keytab, &groups_base, &privileged_group, &notify_hook,
&sasl_realm, &sasl_mech };
&sasl_realm, &sasl_mech, &sudo_base };
static char *longvarnames[] = { "member_min_id", "member_max_id",
"homedir_mode", "club_min_id", "club_max_id" };

@ -3,6 +3,7 @@
extern char *server_url;
extern char *users_base;
extern char *groups_base;
extern char *sudo_base;
extern char *skeleton_dir;
extern char *quota_prototype;

@ -90,6 +90,76 @@ int ceo_add_group(char *cn, char *basedn, int no) {
return ret;
}
int ceo_add_group_sudo(char *group, char *basedn) {
if (!group || !basedn)
fatal("addgroup: Invalid argument");
LDAPMod *mods[8];
int i = -1;
int ret = 0;
char cn[17];
snprintf(cn, sizeof(cn), "%%%s", group);
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "objectClass";
char *objectClasses[] = { "top", "sudoRole", NULL };
mods[i]->mod_values = objectClasses;
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "cn";
char *uids[] = { cn, NULL };
mods[i]->mod_values = uids;
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "sudoUser";
char *sudouser[] = { cn, NULL };
mods[i]->mod_values = sudouser;
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "sudoHost";
char *sudohost[] = { "ALL", NULL };
mods[i]->mod_values = sudohost;
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "sudoCommand";
char *sudocommand[] = { "ALL", NULL };
mods[i]->mod_values = sudocommand;
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "sudoOption";
char *sudooption[] = { "!authenticate", NULL };
mods[i]->mod_values = sudooption;
mods[++i] = xmalloc(sizeof(LDAPMod));
mods[i]->mod_op = LDAP_MOD_ADD;
mods[i]->mod_type = "sudoRunAs";
char *sudorunas[] = { group, NULL };
mods[i]->mod_values = sudorunas;
char dn[1024];
snprintf(dn, sizeof(dn), "cn=%%%s,%s", group, basedn);
mods[++i] = NULL;
if (ldap_add_s(ld, dn, mods) != LDAP_SUCCESS) {
ldap_err("addgroup");
ret = -1;
}
i = 0;
while (mods[i])
free(mods[i++]);
return ret;
}
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
va_list args;

@ -2,6 +2,7 @@
int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
int ceo_add_group(char *, char *, int);
int ceo_add_group_sudo(char *, char *);
int ceo_new_uid(int, int);
void ceo_ldap_init();

Loading…
Cancel
Save