Add sudo entry to ldap when creating clubs
This commit is contained in:
parent
a2a5e3771a
commit
c7aea5c7cf
|
@ -41,7 +41,7 @@ static void usage() {
|
||||||
}
|
}
|
||||||
|
|
||||||
int addclub() {
|
int addclub() {
|
||||||
int krb_ok, user_ok, group_ok, home_ok, quota_ok;
|
int krb_ok, user_ok, group_ok, sudo_ok, home_ok, quota_ok;
|
||||||
int id;
|
int id;
|
||||||
char homedir[1024];
|
char homedir[1024];
|
||||||
|
|
||||||
|
@ -78,6 +78,10 @@ int addclub() {
|
||||||
if (!group_ok)
|
if (!group_ok)
|
||||||
logmsg("successfully created group for %s", userid);
|
logmsg("successfully created group for %s", userid);
|
||||||
|
|
||||||
|
sudo_ok = user_ok || ceo_add_group_sudo(userid, sudo_base);
|
||||||
|
if (!sudo_ok)
|
||||||
|
logmsg("successfully added group sudo entry for %s", userid);
|
||||||
|
|
||||||
home_ok = user_ok || ceo_create_home(homedir, id, id);
|
home_ok = user_ok || ceo_create_home(homedir, id, id);
|
||||||
if (!home_ok)
|
if (!home_ok)
|
||||||
logmsg("successfully created home directory for %s", userid);
|
logmsg("successfully created home directory for %s", userid);
|
||||||
|
|
|
@ -12,6 +12,7 @@ char *server_url = DEF_STR;
|
||||||
|
|
||||||
char *users_base = DEF_STR;
|
char *users_base = DEF_STR;
|
||||||
char *groups_base = DEF_STR;
|
char *groups_base = DEF_STR;
|
||||||
|
char *sudo_base = DEF_STR;
|
||||||
|
|
||||||
char *skeleton_dir = DEF_STR;
|
char *skeleton_dir = DEF_STR;
|
||||||
char *quota_prototype = DEF_STR;
|
char *quota_prototype = DEF_STR;
|
||||||
|
@ -47,12 +48,12 @@ static char *strvarnames[] = { "server_url", "users_base", "admin_principal",
|
||||||
"admin_keytab", "skeleton_dir", "quota_prototype", "member_home",
|
"admin_keytab", "skeleton_dir", "quota_prototype", "member_home",
|
||||||
"member_shell", "club_home", "club_shell", "realm", "admin_bind_userid",
|
"member_shell", "club_home", "club_shell", "realm", "admin_bind_userid",
|
||||||
"admin_bind_keytab", "groups_base", "privileged_group", "notify_hook",
|
"admin_bind_keytab", "groups_base", "privileged_group", "notify_hook",
|
||||||
"sasl_realm", "sasl_mech" };
|
"sasl_realm", "sasl_mech", "sudo_base" };
|
||||||
static char **strvars[] = { &server_url, &users_base, &admin_principal,
|
static char **strvars[] = { &server_url, &users_base, &admin_principal,
|
||||||
&admin_keytab, &skeleton_dir, "a_prototype, &member_home,
|
&admin_keytab, &skeleton_dir, "a_prototype, &member_home,
|
||||||
&member_shell, &club_home, &club_shell, &realm, &admin_bind_userid,
|
&member_shell, &club_home, &club_shell, &realm, &admin_bind_userid,
|
||||||
&admin_bind_keytab, &groups_base, &privileged_group, ¬ify_hook,
|
&admin_bind_keytab, &groups_base, &privileged_group, ¬ify_hook,
|
||||||
&sasl_realm, &sasl_mech };
|
&sasl_realm, &sasl_mech, &sudo_base };
|
||||||
|
|
||||||
static char *longvarnames[] = { "member_min_id", "member_max_id",
|
static char *longvarnames[] = { "member_min_id", "member_max_id",
|
||||||
"homedir_mode", "club_min_id", "club_max_id" };
|
"homedir_mode", "club_min_id", "club_max_id" };
|
||||||
|
|
|
@ -3,6 +3,7 @@
|
||||||
extern char *server_url;
|
extern char *server_url;
|
||||||
extern char *users_base;
|
extern char *users_base;
|
||||||
extern char *groups_base;
|
extern char *groups_base;
|
||||||
|
extern char *sudo_base;
|
||||||
|
|
||||||
extern char *skeleton_dir;
|
extern char *skeleton_dir;
|
||||||
extern char *quota_prototype;
|
extern char *quota_prototype;
|
||||||
|
|
70
src/ldap.c
70
src/ldap.c
|
@ -90,6 +90,76 @@ int ceo_add_group(char *cn, char *basedn, int no) {
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int ceo_add_group_sudo(char *group, char *basedn) {
|
||||||
|
if (!group || !basedn)
|
||||||
|
fatal("addgroup: Invalid argument");
|
||||||
|
|
||||||
|
LDAPMod *mods[8];
|
||||||
|
int i = -1;
|
||||||
|
int ret = 0;
|
||||||
|
|
||||||
|
char cn[17];
|
||||||
|
snprintf(cn, sizeof(cn), "%%%s", group);
|
||||||
|
|
||||||
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||||
|
mods[i]->mod_type = "objectClass";
|
||||||
|
char *objectClasses[] = { "top", "sudoRole", NULL };
|
||||||
|
mods[i]->mod_values = objectClasses;
|
||||||
|
|
||||||
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||||
|
mods[i]->mod_type = "cn";
|
||||||
|
char *uids[] = { cn, NULL };
|
||||||
|
mods[i]->mod_values = uids;
|
||||||
|
|
||||||
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||||
|
mods[i]->mod_type = "sudoUser";
|
||||||
|
char *sudouser[] = { cn, NULL };
|
||||||
|
mods[i]->mod_values = sudouser;
|
||||||
|
|
||||||
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||||
|
mods[i]->mod_type = "sudoHost";
|
||||||
|
char *sudohost[] = { "ALL", NULL };
|
||||||
|
mods[i]->mod_values = sudohost;
|
||||||
|
|
||||||
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||||
|
mods[i]->mod_type = "sudoCommand";
|
||||||
|
char *sudocommand[] = { "ALL", NULL };
|
||||||
|
mods[i]->mod_values = sudocommand;
|
||||||
|
|
||||||
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||||
|
mods[i]->mod_type = "sudoOption";
|
||||||
|
char *sudooption[] = { "!authenticate", NULL };
|
||||||
|
mods[i]->mod_values = sudooption;
|
||||||
|
|
||||||
|
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||||
|
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||||
|
mods[i]->mod_type = "sudoRunAs";
|
||||||
|
char *sudorunas[] = { group, NULL };
|
||||||
|
mods[i]->mod_values = sudorunas;
|
||||||
|
|
||||||
|
char dn[1024];
|
||||||
|
snprintf(dn, sizeof(dn), "cn=%%%s,%s", group, basedn);
|
||||||
|
|
||||||
|
mods[++i] = NULL;
|
||||||
|
|
||||||
|
if (ldap_add_s(ld, dn, mods) != LDAP_SUCCESS) {
|
||||||
|
ldap_err("addgroup");
|
||||||
|
ret = -1;
|
||||||
|
}
|
||||||
|
|
||||||
|
i = 0;
|
||||||
|
while (mods[i])
|
||||||
|
free(mods[i++]);
|
||||||
|
|
||||||
|
return ret;
|
||||||
|
}
|
||||||
|
|
||||||
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
|
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
|
||||||
va_list args;
|
va_list args;
|
||||||
|
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
|
int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
|
||||||
int ceo_add_group(char *, char *, int);
|
int ceo_add_group(char *, char *, int);
|
||||||
|
int ceo_add_group_sudo(char *, char *);
|
||||||
int ceo_new_uid(int, int);
|
int ceo_new_uid(int, int);
|
||||||
|
|
||||||
void ceo_ldap_init();
|
void ceo_ldap_init();
|
||||||
|
|
Loading…
Reference in New Issue