Add sudo entry to ldap when creating clubs
This commit is contained in:
parent
a2a5e3771a
commit
c7aea5c7cf
|
|
@ -41,7 +41,7 @@ static void usage() {
|
|||
}
|
||||
|
||||
int addclub() {
|
||||
int krb_ok, user_ok, group_ok, home_ok, quota_ok;
|
||||
int krb_ok, user_ok, group_ok, sudo_ok, home_ok, quota_ok;
|
||||
int id;
|
||||
char homedir[1024];
|
||||
|
||||
|
|
@ -78,6 +78,10 @@ int addclub() {
|
|||
if (!group_ok)
|
||||
logmsg("successfully created group for %s", userid);
|
||||
|
||||
sudo_ok = user_ok || ceo_add_group_sudo(userid, sudo_base);
|
||||
if (!sudo_ok)
|
||||
logmsg("successfully added group sudo entry for %s", userid);
|
||||
|
||||
home_ok = user_ok || ceo_create_home(homedir, id, id);
|
||||
if (!home_ok)
|
||||
logmsg("successfully created home directory for %s", userid);
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ char *server_url = DEF_STR;
|
|||
|
||||
char *users_base = DEF_STR;
|
||||
char *groups_base = DEF_STR;
|
||||
char *sudo_base = DEF_STR;
|
||||
|
||||
char *skeleton_dir = DEF_STR;
|
||||
char *quota_prototype = DEF_STR;
|
||||
|
|
@ -47,12 +48,12 @@ static char *strvarnames[] = { "server_url", "users_base", "admin_principal",
|
|||
"admin_keytab", "skeleton_dir", "quota_prototype", "member_home",
|
||||
"member_shell", "club_home", "club_shell", "realm", "admin_bind_userid",
|
||||
"admin_bind_keytab", "groups_base", "privileged_group", "notify_hook",
|
||||
"sasl_realm", "sasl_mech" };
|
||||
"sasl_realm", "sasl_mech", "sudo_base" };
|
||||
static char **strvars[] = { &server_url, &users_base, &admin_principal,
|
||||
&admin_keytab, &skeleton_dir, "a_prototype, &member_home,
|
||||
&member_shell, &club_home, &club_shell, &realm, &admin_bind_userid,
|
||||
&admin_bind_keytab, &groups_base, &privileged_group, ¬ify_hook,
|
||||
&sasl_realm, &sasl_mech };
|
||||
&sasl_realm, &sasl_mech, &sudo_base };
|
||||
|
||||
static char *longvarnames[] = { "member_min_id", "member_max_id",
|
||||
"homedir_mode", "club_min_id", "club_max_id" };
|
||||
|
|
|
|||
|
|
@ -3,6 +3,7 @@
|
|||
extern char *server_url;
|
||||
extern char *users_base;
|
||||
extern char *groups_base;
|
||||
extern char *sudo_base;
|
||||
|
||||
extern char *skeleton_dir;
|
||||
extern char *quota_prototype;
|
||||
|
|
|
|||
70
src/ldap.c
70
src/ldap.c
|
|
@ -90,6 +90,76 @@ int ceo_add_group(char *cn, char *basedn, int no) {
|
|||
return ret;
|
||||
}
|
||||
|
||||
int ceo_add_group_sudo(char *group, char *basedn) {
|
||||
if (!group || !basedn)
|
||||
fatal("addgroup: Invalid argument");
|
||||
|
||||
LDAPMod *mods[8];
|
||||
int i = -1;
|
||||
int ret = 0;
|
||||
|
||||
char cn[17];
|
||||
snprintf(cn, sizeof(cn), "%%%s", group);
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "objectClass";
|
||||
char *objectClasses[] = { "top", "sudoRole", NULL };
|
||||
mods[i]->mod_values = objectClasses;
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "cn";
|
||||
char *uids[] = { cn, NULL };
|
||||
mods[i]->mod_values = uids;
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "sudoUser";
|
||||
char *sudouser[] = { cn, NULL };
|
||||
mods[i]->mod_values = sudouser;
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "sudoHost";
|
||||
char *sudohost[] = { "ALL", NULL };
|
||||
mods[i]->mod_values = sudohost;
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "sudoCommand";
|
||||
char *sudocommand[] = { "ALL", NULL };
|
||||
mods[i]->mod_values = sudocommand;
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "sudoOption";
|
||||
char *sudooption[] = { "!authenticate", NULL };
|
||||
mods[i]->mod_values = sudooption;
|
||||
|
||||
mods[++i] = xmalloc(sizeof(LDAPMod));
|
||||
mods[i]->mod_op = LDAP_MOD_ADD;
|
||||
mods[i]->mod_type = "sudoRunAs";
|
||||
char *sudorunas[] = { group, NULL };
|
||||
mods[i]->mod_values = sudorunas;
|
||||
|
||||
char dn[1024];
|
||||
snprintf(dn, sizeof(dn), "cn=%%%s,%s", group, basedn);
|
||||
|
||||
mods[++i] = NULL;
|
||||
|
||||
if (ldap_add_s(ld, dn, mods) != LDAP_SUCCESS) {
|
||||
ldap_err("addgroup");
|
||||
ret = -1;
|
||||
}
|
||||
|
||||
i = 0;
|
||||
while (mods[i])
|
||||
free(mods[i++]);
|
||||
|
||||
return ret;
|
||||
}
|
||||
|
||||
int ceo_add_user(char *uid, char *basedn, char *objclass, char *cn, char *home, char *shell, int no, ...) {
|
||||
va_list args;
|
||||
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
int ceo_add_user(char *, char *, char *, char *, char *, char *, int, ...);
|
||||
int ceo_add_group(char *, char *, int);
|
||||
int ceo_add_group_sudo(char *, char *);
|
||||
int ceo_new_uid(int, int);
|
||||
|
||||
void ceo_ldap_init();
|
||||
|
|
|
|||
Loading…
Reference in New Issue