src/db/sysdb_sudo.h

	sysdb_sudo.h revision 7c30e60c525ea798aaab142766ff00eef4b5df3b
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek/*
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    Authors:
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek        Jakub Hrozek <jhrozek@redhat.com>
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    Copyright (C) 2011 Red Hat
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    This program is free software; you can redistribute it and/or modify
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    it under the terms of the GNU General Public License as published by
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    the Free Software Foundation; either version 3 of the License, or
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    (at your option) any later version.
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    This program is distributed in the hope that it will be useful,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    but WITHOUT ANY WARRANTY; without even the implied warranty of
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    GNU General Public License for more details.
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    You should have received a copy of the GNU General Public License
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek    along with this program.  If not, see <http://www.gnu.org/licenses/>.
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek*/
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#ifndef _SYSDB_SUDO_H_
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define _SYSDB_SUDO_H_
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#include "db/sysdb.h"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek/* subdirs in cn=custom in sysdb. We don't store sudo stuff in sysdb directly
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek * b/c it's not name-service-switch data */
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SUDORULE_SUBDIR "sudorules"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
1a542b3698d8c42cf075b722f8838f106eb09fccPavel Březina/* attribute of SUDORULE_SUBDIR
1a542b3698d8c42cf075b722f8838f106eb09fccPavel Březina * should be true if we have downloaded all rules atleast once */
1a542b3698d8c42cf075b722f8838f106eb09fccPavel Březina#define SYSDB_SUDO_AT_REFRESHED      "refreshed"
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina#define SYSDB_SUDO_AT_LAST_FULL_REFRESH "sudoLastFullRefreshTime"
1a542b3698d8c42cf075b722f8838f106eb09fccPavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek/* sysdb attributes */
fb4e4c4eb6a6dc732370584f70d23dd4a2c5c7b6Pavel Březina#define SYSDB_SUDO_CACHE_OC            "sudoRule"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_CN         "cn"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_USER       "sudoUser"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_HOST       "sudoHost"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_COMMAND    "sudoCommand"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_OPTION     "sudoOption"
7c30e60c525ea798aaab142766ff00eef4b5df3bPavel Březina#define SYSDB_SUDO_CACHE_AT_RUNAS      "sudoRunAs"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_RUNASUSER  "sudoRunAsUser"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_RUNASGROUP "sudoRunAsGroup"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_NOTBEFORE  "sudoNotBefore"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_NOTAFTER   "sudoNotAfter"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_CACHE_AT_ORDER      "sudoOrder"
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek/* When constructing a sysdb filter, OR these values to include..   */
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#define SYSDB_SUDO_FILTER_NONE           0x00       /* no additional filter */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina#define SYSDB_SUDO_FILTER_USERNAME       0x01       /* username             */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina#define SYSDB_SUDO_FILTER_UID            0x02       /* uid                  */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina#define SYSDB_SUDO_FILTER_GROUPS         0x04       /* groups               */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina#define SYSDB_SUDO_FILTER_NGRS           0x08       /* netgroups            */
f7af8c5b369938725e47585c641ae5b017d442a1Pavel Březina#define SYSDB_SUDO_FILTER_ONLY_EXPIRED   0x10       /* only expired         */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina#define SYSDB_SUDO_FILTER_INCLUDE_ALL    0x20       /* ALL                  */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina#define SYSDB_SUDO_FILTER_INCLUDE_DFL    0x40       /* include cn=default   */
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina#define SYSDB_SUDO_FILTER_USERINFO       SYSDB_SUDO_FILTER_USERNAME \
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina                                       | SYSDB_SUDO_FILTER_UID \
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina                                       | SYSDB_SUDO_FILTER_GROUPS \
f6171b2bc954a367f316853ab71090eb213bdee3Pavel Březina                                       | SYSDB_SUDO_FILTER_NGRS
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březinaerrno_t sysdb_sudo_filter_rules_by_time(TALLOC_CTX *mem_ctx,
5ff1c3c5a12930692cb6284d14f7fda3a974af8ePavel Březina                                        uint32_t in_num_rules,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina                                        struct sysdb_attrs **in_rules,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina                                        time_t now,
5ff1c3c5a12930692cb6284d14f7fda3a974af8ePavel Březina                                        uint32_t *_num_rules,
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina                                        struct sysdb_attrs ***_rules);
c9aab1c04c399ca2d1abef74f6df22ced34983dcPavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekerrno_t
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozeksysdb_get_sudo_filter(TALLOC_CTX *mem_ctx, const char *username,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek                      uid_t uid, char **groupnames, unsigned int flags,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek                      char **_filter);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekerrno_t
6a31a971a376a992afb838fe60b311360c970267Jakub Hrozeksysdb_get_sudo_user_info(TALLOC_CTX *mem_ctx,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce                         struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce                         const char *username, uid_t *_uid,
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek                         char ***groupnames);
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozekerrno_t
6a31a971a376a992afb838fe60b311360c970267Jakub Hrozeksysdb_save_sudorule(struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce                    const char *rule_name,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce                    struct sysdb_attrs *attrs);
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce
6a31a971a376a992afb838fe60b311360c970267Jakub Hrozekerrno_t sysdb_sudo_set_last_full_refresh(struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce                                         time_t value);
6a31a971a376a992afb838fe60b311360c970267Jakub Hrozekerrno_t sysdb_sudo_get_last_full_refresh(struct sss_domain_info *domain,
b0fa48b0d612b46a86e45f8e4b5d9feae9784c2bSimo Sorce                                         time_t *value);
44749ce0c1fee9babee80060fa0db99eebb2ab51Pavel Březina
6a31a971a376a992afb838fe60b311360c970267Jakub Hrozekerrno_t sysdb_sudo_purge_byname(struct sss_domain_info *domain,
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina                                const char *name);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
6a31a971a376a992afb838fe60b311360c970267Jakub Hrozekerrno_t sysdb_sudo_purge_byfilter(struct sss_domain_info *domain,
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina                                  const char *filter);
f5d4b05027acce06e3509ecb68869d1c7ef37180Pavel Březina
3f98cdc011bb4e8cd22c088f288b0bcdb6452492Jakub Hrozek#endif /* _SYSDB_SUDO_H_ */