providers/ad/ad_gpo.h

60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley/*
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    SSSD
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    Authors:
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley        Yassir Elley <yelley@redhat.com>
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    Copyright (C) 2013 Red Hat
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    This program is free software; you can redistribute it and/or modify
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    it under the terms of the GNU General Public License as published by
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    the Free Software Foundation; either version 3 of the License, or
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    (at your option) any later version.
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    This program is distributed in the hope that it will be useful,
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    but WITHOUT ANY WARRANTY; without even the implied warranty of
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    GNU General Public License for more details.
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    You should have received a copy of the GNU General Public License
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley    along with this program.  If not, see <http://www.gnu.org/licenses/>.
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley*/
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley#ifndef AD_GPO_H_
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley#define AD_GPO_H_
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
f00a61b6079d8de81432077a59daf015d85800d2Jakub Hrozek#include "providers/ad/ad_access.h"
f00a61b6079d8de81432077a59daf015d85800d2Jakub Hrozek
f00a61b6079d8de81432077a59daf015d85800d2Jakub Hrozek#define AD_GPO_CHILD_OUT_FILENO 3
f00a61b6079d8de81432077a59daf015d85800d2Jakub Hrozek
31bafc0d6384a30859aa18f3bd22275aec6ee2edStephen Gallagher#define AD_GPO_ATTRS {AD_AT_NT_SEC_DESC, \
31bafc0d6384a30859aa18f3bd22275aec6ee2edStephen Gallagher                      AD_AT_CN, AD_AT_FILE_SYS_PATH, \
31bafc0d6384a30859aa18f3bd22275aec6ee2edStephen Gallagher                      AD_AT_MACHINE_EXT_NAMES, \
31bafc0d6384a30859aa18f3bd22275aec6ee2edStephen Gallagher                      AD_AT_FUNC_VERSION, \
31bafc0d6384a30859aa18f3bd22275aec6ee2edStephen Gallagher                      AD_AT_FLAGS, \
31bafc0d6384a30859aa18f3bd22275aec6ee2edStephen Gallagher                      NULL}
31bafc0d6384a30859aa18f3bd22275aec6ee2edStephen Gallagher
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley/*
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * This pair of functions provides client-side GPO processing.
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley *
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * While a GPO can target both user and computer objects, this
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * implementation only supports targetting of computer objects.
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley *
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * A GPO overview is at https://fedorahosted.org/sssd/wiki/GpoOverview
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley *
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * In summary, client-side processing involves:
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - determining the target's DN
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - extracting the SOM object DNs (i.e. OUs and Domain) from target's DN
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - including the target's Site as another SOM object
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - determining which GPOs apply to the target's SOMs
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - prioritizing GPOs based on SOM, link order, and whether GPO is "enforced"
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - retrieving the corresponding GPO objects
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - sending the GPO DNs to the CSE processing engine for policy application
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley * - policy application currently consists of HBAC-like functionality
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley */
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elleystruct tevent_req *
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elleyad_gpo_access_send(TALLOC_CTX *mem_ctx,
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley                   struct tevent_context *ev,
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley                   struct sss_domain_info *domain,
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley                   struct ad_access_ctx *ctx,
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley                   const char *user,
a8356a0c98ee44e7256bb1c7767159c70e1fc218Yassir Elley                   const char *service);
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elleyerrno_t ad_gpo_access_recv(struct tevent_req *req);
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley
60cab26b12df9a2153823972cde0c38ca86e01b9Yassir Elley#endif /* AD_GPO_H_ */