providers/ipa/ipa_hbac_private.h

	ipa_hbac_private.h revision 71ad247500b417836a1a2edec257a4433a7c415f
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/*
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    SSSD
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    Authors:
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher        Stephen Gallagher <sgallagh@redhat.com>
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    Copyright (C) 2011 Red Hat
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    This program is free software; you can redistribute it and/or modify
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    it under the terms of the GNU General Public License as published by
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    the Free Software Foundation; either version 3 of the License, or
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    (at your option) any later version.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    This program is distributed in the hope that it will be useful,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    but WITHOUT ANY WARRANTY; without even the implied warranty of
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    GNU General Public License for more details.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    You should have received a copy of the GNU General Public License
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher    along with this program.  If not, see <http://www.gnu.org/licenses/>.
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher*/
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#ifndef IPA_HBAC_PRIVATE_H_
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HBAC_PRIVATE_H_
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#include "providers/ipa/ipa_access.h"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#include "providers/ipa/ipa_hbac.h"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HBAC_RULE "ipaHBACRule"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HOST "ipaHost"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HOSTGROUP "ipaHostGroup"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HBAC_SERVICE "ipaHBACService"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HBAC_SERVICE_GROUP "ipaHBACServiceGroup"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HOST_SERVERHOSTNAME "serverHostName"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HOST_FQDN "fqdn"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_UNIQUE_ID "ipauniqueid"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_MEMBER "member"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define SYSDB_ORIG_MEMBER "orig_member"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define HBAC_HOSTS_SUBDIR "hbac_hosts"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define HBAC_HOSTGROUPS_SUBDIR "hbac_hostgroups"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define OBJECTCLASS "objectclass"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_MEMBEROF "memberOf"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_ACCESS_RULE_TYPE "accessRuleType"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HBAC_ALLOW "allow"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_MEMBER_USER "memberUser"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_USER_CATEGORY "userCategory"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_SERVICE_NAME "serviceName"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_SOURCE_HOST "sourceHost"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_SOURCE_HOST_CATEGORY "sourceHostCategory"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_EXTERNAL_HOST "externalHost"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_ENABLED_FLAG "ipaenabledflag"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_MEMBER_HOST "memberHost"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HOST_CATEGORY "hostCategory"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_CN "cn"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_MEMBER_SERVICE "memberService"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_SERVICE_CATEGORY "serviceCategory"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_TRUE_VALUE "TRUE"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HOST_BASE_TMPL "cn=computers,cn=accounts,%s"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_HBAC_BASE_TMPL "cn=hbac,%s"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define IPA_SERVICES_BASE_TMPL "cn=hbacservices,cn=accounts,%s"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define SYSDB_HBAC_BASE_TMPL "cn=hbac,"SYSDB_TMPL_CUSTOM_BASE
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define HBAC_RULES_SUBDIR "hbac_rules"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define HBAC_SERVICES_SUBDIR "hbac_services"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#define HBAC_SERVICEGROUPS_SUBDIR "hbac_servicegroups"
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/* From ipa_hbac_common.c */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t ipa_hbac_save_list(struct sysdb_ctx *sysdb, bool delete_subdir,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           const char *subdir, struct sss_domain_info *domain,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           const char *naming_attribute, size_t count,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sysdb_attrs **list);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagheripa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                    const char *primary_subdir, const char *attr_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                    size_t primary_count, struct sysdb_attrs **primary,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                    const char *group_subdir, const char *groupattr_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                    size_t group_count, struct sysdb_attrs **groups);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherreplace_attribute_name(const char *old_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                       const char *new_name, const size_t count,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                       struct sysdb_attrs **list);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t hbac_ctx_to_rules(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                          struct hbac_ctx *hbac_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                          struct hbac_rule ***rules,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                          struct hbac_eval_req **request);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_get_category(struct sysdb_attrs *attrs,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                  const char *category_attr,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                  uint32_t *_categories);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/* From ipa_hbac_hosts.c */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstruct tevent_req *
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagheripa_hbac_host_info_send(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct tevent_context *ev,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct sdap_handle *sh,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct sdap_options *opts,
6fb75e297bf7fc83e3db1f5ae8560624656ef319Jan Zeleny                        bool support_srchost,
6fb75e297bf7fc83e3db1f5ae8560624656ef319Jan Zeleny                        const char *hostname,
c935271de3b99d35112e0faf854cbfa9dfaa104aJan Zeleny                        struct sdap_search_base **search_bases);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagheripa_hbac_host_info_recv(struct tevent_req *req,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        size_t *host_count,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct sysdb_attrs ***hosts,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        size_t *hostgroup_count,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct sysdb_attrs ***hostgroups);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         const char *rule_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         struct sysdb_attrs *rule_attrs,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         struct hbac_rule_element **thosts);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         const char *rule_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         struct sysdb_attrs *rule_attrs,
6fb75e297bf7fc83e3db1f5ae8560624656ef319Jan Zeleny                         bool support_srchost,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                         struct hbac_rule_element **source_hosts);
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallaghererrno_t
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagherget_ipa_hostgroupname(TALLOC_CTX *mem_ctx,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher                      struct sysdb_ctx *sysdb,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher                      const char *host_dn,
c1fcc832ccfc237caac8b99be238cf2d598f908cStephen Gallagher                      char **hostgroupname);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/* From ipa_hbac_services.c */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherstruct tevent_req *
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagheripa_hbac_service_info_send(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct tevent_context *ev,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sdap_handle *sh,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sdap_options *opts,
71ad247500b417836a1a2edec257a4433a7c415fJan Zeleny                           struct sdap_search_base **search_bases);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagheripa_hbac_service_info_recv(struct tevent_req *req,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           size_t *service_count,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sysdb_attrs ***services,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           size_t *servicegroup_count,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sysdb_attrs ***servicegroups);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           const char *rule_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct sysdb_attrs *rule_attrs,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                           struct hbac_rule_element **services);
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallaghererrno_t
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagherget_ipa_servicegroupname(TALLOC_CTX *mem_ctx,
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher                         struct sysdb_ctx *sysdb,
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher                         const char *service_dn,
f5e22261a2ff95f2a61f4f199fffb8de79668110Stephen Gallagher                         char **servicename);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher/* From ipa_hbac_users.c */
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherhbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        const char *rule_name,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct sysdb_attrs *rule_attrs,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                        struct hbac_rule_element **users);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallaghererrno_t
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagherget_ipa_groupname(TALLOC_CTX *mem_ctx,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                  struct sysdb_ctx *sysdb,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                  const char *group_dn,
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher                  const char **groupname);
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher
e134a6af42102c8d865e82bf89e0b8c5a40fb5faStephen Gallagher#endif /* IPA_HBAC_PRIVATE_H_ */