sss_client/sudo/sss_sudo.h

6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina/*
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    Authors:
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina        Pavel Březina <pbrezina@redhat.com>
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    Copyright (C) 2011 Red Hat
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    This program is free software; you can redistribute it and/or modify
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    it under the terms of the GNU General Public License as published by
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    the Free Software Foundation; either version 3 of the License, or
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    (at your option) any later version.
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    This program is distributed in the hope that it will be useful,
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    but WITHOUT ANY WARRANTY; without even the implied warranty of
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    GNU General Public License for more details.
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    You should have received a copy of the GNU General Public License
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    along with this program.  If not, see <http://www.gnu.org/licenses/>.
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina*/
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina#ifndef SSS_SUDO_H_
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina#define SSS_SUDO_H_
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @defgroup libsss_sudo A library for communication between SUDO and SSSD
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * libsss_sudo provides a mechanism to for a SUDO plugin
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * to communicate with the sudo responder of SSSD.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @{
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina#include <stdint.h>
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina#include <sys/types.h>
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/** The value returned when the communication with SUDO is successful and
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *  the user was found in one of the domains
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina#define SSS_SUDO_ERROR_OK   0
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
080e1bfb72ed0e8d96e390d83ad35eaba79bd450René Genz * Component of an sss_rule structure. The component
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * has exactly one name and one or more values.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březinastruct sss_sudo_attr {
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek    /** The attribute name */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    char *name;
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek    /** A string array that contains all the attribute values */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    char **values;
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek    /** The number of values the attribute contains.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     * Attributes are multivalued in general.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    unsigned int num_values;
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina};
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * One sudo rule. The rule consists of one or more
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * attributes of sss_attr type
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březinastruct sss_sudo_rule {
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek    /** The number of attributes in the rule */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    unsigned int num_attrs;
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek    /** List of rule attributes */
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březina    struct sss_sudo_attr *attrs;
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina};
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * A result object returned from SSSD.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * The result consists of zero or more sss_rule elements.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březinastruct sss_sudo_result {
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek    /**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     * The number of rules for the user
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     * In case the user exists in one of SSSD domains
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     * but no rules match for him, the num_rules element
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     * is 0.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek     */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina    unsigned int num_rules;
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek    /** List of rules found */
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březina    struct sss_sudo_rule *rules;
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina};
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
a02a5ed51178b2cbede0396d66aed716b8898096René Genz * @brief Send a request to SSSD to retrieve all SUDO rules for a given
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * user.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
a02a5ed51178b2cbede0396d66aed716b8898096René Genz * @param[in] uid         The uid of the user to retrieve the rules for.
a02a5ed51178b2cbede0396d66aed716b8898096René Genz * @param[in] username    The username to retrieve the rules for
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina * @param[in] domainname  The domain name the user is a member of.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @param[out] _error     The result of the search in SSSD's domains. If the
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        user was present in the domain, the _error code is
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        SSS_SUDO_ERROR_OK and the _result structure is
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        returned even if it was empty (in other words
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        _result->num_rules == 0). Other problems are returned
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        as errno codes. Most prominently these are ENOENT
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        (the user was not found with SSSD), EIO (SSSD
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        encountered an internal problem) and EINVAL
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        (malformed query).
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @param[out] _result    Newly allocated structure sss_result that contains
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        the rules for the user. If no rules were found but
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        the user was valid, this structure is "empty", which
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        means that the num_rules member is 0.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina * @return 0 on success and other errno values on failure. The return value
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina *         denotes whether communication with SSSD was successful. It does not
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina *         tell whether the result contains any rules or whether SSSD knew the
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina *         user at all. That information is transferred in the _error parameter.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březinaint sss_sudo_send_recv(uid_t uid,
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina                       const char *username,
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina                       const char *domainname,
f643754db81eeade60485bbe3d80324d889cc4f3Pavel Březina                       uint32_t *_error,
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březina                       struct sss_sudo_result **_result);
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @brief Send a request to SSSD to retrieve the default options, commonly
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * stored in the "cn=defaults" record,
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
a02a5ed51178b2cbede0396d66aed716b8898096René Genz * @param[in] uid          The uid of the user to retrieve the rules for.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
a02a5ed51178b2cbede0396d66aed716b8898096René Genz * @param[in] username     The username to retrieve the rules for.
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina * @param[out] _error      The result of the search in SSSD's domains. If the
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         options were present in the domain, the _error code
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         is SSS_SUDO_ERROR_OK and the _result structure is
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         returned even if it was empty (in other words
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         _result->num_rules == 0). Other problems are returned
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         as errno codes.
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina * @param[out] _domainname The domain name the user is a member of.
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina * @param[out] _result     Newly allocated structure sss_result that contains
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         the options. If no options were found this structure
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         is "empty", which means that the num_rules member
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *                         is 0.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina * @return 0 on success and other errno values on failure. The return value
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina *         denotes whether communication with SSSD was successful. It does not
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina *         tell whether the result contains any rules or whether SSSD knew the
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina *         user at all. That information is transferred in the _error parameter.
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina *
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina * @note   The _domainname should be freed using free().
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březinaint sss_sudo_send_recv_defaults(uid_t uid,
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina                                const char *username,
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina                                uint32_t *_error,
46d3d2c731e8c7e138462e5b60a39a279dc77d81Pavel Březina                                char **_domainname,
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březina                                struct sss_sudo_result **_result);
9c6b680e55e00642bc3e644fd63e18e6c09ff110Pavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @brief Free the sss_result structure returned by sss_sudo_send_recv
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @param[in] result    The sss_result structure to free. The structure was
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                      previously returned by sss_sudo_get_values().
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březinavoid sss_sudo_free_result(struct sss_sudo_result *result);
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
080e1bfb72ed0e8d96e390d83ad35eaba79bd450René Genz * @brief Get all values for a given attribute in an sss_rule
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @param[in] e           The sss_rule to get values from
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @param[in] attrname    The name of the attribute to query from the rule
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @param[out] values     A newly allocated list of values the attribute has in
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        rule. On success, this parameter is an array of
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        NULL-terminated strings, the last element is a NULL
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        pointer. On failure (including when the attribute is
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                        not found), the pointer address is not changed.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
60a729bfa2aee7529a0c9a276057a47a80381994Pavel Březina * @return 0 on success, ENOENT in case the attribute is not found and other
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * errno values on failure.
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @note the returned values should be freed using sss_sudo_free_values()
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
968e2bc3bb28458b25c3b19868ea50f0325d8b0aPavel Březinaint sss_sudo_get_values(struct sss_sudo_rule *e,
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina                        const char *attrname,
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina                        char ***values);
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @brief Free the values returned by sss_sudo_get_values
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @param[in] values    The list of values to free. The values were previously
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek *                      returned by sss_sudo_get_values()
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březinavoid sss_sudo_free_values(char **values);
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek/**
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek * @}
f660877b38e563c4aa0cb1431624069808873fecJakub Hrozek */
6f701a4dc295ddc997ba5190a3cd72d948d799dcPavel Březina#endif /* SSS_SUDO_H_ */