providers/ipa/ipa_hbac_private.h

	ipa_hbac_private.h revision 044868b388b4e47499f12a9105310b247bbe1ce2
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/*
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    SSSD
fd9abdda70912b99b24e3bf1a38f26fde908a74cnd
fd9abdda70912b99b24e3bf1a38f26fde908a74cnd    Authors:
fd9abdda70912b99b24e3bf1a38f26fde908a74cnd        Stephen Gallagher <sgallagh@redhat.com>
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    Copyright (C) 2011 Red Hat
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    This program is free software; you can redistribute it and/or modify
96ad5d81ee4a2cc66a4ae19893efc8aa6d06fae7jailletc    it under the terms of the GNU General Public License as published by
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    the Free Software Foundation; either version 3 of the License, or
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    (at your option) any later version.
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen
2e545ce2450a9953665f701bb05350f0d3f26275nd    This program is distributed in the hope that it will be useful,
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen    but WITHOUT ANY WARRANTY; without even the implied warranty of
d29d9ab4614ff992b0e8de6e2b88d52b6f1f153erbowen    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    GNU General Public License for more details.
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor    You should have received a copy of the GNU General Public License
af33a4994ae2ff15bc67d19ff1a7feb906745bf8rbowen    along with this program.  If not, see <http://www.gnu.org/licenses/>.
3f08db06526d6901aa08c110b5bc7dde6bc39905nd*/
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#ifndef IPA_HBAC_PRIVATE_H_
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_HBAC_PRIVATE_H_
3f08db06526d6901aa08c110b5bc7dde6bc39905nd
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include "providers/ipa/ipa_access.h"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#include "providers/ipa/ipa_hbac.h"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_HBAC_RULE "ipaHBACRule"
f086b4b402fa9a2fefc7dda85de2a3cc1cd0a654rjung
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_HBAC_SERVICE "ipaHBACService"
4a56677aad9b66a36f3dc9fddbca8dc1230ad471rbowen#define IPA_HBAC_SERVICE_GROUP "ipaHBACServiceGroup"
4a56677aad9b66a36f3dc9fddbca8dc1230ad471rbowen
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_UNIQUE_ID "ipauniqueid"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_MEMBER "member"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define HBAC_HOSTS_SUBDIR "hbac_hosts"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define HBAC_HOSTGROUPS_SUBDIR "hbac_hostgroups"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define OBJECTCLASS "objectclass"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_MEMBEROF "memberOf"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_ACCESS_RULE_TYPE "accessRuleType"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_HBAC_ALLOW "allow"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_MEMBER_USER "memberUser"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_USER_CATEGORY "userCategory"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_SERVICE_NAME "serviceName"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define IPA_SOURCE_HOST "sourceHost"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define IPA_SOURCE_HOST_CATEGORY "sourceHostCategory"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define IPA_EXTERNAL_HOST "externalHost"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define IPA_ENABLED_FLAG "ipaenabledflag"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define IPA_MEMBER_HOST "memberHost"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_HOST_CATEGORY "hostCategory"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_CN "cn"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_MEMBER_SERVICE "memberService"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_SERVICE_CATEGORY "serviceCategory"
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#define IPA_TRUE_VALUE "TRUE"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define IPA_HBAC_BASE_TMPL "cn=hbac,%s"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define IPA_SERVICES_BASE_TMPL "cn=hbacservices,cn=accounts,%s"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define SYSDB_HBAC_BASE_TMPL "cn=hbac,"SYSDB_TMPL_CUSTOM_BASE
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define HBAC_RULES_SUBDIR "hbac_rules"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define HBAC_SERVICES_SUBDIR "hbac_services"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar#define HBAC_SERVICEGROUPS_SUBDIR "hbac_servicegroups"
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar/* From ipa_hbac_common.c */
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t ipa_hbac_save_list(struct sysdb_ctx *sysdb, bool delete_subdir,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           const char *subdir, struct sss_domain_info *domain,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           const char *naming_attribute, size_t count,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sysdb_attrs **list);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coaripa_hbac_sysdb_save(struct sysdb_ctx *sysdb, struct sss_domain_info *domain,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                    const char *primary_subdir, const char *attr_name,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                    size_t primary_count, struct sysdb_attrs **primary,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                    const char *group_subdir, const char *groupattr_name,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                    size_t group_count, struct sysdb_attrs **groups);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarreplace_attribute_name(const char *old_name,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                       const char *new_name, const size_t count,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                       struct sysdb_attrs **list);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t hbac_ctx_to_rules(TALLOC_CTX *mem_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                          struct hbac_ctx *hbac_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                          struct hbac_rule ***rules,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                          struct hbac_eval_req **request);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarhbac_get_category(struct sysdb_attrs *attrs,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                  const char *category_attr,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                  uint32_t *_categories);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarhbac_thost_attrs_to_rule(TALLOC_CTX *mem_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct sysdb_ctx *sysdb,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct sss_domain_info *domain,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         const char *rule_name,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct sysdb_attrs *rule_attrs,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct hbac_rule_element **thosts);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarhbac_shost_attrs_to_rule(TALLOC_CTX *mem_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct sysdb_ctx *sysdb,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct sss_domain_info *domain,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         const char *rule_name,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct sysdb_attrs *rule_attrs,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         bool support_srchost,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                         struct hbac_rule_element **source_hosts);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarget_ipa_hostgroupname(TALLOC_CTX *mem_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                      struct sysdb_ctx *sysdb,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                      const char *host_dn,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                      char **hostgroupname);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar/* From ipa_hbac_services.c */
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarstruct tevent_req *
1f1b6bf13313fdd14a45e52e553d3ff28689b717coaripa_hbac_service_info_send(TALLOC_CTX *mem_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct tevent_context *ev,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sysdb_ctx *sysdb,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sdap_handle *sh,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sdap_options *opts,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sdap_search_base **search_bases);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coaripa_hbac_service_info_recv(struct tevent_req *req,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           TALLOC_CTX *mem_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           size_t *service_count,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sysdb_attrs ***services,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           size_t *servicegroup_count,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sysdb_attrs ***servicegroups);
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarerrno_t
1f1b6bf13313fdd14a45e52e553d3ff28689b717coarhbac_service_attrs_to_rule(TALLOC_CTX *mem_ctx,
1f1b6bf13313fdd14a45e52e553d3ff28689b717coar                           struct sysdb_ctx *sysdb,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                           struct sss_domain_info *domain,
e3e52ec6993de04bb0100e098ce0a569c7001382lgentis                           const char *rule_name,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                           struct sysdb_attrs *rule_attrs,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                           struct hbac_rule_element **services);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorerrno_t
74cf8f0d4cee60d3d193fd261b4ff0353ed7c673lgentisget_ipa_servicegroupname(TALLOC_CTX *mem_ctx,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                         struct sysdb_ctx *sysdb,
fed47023e9be04c612b5f6d4a5ee2b8e7c587181rbowen                         const char *service_dn,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                         char **servicename);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor/* From ipa_hbac_users.c */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorerrno_t
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorhbac_user_attrs_to_rule(TALLOC_CTX *mem_ctx,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                        struct sysdb_ctx *sysdb,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                        struct sss_domain_info *domain,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                        const char *rule_name,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                        struct sysdb_attrs *rule_attrs,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                        struct hbac_rule_element **users);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorerrno_t
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzorget_ipa_groupname(TALLOC_CTX *mem_ctx,
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor                  struct sysdb_ctx *sysdb,
20f499565e77defe9dab24dd85c02f38a1175855nd                  const char *group_dn,
d5d58e8346ef3553dfd7d5f51078a9b268729b3frbowen                  const char **groupname);
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor#endif /* IPA_HBAC_PRIVATE_H_ */
cc8190433d13f5e9de618c5d7f10c824c0c1919cgryzor