|
|
|
@ -27,8 +27,11 @@ class SudoController extends LDAPController {
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
console.log('[SUDO SEARCH]', req.filter.toString())
|
|
|
|
|
const sudo_hosts = this.parse_sudo_hosts(req.filter)
|
|
|
|
|
console.log('[SUDO HOSTS]', sudo_hosts)
|
|
|
|
|
const iam_targets = await this.get_targets_from_hosts(sudo_hosts)
|
|
|
|
|
console.log('[SUDO IAM]', iam_targets)
|
|
|
|
|
|
|
|
|
|
const iam_targets = this.parse_iam_targets(req.filter)
|
|
|
|
|
if ( req.scope === 'base' ) {
|
|
|
|
|
// If scope is base, check if the base DN matches the filter.
|
|
|
|
|
// If so, return it. Else, return empty.
|
|
|
|
@ -101,18 +104,31 @@ class SudoController extends LDAPController {
|
|
|
|
|
return next()
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
parse_iam_targets(filter, target_ids = []) {
|
|
|
|
|
parse_sudo_hosts(filter, target_hosts = []) {
|
|
|
|
|
if ( Array.isArray(filter?.filters) ) {
|
|
|
|
|
for ( const sub_filter of filter.filters ) {
|
|
|
|
|
target_ids = [...target_ids, ...this.parse_iam_targets(sub_filter)]
|
|
|
|
|
target_hosts = [...target_hosts, ...this.parse_iam_targets(sub_filter)]
|
|
|
|
|
}
|
|
|
|
|
} else if ( filter?.attribute ) {
|
|
|
|
|
if ( filter.attribute === 'iamtarget' ) {
|
|
|
|
|
target_ids.push(filter.value)
|
|
|
|
|
if ( filter.attribute === 'sudohost' ) {
|
|
|
|
|
target_hosts.push(filter.value)
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return target_ids
|
|
|
|
|
return target_hosts
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
async get_targets_from_hosts(sudo_hosts) {
|
|
|
|
|
const Machine = this.models.get('ldap:Machine')
|
|
|
|
|
const machines = await Machine.find({
|
|
|
|
|
active: true,
|
|
|
|
|
ldap_visible: true,
|
|
|
|
|
host_name: {
|
|
|
|
|
$in: sudo_hosts.filter(x => x.toLowerCase() !== 'all' && x.indexOf('*') < 0),
|
|
|
|
|
}
|
|
|
|
|
})
|
|
|
|
|
|
|
|
|
|
return machines.map(x => x.id)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
get_cn_from_dn(dn) {
|
|
|
|
|