diff --git a/app/ldap/controllers/Sudo.controller.js b/app/ldap/controllers/Sudo.controller.js index ff85b63..958e855 100644 --- a/app/ldap/controllers/Sudo.controller.js +++ b/app/ldap/controllers/Sudo.controller.js @@ -27,8 +27,11 @@ class SudoController extends LDAPController { } console.log('[SUDO SEARCH]', req.filter.toString()) + const sudo_hosts = this.parse_sudo_hosts(req.filter) + console.log('[SUDO HOSTS]', sudo_hosts) + const iam_targets = await this.get_targets_from_hosts(sudo_hosts) + console.log('[SUDO IAM]', iam_targets) - const iam_targets = this.parse_iam_targets(req.filter) if ( req.scope === 'base' ) { // If scope is base, check if the base DN matches the filter. // If so, return it. Else, return empty. @@ -101,18 +104,31 @@ class SudoController extends LDAPController { return next() } - parse_iam_targets(filter, target_ids = []) { + parse_sudo_hosts(filter, target_hosts = []) { if ( Array.isArray(filter?.filters) ) { for ( const sub_filter of filter.filters ) { - target_ids = [...target_ids, ...this.parse_iam_targets(sub_filter)] + target_hosts = [...target_hosts, ...this.parse_iam_targets(sub_filter)] } } else if ( filter?.attribute ) { - if ( filter.attribute === 'iamtarget' ) { - target_ids.push(filter.value) + if ( filter.attribute === 'sudohost' ) { + target_hosts.push(filter.value) } } - return target_ids + return target_hosts + } + + async get_targets_from_hosts(sudo_hosts) { + const Machine = this.models.get('ldap:Machine') + const machines = await Machine.find({ + active: true, + ldap_visible: true, + host_name: { + $in: sudo_hosts.filter(x => x.toLowerCase() !== 'all' && x.indexOf('*') < 0), + } + }) + + return machines.map(x => x.id) } get_cn_from_dn(dn) {