summaryrefslogtreecommitdiff
path: root/src/providers/ipa/ipa_access.c
AgeCommit message (Collapse)AuthorFilesLines
2013-01-21Add be_req_get_data() helper funciton.Simo Sorce1-3/+3
In preparation for making struct be_req opaque.
2013-01-21Add be_req_get_be_ctx() helper.Simo Sorce1-20/+22
In preparation for making be_req opaque
2013-01-21Introduce be_req_terminate() helperSimo Sorce1-6/+6
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Remove domain from be_req structureSimo Sorce1-2/+2
2013-01-21Pass domain not be_req to access check functionsSimo Sorce1-1/+1
2013-01-21Move hbac_ctx_is_offline()Simo Sorce1-0/+6
2013-01-21Remove hbac_ctx_sdap_id_[ctx|op]()Simo Sorce1-6/+6
2013-01-21Remove hbac_ctx_ev()Simo Sorce1-3/+3
2013-01-21Remove hbac_ctx_be()Simo Sorce1-3/+2
2013-01-21Remove sysdb argument from hbac_get_cached_rules()Simo Sorce1-4/+2
2013-01-21Remove sysdb arg from [ipa_]hbac_sysdb_save()Simo Sorce1-9/+8
Also make ipa_hbac_save_list() static
2013-01-21Remove sysdb arg from ipa_hbac_service_info_send()Simo Sorce1-1/+0
2013-01-21Remove sysdb argument from ipa_host_info_send()Simo Sorce1-1/+0
2013-01-15Add domain argument to sysdb_search_custom()Simo Sorce1-1/+3
Also changes sysdb_search_custom_by_name()
2013-01-15Make sysdb_custom_subtree_dn() require a domain.Simo Sorce1-1/+1
2012-11-19Do not save HBAC rules in subdomain subtreeSumit Bose1-10/+0
Currently the sysdb context is pointed to the subdomain subtree containing user the user to be checked at the beginning of a HBAC request. As a result all HBAC rules and related data is save in the subdomain tree as well. But since the HBAC rules of the configured domain apply to all users it is sufficient to save them once in the subtree of the configured domain. Since most of the sysdb operations during a HBAC request are related to the HBAC rules and related data this patch does not change the default sysdb context but only create a special context to look up subdomain users.
2012-09-24SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek1-1/+0
The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
2012-08-23Unify usage of sysdb transactionsMichal Zidek1-1/+2
Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
2012-07-31Modify hbac_get_cached_rules() so it can be used outside of HBAC codeJan Zeleny1-14/+17
2012-07-02IPA: Don't hang onto memory longer than necessaryStephen Gallagher1-0/+1
This request and attached memory would be freed at the end of access-check processing, but it's a waste to keep it around.
2012-04-24Detect subdomain request in IPA access providerJan Zeleny1-0/+10
2012-04-24Accept be_req instead if be_ctx in LDAP access providerJan Zeleny1-1/+1
2012-03-12IPA: Initialize hbac_ctx to NULLStephen Gallagher1-1/+1
2012-03-09IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher1-0/+56
https://fedorahosted.org/sssd/ticket/1227
2012-02-24IPA hosts refactoringJan Zeleny1-18/+6
2012-02-07IPA: Add host info handlerJan Cholasta1-1/+1
2012-02-06Separate the host-retrieval code from IPA HBAC to common IPA codeJan Zeleny1-16/+40
2012-02-06Implemented support for multiple search bases in HBAC rules and servicesJan Zeleny1-29/+5
2012-01-14Support multiple search bases in HBACJan Zeleny1-1/+1
2011-12-16Export the function to convert ldb_result to sysdb_attrsJakub Hrozek1-1/+1
It will be reused later in the sudo responder
2011-11-29Add ipa_hbac_support_srchost option to IPA providerJan Zeleny1-0/+4
don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
2011-11-22Cleanup: Remove unused parametersJakub Hrozek1-4/+0
2011-09-28IPA access: hostname comparison should be case-insensitiveJakub Hrozek1-1/+1
2011-08-15sysdb refactoring: memory context deletedJan Zeleny1-1/+1
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-2/+1
The patch also updates code using modified functions. Tests have also been adjusted.
2011-07-29Fix memory leak in ipa_hbac_evaluate_rulesStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/933
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher1-1/+10
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher1-0/+16
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-07-08Add new HBAC lookup and evaluation routinesStephen Gallagher1-124/+380
2011-07-08Remove old HBAC implementationStephen Gallagher1-1585/+0
2011-02-28Use realm for basedn instead of IPA domainJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/807
2011-01-19Add ipa_hbac_search_base config optionSumit Bose1-52/+39
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose1-3/+3
2011-01-17Add timeout parameter to sdap_get_generic_send()Sumit Bose1-22/+31
2010-12-17Fix uninitialized value error in set_local_and_remote_host_infoStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/725
2010-12-17Fix unsafe return condition in ipa_access_handlerStephen Gallagher1-1/+6
https://fedorahosted.org/sssd/ticket/718
2010-12-08Remove IPA_ACCESS_TIME defineStephen Gallagher1-13/+11
2010-12-08Remove check_access_time() from IPA access providerSumit Bose1-63/+0
It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too.
2010-11-19Use a more efficient host search filterSumit Bose1-5/+6
2010-11-15Sanitize sysdb search filters in the IPA providerStephen Gallagher1-2/+17
generated by cgit (git 2.34.1) at 2024-11-16 02:19:41 +0000