summaryrefslogtreecommitdiff
path: root/src/providers/ipa/ipa_access.c
AgeCommit message (Collapse)AuthorFilesLines
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher1-1/+10
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher1-0/+16
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-07-08Add new HBAC lookup and evaluation routinesStephen Gallagher1-124/+380
2011-07-08Remove old HBAC implementationStephen Gallagher1-1585/+0
2011-02-28Use realm for basedn instead of IPA domainJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/807
2011-01-19Add ipa_hbac_search_base config optionSumit Bose1-52/+39
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose1-3/+3
2011-01-17Add timeout parameter to sdap_get_generic_send()Sumit Bose1-22/+31
2010-12-17Fix uninitialized value error in set_local_and_remote_host_infoStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/725
2010-12-17Fix unsafe return condition in ipa_access_handlerStephen Gallagher1-1/+6
https://fedorahosted.org/sssd/ticket/718
2010-12-08Remove IPA_ACCESS_TIME defineStephen Gallagher1-13/+11
2010-12-08Remove check_access_time() from IPA access providerSumit Bose1-63/+0
It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too.
2010-11-19Use a more efficient host search filterSumit Bose1-5/+6
2010-11-15Sanitize sysdb search filters in the IPA providerStephen Gallagher1-2/+17
2010-10-22Download only enabled IPA HBAC rulesSumit Bose1-1/+3
2010-09-23Save all data to sysdb in one transactionSumit Bose1-222/+131
2010-09-23Handle host objects like other objectsSumit Bose1-128/+181
2010-09-07Cleaned some dead assignmentsJan Zeleny1-14/+12
Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582
2010-07-23Fix IPA access backend handling of obsolete and missing HBAC entries:eindenbom1-9/+68
- Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR.
2010-07-23Do not treat missing HBAC rules as an errorSumit Bose1-0/+5
2010-07-09Use new LDAP connection framework in IPA access backend.eindenbom1-304/+264
2010-06-02Unify sdap and sysdb data handlingSumit Bose1-85/+104
2010-06-02Compare full service nameSumit Bose1-1/+2
2010-06-02Remove service groupsSumit Bose1-191/+7
Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore.
2010-06-02Use new schema for HBAC service checksSumit Bose1-21/+637
2010-06-02Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el()Sumit Bose1-23/+12
sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT.
2010-05-27Check ipaEnabledFlagSumit Bose1-5/+23
2010-05-16Don't report a fatal error for an HBAC denialStephen Gallagher1-1/+1
2010-05-07Compare the full service nameSumit Bose1-1/+2
2010-05-03Fix a wrong return value in IPA HBACSumit Bose1-2/+2
2010-05-03Better handle sdap_handle memory from callers.Simo Sorce1-8/+0
Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
2010-04-12sysdb: remove remaining traces of sysdb_handleSimo Sorce1-4/+0
2010-04-12Remove remaining use of sysdb_transaction_sendSimo Sorce1-69/+25
2010-04-12sysdb: convert sysdb_asq_searchSimo Sorce1-150/+69
2010-04-12sysdb: convert sysdb_store_customSimo Sorce1-113/+35
2010-04-12sysdb: convert sysdb_search_customSimo Sorce1-42/+60
2010-04-12sysdb: convert sysdb_search_user_by_name/uidSimo Sorce1-61/+14
2010-04-12sysdb: convert sysdb_search_entry and sysdb_delete_recursiveSimo Sorce1-25/+5
2010-03-25Fix LDAP search paths for IPA HBACSumit Bose1-15/+20
- use domain_to_basedn() to construct LDAP search paths for IPA HBAC - move domain_to_basedn() to a separate file to simplify the build of a test
2010-02-18Rename server/ directory to src/Stephen Gallagher1-0/+1823
Also update BUILD.txt