summaryrefslogtreecommitdiff
path: root/src/providers/ipa/ipa_selinux.c
AgeCommit message (Collapse)AuthorFilesLines
2013-04-29selinux: if no domain matches, make the debug message louderJakub Hrozek1-3/+3
2013-04-29Make IPA SELinux provider aware of subdomain usersSumit Bose1-2/+25
Fixes https://fedorahosted.org/sssd/ticket/1892
2013-03-27selinux: Remove unused parameterJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1848
2013-03-19Make the SELinux refresh time configurable.Michal Zidek1-2/+3
Option ipa_selinux_refresh is added to basic ipa options.
2013-03-19Reuse cached SELinux mappings.Michal Zidek1-3/+28
Reuse cached SELinux maps when they are requested within time interval (in this patch it is hardcoded to be 5 seconds). https://fedorahosted.org/sssd/ticket/1744
2013-03-19Move SELinux processing to provider.Michal Zidek1-31/+381
The SELinux processing was distributed between provider and pam responder which resulted in hard to maintain code. This patch moves the logic to provider. IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because the provider also writes the content of selinux login file to disk (which was done by responder before). https://fedorahosted.org/sssd/ticket/1743
2013-01-21Add be_req_get_data() helper funciton.Simo Sorce1-2/+3
In preparation for making struct be_req opaque.
2013-01-21Add be_req_get_be_ctx() helper.Simo Sorce1-6/+6
In preparation for making be_req opaque
2013-01-21Introduce be_req_terminate() helperSimo Sorce1-4/+4
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Remove domain from be_req structureSimo Sorce1-34/+34
2013-01-21Remove sysdb argument from hbac_get_cached_rules()Simo Sorce1-4/+4
2013-01-21Remove sysdb argument from ipa_host_info_send()Simo Sorce1-1/+1
2013-01-21Remove sysdb as a be request structure memberSimo Sorce1-2/+2
The sysdb context is already available through the 'domain' context.
2013-01-21Remove sysdb as a be context structure memberSimo Sorce1-7/+7
The sysdb context is already available through the 'domain' structure.
2013-01-15Add domain argument to sysdb selinux functionsSimo Sorce1-3/+6
2013-01-15Add domain argument to sysdb_search_custom()Simo Sorce1-1/+2
Also changes sysdb_search_custom_by_name()
2013-01-15Add domain to sysdb_search_user_by_name()Simo Sorce1-1/+1
Also remove unused sysdb_search_domuser_by_name()
2013-01-15Make sysdb_custom_dn() require a domain.Simo Sorce1-3/+5
2013-01-08IPA: Rename IPA_CONFIG_SELINUX_DEFAULT_MAPJakub Hrozek1-2/+4
It is not a map, but a default context. The name should reflect that.
2013-01-08SELINUX: Process maps even when offlineJakub Hrozek1-226/+429
Changes the ipa_get_selinux{send,recv} request so that it only delivers data and moves processing to the IPA selinux handler.
2012-09-24SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek1-4/+1
The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
2012-09-13SELinux: Always use the default if it exists on the serverJakub Hrozek1-9/+9
https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether
2012-08-23Unify usage of sysdb transactionsMichal Zidek1-1/+4
Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
2012-07-31Support fetching of host from sysdb in SELinux codeJan Zeleny1-11/+55
The host record will be fetched if HBAC is used as access provider since the record is already downloaded and it can be trusted to be valid.
2012-07-31Support fetching of HBAC rules from sysdb in SELinux codeJan Zeleny1-14/+47
If HBAC is active, SELinux code will reuse them instead of downloading them from the server again.
2012-07-27Renamed session provider to selinux providerJan Zeleny1-0/+625
generated by cgit (git 2.34.1) at 2024-11-16 18:30:53 +0000