summaryrefslogtreecommitdiff
path: root/src/providers/ipa
AgeCommit message (Collapse)AuthorFilesLines
2012-07-23Added some DEBUG statements into SELinux related codeJan Zeleny1-4/+14
2012-07-18Fix uninitialized valuesNick Guay1-4/+4
https://fedorahosted.org/sssd/ticket/1379
2012-07-18IPA: Return and save all SELinux rules in the providerJakub Hrozek1-47/+27
https://fedorahosted.org/sssd/ticket/1421
2012-07-18IPA: Download defaults even if there are no SELinux mappingsJakub Hrozek1-60/+59
We should always download the defaults because even if there are no rules, we might want to use (or update) the defaults.
2012-07-18Modify priority evaluation in SELinux user mapsJan Zeleny1-2/+34
The functionality now is following: When rule is being matched, its priority is determined as a combination of user and host specificity (host taking preference). After the rule is matched in provider, only its host priority is stored in sysdb for later usage. When rules are matched in the responder, their user priority is determined. After that their host priority is retrieved directly from sysdb and sum of both priorities is user to determine whether to use that rule or not. If more rules have the same priority, the order given in IPA config is used. https://fedorahosted.org/sssd/ticket/1360 https://fedorahosted.org/sssd/ticket/1395
2012-07-10Remove dead code in ipa_subdomains_handler_done()Sumit Bose1-1/+1
Fixes https://fedorahosted.org/sssd/ticket/1410
2012-07-06KRB5: Create a common init routine for krb5_child optionsStephen Gallagher1-45/+6
This will reduce code duplication between the krb5, ipa and ad providers
2012-07-06KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher1-1/+1
This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
2012-07-02IPA: Don't hang onto memory longer than necessaryStephen Gallagher1-0/+1
This request and attached memory would be freed at the end of access-check processing, but it's a waste to keep it around.
2012-06-29sudo: add host info optionsPavel Březina1-0/+5
Adds some option that allows to manually configure a host filter. ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
2012-06-29sudo provider: add ldap_sudo_smart_refresh_intervalPavel Březina1-0/+1
2012-06-29sudo provider: remove old timerPavel Březina1-2/+0
2012-06-29sudo provider: add ldap_sudo_full_refresh_intervalPavel Březina1-0/+1
2012-06-21Add support for ID rangesSumit Bose6-10/+197
2012-06-14Make krb5_ccname_template and krb5_ccachedir configurableJakub Hrozek1-2/+2
2012-06-13LDAP: Add ldap_*_use_matching_rule_in_chain optionsStephen Gallagher1-0/+2
2012-06-10IPA subdomains - ask for information about master domainJan Zeleny6-17/+164
The query is performed only if there is missing information in the cache. That means this should be done only once after restart when cache doesn't exist. All subsequent requests for subdomains won't include the request for master domain.
2012-05-31Add support for filtering atributesJan Zeleny5-7/+12
This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
2012-05-22Fixed issue in SELinux user mapsJan Zeleny1-0/+2
There was an issue when IPA provider didn't set PAM_SUCCESS when successfully finished loading SELinux user maps. This lead to the map not being read in the responder.
2012-05-10Filter out IP addresses inappropriate for DNS forward recordsJakub Hrozek1-1/+57
https://fedorahosted.org/sssd/ticket/949
2012-05-10LDAP: Add attr_count return value to build_attrs_from_map()Stephen Gallagher5-7/+8
This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
2012-05-03LDAP: Map the user's primaryGroupIDStephen Gallagher1-0/+1
2012-05-03LDAP: Allow setting a default domain for id-mapping slice 0Stephen Gallagher1-0/+2
2012-05-03LDAP: Add autorid compatibility modeStephen Gallagher1-0/+1
2012-05-03LDAP: Add ID mapping range settingsStephen Gallagher1-0/+3
2012-05-03LDAP: Add id-mapping optionStephen Gallagher1-0/+1
2012-05-03LDAP: Add objectSID config optionStephen Gallagher1-0/+2
2012-05-03SSH: Add dp_get_host_send to common responder codeJakub Hrozek1-9/+6
Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
2012-05-03IPA: Check return valuesJakub Hrozek2-2/+12
2012-05-02HBAC: Prevent NULL dereference in hbac_evaluateJakub Hrozek1-2/+4
'info' is optional parameter and can be set to NULL
2012-05-02ipa_get_config_send: remove unused assignmentJakub Hrozek1-1/+0
2012-05-02IPA netgroups: return EOK when there are no netgroups to processJakub Hrozek1-0/+1
If the code fell through the loop, ret would have been random value.
2012-05-01execv, excvp and exec_child never return EOKStef Walter1-5/+3
* So don't need to handle that case
2012-04-24Utilize sysdb context within be_req in HBACJan Zeleny1-2/+2
2012-04-24Detect subdomain request in IPA access providerJan Zeleny1-0/+10
2012-04-24Accept be_req instead if be_ctx in LDAP access providerJan Zeleny1-1/+1
2012-04-24Basic support for subdomains in auth providerJan Zeleny1-0/+6
2012-04-24Add ID operations in subdomainsJan Zeleny3-0/+276
2012-04-24Add s2n extended operationSumit Bose2-0/+667
2012-04-24IPA: Add get-domains targetSumit Bose6-0/+425
2012-04-18Prevent printing NULL from DEBUG messagesJakub Hrozek3-4/+4
2012-04-13Remove forgotten DEBUG messageJakub Hrozek1-2/+0
2012-04-05Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTIONJakub Hrozek1-3/+4
https://fedorahosted.org/sssd/ticket/1271
2012-03-29Return correct resolv_status on resolver timeoutJakub Hrozek1-1/+6
https://fedorahosted.org/sssd/ticket/1274
2012-03-28Remove old compatibility testsStephen Gallagher2-31/+0
These are now replaced by the more accurate tests. This patch also drops the runtime option-count check, since we are always performing the more complete check at build-time.
2012-03-28Add terminator for sdap_attr_mapStephen Gallagher1-8/+18
2012-03-28Add terminator for dp_optionStephen Gallagher1-3/+6
2012-03-28Put dp_option maps in their own fileStephen Gallagher2-215/+249
There is no functional change due to this patch.
2012-03-16IPA: Allow service lookupsStephen Gallagher1-0/+1
2012-03-12IPA: Initialize hbac_ctx to NULLStephen Gallagher1-1/+1
generated by cgit (git 2.34.1) at 2024-11-17 02:20:41 +0000