summaryrefslogtreecommitdiff
path: root/src/providers/simple
AgeCommit message (Collapse)AuthorFilesLines
2013-09-17simple provider: obey case sensitivity for subdomain users and groupsPavel Březina1-7/+43
When comparing username and his groups to access list, we will obey case sensitivity of object from access list. Resolves: https://fedorahosted.org/sssd/ticket/2034
2013-09-17simple provider: support subdomain groupsPavel Březina1-23/+64
Resolves: https://fedorahosted.org/sssd/ticket/2034
2013-09-17simple provider: support subdomain usersPavel Březina1-5/+10
Resolves: https://fedorahosted.org/sssd/ticket/2034
2013-09-11Fix formating of variables with type: gid_tLukas Slebodnik1-4/+4
2013-09-11Fix formating of variables with type: size_tLukas Slebodnik1-2/+2
2013-08-07simple access provider: allow fully qualified namesPavel Březina1-46/+95
https://fedorahosted.org/sssd/ticket/2026
2013-04-19Convert the simple access check to new error codesJakub Hrozek1-9/+17
https://fedorahosted.org/sssd/ticket/453 It makes sense to keep using the boolean for access granted/denied, but when the user/group is not found, the request would now return ERR_ACCOUNT_UNKNOWN
2013-04-15Fix simple access group control in case-insensitive domainsJakub Hrozek1-16/+9
https://fedorahosted.org/sssd/ticket/1713 In the simple access provider, we need to only canonicalize user names when comparing with values in the ACL, not when searching the cache. The sysdb searches might do a base search with a DN constructed with the username which fails if the username is lower case.
2013-03-19Resolve GIDs in the simple access providerJakub Hrozek3-122/+655
Changes the simple access provider's interface to be asynchronous. When the simple access provider encounters a group that has gid, but no meaningful name, it attempts to resolve the name using the be_file_account_request function. Some providers (like the AD provider) might perform initgroups without resolving the group names. In order for the simple access provider to work correctly, we need to resolve the groups before performing the access check. In AD provider, the situation is even more tricky b/c the groups HAVE name, but their name attribute is set to SID and they are set as non-POSIX
2013-01-21Add be_req_get_data() helper funciton.Simo Sorce1-1/+1
In preparation for making struct be_req opaque.
2013-01-21Add be_req_get_be_ctx() helper.Simo Sorce1-1/+2
In preparation for making be_req opaque
2013-01-21Introduce be_req_terminate() helperSimo Sorce1-1/+1
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Split simple_access_check function outSimo Sorce3-206/+225
Need to split out the function or new additions to the handler funtion will not allow simple access tests to compile anymore.
2013-01-21Remove sysdb as a be context structure memberSimo Sorce2-5/+3
The sysdb context is already available through the 'domain' structure.
2013-01-15Add domain to sysdb_search_group_by_gid()Simo Sorce1-1/+1
Also remove unused sysdb_search_domgroup_by_gid()
2013-01-15Add domain to sysdb_search_user_by_name()Simo Sorce1-1/+1
Also remove unused sysdb_search_domuser_by_name()
2012-06-20Move some debug lines to new debug log levelsStef Walter1-2/+2
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-03-21Make the string_equal() function publicJakub Hrozek1-13/+4
2011-12-16Use the case sensitivity flag in the simple access providerJakub Hrozek1-4/+15
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny1-2/+2
The patch also updates code using modified functions. Tests have also been adjusted.
2011-04-27simple provider: Don't treat primary GID lookup failures as fatalStephen Gallagher1-13/+19
2010-12-13Add group support to the simple access providerStephen Gallagher2-14/+215
This patch adds simple_allow_groups and simple_deny_groups options to the simple access provider. It makes it possible to grant or deny access based on a user's group memberships within the domain. This patch makes one minor change to previous functionality: now all deny rules will supersede allow rules. Previously, if both simple_allow_users and simple_deny_users were set with the same value, the allow would win. https://fedorahosted.org/sssd/ticket/440
2010-03-08Add simple access providerSumit Bose2-0/+196