| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
The SELinux processing was distributed between provider and
pam responder which resulted in hard to maintain code. This
patch moves the logic to provider.
IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because
the provider also writes the content of selinux login
file to disk (which was done by responder before).
https://fedorahosted.org/sssd/ticket/1743
|
|
Also remove unused sysdb_search_domuser_by_name()
|
|
This patch adds the possibility for user/host category attributes to
have more than one value. It also fixes semantically wrong evaluation of
SELinux map priority.
|
|
|
|
The functionality now is following:
When rule is being matched, its priority is determined as a combination
of user and host specificity (host taking preference).
After the rule is matched in provider, only its host priority is stored
in sysdb for later usage.
When rules are matched in the responder, their user priority is
determined. After that their host priority is retrieved directly from
sysdb and sum of both priorities is user to determine whether to use
that rule or not. If more rules have the same priority, the order given
in IPA config is used.
https://fedorahosted.org/sssd/ticket/1360
https://fedorahosted.org/sssd/ticket/1395
|
|
|
