diff options
author | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-06 22:26:28 -0400 |
---|---|---|
committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-08-04 10:28:14 -0400 |
commit | 6d7450e996e7c699aebf12422cc7080a0782b9ae (patch) | |
tree | de1c1245e0b888d80493f859c79938ba37d5e1fb /Makefile.am | |
parent | 47985a7b3a1a4c00b38350692197ce360e5e36ef (diff) | |
download | sssd-6d7450e996e7c699aebf12422cc7080a0782b9ae.tar.gz sssd-6d7450e996e7c699aebf12422cc7080a0782b9ae.tar.xz sssd-6d7450e996e7c699aebf12422cc7080a0782b9ae.zip |
Rewrite HBAC rule evaluator
Add helper function msgs2attrs_array
This function converts a list of ldb_messages into a list of
sysdb_attrs.
Conflicts:
src/providers/ldap/ldap_common.c
src/providers/ldap/ldap_common.h
Add HBAC evaluator and tests
Add helper functions for looking up HBAC rule components
Remove old HBAC implementation
Add new HBAC lookup and evaluation routines
Conflicts:
Makefile.am
Add ipa_hbac_refresh option
This option describes the time between refreshes of the HBAC rules
on the IPA server.
Add ipa_hbac_treat_deny_as option
By default, we will treat the presence of any DENY rule as denying
all users. This option will allow the admin to explicitly ignore
DENY rules during a transitional period.
Treat NULL or empty rhost as unknown
Previously, we were assuming this meant it was coming from the
localhost, but this is not a safe assumption. We will now treat it
as unknown and it will fail to match any rule that requires a
specified srchost or group of srchosts.
libipa_hbac: Support case-insensitive comparisons with UTF8
UTF8 HBAC test
Fix memory leak in ipa_hbac_evaluate_rules
https://fedorahosted.org/sssd/ticket/933
Fix incorrect NULL check in ipa_hbac_common.c
https://fedorahosted.org/sssd/ticket/936
Require matched version and release for libipa_hbac
Add rule validator to libipa_hbac
https://fedorahosted.org/sssd/ticket/943
Diffstat (limited to 'Makefile.am')
-rw-r--r-- | Makefile.am | 38 |
1 files changed, 36 insertions, 2 deletions
diff --git a/Makefile.am b/Makefile.am index 49520f3be..d75300bdb 100644 --- a/Makefile.am +++ b/Makefile.am @@ -32,6 +32,7 @@ pipepath = @pipepath@ initdir = @initdir@ logpath = @logpath@ pubconfpath = @pubconfpath@ +pkgconfigdir = $(libdir)/pkgconfig AM_CFLAGS = if WANT_AUX_INFO @@ -43,6 +44,8 @@ if HAVE_GCC -Werror-implicit-function-declaration endif +dist_pkgconfig_DATA = + ACLOCAL_AMFLAGS = -I m4 -I . sbin_PROGRAMS = \ @@ -78,7 +81,8 @@ if HAVE_CHECK ipa_ldap_opt-tests \ simple_access-tests \ crypto-tests \ - util-tests + util-tests \ + ipa_hbac-tests endif check_PROGRAMS = \ @@ -358,6 +362,17 @@ if HAVE_NSS endif +lib_LTLIBRARIES = libipa_hbac.la +dist_pkgconfig_DATA += src/providers/ipa/ipa_hbac.pc +libipa_hbac_la_SOURCES = \ + src/providers/ipa/hbac_evaluator.c +libipa_hbac_la_LDFLAGS = \ + -version 1:0:1 \ + -lunistring + +include_HEADERS = \ + src/providers/ipa/ipa_hbac.h + #################### # Program Binaries # #################### @@ -690,6 +705,18 @@ crypto_tests_LDADD = \ $(CHECK_LIBS) \ libsss_test_common.la +ipa_hbac_tests_SOURCES = \ + src/tests/ipa_hbac-tests.c \ + $(SSSD_UTIL_OBJ) +ipa_hbac_tests_CFLAGS = \ + $(AM_CFLAGS) \ + $(CHECK_CFLAGS) +ipa_hbac_tests_LDADD = \ + $(SSSD_LIBS) \ + $(CHECK_LIBS) \ + libsss_test_common.la \ + libipa_hbac.la + endif stress_tests_SOURCES = \ @@ -833,6 +860,12 @@ libsss_ipa_la_SOURCES = \ src/providers/ipa/ipa_auth.c \ src/providers/ipa/ipa_access.c \ src/providers/ipa/ipa_dyndns.c \ + src/providers/ipa/ipa_hbac_hosts.c \ + src/providers/ipa/ipa_hbac_private.h \ + src/providers/ipa/ipa_hbac_rules.c \ + src/providers/ipa/ipa_hbac_services.c \ + src/providers/ipa/ipa_hbac_users.c \ + src/providers/ipa/ipa_hbac_common.c \ src/providers/ldap/ldap_id.c \ src/providers/ldap/ldap_id_enum.c \ src/providers/ldap/ldap_id_cleanup.c \ @@ -870,7 +903,8 @@ libsss_ipa_la_LIBADD = \ $(DHASH_LIBS) \ $(KEYUTILS_LIBS) \ $(KRB5_LIBS) \ - libsss_crypt.la + libsss_crypt.la \ + libipa_hbac.la libsss_ipa_la_LDFLAGS = \ -version-info 1:0:0 \ -module |