diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2011-06-06 22:26:28 -0400 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2011-10-26 10:29:38 -0400 |
| commit | 9a58bc432bb9bc4ae4c452c5e600c94d4fc1c5a0 (patch) | |
| tree | 2dba3b38fceb8b8406098f65e9a332c9c74ccbd2 /src/providers/ldap | |
| parent | 9d3f6c05d7f72a4ea0eba53333eac9d54df54395 (diff) | |
| download | sssd-9a58bc432bb9bc4ae4c452c5e600c94d4fc1c5a0.tar.gz sssd-9a58bc432bb9bc4ae4c452c5e600c94d4fc1c5a0.tar.xz sssd-9a58bc432bb9bc4ae4c452c5e600c94d4fc1c5a0.zip | |
Rewrite HBAC rule evaluator
Add helper function msgs2attrs_array
This function converts a list of ldb_messages into a list of
sysdb_attrs.
Conflicts:
src/providers/ldap/ldap_common.c
src/providers/ldap/ldap_common.h
Add HBAC evaluator and tests
Add helper functions for looking up HBAC rule components
Remove old HBAC implementation
Add new HBAC lookup and evaluation routines
Conflicts:
Makefile.am
Add ipa_hbac_refresh option
This option describes the time between refreshes of the HBAC rules
on the IPA server.
Add ipa_hbac_treat_deny_as option
By default, we will treat the presence of any DENY rule as denying
all users. This option will allow the admin to explicitly ignore
DENY rules during a transitional period.
Treat NULL or empty rhost as unknown
Previously, we were assuming this meant it was coming from the
localhost, but this is not a safe assumption. We will now treat it
as unknown and it will fail to match any rule that requires a
specified srchost or group of srchosts.
libipa_hbac: Support case-insensitive comparisons with UTF8
UTF8 HBAC test
Fix memory leak in ipa_hbac_evaluate_rules
https://fedorahosted.org/sssd/ticket/933
Fix incorrect NULL check in ipa_hbac_common.c
https://fedorahosted.org/sssd/ticket/936
Require matched version and release for libipa_hbac
Add rule validator to libipa_hbac
https://fedorahosted.org/sssd/ticket/943
Diffstat (limited to 'src/providers/ldap')
| -rw-r--r-- | src/providers/ldap/ldap_common.c | 29 | ||||
| -rw-r--r-- | src/providers/ldap/ldap_common.h | 4 |
2 files changed, 33 insertions, 0 deletions
diff --git a/src/providers/ldap/ldap_common.c b/src/providers/ldap/ldap_common.c index d2477bcf2..31b8139ae 100644 --- a/src/providers/ldap/ldap_common.c +++ b/src/providers/ldap/ldap_common.c @@ -1045,3 +1045,32 @@ bool sdap_is_secure_uri(const char *uri) } return false; } + +errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count, + struct ldb_message **msgs, + struct sysdb_attrs ***attrs) +{ + int i; + struct sysdb_attrs **a; + + a = talloc_array(mem_ctx, struct sysdb_attrs *, count); + if (a == NULL) { + DEBUG(1, ("talloc_array failed.\n")); + return ENOMEM; + } + + for (i = 0; i < count; i++) { + a[i] = talloc(a, struct sysdb_attrs); + if (a[i] == NULL) { + DEBUG(1, ("talloc_array failed.\n")); + talloc_free(a); + return ENOMEM; + } + a[i]->num = msgs[i]->num_elements; + a[i]->a = talloc_steal(a[i], msgs[i]->elements); + } + + *attrs = a; + + return EOK; +} diff --git a/src/providers/ldap/ldap_common.h b/src/providers/ldap/ldap_common.h index 9146da5a9..70ffd1485 100644 --- a/src/providers/ldap/ldap_common.h +++ b/src/providers/ldap/ldap_common.h @@ -162,4 +162,8 @@ errno_t list_missing_attrs(TALLOC_CTX *mem_ctx, bool sdap_is_secure_uri(const char *uri); +errno_t msgs2attrs_array(TALLOC_CTX *mem_ctx, size_t count, + struct ldb_message **msgs, + struct sysdb_attrs ***attrs); + #endif /* _LDAP_COMMON_H_ */ |