diff options
| author | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-09 10:14:04 -0500 |
|---|---|---|
| committer | Stephen Gallagher <sgallagh@redhat.com> | 2010-12-13 07:30:24 -0500 |
| commit | 1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb (patch) | |
| tree | 6e1e86dfbddffac5a89201f26dd4be9ed92eaab1 /src/providers/simple/simple_access.h | |
| parent | 583a018d792c7a28762ecfba74ef1adc48724f22 (diff) | |
| download | sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.gz sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.tar.xz sssd-1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb.zip | |
Add group support to the simple access provider
This patch adds simple_allow_groups and simple_deny_groups options
to the simple access provider. It makes it possible to grant or
deny access based on a user's group memberships within the domain.
This patch makes one minor change to previous functionality: now
all deny rules will supersede allow rules. Previously, if both
simple_allow_users and simple_deny_users were set with the same
value, the allow would win.
https://fedorahosted.org/sssd/ticket/440
Diffstat (limited to 'src/providers/simple/simple_access.h')
| -rw-r--r-- | src/providers/simple/simple_access.h | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/src/providers/simple/simple_access.h b/src/providers/simple/simple_access.h index 0aac42a5f..abcf61ac2 100644 --- a/src/providers/simple/simple_access.h +++ b/src/providers/simple/simple_access.h @@ -27,8 +27,13 @@ #include "util/util.h" struct simple_ctx { + struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; + char **allow_users; char **deny_users; + char **allow_groups; + char **deny_groups; }; errno_t simple_access_check(struct simple_ctx *ctx, const char *username, |