diff options
| author | Jakub Hrozek <jhrozek@redhat.com> | 2014-01-02 17:23:08 +0100 |
|---|---|---|
| committer | Jakub Hrozek <jhrozek@redhat.com> | 2014-05-13 22:24:09 +0200 |
| commit | 770dc892f867639f36f84455d65be6287935a529 (patch) | |
| tree | 4b847d89ec0cb984140187bee14bf409066f0ec5 /src/responder/ifp/ifp_private.h | |
| parent | 60cab26b12df9a2153823972cde0c38ca86e01b9 (diff) | |
| download | sssd-770dc892f867639f36f84455d65be6287935a529.tar.gz sssd-770dc892f867639f36f84455d65be6287935a529.tar.xz sssd-770dc892f867639f36f84455d65be6287935a529.zip | |
IFP: Per-attribute ACL for users
Introduces a new option called user_attributes that allows to specify
which user attributes are allowed to be queried from the IFP responder.
By default only the default POSIX set is allowed, this option allows to
either add other attributes (+attrname) or remove them from the default
set (-attrname).
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Diffstat (limited to 'src/responder/ifp/ifp_private.h')
| -rw-r--r-- | src/responder/ifp/ifp_private.h | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/src/responder/ifp/ifp_private.h b/src/responder/ifp/ifp_private.h index 52c480bb4..c03cf6ccc 100644 --- a/src/responder/ifp/ifp_private.h +++ b/src/responder/ifp/ifp_private.h @@ -43,6 +43,7 @@ struct ifp_ctx { int neg_timeout; struct sysbus_ctx *sysbus; + const char **user_whitelist; }; /* This is a throwaway method to ease the review of the patch. @@ -68,4 +69,6 @@ const char *ifp_path_strip_prefix(const char *path, const char *prefix); errno_t ifp_add_ldb_el_to_dict(DBusMessageIter *iter_dict, struct ldb_message_element *el); +const char **ifp_parse_attr_list(TALLOC_CTX *mem_ctx, const char *conf_str); +bool ifp_attr_allowed(const char *whitelist[], const char *attr); #endif /* _IFPSRV_PRIVATE_H_ */ |