summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_access.c
Commit message (Collapse)AuthorAgeFilesLines
* Use realm for basedn instead of IPA domainJakub Hrozek2011-02-281-1/+1
| | | | https://fedorahosted.org/sssd/ticket/807
* Add ipa_hbac_search_base config optionSumit Bose2011-01-191-52/+39
|
* Add ldap_search_enumeration_timeout config optionSumit Bose2011-01-171-3/+3
|
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-171-22/+31
|
* Fix uninitialized value error in set_local_and_remote_host_infoStephen Gallagher2010-12-171-1/+1
| | | | https://fedorahosted.org/sssd/ticket/725
* Fix unsafe return condition in ipa_access_handlerStephen Gallagher2010-12-171-1/+6
| | | | https://fedorahosted.org/sssd/ticket/718
* Remove IPA_ACCESS_TIME defineStephen Gallagher2010-12-081-13/+11
|
* Remove check_access_time() from IPA access providerSumit Bose2010-12-081-63/+0
| | | | | | It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too.
* Use a more efficient host search filterSumit Bose2010-11-191-5/+6
|
* Sanitize sysdb search filters in the IPA providerStephen Gallagher2010-11-151-2/+17
|
* Download only enabled IPA HBAC rulesSumit Bose2010-10-221-1/+3
|
* Save all data to sysdb in one transactionSumit Bose2010-09-231-222/+131
|
* Handle host objects like other objectsSumit Bose2010-09-231-128/+181
|
* Cleaned some dead assignmentsJan Zeleny2010-09-071-14/+12
| | | | | | Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582
* Fix IPA access backend handling of obsolete and missing HBAC entries:eindenbom2010-07-231-9/+68
| | | | | - Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR.
* Do not treat missing HBAC rules as an errorSumit Bose2010-07-231-0/+5
|
* Use new LDAP connection framework in IPA access backend.eindenbom2010-07-091-304/+264
|
* Unify sdap and sysdb data handlingSumit Bose2010-06-021-85/+104
|
* Compare full service nameSumit Bose2010-06-021-1/+2
|
* Remove service groupsSumit Bose2010-06-021-191/+7
| | | | | Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore.
* Use new schema for HBAC service checksSumit Bose2010-06-021-21/+637
|
* Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el()Sumit Bose2010-06-021-23/+12
| | | | | | | | sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT.
* Check ipaEnabledFlagSumit Bose2010-05-271-5/+23
|
* Don't report a fatal error for an HBAC denialStephen Gallagher2010-05-161-1/+1
|
* Compare the full service nameSumit Bose2010-05-071-1/+2
|
* Fix a wrong return value in IPA HBACSumit Bose2010-05-031-2/+2
|
* Better handle sdap_handle memory from callers.Simo Sorce2010-05-031-8/+0
| | | | | | | | | | | | | Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event.
* sysdb: remove remaining traces of sysdb_handleSimo Sorce2010-04-121-4/+0
|
* Remove remaining use of sysdb_transaction_sendSimo Sorce2010-04-121-69/+25
|
* sysdb: convert sysdb_asq_searchSimo Sorce2010-04-121-150/+69
|
* sysdb: convert sysdb_store_customSimo Sorce2010-04-121-113/+35
|
* sysdb: convert sysdb_search_customSimo Sorce2010-04-121-42/+60
|
* sysdb: convert sysdb_search_user_by_name/uidSimo Sorce2010-04-121-61/+14
|
* sysdb: convert sysdb_search_entry and sysdb_delete_recursiveSimo Sorce2010-04-121-25/+5
|
* Fix LDAP search paths for IPA HBACSumit Bose2010-03-251-15/+20
| | | | | | - use domain_to_basedn() to construct LDAP search paths for IPA HBAC - move domain_to_basedn() to a separate file to simplify the build of a test
* Rename server/ directory to src/Stephen Gallagher2010-02-181-0/+1823
Also update BUILD.txt
generated by cgit (git 2.34.1) at 2024-05-05 11:45:06 +0000