summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_hbac_common.c
Commit message (Collapse)AuthorAgeFilesLines
* Do not save HBAC rules in subdomain subtreeSumit Bose2012-11-191-3/+16
| | | | | | | | | | | | | | Currently the sysdb context is pointed to the subdomain subtree containing user the user to be checked at the beginning of a HBAC request. As a result all HBAC rules and related data is save in the subdomain tree as well. But since the HBAC rules of the configured domain apply to all users it is sufficient to save them once in the subtree of the configured domain. Since most of the sysdb operations during a HBAC request are related to the HBAC rules and related data this patch does not change the default sysdb context but only create a special context to look up subdomain users.
* SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek2012-09-241-5/+3
| | | | | The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
* Unify usage of sysdb transactionsMichal Zidek2012-08-231-2/+8
| | | | | | Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
* HBAC: create empty groups with one NULL elementJakub Hrozek2012-01-061-16/+15
| | | | https://fedorahosted.org/sssd/ticket/1130
* Add ipa_hbac_support_srchost option to IPA providerJan Zeleny2011-11-291-0/+3
| | | | | don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-7/+1
|
* Add a missing breakJakub Hrozek2011-10-171-0/+1
|
* HBAC: Use originalMember for identifying hostgroupsStephen Gallagher2011-10-141-45/+51
|
* HBAC: Use originalMember for identifying servicegroupsStephen Gallagher2011-10-141-41/+55
|
* HBAC: Do not save member/memberOf linksStephen Gallagher2011-10-141-120/+0
| | | | We can just trust the values from the FreeIPA server
* HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher2011-09-281-3/+3
|
* Multiline macro cleanupJakub Hrozek2011-09-281-1/+1
| | | | | | | | | | This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-08-261-7/+21
|
* sysdb refactoring: memory context deletedJan Zeleny2011-08-151-2/+2
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-7/+5
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Fix incorrect NULL check in ipa_hbac_common.cStephen Gallagher2011-07-291-1/+1
| | | | https://fedorahosted.org/sssd/ticket/936
* Treat NULL or empty rhost as unknownStephen Gallagher2011-07-081-9/+21
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add helper functions for looking up HBAC rule componentsStephen Gallagher2011-07-081-0/+871
generated by cgit (git 2.34.1) at 2024-06-07 05:58:10 +0000