summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_hbac_common.c
Commit message (Collapse)AuthorAgeFilesLines
* UTIL: rename find_subdomain_by_namePavel Reichl2014-07-221-2/+2
| | | | | | | | | The function was named "find_subdomain" yet it could find both main domain and subdomain. sed 's/find_subdomain_by_name/find_domain_by_name/' -i `find . -name "*.[ch]"` Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Update DEBUG* invocations to use new levelsNikolai Kondrashov2014-02-121-32/+39
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG* macro invocations, which use literal numbers for levels, to use bitmask macros instead: grep -rl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e 'use strict; use File::Slurp; my @map=qw" SSSDBG_FATAL_FAILURE SSSDBG_CRIT_FAILURE SSSDBG_OP_FAILURE SSSDBG_MINOR_FAILURE SSSDBG_CONF_SETTINGS SSSDBG_FUNC_DATA SSSDBG_TRACE_FUNC SSSDBG_TRACE_LIBS SSSDBG_TRACE_INTERNAL SSSDBG_TRACE_ALL "; my $text=read_file(\*STDIN); my $repl; $text=~s/ ^ ( .* \b (DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM) \s* \(\s* )( [0-9] )( \s*, ) ( \s* ) ( .* ) $ / $repl = $1.$map[$3].$4.$5.$6, length($repl) <= 80 ? $repl : $1.$map[$3].$4."\n".(" " x length($1)).$6 /xmge; print $text; ' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* Make DEBUG macro invocations variadicNikolai Kondrashov2014-02-121-44/+44
| | | | | | | | | | | | | | | | | | | | | | | | Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>
* SYSDB: Drop redundant sysdb_ctx parameter from sysdb.cMichal Zidek2013-11-151-6/+3
|
* SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 2)Michal Zidek2013-11-151-2/+1
|
* SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 1)Michal Zidek2013-11-151-2/+2
|
* Replace new_subdomain() with find_subdomain_by_name()Sumit Bose2013-06-281-2/+2
| | | | | | new_subdomain() will create a new domain object and should not be used anymore in the priovder code directly. Instead a reference to the domain from the common domain object should be used.
* Fix initialization of multiple variablesOndrej Kos2013-03-131-1/+1
|
* Add realm info to sss_domain_infoSimo Sorce2013-02-101-1/+1
|
* Add be_req_get_be_ctx() helper.Simo Sorce2013-01-211-9/+7
| | | | In preparation for making be_req opaque
* Remove domain from be_req structureSimo Sorce2013-01-211-5/+5
|
* Remove hbac_ctx_be()Simo Sorce2013-01-211-1/+1
|
* Remove hbac_ctx_sysdb()Simo Sorce2013-01-211-5/+4
|
* Remove sysdb arg from [ipa_]hbac_sysdb_save()Simo Sorce2013-01-211-22/+16
| | | | Also make ipa_hbac_save_list() static
* Remove sysdb arg from hbac_*host_attrs_to_rule()Simo Sorce2013-01-211-2/+0
|
* Remove sysdb arg from hbac_service_attrs_to_rule()Simo Sorce2013-01-211-1/+0
|
* Remove sysdb argument from hbac_user_attrs_to_rule()Simo Sorce2013-01-211-1/+0
|
* Add domain arg to sysdb_search_users()Simo Sorce2013-01-151-0/+1
|
* Add domain argument to sysdb_search_custom()Simo Sorce2013-01-151-0/+3
| | | | Also changes sysdb_search_custom_by_name()
* Add domain argument to sysdb_store_custom()Simo Sorce2013-01-151-1/+1
|
* Add domain to sysdb_search_user_by_name()Simo Sorce2013-01-151-3/+6
| | | | Also remove unused sysdb_search_domuser_by_name()
* Make sysdb_custom_subtree_dn() require a domain.Simo Sorce2013-01-151-1/+1
|
* Make sysdb_custom_dn() require a domain.Simo Sorce2013-01-151-2/+4
|
* Do not save HBAC rules in subdomain subtreeSumit Bose2012-11-191-3/+16
| | | | | | | | | | | | | | Currently the sysdb context is pointed to the subdomain subtree containing user the user to be checked at the beginning of a HBAC request. As a result all HBAC rules and related data is save in the subdomain tree as well. But since the HBAC rules of the configured domain apply to all users it is sufficient to save them once in the subtree of the configured domain. Since most of the sysdb operations during a HBAC request are related to the HBAC rules and related data this patch does not change the default sysdb context but only create a special context to look up subdomain users.
* SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek2012-09-241-5/+3
| | | | | The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
* Unify usage of sysdb transactionsMichal Zidek2012-08-231-2/+8
| | | | | | Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
* HBAC: create empty groups with one NULL elementJakub Hrozek2012-01-061-16/+15
| | | | https://fedorahosted.org/sssd/ticket/1130
* Add ipa_hbac_support_srchost option to IPA providerJan Zeleny2011-11-291-0/+3
| | | | | don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
* Cleanup: Remove unused parametersJakub Hrozek2011-11-221-7/+1
|
* Add a missing breakJakub Hrozek2011-10-171-0/+1
|
* HBAC: Use originalMember for identifying hostgroupsStephen Gallagher2011-10-141-45/+51
|
* HBAC: Use originalMember for identifying servicegroupsStephen Gallagher2011-10-141-41/+55
|
* HBAC: Do not save member/memberOf linksStephen Gallagher2011-10-141-120/+0
| | | | We can just trust the values from the FreeIPA server
* HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher2011-09-281-3/+3
|
* Multiline macro cleanupJakub Hrozek2011-09-281-1/+1
| | | | | | | | | | This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-08-261-7/+21
|
* sysdb refactoring: memory context deletedJan Zeleny2011-08-151-2/+2
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-151-7/+5
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Fix incorrect NULL check in ipa_hbac_common.cStephen Gallagher2011-07-291-1/+1
| | | | https://fedorahosted.org/sssd/ticket/936
* Treat NULL or empty rhost as unknownStephen Gallagher2011-07-081-9/+21
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add helper functions for looking up HBAC rule componentsStephen Gallagher2011-07-081-0/+871
generated by cgit (git 2.34.1) at 2024-06-22 02:36:09 +0000