summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_hbac_hosts.c
Commit message (Collapse)AuthorAgeFilesLines
* IPA: Do not download or store the member attribute of host groupssssd-1.5.1-70Jakub Hrozek2013-06-271-5/+4
| | | | | | | | https://fedorahosted.org/sssd/ticket/1806 The IPA provider attempted to store the original value of member attribute to the cache. That caused the memberof plugin to process the values which was really CPU intensive.
* LDAP: Only use paging control on requests for multiple entriesJakub Hrozek2013-05-161-4/+8
| | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results.
* Add ipa_hbac_support_srchost option to IPA providersssd-1.5.1-57.el5Jan Zeleny2012-08-171-51/+385
| | | | | don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
* Improve performance of HBAC with large numbers of hostsStephen Gallagher2011-10-261-0/+109
| | | | | | | | | | HBAC: Do not save member/memberOf links We can just trust the values from the FreeIPA server HBAC: Use originalMember for identifying servicegroups HBAC: Use originalMember for identifying hostgroups
* Do not access memory out of boundsSumit Bose2011-10-261-2/+2
|
* HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher2011-10-261-4/+4
| | | | | We were trying to look up the wrong attribute for the name of the hostgroup.
* Rewrite HBAC rule evaluatorStephen Gallagher2011-10-261-0/+524
Add helper function msgs2attrs_array This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h Add HBAC evaluator and tests Add helper functions for looking up HBAC rule components Remove old HBAC implementation Add new HBAC lookup and evaluation routines Conflicts: Makefile.am Add ipa_hbac_refresh option This option describes the time between refreshes of the HBAC rules on the IPA server. Add ipa_hbac_treat_deny_as option By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. Treat NULL or empty rhost as unknown Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. libipa_hbac: Support case-insensitive comparisons with UTF8 UTF8 HBAC test Fix memory leak in ipa_hbac_evaluate_rules https://fedorahosted.org/sssd/ticket/933 Fix incorrect NULL check in ipa_hbac_common.c https://fedorahosted.org/sssd/ticket/936 Require matched version and release for libipa_hbac Add rule validator to libipa_hbac https://fedorahosted.org/sssd/ticket/943
generated by cgit (git 2.34.1) at 2024-06-07 22:08:21 +0000