From 1b474ef7011f4bf9ce4aac85dbc9827a9486d5eb Mon Sep 17 00:00:00 2001 From: Stephen Gallagher Date: Thu, 9 Dec 2010 10:14:04 -0500 Subject: Add group support to the simple access provider This patch adds simple_allow_groups and simple_deny_groups options to the simple access provider. It makes it possible to grant or deny access based on a user's group memberships within the domain. This patch makes one minor change to previous functionality: now all deny rules will supersede allow rules. Previously, if both simple_allow_users and simple_deny_users were set with the same value, the allow would win. https://fedorahosted.org/sssd/ticket/440 --- src/providers/simple/simple_access.h | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'src/providers/simple/simple_access.h') diff --git a/src/providers/simple/simple_access.h b/src/providers/simple/simple_access.h index 0aac42a5f..abcf61ac2 100644 --- a/src/providers/simple/simple_access.h +++ b/src/providers/simple/simple_access.h @@ -27,8 +27,13 @@ #include "util/util.h" struct simple_ctx { + struct sysdb_ctx *sysdb; + struct sss_domain_info *domain; + char **allow_users; char **deny_users; + char **allow_groups; + char **deny_groups; }; errno_t simple_access_check(struct simple_ctx *ctx, const char *username, -- cgit