summaryrefslogtreecommitdiffstats
path: root/src/providers/ipa/ipa_selinux.c
Commit message (Collapse)AuthorAgeFilesLines
* selinux: if no domain matches, make the debug message louderJakub Hrozek2013-04-291-3/+3
|
* Make IPA SELinux provider aware of subdomain usersSumit Bose2013-04-291-2/+25
| | | | Fixes https://fedorahosted.org/sssd/ticket/1892
* selinux: Remove unused parameterJakub Hrozek2013-03-271-1/+0
| | | | https://fedorahosted.org/sssd/ticket/1848
* Make the SELinux refresh time configurable.Michal Zidek2013-03-191-2/+3
| | | | Option ipa_selinux_refresh is added to basic ipa options.
* Reuse cached SELinux mappings.Michal Zidek2013-03-191-3/+28
| | | | | | | | Reuse cached SELinux maps when they are requested within time interval (in this patch it is hardcoded to be 5 seconds). https://fedorahosted.org/sssd/ticket/1744
* Move SELinux processing to provider.Michal Zidek2013-03-191-31/+381
| | | | | | | | | | | | The SELinux processing was distributed between provider and pam responder which resulted in hard to maintain code. This patch moves the logic to provider. IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because the provider also writes the content of selinux login file to disk (which was done by responder before). https://fedorahosted.org/sssd/ticket/1743
* Add be_req_get_data() helper funciton.Simo Sorce2013-01-211-2/+3
| | | | In preparation for making struct be_req opaque.
* Add be_req_get_be_ctx() helper.Simo Sorce2013-01-211-6/+6
| | | | In preparation for making be_req opaque
* Introduce be_req_terminate() helperSimo Sorce2013-01-211-4/+4
| | | | | Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
* Remove domain from be_req structureSimo Sorce2013-01-211-34/+34
|
* Remove sysdb argument from hbac_get_cached_rules()Simo Sorce2013-01-211-4/+4
|
* Remove sysdb argument from ipa_host_info_send()Simo Sorce2013-01-211-1/+1
|
* Remove sysdb as a be request structure memberSimo Sorce2013-01-211-2/+2
| | | | The sysdb context is already available through the 'domain' context.
* Remove sysdb as a be context structure memberSimo Sorce2013-01-211-7/+7
| | | | The sysdb context is already available through the 'domain' structure.
* Add domain argument to sysdb selinux functionsSimo Sorce2013-01-151-3/+6
|
* Add domain argument to sysdb_search_custom()Simo Sorce2013-01-151-1/+2
| | | | Also changes sysdb_search_custom_by_name()
* Add domain to sysdb_search_user_by_name()Simo Sorce2013-01-151-1/+1
| | | | Also remove unused sysdb_search_domuser_by_name()
* Make sysdb_custom_dn() require a domain.Simo Sorce2013-01-151-3/+5
|
* IPA: Rename IPA_CONFIG_SELINUX_DEFAULT_MAPJakub Hrozek2013-01-081-2/+4
| | | | It is not a map, but a default context. The name should reflect that.
* SELINUX: Process maps even when offlineJakub Hrozek2013-01-081-226/+429
| | | | | Changes the ipa_get_selinux{send,recv} request so that it only delivers data and moves processing to the IPA selinux handler.
* SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek2012-09-241-4/+1
| | | | | The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
* SELinux: Always use the default if it exists on the serverJakub Hrozek2012-09-131-9/+9
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether
* Unify usage of sysdb transactionsMichal Zidek2012-08-231-1/+4
| | | | | | Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
* Support fetching of host from sysdb in SELinux codeJan Zeleny2012-07-311-11/+55
| | | | | The host record will be fetched if HBAC is used as access provider since the record is already downloaded and it can be trusted to be valid.
* Support fetching of HBAC rules from sysdb in SELinux codeJan Zeleny2012-07-311-14/+47
| | | | | If HBAC is active, SELinux code will reuse them instead of downloading them from the server again.
* Renamed session provider to selinux providerJan Zeleny2012-07-271-0/+625
generated by cgit (git 2.34.1) at 2024-09-25 13:39:35 +0000