sssd.git/src/providers/simple, branch certificate_mapping Unnamed repository; edit this file to name it for gitweb. DP: Remove unused attr_type from struct dp_id_data 2017-01-16T08:58:15+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-01-06T14:58:17+00:00 ca68b1b4ba06b1cda316ae8af470647bd7015a5a Structure member attr_type was set to BE_ATTR_CORE on all places and there was a single place src/providers/ldap/ldap_id.c where we checked to other values. It is not used anymore; it's better to remove it. Reviewed-by: Michal Židek <mzidek@redhat.com> 
Structure member attr_type was set to BE_ATTR_CORE on all places
and there was a single place src/providers/ldap/ldap_id.c where
we checked to other values. It is not used anymore; it's better to
remove it.

Reviewed-by: Michal Židek <mzidek@redhat.com>
SIMPLE: Make the DP handlers testable 2016-08-10T14:55:53+00:00 Jakub Hrozek jhrozek@redhat.com 2016-07-26T10:13:43+00:00 c777f575b0ec0c48ce3b85ea2c5cc298db02450e To make it possible to call the whole DP handler in the unit test, not just the evaluator part. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
To make it possible to call the whole DP handler in the unit test, not
just the evaluator part.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SIMPLE: Fail on any error parsing the access control list 2016-08-10T14:55:53+00:00 Jakub Hrozek jhrozek@redhat.com 2016-07-21T11:33:18+00:00 79ac0e8a4840202c3615d6ce6584df3c08efb594 Luckily this error was hidden by the fact that SSSD didn't start at all when an unparseable name was encountered after startup. Otherwise, this would have been a security issue. Nonetheless, we should just fail and deny access if we can't parse a name in a simple access list. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Luckily this error was hidden by the fact that SSSD didn't start at all
when an unparseable name was encountered after startup. Otherwise, this
would have been a security issue.

Nonetheless, we should just fail and deny access if we can't parse a
name in a simple access list.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SIMPLE: Do not parse names on startup 2016-08-10T14:55:53+00:00 Jakub Hrozek jhrozek@redhat.com 2016-07-21T10:18:01+00:00 d2902de03738a3018445698650d8b974ae3cf230 It's not required to parse names on SSSD startup in the simple access provider. We can instead just parse the name when the access request is processed. Resolves: https://fedorahosted.org/sssd/ticket/3101 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
It's not required to parse names on SSSD startup in the simple access
provider. We can instead just parse the name when the access request is
processed.

Resolves:
https://fedorahosted.org/sssd/ticket/3101

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
DP: rename be_acct_req to dp_id_data 2016-07-15T11:14:12+00:00 Pavel Březina pbrezina@redhat.com 2016-07-14T09:56:26+00:00 3d29430867cf92b2d71afa95abb679711231117c Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SIMPLE: Make the simple access provider work with qualified names 2016-07-07T08:25:21+00:00 Jakub Hrozek jhrozek@redhat.com 2016-06-15T09:41:44+00:00 eef359b508b898ae99d2bf292a43f0f295a2ba5e This patch adds a behaviour change to the simple access provider - the simple access list is parsed on the access check itself, which is when the name contexts of all domains have already been established and we are already able to parse the names in the config files with sss_parse_names. We need to support "input names" in the simple access provider because it needs to support flat names which rely on knowing the details about a domain. The simple_access_obtain_filter_lists is intentionally made non-static in order to be called from tests which initialize the name contexts on their own. Reviewed-by: Sumit Bose <sbose@redhat.com> 
This patch adds a behaviour change to the simple access provider - the
simple access list is parsed on the access check itself, which is when
the name contexts of all domains have already been established and we
are already able to parse the names in the config files with
sss_parse_names. We need to support "input names" in the simple access
provider because it needs to support flat names which rely on knowing
the details about a domain.

The simple_access_obtain_filter_lists is intentionally made non-static
in order to be called from tests which initialize the name contexts on
their own.

Reviewed-by: Sumit Bose <sbose@redhat.com>
DP: Switch to new interface 2016-06-20T12:48:47+00:00 Pavel Březina pbrezina@redhat.com 2016-03-29T10:38:25+00:00 dea636af4d1902a081ee891f1b19ee2f8729d759 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Rename dp_backend.h to backend.h 2016-06-20T12:48:46+00:00 Pavel Březina pbrezina@redhat.com 2016-01-20T12:07:23+00:00 cc2d77d5218c188119fa954c856e858cbde76947 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
simple-access-provider: make user grp res more robust 2015-04-28T09:58:53+00:00 Pavel Reichl preichl@redhat.com 2015-04-20T15:33:29+00:00 82a958e6592c4a4078e45b7197bbe4751b70f511 Not all user groups need to be resolved if group deny list is empty. Resolves: https://fedorahosted.org/sssd/ticket/2519 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Not all user groups need to be resolved if group deny list is empty.

Resolves:
https://fedorahosted.org/sssd/ticket/2519

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
simple-access-provider: break matching allowed users 2014-12-08T09:55:47+00:00 Pavel Reichl preichl@redhat.com 2014-06-04T17:24:08+00:00 958037cf32ea156dfdde426a45ac1d972fe46618 Stop matching username with names in simple_allow_users after positive match. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Stop matching username with names in simple_allow_users after positive
match.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>