History log of /sssd/src/db/sysdb_selinux.c
Revision Date Author Comments Expand
a3c8390d19593b1e5277d95bfb4ab206d4785150 12-Feb-2014 Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>

Make DEBUG macro invocations variadic Use a script to update DEBUG macro invocations to use it as a variadic macro, supplying format string and its arguments directly, instead of wrapping them in parens. This script was used to update the code: grep -rwl --include '*.[hc]' DEBUG . | while read f; do mv "$f"{,.orig} perl -e \ 'use strict; use File::Slurp; my $text=read_file(\*STDIN); $text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs; print $text;' < "$f.orig" > "$f" rm "$f.orig" done Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com>

/sssd/src/confdb/confdb.c /sssd/src/confdb/confdb_setup.c sysdb.c sysdb_autofs.c sysdb_idmap.c sysdb_ops.c sysdb_ranges.c sysdb_search.c sysdb_selinux.c sysdb_services.c sysdb_ssh.c sysdb_subdomains.c sysdb_sudo.c sysdb_upgrade.c /sssd/src/monitor/monitor.c /sssd/src/monitor/monitor_netlink.c /sssd/src/monitor/monitor_sbus.c /sssd/src/providers/ad/ad_access.c /sssd/src/providers/ad/ad_common.c /sssd/src/providers/ad/ad_domain_info.c /sssd/src/providers/ad/ad_dyndns.c /sssd/src/providers/ad/ad_id.c /sssd/src/providers/ad/ad_init.c /sssd/src/providers/ad/ad_srv.c /sssd/src/providers/ad/ad_subdomains.c /sssd/src/providers/data_provider_be.c /sssd/src/providers/data_provider_callbacks.c /sssd/src/providers/data_provider_fo.c /sssd/src/providers/data_provider_opts.c /sssd/src/providers/dp_auth_util.c /sssd/src/providers/dp_dyndns.c /sssd/src/providers/dp_pam_data_util.c /sssd/src/providers/dp_ptask.c /sssd/src/providers/dp_refresh.c /sssd/src/providers/fail_over.c /sssd/src/providers/fail_over_srv.c /sssd/src/providers/ipa/ipa_access.c /sssd/src/providers/ipa/ipa_auth.c /sssd/src/providers/ipa/ipa_autofs.c /sssd/src/providers/ipa/ipa_common.c /sssd/src/providers/ipa/ipa_config.c /sssd/src/providers/ipa/ipa_dyndns.c /sssd/src/providers/ipa/ipa_hbac_common.c /sssd/src/providers/ipa/ipa_hbac_hosts.c /sssd/src/providers/ipa/ipa_hbac_rules.c /sssd/src/providers/ipa/ipa_hbac_services.c /sssd/src/providers/ipa/ipa_hbac_users.c /sssd/src/providers/ipa/ipa_hostid.c /sssd/src/providers/ipa/ipa_hosts.c /sssd/src/providers/ipa/ipa_id.c /sssd/src/providers/ipa/ipa_idmap.c /sssd/src/providers/ipa/ipa_init.c /sssd/src/providers/ipa/ipa_netgroups.c /sssd/src/providers/ipa/ipa_s2n_exop.c /sssd/src/providers/ipa/ipa_selinux.c /sssd/src/providers/ipa/ipa_selinux_maps.c /sssd/src/providers/ipa/ipa_srv.c /sssd/src/providers/ipa/ipa_subdomains.c /sssd/src/providers/ipa/ipa_subdomains_ext_groups.c /sssd/src/providers/ipa/ipa_subdomains_id.c /sssd/src/providers/ipa/ipa_sudo.c /sssd/src/providers/krb5/krb5_access.c /sssd/src/providers/krb5/krb5_auth.c /sssd/src/providers/krb5/krb5_become_user.c /sssd/src/providers/krb5/krb5_child.c /sssd/src/providers/krb5/krb5_child_handler.c /sssd/src/providers/krb5/krb5_common.c /sssd/src/providers/krb5/krb5_delayed_online_authentication.c /sssd/src/providers/krb5/krb5_init.c /sssd/src/providers/krb5/krb5_init_shared.c /sssd/src/providers/krb5/krb5_renew_tgt.c /sssd/src/providers/krb5/krb5_utils.c /sssd/src/providers/krb5/krb5_wait_queue.c /sssd/src/providers/ldap/ldap_access.c /sssd/src/providers/ldap/ldap_auth.c /sssd/src/providers/ldap/ldap_child.c /sssd/src/providers/ldap/ldap_common.c /sssd/src/providers/ldap/ldap_id.c /sssd/src/providers/ldap/ldap_id_cleanup.c /sssd/src/providers/ldap/ldap_id_enum.c /sssd/src/providers/ldap/ldap_id_netgroup.c /sssd/src/providers/ldap/ldap_id_services.c /sssd/src/providers/ldap/ldap_init.c /sssd/src/providers/ldap/sdap.c /sssd/src/providers/ldap/sdap_access.c /sssd/src/providers/ldap/sdap_async.c /sssd/src/providers/ldap/sdap_async_autofs.c /sssd/src/providers/ldap/sdap_async_connection.c /sssd/src/providers/ldap/sdap_async_enum.c /sssd/src/providers/ldap/sdap_async_groups.c /sssd/src/providers/ldap/sdap_async_groups_ad.c /sssd/src/providers/ldap/sdap_async_initgroups.c /sssd/src/providers/ldap/sdap_async_initgroups_ad.c /sssd/src/providers/ldap/sdap_async_nested_groups.c /sssd/src/providers/ldap/sdap_async_netgroups.c /sssd/src/providers/ldap/sdap_async_services.c /sssd/src/providers/ldap/sdap_async_sudo.c /sssd/src/providers/ldap/sdap_async_sudo_hostinfo.c /sssd/src/providers/ldap/sdap_async_sudo_timer.c /sssd/src/providers/ldap/sdap_async_users.c /sssd/src/providers/ldap/sdap_autofs.c /sssd/src/providers/ldap/sdap_child_helpers.c /sssd/src/providers/ldap/sdap_dyndns.c /sssd/src/providers/ldap/sdap_fd_events.c /sssd/src/providers/ldap/sdap_id_op.c /sssd/src/providers/ldap/sdap_idmap.c /sssd/src/providers/ldap/sdap_range.c /sssd/src/providers/ldap/sdap_refresh.c /sssd/src/providers/ldap/sdap_reinit.c /sssd/src/providers/ldap/sdap_sudo.c /sssd/src/providers/ldap/sdap_sudo_cache.c /sssd/src/providers/proxy/proxy_auth.c /sssd/src/providers/proxy/proxy_child.c /sssd/src/providers/proxy/proxy_id.c /sssd/src/providers/proxy/proxy_init.c /sssd/src/providers/proxy/proxy_netgroup.c /sssd/src/providers/proxy/proxy_services.c /sssd/src/providers/simple/simple_access.c /sssd/src/providers/simple/simple_access_check.c /sssd/src/resolv/async_resolv.c /sssd/src/resolv/async_resolv_utils.c /sssd/src/responder/autofs/autofssrv.c /sssd/src/responder/autofs/autofssrv_cmd.c /sssd/src/responder/autofs/autofssrv_dp.c /sssd/src/responder/common/negcache.c /sssd/src/responder/common/responder_cmd.c /sssd/src/responder/common/responder_common.c /sssd/src/responder/common/responder_dp.c /sssd/src/responder/common/responder_get_domains.c /sssd/src/responder/nss/nsssrv.c /sssd/src/responder/nss/nsssrv_cmd.c /sssd/src/responder/nss/nsssrv_mmap_cache.c /sssd/src/responder/nss/nsssrv_netgroup.c /sssd/src/responder/nss/nsssrv_private.h /sssd/src/responder/nss/nsssrv_services.c /sssd/src/responder/pac/pacsrv.c /sssd/src/responder/pac/pacsrv_cmd.c /sssd/src/responder/pac/pacsrv_utils.c /sssd/src/responder/pam/pam_LOCAL_domain.c /sssd/src/responder/pam/pam_helpers.c /sssd/src/responder/pam/pamsrv.c /sssd/src/responder/pam/pamsrv_cmd.c /sssd/src/responder/pam/pamsrv_dp.c /sssd/src/responder/ssh/sshsrv.c /sssd/src/responder/ssh/sshsrv_cmd.c /sssd/src/responder/ssh/sshsrv_dp.c /sssd/src/responder/sudo/sudosrv.c /sssd/src/responder/sudo/sudosrv_cmd.c /sssd/src/responder/sudo/sudosrv_dp.c /sssd/src/responder/sudo/sudosrv_get_sudorules.c /sssd/src/responder/sudo/sudosrv_query.c /sssd/src/sbus/sbus_client.c /sssd/src/sbus/sssd_dbus_common.c /sssd/src/sbus/sssd_dbus_connection.c /sssd/src/sbus/sssd_dbus_server.c /sssd/src/sss_client/ssh/sss_ssh_authorizedkeys.c /sssd/src/sss_client/ssh/sss_ssh_knownhostsproxy.c /sssd/src/tests/auth-tests.c /sssd/src/tests/cmocka/test_dyndns.c /sssd/src/tests/cmocka/test_fqnames.c /sssd/src/tests/cmocka/test_nss_srv.c /sssd/src/tests/cmocka/test_utils.c /sssd/src/tests/common_dom.c /sssd/src/tests/common_tev.c /sssd/src/tests/debug-tests.c /sssd/src/tests/files-tests.c /sssd/src/tests/krb5_child-test.c /sssd/src/tests/resolv-tests.c /sssd/src/tests/simple_access-tests.c /sssd/src/tests/sysdb-tests.c /sssd/src/tests/sysdb_ssh-tests.c /sssd/src/tools/files.c /sssd/src/tools/selinux.c /sssd/src/tools/sss_cache.c /sssd/src/tools/sss_debuglevel.c /sssd/src/tools/sss_groupadd.c /sssd/src/tools/sss_groupdel.c /sssd/src/tools/sss_groupmod.c /sssd/src/tools/sss_groupshow.c /sssd/src/tools/sss_seed.c /sssd/src/tools/sss_sync_ops.c /sssd/src/tools/sss_useradd.c /sssd/src/tools/sss_userdel.c /sssd/src/tools/sss_usermod.c /sssd/src/tools/tools_mc_util.c /sssd/src/tools/tools_util.c /sssd/src/tools/tools_util.h /sssd/src/util/authtok.c /sssd/src/util/backup_file.c /sssd/src/util/check_and_open.c /sssd/src/util/child_common.c /sssd/src/util/crypto/libcrypto/crypto_base64.c /sssd/src/util/crypto/libcrypto/crypto_obfuscate.c /sssd/src/util/crypto/nss/nss_obfuscate.c /sssd/src/util/crypto/nss/nss_util.c /sssd/src/util/debug.c /sssd/src/util/domain_info_utils.c /sssd/src/util/find_uid.c /sssd/src/util/nscd.c /sssd/src/util/server.c /sssd/src/util/signal.c /sssd/src/util/sss_ini.c /sssd/src/util/sss_krb5.c /sssd/src/util/sss_krb5.h /sssd/src/util/sss_ldap.c /sssd/src/util/sss_nss.c /sssd/src/util/sss_selinux.c /sssd/src/util/sss_ssh.c /sssd/src/util/sss_tc_utf8.c /sssd/src/util/user_info_msg.c /sssd/src/util/usertools.c /sssd/src/util/util.c /sssd/src/util/util.h /sssd/src/util/util_lock.c /sssd/src/util/well_known_sids.c
17759fc794c22898d1db609b736fbcd77536d150 15-Nov-2013 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Drop the sysdb_ctx parameter from SELinux functions
7a1a56860993475d0025e7411547649abf09d32c 15-Nov-2013 Jakub Hrozek <jhrozek@redhat.com>

Merge ipa_selinux_common.c and ipa_selinux.c Moved unused functions and merged ipa_selinux_common.c into ipa_selinux.c
b42bb7d9dbf9a4c44a03e7bf1bab471a8a85e858 19-Mar-2013 Michal Zidek <mzidek@redhat.com>

Move SELinux processing to provider. The SELinux processing was distributed between provider and pam responder which resulted in hard to maintain code. This patch moves the logic to provider. IT ALSO REQUIRES CHANGE IN THE SELINUX POLICY, because the provider also writes the content of selinux login file to disk (which was done by responder before). https://fedorahosted.org/sssd/ticket/1743
740870643f337ce70d85f25f9ed057cd1f91028c 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain argument to sysdb selinux functions
2ce00e0d3896bb42db169d1e79553a81ca837a22 15-Jan-2013 Simo Sorce <simo@redhat.com>

Add domain to sysdb_search_user_by_name() Also remove unused sysdb_search_domuser_by_name()
1e6f2180724de4722a5218826c9401181168d9d4 15-Jan-2013 Simo Sorce <simo@redhat.com>

Remove the sysdb_ctx_get_domain() function. We are deprecating sysdb->domain so kill the function that gives access to this member as we should stop relying on it being available (or correct).
6f0daa807ac0bb560353c5d5e25638cf1972f79f 08-Jan-2013 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Split a function to read all SELinux maps
ebb1f28998c06984765e3e78d30911c1c3ec84e2 13-Sep-2012 Jakub Hrozek <jhrozek@redhat.com>

SELinux: Always use the default if it exists on the server https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether
894d18ff4178f40a18bbfece8fae270d8307eac6 13-Sep-2012 Jakub Hrozek <jhrozek@redhat.com>

DB: Always write the SELinux object to sysdb There's no point in checking if the object already exists because we always wipe the whole sysdb subtree. We were also immediatelly cancelling the transaction because we'd jump to goto, even though it was with EOK.
3a59cbd0b7b9c5dd3c62ac1679876070c264d80f 04-Sep-2012 Michal Zidek <mzidek@redhat.com>

Unify usage of sysdb transactions (part 2).
f004e23af14fe020d81b8f97f30b448105b79606 16-Aug-2012 Jakub Hrozek <jhrozek@redhat.com>

Only create the SELinux login file if there are mappings on the server https://fedorahosted.org/sssd/ticket/1455 In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers. The IPA default must be only used if there *are* rules on the server, but none matches.
21b3c8aff20d1987add2a93561653a3d6a9685d4 20-Jul-2012 Jakub Hrozek <jhrozek@redhat.com>

Fix sysdb_search_selinux_usermap_by_username return value There was a logic bug in sysdb_search_selinux_usermap_by_username that resulted in returning the value the variable "ret" had after the last call to sysdb_attrs_get_uint32_t, which in cases the last rule processed did not have the requested attributes led to using the default user context.
8bbf89c5ab798c112773fe23515c3a9df56dde71 18-Jul-2012 Nick Guay <nguay@redhat.com>

Fix uninitialized values https://fedorahosted.org/sssd/ticket/1379
ecfd767c65c39414a86937380b9986c6d2e0aecf 18-Jul-2012 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: Delete SELinux mappings
1a3e6221b38a7cae27d7e84a30bb8ea3c3900a47 18-Jul-2012 Jan Zeleny <jzeleny@redhat.com>

Modify priority evaluation in SELinux user maps The functionality now is following: When rule is being matched, its priority is determined as a combination of user and host specificity (host taking preference). After the rule is matched in provider, only its host priority is stored in sysdb for later usage. When rules are matched in the responder, their user priority is determined. After that their host priority is retrieved directly from sysdb and sum of both priorities is user to determine whether to use that rule or not. If more rules have the same priority, the order given in IPA config is used. https://fedorahosted.org/sssd/ticket/1360 https://fedorahosted.org/sssd/ticket/1395
20aee697450e41423ca0e2fc749e659d18f19976 02-May-2012 Jakub Hrozek <jhrozek@redhat.com>

SYSDB: return EOK if empty message is passed into get_rm_msg If the code never entered the loop in get_rm_message, we would return arbitrary return value.
4c11f752e1f10cf5740d53a3206bb795e9e34fe8 06-Feb-2012 Jan Zeleny <jzeleny@redhat.com>

Added some SELinux-related sysdb routines