| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
| |
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/934
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/935
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/916
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/930
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/928
|
|
|
|
|
| |
Allows to be more concise in tests and more defensive in resolve
callbacks
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/911
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several parts of the HBAC python bindings did not work with old Python
versions, such as the one shipped in RHEL5.
The changes include:
* a compatibility wrapper around python set object
* PyModule_AddIntMacro compat macro
* Py_ssize_t compat definition
* Do not use PyUnicode_FromFormat
* several function prototypes and structures used to have "char
arguments where they have "const char *" in recent versions.
This caused compilation warnings this patch mitigates by using
the discard_const hack on python 2.4
|
|
|
|
|
|
|
|
|
| |
These changes were proposed during a review:
* Change the signature of str_concat_sequence() to const char *
* use a getsetter for HbacRule.enabled to allow string true/false and
integer 1/0 in addition to bool
* fix a minor memory leak (HbacRequest.rule_name)
* remove overzealous discard consts
|
|
|
|
|
|
|
| |
ares_query does not take search or domain directives from
/etc/resolv.conf into account
https://fedorahosted.org/sssd/ticket/922
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/802
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/909
|
| |
|
|
|
|
| |
ldb_dn_new_fmt() has a bug and cannot take a NULL memory context
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
New experimental features should have their own configure switch to
enable or disable them at compile time. Additionally they can check if
the configure variable build_all_experimental_features is set and enable
the feature. This variable will be set if the command line option
--enable-all-experimental-features is used to configure sssd. This will
make it easy to enable all experimental features.
Experimental features should be marked in the man pages. To simplify
this include/experimental.xml can be used.
|
| |
|
|
|
|
|
|
|
| |
Previously, we were assuming this meant it was coming from the
localhost, but this is not a safe assumption. We will now treat it
as unknown and it will fail to match any rule that requires a
specified srchost or group of srchosts.
|
|
|
|
|
|
| |
By default, we will treat the presence of any DENY rule as denying
all users. This option will allow the admin to explicitly ignore
DENY rules during a transitional period.
|
|
|
|
|
| |
This option describes the time between refreshes of the HBAC rules
on the IPA server.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
This function converts a list of ldb_messages into a list of
sysdb_attrs.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/915
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This is much more selinux friendly as it allows policy makers to call
nscd_domtrans to transition to nscd_t instead of giving more access to
the system via the corcmd_exec_bin macro.
Modified-by: Simo Sorce <ssorce@redhat.com>
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|
| |
|
|
|
|
| |
Coverity 10886
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/893
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/898
In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to
ares_addrttl/ares_addr6ttl so they are in the ares_ namespace.
Because they are committed to stable ABI, the contents are the same, just
the name changed -- so it is safe to just #define the new name for older
c-ares version in case the new one is not detected in configure time.
|
|
|
|
|
|
|
| |
It is not safe to check pwdAttribute to see if server side password
policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is
present the bind response we can assume that there is a server side
password policy.
|