summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove dead code from python HBAC bindingsJakub Hrozek2011-08-011-4/+0
| | | | https://fedorahosted.org/sssd/ticket/935
* Fix python HBAC bindings for python <= 2.4Jakub Hrozek2011-08-017-85/+315
| | | | | | | | | | | | | | | Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4
* Fixes for python HBAC bindingsJakub Hrozek2011-08-012-12/+105
| | | | | | | | | These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts
* Provide python bindings for the HBAC evaluator libraryJakub Hrozek2011-08-014-4/+2243
|
* Treat NULL or empty rhost as unknownStephen Gallagher2011-08-012-11/+25
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add ipa_hbac_treat_deny_as optionStephen Gallagher2011-08-016-2/+42
| | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
* Add ipa_hbac_refresh optionStephen Gallagher2011-08-017-1/+38
| | | | | This option describes the time between refreshes of the HBAC rules on the IPA server.
* Add new HBAC lookup and evaluation routinesStephen Gallagher2011-08-013-125/+400
| | | | | | Conflicts: Makefile.am
* Remove old HBAC implementationStephen Gallagher2011-08-012-1595/+1
|
* Add helper functions for looking up HBAC rule componentsStephen Gallagher2011-08-017-0/+2622
|
* Add HBAC evaluator and testsStephen Gallagher2011-08-017-2/+1062
|
* Add helper function msgs2attrs_arrayStephen Gallagher2011-08-012-0/+33
| | | | | | | | | | This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h
* Change the default value of ldap_tls_cacert in IPA providerJakub Hrozek2011-08-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/944
* Remove incorrect private variableStephen Gallagher2011-08-011-1/+1
| | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback)
* Wrong paramater to sysdb_attrs_add_uint32Jakub Hrozek2011-08-011-1/+1
|
* sss_client: avoid leaking file descriptorsSimo Sorce2011-07-292-0/+15
| | | | | | | | | | If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
* Explicitly ignore groups with gidNumber=0Jakub Hrozek2011-07-272-11/+18
| | | | https://fedorahosted.org/sssd/ticket/916
* Set gidNumber of non-posix groups to 0 even on updatesJakub Hrozek2011-07-271-8/+44
|
* Fix indexing of skipped groupsJakub Hrozek2011-07-211-2/+4
| | | | https://fedorahosted.org/sssd/ticket/928
* Only print server address if one is availableJakub Hrozek2011-07-211-0/+7
|
* Do not add a NULL host parsed from LDAP URIJakub Hrozek2011-07-211-1/+8
| | | | https://fedorahosted.org/sssd/ticket/911
* Use ares_search instead of ares_query for hostname resolutionJakub Hrozek2011-07-131-1/+1
| | | | | | | ares_query does not take search or domain directives from /etc/resolv.conf into account https://fedorahosted.org/sssd/ticket/922
* Bumping version to 1.5.12Stephen Gallagher2011-07-051-1/+1
|
* Fix unchecked return values of pam_add_responsesssd-1_5_11Jakub Hrozek2011-07-053-7/+23
| | | | https://fedorahosted.org/sssd/ticket/798
* ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek2011-07-051-12/+17
| | | | https://fedorahosted.org/sssd/ticket/915
* Call ldap_install_tls() on ldaps connectionsSumit Bose2011-07-051-0/+15
|
* Replace system() function with fork and execl call.Matthew Ife2011-07-051-22/+30
| | | | | | | | | | This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Bumping version to 1.5.11Stephen Gallagher2011-07-011-1/+1
|
* Do not access state after tevent_req_done() is called.sssd-1_5_10Sumit Bose2011-07-011-10/+16
|
* Do not attempt to close() a file descriptor < 0Stephen Gallagher2011-07-011-1/+3
| | | | Coverity 10886
* Bumping version to 1.5.10Stephen Gallagher2011-07-011-1/+1
|
* Updating translation files for SSSD 1.5.9sssd-1_5_9Stephen Gallagher2011-06-3099-7605/+8631
|
* Don't pass NULL to printf for TLS errorsJakub Hrozek2011-06-305-33/+56
| | | | | | | | https://fedorahosted.org/sssd/ticket/643 Conflicts: src/util/sss_ldap.h
* Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2011-06-306-38/+435
|
* Use name based URI instead of IP address based URIsSumit Bose2011-06-302-38/+3
|
* Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2011-06-302-0/+40
|
* Add sockaddr_storage to sdap_serviceSumit Bose2011-06-305-0/+62
|
* Log nsupdate messageJakub Hrozek2011-06-301-0/+3
| | | | https://fedorahosted.org/sssd/ticket/893
* Test NULL server hostname in fail over testsJakub Hrozek2011-06-301-8/+16
|
* Provide TTL structure names for c-ares < 1.7Jakub Hrozek2011-06-302-0/+11
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time.
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-3010-277/+402
| | | | | | Conflicts: src/providers/fail_over.c
* Resolve hosts by name from DNS into resolv_hostentJakub Hrozek2011-06-301-0/+254
|
* Resolve hosts by name from files into resolv_hostentJakub Hrozek2011-06-301-0/+92
|
* Add new resolv_hostent data structure and utility functionsJakub Hrozek2011-06-302-0/+200
|
* Fall back to polling when inotify failsJan Zeleny2011-06-241-28/+68
|
* Do not check pwdAttributeSumit Bose2011-06-161-9/+0
| | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
* Delete cached ccache file if password is expiredSumit Bose2011-06-151-8/+63
|
* Add new options to override shell valueJakub Hrozek2011-06-029-1/+189
| | | | | | | | https://fedorahosted.org/sssd/ticket/742 Conflicts: src/conf_macros.m4
* Add a new option to override home directory valueJakub Hrozek2011-06-029-2/+192
| | | | https://fedorahosted.org/sssd/ticket/551
* Add a new option to override primary GID numberJakub Hrozek2011-06-028-2/+33
| | | | https://fedorahosted.org/sssd/ticket/742