summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Allow returning arbitrary address from resolv_hostent as stringJakub Hrozek2011-07-112-3/+10
|
* Split reading resolver family order into a separate functionJakub Hrozek2011-07-113-23/+52
|
* Do not hardcode default resolver timeoutJakub Hrozek2011-07-112-1/+3
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-112-14/+36
| | | | https://fedorahosted.org/sssd/ticket/909
* Move IP adress escaping from the LDAP namespaceJakub Hrozek2011-07-115-14/+14
|
* Allow NULL memctx in sysdb_custom_subtree_dnStephen Gallagher2011-07-081-3/+11
| | | | ldb_dn_new_fmt() has a bug and cannot take a NULL memory context
* Add LDAP access control based on NDS attributesSumit Bose2011-07-089-3/+253
|
* Add support for experimental featuresSumit Bose2011-07-082-0/+10
| | | | | | | | | | | | New experimental features should have their own configure switch to enable or disable them at compile time. Additionally they can check if the configure variable build_all_experimental_features is set and enable the feature. This variable will be set if the command line option --enable-all-experimental-features is used to configure sssd. This will make it easy to enable all experimental features. Experimental features should be marked in the man pages. To simplify this include/experimental.xml can be used.
* Provide python bindings for the HBAC evaluator libraryJakub Hrozek2011-07-084-4/+2243
|
* Treat NULL or empty rhost as unknownStephen Gallagher2011-07-082-11/+25
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add ipa_hbac_treat_deny_as optionStephen Gallagher2011-07-086-2/+42
| | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
* Add ipa_hbac_refresh optionStephen Gallagher2011-07-087-1/+38
| | | | | This option describes the time between refreshes of the HBAC rules on the IPA server.
* Add new HBAC lookup and evaluation routinesStephen Gallagher2011-07-083-125/+400
|
* Remove old HBAC implementationStephen Gallagher2011-07-082-1595/+1
|
* Add helper functions for looking up HBAC rule componentsStephen Gallagher2011-07-087-0/+2622
|
* Add HBAC evaluator and testsStephen Gallagher2011-07-087-2/+1062
|
* Add helper function msgs2attrs_arrayStephen Gallagher2011-07-082-0/+33
| | | | | This function converts a list of ldb_messages into a list of sysdb_attrs.
* ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek2011-07-051-12/+17
| | | | https://fedorahosted.org/sssd/ticket/915
* Call ldap_install_tls() on ldaps connectionsSumit Bose2011-07-051-0/+15
|
* Replace system() function with fork and execl call.Matthew Ife2011-07-011-22/+30
| | | | | | | | | | This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Do not access state after tevent_req_done() is called.Sumit Bose2011-07-011-10/+16
|
* Do not attempt to close() a file descriptor < 0Stephen Gallagher2011-07-011-1/+3
| | | | Coverity 10886
* Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2011-06-306-38/+435
|
* Use name based URI instead of IP address based URIsSumit Bose2011-06-302-38/+3
|
* Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2011-06-302-0/+40
|
* Add sockaddr_storage to sdap_serviceSumit Bose2011-06-305-0/+62
|
* fix typosSimo Sorce2011-06-271-5/+5
|
* Fall back to polling when inotify failsJan Zeleny2011-06-241-28/+68
|
* Log nsupdate messageJakub Hrozek2011-06-211-0/+3
| | | | https://fedorahosted.org/sssd/ticket/893
* Test NULL server hostname in fail over testsJakub Hrozek2011-06-161-8/+16
|
* Provide TTL structure names for c-ares < 1.7Jakub Hrozek2011-06-162-0/+11
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time.
* Do not check pwdAttributeSumit Bose2011-06-161-9/+0
| | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-1510-276/+401
|
* Resolve hosts by name from DNS into resolv_hostentJakub Hrozek2011-06-151-0/+254
|
* Resolve hosts by name from files into resolv_hostentJakub Hrozek2011-06-151-0/+92
|
* Add new resolv_hostent data structure and utility functionsJakub Hrozek2011-06-152-0/+200
|
* Fix proxy provider return code for secondary missing groupsSumit Bose2011-06-151-1/+3
|
* Add missing libsss_util to proxy providerSumit Bose2011-06-151-0/+1
|
* Unit test for parge_argsJakub Hrozek2011-06-151-0/+58
|
* Make parse_args skip extra spacesJakub Hrozek2011-06-151-16/+24
| | | | https://fedorahosted.org/sssd/ticket/871
* Fix two typosSumit Bose2011-06-151-2/+3
|
* Delete cached ccache file if password is expiredSumit Bose2011-06-151-8/+63
|
* Non-posix group processing - ldap provider and nss responderJan Zeleny2011-06-023-31/+90
|
* Non-posix group processing - sysdb changesJan Zeleny2011-06-023-23/+32
|
* Added sysdb_attrs_get_bool() functionJan Zeleny2011-06-022-0/+24
|
* Escape IPv6 IP addresses in the IPA providerJakub Hrozek2011-06-021-4/+26
| | | | https://fedorahosted.org/sssd/ticket/880
* Use escaped IP addresses in LDAP providerJakub Hrozek2011-06-021-6/+56
|
* Add a utility function to escape IPv6 address for use in URIsJakub Hrozek2011-06-022-0/+11
|
* Add utility function to return IP address as stringJakub Hrozek2011-06-024-17/+31
|
* Add online callback only once for TGT renewalSumit Bose2011-06-021-25/+44
|
generated by cgit (git 2.34.1) at 2024-04-27 09:43:04 +0000