summaryrefslogtreecommitdiffstats
path: root/Makefile.am
Commit message (Collapse)AuthorAgeFilesLines
* Add option to specify the kerberos replay cache dirStephen Gallagher2011-09-071-0/+4
| | | | | | | Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
* Provide python bindings for the HBAC evaluator libraryJakub Hrozek2011-08-041-3/+20
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Fixes for python HBAC bindings These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts Fix python HBAC bindings for python <= 2.4 Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4 Remove dead code from python HBAC bindings https://fedorahosted.org/sssd/ticket/935 Handle allocation error in python HBAC bindings https://fedorahosted.org/sssd/ticket/934 HBAC rule validation Python bindings https://fedorahosted.org/sssd/ticket/943
* Rewrite HBAC rule evaluatorStephen Gallagher2011-08-041-2/+36
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Add helper function msgs2attrs_array This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h Add HBAC evaluator and tests Add helper functions for looking up HBAC rule components Remove old HBAC implementation Add new HBAC lookup and evaluation routines Conflicts: Makefile.am Add ipa_hbac_refresh option This option describes the time between refreshes of the HBAC rules on the IPA server. Add ipa_hbac_treat_deny_as option By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. Treat NULL or empty rhost as unknown Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. libipa_hbac: Support case-insensitive comparisons with UTF8 UTF8 HBAC test Fix memory leak in ipa_hbac_evaluate_rules https://fedorahosted.org/sssd/ticket/933 Fix incorrect NULL check in ipa_hbac_common.c https://fedorahosted.org/sssd/ticket/936 Require matched version and release for libipa_hbac Add rule validator to libipa_hbac https://fedorahosted.org/sssd/ticket/943
* Build and install translated man pages by defaultSumit Bose2010-12-231-3/+0
|
* Make manual pages translatableJakub Hrozek2010-12-221-37/+10
| | | | | | | | | Utilizes PO4A to extract translatable strings from Docbook XML sources and allows translators to submit ordinary .PO files. PO4A then generates translated Docbook documents that can be used to generate translated end user documentation. https://fedorahosted.org/sssd/ticket/297
* Serialize requests of the same user in the krb5 providerSumit Bose2010-12-201-0/+2
|
* Bye, bye, ipa_timerulesSumit Bose2010-12-081-20/+0
| | | | | | It was decided that IPA HBAC will move to a different format to specify time ranges in access control rules. The evaluation based on the old format is not needed anymore.
* Add support for FAST in krb5 providerSumit Bose2010-12-071-0/+1
|
* Make sure that sss_obfuscate installs as executableStephen Gallagher2010-12-061-1/+1
|
* Add support for automatic Kerberos ticket renewalSumit Bose2010-12-031-0/+2
|
* Add krb5_renewable_lifetime optionSumit Bose2010-12-031-0/+1
|
* Print correct error messages for dp_err_to_string()Stephen Gallagher2010-11-241-1/+2
| | | | | | | | | | | All errnum values passed into this function throughout the code are PAM error codes, but we were passing them through strerror() to print them, which is only meaningful for ERRNO error codes. This patch changes dp_err_to_string() to use pam_strerror() and renames it to dp_pam_err_to_string() for clarity. https://fedorahosted.org/sssd/ticket/636
* Sanitize search filters in memberOf pluginStephen Gallagher2010-11-151-1/+3
|
* Make handle_child_* request publicSumit Bose2010-11-041-1/+3
| | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
* Add infrastructure for Kerberos access providerSumit Bose2010-11-041-1/+3
|
* Always use uint32_t for UID/GID numbersJakub Hrozek2010-10-261-0/+1
|
* Improve versioning for automated buildsStephen Gallagher2010-10-261-5/+5
| | | | | | Also changes 'make srpms' and 'make prerelease-srpms' to 'make srpm' and 'make prerelease-srpm', as we are only building one SRPM.
* Implement netgroups for proxy providerSumit Bose2010-10-251-0/+1
|
* Write log opening failures to the syslogStephen Gallagher2010-10-191-1/+1
| | | | | If there is a problem with reopening the logs, it can be an audit trail issue.
* Fix 'make distcheck' for XML documentationStephen Gallagher2010-10-181-1/+1
| | | | | A missing $(srcdir) variable was preventing 'make distcheck' from working if run from a parallel build directory.
* Rename upgrade_config.py and build it properlyStephen Gallagher2010-10-131-4/+2
| | | | | | | | Previously, we were just copying the script into the libexec dir during installation. However, this causes problems for packaging multilib on several distributions. https://fedorahosted.org/sssd/ticket/641
* Implement netgroup support for LDAP providerSumit Bose2010-10-131-0/+4
|
* Add netgroup support to the NSS responderStephen Gallagher2010-10-131-0/+3
|
* Add support for netgroups to NSS sss_clientStephen Gallagher2010-10-131-1/+3
|
* Rename group.c and passwd.c for clarityStephen Gallagher2010-10-131-2/+2
| | | | | Prefixing group.c and passwd.c with "nss_" similar to the way the PAM client sources are prefixed with "pam_"
* Initialize kerberos service for GSSAPIJakub Hrozek2010-10-131-0/+1
|
* Remove unused definesSumit Bose2010-10-131-2/+0
|
* Distribute XML sources instead of man-pagesSumit Bose2010-10-131-2/+3
|
* Add common hash table setupStephen Gallagher2010-10-081-1/+2
| | | | | sss_hash_create() produces a dhash table living in the talloc hierarchy.
* Revert "Make ldap bind asynchronous"Jakub Hrozek2010-09-151-3/+0
| | | | This reverts 56d8d19ac9d857580a233d8264e851883b883c67
* Remove generated manpages when performing "make clean"Stephen Gallagher2010-09-151-0/+1
| | | | Fixes https://fedorahosted.org/sssd/ticket/614
* Deobfuscate password in back endsJakub Hrozek2010-09-081-2/+4
| | | | | | When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
* sss_obfuscate toolJakub Hrozek2010-09-081-1/+9
| | | | A tool to add obfuscated passwords into the SSSD config file
* Fix pysss linkingJakub Hrozek2010-09-081-0/+3
|
* Password obfuscation utility functionsJakub Hrozek2010-09-081-1/+18
| | | | | | | Adds two utility functions to obfuscate a password and inverse to extract the cleartext password back. So far, only NSS-based implementation is provided.
* Move crypto functions into its own subdirJakub Hrozek2010-09-081-3/+8
| | | | | | A refactoring patch that creates a common util/crypto subdir with per-implementation subdirectories for each underlying crypto library supported by SSSD.
* Remove useless /etc/dbus-1/system.d directory from installationMaxim2010-09-021-2/+0
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Add custom pam module dirMaxim2010-09-021-1/+1
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Add gentoo distrubutionsMaxim2010-09-021-0/+5
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Make ldap bind asynchronousMartin Nagy2010-09-021-0/+3
| | | | | | Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
* Don't build SSSDConfig API when configured with --without-python-bindingsStephen Gallagher2010-08-231-1/+14
|
* Fix building sssdMaxim2010-08-231-0/+6
|
* Rewrite toplevel MakefileStephen Gallagher2010-08-191-13/+1030
| | | | | | There is no longer a need to have nested Makefiles and configure scripts. This patch combines the src/ Makefile and configure.ac into the root.
* Remove common directoryStephen Gallagher2010-08-191-1/+1
| | | | | | | All files formerly in common are now being built individually out of the ding-libs repository. git clone git://git.fedorahosted.org/git/ding-libs.git
* Package libcollection documentation into libcollection-develStephen Gallagher2010-03-081-1/+3
|
* Include hour in 'make prerelease-rpms'Stephen Gallagher2010-02-231-2/+2
|
* Rename server/ directory to src/Stephen Gallagher2010-02-181-2/+2
| | | | Also update BUILD.txt
* Eliminate separate build tree for sss_clientStephen Gallagher2010-02-181-1/+1
|
* Remove replaceSumit Bose2010-02-161-1/+1
|
* Add doxygen docs for ConfDBStephen Gallagher2010-02-151-0/+2
|
generated by cgit (git 2.34.1) at 2024-04-18 03:39:31 +0000