Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use realm for basedn instead of IPA domain | Jakub Hrozek | 2011-02-28 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/807 | ||||
* | Add ipa_hbac_search_base config option | Sumit Bose | 2011-01-19 | 1 | -52/+39 |
| | |||||
* | Add ldap_search_enumeration_timeout config option | Sumit Bose | 2011-01-17 | 1 | -3/+3 |
| | |||||
* | Add timeout parameter to sdap_get_generic_send() | Sumit Bose | 2011-01-17 | 1 | -22/+31 |
| | |||||
* | Fix uninitialized value error in set_local_and_remote_host_info | Stephen Gallagher | 2010-12-17 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/725 | ||||
* | Fix unsafe return condition in ipa_access_handler | Stephen Gallagher | 2010-12-17 | 1 | -1/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/718 | ||||
* | Remove IPA_ACCESS_TIME define | Stephen Gallagher | 2010-12-08 | 1 | -13/+11 |
| | |||||
* | Remove check_access_time() from IPA access provider | Sumit Bose | 2010-12-08 | 1 | -63/+0 |
| | | | | | | It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too. | ||||
* | Use a more efficient host search filter | Sumit Bose | 2010-11-19 | 1 | -5/+6 |
| | |||||
* | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 2010-11-15 | 1 | -2/+17 |
| | |||||
* | Download only enabled IPA HBAC rules | Sumit Bose | 2010-10-22 | 1 | -1/+3 |
| | |||||
* | Save all data to sysdb in one transaction | Sumit Bose | 2010-09-23 | 1 | -222/+131 |
| | |||||
* | Handle host objects like other objects | Sumit Bose | 2010-09-23 | 1 | -128/+181 |
| | |||||
* | Cleaned some dead assignments | Jan Zeleny | 2010-09-07 | 1 | -14/+12 |
| | | | | | | Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582 | ||||
* | Fix IPA access backend handling of obsolete and missing HBAC entries: | eindenbom | 2010-07-23 | 1 | -9/+68 |
| | | | | | - Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR. | ||||
* | Do not treat missing HBAC rules as an error | Sumit Bose | 2010-07-23 | 1 | -0/+5 |
| | |||||
* | Use new LDAP connection framework in IPA access backend. | eindenbom | 2010-07-09 | 1 | -304/+264 |
| | |||||
* | Unify sdap and sysdb data handling | Sumit Bose | 2010-06-02 | 1 | -85/+104 |
| | |||||
* | Compare full service name | Sumit Bose | 2010-06-02 | 1 | -1/+2 |
| | |||||
* | Remove service groups | Sumit Bose | 2010-06-02 | 1 | -191/+7 |
| | | | | | Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore. | ||||
* | Use new schema for HBAC service checks | Sumit Bose | 2010-06-02 | 1 | -21/+637 |
| | |||||
* | Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el() | Sumit Bose | 2010-06-02 | 1 | -23/+12 |
| | | | | | | | | sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT. | ||||
* | Check ipaEnabledFlag | Sumit Bose | 2010-05-27 | 1 | -5/+23 |
| | |||||
* | Don't report a fatal error for an HBAC denial | Stephen Gallagher | 2010-05-16 | 1 | -1/+1 |
| | |||||
* | Compare the full service name | Sumit Bose | 2010-05-07 | 1 | -1/+2 |
| | |||||
* | Fix a wrong return value in IPA HBAC | Sumit Bose | 2010-05-03 | 1 | -2/+2 |
| | |||||
* | Better handle sdap_handle memory from callers. | Simo Sorce | 2010-05-03 | 1 | -8/+0 |
| | | | | | | | | | | | | | Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event. | ||||
* | sysdb: remove remaining traces of sysdb_handle | Simo Sorce | 2010-04-12 | 1 | -4/+0 |
| | |||||
* | Remove remaining use of sysdb_transaction_send | Simo Sorce | 2010-04-12 | 1 | -69/+25 |
| | |||||
* | sysdb: convert sysdb_asq_search | Simo Sorce | 2010-04-12 | 1 | -150/+69 |
| | |||||
* | sysdb: convert sysdb_store_custom | Simo Sorce | 2010-04-12 | 1 | -113/+35 |
| | |||||
* | sysdb: convert sysdb_search_custom | Simo Sorce | 2010-04-12 | 1 | -42/+60 |
| | |||||
* | sysdb: convert sysdb_search_user_by_name/uid | Simo Sorce | 2010-04-12 | 1 | -61/+14 |
| | |||||
* | sysdb: convert sysdb_search_entry and sysdb_delete_recursive | Simo Sorce | 2010-04-12 | 1 | -25/+5 |
| | |||||
* | Fix LDAP search paths for IPA HBAC | Sumit Bose | 2010-03-25 | 1 | -15/+20 |
| | | | | | | - use domain_to_basedn() to construct LDAP search paths for IPA HBAC - move domain_to_basedn() to a separate file to simplify the build of a test | ||||
* | Rename server/ directory to src/ | Stephen Gallagher | 2010-02-18 | 1 | -0/+1823 |
Also update BUILD.txt |