Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add sdap_connection_expire_timeout option | Stephen Gallagher | 2011-12-12 | 2 | -2/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/1036 | ||||
* | Fix uninitialized value error in ipa_netgroups.c | Stephen Gallagher | 2011-12-12 | 1 | -0/+1 |
| | | | | | | | DEBUG message can print an unitialized value if the first netgroup has no members. Coverity 12382 | ||||
* | Fixed IPA netgroup processing | Jan Zeleny | 2011-12-09 | 3 | -2/+7 |
| | | | | | | | | In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future. | ||||
* | Add ldap_sasl_minssf option | Jan Zeleny | 2011-12-08 | 2 | -1/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/1075 | ||||
* | Allow using Glib for UTF8 support | Stephen Gallagher | 2011-12-05 | 1 | -33/+11 |
| | |||||
* | Add ipa_hbac_support_srchost option to IPA provider | Jan Zeleny | 2011-11-29 | 6 | -36/+151 |
| | | | | | don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078 | ||||
* | IPA migration fixes | Jakub Hrozek | 2011-11-29 | 3 | -97/+141 |
| | | | | | | | * use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924 | ||||
* | Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connections | Jakub Hrozek | 2011-11-29 | 1 | -1/+1 |
| | |||||
* | Fixed logically dead code in netgroup processing | Jan Zeleny | 2011-11-28 | 1 | -1/+1 |
| | |||||
* | Fixed uninitialized pointer read in netgroups processing | Jan Zeleny | 2011-11-28 | 1 | -0/+6 |
| | |||||
* | Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA provider | Jakub Hrozek | 2011-11-25 | 2 | -2/+4 |
| | | | | | This was causing a segfault during HBAC processing and any ID lookups except for netgroups | ||||
* | Added IPA account info handler | Jan Zeleny | 2011-11-23 | 3 | -1/+373 |
| | | | | | Currently it is only handling netgroups by itself, other requests are forwarded to LDAP provider. | ||||
* | Added support for fetching netgroups in IPA provider | Jan Zeleny | 2011-11-23 | 1 | -0/+992 |
| | |||||
* | New IPA ID context | Jan Zeleny | 2011-11-23 | 3 | -22/+37 |
| | |||||
* | Added and modified options for IPA netgroups | Jan Zeleny | 2011-11-23 | 2 | -24/+69 |
| | |||||
* | Modified sdap_parse_search_base() | Jan Zeleny | 2011-11-23 | 1 | -4/+4 |
| | |||||
* | Cleanup: Remove unused parameters | Jakub Hrozek | 2011-11-22 | 10 | -40/+6 |
| | |||||
* | Support to request canonicalization in LDAP/IPA provider | Jan Zeleny | 2011-11-02 | 2 | -1/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/957 | ||||
* | Add support to request canonicalization on krb AS requests | Jan Zeleny | 2011-11-02 | 2 | -2/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/957 | ||||
* | LDAP: Add parser for multiple search bases | Stephen Gallagher | 2011-11-02 | 1 | -0/+20 |
| | |||||
* | Add a missing break | Jakub Hrozek | 2011-10-17 | 1 | -0/+1 |
| | |||||
* | HBAC: Use originalMember for identifying hostgroups | Stephen Gallagher | 2011-10-14 | 3 | -45/+165 |
| | |||||
* | HBAC: Use originalMember for identifying servicegroups | Stephen Gallagher | 2011-10-14 | 3 | -41/+169 |
| | |||||
* | HBAC: Do not save member/memberOf links | Stephen Gallagher | 2011-10-14 | 1 | -120/+0 |
| | | | | We can just trust the values from the FreeIPA server | ||||
* | HBAC: fix typos preventing proper hostgroup evaluation | Stephen Gallagher | 2011-09-28 | 1 | -3/+3 |
| | |||||
* | IPA access: hostname comparison should be case-insensitive | Jakub Hrozek | 2011-09-28 | 1 | -1/+1 |
| | |||||
* | Multiline macro cleanup | Jakub Hrozek | 2011-09-28 | 2 | -2/+2 |
| | | | | | | | | | | This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again. | ||||
* | Improve documentation of libipa_hbac | Stephen Gallagher | 2011-09-08 | 2 | -21/+1697 |
| | |||||
* | Do not access memory out of bounds | Sumit Bose | 2011-09-07 | 1 | -2/+2 |
| | |||||
* | HBAC: Properly skip all non-group memberOf entries | Stephen Gallagher | 2011-08-29 | 1 | -1/+2 |
| | |||||
* | HBAC: Use of hostgroups for targethost or sourcehost was broken | Stephen Gallagher | 2011-08-26 | 1 | -4/+4 |
| | | | | | We were trying to look up the wrong attribute for the name of the hostgroup. | ||||
* | HBAC: Handle saving groups that have no members | Stephen Gallagher | 2011-08-26 | 1 | -7/+21 |
| | |||||
* | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 2011-08-26 | 2 | -2/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/978 | ||||
* | IPA dyndns: do not segfault if the server cannot be resolved | Jakub Hrozek | 2011-08-25 | 1 | -4/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/963 | ||||
* | sysdb refactoring: memory context deleted | Jan Zeleny | 2011-08-15 | 2 | -3/+3 |
| | | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | ||||
* | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 2011-08-15 | 6 | -17/+12 |
| | | | | | The patch also updates code using modified functions. Tests have also been adjusted. | ||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/944 | ||||
* | Add rule validator to libipa_hbac | Stephen Gallagher | 2011-08-01 | 2 | -0/+74 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | ||||
* | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 2011-07-29 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/936 | ||||
* | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 2011-07-29 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/933 | ||||
* | libipa_hbac: Support case-insensitive comparisons with UTF8 | Stephen Gallagher | 2011-07-29 | 1 | -16/+98 |
| | |||||
* | fo_get_server_name() getter for a server name | Jakub Hrozek | 2011-07-21 | 1 | -1/+9 |
| | | | | | Allows to be more concise in tests and more defensive in resolve callbacks | ||||
* | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 2011-07-21 | 1 | -2/+2 |
| | |||||
* | Remove unused krb5_service structure member | Jakub Hrozek | 2011-07-13 | 1 | -2/+0 |
| | |||||
* | Check DNS records before updating | Jakub Hrozek | 2011-07-11 | 4 | -25/+470 |
| | | | | https://fedorahosted.org/sssd/ticket/802 | ||||
* | Escape IP address in kdcinfo | Jakub Hrozek | 2011-07-11 | 1 | -10/+10 |
| | | | | https://fedorahosted.org/sssd/ticket/909 | ||||
* | Move IP adress escaping from the LDAP namespace | Jakub Hrozek | 2011-07-11 | 1 | -3/+3 |
| | |||||
* | Add LDAP access control based on NDS attributes | Sumit Bose | 2011-07-08 | 1 | -1/+4 |
| | |||||
* | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2011-07-08 | 2 | -11/+25 |
| | | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. |