sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	LDAP: Make it possible to use full principal in ldap_sasl_authid again	Jakub Hrozek	2012-11-20	1	-4/+16
\|
*	LDAP: Checking the principal should not be considered fatal	Jakub Hrozek	2012-11-20	1	-6/+10
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	The check is too restrictive as the select_principal_from_keytab can return something else than user requested right now. Consider that user query for host/myserver@EXAMPLE.COM, then the select_principal_from_keytab function will return "myserver" in primary and "EXAMPLE.COM" in realm. So the caller needs to add logic to also break down the principal to get rid of the host/ part. The heuristics would simply get too complex. select_principal_from_keytab will error out anyway if there's no suitable principal at all.
*	LDAP: Provide a common sdap_set_sasl_options init function	Jakub Hrozek	2012-11-20	1	-0/+72
\| \| \| \| \|	The AD and IPA initialization functions shared the same code. This patch moves the code into a common initialization function.
*	Fix segfault when ID-mapping an entry without a SID	Jakub Hrozek	2012-10-10	1	-1/+1
\| \| \| \| \| \| \| \| \|	If there was no SID attribute, then we would have detected it by checking the number of values of an element. We would however happily return EOK in that case and save garbage into the sid_str. This was causing segfault when the entry was supposed to be ID-mapped by had no SID.
*	AUTOFS: Do not fail if search base is not provided	Jakub Hrozek	2012-09-24	1	-2/+2
\|
*	Failover: use _srv_ when no primary server is defined	Pavel Březina	2012-09-17	1	-12/+3
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1521
*	Fix: IPv6 address with square brackets doesn't work.	Michal Zidek	2012-08-23	1	-0/+7
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1365
*	Duplicate detection in fail over did not work.	Michal Zidek	2012-08-15	1	-1/+6
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1472
*	SRV resolution for backup servers should not be permitted.	Michal Zidek	2012-08-09	1	-1/+9
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1463
*	shadow attributes can contain -1	Pavel Březina	2012-08-06	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1393
*	Primary server support: new options in krb5 provider	Jan Zeleny	2012-08-01	1	-4/+3
\| \| \| \| \| \|	This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
*	Primary server support: LDAP adaptation	Jan Zeleny	2012-08-01	1	-32/+79
\| \| \| \| \| \|	This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
*	Primary server support: basic support in failover code	Jan Zeleny	2012-08-01	1	-2/+2
\| \| \| \| \| \| \| \|	Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
*	LDAP: Rename user and group maps for AD	Stephen Gallagher	2012-07-06	1	-2/+2
\| \| \| \|	This will eliminate ambiguity for the AD provider
*	KRB5: Drop memctx parameter of krb5_try_kdcip	Stephen Gallagher	2012-07-06	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
*	sudo ldap provider: load host filter configuration on init	Pavel Březina	2012-06-29	1	-1/+9
\| \| \| \| \| \| \|	We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
*	Move some debug lines to new debug log levels	Stef Walter	2012-06-20	1	-1/+1
\| \| \| \| \| \| \|	* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
*	Add support for filtering atributes	Jan Zeleny	2012-05-31	1	-1/+2
\| \| \| \| \|	This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
*	LDAP: Add attr_count return value to build_attrs_from_map()	Stephen Gallagher	2012-05-10	1	-4/+1
\| \| \| \| \| \| \|	This is necessary because in several places in the code, we are appending to the attrs returned from this value, and if we relied on the map size macro, we would be appending after the NULL terminator if one or more attributes were defined as NULL.
*	LDAP: Add helper routine to convert LDAP blob to SID string	Stephen Gallagher	2012-05-03	1	-0/+37
\|
*	Put dp_option maps in their own file	Stephen Gallagher	2012-03-28	1	-279/+2
\| \| \| \|	There is no functional change due to this patch.
*	Fix uninitialized variable	Jakub Hrozek	2012-03-16	1	-1/+1
\|
*	LDAP: Add AD 2008r2 schema	Stephen Gallagher	2012-03-14	1	-2/+49
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1031
*	IPA: Set the DNS discovery domain to match ipa_domain	Stephen Gallagher	2012-03-01	1	-1/+2
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1217
*	Modifications to simplify list_missing_attrs	Jan Zeleny	2012-02-24	1	-6/+14
\|
*	IPA: Add ipa_parse_search_base()	Stephen Gallagher	2012-02-23	1	-10/+23
\| \| \| \| \| \| \| \| \| \|	Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
*	Don't give memory context in confdb where not needed	Jan Zeleny	2012-02-21	1	-1/+1
\|
*	Add missing breaks to switch statements	Stephen Gallagher	2012-02-13	1	-0/+1
\| \| \| \|	Coverity #12525 and #12524
*	LDAP: Add support for SSH user public keys	Jan Cholasta	2012-02-07	1	-2/+4
\|
*	Update shadowLastChanged attribute during LDAP password change	Jan Zeleny	2012-02-06	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1019
*	AUTOFS: LDAP provider	Jakub Hrozek	2012-02-05	1	-0/+106
\|
*	Move BUILD_SUDO outside the generic LDAP source files	Jakub Hrozek	2012-02-04	1	-60/+0
\| \| \| \|	Avoid #ifdefs in the general part of the code
*	NSS: Add individual timeouts for entry types	Stephen Gallagher	2012-02-04	1	-1/+0
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1016
*	LDAP: Do not fail if RootDSE check cannot determine search bases	Stephen Gallagher	2012-02-04	1	-3/+2
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1152
*	LDAP: Add support for service lookups (non-enum)	Stephen Gallagher	2012-01-31	1	-0/+33
\|
*	LDAP: Add option to disable paging control	Stephen Gallagher	2012-01-18	1	-1/+2
\| \| \| \|	Fixes https://fedorahosted.org/sssd/ticket/967
*	Do not use sudo symbols in LDAP provider unconditionally	Jakub Hrozek	2012-01-18	1	-0/+2
\|
*	SUDO Integration - periodical update of rules in data provider	Pavel Březina	2012-01-17	1	-0/+60
\| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
*	SUDO Integration review issues	Pavel Březina	2012-01-17	1	-1/+1
\|
*	SUDO Integration - LDAP configuration options	Pavel Březina	2011-12-16	1	-1/+72
\|
*	Export the function to convert ldb_result to sysdb_attrs	Jakub Hrozek	2011-12-16	1	-29/+0
\| \| \| \|	It will be reused later in the sudo responder
*	Add sdap_connection_expire_timeout option	Stephen Gallagher	2011-12-12	1	-1/+2
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1036
*	Add ldap_sasl_minssf option	Jan Zeleny	2011-12-08	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1075
*	Modified sdap_parse_search_base()	Jan Zeleny	2011-11-23	1	-9/+8
\|
*	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	2011-11-02	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/957
*	LDAP: Convert ldap_*_search_filter	Stephen Gallagher	2011-11-02	1	-1/+5
\| \| \| \| \| \|	Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter.
*	LDAP: Add parser for multiple search bases	Stephen Gallagher	2011-11-02	1	-0/+261
\|
*	Make sdap_get_id_specific_filter() more strict	Stephen Gallagher	2011-11-02	1	-2/+2
\|
*	Fix uninitialized pointer read in sdap_gssapi_get_default_realm()	Jakub Hrozek	2011-09-20	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/1003
*	Use the default Kerberos realm for LDAP with GSSAPI auth	Jakub Hrozek	2011-08-26	1	-3/+55
\| \| \| \|	https://fedorahosted.org/sssd/ticket/970