Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Fix moving to next entry in deref code | Jakub Hrozek | 2011-08-29 | 1 | -1/+6 | |
| | | | | https://fedorahosted.org/sssd/ticket/973 | |||||
* | HBAC: Use of hostgroups for targethost or sourcehost was broken | Stephen Gallagher | 2011-08-26 | 1 | -4/+4 | |
| | | | | | We were trying to look up the wrong attribute for the name of the hostgroup. | |||||
* | HBAC: Handle saving groups that have no members | Stephen Gallagher | 2011-08-26 | 1 | -7/+21 | |
| | ||||||
* | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 2011-08-26 | 1 | -3/+55 | |
| | | | | https://fedorahosted.org/sssd/ticket/970 | |||||
* | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 2011-08-26 | 5 | -3/+17 | |
| | | | | https://fedorahosted.org/sssd/ticket/978 | |||||
* | --debug-timestamps=1 is not passed to providers | Pavel Březina | 2011-08-25 | 2 | -11/+8 | |
| | | | | | | https://fedorahosted.org/sssd/ticket/972 --debug-timestamps=1 is now passed to providers | |||||
* | New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 | Pavel Březina | 2011-08-25 | 4 | -4/+15 | |
| | | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level); | |||||
* | New DEBUG facility - conversion | Pavel Březina | 2011-08-25 | 11 | -9/+16 | |
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT) | |||||
* | Improve password policy error code and message | Sumit Bose | 2011-08-25 | 1 | -4/+9 | |
| | | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied. | |||||
* | IPA dyndns: do not segfault if the server cannot be resolved | Jakub Hrozek | 2011-08-25 | 1 | -4/+2 | |
| | | | | https://fedorahosted.org/sssd/ticket/963 | |||||
* | Handle timeout during sss_ldap_init_send | Jakub Hrozek | 2011-08-15 | 1 | -1/+5 | |
| | | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds. | |||||
* | Moved some functions in sdap_async_initgroups | Jan Zeleny | 2011-08-15 | 1 | -345/+349 | |
| | ||||||
* | Moved some functions in sdap_async_groups | Jan Zeleny | 2011-08-15 | 1 | -122/+112 | |
| | ||||||
* | Confusing part of code cleared out | Jan Zeleny | 2011-08-15 | 1 | -34/+32 | |
| | ||||||
* | sdap_async_accounts.c split | Jan Zeleny | 2011-08-15 | 4 | -2514/+2588 | |
| | | | | | | | | | The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864 | |||||
* | sysdb refactoring: memory context deleted | Jan Zeleny | 2011-08-15 | 10 | -43/+31 | |
| | | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | |||||
* | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 2011-08-15 | 22 | -101/+69 | |
| | | | | | The patch also updates code using modified functions. Tests have also been adjusted. | |||||
* | Use sysdb attribute name for GID, not LDAP attribute | Stephen Gallagher | 2011-08-11 | 1 | -3/+3 | |
| | ||||||
* | Fix returning groups when gidNumber attribute is not ordered | Jakub Hrozek | 2011-08-04 | 3 | -4/+10 | |
| | | | | https://fedorahosted.org/sssd/ticket/951 | |||||
* | Request password control unconditionally during bind | Jakub Hrozek | 2011-08-01 | 1 | -6/+6 | |
| | | | | https://fedorahosted.org/sssd/ticket/940 | |||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 | |
| | | | | https://fedorahosted.org/sssd/ticket/944 | |||||
* | Add rule validator to libipa_hbac | Stephen Gallagher | 2011-08-01 | 2 | -0/+74 | |
| | | | | https://fedorahosted.org/sssd/ticket/943 | |||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 | |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | |||||
* | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 | |
| | ||||||
* | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 2011-07-29 | 1 | -1/+1 | |
| | | | | https://fedorahosted.org/sssd/ticket/936 | |||||
* | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 2011-07-29 | 1 | -0/+1 | |
| | | | | https://fedorahosted.org/sssd/ticket/933 | |||||
* | libipa_hbac: Support case-insensitive comparisons with UTF8 | Stephen Gallagher | 2011-07-29 | 1 | -16/+98 | |
| | ||||||
* | Explicitly ignore groups with gidNumber=0 | Jakub Hrozek | 2011-07-27 | 2 | -11/+18 | |
| | | | | https://fedorahosted.org/sssd/ticket/916 | |||||
* | Set gidNumber of non-posix groups to 0 even on updates | Jakub Hrozek | 2011-07-27 | 1 | -8/+44 | |
| | ||||||
* | fo_get_server_name() getter for a server name | Jakub Hrozek | 2011-07-21 | 5 | -3/+31 | |
| | | | | | Allows to be more concise in tests and more defensive in resolve callbacks | |||||
* | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 2011-07-21 | 6 | -10/+10 | |
| | ||||||
* | Only print server address if one is available | Jakub Hrozek | 2011-07-21 | 1 | -0/+7 | |
| | ||||||
* | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 2011-07-21 | 1 | -1/+8 | |
| | | | | https://fedorahosted.org/sssd/ticket/911 | |||||
* | Remove unused krb5_service structure member | Jakub Hrozek | 2011-07-13 | 3 | -7/+1 | |
| | ||||||
* | Check DNS records before updating | Jakub Hrozek | 2011-07-11 | 4 | -25/+470 | |
| | | | | https://fedorahosted.org/sssd/ticket/802 | |||||
* | Split reading resolver family order into a separate function | Jakub Hrozek | 2011-07-11 | 1 | -23/+3 | |
| | ||||||
* | Do not hardcode default resolver timeout | Jakub Hrozek | 2011-07-11 | 1 | -1/+1 | |
| | ||||||
* | Escape IP address in kdcinfo | Jakub Hrozek | 2011-07-11 | 2 | -14/+36 | |
| | | | | https://fedorahosted.org/sssd/ticket/909 | |||||
* | Move IP adress escaping from the LDAP namespace | Jakub Hrozek | 2011-07-11 | 1 | -3/+3 | |
| | ||||||
* | Add LDAP access control based on NDS attributes | Sumit Bose | 2011-07-08 | 6 | -3/+197 | |
| | ||||||
* | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2011-07-08 | 2 | -11/+25 | |
| | | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | |||||
* | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 2011-07-08 | 3 | -2/+13 | |
| | | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
* | Add ipa_hbac_refresh option | Stephen Gallagher | 2011-07-08 | 4 | -1/+21 | |
| | | | | | This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
* | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2011-07-08 | 2 | -124/+398 | |
| | ||||||
* | Remove old HBAC implementation | Stephen Gallagher | 2011-07-08 | 2 | -1595/+1 | |
| | ||||||
* | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 2011-07-08 | 6 | -0/+2616 | |
| | ||||||
* | Add HBAC evaluator and tests | Stephen Gallagher | 2011-07-08 | 3 | -0/+386 | |
| | ||||||
* | Add helper function msgs2attrs_array | Stephen Gallagher | 2011-07-08 | 2 | -0/+33 | |
| | | | | | This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
* | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 2011-07-05 | 1 | -12/+17 | |
| | | | | https://fedorahosted.org/sssd/ticket/915 | |||||
* | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 2011-06-30 | 3 | -37/+88 | |
| |