summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* Broken inlining?sssd-1-5Jakub Hrozek2015-06-241-0/+7
|
* SIGCHLD handler: do not call callback when pvt data where freedPavel Březina2013-08-285-5/+42
| | | | https://fedorahosted.org/sssd/ticket/1992
* IPA: Do not download or store the member attribute of host groupsJakub Hrozek2013-06-271-5/+4
| | | | | | | | https://fedorahosted.org/sssd/ticket/1806 The IPA provider attempted to store the original value of member attribute to the cache. That caused the memberof plugin to process the values which was really CPU intensive.
* LDAP: Only use paging control on requests for multiple entriesJakub Hrozek2013-05-0211-37/+82
| | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results.
* LDAP: Add option to disable paging controlStephen Gallagher2013-05-025-5/+12
| | | | | | | | | | | | | | | Fixes https://fedorahosted.org/sssd/ticket/967 Conflicts: src/config/SSSDConfig.py src/config/etc/sssd.api.d/sssd-ipa.conf src/config/etc/sssd.api.d/sssd-ldap.conf src/man/sssd-ldap.5.xml src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.h src/providers/ldap/ldap_common.c src/providers/ldap/sdap.h
* Add common SIGCHLD handling for providersOndrej Kos2013-01-304-6/+250
| | | | | backport of https://fedorahosted.org/sssd/changeset/6a9bdb6289bb374d203861cef16f312185725cbc
* Add ipa_hbac_support_srchost option to IPA providerJan Zeleny2012-08-216-52/+398
| | | | | don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
* Process all groups from a single nesting levelJakub Hrozek2012-08-211-5/+18
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
* HBAC: create empty groups with one NULL elementJakub Hrozek2012-06-221-16/+15
| | | | https://fedorahosted.org/sssd/ticket/1130
* IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher2012-06-224-1/+69
| | | | | | | | https://fedorahosted.org/sssd/ticket/1227 Conflicts: src/providers/ipa/ipa_access.h src/providers/ipa/ipa_init.c
* LDAP: Make sdap_access_send/recv publicStephen Gallagher2012-06-222-12/+17
| | | | We want to consume this in the IPA provider.
* DP: Reorganize memory hierarchy of requestsStephen Gallagher2012-06-101-15/+100
| | | | | | | | | | | | | This function alters the memory hierarchy of the be_req to ensure memory safety during shutdown. It creates a spy on the be_cli object so that it will free the be_req if the client is freed. It is generally allocated atop the private data context for the appropriate back-end against which it is being filed. https://fedorahosted.org/sssd/ticket/1226
* Try all KDCs when getting TGT for LDAPJakub Hrozek2012-06-041-15/+16
| | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
* Detect cycle in the fail over on subsequent resolve requests onlyJakub Hrozek2012-06-045-23/+28
|
* Only do one cycle when resolving a serverJakub Hrozek2012-06-047-29/+93
| | | | https://fedorahosted.org/sssd/ticket/1214
* fo_get_server_name() getter for a server nameJakub Hrozek2012-06-045-3/+31
| | | | | Allows to be more concise in tests and more defensive in resolve callbacks
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2012-06-046-10/+10
|
* IPA: Detect nsupdate support for the realm directiveStephen Gallagher2012-01-171-10/+31
| | | | | For older platforms, do not add the 'realm' line in the update message
* LDAP: Copy URI instead of pointing at failover service recordStephen Gallagher2012-01-141-2/+8
| | | | | | | | In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139
* Log fixes for sdap_call_conn_cbStephen Gallagher2012-01-141-1/+2
|
* DEBUG: fix bad backport containing new DEBUG representationStephen Gallagher2011-12-081-1/+1
|
* LDAP provider: Error while setting the nocanon option should not be fatalJakub Hrozek2011-12-081-3/+9
| | | | https://fedorahosted.org/sssd/ticket/1100
* Allow using Glib for UTF8 supportStephen Gallagher2011-12-051-33/+11
|
* LDAP: Try next failover server on any errorStephen Gallagher2011-11-291-9/+5
|
* Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parentsJakub Hrozek2011-10-311-2/+1
|
* RFC2307bis initgroups: fix nested groups processingJakub Hrozek2011-10-311-20/+33
| | | | | Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership.
* Plug memory leaks in LDAP providerJakub Hrozek2011-10-251-0/+3
|
* Use fewer transactions during IPA initgroupsJakub Hrozek2011-10-171-171/+286
|
* Use fewer transactions during RFC2307bis initgroupsJakub Hrozek2011-10-171-368/+397
|
* Utility functions for LDAP nested schema initgroupsJakub Hrozek2011-10-171-0/+119
|
* Add a missing breakJakub Hrozek2011-10-171-0/+1
|
* HBAC: Use originalMember for identifying hostgroupsStephen Gallagher2011-10-143-45/+165
|
* HBAC: Use originalMember for identifying servicegroupsStephen Gallagher2011-10-143-41/+169
|
* HBAC: Do not save member/memberOf linksStephen Gallagher2011-10-141-120/+0
| | | | We can just trust the values from the FreeIPA server
* Append PID to sbus server socket name, let clients use a symlinkJakub Hrozek2011-10-132-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1034
* Use explicit base 10 for converting strings to integersJakub Hrozek2011-10-032-4/+4
| | | | https://fedorahosted.org/sssd/ticket/1013
* Store name aliases for users, groupsJakub Hrozek2011-10-033-37/+220
|
* Add a sysdb_get_direct_parents functionJakub Hrozek2011-10-031-57/+5
|
* HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher2011-09-281-3/+3
|
* IPA access: hostname comparison should be case-insensitiveJakub Hrozek2011-09-281-1/+1
|
* Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek2011-09-201-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1003
* Improve documentation of libipa_hbacStephen Gallagher2011-09-082-21/+1697
|
* Do not access memory out of boundsSumit Bose2011-09-071-2/+2
|
* Improve error message for LDAP password constraint violationJakub Hrozek2011-09-063-16/+29
| | | | https://fedorahosted.org/sssd/ticket/985
* sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina2011-09-063-35/+35
| | | | https://fedorahosted.org/sssd/ticket/986
* sss_ldap_err2string() - function createdPavel Březina2011-09-061-2/+0
| | | | https://fedorahosted.org/sssd/ticket/986
* HBAC: Properly skip all non-group memberOf entriesStephen Gallagher2011-08-291-1/+2
|
* HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher2011-08-261-4/+4
| | | | | We were trying to look up the wrong attribute for the name of the hostgroup.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-08-261-7/+21
|
* Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek2011-08-261-3/+55
| | | | https://fedorahosted.org/sssd/ticket/970
generated by cgit (git 2.34.1) at 2024-05-20 18:37:16 +0000