Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Broken inlining?sssd-1-5 | Jakub Hrozek | 2015-06-24 | 1 | -0/+7 |
| | |||||
* | SIGCHLD handler: do not call callback when pvt data where freed | Pavel Březina | 2013-08-28 | 5 | -5/+42 |
| | | | | https://fedorahosted.org/sssd/ticket/1992 | ||||
* | IPA: Do not download or store the member attribute of host groups | Jakub Hrozek | 2013-06-27 | 1 | -5/+4 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1806 The IPA provider attempted to store the original value of member attribute to the cache. That caused the memberof plugin to process the values which was really CPU intensive. | ||||
* | LDAP: Only use paging control on requests for multiple entries | Jakub Hrozek | 2013-05-02 | 11 | -37/+82 |
| | | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. | ||||
* | LDAP: Add option to disable paging control | Stephen Gallagher | 2013-05-02 | 5 | -5/+12 |
| | | | | | | | | | | | | | | | Fixes https://fedorahosted.org/sssd/ticket/967 Conflicts: src/config/SSSDConfig.py src/config/etc/sssd.api.d/sssd-ipa.conf src/config/etc/sssd.api.d/sssd-ldap.conf src/man/sssd-ldap.5.xml src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.h src/providers/ldap/ldap_common.c src/providers/ldap/sdap.h | ||||
* | Add common SIGCHLD handling for providers | Ondrej Kos | 2013-01-30 | 4 | -6/+250 |
| | | | | | backport of https://fedorahosted.org/sssd/changeset/6a9bdb6289bb374d203861cef16f312185725cbc | ||||
* | Add ipa_hbac_support_srchost option to IPA provider | Jan Zeleny | 2012-08-21 | 6 | -52/+398 |
| | | | | | don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078 | ||||
* | Process all groups from a single nesting level | Jakub Hrozek | 2012-08-21 | 1 | -5/+18 |
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done. | ||||
* | HBAC: create empty groups with one NULL element | Jakub Hrozek | 2012-06-22 | 1 | -16/+15 |
| | | | | https://fedorahosted.org/sssd/ticket/1130 | ||||
* | IPA: Check nsAccountLock during PAM_ACCT_MGMT | Stephen Gallagher | 2012-06-22 | 4 | -1/+69 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1227 Conflicts: src/providers/ipa/ipa_access.h src/providers/ipa/ipa_init.c | ||||
* | LDAP: Make sdap_access_send/recv public | Stephen Gallagher | 2012-06-22 | 2 | -12/+17 |
| | | | | We want to consume this in the IPA provider. | ||||
* | DP: Reorganize memory hierarchy of requests | Stephen Gallagher | 2012-06-10 | 1 | -15/+100 |
| | | | | | | | | | | | | | This function alters the memory hierarchy of the be_req to ensure memory safety during shutdown. It creates a spy on the be_cli object so that it will free the be_req if the client is freed. It is generally allocated atop the private data context for the appropriate back-end against which it is being filed. https://fedorahosted.org/sssd/ticket/1226 | ||||
* | Try all KDCs when getting TGT for LDAP | Jakub Hrozek | 2012-06-04 | 1 | -15/+16 |
| | | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324 | ||||
* | Detect cycle in the fail over on subsequent resolve requests only | Jakub Hrozek | 2012-06-04 | 5 | -23/+28 |
| | |||||
* | Only do one cycle when resolving a server | Jakub Hrozek | 2012-06-04 | 7 | -29/+93 |
| | | | | https://fedorahosted.org/sssd/ticket/1214 | ||||
* | fo_get_server_name() getter for a server name | Jakub Hrozek | 2012-06-04 | 5 | -3/+31 |
| | | | | | Allows to be more concise in tests and more defensive in resolve callbacks | ||||
* | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 2012-06-04 | 6 | -10/+10 |
| | |||||
* | IPA: Detect nsupdate support for the realm directive | Stephen Gallagher | 2012-01-17 | 1 | -10/+31 |
| | | | | | For older platforms, do not add the 'realm' line in the update message | ||||
* | LDAP: Copy URI instead of pointing at failover service record | Stephen Gallagher | 2012-01-14 | 1 | -2/+8 |
| | | | | | | | | In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139 | ||||
* | Log fixes for sdap_call_conn_cb | Stephen Gallagher | 2012-01-14 | 1 | -1/+2 |
| | |||||
* | DEBUG: fix bad backport containing new DEBUG representation | Stephen Gallagher | 2011-12-08 | 1 | -1/+1 |
| | |||||
* | LDAP provider: Error while setting the nocanon option should not be fatal | Jakub Hrozek | 2011-12-08 | 1 | -3/+9 |
| | | | | https://fedorahosted.org/sssd/ticket/1100 | ||||
* | Allow using Glib for UTF8 support | Stephen Gallagher | 2011-12-05 | 1 | -33/+11 |
| | |||||
* | LDAP: Try next failover server on any error | Stephen Gallagher | 2011-11-29 | 1 | -9/+5 |
| | |||||
* | Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents | Jakub Hrozek | 2011-10-31 | 1 | -2/+1 |
| | |||||
* | RFC2307bis initgroups: fix nested groups processing | Jakub Hrozek | 2011-10-31 | 1 | -20/+33 |
| | | | | | Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership. | ||||
* | Plug memory leaks in LDAP provider | Jakub Hrozek | 2011-10-25 | 1 | -0/+3 |
| | |||||
* | Use fewer transactions during IPA initgroups | Jakub Hrozek | 2011-10-17 | 1 | -171/+286 |
| | |||||
* | Use fewer transactions during RFC2307bis initgroups | Jakub Hrozek | 2011-10-17 | 1 | -368/+397 |
| | |||||
* | Utility functions for LDAP nested schema initgroups | Jakub Hrozek | 2011-10-17 | 1 | -0/+119 |
| | |||||
* | Add a missing break | Jakub Hrozek | 2011-10-17 | 1 | -0/+1 |
| | |||||
* | HBAC: Use originalMember for identifying hostgroups | Stephen Gallagher | 2011-10-14 | 3 | -45/+165 |
| | |||||
* | HBAC: Use originalMember for identifying servicegroups | Stephen Gallagher | 2011-10-14 | 3 | -41/+169 |
| | |||||
* | HBAC: Do not save member/memberOf links | Stephen Gallagher | 2011-10-14 | 1 | -120/+0 |
| | | | | We can just trust the values from the FreeIPA server | ||||
* | Append PID to sbus server socket name, let clients use a symlink | Jakub Hrozek | 2011-10-13 | 2 | -2/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/1034 | ||||
* | Use explicit base 10 for converting strings to integers | Jakub Hrozek | 2011-10-03 | 2 | -4/+4 |
| | | | | https://fedorahosted.org/sssd/ticket/1013 | ||||
* | Store name aliases for users, groups | Jakub Hrozek | 2011-10-03 | 3 | -37/+220 |
| | |||||
* | Add a sysdb_get_direct_parents function | Jakub Hrozek | 2011-10-03 | 1 | -57/+5 |
| | |||||
* | HBAC: fix typos preventing proper hostgroup evaluation | Stephen Gallagher | 2011-09-28 | 1 | -3/+3 |
| | |||||
* | IPA access: hostname comparison should be case-insensitive | Jakub Hrozek | 2011-09-28 | 1 | -1/+1 |
| | |||||
* | Fix uninitialized pointer read in sdap_gssapi_get_default_realm() | Jakub Hrozek | 2011-09-20 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1003 | ||||
* | Improve documentation of libipa_hbac | Stephen Gallagher | 2011-09-08 | 2 | -21/+1697 |
| | |||||
* | Do not access memory out of bounds | Sumit Bose | 2011-09-07 | 1 | -2/+2 |
| | |||||
* | Improve error message for LDAP password constraint violation | Jakub Hrozek | 2011-09-06 | 3 | -16/+29 |
| | | | | https://fedorahosted.org/sssd/ticket/985 | ||||
* | sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() | Pavel Březina | 2011-09-06 | 3 | -35/+35 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | sss_ldap_err2string() - function created | Pavel Březina | 2011-09-06 | 1 | -2/+0 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | HBAC: Properly skip all non-group memberOf entries | Stephen Gallagher | 2011-08-29 | 1 | -1/+2 |
| | |||||
* | HBAC: Use of hostgroups for targethost or sourcehost was broken | Stephen Gallagher | 2011-08-26 | 1 | -4/+4 |
| | | | | | We were trying to look up the wrong attribute for the name of the hostgroup. | ||||
* | HBAC: Handle saving groups that have no members | Stephen Gallagher | 2011-08-26 | 1 | -7/+21 |
| | |||||
* | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 2011-08-26 | 1 | -3/+55 |
| | | | | https://fedorahosted.org/sssd/ticket/970 |