Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | HBAC: Handle saving groups that have no members | Stephen Gallagher | 2011-08-26 | 1 | -7/+21 |
| | |||||
* | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 2011-08-26 | 1 | -3/+55 |
| | | | | https://fedorahosted.org/sssd/ticket/970 | ||||
* | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 2011-08-26 | 5 | -3/+17 |
| | | | | https://fedorahosted.org/sssd/ticket/978 | ||||
* | Improve password policy error code and message | Sumit Bose | 2011-08-25 | 1 | -4/+9 |
| | | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied. | ||||
* | Handle timeout during sss_ldap_init_send | Jakub Hrozek | 2011-08-15 | 1 | -1/+5 |
| | | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds. | ||||
* | Use sysdb attribute name for GID, not LDAP attribute | Stephen Gallagher | 2011-08-11 | 1 | -3/+3 |
| | |||||
* | Fix returning groups when gidNumber attribute is not ordered | Jakub Hrozek | 2011-08-04 | 3 | -4/+10 |
| | | | | https://fedorahosted.org/sssd/ticket/951 | ||||
* | Request password control unconditionally during bind | Jakub Hrozek | 2011-08-01 | 1 | -6/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/940 | ||||
* | Add rule validator to libipa_hbac | Stephen Gallagher | 2011-08-01 | 2 | -0/+74 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/936 | ||||
* | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 2011-08-01 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/933 | ||||
* | libipa_hbac: Support case-insensitive comparisons with UTF8 | Stephen Gallagher | 2011-08-01 | 1 | -16/+98 |
| | |||||
* | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2011-08-01 | 2 | -11/+25 |
| | | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | ||||
* | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 2011-08-01 | 3 | -2/+13 |
| | | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | ||||
* | Add ipa_hbac_refresh option | Stephen Gallagher | 2011-08-01 | 4 | -1/+21 |
| | | | | | This option describes the time between refreshes of the HBAC rules on the IPA server. | ||||
* | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2011-08-01 | 2 | -124/+398 |
| | | | | | | Conflicts: Makefile.am | ||||
* | Remove old HBAC implementation | Stephen Gallagher | 2011-08-01 | 2 | -1595/+1 |
| | |||||
* | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 2011-08-01 | 6 | -0/+2616 |
| | |||||
* | Add HBAC evaluator and tests | Stephen Gallagher | 2011-08-01 | 3 | -0/+386 |
| | |||||
* | Add helper function msgs2attrs_array | Stephen Gallagher | 2011-08-01 | 2 | -0/+33 |
| | | | | | | | | | | This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h | ||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/944 | ||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | ||||
* | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | |||||
* | Explicitly ignore groups with gidNumber=0 | Jakub Hrozek | 2011-07-27 | 2 | -11/+18 |
| | | | | https://fedorahosted.org/sssd/ticket/916 | ||||
* | Set gidNumber of non-posix groups to 0 even on updates | Jakub Hrozek | 2011-07-27 | 1 | -8/+44 |
| | |||||
* | Only print server address if one is available | Jakub Hrozek | 2011-07-21 | 1 | -0/+7 |
| | |||||
* | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 2011-07-21 | 1 | -1/+8 |
| | | | | https://fedorahosted.org/sssd/ticket/911 | ||||
* | Fix unchecked return values of pam_add_responsesssd-1_5_11 | Jakub Hrozek | 2011-07-05 | 2 | -3/+11 |
| | | | | https://fedorahosted.org/sssd/ticket/798 | ||||
* | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 2011-07-05 | 1 | -12/+17 |
| | | | | https://fedorahosted.org/sssd/ticket/915 | ||||
* | Don't pass NULL to printf for TLS errors | Jakub Hrozek | 2011-06-30 | 3 | -33/+24 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/643 Conflicts: src/util/sss_ldap.h | ||||
* | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 2011-06-30 | 3 | -37/+88 |
| | |||||
* | Use name based URI instead of IP address based URIs | Sumit Bose | 2011-06-30 | 2 | -38/+3 |
| | |||||
* | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2011-06-30 | 2 | -0/+40 |
| | |||||
* | Add sockaddr_storage to sdap_service | Sumit Bose | 2011-06-30 | 3 | -0/+22 |
| | |||||
* | Log nsupdate message | Jakub Hrozek | 2011-06-30 | 1 | -0/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/893 | ||||
* | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 2011-06-30 | 6 | -29/+30 |
| | | | | | | Conflicts: src/providers/fail_over.c | ||||
* | Do not check pwdAttribute | Sumit Bose | 2011-06-16 | 1 | -9/+0 |
| | | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | ||||
* | Delete cached ccache file if password is expired | Sumit Bose | 2011-06-15 | 1 | -8/+63 |
| | |||||
* | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2011-06-02 | 2 | -28/+69 |
| | |||||
* | Escape IPv6 IP addresses in the IPA provider | Jakub Hrozek | 2011-06-02 | 1 | -4/+26 |
| | | | | https://fedorahosted.org/sssd/ticket/880 | ||||
* | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 2011-06-02 | 1 | -6/+56 |
| | |||||
* | Add utility function to return IP address as string | Jakub Hrozek | 2011-06-02 | 2 | -17/+4 |
| | |||||
* | Add online callback only once for TGT renewal | Sumit Bose | 2011-06-02 | 1 | -25/+44 |
| | |||||
* | Sanitize username during initgroups call | Sumit Bose | 2011-05-25 | 1 | -1/+7 |
| | |||||
* | IPA Provider: don't fail if user is not a member of any groups | Stephen Gallagher | 2011-05-24 | 1 | -2/+5 |
| | |||||
* | Enable paging support for LDAP | Stephen Gallagher | 2011-05-24 | 6 | -26/+132 |
| | |||||
* | simple provider: Don't treat primary GID lookup failures as fatal | Stephen Gallagher | 2011-05-24 | 1 | -13/+19 |
| | |||||
* | Only save members for successfully saved groups | Jakub Hrozek | 2011-05-24 | 1 | -2/+17 |
| | |||||
* | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 2011-05-24 | 1 | -1/+1 |
| | |||||
* | Return pam data to the renewal item if renewal fails | Sumit Bose | 2011-05-02 | 1 | -4/+9 |
| | | | | | | | | | A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running. |