sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	HBAC: Properly skip all non-group memberOf entries	Stephen Gallagher	2011-08-29	1	-1/+2
\|
*	HBAC: Use of hostgroups for targethost or sourcehost was broken	Stephen Gallagher	2011-08-26	1	-4/+4
\| \| \| \| \|	We were trying to look up the wrong attribute for the name of the hostgroup.
*	HBAC: Handle saving groups that have no members	Stephen Gallagher	2011-08-26	1	-7/+21
\|
*	Use the default Kerberos realm for LDAP with GSSAPI auth	Jakub Hrozek	2011-08-26	1	-3/+55
\| \| \| \|	https://fedorahosted.org/sssd/ticket/970
*	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	2011-08-26	5	-3/+17
\| \| \| \|	https://fedorahosted.org/sssd/ticket/978
*	Improve password policy error code and message	Sumit Bose	2011-08-25	1	-4/+9
\| \| \| \| \| \|	Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
*	Handle timeout during sss_ldap_init_send	Jakub Hrozek	2011-08-15	1	-1/+5
\| \| \| \| \| \| \| \| \|	In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
*	Use sysdb attribute name for GID, not LDAP attribute	Stephen Gallagher	2011-08-11	1	-3/+3
\|
*	Fix returning groups when gidNumber attribute is not ordered	Jakub Hrozek	2011-08-04	3	-4/+10
\| \| \| \|	https://fedorahosted.org/sssd/ticket/951
*	Request password control unconditionally during bind	Jakub Hrozek	2011-08-01	1	-6/+6
\| \| \| \|	https://fedorahosted.org/sssd/ticket/940
*	Add rule validator to libipa_hbac	Stephen Gallagher	2011-08-01	2	-0/+74
\| \| \| \|	https://fedorahosted.org/sssd/ticket/943
*	Fix incorrect NULL check in ipa_hbac_common.c	Stephen Gallagher	2011-08-01	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/936
*	Fix memory leak in ipa_hbac_evaluate_rules	Stephen Gallagher	2011-08-01	1	-0/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/933
*	libipa_hbac: Support case-insensitive comparisons with UTF8	Stephen Gallagher	2011-08-01	1	-16/+98
\|
*	Treat NULL or empty rhost as unknown	Stephen Gallagher	2011-08-01	2	-11/+25
\| \| \| \| \| \| \|	Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
*	Add ipa_hbac_treat_deny_as option	Stephen Gallagher	2011-08-01	3	-2/+13
\| \| \| \| \| \|	By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
*	Add ipa_hbac_refresh option	Stephen Gallagher	2011-08-01	4	-1/+21
\| \| \| \| \|	This option describes the time between refreshes of the HBAC rules on the IPA server.
*	Add new HBAC lookup and evaluation routines	Stephen Gallagher	2011-08-01	2	-124/+398
\| \| \| \| \| \|	Conflicts: Makefile.am
*	Remove old HBAC implementation	Stephen Gallagher	2011-08-01	2	-1595/+1
\|
*	Add helper functions for looking up HBAC rule components	Stephen Gallagher	2011-08-01	6	-0/+2616
\|
*	Add HBAC evaluator and tests	Stephen Gallagher	2011-08-01	3	-0/+386
\|
*	Add helper function msgs2attrs_array	Stephen Gallagher	2011-08-01	2	-0/+33
\| \| \| \| \| \| \| \| \| \|	This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h
*	Change the default value of ldap_tls_cacert in IPA provider	Jakub Hrozek	2011-08-01	1	-1/+1
\| \| \| \|	https://fedorahosted.org/sssd/ticket/944
*	Remove incorrect private variable	Stephen Gallagher	2011-08-01	1	-1/+1
\| \| \| \| \| \|	This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback)
*	Wrong paramater to sysdb_attrs_add_uint32	Jakub Hrozek	2011-08-01	1	-1/+1
\|
*	Explicitly ignore groups with gidNumber=0	Jakub Hrozek	2011-07-27	2	-11/+18
\| \| \| \|	https://fedorahosted.org/sssd/ticket/916
*	Set gidNumber of non-posix groups to 0 even on updates	Jakub Hrozek	2011-07-27	1	-8/+44
\|
*	Only print server address if one is available	Jakub Hrozek	2011-07-21	1	-0/+7
\|
*	Do not add a NULL host parsed from LDAP URI	Jakub Hrozek	2011-07-21	1	-1/+8
\| \| \| \|	https://fedorahosted.org/sssd/ticket/911
*	Fix unchecked return values of pam_add_responsesssd-1_5_11	Jakub Hrozek	2011-07-05	2	-3/+11
\| \| \| \|	https://fedorahosted.org/sssd/ticket/798
*	ipa_dyndns: Use sockaddr_storage for storing IP addresses	Jakub Hrozek	2011-07-05	1	-12/+17
\| \| \| \|	https://fedorahosted.org/sssd/ticket/915
*	Don't pass NULL to printf for TLS errors	Jakub Hrozek	2011-06-30	3	-33/+24
\| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/643 Conflicts: src/util/sss_ldap.h
*	Use ldap_init_fd() instead of ldap_initialize() if available	Sumit Bose	2011-06-30	3	-37/+88
\|
*	Use name based URI instead of IP address based URIs	Sumit Bose	2011-06-30	2	-38/+3
\|
*	Add sdap_call_conn_cb() to call add connection callback directly	Sumit Bose	2011-06-30	2	-0/+40
\|
*	Add sockaddr_storage to sdap_service	Sumit Bose	2011-06-30	3	-0/+22
\|
*	Log nsupdate message	Jakub Hrozek	2011-06-30	1	-0/+3
\| \| \| \|	https://fedorahosted.org/sssd/ticket/893
*	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	2011-06-30	6	-29/+30
\| \| \| \| \| \|	Conflicts: src/providers/fail_over.c
*	Do not check pwdAttribute	Sumit Bose	2011-06-16	1	-9/+0
\| \| \| \| \| \| \|	It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
*	Delete cached ccache file if password is expired	Sumit Bose	2011-06-15	1	-8/+63
\|
*	Non-posix group processing - ldap provider and nss responder	Jan Zeleny	2011-06-02	2	-28/+69
\|
*	Escape IPv6 IP addresses in the IPA provider	Jakub Hrozek	2011-06-02	1	-4/+26
\| \| \| \|	https://fedorahosted.org/sssd/ticket/880
*	Use escaped IP addresses in LDAP provider	Jakub Hrozek	2011-06-02	1	-6/+56
\|
*	Add utility function to return IP address as string	Jakub Hrozek	2011-06-02	2	-17/+4
\|
*	Add online callback only once for TGT renewal	Sumit Bose	2011-06-02	1	-25/+44
\|
*	Sanitize username during initgroups call	Sumit Bose	2011-05-25	1	-1/+7
\|
*	IPA Provider: don't fail if user is not a member of any groups	Stephen Gallagher	2011-05-24	1	-2/+5
\|
*	Enable paging support for LDAP	Stephen Gallagher	2011-05-24	6	-26/+132
\|
*	simple provider: Don't treat primary GID lookup failures as fatal	Stephen Gallagher	2011-05-24	1	-13/+19
\|
*	Only save members for successfully saved groups	Jakub Hrozek	2011-05-24	1	-2/+17
\|