summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* Process all groups from a single nesting levelJakub Hrozek2012-08-211-5/+18
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
* HBAC: create empty groups with one NULL elementJakub Hrozek2012-06-221-16/+15
| | | | https://fedorahosted.org/sssd/ticket/1130
* IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher2012-06-224-1/+69
| | | | | | | | https://fedorahosted.org/sssd/ticket/1227 Conflicts: src/providers/ipa/ipa_access.h src/providers/ipa/ipa_init.c
* LDAP: Make sdap_access_send/recv publicStephen Gallagher2012-06-222-12/+17
| | | | We want to consume this in the IPA provider.
* DP: Reorganize memory hierarchy of requestsStephen Gallagher2012-06-101-15/+100
| | | | | | | | | | | | | This function alters the memory hierarchy of the be_req to ensure memory safety during shutdown. It creates a spy on the be_cli object so that it will free the be_req if the client is freed. It is generally allocated atop the private data context for the appropriate back-end against which it is being filed. https://fedorahosted.org/sssd/ticket/1226
* Try all KDCs when getting TGT for LDAPJakub Hrozek2012-06-041-15/+16
| | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
* Detect cycle in the fail over on subsequent resolve requests onlyJakub Hrozek2012-06-045-23/+28
|
* Only do one cycle when resolving a serverJakub Hrozek2012-06-047-29/+93
| | | | https://fedorahosted.org/sssd/ticket/1214
* fo_get_server_name() getter for a server nameJakub Hrozek2012-06-045-3/+31
| | | | | Allows to be more concise in tests and more defensive in resolve callbacks
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2012-06-046-10/+10
|
* IPA: Detect nsupdate support for the realm directiveStephen Gallagher2012-01-171-10/+31
| | | | | For older platforms, do not add the 'realm' line in the update message
* LDAP: Copy URI instead of pointing at failover service recordStephen Gallagher2012-01-141-2/+8
| | | | | | | | In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139
* Log fixes for sdap_call_conn_cbStephen Gallagher2012-01-141-1/+2
|
* DEBUG: fix bad backport containing new DEBUG representationStephen Gallagher2011-12-081-1/+1
|
* LDAP provider: Error while setting the nocanon option should not be fatalJakub Hrozek2011-12-081-3/+9
| | | | https://fedorahosted.org/sssd/ticket/1100
* Allow using Glib for UTF8 supportStephen Gallagher2011-12-051-33/+11
|
* LDAP: Try next failover server on any errorStephen Gallagher2011-11-291-9/+5
|
* Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parentsJakub Hrozek2011-10-311-2/+1
|
* RFC2307bis initgroups: fix nested groups processingJakub Hrozek2011-10-311-20/+33
| | | | | Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership.
* Plug memory leaks in LDAP providerJakub Hrozek2011-10-251-0/+3
|
* Use fewer transactions during IPA initgroupsJakub Hrozek2011-10-171-171/+286
|
* Use fewer transactions during RFC2307bis initgroupsJakub Hrozek2011-10-171-368/+397
|
* Utility functions for LDAP nested schema initgroupsJakub Hrozek2011-10-171-0/+119
|
* Add a missing breakJakub Hrozek2011-10-171-0/+1
|
* HBAC: Use originalMember for identifying hostgroupsStephen Gallagher2011-10-143-45/+165
|
* HBAC: Use originalMember for identifying servicegroupsStephen Gallagher2011-10-143-41/+169
|
* HBAC: Do not save member/memberOf linksStephen Gallagher2011-10-141-120/+0
| | | | We can just trust the values from the FreeIPA server
* Append PID to sbus server socket name, let clients use a symlinkJakub Hrozek2011-10-132-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1034
* Use explicit base 10 for converting strings to integersJakub Hrozek2011-10-032-4/+4
| | | | https://fedorahosted.org/sssd/ticket/1013
* Store name aliases for users, groupsJakub Hrozek2011-10-033-37/+220
|
* Add a sysdb_get_direct_parents functionJakub Hrozek2011-10-031-57/+5
|
* HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher2011-09-281-3/+3
|
* IPA access: hostname comparison should be case-insensitiveJakub Hrozek2011-09-281-1/+1
|
* Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek2011-09-201-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1003
* Improve documentation of libipa_hbacStephen Gallagher2011-09-082-21/+1697
|
* Do not access memory out of boundsSumit Bose2011-09-071-2/+2
|
* Improve error message for LDAP password constraint violationJakub Hrozek2011-09-063-16/+29
| | | | https://fedorahosted.org/sssd/ticket/985
* sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina2011-09-063-35/+35
| | | | https://fedorahosted.org/sssd/ticket/986
* sss_ldap_err2string() - function createdPavel Březina2011-09-061-2/+0
| | | | https://fedorahosted.org/sssd/ticket/986
* HBAC: Properly skip all non-group memberOf entriesStephen Gallagher2011-08-291-1/+2
|
* HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher2011-08-261-4/+4
| | | | | We were trying to look up the wrong attribute for the name of the hostgroup.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-08-261-7/+21
|
* Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek2011-08-261-3/+55
| | | | https://fedorahosted.org/sssd/ticket/970
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-08-265-3/+17
| | | | https://fedorahosted.org/sssd/ticket/978
* Improve password policy error code and messageSumit Bose2011-08-251-4/+9
| | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
* Handle timeout during sss_ldap_init_sendJakub Hrozek2011-08-151-1/+5
| | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
* Use sysdb attribute name for GID, not LDAP attributeStephen Gallagher2011-08-111-3/+3
|
* Fix returning groups when gidNumber attribute is not orderedJakub Hrozek2011-08-043-4/+10
| | | | https://fedorahosted.org/sssd/ticket/951
* Request password control unconditionally during bindJakub Hrozek2011-08-011-6/+6
| | | | https://fedorahosted.org/sssd/ticket/940
* Add rule validator to libipa_hbacStephen Gallagher2011-08-012-0/+74
| | | | https://fedorahosted.org/sssd/ticket/943
generated by cgit (git 2.34.1) at 2024-06-14 12:11:40 +0000