Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Add a missing break | Jakub Hrozek | 2011-10-17 | 1 | -0/+1 |
| | |||||
* | HBAC: Use originalMember for identifying hostgroups | Stephen Gallagher | 2011-10-14 | 3 | -45/+165 |
| | |||||
* | HBAC: Use originalMember for identifying servicegroups | Stephen Gallagher | 2011-10-14 | 3 | -41/+169 |
| | |||||
* | HBAC: Do not save member/memberOf links | Stephen Gallagher | 2011-10-14 | 1 | -120/+0 |
| | | | | We can just trust the values from the FreeIPA server | ||||
* | SysDB commands that save lastUpdate allows this value to be passed in | Pavel Březina | 2011-10-13 | 7 | -32/+62 |
| | | | | https://fedorahosted.org/sssd/ticket/836 | ||||
* | Append PID to sbus server socket name, let clients use a symlink | Jakub Hrozek | 2011-10-13 | 2 | -2/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/1034 | ||||
* | Fix small bug where TALLOC_CTX could end up unfreed. | Pavel Zuna | 2011-10-06 | 1 | -3/+3 |
| | |||||
* | Use explicit base 10 for converting strings to integers | Jakub Hrozek | 2011-10-03 | 2 | -4/+4 |
| | | | | https://fedorahosted.org/sssd/ticket/1013 | ||||
* | Store name aliases for users, groups | Jakub Hrozek | 2011-09-28 | 5 | -37/+216 |
| | | | | | | Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works | ||||
* | Add a sysdb_get_direct_parents function | Jakub Hrozek | 2011-09-28 | 1 | -57/+5 |
| | |||||
* | HBAC: fix typos preventing proper hostgroup evaluation | Stephen Gallagher | 2011-09-28 | 1 | -3/+3 |
| | |||||
* | Fixed bad logic in processing netgroups in LDAP provider | Jan Zeleny | 2011-09-28 | 1 | -1/+3 |
| | |||||
* | IPA access: hostname comparison should be case-insensitive | Jakub Hrozek | 2011-09-28 | 1 | -1/+1 |
| | |||||
* | Multiline macro cleanup | Jakub Hrozek | 2011-09-28 | 8 | -10/+11 |
| | | | | | | | | | | This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again. | ||||
* | Fix uninitialized pointer read in sdap_gssapi_get_default_realm() | Jakub Hrozek | 2011-09-20 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1003 | ||||
* | DEBUG timestamps offer higher precision | Pavel Březina | 2011-09-08 | 4 | -6/+24 |
| | | | | | | | https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf | ||||
* | Improve documentation of libipa_hbac | Stephen Gallagher | 2011-09-08 | 2 | -21/+1697 |
| | |||||
* | Do not access memory out of bounds | Sumit Bose | 2011-09-07 | 1 | -2/+2 |
| | |||||
* | Keep deref controls until the whole request is finished | Jakub Hrozek | 2011-09-06 | 1 | -8/+45 |
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed. | ||||
* | Improve error message for LDAP password constraint violation | Jakub Hrozek | 2011-09-06 | 3 | -16/+29 |
| | | | | https://fedorahosted.org/sssd/ticket/985 | ||||
* | Allow turning dereference off by setting the threshold to 0 | Jakub Hrozek | 2011-09-06 | 3 | -3/+9 |
| | |||||
* | sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() | Pavel Březina | 2011-09-06 | 3 | -35/+35 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | sss_ldap_err2string() - function created | Pavel Březina | 2011-09-06 | 1 | -2/+0 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | HBAC: Properly skip all non-group memberOf entries | Stephen Gallagher | 2011-08-29 | 1 | -1/+2 |
| | |||||
* | Fix moving to next entry in deref code | Jakub Hrozek | 2011-08-29 | 1 | -1/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/973 | ||||
* | HBAC: Use of hostgroups for targethost or sourcehost was broken | Stephen Gallagher | 2011-08-26 | 1 | -4/+4 |
| | | | | | We were trying to look up the wrong attribute for the name of the hostgroup. | ||||
* | HBAC: Handle saving groups that have no members | Stephen Gallagher | 2011-08-26 | 1 | -7/+21 |
| | |||||
* | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 2011-08-26 | 1 | -3/+55 |
| | | | | https://fedorahosted.org/sssd/ticket/970 | ||||
* | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 2011-08-26 | 5 | -3/+17 |
| | | | | https://fedorahosted.org/sssd/ticket/978 | ||||
* | --debug-timestamps=1 is not passed to providers | Pavel Březina | 2011-08-25 | 2 | -11/+8 |
| | | | | | | https://fedorahosted.org/sssd/ticket/972 --debug-timestamps=1 is now passed to providers | ||||
* | New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 | Pavel Březina | 2011-08-25 | 4 | -4/+15 |
| | | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level); | ||||
* | New DEBUG facility - conversion | Pavel Březina | 2011-08-25 | 11 | -9/+16 |
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT) | ||||
* | Improve password policy error code and message | Sumit Bose | 2011-08-25 | 1 | -4/+9 |
| | | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied. | ||||
* | IPA dyndns: do not segfault if the server cannot be resolved | Jakub Hrozek | 2011-08-25 | 1 | -4/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/963 | ||||
* | Handle timeout during sss_ldap_init_send | Jakub Hrozek | 2011-08-15 | 1 | -1/+5 |
| | | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds. | ||||
* | Moved some functions in sdap_async_initgroups | Jan Zeleny | 2011-08-15 | 1 | -345/+349 |
| | |||||
* | Moved some functions in sdap_async_groups | Jan Zeleny | 2011-08-15 | 1 | -122/+112 |
| | |||||
* | Confusing part of code cleared out | Jan Zeleny | 2011-08-15 | 1 | -34/+32 |
| | |||||
* | sdap_async_accounts.c split | Jan Zeleny | 2011-08-15 | 4 | -2514/+2588 |
| | | | | | | | | | The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864 | ||||
* | sysdb refactoring: memory context deleted | Jan Zeleny | 2011-08-15 | 10 | -43/+31 |
| | | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | ||||
* | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 2011-08-15 | 22 | -101/+69 |
| | | | | | The patch also updates code using modified functions. Tests have also been adjusted. | ||||
* | Use sysdb attribute name for GID, not LDAP attribute | Stephen Gallagher | 2011-08-11 | 1 | -3/+3 |
| | |||||
* | Fix returning groups when gidNumber attribute is not ordered | Jakub Hrozek | 2011-08-04 | 3 | -4/+10 |
| | | | | https://fedorahosted.org/sssd/ticket/951 | ||||
* | Request password control unconditionally during bind | Jakub Hrozek | 2011-08-01 | 1 | -6/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/940 | ||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/944 | ||||
* | Add rule validator to libipa_hbac | Stephen Gallagher | 2011-08-01 | 2 | -0/+74 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | ||||
* | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | |||||
* | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 2011-07-29 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/936 | ||||
* | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 2011-07-29 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/933 |