summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* Improve documentation of libipa_hbacStephen Gallagher2011-09-082-21/+1697
|
* Do not access memory out of boundsSumit Bose2011-09-071-2/+2
|
* Keep deref controls until the whole request is finishedJakub Hrozek2011-09-061-8/+45
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed.
* Improve error message for LDAP password constraint violationJakub Hrozek2011-09-063-16/+29
| | | | https://fedorahosted.org/sssd/ticket/985
* Allow turning dereference off by setting the threshold to 0Jakub Hrozek2011-09-063-3/+9
|
* sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina2011-09-063-35/+35
| | | | https://fedorahosted.org/sssd/ticket/986
* sss_ldap_err2string() - function createdPavel Březina2011-09-061-2/+0
| | | | https://fedorahosted.org/sssd/ticket/986
* HBAC: Properly skip all non-group memberOf entriesStephen Gallagher2011-08-291-1/+2
|
* Fix moving to next entry in deref codeJakub Hrozek2011-08-291-1/+6
| | | | https://fedorahosted.org/sssd/ticket/973
* HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher2011-08-261-4/+4
| | | | | We were trying to look up the wrong attribute for the name of the hostgroup.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-08-261-7/+21
|
* Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek2011-08-261-3/+55
| | | | https://fedorahosted.org/sssd/ticket/970
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-08-265-3/+17
| | | | https://fedorahosted.org/sssd/ticket/978
* --debug-timestamps=1 is not passed to providersPavel Březina2011-08-252-11/+8
| | | | | | https://fedorahosted.org/sssd/ticket/972 --debug-timestamps=1 is now passed to providers
* New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina2011-08-254-4/+15
| | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
* New DEBUG facility - conversionPavel Březina2011-08-2511-9/+16
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
* Improve password policy error code and messageSumit Bose2011-08-251-4/+9
| | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
* IPA dyndns: do not segfault if the server cannot be resolvedJakub Hrozek2011-08-251-4/+2
| | | | https://fedorahosted.org/sssd/ticket/963
* Handle timeout during sss_ldap_init_sendJakub Hrozek2011-08-151-1/+5
| | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
* Moved some functions in sdap_async_initgroupsJan Zeleny2011-08-151-345/+349
|
* Moved some functions in sdap_async_groupsJan Zeleny2011-08-151-122/+112
|
* Confusing part of code cleared outJan Zeleny2011-08-151-34/+32
|
* sdap_async_accounts.c splitJan Zeleny2011-08-154-2514/+2588
| | | | | | | | | The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864
* sysdb refactoring: memory context deletedJan Zeleny2011-08-1510-43/+31
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-1522-101/+69
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Use sysdb attribute name for GID, not LDAP attributeStephen Gallagher2011-08-111-3/+3
|
* Fix returning groups when gidNumber attribute is not orderedJakub Hrozek2011-08-043-4/+10
| | | | https://fedorahosted.org/sssd/ticket/951
* Request password control unconditionally during bindJakub Hrozek2011-08-011-6/+6
| | | | https://fedorahosted.org/sssd/ticket/940
* Change the default value of ldap_tls_cacert in IPA providerJakub Hrozek2011-08-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/944
* Add rule validator to libipa_hbacStephen Gallagher2011-08-012-0/+74
| | | | https://fedorahosted.org/sssd/ticket/943
* Remove incorrect private variableStephen Gallagher2011-08-011-1/+1
| | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback)
* Wrong paramater to sysdb_attrs_add_uint32Jakub Hrozek2011-08-011-1/+1
|
* Fix incorrect NULL check in ipa_hbac_common.cStephen Gallagher2011-07-291-1/+1
| | | | https://fedorahosted.org/sssd/ticket/936
* Fix memory leak in ipa_hbac_evaluate_rulesStephen Gallagher2011-07-291-0/+1
| | | | https://fedorahosted.org/sssd/ticket/933
* libipa_hbac: Support case-insensitive comparisons with UTF8Stephen Gallagher2011-07-291-16/+98
|
* Explicitly ignore groups with gidNumber=0Jakub Hrozek2011-07-272-11/+18
| | | | https://fedorahosted.org/sssd/ticket/916
* Set gidNumber of non-posix groups to 0 even on updatesJakub Hrozek2011-07-271-8/+44
|
* fo_get_server_name() getter for a server nameJakub Hrozek2011-07-215-3/+31
| | | | | Allows to be more concise in tests and more defensive in resolve callbacks
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-216-10/+10
|
* Only print server address if one is availableJakub Hrozek2011-07-211-0/+7
|
* Do not add a NULL host parsed from LDAP URIJakub Hrozek2011-07-211-1/+8
| | | | https://fedorahosted.org/sssd/ticket/911
* Remove unused krb5_service structure memberJakub Hrozek2011-07-133-7/+1
|
* Check DNS records before updatingJakub Hrozek2011-07-114-25/+470
| | | | https://fedorahosted.org/sssd/ticket/802
* Split reading resolver family order into a separate functionJakub Hrozek2011-07-111-23/+3
|
* Do not hardcode default resolver timeoutJakub Hrozek2011-07-111-1/+1
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-112-14/+36
| | | | https://fedorahosted.org/sssd/ticket/909
* Move IP adress escaping from the LDAP namespaceJakub Hrozek2011-07-111-3/+3
|
* Add LDAP access control based on NDS attributesSumit Bose2011-07-086-3/+197
|
* Treat NULL or empty rhost as unknownStephen Gallagher2011-07-082-11/+25
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add ipa_hbac_treat_deny_as optionStephen Gallagher2011-07-083-2/+13
| | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
generated by cgit (git 2.34.1) at 2024-06-08 11:58:10 +0000