Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 2011-07-21 | 6 | -10/+10 | |
| | ||||||
* | Only print server address if one is available | Jakub Hrozek | 2011-07-21 | 1 | -0/+7 | |
| | ||||||
* | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 2011-07-21 | 1 | -1/+8 | |
| | | | | https://fedorahosted.org/sssd/ticket/911 | |||||
* | Remove unused krb5_service structure member | Jakub Hrozek | 2011-07-13 | 3 | -7/+1 | |
| | ||||||
* | Check DNS records before updating | Jakub Hrozek | 2011-07-11 | 4 | -25/+470 | |
| | | | | https://fedorahosted.org/sssd/ticket/802 | |||||
* | Split reading resolver family order into a separate function | Jakub Hrozek | 2011-07-11 | 1 | -23/+3 | |
| | ||||||
* | Do not hardcode default resolver timeout | Jakub Hrozek | 2011-07-11 | 1 | -1/+1 | |
| | ||||||
* | Escape IP address in kdcinfo | Jakub Hrozek | 2011-07-11 | 2 | -14/+36 | |
| | | | | https://fedorahosted.org/sssd/ticket/909 | |||||
* | Move IP adress escaping from the LDAP namespace | Jakub Hrozek | 2011-07-11 | 1 | -3/+3 | |
| | ||||||
* | Add LDAP access control based on NDS attributes | Sumit Bose | 2011-07-08 | 6 | -3/+197 | |
| | ||||||
* | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2011-07-08 | 2 | -11/+25 | |
| | | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | |||||
* | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 2011-07-08 | 3 | -2/+13 | |
| | | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
* | Add ipa_hbac_refresh option | Stephen Gallagher | 2011-07-08 | 4 | -1/+21 | |
| | | | | | This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
* | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2011-07-08 | 2 | -124/+398 | |
| | ||||||
* | Remove old HBAC implementation | Stephen Gallagher | 2011-07-08 | 2 | -1595/+1 | |
| | ||||||
* | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 2011-07-08 | 6 | -0/+2616 | |
| | ||||||
* | Add HBAC evaluator and tests | Stephen Gallagher | 2011-07-08 | 3 | -0/+386 | |
| | ||||||
* | Add helper function msgs2attrs_array | Stephen Gallagher | 2011-07-08 | 2 | -0/+33 | |
| | | | | | This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
* | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 2011-07-05 | 1 | -12/+17 | |
| | | | | https://fedorahosted.org/sssd/ticket/915 | |||||
* | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 2011-06-30 | 3 | -37/+88 | |
| | ||||||
* | Use name based URI instead of IP address based URIs | Sumit Bose | 2011-06-30 | 2 | -38/+3 | |
| | ||||||
* | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2011-06-30 | 2 | -0/+40 | |
| | ||||||
* | Add sockaddr_storage to sdap_service | Sumit Bose | 2011-06-30 | 3 | -0/+22 | |
| | ||||||
* | Log nsupdate message | Jakub Hrozek | 2011-06-21 | 1 | -0/+3 | |
| | | | | https://fedorahosted.org/sssd/ticket/893 | |||||
* | Do not check pwdAttribute | Sumit Bose | 2011-06-16 | 1 | -9/+0 | |
| | | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
* | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 2011-06-15 | 6 | -28/+29 | |
| | ||||||
* | Fix proxy provider return code for secondary missing groups | Sumit Bose | 2011-06-15 | 1 | -1/+3 | |
| | ||||||
* | Fix two typos | Sumit Bose | 2011-06-15 | 1 | -2/+3 | |
| | ||||||
* | Delete cached ccache file if password is expired | Sumit Bose | 2011-06-15 | 1 | -8/+63 | |
| | ||||||
* | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2011-06-02 | 2 | -28/+79 | |
| | ||||||
* | Escape IPv6 IP addresses in the IPA provider | Jakub Hrozek | 2011-06-02 | 1 | -4/+26 | |
| | | | | https://fedorahosted.org/sssd/ticket/880 | |||||
* | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 2011-06-02 | 1 | -6/+56 | |
| | ||||||
* | Add utility function to return IP address as string | Jakub Hrozek | 2011-06-02 | 2 | -17/+4 | |
| | ||||||
* | Add online callback only once for TGT renewal | Sumit Bose | 2011-06-02 | 1 | -25/+44 | |
| | ||||||
* | Sanitize username during initgroups call | Sumit Bose | 2011-05-25 | 1 | -1/+7 | |
| | ||||||
* | Separate return paths for success and failure in sdap_nested_group_check_cache | Jakub Hrozek | 2011-05-25 | 1 | -6/+10 | |
| | ||||||
* | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 2011-05-24 | 1 | -1/+1 | |
| | ||||||
* | Fix uninitialized scalar variable in sdap_nested_group_check_cache | Jakub Hrozek | 2011-05-24 | 1 | -2/+4 | |
| | | | | https://fedorahosted.org/sssd/ticket/878 | |||||
* | Fix uninitialized pointer read in sdap_x_deref_parse_entry | Jakub Hrozek | 2011-05-24 | 1 | -1/+1 | |
| | | | | https://fedorahosted.org/sssd/ticket/877 | |||||
* | Fix bad comparison in sdap_has_deref_support | Jakub Hrozek | 2011-05-24 | 1 | -1/+1 | |
| | | | | https://fedorahosted.org/sssd/ticket/876 | |||||
* | Use dereference when processing RFC2307bis nested groups | Jakub Hrozek | 2011-05-20 | 5 | -17/+460 | |
| | | | | | | | | Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799 | |||||
* | Refactor RFC2307bis nested group processing | Jakub Hrozek | 2011-05-20 | 1 | -123/+188 | |
| | | | | | | This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing. | |||||
* | Use fake users during RFC2307bis nested group processing | Jakub Hrozek | 2011-05-20 | 1 | -13/+165 | |
| | | | | | | Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries. | |||||
* | Change sysdb_add_fake_user to add OriginalDN | Jakub Hrozek | 2011-05-20 | 1 | -1/+1 | |
| | | | | | RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too. | |||||
* | Generic dereference search | Jakub Hrozek | 2011-05-20 | 2 | -0/+157 | |
| | | | | | | A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635 | |||||
* | OpenLDAP dereference searches | Jakub Hrozek | 2011-05-20 | 3 | -0/+376 | |
| | | | | | | | | This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00 | |||||
* | Add support for Attribute Scoped Queries | Jakub Hrozek | 2011-05-20 | 1 | -0/+203 | |
| | | | | | | For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx | |||||
* | Generic dereference data structures and utilities | Jakub Hrozek | 2011-05-20 | 2 | -0/+45 | |
| | | | | These will be shared by both dereference methods in a later patch. | |||||
* | sdap_get_generic_ext | Jakub Hrozek | 2011-05-20 | 1 | -73/+202 | |
| | | | | | | | | | | | Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries. | |||||
* | Fixed copying of pam_data structure | Jan Zeleny | 2011-05-20 | 1 | -0/+1 | |
| | | | | | Related ticket: https://fedorahosted.org/sssd/ticket/855 |