summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
...
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-216-10/+10
|
* Only print server address if one is availableJakub Hrozek2011-07-211-0/+7
|
* Do not add a NULL host parsed from LDAP URIJakub Hrozek2011-07-211-1/+8
| | | | https://fedorahosted.org/sssd/ticket/911
* Remove unused krb5_service structure memberJakub Hrozek2011-07-133-7/+1
|
* Check DNS records before updatingJakub Hrozek2011-07-114-25/+470
| | | | https://fedorahosted.org/sssd/ticket/802
* Split reading resolver family order into a separate functionJakub Hrozek2011-07-111-23/+3
|
* Do not hardcode default resolver timeoutJakub Hrozek2011-07-111-1/+1
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-112-14/+36
| | | | https://fedorahosted.org/sssd/ticket/909
* Move IP adress escaping from the LDAP namespaceJakub Hrozek2011-07-111-3/+3
|
* Add LDAP access control based on NDS attributesSumit Bose2011-07-086-3/+197
|
* Treat NULL or empty rhost as unknownStephen Gallagher2011-07-082-11/+25
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add ipa_hbac_treat_deny_as optionStephen Gallagher2011-07-083-2/+13
| | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
* Add ipa_hbac_refresh optionStephen Gallagher2011-07-084-1/+21
| | | | | This option describes the time between refreshes of the HBAC rules on the IPA server.
* Add new HBAC lookup and evaluation routinesStephen Gallagher2011-07-082-124/+398
|
* Remove old HBAC implementationStephen Gallagher2011-07-082-1595/+1
|
* Add helper functions for looking up HBAC rule componentsStephen Gallagher2011-07-086-0/+2616
|
* Add HBAC evaluator and testsStephen Gallagher2011-07-083-0/+386
|
* Add helper function msgs2attrs_arrayStephen Gallagher2011-07-082-0/+33
| | | | | This function converts a list of ldb_messages into a list of sysdb_attrs.
* ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek2011-07-051-12/+17
| | | | https://fedorahosted.org/sssd/ticket/915
* Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2011-06-303-37/+88
|
* Use name based URI instead of IP address based URIsSumit Bose2011-06-302-38/+3
|
* Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2011-06-302-0/+40
|
* Add sockaddr_storage to sdap_serviceSumit Bose2011-06-303-0/+22
|
* Log nsupdate messageJakub Hrozek2011-06-211-0/+3
| | | | https://fedorahosted.org/sssd/ticket/893
* Do not check pwdAttributeSumit Bose2011-06-161-9/+0
| | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-156-28/+29
|
* Fix proxy provider return code for secondary missing groupsSumit Bose2011-06-151-1/+3
|
* Fix two typosSumit Bose2011-06-151-2/+3
|
* Delete cached ccache file if password is expiredSumit Bose2011-06-151-8/+63
|
* Non-posix group processing - ldap provider and nss responderJan Zeleny2011-06-022-28/+79
|
* Escape IPv6 IP addresses in the IPA providerJakub Hrozek2011-06-021-4/+26
| | | | https://fedorahosted.org/sssd/ticket/880
* Use escaped IP addresses in LDAP providerJakub Hrozek2011-06-021-6/+56
|
* Add utility function to return IP address as stringJakub Hrozek2011-06-022-17/+4
|
* Add online callback only once for TGT renewalSumit Bose2011-06-021-25/+44
|
* Sanitize username during initgroups callSumit Bose2011-05-251-1/+7
|
* Separate return paths for success and failure in sdap_nested_group_check_cacheJakub Hrozek2011-05-251-6/+10
|
* Make "password" the default for ldap_default_authtok_typeStephen Gallagher2011-05-241-1/+1
|
* Fix uninitialized scalar variable in sdap_nested_group_check_cacheJakub Hrozek2011-05-241-2/+4
| | | | https://fedorahosted.org/sssd/ticket/878
* Fix uninitialized pointer read in sdap_x_deref_parse_entryJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/877
* Fix bad comparison in sdap_has_deref_supportJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/876
* Use dereference when processing RFC2307bis nested groupsJakub Hrozek2011-05-205-17/+460
| | | | | | | | Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
* Refactor RFC2307bis nested group processingJakub Hrozek2011-05-201-123/+188
| | | | | | This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing.
* Use fake users during RFC2307bis nested group processingJakub Hrozek2011-05-201-13/+165
| | | | | | Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries.
* Change sysdb_add_fake_user to add OriginalDNJakub Hrozek2011-05-201-1/+1
| | | | | RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too.
* Generic dereference searchJakub Hrozek2011-05-202-0/+157
| | | | | | A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
* OpenLDAP dereference searchesJakub Hrozek2011-05-203-0/+376
| | | | | | | | This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
* Add support for Attribute Scoped QueriesJakub Hrozek2011-05-201-0/+203
| | | | | | For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
* Generic dereference data structures and utilitiesJakub Hrozek2011-05-202-0/+45
| | | | These will be shared by both dereference methods in a later patch.
* sdap_get_generic_extJakub Hrozek2011-05-201-73/+202
| | | | | | | | | | | Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries.
* Fixed copying of pam_data structureJan Zeleny2011-05-201-0/+1
| | | | | Related ticket: https://fedorahosted.org/sssd/ticket/855
generated by cgit (git 2.34.1) at 2024-05-25 11:02:42 +0000