| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add new resolv_hostent data structure and utility functions
Resolve hosts by name from files into resolv_hostent
Resolve hosts by name from DNS into resolv_hostent
Switch resolver to using resolv_hostent and honor TTL
Conflicts:
src/providers/fail_over.c
Provide TTL structure names for c-ares < 1.7
https://fedorahosted.org/sssd/ticket/898
In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to
ares_addrttl/ares_addr6ttl so they are in the ares_ namespace.
Because they are committed to stable ABI, the contents are the same, just
the name changed -- so it is safe to just #define the new name for older
c-ares version in case the new one is not detected in configure time.
|
|
|
|
|
|
|
|
| |
Added sysdb_attrs_get_bool() function
Non-posix group processing - sysdb changes
Non-posix group processing - ldap provider and nss responder
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Add originalDN to fake groups
Use fake groups during IPA schema initgroups
https://fedorahosted.org/sssd/ticket/822
Use sysdb_attrs_primary_name() in sdap_initgr_nested_store_group
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/807
|
|
|
|
|
|
|
|
| |
Sometimes, a value in LDAP will cease to exist (the classic
example being shadowExpire). We need to make sure we purge that
value from SSSD's sysdb as well.
https://fedorahosted.org/sssd/ticket/750
|
|
|
|
|
|
| |
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
|
|
|
|
| |
Includes a unit test
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/714
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/732
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/728
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds simple_allow_groups and simple_deny_groups options
to the simple access provider. It makes it possible to grant or
deny access based on a user's group memberships within the domain.
This patch makes one minor change to previous functionality: now
all deny rules will supersede allow rules. Previously, if both
simple_allow_users and simple_deny_users were set with the same
value, the allow would win.
https://fedorahosted.org/sssd/ticket/440
|
|
|
|
|
|
| |
It was decided that IPA HBAC will move to a different format to specify
time ranges in access control rules. The evaluation based on the old
format is not needed anymore.
|
| |
|
| |
|
| |
|
|
|
|
| |
Also adds a unit test.
|
| |
|
|
|
|
|
|
|
|
| |
Previously, it assumed that all members were users. This changes
the interface so that either a user or a group can be specified.
Also, it eliminates the need for a memory context to be passed,
since the internal memory should be self-contained.
|
|
|
|
| |
Useful for optimizing the initgroups operation.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Additionally the handling of errno and the errno_t return value of
functions is fixed in krb5_common.c.
|
| |
|
| |
|
|
|
|
| |
This might be useful for examining the test database manually with LDB tools
|
|
|
|
|
|
|
| |
Adds two utility functions to obfuscate a password and inverse to
extract the cleartext password back.
So far, only NSS-based implementation is provided.
|
|
|
|
|
|
|
|
| |
This function will take a user, a list of groups that this user
should be added to and a list of groups the user should be removed
from and will recursively call sysdb_[add|remove]_group_member
Includes a unit test
|
|
|
|
| |
Includes a unit test
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/542
|
|
|
|
| |
Fixes: #535
|
|
|
|
|
|
|
| |
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
|
|
|
|
|
|
|
|
|
|
| |
RFC 2782 defines a way to sort replies to a SRV query. In short, the
algorithm sorts all replies by priority and then does a weight-based
selection for every priority level.
For details, please see the sections "Usage rules" for overview of the
algorithm and section "The 'Weight' field" for description on the weight
selection.
|
|
|
|
|
|
| |
When we converted to the synchronous sysdb interface, the
synchronous-simulating function test_loop() became unnecessary,
but we forgot to remove it.
|
|
|
|
| |
This commit completes the migration to a synchronous sysdb
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
now all calls are synchronous
|
| |
|
| |
|
| |
|