Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Handle allocation error in python HBAC bindings | Jakub Hrozek | 2011-08-01 | 1 | -0/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/934 | ||||
* | Remove dead code from python HBAC bindings | Jakub Hrozek | 2011-08-01 | 1 | -4/+0 |
| | | | | https://fedorahosted.org/sssd/ticket/935 | ||||
* | Fix python HBAC bindings for python <= 2.4 | Jakub Hrozek | 2011-08-01 | 5 | -84/+311 |
| | | | | | | | | | | | | | | | Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4 | ||||
* | Fixes for python HBAC bindings | Jakub Hrozek | 2011-08-01 | 2 | -12/+105 |
| | | | | | | | | | These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts | ||||
* | Provide python bindings for the HBAC evaluator library | Jakub Hrozek | 2011-08-01 | 2 | -0/+2209 |
| | |||||
* | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2011-08-01 | 2 | -11/+25 |
| | | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | ||||
* | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 2011-08-01 | 6 | -2/+42 |
| | | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | ||||
* | Add ipa_hbac_refresh option | Stephen Gallagher | 2011-08-01 | 7 | -1/+38 |
| | | | | | This option describes the time between refreshes of the HBAC rules on the IPA server. | ||||
* | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2011-08-01 | 2 | -124/+398 |
| | | | | | | Conflicts: Makefile.am | ||||
* | Remove old HBAC implementation | Stephen Gallagher | 2011-08-01 | 2 | -1595/+1 |
| | |||||
* | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 2011-08-01 | 6 | -0/+2616 |
| | |||||
* | Add HBAC evaluator and tests | Stephen Gallagher | 2011-08-01 | 4 | -0/+1004 |
| | |||||
* | Add helper function msgs2attrs_array | Stephen Gallagher | 2011-08-01 | 2 | -0/+33 |
| | | | | | | | | | | This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h | ||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/944 | ||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | ||||
* | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | |||||
* | sss_client: avoid leaking file descriptors | Simo Sorce | 2011-07-29 | 1 | -0/+3 |
| | | | | | | | | | | If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek) | ||||
* | Explicitly ignore groups with gidNumber=0 | Jakub Hrozek | 2011-07-27 | 2 | -11/+18 |
| | | | | https://fedorahosted.org/sssd/ticket/916 | ||||
* | Set gidNumber of non-posix groups to 0 even on updates | Jakub Hrozek | 2011-07-27 | 1 | -8/+44 |
| | |||||
* | Fix indexing of skipped groups | Jakub Hrozek | 2011-07-21 | 1 | -2/+4 |
| | | | | https://fedorahosted.org/sssd/ticket/928 | ||||
* | Only print server address if one is available | Jakub Hrozek | 2011-07-21 | 1 | -0/+7 |
| | |||||
* | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 2011-07-21 | 1 | -1/+8 |
| | | | | https://fedorahosted.org/sssd/ticket/911 | ||||
* | Use ares_search instead of ares_query for hostname resolution | Jakub Hrozek | 2011-07-13 | 1 | -1/+1 |
| | | | | | | | ares_query does not take search or domain directives from /etc/resolv.conf into account https://fedorahosted.org/sssd/ticket/922 | ||||
* | Fix unchecked return values of pam_add_responsesssd-1_5_11 | Jakub Hrozek | 2011-07-05 | 3 | -7/+23 |
| | | | | https://fedorahosted.org/sssd/ticket/798 | ||||
* | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 2011-07-05 | 1 | -12/+17 |
| | | | | https://fedorahosted.org/sssd/ticket/915 | ||||
* | Call ldap_install_tls() on ldaps connections | Sumit Bose | 2011-07-05 | 1 | -0/+15 |
| | |||||
* | Replace system() function with fork and execl call. | Matthew Ife | 2011-07-05 | 1 | -22/+30 |
| | | | | | | | | | | This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com> | ||||
* | Do not access state after tevent_req_done() is called.sssd-1_5_10 | Sumit Bose | 2011-07-01 | 1 | -10/+16 |
| | |||||
* | Do not attempt to close() a file descriptor < 0 | Stephen Gallagher | 2011-07-01 | 1 | -1/+3 |
| | | | | Coverity 10886 | ||||
* | Updating translation files for SSSD 1.5.9sssd-1_5_9 | Stephen Gallagher | 2011-06-30 | 42 | -42/+42 |
| | |||||
* | Don't pass NULL to printf for TLS errors | Jakub Hrozek | 2011-06-30 | 5 | -33/+56 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/643 Conflicts: src/util/sss_ldap.h | ||||
* | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 2011-06-30 | 6 | -38/+435 |
| | |||||
* | Use name based URI instead of IP address based URIs | Sumit Bose | 2011-06-30 | 2 | -38/+3 |
| | |||||
* | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2011-06-30 | 2 | -0/+40 |
| | |||||
* | Add sockaddr_storage to sdap_service | Sumit Bose | 2011-06-30 | 5 | -0/+62 |
| | |||||
* | Log nsupdate message | Jakub Hrozek | 2011-06-30 | 1 | -0/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/893 | ||||
* | Test NULL server hostname in fail over tests | Jakub Hrozek | 2011-06-30 | 1 | -8/+16 |
| | |||||
* | Provide TTL structure names for c-ares < 1.7 | Jakub Hrozek | 2011-06-30 | 2 | -0/+11 |
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time. | ||||
* | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 2011-06-30 | 10 | -277/+402 |
| | | | | | | Conflicts: src/providers/fail_over.c | ||||
* | Resolve hosts by name from DNS into resolv_hostent | Jakub Hrozek | 2011-06-30 | 1 | -0/+254 |
| | |||||
* | Resolve hosts by name from files into resolv_hostent | Jakub Hrozek | 2011-06-30 | 1 | -0/+92 |
| | |||||
* | Add new resolv_hostent data structure and utility functions | Jakub Hrozek | 2011-06-30 | 2 | -0/+200 |
| | |||||
* | Fall back to polling when inotify fails | Jan Zeleny | 2011-06-24 | 1 | -28/+68 |
| | |||||
* | Do not check pwdAttribute | Sumit Bose | 2011-06-16 | 1 | -9/+0 |
| | | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | ||||
* | Delete cached ccache file if password is expired | Sumit Bose | 2011-06-15 | 1 | -8/+63 |
| | |||||
* | Add new options to override shell value | Jakub Hrozek | 2011-06-02 | 8 | -1/+188 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/742 Conflicts: src/conf_macros.m4 | ||||
* | Add a new option to override home directory value | Jakub Hrozek | 2011-06-02 | 9 | -2/+192 |
| | | | | https://fedorahosted.org/sssd/ticket/551 | ||||
* | Add a new option to override primary GID number | Jakub Hrozek | 2011-06-02 | 8 | -2/+33 |
| | | | | https://fedorahosted.org/sssd/ticket/742 | ||||
* | Clear up -Wunused-but-set-variable warnings | Stephen Gallagher | 2011-06-02 | 3 | -8/+4 |
| | |||||
* | Fix bad merge | Stephen Gallagher | 2011-06-02 | 1 | -0/+1 |
| | | | | | We merged in a patch, but missed that it missed a dependency added by another earlier patch. |