Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Allow LDAP to decide when an expiration warning is warranted | Stephen Gallagher | 2011-08-01 | 1 | -3/+4 |
| | | | | | | | | | Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it. | ||||
* | Request password control unconditionally during bind | Jakub Hrozek | 2011-08-01 | 1 | -6/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/940 | ||||
* | HBAC rule validation Python bindings | Jakub Hrozek | 2011-08-01 | 2 | -0/+129 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Add rule validator to libipa_hbac | Stephen Gallagher | 2011-08-01 | 3 | -0/+189 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/936 | ||||
* | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 2011-08-01 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/933 | ||||
* | UTF8 HBAC test | Jakub Hrozek | 2011-08-01 | 1 | -0/+117 |
| | |||||
* | libipa_hbac: Support case-insensitive comparisons with UTF8 | Stephen Gallagher | 2011-08-01 | 2 | -16/+107 |
| | |||||
* | Handle allocation error in python HBAC bindings | Jakub Hrozek | 2011-08-01 | 1 | -0/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/934 | ||||
* | Remove dead code from python HBAC bindings | Jakub Hrozek | 2011-08-01 | 1 | -4/+0 |
| | | | | https://fedorahosted.org/sssd/ticket/935 | ||||
* | Fix python HBAC bindings for python <= 2.4 | Jakub Hrozek | 2011-08-01 | 5 | -84/+311 |
| | | | | | | | | | | | | | | | Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4 | ||||
* | Fixes for python HBAC bindings | Jakub Hrozek | 2011-08-01 | 2 | -12/+105 |
| | | | | | | | | | These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts | ||||
* | Provide python bindings for the HBAC evaluator library | Jakub Hrozek | 2011-08-01 | 2 | -0/+2209 |
| | |||||
* | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2011-08-01 | 2 | -11/+25 |
| | | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | ||||
* | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 2011-08-01 | 6 | -2/+42 |
| | | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | ||||
* | Add ipa_hbac_refresh option | Stephen Gallagher | 2011-08-01 | 7 | -1/+38 |
| | | | | | This option describes the time between refreshes of the HBAC rules on the IPA server. | ||||
* | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2011-08-01 | 2 | -124/+398 |
| | | | | | | Conflicts: Makefile.am | ||||
* | Remove old HBAC implementation | Stephen Gallagher | 2011-08-01 | 2 | -1595/+1 |
| | |||||
* | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 2011-08-01 | 6 | -0/+2616 |
| | |||||
* | Add HBAC evaluator and tests | Stephen Gallagher | 2011-08-01 | 4 | -0/+1004 |
| | |||||
* | Add helper function msgs2attrs_array | Stephen Gallagher | 2011-08-01 | 2 | -0/+33 |
| | | | | | | | | | | This function converts a list of ldb_messages into a list of sysdb_attrs. Conflicts: src/providers/ldap/ldap_common.c src/providers/ldap/ldap_common.h | ||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/944 | ||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | ||||
* | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | |||||
* | sss_client: avoid leaking file descriptors | Simo Sorce | 2011-07-29 | 1 | -0/+3 |
| | | | | | | | | | | If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek) | ||||
* | Explicitly ignore groups with gidNumber=0 | Jakub Hrozek | 2011-07-27 | 2 | -11/+18 |
| | | | | https://fedorahosted.org/sssd/ticket/916 | ||||
* | Set gidNumber of non-posix groups to 0 even on updates | Jakub Hrozek | 2011-07-27 | 1 | -8/+44 |
| | |||||
* | Fix indexing of skipped groups | Jakub Hrozek | 2011-07-21 | 1 | -2/+4 |
| | | | | https://fedorahosted.org/sssd/ticket/928 | ||||
* | Only print server address if one is available | Jakub Hrozek | 2011-07-21 | 1 | -0/+7 |
| | |||||
* | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 2011-07-21 | 1 | -1/+8 |
| | | | | https://fedorahosted.org/sssd/ticket/911 | ||||
* | Use ares_search instead of ares_query for hostname resolution | Jakub Hrozek | 2011-07-13 | 1 | -1/+1 |
| | | | | | | | ares_query does not take search or domain directives from /etc/resolv.conf into account https://fedorahosted.org/sssd/ticket/922 | ||||
* | Fix unchecked return values of pam_add_responsesssd-1_5_11 | Jakub Hrozek | 2011-07-05 | 3 | -7/+23 |
| | | | | https://fedorahosted.org/sssd/ticket/798 | ||||
* | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 2011-07-05 | 1 | -12/+17 |
| | | | | https://fedorahosted.org/sssd/ticket/915 | ||||
* | Call ldap_install_tls() on ldaps connections | Sumit Bose | 2011-07-05 | 1 | -0/+15 |
| | |||||
* | Replace system() function with fork and execl call. | Matthew Ife | 2011-07-05 | 1 | -22/+30 |
| | | | | | | | | | | This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com> | ||||
* | Do not access state after tevent_req_done() is called.sssd-1_5_10 | Sumit Bose | 2011-07-01 | 1 | -10/+16 |
| | |||||
* | Do not attempt to close() a file descriptor < 0 | Stephen Gallagher | 2011-07-01 | 1 | -1/+3 |
| | | | | Coverity 10886 | ||||
* | Updating translation files for SSSD 1.5.9sssd-1_5_9 | Stephen Gallagher | 2011-06-30 | 42 | -42/+42 |
| | |||||
* | Don't pass NULL to printf for TLS errors | Jakub Hrozek | 2011-06-30 | 5 | -33/+56 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/643 Conflicts: src/util/sss_ldap.h | ||||
* | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 2011-06-30 | 6 | -38/+435 |
| | |||||
* | Use name based URI instead of IP address based URIs | Sumit Bose | 2011-06-30 | 2 | -38/+3 |
| | |||||
* | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2011-06-30 | 2 | -0/+40 |
| | |||||
* | Add sockaddr_storage to sdap_service | Sumit Bose | 2011-06-30 | 5 | -0/+62 |
| | |||||
* | Log nsupdate message | Jakub Hrozek | 2011-06-30 | 1 | -0/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/893 | ||||
* | Test NULL server hostname in fail over tests | Jakub Hrozek | 2011-06-30 | 1 | -8/+16 |
| | |||||
* | Provide TTL structure names for c-ares < 1.7 | Jakub Hrozek | 2011-06-30 | 2 | -0/+11 |
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time. | ||||
* | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 2011-06-30 | 10 | -277/+402 |
| | | | | | | Conflicts: src/providers/fail_over.c | ||||
* | Resolve hosts by name from DNS into resolv_hostent | Jakub Hrozek | 2011-06-30 | 1 | -0/+254 |
| | |||||
* | Resolve hosts by name from files into resolv_hostent | Jakub Hrozek | 2011-06-30 | 1 | -0/+92 |
| | |||||
* | Add new resolv_hostent data structure and utility functions | Jakub Hrozek | 2011-06-30 | 2 | -0/+200 |
| |