| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
https://fedorahosted.org/sssd/ticket/986
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/986
|
|
|
|
|
|
|
| |
Adds a configure option to set the distribution default as well as
an sssd.conf option to override it.
https://fedorahosted.org/sssd/ticket/980
|
| |
|
| |
|
|
|
|
|
| |
We were trying to look up the wrong attribute for the name of the
hostgroup.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/970
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/978
|
|
|
|
|
|
| |
Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the
requested password policy cannot be found we return PAM_PERM_DENIED.
Additionally the log message says that the access is denied.
|
|
|
|
|
|
| |
match RDN
https://fedorahosted.org/sssd/ticket/926
|
|
|
|
|
|
|
|
|
| |
In some cases, where there would be no response from the LDAP server,
there would be no R/W events on the LDAP fd, so
sdap_async_sys_connect_done would never be called.
This patch adds a tevent timer that cancels the connection after
SDAP_NETWORK_TIMEOUT seconds.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
sssd set the O_NONBLOCK flag on the LDAP socket twice. First in
set_fd_flags_and_opts(). And the second time in sdap_async_sys_connect_send()
after storing a backup in the local state structure. The backup is later
used to restore the original flags (after connect() succeeded). As NONBLOCK
was already set before it didn't correctly reset that flag.
https://fedorahosted.org/sssd/ticket/952
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/954
|
| |
|
|
|
|
| |
This reverts commit b3d6f8383b94ffe49e02bb156e1ab442b46b042c.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/951
|
| |
|
|
|
|
|
|
|
|
| |
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously, we were only displaying expiration warnings if the
password was going to expire within a day. We'll allow LDAP to
make this decision (by whether it passes us the expiration time).
In the future, we can add an option to clamp this down to a
shorter period if the local admin prefers it.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/940
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/943
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/943
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/936
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/933
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/934
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/935
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Several parts of the HBAC python bindings did not work with old Python
versions, such as the one shipped in RHEL5.
The changes include:
* a compatibility wrapper around python set object
* PyModule_AddIntMacro compat macro
* Py_ssize_t compat definition
* Do not use PyUnicode_FromFormat
* several function prototypes and structures used to have "char
arguments where they have "const char *" in recent versions.
This caused compilation warnings this patch mitigates by using
the discard_const hack on python 2.4
|
|
|
|
|
|
|
|
|
| |
These changes were proposed during a review:
* Change the signature of str_concat_sequence() to const char *
* use a getsetter for HbacRule.enabled to allow string true/false and
integer 1/0 in addition to bool
* fix a minor memory leak (HbacRequest.rule_name)
* remove overzealous discard consts
|
| |
|
|
|
|
|
|
|
| |
Previously, we were assuming this meant it was coming from the
localhost, but this is not a safe assumption. We will now treat it
as unknown and it will fail to match any rule that requires a
specified srchost or group of srchosts.
|
|
|
|
|
|
| |
By default, we will treat the presence of any DENY rule as denying
all users. This option will allow the admin to explicitly ignore
DENY rules during a transitional period.
|
|
|
|
|
| |
This option describes the time between refreshes of the HBAC rules
on the IPA server.
|
|
|
|
|
|
| |
Conflicts:
Makefile.am
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This function converts a list of ldb_messages into a list of
sysdb_attrs.
Conflicts:
src/providers/ldap/ldap_common.c
src/providers/ldap/ldap_common.h
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/944
|
|
|
|
|
|
| |
This caused no ill effects, since it wasn't used in the callback.
However, it is a layering violation (especially since req is freed
in the callback)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/916
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/928
|
| |
|