Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Avoid long long in messages to PAM client use int64_t | Sumit Bose | 2010-11-15 | 3 | -16/+16 |
| | |||||
* | Sanitize ldap attributes in the config file | Stephen Gallagher | 2010-11-15 | 1 | -2/+21 |
| | | | | https://fedorahosted.org/sssd/ticket/458 | ||||
* | Properly document ldap_purge_cache_timeout | Stephen Gallagher | 2010-11-15 | 2 | -1/+28 |
| | | | | Also allow it to be disabled entirely | ||||
* | Sanitize search filters in LDAP provider | Stephen Gallagher | 2010-11-15 | 4 | -7/+61 |
| | |||||
* | Add unit tests for users and groups with odd characters | Stephen Gallagher | 2010-11-15 | 1 | -0/+145 |
| | |||||
* | Sanitize sysdb dn for memberof lookup | Stephen Gallagher | 2010-11-15 | 1 | -1/+11 |
| | |||||
* | Sanitize search filters in memberOf plugin | Stephen Gallagher | 2010-11-15 | 1 | -2/+20 |
| | |||||
* | Sanitize sysdb DN helpers | Stephen Gallagher | 2010-11-15 | 1 | -7/+83 |
| | |||||
* | Sanitize sysdb filters in the LDAP provider | Stephen Gallagher | 2010-11-15 | 1 | -2/+11 |
| | |||||
* | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 2010-11-15 | 1 | -2/+17 |
| | |||||
* | Sanitize search filters for the sysdb | Stephen Gallagher | 2010-11-15 | 1 | -6/+39 |
| | |||||
* | Add sysdb utility function for sanitizing DN | Stephen Gallagher | 2010-11-15 | 2 | -0/+27 |
| | |||||
* | Add utility function to sanitize LDAP/LDB filters | Stephen Gallagher | 2010-11-15 | 3 | -0/+131 |
| | | | | Also adds a unit test. | ||||
* | Properly check the return value from semanage_commit | Stephen Gallagher | 2010-11-05 | 1 | -2/+2 |
| | | | | | | | semanage_commit() returns -1 on error, and can return a positive value on success. https://bugzilla.redhat.com/show_bug.cgi?id=649037 | ||||
* | Review comments for namingContexts patches | Sumit Bose | 2010-11-05 | 3 | -23/+17 |
| | |||||
* | Handle errors during log reopening better | Stephen Gallagher | 2010-11-05 | 2 | -3/+30 |
| | |||||
* | Make ldap_search_base a non-mandatory option | Sumit Bose | 2010-11-04 | 3 | -39/+46 |
| | |||||
* | Use (default)namingContext to set empty search bases | Sumit Bose | 2010-11-04 | 4 | -1/+117 |
| | |||||
* | Add defaultNamingContext to RootDSE attributes | Sumit Bose | 2010-11-04 | 2 | -0/+3 |
| | |||||
* | Call krb5_child to check access permissions | Sumit Bose | 2010-11-04 | 2 | -4/+129 |
| | |||||
* | Make handle_child_* request public | Sumit Bose | 2010-11-04 | 3 | -325/+429 |
| | | | | | | I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit. | ||||
* | Add krb5_kuserok() access check to krb5_child | Sumit Bose | 2010-11-04 | 1 | -17/+73 |
| | |||||
* | Make krb5_setup() public | Sumit Bose | 2010-11-04 | 3 | -6/+8 |
| | |||||
* | Add krb5_get_simple_upn() | Sumit Bose | 2010-11-04 | 3 | -6/+30 |
| | |||||
* | Add infrastructure for Kerberos access provider | Sumit Bose | 2010-11-04 | 4 | -26/+184 |
| | |||||
* | Store krb5 auth context for other targets | Sumit Bose | 2010-11-04 | 1 | -1/+2 |
| | |||||
* | Don't clean up groups for which a user has it as primary GID | Stephen Gallagher | 2010-11-04 | 1 | -2/+15 |
| | | | | | | | | | | We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624 | ||||
* | Fix two return value checks | Sumit Bose | 2010-11-01 | 1 | -2/+2 |
| | |||||
* | Fix misused SDAP_SEARCH_BASE | Moritz Baumann | 2010-11-01 | 1 | -1/+1 |
| | |||||
* | Fix incorrect free of req in krb5_auth.c | Stephen Gallagher | 2010-11-01 | 1 | -1/+1 |
| | |||||
* | Allow authentication for referrals | Sumit Bose | 2010-10-27 | 1 | -0/+193 |
| | |||||
* | Always use uint32_t for UID/GID numbers | Jakub Hrozek | 2010-10-26 | 8 | -50/+43 |
| | |||||
* | Fix double free issue | Sumit Bose | 2010-10-26 | 1 | -2/+2 |
| | |||||
* | Always use talloc_zero() to allocate cmdctx | Sumit Bose | 2010-10-26 | 2 | -3/+3 |
| | |||||
* | Remove all nss requests after a reconnect | Sumit Bose | 2010-10-26 | 3 | -1/+26 |
| | | | | | | | Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing. | ||||
* | Implement netgroups for proxy provider | Sumit Bose | 2010-10-25 | 3 | -2/+143 |
| | |||||
* | Add netgroups infrastructure to proxy provider | Sumit Bose | 2010-10-25 | 3 | -0/+42 |
| | |||||
* | Download only enabled IPA HBAC rules | Sumit Bose | 2010-10-22 | 1 | -1/+3 |
| | |||||
* | Add some missing ldap_memfree() | Sumit Bose | 2010-10-22 | 2 | -3/+6 |
| | |||||
* | Add ldap_deref option | Sumit Bose | 2010-10-22 | 10 | -3/+103 |
| | |||||
* | Write log opening failures to the syslog | Stephen Gallagher | 2010-10-19 | 2 | -1/+4 |
| | | | | | If there is a problem with reopening the logs, it can be an audit trail issue. | ||||
* | Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. | Jan Zeleny | 2010-10-19 | 12 | -10/+79 |
| | | | | | | | | For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 | ||||
* | Move all references to ldap_<entity>_search_base to "advanced" section | Jan Zeleny | 2010-10-18 | 2 | -44/+52 |
| | | | | | | | The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607 | ||||
* | set in_transaction explicitly to false | Jakub Hrozek | 2010-10-18 | 1 | -1/+1 |
| | |||||
* | Use unsigned long for conversion to id_t | Jakub Hrozek | 2010-10-18 | 4 | -40/+22 |
| | | | | | | | | We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead. | ||||
* | Add proper nested initgroup support for RFC2307bis servers | Stephen Gallagher | 2010-10-18 | 1 | -3/+761 |
| | |||||
* | Modify sysdb_[add|remove]_group_member to accept users and groups | Stephen Gallagher | 2010-10-18 | 4 | -44/+102 |
| | | | | | | | | Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained. | ||||
* | Handle nested groups in RFC2307bis | Stephen Gallagher | 2010-10-18 | 1 | -1/+776 |
| | | | | | | | | This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb | ||||
* | Make sdap_save_users_send handle zero users gracefully | Stephen Gallagher | 2010-10-18 | 1 | -0/+5 |
| | | | | | If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction | ||||
* | Add option to limit nested groups | Simo Sorce | 2010-10-18 | 7 | -3/+24 |
| |