summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Updating translations for 1.6.0 releasesssd-1_6_0Stephen Gallagher2011-08-026-2596/+4336
|
* Allow LDAP to decide when an expiration warning is warrantedStephen Gallagher2011-08-011-3/+4
| | | | | | | | | Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
* Request password control unconditionally during bindJakub Hrozek2011-08-011-6/+6
| | | | https://fedorahosted.org/sssd/ticket/940
* HBAC rule validation Python bindingsJakub Hrozek2011-08-012-0/+129
| | | | https://fedorahosted.org/sssd/ticket/943
* Change the default value of ldap_tls_cacert in IPA providerJakub Hrozek2011-08-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/944
* Add rule validator to libipa_hbacStephen Gallagher2011-08-013-0/+189
| | | | https://fedorahosted.org/sssd/ticket/943
* Remove incorrect private variableStephen Gallagher2011-08-011-1/+1
| | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback)
* Wrong paramater to sysdb_attrs_add_uint32Jakub Hrozek2011-08-011-1/+1
|
* Converge accept_fd_handler and accept_priv_fd_handlerStephen Gallagher2011-07-291-85/+50
| | | | | These two functions were almost identical. Better to maintain them as a single function.
* Fix incorrect NULL check in ipa_hbac_common.cStephen Gallagher2011-07-291-1/+1
| | | | https://fedorahosted.org/sssd/ticket/936
* Fix memory leak in ipa_hbac_evaluate_rulesStephen Gallagher2011-07-291-0/+1
| | | | https://fedorahosted.org/sssd/ticket/933
* Add vetoed_shells optionJohn Hodrien2011-07-296-1/+27
| | | | | | | | There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* sss_client: avoid leaking file descriptorsSimo Sorce2011-07-291-0/+3
| | | | | | | | | | If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
* UTF8 HBAC testJakub Hrozek2011-07-291-0/+117
|
* libipa_hbac: Support case-insensitive comparisons with UTF8Stephen Gallagher2011-07-292-16/+107
|
* Handle allocation error in python HBAC bindingsJakub Hrozek2011-07-271-0/+3
| | | | https://fedorahosted.org/sssd/ticket/934
* Remove dead code from python HBAC bindingsJakub Hrozek2011-07-271-4/+0
| | | | https://fedorahosted.org/sssd/ticket/935
* Explicitly ignore groups with gidNumber=0Jakub Hrozek2011-07-272-11/+18
| | | | https://fedorahosted.org/sssd/ticket/916
* Set gidNumber of non-posix groups to 0 even on updatesJakub Hrozek2011-07-271-8/+44
|
* silence compilation warnings on RHEL5pbrezina2011-07-271-12/+13
| | | | https://fedorahosted.org/sssd/ticket/930
* Fix indexing of skipped groupsJakub Hrozek2011-07-211-2/+4
| | | | https://fedorahosted.org/sssd/ticket/928
* fo_get_server_name() getter for a server nameJakub Hrozek2011-07-216-4/+32
| | | | | Allows to be more concise in tests and more defensive in resolve callbacks
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-217-11/+11
|
* Only print server address if one is availableJakub Hrozek2011-07-211-0/+7
|
* Do not add a NULL host parsed from LDAP URIJakub Hrozek2011-07-211-1/+8
| | | | https://fedorahosted.org/sssd/ticket/911
* Fix python HBAC bindings for python <= 2.4Jakub Hrozek2011-07-135-84/+311
| | | | | | | | | | | | | | | Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4
* Fixes for python HBAC bindingsJakub Hrozek2011-07-132-12/+105
| | | | | | | | | These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts
* Use ares_search instead of ares_query for hostname resolutionJakub Hrozek2011-07-131-1/+1
| | | | | | | ares_query does not take search or domain directives from /etc/resolv.conf into account https://fedorahosted.org/sssd/ticket/922
* Remove unused krb5_service structure memberJakub Hrozek2011-07-133-7/+1
|
* Check DNS records before updatingJakub Hrozek2011-07-114-25/+470
| | | | https://fedorahosted.org/sssd/ticket/802
* Allow returning arbitrary address from resolv_hostent as stringJakub Hrozek2011-07-112-3/+10
|
* Split reading resolver family order into a separate functionJakub Hrozek2011-07-113-23/+52
|
* Do not hardcode default resolver timeoutJakub Hrozek2011-07-112-1/+3
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-112-14/+36
| | | | https://fedorahosted.org/sssd/ticket/909
* Move IP adress escaping from the LDAP namespaceJakub Hrozek2011-07-115-14/+14
|
* Allow NULL memctx in sysdb_custom_subtree_dnStephen Gallagher2011-07-081-3/+11
| | | | ldb_dn_new_fmt() has a bug and cannot take a NULL memory context
* Add LDAP access control based on NDS attributesSumit Bose2011-07-089-3/+253
|
* Add support for experimental featuresSumit Bose2011-07-082-0/+10
| | | | | | | | | | | | New experimental features should have their own configure switch to enable or disable them at compile time. Additionally they can check if the configure variable build_all_experimental_features is set and enable the feature. This variable will be set if the command line option --enable-all-experimental-features is used to configure sssd. This will make it easy to enable all experimental features. Experimental features should be marked in the man pages. To simplify this include/experimental.xml can be used.
* Provide python bindings for the HBAC evaluator libraryJakub Hrozek2011-07-082-0/+2209
|
* Treat NULL or empty rhost as unknownStephen Gallagher2011-07-082-11/+25
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add ipa_hbac_treat_deny_as optionStephen Gallagher2011-07-086-2/+42
| | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
* Add ipa_hbac_refresh optionStephen Gallagher2011-07-087-1/+38
| | | | | This option describes the time between refreshes of the HBAC rules on the IPA server.
* Add new HBAC lookup and evaluation routinesStephen Gallagher2011-07-082-124/+398
|
* Remove old HBAC implementationStephen Gallagher2011-07-082-1595/+1
|
* Add helper functions for looking up HBAC rule componentsStephen Gallagher2011-07-086-0/+2616
|
* Add HBAC evaluator and testsStephen Gallagher2011-07-084-0/+1004
|
* Add helper function msgs2attrs_arrayStephen Gallagher2011-07-082-0/+33
| | | | | This function converts a list of ldb_messages into a list of sysdb_attrs.
* ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek2011-07-051-12/+17
| | | | https://fedorahosted.org/sssd/ticket/915
* Call ldap_install_tls() on ldaps connectionsSumit Bose2011-07-051-0/+15
|
* Replace system() function with fork and execl call.Matthew Ife2011-07-011-22/+30
| | | | | | | | | | This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-04 17:18:40 +0000