Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Fix typo in specfile | Stephen Gallagher | 2011-09-15 | 1 | -2/+2 |
| | |||||
* | Do not build documentation on RHEL 5 | Stephen Gallagher | 2011-09-15 | 1 | -1/+17 |
| | | | | | RHEL 5 has a very old version of doxygen that does not search the correct locations for documentation. | ||||
* | MONITOR: Correctly detect lack of response from services | Stephen Gallagher | 2011-09-15 | 1 | -21/+26 |
| | | | | | | | | | | We were incorrectly using DBUS_ERROR_TIMEOUT here. The correct behaviour is to check for DBUS_ERROR_NO_REPLY. This way we will properly handle the three-tries in the tasks_check_handler(). Additionally, we weren't properly handling failure counts correctly, meaning we weren't restarting stuck services in a timely manner. | ||||
* | Add libipa_hbac documentation to the -devel package | Stephen Gallagher | 2011-09-08 | 1 | -1/+5 |
| | |||||
* | Improve documentation of libipa_hbac | Stephen Gallagher | 2011-09-08 | 4 | -22/+1699 |
| | |||||
* | Do not access memory out of bounds | Sumit Bose | 2011-09-07 | 1 | -2/+2 |
| | |||||
* | Keep deref controls until the whole request is finished | Jakub Hrozek | 2011-09-06 | 1 | -8/+45 |
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed. | ||||
* | Improve error message for LDAP password constraint violation | Jakub Hrozek | 2011-09-06 | 3 | -16/+29 |
| | | | | https://fedorahosted.org/sssd/ticket/985 | ||||
* | Remove all libtool .la files from RPM | Stephen Gallagher | 2011-09-06 | 1 | -13/+2 |
| | |||||
* | sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() | Pavel Březina | 2011-09-06 | 4 | -38/+38 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | sss_ldap_err2string() - function created | Pavel Březina | 2011-09-06 | 3 | -2/+16 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | Fix typo in %configure | Stephen Gallagher | 2011-09-02 | 1 | -1/+1 |
| | |||||
* | Add option to specify the kerberos replay cache dir | Stephen Gallagher | 2011-09-02 | 10 | -0/+77 |
| | | | | | | | Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980 | ||||
* | Bumping version to 1.6.2 | Stephen Gallagher | 2011-08-29 | 1 | -1/+1 |
| | |||||
* | Updating translation files for 1.6.1 releasesssd-1_6_1 | Stephen Gallagher | 2011-08-29 | 20 | -1502/+1776 |
| | |||||
* | Fix moving to next entry in deref code | Jakub Hrozek | 2011-08-29 | 1 | -1/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/973 | ||||
* | HBAC: Properly skip all non-group memberOf entries | Stephen Gallagher | 2011-08-29 | 1 | -1/+2 |
| | |||||
* | HBAC: Use of hostgroups for targethost or sourcehost was broken | Stephen Gallagher | 2011-08-26 | 1 | -4/+4 |
| | | | | | We were trying to look up the wrong attribute for the name of the hostgroup. | ||||
* | HBAC: Handle saving groups that have no members | Stephen Gallagher | 2011-08-26 | 1 | -7/+21 |
| | |||||
* | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 2011-08-26 | 1 | -3/+55 |
| | | | | https://fedorahosted.org/sssd/ticket/970 | ||||
* | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 2011-08-26 | 8 | -3/+33 |
| | | | | https://fedorahosted.org/sssd/ticket/978 | ||||
* | Improve password policy error code and message | Sumit Bose | 2011-08-25 | 1 | -4/+9 |
| | | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied. | ||||
* | Return the first value of name if the multivalued name attribute does not ↵ | Jakub Hrozek | 2011-08-25 | 1 | -3/+4 |
| | | | | | | match RDN https://fedorahosted.org/sssd/ticket/926 | ||||
* | IPA dyndns: do not segfault if the server cannot be resolved | Jakub Hrozek | 2011-08-25 | 1 | -4/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/963 | ||||
* | Handle timeout during sss_ldap_init_send | Jakub Hrozek | 2011-08-15 | 3 | -3/+41 |
| | | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds. | ||||
* | Use sysdb attribute name for GID, not LDAP attribute | Stephen Gallagher | 2011-08-11 | 1 | -3/+3 |
| | |||||
* | Allow the O_NONBLOCK flag to be reset correctly | Ralf Haferkamp | 2011-08-11 | 1 | -14/+0 |
| | | | | | | | | | | sssd set the O_NONBLOCK flag on the LDAP socket twice. First in set_fd_flags_and_opts(). And the second time in sdap_async_sys_connect_send() after storing a backup in the local state structure. The backup is later used to restore the original flags (after connect() succeeded). As NONBLOCK was already set before it didn't correctly reset that flag. https://fedorahosted.org/sssd/ticket/952 | ||||
* | Prevent segfault if vetoed_shells are specified without allowed_shells | Jakub Hrozek | 2011-08-08 | 1 | -16/+19 |
| | | | | https://fedorahosted.org/sssd/ticket/954 | ||||
* | Revert "Allow LDAP to decide when an expiration warning is warranted" | Stephen Gallagher | 2011-08-04 | 1 | -4/+3 |
| | | | | This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6. | ||||
* | Fix returning groups when gidNumber attribute is not ordered | Jakub Hrozek | 2011-08-04 | 3 | -4/+10 |
| | | | | https://fedorahosted.org/sssd/ticket/951 | ||||
* | pyhbac: Do not convert int to bool | Jakub Hrozek | 2011-08-04 | 1 | -2/+11 |
| | |||||
* | Fix two man page typos | Yuri Chornoivan | 2011-08-03 | 2 | -2/+2 |
| | |||||
* | Bumping version to 1.6.1 | Stephen Gallagher | 2011-08-02 | 1 | -1/+1 |
| | |||||
* | Updating translations for 1.6.0 releasesssd-1_6_0 | Stephen Gallagher | 2011-08-02 | 20 | -4822/+7254 |
| | |||||
* | Allow LDAP to decide when an expiration warning is warranted | Stephen Gallagher | 2011-08-01 | 1 | -3/+4 |
| | | | | | | | | | Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it. | ||||
* | Request password control unconditionally during bind | Jakub Hrozek | 2011-08-01 | 1 | -6/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/940 | ||||
* | HBAC rule validation Python bindings | Jakub Hrozek | 2011-08-01 | 2 | -0/+129 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/944 | ||||
* | Add rule validator to libipa_hbac | Stephen Gallagher | 2011-08-01 | 4 | -1/+190 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | ||||
* | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | |||||
* | Require matched version and release for libipa_hbac | Stephen Gallagher | 2011-08-01 | 1 | -0/+1 |
| | |||||
* | Converge accept_fd_handler and accept_priv_fd_handler | Stephen Gallagher | 2011-07-29 | 1 | -85/+50 |
| | | | | | These two functions were almost identical. Better to maintain them as a single function. | ||||
* | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 2011-07-29 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/936 | ||||
* | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 2011-07-29 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/933 | ||||
* | Add vetoed_shells option | John Hodrien | 2011-07-29 | 6 | -1/+27 |
| | | | | | | | | There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> | ||||
* | sss_client: avoid leaking file descriptors | Simo Sorce | 2011-07-29 | 2 | -0/+15 |
| | | | | | | | | | | If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek) | ||||
* | UTF8 HBAC test | Jakub Hrozek | 2011-07-29 | 1 | -0/+117 |
| | |||||
* | libipa_hbac: Support case-insensitive comparisons with UTF8 | Stephen Gallagher | 2011-07-29 | 5 | -17/+111 |
| | |||||
* | Handle allocation error in python HBAC bindings | Jakub Hrozek | 2011-07-27 | 1 | -0/+3 |
| | | | | https://fedorahosted.org/sssd/ticket/934 |