summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Store name aliases for users, groupsJakub Hrozek2011-10-033-37/+219
|
* Add a sysdb_get_direct_parents functionJakub Hrozek2011-10-033-57/+113
|
* Add sysdb interface to get name aliasesJakub Hrozek2011-10-032-1/+64
|
* HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher2011-09-281-3/+3
|
* IPA access: hostname comparison should be case-insensitiveJakub Hrozek2011-09-281-1/+1
|
* Unbreak ./configureMarko Myllynen2011-09-281-1/+1
| | | | | | | | | | | | ./configure at least from 1.5.13 is failing on Ubuntu Oneiric. The node ``Conditionals'' of automake manual states: Note that you must arrange for _every_ `AM_CONDITIONAL' to be invoked every time `configure' is run. If `AM_CONDITIONAL' is run conditionally (e.g., in a shell `if' statement), then the result will confuse `automake'. So the trick is to run AM_CONDITIONAL unconditionally.
* Enable the midpoint cache update by defaultStephen Gallagher2011-09-222-2/+2
| | | | https://fedorahosted.org/sssd/ticket/918
* Added quiet option to pam_sssPavel Březina2011-09-202-5/+36
| | | | https://fedorahosted.org/sssd/ticket/894
* Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek2011-09-201-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1003
* Add missing options to sssd.api.confMarko Myllynen2011-09-203-3/+26
|
* MAN: Add more information about internal credential storageStephen Gallagher2011-09-202-1/+8
|
* Fix typo in specfileStephen Gallagher2011-09-151-2/+2
|
* Do not build documentation on RHEL 5Stephen Gallagher2011-09-151-1/+17
| | | | | RHEL 5 has a very old version of doxygen that does not search the correct locations for documentation.
* MONITOR: Correctly detect lack of response from servicesStephen Gallagher2011-09-151-21/+26
| | | | | | | | | | We were incorrectly using DBUS_ERROR_TIMEOUT here. The correct behaviour is to check for DBUS_ERROR_NO_REPLY. This way we will properly handle the three-tries in the tasks_check_handler(). Additionally, we weren't properly handling failure counts correctly, meaning we weren't restarting stuck services in a timely manner.
* Add libipa_hbac documentation to the -devel packageStephen Gallagher2011-09-081-1/+5
|
* Improve documentation of libipa_hbacStephen Gallagher2011-09-084-22/+1699
|
* Do not access memory out of boundsSumit Bose2011-09-071-2/+2
|
* Keep deref controls until the whole request is finishedJakub Hrozek2011-09-061-8/+45
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed.
* Improve error message for LDAP password constraint violationJakub Hrozek2011-09-063-16/+29
| | | | https://fedorahosted.org/sssd/ticket/985
* Remove all libtool .la files from RPMStephen Gallagher2011-09-061-13/+2
|
* sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina2011-09-064-38/+38
| | | | https://fedorahosted.org/sssd/ticket/986
* sss_ldap_err2string() - function createdPavel Březina2011-09-063-2/+16
| | | | https://fedorahosted.org/sssd/ticket/986
* Fix typo in %configureStephen Gallagher2011-09-021-1/+1
|
* Add option to specify the kerberos replay cache dirStephen Gallagher2011-09-0210-0/+77
| | | | | | | Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
* Bumping version to 1.6.2Stephen Gallagher2011-08-291-1/+1
|
* Updating translation files for 1.6.1 releasesssd-1_6_1Stephen Gallagher2011-08-2920-1502/+1776
|
* Fix moving to next entry in deref codeJakub Hrozek2011-08-291-1/+6
| | | | https://fedorahosted.org/sssd/ticket/973
* HBAC: Properly skip all non-group memberOf entriesStephen Gallagher2011-08-291-1/+2
|
* HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher2011-08-261-4/+4
| | | | | We were trying to look up the wrong attribute for the name of the hostgroup.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-08-261-7/+21
|
* Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek2011-08-261-3/+55
| | | | https://fedorahosted.org/sssd/ticket/970
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-08-268-3/+33
| | | | https://fedorahosted.org/sssd/ticket/978
* Improve password policy error code and messageSumit Bose2011-08-251-4/+9
| | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
* Return the first value of name if the multivalued name attribute does not ↵Jakub Hrozek2011-08-251-3/+4
| | | | | | match RDN https://fedorahosted.org/sssd/ticket/926
* IPA dyndns: do not segfault if the server cannot be resolvedJakub Hrozek2011-08-251-4/+2
| | | | https://fedorahosted.org/sssd/ticket/963
* Handle timeout during sss_ldap_init_sendJakub Hrozek2011-08-153-3/+41
| | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
* Use sysdb attribute name for GID, not LDAP attributeStephen Gallagher2011-08-111-3/+3
|
* Allow the O_NONBLOCK flag to be reset correctlyRalf Haferkamp2011-08-111-14/+0
| | | | | | | | | | sssd set the O_NONBLOCK flag on the LDAP socket twice. First in set_fd_flags_and_opts(). And the second time in sdap_async_sys_connect_send() after storing a backup in the local state structure. The backup is later used to restore the original flags (after connect() succeeded). As NONBLOCK was already set before it didn't correctly reset that flag. https://fedorahosted.org/sssd/ticket/952
* Prevent segfault if vetoed_shells are specified without allowed_shellsJakub Hrozek2011-08-081-16/+19
| | | | https://fedorahosted.org/sssd/ticket/954
* Revert "Allow LDAP to decide when an expiration warning is warranted"Stephen Gallagher2011-08-041-4/+3
| | | | This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6.
* Fix returning groups when gidNumber attribute is not orderedJakub Hrozek2011-08-043-4/+10
| | | | https://fedorahosted.org/sssd/ticket/951
* pyhbac: Do not convert int to boolJakub Hrozek2011-08-041-2/+11
|
* Fix two man page typosYuri Chornoivan2011-08-032-2/+2
|
* Bumping version to 1.6.1Stephen Gallagher2011-08-021-1/+1
|
* Updating translations for 1.6.0 releasesssd-1_6_0Stephen Gallagher2011-08-0220-4822/+7254
|
* Allow LDAP to decide when an expiration warning is warrantedStephen Gallagher2011-08-011-3/+4
| | | | | | | | | Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
* Request password control unconditionally during bindJakub Hrozek2011-08-011-6/+6
| | | | https://fedorahosted.org/sssd/ticket/940
* HBAC rule validation Python bindingsJakub Hrozek2011-08-012-0/+129
| | | | https://fedorahosted.org/sssd/ticket/943
* Change the default value of ldap_tls_cacert in IPA providerJakub Hrozek2011-08-011-1/+1
| | | | https://fedorahosted.org/sssd/ticket/944
* Add rule validator to libipa_hbacStephen Gallagher2011-08-014-1/+190
| | | | https://fedorahosted.org/sssd/ticket/943
generated by cgit (git 2.34.1) at 2024-05-20 23:03:12 +0000