Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Use LDAPDerefSpec properly | Jakub Hrozek | 2011-11-02 | 1 | -4/+6 |
| | | | | | | | | ldap_create_deref_control_value expects an array of LDAPDerefSpec structures with LDAPDerefSpec.derefAttr == NULL as a sentinel. We were passing a single instance of a LDAPDerefSpec structure. https://fedorahosted.org/sssd/ticket/1050 | ||||
* | Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents | Jakub Hrozek | 2011-10-31 | 1 | -2/+1 |
| | |||||
* | RFC2307bis initgroups: fix nested groups processing | Jakub Hrozek | 2011-10-31 | 1 | -20/+33 |
| | | | | | Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership. | ||||
* | Plug memory leaks in LDAP provider | Jakub Hrozek | 2011-10-25 | 1 | -0/+3 |
| | |||||
* | Use fewer transactions during IPA initgroups | Jakub Hrozek | 2011-10-17 | 1 | -171/+286 |
| | |||||
* | Use fewer transactions during RFC2307bis initgroups | Jakub Hrozek | 2011-10-17 | 1 | -368/+397 |
| | |||||
* | Utility functions for LDAP nested schema initgroups | Jakub Hrozek | 2011-10-17 | 1 | -0/+119 |
| | |||||
* | Add a missing break | Jakub Hrozek | 2011-10-17 | 1 | -0/+1 |
| | |||||
* | HBAC: Use originalMember for identifying hostgroups | Stephen Gallagher | 2011-10-14 | 3 | -45/+165 |
| | |||||
* | HBAC: Use originalMember for identifying servicegroups | Stephen Gallagher | 2011-10-14 | 3 | -41/+169 |
| | |||||
* | HBAC: Do not save member/memberOf links | Stephen Gallagher | 2011-10-14 | 1 | -120/+0 |
| | | | | We can just trust the values from the FreeIPA server | ||||
* | Append PID to sbus server socket name, let clients use a symlink | Jakub Hrozek | 2011-10-13 | 2 | -2/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/1034 | ||||
* | Fix small bug where TALLOC_CTX could end up unfreed. | Pavel Zuna | 2011-10-06 | 1 | -3/+3 |
| | |||||
* | Use explicit base 10 for converting strings to integers | Jakub Hrozek | 2011-10-03 | 2 | -4/+4 |
| | | | | https://fedorahosted.org/sssd/ticket/1013 | ||||
* | Store name aliases for users, groups | Jakub Hrozek | 2011-10-03 | 3 | -37/+219 |
| | |||||
* | Add a sysdb_get_direct_parents function | Jakub Hrozek | 2011-10-03 | 1 | -57/+5 |
| | |||||
* | HBAC: fix typos preventing proper hostgroup evaluation | Stephen Gallagher | 2011-09-28 | 1 | -3/+3 |
| | |||||
* | IPA access: hostname comparison should be case-insensitive | Jakub Hrozek | 2011-09-28 | 1 | -1/+1 |
| | |||||
* | Fix uninitialized pointer read in sdap_gssapi_get_default_realm() | Jakub Hrozek | 2011-09-20 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1003 | ||||
* | Improve documentation of libipa_hbac | Stephen Gallagher | 2011-09-08 | 2 | -21/+1697 |
| | |||||
* | Do not access memory out of bounds | Sumit Bose | 2011-09-07 | 1 | -2/+2 |
| | |||||
* | Keep deref controls until the whole request is finished | Jakub Hrozek | 2011-09-06 | 1 | -8/+45 |
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed. | ||||
* | Improve error message for LDAP password constraint violation | Jakub Hrozek | 2011-09-06 | 3 | -16/+29 |
| | | | | https://fedorahosted.org/sssd/ticket/985 | ||||
* | sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() | Pavel Březina | 2011-09-06 | 3 | -35/+35 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | sss_ldap_err2string() - function created | Pavel Březina | 2011-09-06 | 1 | -2/+0 |
| | | | | https://fedorahosted.org/sssd/ticket/986 | ||||
* | Fix moving to next entry in deref code | Jakub Hrozek | 2011-08-29 | 1 | -1/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/973 | ||||
* | HBAC: Properly skip all non-group memberOf entries | Stephen Gallagher | 2011-08-29 | 1 | -1/+2 |
| | |||||
* | HBAC: Use of hostgroups for targethost or sourcehost was broken | Stephen Gallagher | 2011-08-26 | 1 | -4/+4 |
| | | | | | We were trying to look up the wrong attribute for the name of the hostgroup. | ||||
* | HBAC: Handle saving groups that have no members | Stephen Gallagher | 2011-08-26 | 1 | -7/+21 |
| | |||||
* | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 2011-08-26 | 1 | -3/+55 |
| | | | | https://fedorahosted.org/sssd/ticket/970 | ||||
* | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 2011-08-26 | 5 | -3/+17 |
| | | | | https://fedorahosted.org/sssd/ticket/978 | ||||
* | Improve password policy error code and message | Sumit Bose | 2011-08-25 | 1 | -4/+9 |
| | | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied. | ||||
* | IPA dyndns: do not segfault if the server cannot be resolved | Jakub Hrozek | 2011-08-25 | 1 | -4/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/963 | ||||
* | Handle timeout during sss_ldap_init_send | Jakub Hrozek | 2011-08-15 | 1 | -1/+5 |
| | | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds. | ||||
* | Use sysdb attribute name for GID, not LDAP attribute | Stephen Gallagher | 2011-08-11 | 1 | -3/+3 |
| | |||||
* | Fix returning groups when gidNumber attribute is not ordered | Jakub Hrozek | 2011-08-04 | 3 | -4/+10 |
| | | | | https://fedorahosted.org/sssd/ticket/951 | ||||
* | Request password control unconditionally during bind | Jakub Hrozek | 2011-08-01 | 1 | -6/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/940 | ||||
* | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/944 | ||||
* | Add rule validator to libipa_hbac | Stephen Gallagher | 2011-08-01 | 2 | -0/+74 |
| | | | | https://fedorahosted.org/sssd/ticket/943 | ||||
* | Remove incorrect private variable | Stephen Gallagher | 2011-08-01 | 1 | -1/+1 |
| | | | | | | This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | ||||
* | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 2011-08-01 | 1 | -1/+1 |
| | |||||
* | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 2011-07-29 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/936 | ||||
* | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 2011-07-29 | 1 | -0/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/933 | ||||
* | libipa_hbac: Support case-insensitive comparisons with UTF8 | Stephen Gallagher | 2011-07-29 | 1 | -16/+98 |
| | |||||
* | Explicitly ignore groups with gidNumber=0 | Jakub Hrozek | 2011-07-27 | 2 | -11/+18 |
| | | | | https://fedorahosted.org/sssd/ticket/916 | ||||
* | Set gidNumber of non-posix groups to 0 even on updates | Jakub Hrozek | 2011-07-27 | 1 | -8/+44 |
| | |||||
* | fo_get_server_name() getter for a server name | Jakub Hrozek | 2011-07-21 | 5 | -3/+31 |
| | | | | | Allows to be more concise in tests and more defensive in resolve callbacks | ||||
* | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 2011-07-21 | 6 | -10/+10 |
| | |||||
* | Only print server address if one is available | Jakub Hrozek | 2011-07-21 | 1 | -0/+7 |
| | |||||
* | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 2011-07-21 | 1 | -1/+8 |
| | | | | https://fedorahosted.org/sssd/ticket/911 |