summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* Fix proxy provider return code for secondary missing groupsSumit Bose2011-06-151-1/+3
|
* Fix two typosSumit Bose2011-06-151-2/+3
|
* Delete cached ccache file if password is expiredSumit Bose2011-06-151-8/+63
|
* Non-posix group processing - ldap provider and nss responderJan Zeleny2011-06-022-28/+79
|
* Escape IPv6 IP addresses in the IPA providerJakub Hrozek2011-06-021-4/+26
| | | | https://fedorahosted.org/sssd/ticket/880
* Use escaped IP addresses in LDAP providerJakub Hrozek2011-06-021-6/+56
|
* Add utility function to return IP address as stringJakub Hrozek2011-06-022-17/+4
|
* Add online callback only once for TGT renewalSumit Bose2011-06-021-25/+44
|
* Sanitize username during initgroups callSumit Bose2011-05-251-1/+7
|
* Separate return paths for success and failure in sdap_nested_group_check_cacheJakub Hrozek2011-05-251-6/+10
|
* Make "password" the default for ldap_default_authtok_typeStephen Gallagher2011-05-241-1/+1
|
* Fix uninitialized scalar variable in sdap_nested_group_check_cacheJakub Hrozek2011-05-241-2/+4
| | | | https://fedorahosted.org/sssd/ticket/878
* Fix uninitialized pointer read in sdap_x_deref_parse_entryJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/877
* Fix bad comparison in sdap_has_deref_supportJakub Hrozek2011-05-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/876
* Use dereference when processing RFC2307bis nested groupsJakub Hrozek2011-05-205-17/+460
| | | | | | | | Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
* Refactor RFC2307bis nested group processingJakub Hrozek2011-05-201-123/+188
| | | | | | This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing.
* Use fake users during RFC2307bis nested group processingJakub Hrozek2011-05-201-13/+165
| | | | | | Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries.
* Change sysdb_add_fake_user to add OriginalDNJakub Hrozek2011-05-201-1/+1
| | | | | RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too.
* Generic dereference searchJakub Hrozek2011-05-202-0/+157
| | | | | | A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
* OpenLDAP dereference searchesJakub Hrozek2011-05-203-0/+376
| | | | | | | | This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
* Add support for Attribute Scoped QueriesJakub Hrozek2011-05-201-0/+203
| | | | | | For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
* Generic dereference data structures and utilitiesJakub Hrozek2011-05-202-0/+45
| | | | These will be shared by both dereference methods in a later patch.
* sdap_get_generic_extJakub Hrozek2011-05-201-73/+202
| | | | | | | | | | | Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries.
* Fixed copying of pam_data structureJan Zeleny2011-05-201-0/+1
| | | | | Related ticket: https://fedorahosted.org/sssd/ticket/855
* Rename label in expand_ccname_templateJakub Hrozek2011-05-201-17/+17
| | | | The label was named fail but used also in success cases.
* Remove append_attrs_to_arrayJakub Hrozek2011-05-202-12/+0
| | | | This function was not used anywhere
* IPA Provider: don't fail if user is not a member of any groupsStephen Gallagher2011-05-201-2/+5
|
* Possible memory leak fixedJan Zeleny2011-05-161-1/+1
|
* Fixed wrong variable in sdap_initgr_nested_storeJan Zeleny2011-05-161-1/+1
|
* Use a temporary memory context in expand_ccname_templateJakub Hrozek2011-05-121-20/+33
|
* Allow changing the log level without restartStephen Gallagher2011-05-061-5/+20
| | | | | | We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
* Create common sss_monitor_init()Stephen Gallagher2011-05-061-35/+3
| | | | | | | | This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
* Remove unused constants from data_provider.hJakub Hrozek2011-05-061-11/+0
|
* Added some kerberos functions for building on RHEL5Jan Zeleny2011-05-051-2/+2
|
* Fixed lastUSN checking improvementsJan Zeleny2011-05-043-5/+23
| | | | | | | | This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
* Do not leak LDAP URI with high log levelJakub Hrozek2011-05-041-2/+7
|
* Do not leak pcre contextJakub Hrozek2011-05-041-0/+12
|
* Fix minor typo in error messageStephen Gallagher2011-05-021-1/+1
| | | | https://fedorahosted.org/sssd/ticket/825
* Return pam data to the renewal item if renewal failsSumit Bose2011-05-021-4/+9
| | | | | | | | | A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running.
* Fix order of arguments in select_principal_from_keytab() callJakub Hrozek2011-04-291-1/+1
|
* Fix bad password caching when using automatic TGT renewalStephen Gallagher2011-04-291-3/+12
| | | | Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
* Fix segfault in IPA providerStephen Gallagher2011-04-291-2/+2
| | | | | | We were trying to request the krb5 keytab from the auth provider configuration, but it hasn't yet been set up. Much better to use the value in the ID provider.
* Fix IPA config bug with SDAP_KRB5_REALMStephen Gallagher2011-04-281-1/+1
|
* Do not leak LDAP paging controlsJakub Hrozek2011-04-281-0/+5
|
* Add ldap_page_size configuration optionStephen Gallagher2011-04-276-5/+12
|
* Enable paging support for LDAPStephen Gallagher2011-04-271-23/+117
|
* Log the LDAP message type we're processingStephen Gallagher2011-04-271-0/+57
|
* simple provider: Don't treat primary GID lookup failures as fatalStephen Gallagher2011-04-271-13/+19
|
* Modify principal selection for keytab authenticationJan Zeleny2011-04-257-28/+73
| | | | | | | | | | | | | | | | Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
* Allow new option to specify principal for FASTJan Zeleny2011-04-255-6/+58
| | | | https://fedorahosted.org/sssd/ticket/700
generated by cgit (git 2.34.1) at 2024-06-23 11:03:48 +0000