summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* libipa_hbac: Support case-insensitive comparisons with UTF8Stephen Gallagher2011-07-292-16/+107
|
* Handle allocation error in python HBAC bindingsJakub Hrozek2011-07-271-0/+3
| | | | https://fedorahosted.org/sssd/ticket/934
* Remove dead code from python HBAC bindingsJakub Hrozek2011-07-271-4/+0
| | | | https://fedorahosted.org/sssd/ticket/935
* Explicitly ignore groups with gidNumber=0Jakub Hrozek2011-07-272-11/+18
| | | | https://fedorahosted.org/sssd/ticket/916
* Set gidNumber of non-posix groups to 0 even on updatesJakub Hrozek2011-07-271-8/+44
|
* silence compilation warnings on RHEL5pbrezina2011-07-271-12/+13
| | | | https://fedorahosted.org/sssd/ticket/930
* Fix indexing of skipped groupsJakub Hrozek2011-07-211-2/+4
| | | | https://fedorahosted.org/sssd/ticket/928
* fo_get_server_name() getter for a server nameJakub Hrozek2011-07-216-4/+32
| | | | | Allows to be more concise in tests and more defensive in resolve callbacks
* Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek2011-07-217-11/+11
|
* Only print server address if one is availableJakub Hrozek2011-07-211-0/+7
|
* Do not add a NULL host parsed from LDAP URIJakub Hrozek2011-07-211-1/+8
| | | | https://fedorahosted.org/sssd/ticket/911
* Fix python HBAC bindings for python <= 2.4Jakub Hrozek2011-07-135-84/+311
| | | | | | | | | | | | | | | Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4
* Fixes for python HBAC bindingsJakub Hrozek2011-07-132-12/+105
| | | | | | | | | These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts
* Use ares_search instead of ares_query for hostname resolutionJakub Hrozek2011-07-131-1/+1
| | | | | | | ares_query does not take search or domain directives from /etc/resolv.conf into account https://fedorahosted.org/sssd/ticket/922
* Remove unused krb5_service structure memberJakub Hrozek2011-07-133-7/+1
|
* Check DNS records before updatingJakub Hrozek2011-07-114-25/+470
| | | | https://fedorahosted.org/sssd/ticket/802
* Allow returning arbitrary address from resolv_hostent as stringJakub Hrozek2011-07-112-3/+10
|
* Split reading resolver family order into a separate functionJakub Hrozek2011-07-113-23/+52
|
* Do not hardcode default resolver timeoutJakub Hrozek2011-07-112-1/+3
|
* Escape IP address in kdcinfoJakub Hrozek2011-07-112-14/+36
| | | | https://fedorahosted.org/sssd/ticket/909
* Move IP adress escaping from the LDAP namespaceJakub Hrozek2011-07-115-14/+14
|
* Allow NULL memctx in sysdb_custom_subtree_dnStephen Gallagher2011-07-081-3/+11
| | | | ldb_dn_new_fmt() has a bug and cannot take a NULL memory context
* Add LDAP access control based on NDS attributesSumit Bose2011-07-089-3/+253
|
* Add support for experimental featuresSumit Bose2011-07-082-0/+10
| | | | | | | | | | | | New experimental features should have their own configure switch to enable or disable them at compile time. Additionally they can check if the configure variable build_all_experimental_features is set and enable the feature. This variable will be set if the command line option --enable-all-experimental-features is used to configure sssd. This will make it easy to enable all experimental features. Experimental features should be marked in the man pages. To simplify this include/experimental.xml can be used.
* Provide python bindings for the HBAC evaluator libraryJakub Hrozek2011-07-082-0/+2209
|
* Treat NULL or empty rhost as unknownStephen Gallagher2011-07-082-11/+25
| | | | | | | Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
* Add ipa_hbac_treat_deny_as optionStephen Gallagher2011-07-086-2/+42
| | | | | | By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
* Add ipa_hbac_refresh optionStephen Gallagher2011-07-087-1/+38
| | | | | This option describes the time between refreshes of the HBAC rules on the IPA server.
* Add new HBAC lookup and evaluation routinesStephen Gallagher2011-07-082-124/+398
|
* Remove old HBAC implementationStephen Gallagher2011-07-082-1595/+1
|
* Add helper functions for looking up HBAC rule componentsStephen Gallagher2011-07-086-0/+2616
|
* Add HBAC evaluator and testsStephen Gallagher2011-07-084-0/+1004
|
* Add helper function msgs2attrs_arrayStephen Gallagher2011-07-082-0/+33
| | | | | This function converts a list of ldb_messages into a list of sysdb_attrs.
* ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek2011-07-051-12/+17
| | | | https://fedorahosted.org/sssd/ticket/915
* Call ldap_install_tls() on ldaps connectionsSumit Bose2011-07-051-0/+15
|
* Replace system() function with fork and execl call.Matthew Ife2011-07-011-22/+30
| | | | | | | | | | This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com>
* Do not access state after tevent_req_done() is called.Sumit Bose2011-07-011-10/+16
|
* Do not attempt to close() a file descriptor < 0Stephen Gallagher2011-07-011-1/+3
| | | | Coverity 10886
* Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2011-06-306-38/+435
|
* Use name based URI instead of IP address based URIsSumit Bose2011-06-302-38/+3
|
* Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2011-06-302-0/+40
|
* Add sockaddr_storage to sdap_serviceSumit Bose2011-06-305-0/+62
|
* fix typosSimo Sorce2011-06-271-5/+5
|
* Fall back to polling when inotify failsJan Zeleny2011-06-241-28/+68
|
* Log nsupdate messageJakub Hrozek2011-06-211-0/+3
| | | | https://fedorahosted.org/sssd/ticket/893
* Test NULL server hostname in fail over testsJakub Hrozek2011-06-161-8/+16
|
* Provide TTL structure names for c-ares < 1.7Jakub Hrozek2011-06-162-0/+11
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time.
* Do not check pwdAttributeSumit Bose2011-06-161-9/+0
| | | | | | | It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
* Switch resolver to using resolv_hostent and honor TTLJakub Hrozek2011-06-1510-276/+401
|
* Resolve hosts by name from DNS into resolv_hostentJakub Hrozek2011-06-151-0/+254
|
generated by cgit (git 2.34.1) at 2024-05-28 23:38:55 +0000