summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-07-11Allow returning arbitrary address from resolv_hostent as stringJakub Hrozek2-3/+10
2011-07-11Split reading resolver family order into a separate functionJakub Hrozek3-23/+52
2011-07-11Do not hardcode default resolver timeoutJakub Hrozek2-1/+3
2011-07-11Escape IP address in kdcinfoJakub Hrozek2-14/+36
https://fedorahosted.org/sssd/ticket/909
2011-07-11Move IP adress escaping from the LDAP namespaceJakub Hrozek5-14/+14
2011-07-08Allow NULL memctx in sysdb_custom_subtree_dnStephen Gallagher1-3/+11
ldb_dn_new_fmt() has a bug and cannot take a NULL memory context
2011-07-08Add LDAP access control based on NDS attributesSumit Bose9-3/+253
2011-07-08Add support for experimental featuresSumit Bose2-0/+10
New experimental features should have their own configure switch to enable or disable them at compile time. Additionally they can check if the configure variable build_all_experimental_features is set and enable the feature. This variable will be set if the command line option --enable-all-experimental-features is used to configure sssd. This will make it easy to enable all experimental features. Experimental features should be marked in the man pages. To simplify this include/experimental.xml can be used.
2011-07-08Provide python bindings for the HBAC evaluator libraryJakub Hrozek4-4/+2243
2011-07-08Treat NULL or empty rhost as unknownStephen Gallagher2-11/+25
Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher6-2/+42
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher7-1/+38
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-07-08Add new HBAC lookup and evaluation routinesStephen Gallagher3-125/+400
2011-07-08Remove old HBAC implementationStephen Gallagher2-1595/+1
2011-07-08Add helper functions for looking up HBAC rule componentsStephen Gallagher7-0/+2622
2011-07-08Add HBAC evaluator and testsStephen Gallagher7-2/+1062
2011-07-08Add helper function msgs2attrs_arrayStephen Gallagher2-0/+33
This function converts a list of ldb_messages into a list of sysdb_attrs.
2011-07-05ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek1-12/+17
https://fedorahosted.org/sssd/ticket/915
2011-07-05Call ldap_install_tls() on ldaps connectionsSumit Bose1-0/+15
2011-07-01Replace system() function with fork and execl call.Matthew Ife1-22/+30
This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com>
2011-07-01Do not access state after tevent_req_done() is called.Sumit Bose1-10/+16
2011-07-01Do not attempt to close() a file descriptor < 0Stephen Gallagher1-1/+3
Coverity 10886
2011-06-30Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose6-38/+435
2011-06-30Use name based URI instead of IP address based URIsSumit Bose2-38/+3
2011-06-30Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2-0/+40
2011-06-30Add sockaddr_storage to sdap_serviceSumit Bose5-0/+62
2011-06-27fix typosSimo Sorce1-5/+5
2011-06-24Fall back to polling when inotify failsJan Zeleny1-28/+68
2011-06-21Log nsupdate messageJakub Hrozek1-0/+3
https://fedorahosted.org/sssd/ticket/893
2011-06-16Test NULL server hostname in fail over testsJakub Hrozek1-8/+16
2011-06-16Provide TTL structure names for c-ares < 1.7Jakub Hrozek2-0/+11
https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time.
2011-06-16Do not check pwdAttributeSumit Bose1-9/+0
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek10-276/+401
2011-06-15Resolve hosts by name from DNS into resolv_hostentJakub Hrozek1-0/+254
2011-06-15Resolve hosts by name from files into resolv_hostentJakub Hrozek1-0/+92
2011-06-15Add new resolv_hostent data structure and utility functionsJakub Hrozek2-0/+200
2011-06-15Fix proxy provider return code for secondary missing groupsSumit Bose1-1/+3
2011-06-15Add missing libsss_util to proxy providerSumit Bose1-0/+1
2011-06-15Unit test for parge_argsJakub Hrozek1-0/+58
2011-06-15Make parse_args skip extra spacesJakub Hrozek1-16/+24
https://fedorahosted.org/sssd/ticket/871
2011-06-15Fix two typosSumit Bose1-2/+3
2011-06-15Delete cached ccache file if password is expiredSumit Bose1-8/+63
2011-06-02Non-posix group processing - ldap provider and nss responderJan Zeleny3-31/+90
2011-06-02Non-posix group processing - sysdb changesJan Zeleny3-23/+32
2011-06-02Added sysdb_attrs_get_bool() functionJan Zeleny2-0/+24
2011-06-02Escape IPv6 IP addresses in the IPA providerJakub Hrozek1-4/+26
https://fedorahosted.org/sssd/ticket/880
2011-06-02Use escaped IP addresses in LDAP providerJakub Hrozek1-6/+56
2011-06-02Add a utility function to escape IPv6 address for use in URIsJakub Hrozek2-0/+11
2011-06-02Add utility function to return IP address as stringJakub Hrozek4-17/+31
2011-06-02Add online callback only once for TGT renewalSumit Bose1-25/+44