| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2011-07-21 | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 7 | -11/+11 | |
| 2011-07-21 | Only print server address if one is available | Jakub Hrozek | 1 | -0/+7 | |
| 2011-07-21 | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 1 | -1/+8 | |
| https://fedorahosted.org/sssd/ticket/911 | |||||
| 2011-07-13 | Fix python HBAC bindings for python <= 2.4 | Jakub Hrozek | 7 | -85/+315 | |
| Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4 | |||||
| 2011-07-13 | Fixes for python HBAC bindings | Jakub Hrozek | 2 | -12/+105 | |
| These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts | |||||
| 2011-07-13 | Use ares_search instead of ares_query for hostname resolution | Jakub Hrozek | 1 | -1/+1 | |
| ares_query does not take search or domain directives from /etc/resolv.conf into account https://fedorahosted.org/sssd/ticket/922 | |||||
| 2011-07-13 | Remove unused krb5_service structure member | Jakub Hrozek | 3 | -7/+1 | |
| 2011-07-11 | Check DNS records before updating | Jakub Hrozek | 4 | -25/+470 | |
| https://fedorahosted.org/sssd/ticket/802 | |||||
| 2011-07-11 | Allow returning arbitrary address from resolv_hostent as string | Jakub Hrozek | 2 | -3/+10 | |
| 2011-07-11 | Split reading resolver family order into a separate function | Jakub Hrozek | 3 | -23/+52 | |
| 2011-07-11 | Do not hardcode default resolver timeout | Jakub Hrozek | 2 | -1/+3 | |
| 2011-07-11 | Escape IP address in kdcinfo | Jakub Hrozek | 2 | -14/+36 | |
| https://fedorahosted.org/sssd/ticket/909 | |||||
| 2011-07-11 | Move IP adress escaping from the LDAP namespace | Jakub Hrozek | 5 | -14/+14 | |
| 2011-07-08 | Allow NULL memctx in sysdb_custom_subtree_dn | Stephen Gallagher | 1 | -3/+11 | |
| ldb_dn_new_fmt() has a bug and cannot take a NULL memory context | |||||
| 2011-07-08 | Add LDAP access control based on NDS attributes | Sumit Bose | 9 | -3/+253 | |
| 2011-07-08 | Add support for experimental features | Sumit Bose | 2 | -0/+10 | |
| New experimental features should have their own configure switch to enable or disable them at compile time. Additionally they can check if the configure variable build_all_experimental_features is set and enable the feature. This variable will be set if the command line option --enable-all-experimental-features is used to configure sssd. This will make it easy to enable all experimental features. Experimental features should be marked in the man pages. To simplify this include/experimental.xml can be used. | |||||
| 2011-07-08 | Provide python bindings for the HBAC evaluator library | Jakub Hrozek | 4 | -4/+2243 | |
| 2011-07-08 | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2 | -11/+25 | |
| Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | |||||
| 2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 6 | -2/+42 | |
| By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
| 2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 7 | -1/+38 | |
| This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
| 2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 3 | -125/+400 | |
| 2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 2 | -1595/+1 | |
| 2011-07-08 | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 7 | -0/+2622 | |
| 2011-07-08 | Add HBAC evaluator and tests | Stephen Gallagher | 7 | -2/+1062 | |
| 2011-07-08 | Add helper function msgs2attrs_array | Stephen Gallagher | 2 | -0/+33 | |
| This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
| 2011-07-05 | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 1 | -12/+17 | |
| https://fedorahosted.org/sssd/ticket/915 | |||||
| 2011-07-05 | Call ldap_install_tls() on ldaps connections | Sumit Bose | 1 | -0/+15 | |
| 2011-07-01 | Replace system() function with fork and execl call. | Matthew Ife | 1 | -22/+30 | |
| This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com> | |||||
| 2011-07-01 | Do not access state after tevent_req_done() is called. | Sumit Bose | 1 | -10/+16 | |
| 2011-07-01 | Do not attempt to close() a file descriptor < 0 | Stephen Gallagher | 1 | -1/+3 | |
| Coverity 10886 | |||||
| 2011-06-30 | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 6 | -38/+435 | |
| 2011-06-30 | Use name based URI instead of IP address based URIs | Sumit Bose | 2 | -38/+3 | |
| 2011-06-30 | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2 | -0/+40 | |
| 2011-06-30 | Add sockaddr_storage to sdap_service | Sumit Bose | 5 | -0/+62 | |
| 2011-06-27 | fix typos | Simo Sorce | 1 | -5/+5 | |
| 2011-06-24 | Fall back to polling when inotify fails | Jan Zeleny | 1 | -28/+68 | |
| 2011-06-21 | Log nsupdate message | Jakub Hrozek | 1 | -0/+3 | |
| https://fedorahosted.org/sssd/ticket/893 | |||||
| 2011-06-16 | Test NULL server hostname in fail over tests | Jakub Hrozek | 1 | -8/+16 | |
| 2011-06-16 | Provide TTL structure names for c-ares < 1.7 | Jakub Hrozek | 2 | -0/+11 | |
| https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time. | |||||
| 2011-06-16 | Do not check pwdAttribute | Sumit Bose | 1 | -9/+0 | |
| It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
| 2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 10 | -276/+401 | |
| 2011-06-15 | Resolve hosts by name from DNS into resolv_hostent | Jakub Hrozek | 1 | -0/+254 | |
| 2011-06-15 | Resolve hosts by name from files into resolv_hostent | Jakub Hrozek | 1 | -0/+92 | |
| 2011-06-15 | Add new resolv_hostent data structure and utility functions | Jakub Hrozek | 2 | -0/+200 | |
| 2011-06-15 | Fix proxy provider return code for secondary missing groups | Sumit Bose | 1 | -1/+3 | |
| 2011-06-15 | Add missing libsss_util to proxy provider | Sumit Bose | 1 | -0/+1 | |
| 2011-06-15 | Unit test for parge_args | Jakub Hrozek | 1 | -0/+58 | |
| 2011-06-15 | Make parse_args skip extra spaces | Jakub Hrozek | 1 | -16/+24 | |
| https://fedorahosted.org/sssd/ticket/871 | |||||
| 2011-06-15 | Fix two typos | Sumit Bose | 1 | -2/+3 | |
| 2011-06-15 | Delete cached ccache file if password is expired | Sumit Bose | 1 | -8/+63 | |
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |