| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2010-11-04 | Call krb5_child to check access permissions | Sumit Bose | 2 | -4/+129 | |
| 2010-11-04 | Make handle_child_* request public | Sumit Bose | 4 | -326/+432 | |
| I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit. | |||||
| 2010-11-04 | Add krb5_kuserok() access check to krb5_child | Sumit Bose | 1 | -17/+73 | |
| 2010-11-04 | Make krb5_setup() public | Sumit Bose | 3 | -6/+8 | |
| 2010-11-04 | Add krb5_get_simple_upn() | Sumit Bose | 3 | -6/+30 | |
| 2010-11-04 | Add infrastructure for Kerberos access provider | Sumit Bose | 5 | -27/+187 | |
| 2010-11-04 | Store krb5 auth context for other targets | Sumit Bose | 1 | -1/+2 | |
| 2010-11-04 | Don't clean up groups for which a user has it as primary GID | Stephen Gallagher | 1 | -2/+15 | |
| We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624 | |||||
| 2010-11-01 | Fix two return value checks | Sumit Bose | 1 | -2/+2 | |
| 2010-11-01 | Fix misused SDAP_SEARCH_BASE | Moritz Baumann | 1 | -1/+1 | |
| 2010-11-01 | Fix incorrect free of req in krb5_auth.c | Stephen Gallagher | 1 | -1/+1 | |
| 2010-10-27 | Mention ding-libs in BUILD.txt | Sumit Bose | 1 | -33/+11 | |
| 2010-10-27 | Allow authentication for referrals | Sumit Bose | 1 | -0/+193 | |
| 2010-10-26 | Bumping version to 1.5.0 dev | Stephen Gallagher | 1 | -1/+1 | |
| 2010-10-26 | Always use uint32_t for UID/GID numbers | Jakub Hrozek | 9 | -50/+44 | |
| 2010-10-26 | Improve versioning for automated builds | Stephen Gallagher | 1 | -5/+5 | |
| Also changes 'make srpms' and 'make prerelease-srpms' to 'make srpm' and 'make prerelease-srpm', as we are only building one SRPM. | |||||
| 2010-10-26 | Fix double free issue | Sumit Bose | 1 | -2/+2 | |
| 2010-10-26 | Always use talloc_zero() to allocate cmdctx | Sumit Bose | 2 | -3/+3 | |
| 2010-10-26 | Remove all nss requests after a reconnect | Sumit Bose | 3 | -1/+26 | |
| Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing. | |||||
| 2010-10-25 | Implement netgroups for proxy provider | Sumit Bose | 4 | -2/+144 | |
| 2010-10-25 | Add netgroups infrastructure to proxy provider | Sumit Bose | 3 | -0/+42 | |
| 2010-10-22 | Download only enabled IPA HBAC rules | Sumit Bose | 1 | -1/+3 | |
| 2010-10-22 | Add some missing ldap_memfree() | Sumit Bose | 2 | -3/+6 | |
| 2010-10-22 | Add ldap_deref option | Sumit Bose | 10 | -3/+103 | |
| 2010-10-22 | Updating uk translation | Yuri Chornoivan | 1 | -8/+6 | |
| 2010-10-19 | Write log opening failures to the syslog | Stephen Gallagher | 3 | -2/+5 | |
| If there is a problem with reopening the logs, it can be an audit trail issue. | |||||
| 2010-10-19 | Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. | Jan Zeleny | 12 | -10/+79 | |
| For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 | |||||
| 2010-10-19 | Updating pl translation | Piotr Drąg | 1 | -5/+3 | |
| 2010-10-18 | Updating version for SSSD 1.4.0 release | Stephen Gallagher | 1 | -1/+1 | |
| 2010-10-18 | Fix 'make distcheck' for XML documentation | Stephen Gallagher | 1 | -1/+1 | |
| A missing $(srcdir) variable was preventing 'make distcheck' from working if run from a parallel build directory. | |||||
| 2010-10-18 | Updating translation files for release | Stephen Gallagher | 14 | -3178/+3420 | |
| 2010-10-18 | Move all references to ldap_<entity>_search_base to "advanced" section | Jan Zeleny | 2 | -44/+52 | |
| The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607 | |||||
| 2010-10-18 | set in_transaction explicitly to false | Jakub Hrozek | 1 | -1/+1 | |
| 2010-10-18 | Use unsigned long for conversion to id_t | Jakub Hrozek | 4 | -40/+22 | |
| We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead. | |||||
| 2010-10-18 | Add proper nested initgroup support for RFC2307bis servers | Stephen Gallagher | 1 | -3/+761 | |
| 2010-10-18 | Modify sysdb_[add|remove]_group_member to accept users and groups | Stephen Gallagher | 4 | -44/+102 | |
| Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained. | |||||
| 2010-10-18 | Handle nested groups in RFC2307bis | Stephen Gallagher | 1 | -1/+776 | |
| This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb | |||||
| 2010-10-18 | Make sdap_save_users_send handle zero users gracefully | Stephen Gallagher | 1 | -0/+5 | |
| If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction | |||||
| 2010-10-18 | Add option to limit nested groups | Simo Sorce | 7 | -3/+24 | |
| 2010-10-15 | Save dummy member users during RFC2307 getgr{nam,gid} | Jakub Hrozek | 1 | -82/+279 | |
| 2010-10-15 | sysdb interface for adding fake users | Jakub Hrozek | 4 | -4/+70 | |
| 2010-10-15 | Save dummy groups to cache during initgroups | Jakub Hrozek | 1 | -0/+125 | |
| If during initgroups operation we find out that any of the groups the user is a member of is not cached yet we add a incomplete, expired group entry. That way, we save ourselves from looking up and saving all the potential user entries the group may also consist of. Because the group is expired, it will be refreshed during the next getgrgid/getgrnam call and correct member list will be returned. | |||||
| 2010-10-15 | sysdb interface for adding incomplete groups | Jakub Hrozek | 4 | -1/+90 | |
| Useful for optimizing the initgroups operation. | |||||
| 2010-10-15 | Add sysdb_attrs_get_ulong utility function | Jakub Hrozek | 2 | -0/+29 | |
| 2010-10-15 | Check for GSSAPI before attempting to kinit | Jakub Hrozek | 1 | -8/+12 | |
| 2010-10-13 | Assorted specfile changes | Stephen Gallagher | 1 | -8/+10 | |
| Several problems with the specfile were fixed in the SSSD release in certain RPM-based distributions. This patch pulls them into the example specfile | |||||
| 2010-10-13 | Rename upgrade_config.py and build it properly | Stephen Gallagher | 4 | -8/+3 | |
| Previously, we were just copying the script into the libexec dir during installation. However, this causes problems for packaging multilib on several distributions. https://fedorahosted.org/sssd/ticket/641 | |||||
| 2010-10-13 | Avoid a global variable in netgroup client. | Sumit Bose | 2 | -38/+26 | |
| The structure which is used to store the result also provides elements to store a context for the netgroup enumeration call. | |||||
| 2010-10-13 | Implement netgroup support for LDAP provider | Sumit Bose | 7 | -1/+989 | |
| 2010-10-13 | Add infrastructure to LDAP provider for netgroup support | Sumit Bose | 8 | -4/+199 | |
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |