Age | Commit message (Collapse) | Author | Files | Lines |
|
Previously, we were only displaying expiration warnings if the
password was going to expire within a day. We'll allow LDAP to
make this decision (by whether it passes us the expiration time).
In the future, we can add an option to clamp this down to a
shorter period if the local admin prefers it.
|
|
https://fedorahosted.org/sssd/ticket/940
|
|
https://fedorahosted.org/sssd/ticket/943
|
|
https://fedorahosted.org/sssd/ticket/944
|
|
https://fedorahosted.org/sssd/ticket/943
|
|
This caused no ill effects, since it wasn't used in the callback.
However, it is a layering violation (especially since req is freed
in the callback)
|
|
|
|
|
|
These two functions were almost identical. Better to maintain them
as a single function.
|
|
https://fedorahosted.org/sssd/ticket/936
|
|
https://fedorahosted.org/sssd/ticket/933
|
|
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/934
|
|
https://fedorahosted.org/sssd/ticket/935
|
|
https://fedorahosted.org/sssd/ticket/916
|
|
|
|
https://fedorahosted.org/sssd/ticket/930
|
|
https://fedorahosted.org/sssd/ticket/928
|
|
Allows to be more concise in tests and more defensive in resolve
callbacks
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/911
|
|
Several parts of the HBAC python bindings did not work with old Python
versions, such as the one shipped in RHEL5.
The changes include:
* a compatibility wrapper around python set object
* PyModule_AddIntMacro compat macro
* Py_ssize_t compat definition
* Do not use PyUnicode_FromFormat
* several function prototypes and structures used to have "char
arguments where they have "const char *" in recent versions.
This caused compilation warnings this patch mitigates by using
the discard_const hack on python 2.4
|
|
These changes were proposed during a review:
* Change the signature of str_concat_sequence() to const char *
* use a getsetter for HbacRule.enabled to allow string true/false and
integer 1/0 in addition to bool
* fix a minor memory leak (HbacRequest.rule_name)
* remove overzealous discard consts
|
|
ares_query does not take search or domain directives from
/etc/resolv.conf into account
https://fedorahosted.org/sssd/ticket/922
|
|
|
|
https://fedorahosted.org/sssd/ticket/802
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/909
|
|
|
|
ldb_dn_new_fmt() has a bug and cannot take a NULL memory context
|
|
|
|
New experimental features should have their own configure switch to
enable or disable them at compile time. Additionally they can check if
the configure variable build_all_experimental_features is set and enable
the feature. This variable will be set if the command line option
--enable-all-experimental-features is used to configure sssd. This will
make it easy to enable all experimental features.
Experimental features should be marked in the man pages. To simplify
this include/experimental.xml can be used.
|
|
|
|
Previously, we were assuming this meant it was coming from the
localhost, but this is not a safe assumption. We will now treat it
as unknown and it will fail to match any rule that requires a
specified srchost or group of srchosts.
|
|
By default, we will treat the presence of any DENY rule as denying
all users. This option will allow the admin to explicitly ignore
DENY rules during a transitional period.
|
|
This option describes the time between refreshes of the HBAC rules
on the IPA server.
|
|
|
|
|
|
|
|
|
|
This function converts a list of ldb_messages into a list of
sysdb_attrs.
|
|
https://fedorahosted.org/sssd/ticket/915
|
|
|
|
This is much more selinux friendly as it allows policy makers to call
nscd_domtrans to transition to nscd_t instead of giving more access to
the system via the corcmd_exec_bin macro.
Modified-by: Simo Sorce <ssorce@redhat.com>
Signed-off-by: Simo Sorce <ssorce@redhat.com>
|