Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-01-20 | NSS obfuscation code cleanup | Jakub Hrozek | 1 | -38/+97 | |
https://fedorahosted.org/sssd/ticket/752 | |||||
2011-01-20 | Add ldap_tls_{cert,key,cipher_suite} config options | Tyson Whitehead | 9 | -1/+87 | |
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> | |||||
2011-01-19 | Fix return value check | Sumit Bose | 1 | -2/+2 | |
2011-01-19 | Fix incorrect example file | Stephen Gallagher | 1 | -8/+7 | |
The example sssd.conf still had entry_cache_timeout listed in the [nss] section, and did not have correct values for entry_cache_nowait_percentage (it was listed as entry_cache_nowait_timeout and gave a value in seconds) | |||||
2011-01-19 | Don't double-sanitize member DNs | Stephen Gallagher | 1 | -12/+4 | |
After asking the cache for the list of member DNs for groups during an initgroups request, we were passing it through the sanitization function. Since this had already been done before they were saved to the cache, this meant that it was corrupting the results. It is safe to pass the returned DN directly into the sysdb_group_dn_name() function. | |||||
2011-01-19 | Use DEFAULT_PAM_VERBOSITY if config value cannot be retrieved | Sumit Bose | 1 | -1/+1 | |
2011-01-19 | Add pam_pwd_expiration_warning config option | Sumit Bose | 5 | -12/+68 | |
2011-01-19 | Add ipa_hbac_search_base config option | Sumit Bose | 7 | -54/+58 | |
2011-01-19 | Add LDAP expire policy base RHDS/IPA attribute | Sumit Bose | 9 | -4/+76 | |
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked. | |||||
2011-01-19 | Add LDAP expire policy based on AD attributes | Sumit Bose | 9 | -4/+141 | |
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired. | |||||
2011-01-17 | Remove support for pre-1.1 netlink | Stephen Gallagher | 4 | -62/+28 | |
Netlink 1.0 and older is buggy and unreliable, occasionally causing tight-loops. We're no longer going to try to support it. https://fedorahosted.org/sssd/ticket/755 | |||||
2011-01-17 | Clarify nscd warning | Stephen Gallagher | 1 | -4/+5 | |
Removes the level-zero DEBUG message and modifies the syslog message to explain that NSCD is safe for maps that SSSD does not (yet) support. | |||||
2011-01-17 | Do not force a default for debug_level | Stephen Gallagher | 2 | -4/+1 | |
2011-01-17 | Fix usability of sss_obfuscate command | Stephen Gallagher | 2 | -14/+23 | |
2011-01-17 | Update manpage translations for ldap_enumeration_search_timeout | Stephen Gallagher | 3 | -333/+391 | |
2011-01-17 | Add ldap_search_enumeration_timeout config option | Sumit Bose | 9 | -15/+38 | |
2011-01-17 | Add timeout parameter to sdap_get_generic_send() | Sumit Bose | 10 | -55/+111 | |
2011-01-14 | Regenerate manpage po[t] files | Stephen Gallagher | 3 | -2955/+5262 | |
Fixed several typos | |||||
2011-01-14 | Fix manpage typos | Yuri Chornoivan | 4 | -9/+9 | |
2011-01-14 | Add uk translation for manpages | Yuri Chornoivan | 2 | -1/+4386 | |
2011-01-14 | Fix missing hash table bug | Stephen Gallagher | 1 | -0/+1 | |
When the automatic cleanup happened, if the netgroup had been created with no contents (to indicate an unknown netgroup), we weren't saving the hash table address and the talloc_free() was failing. | |||||
2011-01-14 | Do not throw a DP error when a netgroup is not found | Stephen Gallagher | 2 | -6/+5 | |
https://fedorahosted.org/sssd/ticket/775 | |||||
2011-01-14 | Add missing sysdb transaction to group enumerations | Stephen Gallagher | 1 | -12/+45 | |
We were not enclosing group processing in a transaction, which was resulting in extremely high numbers of disk-writes. This patch adds a transaction around the sdap_process_group code to ensure that these actions take place within a transaction. This patch also adds a check around the missing member code for RFC2307bis so we don't go back to the LDAP server to look up entries that don't exist (since the enumeration first pass would already have guaranteed that we have all real users cached) | |||||
2011-01-14 | Work around libldb bug | Stephen Gallagher | 1 | -2/+10 | |
Libldb performs non-indexed searches for ONELEVEL requests. We'll use SUBTREE instead to reduce the performance hit substantially | |||||
2011-01-11 | Add overflow check to SAFEALIGN_COPY_*_CHECK macros | Sumit Bose | 1 | -3/+6 | |
2011-01-11 | Validate user supplied size of data items | Sumit Bose | 3 | -76/+94 | |
Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>. | |||||
2011-01-06 | Add syslog messages to authorized service access check | Sumit Bose | 1 | -1/+31 | |
2011-01-06 | Add syslog message to shadow access check | Sumit Bose | 1 | -6/+14 | |
2011-01-06 | Convert obfuscated password once at startup | Sumit Bose | 2 | -14/+41 | |
2011-01-06 | Remove unused enumeration cache timeout checks | Sumit Bose | 3 | -33/+2 | |
The existence of the getent_ctx is used to track the enumeration cache timeout. | |||||
2011-01-06 | Post enumeration tevent request if needed | Sumit Bose | 2 | -8/+43 | |
2011-01-06 | Return groups and users from all domains during enumeration | Sumit Bose | 1 | -3/+5 | |
2011-01-05 | Rename SRV_NOT_RESOLVED to SRV_RESOLVE_ERROR | Sumit Bose | 1 | -5/+5 | |
2011-01-05 | Use the right status when resetting service discovery | Sumit Bose | 1 | -1/+1 | |
2011-01-05 | Fix boolean comparison against string | Stephen Gallagher | 1 | -2/+2 | |
Coverity 10082 and 100083 | |||||
2010-12-23 | Remove unnecessary po4a BuildRequires | Stephen Gallagher | 1 | -1/+0 | |
2010-12-23 | Build and install translated man pages by default | Sumit Bose | 3 | -27/+31 | |
2010-12-23 | Updating uk translation | Yuri Chornoivan | 1 | -66/+46 | |
2010-12-23 | Updating pl translation | Piotr Drąg | 1 | -91/+45 | |
2010-12-22 | Bumping version to 1.5.1 | Stephen Gallagher | 1 | -1/+1 | |
2010-12-22 | Committing new translation updates for release | Stephen Gallagher | 14 | -1841/+4260 | |
2010-12-22 | Update the ID cache for any PAM request | Stephen Gallagher | 8 | -8/+48 | |
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749 | |||||
2010-12-22 | Ensure ID is checked in all domains for PAM | Stephen Gallagher | 1 | -0/+2 | |
Previously, this was initialized to zero, so the first domain in the list wouldn't be checked for ID updates in pam_check_user_search. This initializes the first domain to check the provider. | |||||
2010-12-22 | Add Czech translation | Jakub Hrozek | 4 | -0/+8430 | |
Translated a couple of strings from manpages into Czech. Makes the manpage translation patch testable. | |||||
2010-12-22 | Make manual pages translatable | Jakub Hrozek | 6 | -39/+198 | |
Utilizes PO4A to extract translatable strings from Docbook XML sources and allows translators to submit ordinary .PO files. PO4A then generates translated Docbook documents that can be used to generate translated end user documentation. https://fedorahosted.org/sssd/ticket/297 | |||||
2010-12-21 | Add authorizedService support | Stephen Gallagher | 10 | -3/+176 | |
https://fedorahosted.org/sssd/ticket/670 | |||||
2010-12-21 | Pass all PAM data to the LDAP access provider | Stephen Gallagher | 1 | -9/+12 | |
Previously we were only passing the username. | |||||
2010-12-21 | Fix potential NULL-dereference in krb5_auth_done() | Sumit Bose | 1 | -3/+3 | |
https://fedorahosted.org/sssd/ticket/745 | |||||
2010-12-21 | Remove unused member of a struct | Sumit Bose | 1 | -1/+0 | |
2010-12-21 | Add all values of a multi-valued user attribute | Sumit Bose | 1 | -12/+15 | |