sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2013-01-21	Introduce be_req_terminate() helper	Simo Sorce	1	-1/+0
	Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21	Split simple_access_check function out	Simo Sorce	1	-1/+2
	Need to split out the function or new additions to the handler funtion will not allow simple access tests to compile anymore.
2013-01-21	Move ldap provider access functions	Simo Sorce	1	-0/+1
	It was confusing to see the ldap provider own handler mixed with the generic ldap access code used also by the ipa and ad providers. So move the ldap provider handler code in its own file.
2013-01-15	TOOLS: Refresh memcache after changes to local users and groups	Jakub Hrozek	1	-2/+8

2013-01-15	TOOLS: Split querying nss responder into a separate function	Jakub Hrozek	1	-6/+11
	The tools query the responder in order to sync the memcache after performing changes to the local database. The functions will be reused by other tools so I split them into a separate functions.
2013-01-15	TOOLS: move memcache related functions to tools_mc_utils.c	Jakub Hrozek	1	-0/+1
	The upcoming patches will link only users of this file with client libs, so it's better to have it separate. There is no functional change in this patch
2013-01-10	Change pam data auth tokens.	Simo Sorce	1	-0/+2
	Use the new authtok abstraction and interfaces throught the code.
2013-01-10	Add authtok utility functions.	Simo Sorce	1	-0/+2
	These functions allow handling of auth tokens in a completely opaque way, with clear semantics and accessor fucntions that guarantee consistency, proper access to data and error conditions.
2013-01-08	Add tests for get_gids_from_pac()	Sumit Bose	1	-0/+1

2012-12-18	Add responder_sbus.h to noinst_HEADERS	Jakub Hrozek	1	-0/+1

2012-12-13	tools: sss_userdel and groupdel remove entries from memory cache	Michal Zidek	1	-0/+8
	https://fedorahosted.org/sssd/ticket/1659
2012-12-04	link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthread	Timo Aaltonen	1	-0/+2
	There used to be an overlinked dependency that's gone now, so to fix a build error add CLIENT_LIBS to sss_ssh_knownhostsproxy_LDFLAGS. v2: Fix sss_ssh_authorizedkeys linking as well.
2012-12-02	avoid versioning libsss_sudo	Pavel Březina	1	-3/+4

2012-11-12	Include the auth_utils.h header in the distribution	Jakub Hrozek	1	-0/+1

2012-11-06	util: Added new file util_lock.c	Michal Zidek	1	-1/+2

2012-10-26	krb5_child: send PAC to PAC responder	Sumit Bose	1	-2/+4
	If the authenticated user comes from a different realm the service ticket which was returned during the validation of the TGT is used to extract the PAC which is send to the pac responder for evaluation.
2012-10-12	Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudo	Jakub Hrozek	1	-1/+0

2012-10-01	BUILD: Include the patch file in the tarball	Stephen Gallagher	1	-0/+1

2012-09-04	Adding -std=gnu99 flag.	Michal Zidek	1	-1/+2

2012-08-28	RPM: Switch the default ccache location	Jakub Hrozek	1	-0/+1
	https://fedorahosted.org/sssd/ticket/1500
2012-08-27	Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client	Jakub Hrozek	1	-1/+11
	https://fedorahosted.org/sssd/ticket/1460
2012-08-23	Clean up cache on server reinitialization	Pavel Březina	1	-0/+1
	https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
2012-08-15	Add python bindings for murmurhash3	Sumit Bose	1	-3/+18

2012-08-03	tests: build sysdb ssh tests conditionally	Pavel Březina	1	-1/+4

2012-08-01	Create a domain-realm mapping for krb5.conf to be included	Jakub Hrozek	1	-0/+1
	When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings
2012-08-01	First-boot sss_seed tool	Nick Guay	1	-1/+9

2012-08-01	Added unit test for sysdb_ssh.c	Michal Zidek	1	-0/+14

2012-07-27	Write SELinux config files in responder instead of PAM module	Jan Zeleny	1	-1/+1

2012-07-27	tests: allow changing cwd in all tests	Pavel Březina	1	-1/+4

2012-07-27	Renamed session provider to selinux provider	Jan Zeleny	1	-2/+2

2012-07-10	pac responder: limit access by checking UIDs	Sumit Bose	1	-1/+16
	A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-06	AD: Add manpages and SSSDConfig entries	Stephen Gallagher	1	-0/+1

2012-07-06	AD: Add AD access-control provider	Stephen Gallagher	1	-0/+2
	This patch adds support for checking whether a user is expired or disabled in AD.
2012-07-06	AD: Add AD identity provider	Stephen Gallagher	1	-0/+42
	This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-07-06	KRB5: Create a common init routine for krb5_child options	Stephen Gallagher	1	-1/+3
	This will reduce code duplication between the krb5, ipa and ad providers
2012-06-29	sudo ldap provider: load host filter configuration on init	Pavel Březina	1	-0/+1
	We need to load host information during provider initialization. Currently it loads only values from configuration files, but it is implemented as an asynchrounous request as it will later try to autodetect these settings (which will need to contact DNS).
2012-06-29	sudo ldap provider: add new timer API	Pavel Březina	1	-0/+1

2012-06-29	sudo provider: remove old timer	Pavel Březina	1	-2/+0

2012-06-29	sudo ldap provider: move async routines to sdap_async_sudo.c	Pavel Březina	1	-0/+1

2012-06-29	sudo responder: discard in-memory cache	Pavel Březina	1	-1/+0

2012-06-29	libsss_sudo: bump version to 2:0:1	Pavel Březina	1	-1/+1

2012-06-25	Build pac responder tests only if pac responder is build	Sumit Bose	1	-2/+6

2012-06-21	Add support for ID ranges	Sumit Bose	1	-0/+1

2012-06-21	PAC client: add krb5 authdata plugin	Sumit Bose	1	-0/+21

2012-06-21	PAC responder: test suite	Jan Zeleny	1	-1/+18

2012-06-21	PAC responder: add some utility functions	Jan Zeleny	1	-0/+1

2012-06-21	PAC responder: add basic infrastructure	Sumit Bose	1	-0/+21
	This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
2012-06-14	Add a credential cache back end structure	Jakub Hrozek	1	-0/+3
	To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2012-06-14	Add a krb5_child test tool	Jakub Hrozek	1	-0/+24
	https://fedorahosted.org/sssd/ticket/1127
2012-06-13	LDAP: Add support for AD chain matching extension in initgroups	Stephen Gallagher	1	-0/+1