| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2013-01-15 | Add domain argument to sysdb_search_custom() | Simo Sorce | 1 | -1/+3 | |
| Also changes sysdb_search_custom_by_name() | |||||
| 2013-01-15 | Make sysdb_custom_subtree_dn() require a domain. | Simo Sorce | 1 | -1/+1 | |
| 2012-11-19 | Do not save HBAC rules in subdomain subtree | Sumit Bose | 1 | -10/+0 | |
| Currently the sysdb context is pointed to the subdomain subtree containing user the user to be checked at the beginning of a HBAC request. As a result all HBAC rules and related data is save in the subdomain tree as well. But since the HBAC rules of the configured domain apply to all users it is sufficient to save them once in the subtree of the configured domain. Since most of the sysdb operations during a HBAC request are related to the HBAC rules and related data this patch does not change the default sysdb context but only create a special context to look up subdomain users. | |||||
| 2012-09-24 | SYSDB: Remove unnecessary domain parameter from several sysdb calls | Jakub Hrozek | 1 | -1/+0 | |
| The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained. | |||||
| 2012-08-23 | Unify usage of sysdb transactions | Michal Zidek | 1 | -1/+2 | |
| Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c). | |||||
| 2012-07-31 | Modify hbac_get_cached_rules() so it can be used outside of HBAC code | Jan Zeleny | 1 | -14/+17 | |
| 2012-07-02 | IPA: Don't hang onto memory longer than necessary | Stephen Gallagher | 1 | -0/+1 | |
| This request and attached memory would be freed at the end of access-check processing, but it's a waste to keep it around. | |||||
| 2012-04-24 | Detect subdomain request in IPA access provider | Jan Zeleny | 1 | -0/+10 | |
| 2012-04-24 | Accept be_req instead if be_ctx in LDAP access provider | Jan Zeleny | 1 | -1/+1 | |
| 2012-03-12 | IPA: Initialize hbac_ctx to NULL | Stephen Gallagher | 1 | -1/+1 | |
| 2012-03-09 | IPA: Check nsAccountLock during PAM_ACCT_MGMT | Stephen Gallagher | 1 | -0/+56 | |
| https://fedorahosted.org/sssd/ticket/1227 | |||||
| 2012-02-24 | IPA hosts refactoring | Jan Zeleny | 1 | -18/+6 | |
| 2012-02-07 | IPA: Add host info handler | Jan Cholasta | 1 | -1/+1 | |
| 2012-02-06 | Separate the host-retrieval code from IPA HBAC to common IPA code | Jan Zeleny | 1 | -16/+40 | |
| 2012-02-06 | Implemented support for multiple search bases in HBAC rules and services | Jan Zeleny | 1 | -29/+5 | |
| 2012-01-14 | Support multiple search bases in HBAC | Jan Zeleny | 1 | -1/+1 | |
| 2011-12-16 | Export the function to convert ldb_result to sysdb_attrs | Jakub Hrozek | 1 | -1/+1 | |
| It will be reused later in the sudo responder | |||||
| 2011-11-29 | Add ipa_hbac_support_srchost option to IPA provider | Jan Zeleny | 1 | -0/+4 | |
| don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078 | |||||
| 2011-11-22 | Cleanup: Remove unused parameters | Jakub Hrozek | 1 | -4/+0 | |
| 2011-09-28 | IPA access: hostname comparison should be case-insensitive | Jakub Hrozek | 1 | -1/+1 | |
| 2011-08-15 | sysdb refactoring: memory context deleted | Jan Zeleny | 1 | -1/+1 | |
| This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | |||||
| 2011-08-15 | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 1 | -2/+1 | |
| The patch also updates code using modified functions. Tests have also been adjusted. | |||||
| 2011-07-29 | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 1 | -0/+1 | |
| https://fedorahosted.org/sssd/ticket/933 | |||||
| 2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 1 | -1/+10 | |
| By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
| 2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 1 | -0/+16 | |
| This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
| 2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 1 | -124/+380 | |
| 2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 1 | -1585/+0 | |
| 2011-02-28 | Use realm for basedn instead of IPA domain | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/807 | |||||
| 2011-01-19 | Add ipa_hbac_search_base config option | Sumit Bose | 1 | -52/+39 | |
| 2011-01-17 | Add ldap_search_enumeration_timeout config option | Sumit Bose | 1 | -3/+3 | |
| 2011-01-17 | Add timeout parameter to sdap_get_generic_send() | Sumit Bose | 1 | -22/+31 | |
| 2010-12-17 | Fix uninitialized value error in set_local_and_remote_host_info | Stephen Gallagher | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/725 | |||||
| 2010-12-17 | Fix unsafe return condition in ipa_access_handler | Stephen Gallagher | 1 | -1/+6 | |
| https://fedorahosted.org/sssd/ticket/718 | |||||
| 2010-12-08 | Remove IPA_ACCESS_TIME define | Stephen Gallagher | 1 | -13/+11 | |
| 2010-12-08 | Remove check_access_time() from IPA access provider | Sumit Bose | 1 | -63/+0 | |
| It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too. | |||||
| 2010-11-19 | Use a more efficient host search filter | Sumit Bose | 1 | -5/+6 | |
| 2010-11-15 | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 1 | -2/+17 | |
| 2010-10-22 | Download only enabled IPA HBAC rules | Sumit Bose | 1 | -1/+3 | |
| 2010-09-23 | Save all data to sysdb in one transaction | Sumit Bose | 1 | -222/+131 | |
| 2010-09-23 | Handle host objects like other objects | Sumit Bose | 1 | -128/+181 | |
| 2010-09-07 | Cleaned some dead assignments | Jan Zeleny | 1 | -14/+12 | |
| Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582 | |||||
| 2010-07-23 | Fix IPA access backend handling of obsolete and missing HBAC entries: | eindenbom | 1 | -9/+68 | |
| - Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR. | |||||
| 2010-07-23 | Do not treat missing HBAC rules as an error | Sumit Bose | 1 | -0/+5 | |
| 2010-07-09 | Use new LDAP connection framework in IPA access backend. | eindenbom | 1 | -304/+264 | |
| 2010-06-02 | Unify sdap and sysdb data handling | Sumit Bose | 1 | -85/+104 | |
| 2010-06-02 | Compare full service name | Sumit Bose | 1 | -1/+2 | |
| 2010-06-02 | Remove service groups | Sumit Bose | 1 | -191/+7 | |
| Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore. | |||||
| 2010-06-02 | Use new schema for HBAC service checks | Sumit Bose | 1 | -21/+637 | |
| 2010-06-02 | Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el() | Sumit Bose | 1 | -23/+12 | |
| sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT. | |||||
| 2010-05-27 | Check ipaEnabledFlag | Sumit Bose | 1 | -5/+23 | |
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |