Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 1 | -1/+10 | |
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 1 | -0/+16 | |
This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 1 | -124/+380 | |
2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 1 | -1585/+0 | |
2011-02-28 | Use realm for basedn instead of IPA domain | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/807 | |||||
2011-01-19 | Add ipa_hbac_search_base config option | Sumit Bose | 1 | -52/+39 | |
2011-01-17 | Add ldap_search_enumeration_timeout config option | Sumit Bose | 1 | -3/+3 | |
2011-01-17 | Add timeout parameter to sdap_get_generic_send() | Sumit Bose | 1 | -22/+31 | |
2010-12-17 | Fix uninitialized value error in set_local_and_remote_host_info | Stephen Gallagher | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/725 | |||||
2010-12-17 | Fix unsafe return condition in ipa_access_handler | Stephen Gallagher | 1 | -1/+6 | |
https://fedorahosted.org/sssd/ticket/718 | |||||
2010-12-08 | Remove IPA_ACCESS_TIME define | Stephen Gallagher | 1 | -13/+11 | |
2010-12-08 | Remove check_access_time() from IPA access provider | Sumit Bose | 1 | -63/+0 | |
It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too. | |||||
2010-11-19 | Use a more efficient host search filter | Sumit Bose | 1 | -5/+6 | |
2010-11-15 | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 1 | -2/+17 | |
2010-10-22 | Download only enabled IPA HBAC rules | Sumit Bose | 1 | -1/+3 | |
2010-09-23 | Save all data to sysdb in one transaction | Sumit Bose | 1 | -222/+131 | |
2010-09-23 | Handle host objects like other objects | Sumit Bose | 1 | -128/+181 | |
2010-09-07 | Cleaned some dead assignments | Jan Zeleny | 1 | -14/+12 | |
Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582 | |||||
2010-07-23 | Fix IPA access backend handling of obsolete and missing HBAC entries: | eindenbom | 1 | -9/+68 | |
- Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR. | |||||
2010-07-23 | Do not treat missing HBAC rules as an error | Sumit Bose | 1 | -0/+5 | |
2010-07-09 | Use new LDAP connection framework in IPA access backend. | eindenbom | 1 | -304/+264 | |
2010-06-02 | Unify sdap and sysdb data handling | Sumit Bose | 1 | -85/+104 | |
2010-06-02 | Compare full service name | Sumit Bose | 1 | -1/+2 | |
2010-06-02 | Remove service groups | Sumit Bose | 1 | -191/+7 | |
Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore. | |||||
2010-06-02 | Use new schema for HBAC service checks | Sumit Bose | 1 | -21/+637 | |
2010-06-02 | Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el() | Sumit Bose | 1 | -23/+12 | |
sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT. | |||||
2010-05-27 | Check ipaEnabledFlag | Sumit Bose | 1 | -5/+23 | |
2010-05-16 | Don't report a fatal error for an HBAC denial | Stephen Gallagher | 1 | -1/+1 | |
2010-05-07 | Compare the full service name | Sumit Bose | 1 | -1/+2 | |
2010-05-03 | Fix a wrong return value in IPA HBAC | Sumit Bose | 1 | -2/+2 | |
2010-05-03 | Better handle sdap_handle memory from callers. | Simo Sorce | 1 | -8/+0 | |
Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event. | |||||
2010-04-12 | sysdb: remove remaining traces of sysdb_handle | Simo Sorce | 1 | -4/+0 | |
2010-04-12 | Remove remaining use of sysdb_transaction_send | Simo Sorce | 1 | -69/+25 | |
2010-04-12 | sysdb: convert sysdb_asq_search | Simo Sorce | 1 | -150/+69 | |
2010-04-12 | sysdb: convert sysdb_store_custom | Simo Sorce | 1 | -113/+35 | |
2010-04-12 | sysdb: convert sysdb_search_custom | Simo Sorce | 1 | -42/+60 | |
2010-04-12 | sysdb: convert sysdb_search_user_by_name/uid | Simo Sorce | 1 | -61/+14 | |
2010-04-12 | sysdb: convert sysdb_search_entry and sysdb_delete_recursive | Simo Sorce | 1 | -25/+5 | |
2010-03-25 | Fix LDAP search paths for IPA HBAC | Sumit Bose | 1 | -15/+20 | |
- use domain_to_basedn() to construct LDAP search paths for IPA HBAC - move domain_to_basedn() to a separate file to simplify the build of a test | |||||
2010-02-18 | Rename server/ directory to src/ | Stephen Gallagher | 1 | -0/+1823 | |
Also update BUILD.txt |