| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2012-02-06 | Separate the host-retrieval code from IPA HBAC to common IPA code | Jan Zeleny | 1 | -16/+40 | |
| 2012-02-06 | Implemented support for multiple search bases in HBAC rules and services | Jan Zeleny | 1 | -29/+5 | |
| 2012-01-14 | Support multiple search bases in HBAC | Jan Zeleny | 1 | -1/+1 | |
| 2011-12-16 | Export the function to convert ldb_result to sysdb_attrs | Jakub Hrozek | 1 | -1/+1 | |
| It will be reused later in the sudo responder | |||||
| 2011-11-29 | Add ipa_hbac_support_srchost option to IPA provider | Jan Zeleny | 1 | -0/+4 | |
| don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078 | |||||
| 2011-11-22 | Cleanup: Remove unused parameters | Jakub Hrozek | 1 | -4/+0 | |
| 2011-09-28 | IPA access: hostname comparison should be case-insensitive | Jakub Hrozek | 1 | -1/+1 | |
| 2011-08-15 | sysdb refactoring: memory context deleted | Jan Zeleny | 1 | -1/+1 | |
| This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | |||||
| 2011-08-15 | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 1 | -2/+1 | |
| The patch also updates code using modified functions. Tests have also been adjusted. | |||||
| 2011-07-29 | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 1 | -0/+1 | |
| https://fedorahosted.org/sssd/ticket/933 | |||||
| 2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 1 | -1/+10 | |
| By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
| 2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 1 | -0/+16 | |
| This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
| 2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 1 | -124/+380 | |
| 2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 1 | -1585/+0 | |
| 2011-02-28 | Use realm for basedn instead of IPA domain | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/807 | |||||
| 2011-01-19 | Add ipa_hbac_search_base config option | Sumit Bose | 1 | -52/+39 | |
| 2011-01-17 | Add ldap_search_enumeration_timeout config option | Sumit Bose | 1 | -3/+3 | |
| 2011-01-17 | Add timeout parameter to sdap_get_generic_send() | Sumit Bose | 1 | -22/+31 | |
| 2010-12-17 | Fix uninitialized value error in set_local_and_remote_host_info | Stephen Gallagher | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/725 | |||||
| 2010-12-17 | Fix unsafe return condition in ipa_access_handler | Stephen Gallagher | 1 | -1/+6 | |
| https://fedorahosted.org/sssd/ticket/718 | |||||
| 2010-12-08 | Remove IPA_ACCESS_TIME define | Stephen Gallagher | 1 | -13/+11 | |
| 2010-12-08 | Remove check_access_time() from IPA access provider | Sumit Bose | 1 | -63/+0 | |
| It is planned to release IPA 2.0 without time range specifications in the access control rules. To avoid confusion the evaluation is removed from sssd, too. | |||||
| 2010-11-19 | Use a more efficient host search filter | Sumit Bose | 1 | -5/+6 | |
| 2010-11-15 | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 1 | -2/+17 | |
| 2010-10-22 | Download only enabled IPA HBAC rules | Sumit Bose | 1 | -1/+3 | |
| 2010-09-23 | Save all data to sysdb in one transaction | Sumit Bose | 1 | -222/+131 | |
| 2010-09-23 | Handle host objects like other objects | Sumit Bose | 1 | -128/+181 | |
| 2010-09-07 | Cleaned some dead assignments | Jan Zeleny | 1 | -14/+12 | |
| Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582 | |||||
| 2010-07-23 | Fix IPA access backend handling of obsolete and missing HBAC entries: | eindenbom | 1 | -9/+68 | |
| - Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR. | |||||
| 2010-07-23 | Do not treat missing HBAC rules as an error | Sumit Bose | 1 | -0/+5 | |
| 2010-07-09 | Use new LDAP connection framework in IPA access backend. | eindenbom | 1 | -304/+264 | |
| 2010-06-02 | Unify sdap and sysdb data handling | Sumit Bose | 1 | -85/+104 | |
| 2010-06-02 | Compare full service name | Sumit Bose | 1 | -1/+2 | |
| 2010-06-02 | Remove service groups | Sumit Bose | 1 | -191/+7 | |
| Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore. | |||||
| 2010-06-02 | Use new schema for HBAC service checks | Sumit Bose | 1 | -21/+637 | |
| 2010-06-02 | Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el() | Sumit Bose | 1 | -23/+12 | |
| sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT. | |||||
| 2010-05-27 | Check ipaEnabledFlag | Sumit Bose | 1 | -5/+23 | |
| 2010-05-16 | Don't report a fatal error for an HBAC denial | Stephen Gallagher | 1 | -1/+1 | |
| 2010-05-07 | Compare the full service name | Sumit Bose | 1 | -1/+2 | |
| 2010-05-03 | Fix a wrong return value in IPA HBAC | Sumit Bose | 1 | -2/+2 | |
| 2010-05-03 | Better handle sdap_handle memory from callers. | Simo Sorce | 1 | -8/+0 | |
| Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event. | |||||
| 2010-04-12 | sysdb: remove remaining traces of sysdb_handle | Simo Sorce | 1 | -4/+0 | |
| 2010-04-12 | Remove remaining use of sysdb_transaction_send | Simo Sorce | 1 | -69/+25 | |
| 2010-04-12 | sysdb: convert sysdb_asq_search | Simo Sorce | 1 | -150/+69 | |
| 2010-04-12 | sysdb: convert sysdb_store_custom | Simo Sorce | 1 | -113/+35 | |
| 2010-04-12 | sysdb: convert sysdb_search_custom | Simo Sorce | 1 | -42/+60 | |
| 2010-04-12 | sysdb: convert sysdb_search_user_by_name/uid | Simo Sorce | 1 | -61/+14 | |
| 2010-04-12 | sysdb: convert sysdb_search_entry and sysdb_delete_recursive | Simo Sorce | 1 | -25/+5 | |
| 2010-03-25 | Fix LDAP search paths for IPA HBAC | Sumit Bose | 1 | -15/+20 | |
| - use domain_to_basedn() to construct LDAP search paths for IPA HBAC - move domain_to_basedn() to a separate file to simplify the build of a test | |||||
| 2010-02-18 | Rename server/ directory to src/ | Stephen Gallagher | 1 | -0/+1823 | |
| Also update BUILD.txt | |||||
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |