summaryrefslogtreecommitdiff
path: root/src/providers/ipa
AgeCommit message (Collapse)AuthorFilesLines
2011-12-16Export the function to convert ldb_result to sysdb_attrsJakub Hrozek1-1/+1
It will be reused later in the sudo responder
2011-12-12Add sdap_connection_expire_timeout optionStephen Gallagher2-2/+3
https://fedorahosted.org/sssd/ticket/1036
2011-12-12Fix uninitialized value error in ipa_netgroups.cStephen Gallagher1-0/+1
DEBUG message can print an unitialized value if the first netgroup has no members. Coverity 12382
2011-12-09Fixed IPA netgroup processingJan Zeleny3-2/+7
In case IPA netgroup had indirect member hosts, they wouldn't be detected. This patch also modifies debug messages for easier debugging in the future.
2011-12-08Add ldap_sasl_minssf optionJan Zeleny2-1/+2
https://fedorahosted.org/sssd/ticket/1075
2011-12-05Allow using Glib for UTF8 supportStephen Gallagher1-33/+11
2011-11-29Add ipa_hbac_support_srchost option to IPA providerJan Zeleny6-36/+151
don't fetch all host groups if this option is false https://fedorahosted.org/sssd/ticket/1078
2011-11-29IPA migration fixesJakub Hrozek3-97/+141
* use the id connection for looking up the migration flag * force TLS on the password based authentication connection https://fedorahosted.org/sssd/ticket/924
2011-11-29Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connectionsJakub Hrozek1-1/+1
2011-11-28Fixed logically dead code in netgroup processingJan Zeleny1-1/+1
2011-11-28Fixed uninitialized pointer read in netgroups processingJan Zeleny1-0/+6
2011-11-25Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA providerJakub Hrozek2-2/+4
This was causing a segfault during HBAC processing and any ID lookups except for netgroups
2011-11-23Added IPA account info handlerJan Zeleny3-1/+373
Currently it is only handling netgroups by itself, other requests are forwarded to LDAP provider.
2011-11-23Added support for fetching netgroups in IPA providerJan Zeleny1-0/+992
2011-11-23New IPA ID contextJan Zeleny3-22/+37
2011-11-23Added and modified options for IPA netgroupsJan Zeleny2-24/+69
2011-11-23Modified sdap_parse_search_base()Jan Zeleny1-4/+4
2011-11-22Cleanup: Remove unused parametersJakub Hrozek10-40/+6
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny2-1/+2
https://fedorahosted.org/sssd/ticket/957
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny2-2/+3
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Add parser for multiple search basesStephen Gallagher1-0/+20
2011-10-17Add a missing breakJakub Hrozek1-0/+1
2011-10-14HBAC: Use originalMember for identifying hostgroupsStephen Gallagher3-45/+165
2011-10-14HBAC: Use originalMember for identifying servicegroupsStephen Gallagher3-41/+169
2011-10-14HBAC: Do not save member/memberOf linksStephen Gallagher1-120/+0
We can just trust the values from the FreeIPA server
2011-09-28HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher1-3/+3
2011-09-28IPA access: hostname comparison should be case-insensitiveJakub Hrozek1-1/+1
2011-09-28Multiline macro cleanupJakub Hrozek2-2/+2
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-09-08Improve documentation of libipa_hbacStephen Gallagher2-21/+1697
2011-09-07Do not access memory out of boundsSumit Bose1-2/+2
2011-08-29HBAC: Properly skip all non-group memberOf entriesStephen Gallagher1-1/+2
2011-08-26HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher1-4/+4
We were trying to look up the wrong attribute for the name of the hostgroup.
2011-08-26HBAC: Handle saving groups that have no membersStephen Gallagher1-7/+21
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2-2/+3
https://fedorahosted.org/sssd/ticket/978
2011-08-25IPA dyndns: do not segfault if the server cannot be resolvedJakub Hrozek1-4/+2
https://fedorahosted.org/sssd/ticket/963
2011-08-15sysdb refactoring: memory context deletedJan Zeleny2-3/+3
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny6-17/+12
The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-01Change the default value of ldap_tls_cacert in IPA providerJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/944
2011-08-01Add rule validator to libipa_hbacStephen Gallagher2-0/+74
https://fedorahosted.org/sssd/ticket/943
2011-08-01Remove incorrect private variableStephen Gallagher1-1/+1
This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback)
2011-07-29Fix incorrect NULL check in ipa_hbac_common.cStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/936
2011-07-29Fix memory leak in ipa_hbac_evaluate_rulesStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/933
2011-07-29libipa_hbac: Support case-insensitive comparisons with UTF8Stephen Gallagher1-16/+98
2011-07-21fo_get_server_name() getter for a server nameJakub Hrozek1-1/+9
Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-2/+2
2011-07-13Remove unused krb5_service structure memberJakub Hrozek1-2/+0
2011-07-11Check DNS records before updatingJakub Hrozek4-25/+470
https://fedorahosted.org/sssd/ticket/802
2011-07-11Escape IP address in kdcinfoJakub Hrozek1-10/+10
https://fedorahosted.org/sssd/ticket/909
2011-07-11Move IP adress escaping from the LDAP namespaceJakub Hrozek1-3/+3
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-1/+4