| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2011-10-14 | HBAC: Use originalMember for identifying hostgroups | Stephen Gallagher | 3 | -45/+165 | |
| 2011-10-14 | HBAC: Use originalMember for identifying servicegroups | Stephen Gallagher | 3 | -41/+169 | |
| 2011-10-14 | HBAC: Do not save member/memberOf links | Stephen Gallagher | 1 | -120/+0 | |
| We can just trust the values from the FreeIPA server | |||||
| 2011-09-28 | HBAC: fix typos preventing proper hostgroup evaluation | Stephen Gallagher | 1 | -3/+3 | |
| 2011-09-28 | IPA access: hostname comparison should be case-insensitive | Jakub Hrozek | 1 | -1/+1 | |
| 2011-09-28 | Multiline macro cleanup | Jakub Hrozek | 2 | -2/+2 | |
| This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again. | |||||
| 2011-09-08 | Improve documentation of libipa_hbac | Stephen Gallagher | 2 | -21/+1697 | |
| 2011-09-07 | Do not access memory out of bounds | Sumit Bose | 1 | -2/+2 | |
| 2011-08-29 | HBAC: Properly skip all non-group memberOf entries | Stephen Gallagher | 1 | -1/+2 | |
| 2011-08-26 | HBAC: Use of hostgroups for targethost or sourcehost was broken | Stephen Gallagher | 1 | -4/+4 | |
| We were trying to look up the wrong attribute for the name of the hostgroup. | |||||
| 2011-08-26 | HBAC: Handle saving groups that have no members | Stephen Gallagher | 1 | -7/+21 | |
| 2011-08-26 | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 2 | -2/+3 | |
| https://fedorahosted.org/sssd/ticket/978 | |||||
| 2011-08-25 | IPA dyndns: do not segfault if the server cannot be resolved | Jakub Hrozek | 1 | -4/+2 | |
| https://fedorahosted.org/sssd/ticket/963 | |||||
| 2011-08-15 | sysdb refactoring: memory context deleted | Jan Zeleny | 2 | -3/+3 | |
| This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | |||||
| 2011-08-15 | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 6 | -17/+12 | |
| The patch also updates code using modified functions. Tests have also been adjusted. | |||||
| 2011-08-01 | Change the default value of ldap_tls_cacert in IPA provider | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/944 | |||||
| 2011-08-01 | Add rule validator to libipa_hbac | Stephen Gallagher | 2 | -0/+74 | |
| https://fedorahosted.org/sssd/ticket/943 | |||||
| 2011-08-01 | Remove incorrect private variable | Stephen Gallagher | 1 | -1/+1 | |
| This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback) | |||||
| 2011-07-29 | Fix incorrect NULL check in ipa_hbac_common.c | Stephen Gallagher | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/936 | |||||
| 2011-07-29 | Fix memory leak in ipa_hbac_evaluate_rules | Stephen Gallagher | 1 | -0/+1 | |
| https://fedorahosted.org/sssd/ticket/933 | |||||
| 2011-07-29 | libipa_hbac: Support case-insensitive comparisons with UTF8 | Stephen Gallagher | 1 | -16/+98 | |
| 2011-07-21 | fo_get_server_name() getter for a server name | Jakub Hrozek | 1 | -1/+9 | |
| Allows to be more concise in tests and more defensive in resolve callbacks | |||||
| 2011-07-21 | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 1 | -2/+2 | |
| 2011-07-13 | Remove unused krb5_service structure member | Jakub Hrozek | 1 | -2/+0 | |
| 2011-07-11 | Check DNS records before updating | Jakub Hrozek | 4 | -25/+470 | |
| https://fedorahosted.org/sssd/ticket/802 | |||||
| 2011-07-11 | Escape IP address in kdcinfo | Jakub Hrozek | 1 | -10/+10 | |
| https://fedorahosted.org/sssd/ticket/909 | |||||
| 2011-07-11 | Move IP adress escaping from the LDAP namespace | Jakub Hrozek | 1 | -3/+3 | |
| 2011-07-08 | Add LDAP access control based on NDS attributes | Sumit Bose | 1 | -1/+4 | |
| 2011-07-08 | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2 | -11/+25 | |
| Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | |||||
| 2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 3 | -2/+13 | |
| By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
| 2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 4 | -1/+21 | |
| This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
| 2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2 | -124/+398 | |
| 2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 2 | -1595/+1 | |
| 2011-07-08 | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 6 | -0/+2616 | |
| 2011-07-08 | Add HBAC evaluator and tests | Stephen Gallagher | 3 | -0/+386 | |
| 2011-07-05 | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 1 | -12/+17 | |
| https://fedorahosted.org/sssd/ticket/915 | |||||
| 2011-06-30 | Use name based URI instead of IP address based URIs | Sumit Bose | 1 | -1/+1 | |
| 2011-06-30 | Add sockaddr_storage to sdap_service | Sumit Bose | 1 | -0/+10 | |
| 2011-06-21 | Log nsupdate message | Jakub Hrozek | 1 | -0/+3 | |
| https://fedorahosted.org/sssd/ticket/893 | |||||
| 2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 1 | -2/+2 | |
| 2011-06-02 | Escape IPv6 IP addresses in the IPA provider | Jakub Hrozek | 1 | -4/+26 | |
| https://fedorahosted.org/sssd/ticket/880 | |||||
| 2011-06-02 | Add utility function to return IP address as string | Jakub Hrozek | 1 | -8/+2 | |
| 2011-05-20 | Use dereference when processing RFC2307bis nested groups | Jakub Hrozek | 2 | -2/+3 | |
| Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799 | |||||
| 2011-04-29 | Fix order of arguments in select_principal_from_keytab() call | Jakub Hrozek | 1 | -1/+1 | |
| 2011-04-29 | Fix segfault in IPA provider | Stephen Gallagher | 1 | -2/+2 | |
| We were trying to request the krb5 keytab from the auth provider configuration, but it hasn't yet been set up. Much better to use the value in the ID provider. | |||||
| 2011-04-28 | Fix IPA config bug with SDAP_KRB5_REALM | Stephen Gallagher | 1 | -1/+1 | |
| 2011-04-27 | Add ldap_page_size configuration option | Stephen Gallagher | 2 | -2/+3 | |
| 2011-04-25 | Modify principal selection for keytab authentication | Jan Zeleny | 2 | -22/+54 | |
| Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781 | |||||
| 2011-04-25 | Allow new option to specify principal for FAST | Jan Zeleny | 2 | -2/+3 | |
| https://fedorahosted.org/sssd/ticket/700 | |||||
| 2011-03-24 | Add host access control support | Pierre Ossman | 1 | -1/+2 | |
| https://fedorahosted.org/sssd/ticket/746 | |||||
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |