summaryrefslogtreecommitdiff
path: root/src/providers/ipa
AgeCommit message (Collapse)AuthorFilesLines
2011-11-28Fixed logically dead code in netgroup processingJan Zeleny1-1/+1
2011-11-28Fixed uninitialized pointer read in netgroups processingJan Zeleny1-0/+6
2011-11-25Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA providerJakub Hrozek2-2/+4
This was causing a segfault during HBAC processing and any ID lookups except for netgroups
2011-11-23Added IPA account info handlerJan Zeleny3-1/+373
Currently it is only handling netgroups by itself, other requests are forwarded to LDAP provider.
2011-11-23Added support for fetching netgroups in IPA providerJan Zeleny1-0/+992
2011-11-23New IPA ID contextJan Zeleny3-22/+37
2011-11-23Added and modified options for IPA netgroupsJan Zeleny2-24/+69
2011-11-23Modified sdap_parse_search_base()Jan Zeleny1-4/+4
2011-11-22Cleanup: Remove unused parametersJakub Hrozek10-40/+6
2011-11-02Support to request canonicalization in LDAP/IPA providerJan Zeleny2-1/+2
https://fedorahosted.org/sssd/ticket/957
2011-11-02Add support to request canonicalization on krb AS requestsJan Zeleny2-2/+3
https://fedorahosted.org/sssd/ticket/957
2011-11-02LDAP: Add parser for multiple search basesStephen Gallagher1-0/+20
2011-10-17Add a missing breakJakub Hrozek1-0/+1
2011-10-14HBAC: Use originalMember for identifying hostgroupsStephen Gallagher3-45/+165
2011-10-14HBAC: Use originalMember for identifying servicegroupsStephen Gallagher3-41/+169
2011-10-14HBAC: Do not save member/memberOf linksStephen Gallagher1-120/+0
We can just trust the values from the FreeIPA server
2011-09-28HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher1-3/+3
2011-09-28IPA access: hostname comparison should be case-insensitiveJakub Hrozek1-1/+1
2011-09-28Multiline macro cleanupJakub Hrozek2-2/+2
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-09-08Improve documentation of libipa_hbacStephen Gallagher2-21/+1697
2011-09-07Do not access memory out of boundsSumit Bose1-2/+2
2011-08-29HBAC: Properly skip all non-group memberOf entriesStephen Gallagher1-1/+2
2011-08-26HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher1-4/+4
We were trying to look up the wrong attribute for the name of the hostgroup.
2011-08-26HBAC: Handle saving groups that have no membersStephen Gallagher1-7/+21
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2-2/+3
https://fedorahosted.org/sssd/ticket/978
2011-08-25IPA dyndns: do not segfault if the server cannot be resolvedJakub Hrozek1-4/+2
https://fedorahosted.org/sssd/ticket/963
2011-08-15sysdb refactoring: memory context deletedJan Zeleny2-3/+3
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny6-17/+12
The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-01Change the default value of ldap_tls_cacert in IPA providerJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/944
2011-08-01Add rule validator to libipa_hbacStephen Gallagher2-0/+74
https://fedorahosted.org/sssd/ticket/943
2011-08-01Remove incorrect private variableStephen Gallagher1-1/+1
This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback)
2011-07-29Fix incorrect NULL check in ipa_hbac_common.cStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/936
2011-07-29Fix memory leak in ipa_hbac_evaluate_rulesStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/933
2011-07-29libipa_hbac: Support case-insensitive comparisons with UTF8Stephen Gallagher1-16/+98
2011-07-21fo_get_server_name() getter for a server nameJakub Hrozek1-1/+9
Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21Rename fo_get_server_name to fo_get_server_str_nameJakub Hrozek1-2/+2
2011-07-13Remove unused krb5_service structure memberJakub Hrozek1-2/+0
2011-07-11Check DNS records before updatingJakub Hrozek4-25/+470
https://fedorahosted.org/sssd/ticket/802
2011-07-11Escape IP address in kdcinfoJakub Hrozek1-10/+10
https://fedorahosted.org/sssd/ticket/909
2011-07-11Move IP adress escaping from the LDAP namespaceJakub Hrozek1-3/+3
2011-07-08Add LDAP access control based on NDS attributesSumit Bose1-1/+4
2011-07-08Treat NULL or empty rhost as unknownStephen Gallagher2-11/+25
Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher3-2/+13
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher4-1/+21
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-07-08Add new HBAC lookup and evaluation routinesStephen Gallagher2-124/+398
2011-07-08Remove old HBAC implementationStephen Gallagher2-1595/+1
2011-07-08Add helper functions for looking up HBAC rule componentsStephen Gallagher6-0/+2616
2011-07-08Add HBAC evaluator and testsStephen Gallagher3-0/+386
2011-07-05ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek1-12/+17
https://fedorahosted.org/sssd/ticket/915
2011-06-30Use name based URI instead of IP address based URIsSumit Bose1-1/+1
generated by cgit (git 2.34.1) at 2024-11-16 11:17:21 +0000