sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2012-05-22	Simple implementation of Netscape password warning expiration control	Joshua Roys	1	-22/+74

2012-05-09	Try all KDCs when getting TGT for LDAP	Jakub Hrozek	1	-15/+18
	When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
2012-04-20	Get the RootDSE after binding if not successfull before	Jakub Hrozek	1	-26/+104
	https://fedorahosted.org/sssd/ticket/1258
2012-04-20	Free controls in sdap_rebind_proc	Jakub Hrozek	1	-4/+6

2012-04-18	Do not call sdap_auth if not needed	Jakub Hrozek	1	-7/+11

2012-03-26	LDAP: Fix memory leaks in synchronous_tls_setup	Stephen Gallagher	1	-8/+10
	We were never freeing "result" if it was allocated by ldap_result(). We were also not freeing "errmsg" if it was allocated but ldap_parse_result() returned an error. Also disambiguate error messages from ldap_parse_result() and error messages from sss_ldap_get_diagnostic_msg() since they use differing memory-management functions.
2012-03-16	LDAP: Errors retrieving the RootDSE should not be fatal	Stephen Gallagher	1	-15/+8
	If we can't reach the RootDSE, let's just proceed as if it's unavailable with reasonable defaults. If we fail later on, that's fine. Fixes https://fedorahosted.org/sssd/ticket/1257
2012-03-08	Detect cycle in the fail over on subsequent resolve requests only	Jakub Hrozek	1	-2/+4

2012-03-06	Only do one cycle when resolving a server	Jakub Hrozek	1	-7/+6
	https://fedorahosted.org/sssd/ticket/1214
2012-01-14	LDAP: Copy URI instead of pointing at failover service record	Stephen Gallagher	1	-2/+8
	In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139
2011-12-12	Add sdap_connection_expire_timeout option	Stephen Gallagher	1	-0/+12
	https://fedorahosted.org/sssd/ticket/1036
2011-12-08	LDAP: Fix missing break statements in force_tls	Stephen Gallagher	1	-6/+12
	Also add a default case to protect against bad input
2011-12-08	LDAP provider: Error while setting the nocanon option should not be fatal	Jakub Hrozek	1	-3/+9
	https://fedorahosted.org/sssd/ticket/1100
2011-12-08	Add ldap_sasl_minssf option	Jan Zeleny	1	-0/+17
	https://fedorahosted.org/sssd/ticket/1075
2011-11-29	Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connections	Jakub Hrozek	1	-7/+28

2011-11-29	LDAP: Try next failover server on any error	Stephen Gallagher	1	-9/+5

2011-11-22	Cleanup: Remove unused parameters	Jakub Hrozek	1	-9/+5

2011-11-18	Prevent printing NULL in several places of LDAP provider	Jakub Hrozek	1	-3/+5

2011-11-02	Support to request canonicalization in LDAP/IPA provider	Jan Zeleny	1	-0/+15
	https://fedorahosted.org/sssd/ticket/957
2011-09-06	sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()	Pavel Březina	1	-16/+16
	https://fedorahosted.org/sssd/ticket/986
2011-09-06	sss_ldap_err2string() - function created	Pavel Březina	1	-2/+0
	https://fedorahosted.org/sssd/ticket/986
2011-08-26	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	1	-0/+11
	https://fedorahosted.org/sssd/ticket/978
2011-08-15	Handle timeout during sss_ldap_init_send	Jakub Hrozek	1	-1/+5
	In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-01	Request password control unconditionally during bind	Jakub Hrozek	1	-6/+6
	https://fedorahosted.org/sssd/ticket/940
2011-06-30	Use ldap_init_fd() instead of ldap_initialize() if available	Sumit Bose	1	-36/+83

2011-04-27	Add ldap_page_size configuration option	Stephen Gallagher	1	-0/+4

2011-04-25	Modify principal selection for keytab authentication	Jan Zeleny	1	-2/+7
	Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-12	Initialise rootdse to NULL if not available	Sumit Bose	1	-0/+1

2011-04-11	Initialise srv_opts even if rootDSE is missing	Sumit Bose	1	-8/+9

2011-04-08	Read only rootDSE data if rootDSE is available	Sumit Bose	1	-20/+22

2011-04-08	Don't pass NULL to printf for TLS errors	Jakub Hrozek	1	-19/+22
	https://fedorahosted.org/sssd/ticket/643
2011-02-16	Do not attempt to use START_TLS on SSL connections	Stephen Gallagher	1	-2/+10
	Not all LDAP servers are capable of handling dual-encryption with both TLS and SSL. https://fedorahosted.org/sssd/ticket/795
2011-01-06	Convert obfuscated password once at startup	Sumit Bose	1	-14/+0

2010-12-07	Mark unavailable Kerberos server as PORT_NOT_WORKING	Sumit Bose	1	-0/+1

2010-12-07	ldap: add checks to determine if USN features are available.	Simo Sorce	1	-9/+19

2010-12-01	Fix offline detection in sdap_cli_connect request	Sumit Bose	1	-0/+1
	sdap_cli_connect_recv_ext() checks if the failover server is not set to determine if the backend is offline. To make this work properly if multiple servers are defined the failover server must be set to NULL if all servers are checked.
2010-11-04	Use (default)namingContext to set empty search bases	Sumit Bose	1	-0/+8

2010-10-27	Allow authentication for referrals	Sumit Bose	1	-0/+193

2010-10-22	Add some missing ldap_memfree()	Sumit Bose	1	-2/+4

2010-10-22	Add ldap_deref option	Sumit Bose	1	-0/+37

2010-10-13	Initialize kerberos service for GSSAPI	Jakub Hrozek	1	-4/+88

2010-10-13	Make ldap_child report kerberos return code to parent	Jakub Hrozek	1	-1/+3

2010-09-15	Check if control is supported before using it.	Simo Sorce	1	-7/+9

2010-09-15	Revert "Make ldap bind asynchronous"	Jakub Hrozek	1	-127/+91
	This reverts 56d8d19ac9d857580a233d8264e851883b883c67
2010-09-15	Store rootdse supported features in sdap_handler	Sumit Bose	1	-34/+17

2010-09-08	Deobfuscate password in back ends	Jakub Hrozek	1	-7/+52
	When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-02	Make ldap bind asynchronous	Martin Nagy	1	-91/+127
	Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
2010-07-09	Log TLS errors to syslog	Stephen Gallagher	1	-0/+6
	Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
2010-07-09	Eliminate delayed sdap_handle destruction after fail-over retry.	eindenbom	1	-9/+6

2010-07-09	Use new LDAP connection framework in IPA dynamic DNS forwarder.	eindenbom	1	-7/+0