sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-08-25	Improve password policy error code and message	Sumit Bose	1	-4/+9
	Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
2011-08-15	Handle timeout during sss_ldap_init_send	Jakub Hrozek	1	-1/+5
	In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-15	Moved some functions in sdap_async_initgroups	Jan Zeleny	1	-345/+349

2011-08-15	Moved some functions in sdap_async_groups	Jan Zeleny	1	-122/+112

2011-08-15	Confusing part of code cleared out	Jan Zeleny	1	-34/+32

2011-08-15	sdap_async_accounts.c split	Jan Zeleny	4	-2514/+2588
	The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864
2011-08-15	sysdb refactoring: memory context deleted	Jan Zeleny	5	-25/+15
	This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15	sysdb refactoring: deleted domain variables in sysdb API	Jan Zeleny	9	-58/+35
	The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-11	Use sysdb attribute name for GID, not LDAP attribute	Stephen Gallagher	1	-3/+3

2011-08-04	Fix returning groups when gidNumber attribute is not ordered	Jakub Hrozek	3	-4/+10
	https://fedorahosted.org/sssd/ticket/951
2011-08-01	Request password control unconditionally during bind	Jakub Hrozek	1	-6/+6
	https://fedorahosted.org/sssd/ticket/940
2011-08-01	Wrong paramater to sysdb_attrs_add_uint32	Jakub Hrozek	1	-1/+1

2011-07-27	Explicitly ignore groups with gidNumber=0	Jakub Hrozek	2	-11/+18
	https://fedorahosted.org/sssd/ticket/916
2011-07-27	Set gidNumber of non-posix groups to 0 even on updates	Jakub Hrozek	1	-8/+44

2011-07-21	fo_get_server_name() getter for a server name	Jakub Hrozek	1	-1/+10
	Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21	Rename fo_get_server_name to fo_get_server_str_name	Jakub Hrozek	1	-2/+2

2011-07-21	Do not add a NULL host parsed from LDAP URI	Jakub Hrozek	1	-1/+8
	https://fedorahosted.org/sssd/ticket/911
2011-07-08	Add LDAP access control based on NDS attributes	Sumit Bose	5	-2/+193

2011-07-08	Add helper function msgs2attrs_array	Stephen Gallagher	2	-0/+33
	This function converts a list of ldb_messages into a list of sysdb_attrs.
2011-06-30	Use ldap_init_fd() instead of ldap_initialize() if available	Sumit Bose	3	-37/+88

2011-06-30	Use name based URI instead of IP address based URIs	Sumit Bose	1	-37/+2

2011-06-30	Add sdap_call_conn_cb() to call add connection callback directly	Sumit Bose	2	-0/+40

2011-06-30	Add sockaddr_storage to sdap_service	Sumit Bose	2	-0/+12

2011-06-16	Do not check pwdAttribute	Sumit Bose	1	-9/+0
	It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
2011-06-15	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	1	-2/+2

2011-06-02	Non-posix group processing - ldap provider and nss responder	Jan Zeleny	2	-28/+79

2011-06-02	Use escaped IP addresses in LDAP provider	Jakub Hrozek	1	-6/+56

2011-05-25	Sanitize username during initgroups call	Sumit Bose	1	-1/+7

2011-05-25	Separate return paths for success and failure in sdap_nested_group_check_cache	Jakub Hrozek	1	-6/+10

2011-05-24	Make "password" the default for ldap_default_authtok_type	Stephen Gallagher	1	-1/+1

2011-05-24	Fix uninitialized scalar variable in sdap_nested_group_check_cache	Jakub Hrozek	1	-2/+4
	https://fedorahosted.org/sssd/ticket/878
2011-05-24	Fix uninitialized pointer read in sdap_x_deref_parse_entry	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/877
2011-05-24	Fix bad comparison in sdap_has_deref_support	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/876
2011-05-20	Use dereference when processing RFC2307bis nested groups	Jakub Hrozek	3	-15/+457
	Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-05-20	Refactor RFC2307bis nested group processing	Jakub Hrozek	1	-123/+188
	This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing.
2011-05-20	Use fake users during RFC2307bis nested group processing	Jakub Hrozek	1	-13/+165
	Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries.
2011-05-20	Change sysdb_add_fake_user to add OriginalDN	Jakub Hrozek	1	-1/+1
	RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too.
2011-05-20	Generic dereference search	Jakub Hrozek	2	-0/+157
	A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
2011-05-20	OpenLDAP dereference searches	Jakub Hrozek	3	-0/+376
	This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
2011-05-20	Add support for Attribute Scoped Queries	Jakub Hrozek	1	-0/+203
	For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
2011-05-20	Generic dereference data structures and utilities	Jakub Hrozek	2	-0/+45
	These will be shared by both dereference methods in a later patch.
2011-05-20	sdap_get_generic_ext	Jakub Hrozek	1	-73/+202
	Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries.
2011-05-20	Remove append_attrs_to_array	Jakub Hrozek	2	-12/+0
	This function was not used anywhere
2011-05-20	IPA Provider: don't fail if user is not a member of any groups	Stephen Gallagher	1	-2/+5

2011-05-16	Possible memory leak fixed	Jan Zeleny	1	-1/+1

2011-05-16	Fixed wrong variable in sdap_initgr_nested_store	Jan Zeleny	1	-1/+1

2011-05-04	Fixed lastUSN checking improvements	Jan Zeleny	3	-5/+23
	This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
2011-05-04	Do not leak LDAP URI with high log level	Jakub Hrozek	1	-2/+7

2011-04-28	Do not leak LDAP paging controls	Jakub Hrozek	1	-0/+5

2011-04-27	Add ldap_page_size configuration option	Stephen Gallagher	4	-3/+9