Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-09-06 | Keep deref controls until the whole request is finished | Jakub Hrozek | 1 | -8/+45 | |
https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed. | |||||
2011-09-06 | Improve error message for LDAP password constraint violation | Jakub Hrozek | 3 | -16/+29 | |
https://fedorahosted.org/sssd/ticket/985 | |||||
2011-09-06 | Allow turning dereference off by setting the threshold to 0 | Jakub Hrozek | 3 | -3/+9 | |
2011-09-06 | sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() | Pavel Březina | 3 | -35/+35 | |
https://fedorahosted.org/sssd/ticket/986 | |||||
2011-09-06 | sss_ldap_err2string() - function created | Pavel Březina | 1 | -2/+0 | |
https://fedorahosted.org/sssd/ticket/986 | |||||
2011-08-29 | Fix moving to next entry in deref code | Jakub Hrozek | 1 | -1/+6 | |
https://fedorahosted.org/sssd/ticket/973 | |||||
2011-08-26 | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 1 | -3/+55 | |
https://fedorahosted.org/sssd/ticket/970 | |||||
2011-08-26 | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 3 | -1/+14 | |
https://fedorahosted.org/sssd/ticket/978 | |||||
2011-08-25 | New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 | Pavel Březina | 1 | -1/+4 | |
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level); | |||||
2011-08-25 | New DEBUG facility - conversion | Pavel Březina | 3 | -2/+4 | |
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT) | |||||
2011-08-25 | Improve password policy error code and message | Sumit Bose | 1 | -4/+9 | |
Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied. | |||||
2011-08-15 | Handle timeout during sss_ldap_init_send | Jakub Hrozek | 1 | -1/+5 | |
In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds. | |||||
2011-08-15 | Moved some functions in sdap_async_initgroups | Jan Zeleny | 1 | -345/+349 | |
2011-08-15 | Moved some functions in sdap_async_groups | Jan Zeleny | 1 | -122/+112 | |
2011-08-15 | Confusing part of code cleared out | Jan Zeleny | 1 | -34/+32 | |
2011-08-15 | sdap_async_accounts.c split | Jan Zeleny | 4 | -2514/+2588 | |
The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864 | |||||
2011-08-15 | sysdb refactoring: memory context deleted | Jan Zeleny | 5 | -25/+15 | |
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well. | |||||
2011-08-15 | sysdb refactoring: deleted domain variables in sysdb API | Jan Zeleny | 9 | -58/+35 | |
The patch also updates code using modified functions. Tests have also been adjusted. | |||||
2011-08-11 | Use sysdb attribute name for GID, not LDAP attribute | Stephen Gallagher | 1 | -3/+3 | |
2011-08-04 | Fix returning groups when gidNumber attribute is not ordered | Jakub Hrozek | 3 | -4/+10 | |
https://fedorahosted.org/sssd/ticket/951 | |||||
2011-08-01 | Request password control unconditionally during bind | Jakub Hrozek | 1 | -6/+6 | |
https://fedorahosted.org/sssd/ticket/940 | |||||
2011-08-01 | Wrong paramater to sysdb_attrs_add_uint32 | Jakub Hrozek | 1 | -1/+1 | |
2011-07-27 | Explicitly ignore groups with gidNumber=0 | Jakub Hrozek | 2 | -11/+18 | |
https://fedorahosted.org/sssd/ticket/916 | |||||
2011-07-27 | Set gidNumber of non-posix groups to 0 even on updates | Jakub Hrozek | 1 | -8/+44 | |
2011-07-21 | fo_get_server_name() getter for a server name | Jakub Hrozek | 1 | -1/+10 | |
Allows to be more concise in tests and more defensive in resolve callbacks | |||||
2011-07-21 | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 1 | -2/+2 | |
2011-07-21 | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 1 | -1/+8 | |
https://fedorahosted.org/sssd/ticket/911 | |||||
2011-07-08 | Add LDAP access control based on NDS attributes | Sumit Bose | 5 | -2/+193 | |
2011-07-08 | Add helper function msgs2attrs_array | Stephen Gallagher | 2 | -0/+33 | |
This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
2011-06-30 | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 3 | -37/+88 | |
2011-06-30 | Use name based URI instead of IP address based URIs | Sumit Bose | 1 | -37/+2 | |
2011-06-30 | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2 | -0/+40 | |
2011-06-30 | Add sockaddr_storage to sdap_service | Sumit Bose | 2 | -0/+12 | |
2011-06-16 | Do not check pwdAttribute | Sumit Bose | 1 | -9/+0 | |
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 1 | -2/+2 | |
2011-06-02 | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2 | -28/+79 | |
2011-06-02 | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 1 | -6/+56 | |
2011-05-25 | Sanitize username during initgroups call | Sumit Bose | 1 | -1/+7 | |
2011-05-25 | Separate return paths for success and failure in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -6/+10 | |
2011-05-24 | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 1 | -1/+1 | |
2011-05-24 | Fix uninitialized scalar variable in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -2/+4 | |
https://fedorahosted.org/sssd/ticket/878 | |||||
2011-05-24 | Fix uninitialized pointer read in sdap_x_deref_parse_entry | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/877 | |||||
2011-05-24 | Fix bad comparison in sdap_has_deref_support | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/876 | |||||
2011-05-20 | Use dereference when processing RFC2307bis nested groups | Jakub Hrozek | 3 | -15/+457 | |
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799 | |||||
2011-05-20 | Refactor RFC2307bis nested group processing | Jakub Hrozek | 1 | -123/+188 | |
This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing. | |||||
2011-05-20 | Use fake users during RFC2307bis nested group processing | Jakub Hrozek | 1 | -13/+165 | |
Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries. | |||||
2011-05-20 | Change sysdb_add_fake_user to add OriginalDN | Jakub Hrozek | 1 | -1/+1 | |
RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too. | |||||
2011-05-20 | Generic dereference search | Jakub Hrozek | 2 | -0/+157 | |
A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635 | |||||
2011-05-20 | OpenLDAP dereference searches | Jakub Hrozek | 3 | -0/+376 | |
This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00 | |||||
2011-05-20 | Add support for Attribute Scoped Queries | Jakub Hrozek | 1 | -0/+203 | |
For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx |