Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-11-07 | Use correct state struct in sdap_initgr_rfc2307bis_next_base | Jakub Hrozek | 1 | -2/+3 | |
2011-11-07 | Fix segfault in sdap_get_initgr_user | Jakub Hrozek | 1 | -1/+2 | |
2011-11-02 | Support to request canonicalization in LDAP/IPA provider | Jan Zeleny | 5 | -0/+26 | |
https://fedorahosted.org/sssd/ticket/957 | |||||
2011-11-02 | LDAP: Add support for multiple search bases for group enumeration | Stephen Gallagher | 4 | -24/+101 | |
2011-11-02 | LDAP: Add support for multiple search bases for user enumeration | Stephen Gallagher | 4 | -8/+49 | |
2011-11-02 | LDAP: Convert ldap_*_search_filter | Stephen Gallagher | 3 | -59/+23 | |
Instead of making this a global option for all user lookups, make it only used if the search base is passed without an explicit filter. | |||||
2011-11-02 | LDAP: Add multiple search bases for initgroups (RFC2307bis groups) | Stephen Gallagher | 1 | -77/+225 | |
2011-11-02 | LDAP: Add multiple search bases for initgroups (RFC2307 groups) | Stephen Gallagher | 1 | -17/+99 | |
2011-11-02 | LDAP: Add multiple search bases for initgroups (users) | Stephen Gallagher | 1 | -30/+72 | |
2011-11-02 | LDAP: Support multiple group search bases (non-enumeration, RFC2307) | Stephen Gallagher | 4 | -16/+74 | |
2011-11-02 | LDAP: Support multiple netgroup search bases | Stephen Gallagher | 3 | -14/+65 | |
2011-11-02 | LDAP: Support multiple user search bases (non-enumeration) | Stephen Gallagher | 4 | -14/+70 | |
2011-11-02 | LDAP: Add parser for multiple search bases | Stephen Gallagher | 4 | -26/+360 | |
2011-11-02 | Make sdap_get_id_specific_filter() more strict | Stephen Gallagher | 2 | -4/+4 | |
2011-11-02 | Fix size return for split_on_separator() | Stephen Gallagher | 1 | -5/+5 | |
It was returning the size of the array, rather than the number of elements. (The array was NULL-terminated). This argument was only used in one place that was actually working around this odd return value. | |||||
2011-11-02 | Remove unused sdap_options attributes | Stephen Gallagher | 1 | -3/+0 | |
These DNs were never assigned or referenced anywhere. | |||||
2011-11-02 | Cleanup of unused function in ldap access provider | Jan Zeleny | 1 | -2/+0 | |
2011-11-02 | Remove confusing do-while loop | Jakub Hrozek | 1 | -35/+36 | |
The deref processing would return a single control back. The do-while loop was harmless but confusing. | |||||
2011-11-02 | Use LDAPDerefSpec properly | Jakub Hrozek | 1 | -4/+6 | |
ldap_create_deref_control_value expects an array of LDAPDerefSpec structures with LDAPDerefSpec.derefAttr == NULL as a sentinel. We were passing a single instance of a LDAPDerefSpec structure. https://fedorahosted.org/sssd/ticket/1050 | |||||
2011-10-31 | Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents | Jakub Hrozek | 1 | -2/+1 | |
2011-10-31 | RFC2307bis initgroups: fix nested groups processing | Jakub Hrozek | 1 | -20/+33 | |
Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership. | |||||
2011-10-25 | Plug memory leaks in LDAP provider | Jakub Hrozek | 1 | -0/+3 | |
2011-10-17 | Cancel transactions correctly during initgroups | Jakub Hrozek | 1 | -13/+31 | |
2011-10-17 | Use fewer transactions during IPA initgroups | Jakub Hrozek | 1 | -171/+273 | |
2011-10-17 | Use fewer transactions during RFC2307bis initgroups | Jakub Hrozek | 1 | -346/+366 | |
2011-10-17 | Utility functions for LDAP nested schema initgroups | Jakub Hrozek | 1 | -0/+119 | |
2011-10-13 | SysDB commands that save lastUpdate allows this value to be passed in | Pavel Březina | 5 | -21/+41 | |
https://fedorahosted.org/sssd/ticket/836 | |||||
2011-10-06 | Fix small bug where TALLOC_CTX could end up unfreed. | Pavel Zuna | 1 | -3/+3 | |
2011-10-03 | Use explicit base 10 for converting strings to integers | Jakub Hrozek | 1 | -2/+2 | |
https://fedorahosted.org/sssd/ticket/1013 | |||||
2011-09-28 | Store name aliases for users, groups | Jakub Hrozek | 5 | -37/+216 | |
Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works | |||||
2011-09-28 | Add a sysdb_get_direct_parents function | Jakub Hrozek | 1 | -57/+5 | |
2011-09-28 | Fixed bad logic in processing netgroups in LDAP provider | Jan Zeleny | 1 | -1/+3 | |
2011-09-28 | Multiline macro cleanup | Jakub Hrozek | 2 | -3/+3 | |
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again. | |||||
2011-09-20 | Fix uninitialized pointer read in sdap_gssapi_get_default_realm() | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/1003 | |||||
2011-09-08 | DEBUG timestamps offer higher precision | Pavel Březina | 1 | -0/+2 | |
https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf | |||||
2011-09-06 | Keep deref controls until the whole request is finished | Jakub Hrozek | 1 | -8/+45 | |
https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed. | |||||
2011-09-06 | Improve error message for LDAP password constraint violation | Jakub Hrozek | 3 | -16/+29 | |
https://fedorahosted.org/sssd/ticket/985 | |||||
2011-09-06 | Allow turning dereference off by setting the threshold to 0 | Jakub Hrozek | 3 | -3/+9 | |
2011-09-06 | sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() | Pavel Březina | 3 | -35/+35 | |
https://fedorahosted.org/sssd/ticket/986 | |||||
2011-09-06 | sss_ldap_err2string() - function created | Pavel Březina | 1 | -2/+0 | |
https://fedorahosted.org/sssd/ticket/986 | |||||
2011-08-29 | Fix moving to next entry in deref code | Jakub Hrozek | 1 | -1/+6 | |
https://fedorahosted.org/sssd/ticket/973 | |||||
2011-08-26 | Use the default Kerberos realm for LDAP with GSSAPI auth | Jakub Hrozek | 1 | -3/+55 | |
https://fedorahosted.org/sssd/ticket/970 | |||||
2011-08-26 | Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON | Jakub Hrozek | 3 | -1/+14 | |
https://fedorahosted.org/sssd/ticket/978 | |||||
2011-08-25 | New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0 | Pavel Březina | 1 | -1/+4 | |
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level); | |||||
2011-08-25 | New DEBUG facility - conversion | Pavel Březina | 3 | -2/+4 | |
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT) | |||||
2011-08-25 | Improve password policy error code and message | Sumit Bose | 1 | -4/+9 | |
Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied. | |||||
2011-08-15 | Handle timeout during sss_ldap_init_send | Jakub Hrozek | 1 | -1/+5 | |
In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds. | |||||
2011-08-15 | Moved some functions in sdap_async_initgroups | Jan Zeleny | 1 | -345/+349 | |
2011-08-15 | Moved some functions in sdap_async_groups | Jan Zeleny | 1 | -122/+112 | |
2011-08-15 | Confusing part of code cleared out | Jan Zeleny | 1 | -34/+32 | |