sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-11-02	LDAP: Add multiple search bases for initgroups (users)	Stephen Gallagher	1	-30/+72

2011-11-02	LDAP: Support multiple group search bases (non-enumeration, RFC2307)	Stephen Gallagher	4	-16/+74

2011-11-02	LDAP: Support multiple netgroup search bases	Stephen Gallagher	3	-14/+65

2011-11-02	LDAP: Support multiple user search bases (non-enumeration)	Stephen Gallagher	4	-14/+70

2011-11-02	LDAP: Add parser for multiple search bases	Stephen Gallagher	5	-26/+380

2011-11-02	Make sdap_get_id_specific_filter() more strict	Stephen Gallagher	2	-4/+4

2011-11-02	Fix size return for split_on_separator()	Stephen Gallagher	1	-5/+5
	It was returning the size of the array, rather than the number of elements. (The array was NULL-terminated). This argument was only used in one place that was actually working around this odd return value.
2011-11-02	Remove unused sdap_options attributes	Stephen Gallagher	1	-3/+0
	These DNs were never assigned or referenced anywhere.
2011-11-02	Cleanup of unused function in ldap access provider	Jan Zeleny	1	-2/+0

2011-11-02	Remove confusing do-while loop	Jakub Hrozek	1	-35/+36
	The deref processing would return a single control back. The do-while loop was harmless but confusing.
2011-11-02	Use LDAPDerefSpec properly	Jakub Hrozek	1	-4/+6
	ldap_create_deref_control_value expects an array of LDAPDerefSpec structures with LDAPDerefSpec.derefAttr == NULL as a sentinel. We were passing a single instance of a LDAPDerefSpec structure. https://fedorahosted.org/sssd/ticket/1050
2011-10-31	Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents	Jakub Hrozek	1	-2/+1

2011-10-31	RFC2307bis initgroups: fix nested groups processing	Jakub Hrozek	1	-20/+33
	Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership.
2011-10-31	Do not leak hash table iterator during proxy auth	Jakub Hrozek	1	-0/+1

2011-10-25	Plug memory leaks in LDAP provider	Jakub Hrozek	1	-0/+3

2011-10-17	Cancel transactions correctly during initgroups	Jakub Hrozek	1	-13/+31

2011-10-17	Use fewer transactions during IPA initgroups	Jakub Hrozek	1	-171/+273

2011-10-17	Use fewer transactions during RFC2307bis initgroups	Jakub Hrozek	1	-346/+366

2011-10-17	Utility functions for LDAP nested schema initgroups	Jakub Hrozek	1	-0/+119

2011-10-17	Add a missing break	Jakub Hrozek	1	-0/+1

2011-10-14	HBAC: Use originalMember for identifying hostgroups	Stephen Gallagher	3	-45/+165

2011-10-14	HBAC: Use originalMember for identifying servicegroups	Stephen Gallagher	3	-41/+169

2011-10-14	HBAC: Do not save member/memberOf links	Stephen Gallagher	1	-120/+0
	We can just trust the values from the FreeIPA server
2011-10-13	SysDB commands that save lastUpdate allows this value to be passed in	Pavel Březina	7	-32/+62
	https://fedorahosted.org/sssd/ticket/836
2011-10-13	Append PID to sbus server socket name, let clients use a symlink	Jakub Hrozek	2	-2/+2
	https://fedorahosted.org/sssd/ticket/1034
2011-10-06	Fix small bug where TALLOC_CTX could end up unfreed.	Pavel Zuna	1	-3/+3

2011-10-03	Use explicit base 10 for converting strings to integers	Jakub Hrozek	2	-4/+4
	https://fedorahosted.org/sssd/ticket/1013
2011-09-28	Store name aliases for users, groups	Jakub Hrozek	5	-37/+216
	Also checks fake users for aliases when storing a real users so that getgrnam for a RFC2307 group that references a user by his secondary name followed by getpwnam for this user by his primary name works
2011-09-28	Add a sysdb_get_direct_parents function	Jakub Hrozek	1	-57/+5

2011-09-28	HBAC: fix typos preventing proper hostgroup evaluation	Stephen Gallagher	1	-3/+3

2011-09-28	Fixed bad logic in processing netgroups in LDAP provider	Jan Zeleny	1	-1/+3

2011-09-28	IPA access: hostname comparison should be case-insensitive	Jakub Hrozek	1	-1/+1

2011-09-28	Multiline macro cleanup	Jakub Hrozek	8	-10/+11
	This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-09-20	Fix uninitialized pointer read in sdap_gssapi_get_default_realm()	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/1003
2011-09-08	DEBUG timestamps offer higher precision	Pavel Březina	4	-6/+24
	https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf
2011-09-08	Improve documentation of libipa_hbac	Stephen Gallagher	2	-21/+1697

2011-09-07	Do not access memory out of bounds	Sumit Bose	1	-2/+2

2011-09-06	Keep deref controls until the whole request is finished	Jakub Hrozek	1	-8/+45
	https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed.
2011-09-06	Improve error message for LDAP password constraint violation	Jakub Hrozek	3	-16/+29
	https://fedorahosted.org/sssd/ticket/985
2011-09-06	Allow turning dereference off by setting the threshold to 0	Jakub Hrozek	3	-3/+9

2011-09-06	sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()	Pavel Březina	3	-35/+35
	https://fedorahosted.org/sssd/ticket/986
2011-09-06	sss_ldap_err2string() - function created	Pavel Březina	1	-2/+0
	https://fedorahosted.org/sssd/ticket/986
2011-08-29	HBAC: Properly skip all non-group memberOf entries	Stephen Gallagher	1	-1/+2

2011-08-29	Fix moving to next entry in deref code	Jakub Hrozek	1	-1/+6
	https://fedorahosted.org/sssd/ticket/973
2011-08-26	HBAC: Use of hostgroups for targethost or sourcehost was broken	Stephen Gallagher	1	-4/+4
	We were trying to look up the wrong attribute for the name of the hostgroup.
2011-08-26	HBAC: Handle saving groups that have no members	Stephen Gallagher	1	-7/+21

2011-08-26	Use the default Kerberos realm for LDAP with GSSAPI auth	Jakub Hrozek	1	-3/+55
	https://fedorahosted.org/sssd/ticket/970
2011-08-26	Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON	Jakub Hrozek	5	-3/+17
	https://fedorahosted.org/sssd/ticket/978
2011-08-25	--debug-timestamps=1 is not passed to providers	Pavel Březina	2	-11/+8
	https://fedorahosted.org/sssd/ticket/972 --debug-timestamps=1 is now passed to providers
2011-08-25	New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0	Pavel Březina	4	-4/+15
	Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);