| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2011-07-08 | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2 | -11/+25 | |
| Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | |||||
| 2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 3 | -2/+13 | |
| By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
| 2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 4 | -1/+21 | |
| This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
| 2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2 | -124/+398 | |
| 2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 2 | -1595/+1 | |
| 2011-07-08 | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 6 | -0/+2616 | |
| 2011-07-08 | Add HBAC evaluator and tests | Stephen Gallagher | 3 | -0/+386 | |
| 2011-07-08 | Add helper function msgs2attrs_array | Stephen Gallagher | 2 | -0/+33 | |
| This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
| 2011-07-05 | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 1 | -12/+17 | |
| https://fedorahosted.org/sssd/ticket/915 | |||||
| 2011-06-30 | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 3 | -37/+88 | |
| 2011-06-30 | Use name based URI instead of IP address based URIs | Sumit Bose | 2 | -38/+3 | |
| 2011-06-30 | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2 | -0/+40 | |
| 2011-06-30 | Add sockaddr_storage to sdap_service | Sumit Bose | 3 | -0/+22 | |
| 2011-06-21 | Log nsupdate message | Jakub Hrozek | 1 | -0/+3 | |
| https://fedorahosted.org/sssd/ticket/893 | |||||
| 2011-06-16 | Do not check pwdAttribute | Sumit Bose | 1 | -9/+0 | |
| It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
| 2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 6 | -28/+29 | |
| 2011-06-15 | Fix proxy provider return code for secondary missing groups | Sumit Bose | 1 | -1/+3 | |
| 2011-06-15 | Fix two typos | Sumit Bose | 1 | -2/+3 | |
| 2011-06-15 | Delete cached ccache file if password is expired | Sumit Bose | 1 | -8/+63 | |
| 2011-06-02 | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2 | -28/+79 | |
| 2011-06-02 | Escape IPv6 IP addresses in the IPA provider | Jakub Hrozek | 1 | -4/+26 | |
| https://fedorahosted.org/sssd/ticket/880 | |||||
| 2011-06-02 | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 1 | -6/+56 | |
| 2011-06-02 | Add utility function to return IP address as string | Jakub Hrozek | 2 | -17/+4 | |
| 2011-06-02 | Add online callback only once for TGT renewal | Sumit Bose | 1 | -25/+44 | |
| 2011-05-25 | Sanitize username during initgroups call | Sumit Bose | 1 | -1/+7 | |
| 2011-05-25 | Separate return paths for success and failure in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -6/+10 | |
| 2011-05-24 | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 1 | -1/+1 | |
| 2011-05-24 | Fix uninitialized scalar variable in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -2/+4 | |
| https://fedorahosted.org/sssd/ticket/878 | |||||
| 2011-05-24 | Fix uninitialized pointer read in sdap_x_deref_parse_entry | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/877 | |||||
| 2011-05-24 | Fix bad comparison in sdap_has_deref_support | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/876 | |||||
| 2011-05-20 | Use dereference when processing RFC2307bis nested groups | Jakub Hrozek | 5 | -17/+460 | |
| Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799 | |||||
| 2011-05-20 | Refactor RFC2307bis nested group processing | Jakub Hrozek | 1 | -123/+188 | |
| This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing. | |||||
| 2011-05-20 | Use fake users during RFC2307bis nested group processing | Jakub Hrozek | 1 | -13/+165 | |
| Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries. | |||||
| 2011-05-20 | Change sysdb_add_fake_user to add OriginalDN | Jakub Hrozek | 1 | -1/+1 | |
| RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too. | |||||
| 2011-05-20 | Generic dereference search | Jakub Hrozek | 2 | -0/+157 | |
| A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635 | |||||
| 2011-05-20 | OpenLDAP dereference searches | Jakub Hrozek | 3 | -0/+376 | |
| This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00 | |||||
| 2011-05-20 | Add support for Attribute Scoped Queries | Jakub Hrozek | 1 | -0/+203 | |
| For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx | |||||
| 2011-05-20 | Generic dereference data structures and utilities | Jakub Hrozek | 2 | -0/+45 | |
| These will be shared by both dereference methods in a later patch. | |||||
| 2011-05-20 | sdap_get_generic_ext | Jakub Hrozek | 1 | -73/+202 | |
| Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries. | |||||
| 2011-05-20 | Fixed copying of pam_data structure | Jan Zeleny | 1 | -0/+1 | |
| Related ticket: https://fedorahosted.org/sssd/ticket/855 | |||||
| 2011-05-20 | Rename label in expand_ccname_template | Jakub Hrozek | 1 | -17/+17 | |
| The label was named fail but used also in success cases. | |||||
| 2011-05-20 | Remove append_attrs_to_array | Jakub Hrozek | 2 | -12/+0 | |
| This function was not used anywhere | |||||
| 2011-05-20 | IPA Provider: don't fail if user is not a member of any groups | Stephen Gallagher | 1 | -2/+5 | |
| 2011-05-16 | Possible memory leak fixed | Jan Zeleny | 1 | -1/+1 | |
| 2011-05-16 | Fixed wrong variable in sdap_initgr_nested_store | Jan Zeleny | 1 | -1/+1 | |
| 2011-05-12 | Use a temporary memory context in expand_ccname_template | Jakub Hrozek | 1 | -20/+33 | |
| 2011-05-06 | Allow changing the log level without restart | Stephen Gallagher | 1 | -5/+20 | |
| We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP. | |||||
| 2011-05-06 | Create common sss_monitor_init() | Stephen Gallagher | 1 | -35/+3 | |
| This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use. | |||||
| 2011-05-06 | Remove unused constants from data_provider.h | Jakub Hrozek | 1 | -11/+0 | |
| 2011-05-05 | Added some kerberos functions for building on RHEL5 | Jan Zeleny | 1 | -2/+2 | |
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |