Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-06-21 | Log nsupdate message | Jakub Hrozek | 1 | -0/+3 | |
https://fedorahosted.org/sssd/ticket/893 | |||||
2011-06-16 | Do not check pwdAttribute | Sumit Bose | 1 | -9/+0 | |
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 6 | -28/+29 | |
2011-06-15 | Fix proxy provider return code for secondary missing groups | Sumit Bose | 1 | -1/+3 | |
2011-06-15 | Fix two typos | Sumit Bose | 1 | -2/+3 | |
2011-06-15 | Delete cached ccache file if password is expired | Sumit Bose | 1 | -8/+63 | |
2011-06-02 | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2 | -28/+79 | |
2011-06-02 | Escape IPv6 IP addresses in the IPA provider | Jakub Hrozek | 1 | -4/+26 | |
https://fedorahosted.org/sssd/ticket/880 | |||||
2011-06-02 | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 1 | -6/+56 | |
2011-06-02 | Add utility function to return IP address as string | Jakub Hrozek | 2 | -17/+4 | |
2011-06-02 | Add online callback only once for TGT renewal | Sumit Bose | 1 | -25/+44 | |
2011-05-25 | Sanitize username during initgroups call | Sumit Bose | 1 | -1/+7 | |
2011-05-25 | Separate return paths for success and failure in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -6/+10 | |
2011-05-24 | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 1 | -1/+1 | |
2011-05-24 | Fix uninitialized scalar variable in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -2/+4 | |
https://fedorahosted.org/sssd/ticket/878 | |||||
2011-05-24 | Fix uninitialized pointer read in sdap_x_deref_parse_entry | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/877 | |||||
2011-05-24 | Fix bad comparison in sdap_has_deref_support | Jakub Hrozek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/876 | |||||
2011-05-20 | Use dereference when processing RFC2307bis nested groups | Jakub Hrozek | 5 | -17/+460 | |
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799 | |||||
2011-05-20 | Refactor RFC2307bis nested group processing | Jakub Hrozek | 1 | -123/+188 | |
This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing. | |||||
2011-05-20 | Use fake users during RFC2307bis nested group processing | Jakub Hrozek | 1 | -13/+165 | |
Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries. | |||||
2011-05-20 | Change sysdb_add_fake_user to add OriginalDN | Jakub Hrozek | 1 | -1/+1 | |
RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too. | |||||
2011-05-20 | Generic dereference search | Jakub Hrozek | 2 | -0/+157 | |
A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635 | |||||
2011-05-20 | OpenLDAP dereference searches | Jakub Hrozek | 3 | -0/+376 | |
This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00 | |||||
2011-05-20 | Add support for Attribute Scoped Queries | Jakub Hrozek | 1 | -0/+203 | |
For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx | |||||
2011-05-20 | Generic dereference data structures and utilities | Jakub Hrozek | 2 | -0/+45 | |
These will be shared by both dereference methods in a later patch. | |||||
2011-05-20 | sdap_get_generic_ext | Jakub Hrozek | 1 | -73/+202 | |
Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries. | |||||
2011-05-20 | Fixed copying of pam_data structure | Jan Zeleny | 1 | -0/+1 | |
Related ticket: https://fedorahosted.org/sssd/ticket/855 | |||||
2011-05-20 | Rename label in expand_ccname_template | Jakub Hrozek | 1 | -17/+17 | |
The label was named fail but used also in success cases. | |||||
2011-05-20 | Remove append_attrs_to_array | Jakub Hrozek | 2 | -12/+0 | |
This function was not used anywhere | |||||
2011-05-20 | IPA Provider: don't fail if user is not a member of any groups | Stephen Gallagher | 1 | -2/+5 | |
2011-05-16 | Possible memory leak fixed | Jan Zeleny | 1 | -1/+1 | |
2011-05-16 | Fixed wrong variable in sdap_initgr_nested_store | Jan Zeleny | 1 | -1/+1 | |
2011-05-12 | Use a temporary memory context in expand_ccname_template | Jakub Hrozek | 1 | -20/+33 | |
2011-05-06 | Allow changing the log level without restart | Stephen Gallagher | 1 | -5/+20 | |
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP. | |||||
2011-05-06 | Create common sss_monitor_init() | Stephen Gallagher | 1 | -35/+3 | |
This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use. | |||||
2011-05-06 | Remove unused constants from data_provider.h | Jakub Hrozek | 1 | -11/+0 | |
2011-05-05 | Added some kerberos functions for building on RHEL5 | Jan Zeleny | 1 | -2/+2 | |
2011-05-04 | Fixed lastUSN checking improvements | Jan Zeleny | 3 | -5/+23 | |
This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough. | |||||
2011-05-04 | Do not leak LDAP URI with high log level | Jakub Hrozek | 1 | -2/+7 | |
2011-05-04 | Do not leak pcre context | Jakub Hrozek | 1 | -0/+12 | |
2011-05-02 | Fix minor typo in error message | Stephen Gallagher | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/825 | |||||
2011-05-02 | Return pam data to the renewal item if renewal fails | Sumit Bose | 1 | -4/+9 | |
A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running. | |||||
2011-04-29 | Fix order of arguments in select_principal_from_keytab() call | Jakub Hrozek | 1 | -1/+1 | |
2011-04-29 | Fix bad password caching when using automatic TGT renewal | Stephen Gallagher | 1 | -3/+12 | |
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856 | |||||
2011-04-29 | Fix segfault in IPA provider | Stephen Gallagher | 1 | -2/+2 | |
We were trying to request the krb5 keytab from the auth provider configuration, but it hasn't yet been set up. Much better to use the value in the ID provider. | |||||
2011-04-28 | Fix IPA config bug with SDAP_KRB5_REALM | Stephen Gallagher | 1 | -1/+1 | |
2011-04-28 | Do not leak LDAP paging controls | Jakub Hrozek | 1 | -0/+5 | |
2011-04-27 | Add ldap_page_size configuration option | Stephen Gallagher | 6 | -5/+12 | |
2011-04-27 | Enable paging support for LDAP | Stephen Gallagher | 1 | -23/+117 | |
2011-04-27 | Log the LDAP message type we're processing | Stephen Gallagher | 1 | -0/+57 | |