| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2011-07-21 | Only print server address if one is available | Jakub Hrozek | 1 | -0/+7 | |
| 2011-07-21 | Do not add a NULL host parsed from LDAP URI | Jakub Hrozek | 1 | -1/+8 | |
| https://fedorahosted.org/sssd/ticket/911 | |||||
| 2011-07-13 | Remove unused krb5_service structure member | Jakub Hrozek | 3 | -7/+1 | |
| 2011-07-11 | Check DNS records before updating | Jakub Hrozek | 4 | -25/+470 | |
| https://fedorahosted.org/sssd/ticket/802 | |||||
| 2011-07-11 | Split reading resolver family order into a separate function | Jakub Hrozek | 1 | -23/+3 | |
| 2011-07-11 | Do not hardcode default resolver timeout | Jakub Hrozek | 1 | -1/+1 | |
| 2011-07-11 | Escape IP address in kdcinfo | Jakub Hrozek | 2 | -14/+36 | |
| https://fedorahosted.org/sssd/ticket/909 | |||||
| 2011-07-11 | Move IP adress escaping from the LDAP namespace | Jakub Hrozek | 1 | -3/+3 | |
| 2011-07-08 | Add LDAP access control based on NDS attributes | Sumit Bose | 6 | -3/+197 | |
| 2011-07-08 | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2 | -11/+25 | |
| Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | |||||
| 2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 3 | -2/+13 | |
| By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
| 2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 4 | -1/+21 | |
| This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
| 2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2 | -124/+398 | |
| 2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 2 | -1595/+1 | |
| 2011-07-08 | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 6 | -0/+2616 | |
| 2011-07-08 | Add HBAC evaluator and tests | Stephen Gallagher | 3 | -0/+386 | |
| 2011-07-08 | Add helper function msgs2attrs_array | Stephen Gallagher | 2 | -0/+33 | |
| This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
| 2011-07-05 | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 1 | -12/+17 | |
| https://fedorahosted.org/sssd/ticket/915 | |||||
| 2011-06-30 | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 3 | -37/+88 | |
| 2011-06-30 | Use name based URI instead of IP address based URIs | Sumit Bose | 2 | -38/+3 | |
| 2011-06-30 | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2 | -0/+40 | |
| 2011-06-30 | Add sockaddr_storage to sdap_service | Sumit Bose | 3 | -0/+22 | |
| 2011-06-21 | Log nsupdate message | Jakub Hrozek | 1 | -0/+3 | |
| https://fedorahosted.org/sssd/ticket/893 | |||||
| 2011-06-16 | Do not check pwdAttribute | Sumit Bose | 1 | -9/+0 | |
| It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
| 2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 6 | -28/+29 | |
| 2011-06-15 | Fix proxy provider return code for secondary missing groups | Sumit Bose | 1 | -1/+3 | |
| 2011-06-15 | Fix two typos | Sumit Bose | 1 | -2/+3 | |
| 2011-06-15 | Delete cached ccache file if password is expired | Sumit Bose | 1 | -8/+63 | |
| 2011-06-02 | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2 | -28/+79 | |
| 2011-06-02 | Escape IPv6 IP addresses in the IPA provider | Jakub Hrozek | 1 | -4/+26 | |
| https://fedorahosted.org/sssd/ticket/880 | |||||
| 2011-06-02 | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 1 | -6/+56 | |
| 2011-06-02 | Add utility function to return IP address as string | Jakub Hrozek | 2 | -17/+4 | |
| 2011-06-02 | Add online callback only once for TGT renewal | Sumit Bose | 1 | -25/+44 | |
| 2011-05-25 | Sanitize username during initgroups call | Sumit Bose | 1 | -1/+7 | |
| 2011-05-25 | Separate return paths for success and failure in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -6/+10 | |
| 2011-05-24 | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 1 | -1/+1 | |
| 2011-05-24 | Fix uninitialized scalar variable in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -2/+4 | |
| https://fedorahosted.org/sssd/ticket/878 | |||||
| 2011-05-24 | Fix uninitialized pointer read in sdap_x_deref_parse_entry | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/877 | |||||
| 2011-05-24 | Fix bad comparison in sdap_has_deref_support | Jakub Hrozek | 1 | -1/+1 | |
| https://fedorahosted.org/sssd/ticket/876 | |||||
| 2011-05-20 | Use dereference when processing RFC2307bis nested groups | Jakub Hrozek | 5 | -17/+460 | |
| Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799 | |||||
| 2011-05-20 | Refactor RFC2307bis nested group processing | Jakub Hrozek | 1 | -123/+188 | |
| This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing. | |||||
| 2011-05-20 | Use fake users during RFC2307bis nested group processing | Jakub Hrozek | 1 | -13/+165 | |
| Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries. | |||||
| 2011-05-20 | Change sysdb_add_fake_user to add OriginalDN | Jakub Hrozek | 1 | -1/+1 | |
| RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too. | |||||
| 2011-05-20 | Generic dereference search | Jakub Hrozek | 2 | -0/+157 | |
| A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635 | |||||
| 2011-05-20 | OpenLDAP dereference searches | Jakub Hrozek | 3 | -0/+376 | |
| This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00 | |||||
| 2011-05-20 | Add support for Attribute Scoped Queries | Jakub Hrozek | 1 | -0/+203 | |
| For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx | |||||
| 2011-05-20 | Generic dereference data structures and utilities | Jakub Hrozek | 2 | -0/+45 | |
| These will be shared by both dereference methods in a later patch. | |||||
| 2011-05-20 | sdap_get_generic_ext | Jakub Hrozek | 1 | -73/+202 | |
| Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries. | |||||
| 2011-05-20 | Fixed copying of pam_data structure | Jan Zeleny | 1 | -0/+1 | |
| Related ticket: https://fedorahosted.org/sssd/ticket/855 | |||||
| 2011-05-20 | Rename label in expand_ccname_template | Jakub Hrozek | 1 | -17/+17 | |
| The label was named fail but used also in success cases. | |||||
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |