summaryrefslogtreecommitdiff
path: root/src/providers
AgeCommit message (Collapse)AuthorFilesLines
2011-07-08Treat NULL or empty rhost as unknownStephen Gallagher2-11/+25
Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
2011-07-08Add ipa_hbac_treat_deny_as optionStephen Gallagher3-2/+13
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08Add ipa_hbac_refresh optionStephen Gallagher4-1/+21
This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-07-08Add new HBAC lookup and evaluation routinesStephen Gallagher2-124/+398
2011-07-08Remove old HBAC implementationStephen Gallagher2-1595/+1
2011-07-08Add helper functions for looking up HBAC rule componentsStephen Gallagher6-0/+2616
2011-07-08Add HBAC evaluator and testsStephen Gallagher3-0/+386
2011-07-08Add helper function msgs2attrs_arrayStephen Gallagher2-0/+33
This function converts a list of ldb_messages into a list of sysdb_attrs.
2011-07-05ipa_dyndns: Use sockaddr_storage for storing IP addressesJakub Hrozek1-12/+17
https://fedorahosted.org/sssd/ticket/915
2011-06-30Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose3-37/+88
2011-06-30Use name based URI instead of IP address based URIsSumit Bose2-38/+3
2011-06-30Add sdap_call_conn_cb() to call add connection callback directlySumit Bose2-0/+40
2011-06-30Add sockaddr_storage to sdap_serviceSumit Bose3-0/+22
2011-06-21Log nsupdate messageJakub Hrozek1-0/+3
https://fedorahosted.org/sssd/ticket/893
2011-06-16Do not check pwdAttributeSumit Bose1-9/+0
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
2011-06-15Switch resolver to using resolv_hostent and honor TTLJakub Hrozek6-28/+29
2011-06-15Fix proxy provider return code for secondary missing groupsSumit Bose1-1/+3
2011-06-15Fix two typosSumit Bose1-2/+3
2011-06-15Delete cached ccache file if password is expiredSumit Bose1-8/+63
2011-06-02Non-posix group processing - ldap provider and nss responderJan Zeleny2-28/+79
2011-06-02Escape IPv6 IP addresses in the IPA providerJakub Hrozek1-4/+26
https://fedorahosted.org/sssd/ticket/880
2011-06-02Use escaped IP addresses in LDAP providerJakub Hrozek1-6/+56
2011-06-02Add utility function to return IP address as stringJakub Hrozek2-17/+4
2011-06-02Add online callback only once for TGT renewalSumit Bose1-25/+44
2011-05-25Sanitize username during initgroups callSumit Bose1-1/+7
2011-05-25Separate return paths for success and failure in sdap_nested_group_check_cacheJakub Hrozek1-6/+10
2011-05-24Make "password" the default for ldap_default_authtok_typeStephen Gallagher1-1/+1
2011-05-24Fix uninitialized scalar variable in sdap_nested_group_check_cacheJakub Hrozek1-2/+4
https://fedorahosted.org/sssd/ticket/878
2011-05-24Fix uninitialized pointer read in sdap_x_deref_parse_entryJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/877
2011-05-24Fix bad comparison in sdap_has_deref_supportJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/876
2011-05-20Use dereference when processing RFC2307bis nested groupsJakub Hrozek5-17/+460
Instead of issuing N LDAP requests when processing a group with N users, utilize the dereference functionality to pull down all the members in a single LDAP request. https://fedorahosted.org/sssd/ticket/799
2011-05-20Refactor RFC2307bis nested group processingJakub Hrozek1-123/+188
This patch splits checking cache and hash tables into standalone functions. This will make it easy to reuse the code in a new branch that uses dereferencing.
2011-05-20Use fake users during RFC2307bis nested group processingJakub Hrozek1-13/+165
Instead of downloading complete user data which is potentionally very slow, only download the necessary minimum information and store the users as dummy entries.
2011-05-20Change sysdb_add_fake_user to add OriginalDNJakub Hrozek1-1/+1
RFC2307bis code relies heavily on originalDN, so the fake users need to have an option to store it, too.
2011-05-20Generic dereference searchJakub Hrozek2-0/+157
A generic wrapper around ASQ and OpenLDAP dereference searches. https://fedorahosted.org/sssd/ticket/635
2011-05-20OpenLDAP dereference searchesJakub Hrozek3-0/+376
This dereference method is supported at least by OpenLDAP and 389DS/RHDS For more details, see: http://tools.ietf.org/html/draft-masarati-ldap-deref-00
2011-05-20Add support for Attribute Scoped QueriesJakub Hrozek1-0/+203
For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
2011-05-20Generic dereference data structures and utilitiesJakub Hrozek2-0/+45
These will be shared by both dereference methods in a later patch.
2011-05-20sdap_get_generic_extJakub Hrozek1-73/+202
Add a private sdap_get_generic_ext_send()/_recv() request that exposes more of ldap_search_ext options, in particular the server contols. The existing sdap_generic_search_send()/_recv() request is now a thin wrapper around the new _ext request. The other important change is that an entry parsing is a callback now. That was done in order to allow custom parsing for results such as OpenLDAP deref or Attribute Scoped Queries.
2011-05-20Fixed copying of pam_data structureJan Zeleny1-0/+1
Related ticket: https://fedorahosted.org/sssd/ticket/855
2011-05-20Rename label in expand_ccname_templateJakub Hrozek1-17/+17
The label was named fail but used also in success cases.
2011-05-20Remove append_attrs_to_arrayJakub Hrozek2-12/+0
This function was not used anywhere
2011-05-20IPA Provider: don't fail if user is not a member of any groupsStephen Gallagher1-2/+5
2011-05-16Possible memory leak fixedJan Zeleny1-1/+1
2011-05-16Fixed wrong variable in sdap_initgr_nested_storeJan Zeleny1-1/+1
2011-05-12Use a temporary memory context in expand_ccname_templateJakub Hrozek1-20/+33
2011-05-06Allow changing the log level without restartStephen Gallagher1-5/+20
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2011-05-06Create common sss_monitor_init()Stephen Gallagher1-35/+3
This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
2011-05-06Remove unused constants from data_provider.hJakub Hrozek1-11/+0
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny1-2/+2