sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-08-25	New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0	Pavel Březina	4	-4/+15
	Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25	New DEBUG facility - conversion	Pavel Březina	11	-9/+16
	https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-25	Improve password policy error code and message	Sumit Bose	1	-4/+9
	Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
2011-08-25	IPA dyndns: do not segfault if the server cannot be resolved	Jakub Hrozek	1	-4/+2
	https://fedorahosted.org/sssd/ticket/963
2011-08-15	Handle timeout during sss_ldap_init_send	Jakub Hrozek	1	-1/+5
	In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-15	Moved some functions in sdap_async_initgroups	Jan Zeleny	1	-345/+349

2011-08-15	Moved some functions in sdap_async_groups	Jan Zeleny	1	-122/+112

2011-08-15	Confusing part of code cleared out	Jan Zeleny	1	-34/+32

2011-08-15	sdap_async_accounts.c split	Jan Zeleny	4	-2514/+2588
	The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864
2011-08-15	sysdb refactoring: memory context deleted	Jan Zeleny	10	-43/+31
	This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15	sysdb refactoring: deleted domain variables in sysdb API	Jan Zeleny	22	-101/+69
	The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-11	Use sysdb attribute name for GID, not LDAP attribute	Stephen Gallagher	1	-3/+3

2011-08-04	Fix returning groups when gidNumber attribute is not ordered	Jakub Hrozek	3	-4/+10
	https://fedorahosted.org/sssd/ticket/951
2011-08-01	Request password control unconditionally during bind	Jakub Hrozek	1	-6/+6
	https://fedorahosted.org/sssd/ticket/940
2011-08-01	Change the default value of ldap_tls_cacert in IPA provider	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/944
2011-08-01	Add rule validator to libipa_hbac	Stephen Gallagher	2	-0/+74
	https://fedorahosted.org/sssd/ticket/943
2011-08-01	Remove incorrect private variable	Stephen Gallagher	1	-1/+1
	This caused no ill effects, since it wasn't used in the callback. However, it is a layering violation (especially since req is freed in the callback)
2011-08-01	Wrong paramater to sysdb_attrs_add_uint32	Jakub Hrozek	1	-1/+1

2011-07-29	Fix incorrect NULL check in ipa_hbac_common.c	Stephen Gallagher	1	-1/+1
	https://fedorahosted.org/sssd/ticket/936
2011-07-29	Fix memory leak in ipa_hbac_evaluate_rules	Stephen Gallagher	1	-0/+1
	https://fedorahosted.org/sssd/ticket/933
2011-07-29	libipa_hbac: Support case-insensitive comparisons with UTF8	Stephen Gallagher	1	-16/+98

2011-07-27	Explicitly ignore groups with gidNumber=0	Jakub Hrozek	2	-11/+18
	https://fedorahosted.org/sssd/ticket/916
2011-07-27	Set gidNumber of non-posix groups to 0 even on updates	Jakub Hrozek	1	-8/+44

2011-07-21	fo_get_server_name() getter for a server name	Jakub Hrozek	5	-3/+31
	Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21	Rename fo_get_server_name to fo_get_server_str_name	Jakub Hrozek	6	-10/+10

2011-07-21	Only print server address if one is available	Jakub Hrozek	1	-0/+7

2011-07-21	Do not add a NULL host parsed from LDAP URI	Jakub Hrozek	1	-1/+8
	https://fedorahosted.org/sssd/ticket/911
2011-07-13	Remove unused krb5_service structure member	Jakub Hrozek	3	-7/+1

2011-07-11	Check DNS records before updating	Jakub Hrozek	4	-25/+470
	https://fedorahosted.org/sssd/ticket/802
2011-07-11	Split reading resolver family order into a separate function	Jakub Hrozek	1	-23/+3

2011-07-11	Do not hardcode default resolver timeout	Jakub Hrozek	1	-1/+1

2011-07-11	Escape IP address in kdcinfo	Jakub Hrozek	2	-14/+36
	https://fedorahosted.org/sssd/ticket/909
2011-07-11	Move IP adress escaping from the LDAP namespace	Jakub Hrozek	1	-3/+3

2011-07-08	Add LDAP access control based on NDS attributes	Sumit Bose	6	-3/+197

2011-07-08	Treat NULL or empty rhost as unknown	Stephen Gallagher	2	-11/+25
	Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts.
2011-07-08	Add ipa_hbac_treat_deny_as option	Stephen Gallagher	3	-2/+13
	By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period.
2011-07-08	Add ipa_hbac_refresh option	Stephen Gallagher	4	-1/+21
	This option describes the time between refreshes of the HBAC rules on the IPA server.
2011-07-08	Add new HBAC lookup and evaluation routines	Stephen Gallagher	2	-124/+398

2011-07-08	Remove old HBAC implementation	Stephen Gallagher	2	-1595/+1

2011-07-08	Add helper functions for looking up HBAC rule components	Stephen Gallagher	6	-0/+2616

2011-07-08	Add HBAC evaluator and tests	Stephen Gallagher	3	-0/+386

2011-07-08	Add helper function msgs2attrs_array	Stephen Gallagher	2	-0/+33
	This function converts a list of ldb_messages into a list of sysdb_attrs.
2011-07-05	ipa_dyndns: Use sockaddr_storage for storing IP addresses	Jakub Hrozek	1	-12/+17
	https://fedorahosted.org/sssd/ticket/915
2011-06-30	Use ldap_init_fd() instead of ldap_initialize() if available	Sumit Bose	3	-37/+88

2011-06-30	Use name based URI instead of IP address based URIs	Sumit Bose	2	-38/+3

2011-06-30	Add sdap_call_conn_cb() to call add connection callback directly	Sumit Bose	2	-0/+40

2011-06-30	Add sockaddr_storage to sdap_service	Sumit Bose	3	-0/+22

2011-06-21	Log nsupdate message	Jakub Hrozek	1	-0/+3
	https://fedorahosted.org/sssd/ticket/893
2011-06-16	Do not check pwdAttribute	Sumit Bose	1	-9/+0
	It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy.
2011-06-15	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	6	-28/+29