sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-08-01	HBAC rule validation Python bindings	Jakub Hrozek	1	-0/+30
	https://fedorahosted.org/sssd/ticket/943
2011-08-01	Add rule validator to libipa_hbac	Stephen Gallagher	1	-0/+115
	https://fedorahosted.org/sssd/ticket/943
2011-07-29	UTF8 HBAC test	Jakub Hrozek	1	-0/+117

2011-07-21	fo_get_server_name() getter for a server name	Jakub Hrozek	1	-1/+1
	Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21	Rename fo_get_server_name to fo_get_server_str_name	Jakub Hrozek	1	-1/+1

2011-07-13	Fix python HBAC bindings for python <= 2.4	Jakub Hrozek	1	-3/+4
	Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4
2011-07-13	Fixes for python HBAC bindings	Jakub Hrozek	1	-0/+23
	These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts
2011-07-08	Provide python bindings for the HBAC evaluator library	Jakub Hrozek	1	-0/+468

2011-07-08	Add HBAC evaluator and tests	Stephen Gallagher	1	-0/+618

2011-06-16	Test NULL server hostname in fail over tests	Jakub Hrozek	1	-8/+16

2011-06-15	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	2	-43/+85

2011-06-15	Unit test for parge_args	Jakub Hrozek	1	-0/+58

2011-06-02	Non-posix group processing - sysdb changes	Jan Zeleny	1	-4/+6

2011-04-27	Require openssl-devel is libcrypto backend is selected	Jakub Hrozek	1	-5/+14

2011-04-25	Case insensitive originalDN test	Jakub Hrozek	1	-0/+47

2011-03-23	Add originalDN to fake groups	Jakub Hrozek	1	-2/+2

2011-02-28	Use realm for basedn instead of IPA domain	Jakub Hrozek	1	-0/+1
	https://fedorahosted.org/sssd/ticket/807
2011-02-11	Clear up -Wunused-but-set-variable warnings	Stephen Gallagher	1	-1/+1

2011-01-21	Delete attributes that are removed from LDAP	Stephen Gallagher	1	-1/+1
	Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
2011-01-11	Validate user supplied size of data items	Sumit Bose	1	-0/+14
	Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
2010-12-20	Add sysdb_has_enumerated and sysdb_set_enumerated helper functions	Stephen Gallagher	1	-0/+40
	Includes a unit test
2010-12-17	Fix unchecked return value in test_sysdb_attrs_to_list	Stephen Gallagher	1	-3/+6
	https://fedorahosted.org/sssd/ticket/714
2010-12-15	Fix uninitialized value error in main() in stress-tests.c	Sumit Bose	1	-0/+1
	https://fedorahosted.org/sssd/ticket/732
2010-12-14	Fix uninitialized value error in setup_test in fail_over-tests.c	Sumit Bose	1	-0/+1
	https://fedorahosted.org/sssd/ticket/728
2010-12-13	Add group support to the simple access provider	Stephen Gallagher	1	-2/+2
	This patch adds simple_allow_groups and simple_deny_groups options to the simple access provider. It makes it possible to grant or deny access based on a user's group memberships within the domain. This patch makes one minor change to previous functionality: now all deny rules will supersede allow rules. Previously, if both simple_allow_users and simple_deny_users were set with the same value, the allow would win. https://fedorahosted.org/sssd/ticket/440
2010-12-08	Bye, bye, ipa_timerules	Sumit Bose	1	-582/+0
	It was decided that IPA HBAC will move to a different format to specify time ranges in access control rules. The evaluation based on the old format is not needed anymore.
2010-11-15	Fix const cast warnings in tests	Stephen Gallagher	2	-2/+2

2010-11-15	Fix const cast warning for sysdb_update_members	Stephen Gallagher	1	-4/+4

2010-11-15	Add unit tests for users and groups with odd characters	Stephen Gallagher	1	-0/+145

2010-11-15	Add utility function to sanitize LDAP/LDB filters	Stephen Gallagher	1	-0/+68
	Also adds a unit test.
2010-10-26	Always use uint32_t for UID/GID numbers	Jakub Hrozek	1	-10/+10

2010-10-18	Modify sysdb_[add\|remove]_group_member to accept users and groups	Stephen Gallagher	1	-5/+10
	Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained.
2010-10-15	sysdb interface for adding incomplete groups	Jakub Hrozek	1	-0/+40
	Useful for optimizing the initgroups operation.
2010-10-13	Also return member groups to the client	Sumit Bose	1	-44/+44

2010-10-13	netgroup tests	Stephen Gallagher	1	-0/+516

2010-10-13	Use POPT_TABLEEND to close option table	Sumit Bose	7	-8/+8

2010-09-28	Suppress some 'unchecked return value' warnings	Sumit Bose	1	-6/+13

2010-09-28	Suppress some 'may be used uninitialized' warnings	Sumit Bose	1	-1/+1
	Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-22	Initialize debug_level to zero in crypto tests	Stephen Gallagher	1	-1/+1

2010-09-22	Fix sysdb_group_dn_name	Jakub Hrozek	1	-0/+35

2010-09-15	Add parameter to skip cleanup in sysdb test	Jakub Hrozek	1	-1/+4
	This might be useful for examining the test database manually with LDB tools
2010-09-08	Password obfuscation utility functions	Jakub Hrozek	1	-0/+139
	Adds two utility functions to obfuscate a password and inverse to extract the cleartext password back. So far, only NSS-based implementation is provided.
2010-08-03	Add sysdb_update_members function	Stephen Gallagher	1	-0/+56
	This function will take a user, a list of groups that this user should be added to and a list of groups the user should be removed from and will recursively call sysdb_[add\|remove]_group_member Includes a unit test
2010-08-03	Add diff_string_lists utility function	Stephen Gallagher	1	-0/+227
	Includes a unit test
2010-08-03	Add sysdb_attrs_to_list() utility function	Stephen Gallagher	1	-0/+31

2010-06-16	Standardize on correct spelling of "principal" for krb5	Stephen Gallagher	1	-4/+4
	https://fedorahosted.org/sssd/ticket/542
2010-06-14	Print correct return code	Jakub Hrozek	1	-1/+1
	Fixes: #535
2010-05-26	Add support for delayed kinit if offline	Sumit Bose	1	-2/+2
	If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-04-30	Sort SRV replies according to RFC 2782	Jakub Hrozek	1	-0/+88
	RFC 2782 defines a way to sort replies to a SRV query. In short, the algorithm sorts all replies by priority and then does a weight-based selection for every priority level. For details, please see the sections "Usage rules" for overview of the algorithm and section "The 'Weight' field" for description on the weight selection.
2010-04-14	Fix warning in sysdb-tests.c	Stephen Gallagher	1	-8/+0
	When we converted to the synchronous sysdb interface, the synchronous-simulating function test_loop() became unnecessary, but we forgot to remove it.