sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-08-15	sysdb refactoring: deleted domain variables in sysdb API	Jan Zeleny	1	-108/+56
	The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-01	HBAC rule validation Python bindings	Jakub Hrozek	1	-0/+30
	https://fedorahosted.org/sssd/ticket/943
2011-08-01	Add rule validator to libipa_hbac	Stephen Gallagher	1	-0/+115
	https://fedorahosted.org/sssd/ticket/943
2011-07-29	UTF8 HBAC test	Jakub Hrozek	1	-0/+117

2011-07-21	fo_get_server_name() getter for a server name	Jakub Hrozek	1	-1/+1
	Allows to be more concise in tests and more defensive in resolve callbacks
2011-07-21	Rename fo_get_server_name to fo_get_server_str_name	Jakub Hrozek	1	-1/+1

2011-07-13	Fix python HBAC bindings for python <= 2.4	Jakub Hrozek	1	-3/+4
	Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4
2011-07-13	Fixes for python HBAC bindings	Jakub Hrozek	1	-0/+23
	These changes were proposed during a review: * Change the signature of str_concat_sequence() to const char * * use a getsetter for HbacRule.enabled to allow string true/false and integer 1/0 in addition to bool * fix a minor memory leak (HbacRequest.rule_name) * remove overzealous discard consts
2011-07-08	Provide python bindings for the HBAC evaluator library	Jakub Hrozek	1	-0/+468

2011-07-08	Add HBAC evaluator and tests	Stephen Gallagher	1	-0/+618

2011-06-16	Test NULL server hostname in fail over tests	Jakub Hrozek	1	-8/+16

2011-06-15	Switch resolver to using resolv_hostent and honor TTL	Jakub Hrozek	2	-43/+85

2011-06-15	Unit test for parge_args	Jakub Hrozek	1	-0/+58

2011-06-02	Non-posix group processing - sysdb changes	Jan Zeleny	1	-4/+6

2011-04-27	Require openssl-devel is libcrypto backend is selected	Jakub Hrozek	1	-5/+14

2011-04-25	Case insensitive originalDN test	Jakub Hrozek	1	-0/+47

2011-03-23	Add originalDN to fake groups	Jakub Hrozek	1	-2/+2

2011-02-28	Use realm for basedn instead of IPA domain	Jakub Hrozek	1	-0/+1
	https://fedorahosted.org/sssd/ticket/807
2011-02-11	Clear up -Wunused-but-set-variable warnings	Stephen Gallagher	1	-1/+1

2011-01-21	Delete attributes that are removed from LDAP	Stephen Gallagher	1	-1/+1
	Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
2011-01-11	Validate user supplied size of data items	Sumit Bose	1	-0/+14
	Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
2010-12-20	Add sysdb_has_enumerated and sysdb_set_enumerated helper functions	Stephen Gallagher	1	-0/+40
	Includes a unit test
2010-12-17	Fix unchecked return value in test_sysdb_attrs_to_list	Stephen Gallagher	1	-3/+6
	https://fedorahosted.org/sssd/ticket/714
2010-12-15	Fix uninitialized value error in main() in stress-tests.c	Sumit Bose	1	-0/+1
	https://fedorahosted.org/sssd/ticket/732
2010-12-14	Fix uninitialized value error in setup_test in fail_over-tests.c	Sumit Bose	1	-0/+1
	https://fedorahosted.org/sssd/ticket/728
2010-12-13	Add group support to the simple access provider	Stephen Gallagher	1	-2/+2
	This patch adds simple_allow_groups and simple_deny_groups options to the simple access provider. It makes it possible to grant or deny access based on a user's group memberships within the domain. This patch makes one minor change to previous functionality: now all deny rules will supersede allow rules. Previously, if both simple_allow_users and simple_deny_users were set with the same value, the allow would win. https://fedorahosted.org/sssd/ticket/440
2010-12-08	Bye, bye, ipa_timerules	Sumit Bose	1	-582/+0
	It was decided that IPA HBAC will move to a different format to specify time ranges in access control rules. The evaluation based on the old format is not needed anymore.
2010-11-15	Fix const cast warnings in tests	Stephen Gallagher	2	-2/+2

2010-11-15	Fix const cast warning for sysdb_update_members	Stephen Gallagher	1	-4/+4

2010-11-15	Add unit tests for users and groups with odd characters	Stephen Gallagher	1	-0/+145

2010-11-15	Add utility function to sanitize LDAP/LDB filters	Stephen Gallagher	1	-0/+68
	Also adds a unit test.
2010-10-26	Always use uint32_t for UID/GID numbers	Jakub Hrozek	1	-10/+10

2010-10-18	Modify sysdb_[add\|remove]_group_member to accept users and groups	Stephen Gallagher	1	-5/+10
	Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained.
2010-10-15	sysdb interface for adding incomplete groups	Jakub Hrozek	1	-0/+40
	Useful for optimizing the initgroups operation.
2010-10-13	Also return member groups to the client	Sumit Bose	1	-44/+44

2010-10-13	netgroup tests	Stephen Gallagher	1	-0/+516

2010-10-13	Use POPT_TABLEEND to close option table	Sumit Bose	7	-8/+8

2010-09-28	Suppress some 'unchecked return value' warnings	Sumit Bose	1	-6/+13

2010-09-28	Suppress some 'may be used uninitialized' warnings	Sumit Bose	1	-1/+1
	Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-22	Initialize debug_level to zero in crypto tests	Stephen Gallagher	1	-1/+1

2010-09-22	Fix sysdb_group_dn_name	Jakub Hrozek	1	-0/+35

2010-09-15	Add parameter to skip cleanup in sysdb test	Jakub Hrozek	1	-1/+4
	This might be useful for examining the test database manually with LDB tools
2010-09-08	Password obfuscation utility functions	Jakub Hrozek	1	-0/+139
	Adds two utility functions to obfuscate a password and inverse to extract the cleartext password back. So far, only NSS-based implementation is provided.
2010-08-03	Add sysdb_update_members function	Stephen Gallagher	1	-0/+56
	This function will take a user, a list of groups that this user should be added to and a list of groups the user should be removed from and will recursively call sysdb_[add\|remove]_group_member Includes a unit test
2010-08-03	Add diff_string_lists utility function	Stephen Gallagher	1	-0/+227
	Includes a unit test
2010-08-03	Add sysdb_attrs_to_list() utility function	Stephen Gallagher	1	-0/+31

2010-06-16	Standardize on correct spelling of "principal" for krb5	Stephen Gallagher	1	-4/+4
	https://fedorahosted.org/sssd/ticket/542
2010-06-14	Print correct return code	Jakub Hrozek	1	-1/+1
	Fixes: #535
2010-05-26	Add support for delayed kinit if offline	Sumit Bose	1	-2/+2
	If the configuration option krb5_store_password_if_offline is set to true and the backend is offline the plain text user password is stored and used to request a TGT if the backend becomes online. If available the Linux kernel key retention service is used.
2010-04-30	Sort SRV replies according to RFC 2782	Jakub Hrozek	1	-0/+88
	RFC 2782 defines a way to sort replies to a SRV query. In short, the algorithm sorts all replies by priority and then does a weight-based selection for every priority level. For details, please see the sections "Usage rules" for overview of the algorithm and section "The 'Weight' field" for description on the weight selection.