summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2010-11-15Properly document ldap_purge_cache_timeoutStephen Gallagher2-1/+28
Also allow it to be disabled entirely
2010-11-15Sanitize search filters in LDAP providerStephen Gallagher4-7/+61
2010-11-15Add unit tests for users and groups with odd charactersStephen Gallagher1-0/+145
2010-11-15Sanitize sysdb dn for memberof lookupStephen Gallagher1-1/+11
2010-11-15Sanitize search filters in memberOf pluginStephen Gallagher1-2/+20
2010-11-15Sanitize sysdb DN helpersStephen Gallagher1-7/+83
2010-11-15Sanitize sysdb filters in the LDAP providerStephen Gallagher1-2/+11
2010-11-15Sanitize sysdb search filters in the IPA providerStephen Gallagher1-2/+17
2010-11-15Sanitize search filters for the sysdbStephen Gallagher1-6/+39
2010-11-15Add sysdb utility function for sanitizing DNStephen Gallagher2-0/+27
2010-11-15Add utility function to sanitize LDAP/LDB filtersStephen Gallagher3-0/+131
Also adds a unit test.
2010-11-05Properly check the return value from semanage_commitStephen Gallagher1-2/+2
semanage_commit() returns -1 on error, and can return a positive value on success. https://bugzilla.redhat.com/show_bug.cgi?id=649037
2010-11-05Review comments for namingContexts patchesSumit Bose3-23/+17
2010-11-05Handle errors during log reopening betterStephen Gallagher2-3/+30
2010-11-04Make ldap_search_base a non-mandatory optionSumit Bose3-39/+46
2010-11-04Use (default)namingContext to set empty search basesSumit Bose4-1/+117
2010-11-04Add defaultNamingContext to RootDSE attributesSumit Bose2-0/+3
2010-11-04Call krb5_child to check access permissionsSumit Bose2-4/+129
2010-11-04Make handle_child_* request publicSumit Bose3-325/+429
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit.
2010-11-04Add krb5_kuserok() access check to krb5_childSumit Bose1-17/+73
2010-11-04Make krb5_setup() publicSumit Bose3-6/+8
2010-11-04Add krb5_get_simple_upn()Sumit Bose3-6/+30
2010-11-04Add infrastructure for Kerberos access providerSumit Bose4-26/+184
2010-11-04Store krb5 auth context for other targetsSumit Bose1-1/+2
2010-11-04Don't clean up groups for which a user has it as primary GIDStephen Gallagher1-2/+15
We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624
2010-11-01Fix two return value checksSumit Bose1-2/+2
2010-11-01Fix misused SDAP_SEARCH_BASEMoritz Baumann1-1/+1
2010-11-01Fix incorrect free of req in krb5_auth.cStephen Gallagher1-1/+1
2010-10-27Allow authentication for referralsSumit Bose1-0/+193
2010-10-26Always use uint32_t for UID/GID numbersJakub Hrozek8-50/+43
2010-10-26Fix double free issueSumit Bose1-2/+2
2010-10-26Always use talloc_zero() to allocate cmdctxSumit Bose2-3/+3
2010-10-26Remove all nss requests after a reconnectSumit Bose3-1/+26
Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing.
2010-10-25Implement netgroups for proxy providerSumit Bose3-2/+143
2010-10-25Add netgroups infrastructure to proxy providerSumit Bose3-0/+42
2010-10-22Download only enabled IPA HBAC rulesSumit Bose1-1/+3
2010-10-22Add some missing ldap_memfree()Sumit Bose2-3/+6
2010-10-22Add ldap_deref optionSumit Bose10-3/+103
2010-10-19Write log opening failures to the syslogStephen Gallagher2-1/+4
If there is a problem with reopening the logs, it can be an audit trail issue.
2010-10-19Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip.Jan Zeleny12-10/+79
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543
2010-10-18Move all references to ldap_<entity>_search_base to "advanced" sectionJan Zeleny2-44/+52
The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607
2010-10-18set in_transaction explicitly to falseJakub Hrozek1-1/+1
2010-10-18Use unsigned long for conversion to id_tJakub Hrozek4-40/+22
We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.
2010-10-18Add proper nested initgroup support for RFC2307bis serversStephen Gallagher1-3/+761
2010-10-18Modify sysdb_[add|remove]_group_member to accept users and groupsStephen Gallagher4-44/+102
Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained.
2010-10-18Handle nested groups in RFC2307bisStephen Gallagher1-1/+776
This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb
2010-10-18Make sdap_save_users_send handle zero users gracefullyStephen Gallagher1-0/+5
If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction
2010-10-18Add option to limit nested groupsSimo Sorce7-3/+24
2010-10-15Save dummy member users during RFC2307 getgr{nam,gid}Jakub Hrozek1-82/+279
2010-10-15sysdb interface for adding fake usersJakub Hrozek4-4/+70