Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-11-15 | Avoid long long in messages to PAM client use int64_t | Sumit Bose | 3 | -16/+16 | |
2010-11-15 | Sanitize ldap attributes in the config file | Stephen Gallagher | 1 | -2/+21 | |
https://fedorahosted.org/sssd/ticket/458 | |||||
2010-11-15 | Properly document ldap_purge_cache_timeout | Stephen Gallagher | 2 | -1/+28 | |
Also allow it to be disabled entirely | |||||
2010-11-15 | Sanitize search filters in LDAP provider | Stephen Gallagher | 4 | -7/+61 | |
2010-11-15 | Add unit tests for users and groups with odd characters | Stephen Gallagher | 1 | -0/+145 | |
2010-11-15 | Sanitize sysdb dn for memberof lookup | Stephen Gallagher | 1 | -1/+11 | |
2010-11-15 | Sanitize search filters in memberOf plugin | Stephen Gallagher | 1 | -2/+20 | |
2010-11-15 | Sanitize sysdb DN helpers | Stephen Gallagher | 1 | -7/+83 | |
2010-11-15 | Sanitize sysdb filters in the LDAP provider | Stephen Gallagher | 1 | -2/+11 | |
2010-11-15 | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 1 | -2/+17 | |
2010-11-15 | Sanitize search filters for the sysdb | Stephen Gallagher | 1 | -6/+39 | |
2010-11-15 | Add sysdb utility function for sanitizing DN | Stephen Gallagher | 2 | -0/+27 | |
2010-11-15 | Add utility function to sanitize LDAP/LDB filters | Stephen Gallagher | 3 | -0/+131 | |
Also adds a unit test. | |||||
2010-11-05 | Properly check the return value from semanage_commit | Stephen Gallagher | 1 | -2/+2 | |
semanage_commit() returns -1 on error, and can return a positive value on success. https://bugzilla.redhat.com/show_bug.cgi?id=649037 | |||||
2010-11-05 | Review comments for namingContexts patches | Sumit Bose | 3 | -23/+17 | |
2010-11-05 | Handle errors during log reopening better | Stephen Gallagher | 2 | -3/+30 | |
2010-11-04 | Make ldap_search_base a non-mandatory option | Sumit Bose | 3 | -39/+46 | |
2010-11-04 | Use (default)namingContext to set empty search bases | Sumit Bose | 4 | -1/+117 | |
2010-11-04 | Add defaultNamingContext to RootDSE attributes | Sumit Bose | 2 | -0/+3 | |
2010-11-04 | Call krb5_child to check access permissions | Sumit Bose | 2 | -4/+129 | |
2010-11-04 | Make handle_child_* request public | Sumit Bose | 3 | -325/+429 | |
I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit. | |||||
2010-11-04 | Add krb5_kuserok() access check to krb5_child | Sumit Bose | 1 | -17/+73 | |
2010-11-04 | Make krb5_setup() public | Sumit Bose | 3 | -6/+8 | |
2010-11-04 | Add krb5_get_simple_upn() | Sumit Bose | 3 | -6/+30 | |
2010-11-04 | Add infrastructure for Kerberos access provider | Sumit Bose | 4 | -26/+184 | |
2010-11-04 | Store krb5 auth context for other targets | Sumit Bose | 1 | -1/+2 | |
2010-11-04 | Don't clean up groups for which a user has it as primary GID | Stephen Gallagher | 1 | -2/+15 | |
We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624 | |||||
2010-11-01 | Fix two return value checks | Sumit Bose | 1 | -2/+2 | |
2010-11-01 | Fix misused SDAP_SEARCH_BASE | Moritz Baumann | 1 | -1/+1 | |
2010-11-01 | Fix incorrect free of req in krb5_auth.c | Stephen Gallagher | 1 | -1/+1 | |
2010-10-27 | Allow authentication for referrals | Sumit Bose | 1 | -0/+193 | |
2010-10-26 | Always use uint32_t for UID/GID numbers | Jakub Hrozek | 8 | -50/+43 | |
2010-10-26 | Fix double free issue | Sumit Bose | 1 | -2/+2 | |
2010-10-26 | Always use talloc_zero() to allocate cmdctx | Sumit Bose | 2 | -3/+3 | |
2010-10-26 | Remove all nss requests after a reconnect | Sumit Bose | 3 | -1/+26 | |
Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing. | |||||
2010-10-25 | Implement netgroups for proxy provider | Sumit Bose | 3 | -2/+143 | |
2010-10-25 | Add netgroups infrastructure to proxy provider | Sumit Bose | 3 | -0/+42 | |
2010-10-22 | Download only enabled IPA HBAC rules | Sumit Bose | 1 | -1/+3 | |
2010-10-22 | Add some missing ldap_memfree() | Sumit Bose | 2 | -3/+6 | |
2010-10-22 | Add ldap_deref option | Sumit Bose | 10 | -3/+103 | |
2010-10-19 | Write log opening failures to the syslog | Stephen Gallagher | 2 | -1/+4 | |
If there is a problem with reopening the logs, it can be an audit trail issue. | |||||
2010-10-19 | Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. | Jan Zeleny | 12 | -10/+79 | |
For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 | |||||
2010-10-18 | Move all references to ldap_<entity>_search_base to "advanced" section | Jan Zeleny | 2 | -44/+52 | |
The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607 | |||||
2010-10-18 | set in_transaction explicitly to false | Jakub Hrozek | 1 | -1/+1 | |
2010-10-18 | Use unsigned long for conversion to id_t | Jakub Hrozek | 4 | -40/+22 | |
We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead. | |||||
2010-10-18 | Add proper nested initgroup support for RFC2307bis servers | Stephen Gallagher | 1 | -3/+761 | |
2010-10-18 | Modify sysdb_[add|remove]_group_member to accept users and groups | Stephen Gallagher | 4 | -44/+102 | |
Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained. | |||||
2010-10-18 | Handle nested groups in RFC2307bis | Stephen Gallagher | 1 | -1/+776 | |
This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb | |||||
2010-10-18 | Make sdap_save_users_send handle zero users gracefully | Stephen Gallagher | 1 | -0/+5 | |
If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction | |||||
2010-10-18 | Add option to limit nested groups | Simo Sorce | 7 | -3/+24 | |