Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2011-07-08 | Add LDAP access control based on NDS attributes | Sumit Bose | 9 | -3/+253 | |
2011-07-08 | Add support for experimental features | Sumit Bose | 2 | -0/+10 | |
New experimental features should have their own configure switch to enable or disable them at compile time. Additionally they can check if the configure variable build_all_experimental_features is set and enable the feature. This variable will be set if the command line option --enable-all-experimental-features is used to configure sssd. This will make it easy to enable all experimental features. Experimental features should be marked in the man pages. To simplify this include/experimental.xml can be used. | |||||
2011-07-08 | Provide python bindings for the HBAC evaluator library | Jakub Hrozek | 2 | -0/+2209 | |
2011-07-08 | Treat NULL or empty rhost as unknown | Stephen Gallagher | 2 | -11/+25 | |
Previously, we were assuming this meant it was coming from the localhost, but this is not a safe assumption. We will now treat it as unknown and it will fail to match any rule that requires a specified srchost or group of srchosts. | |||||
2011-07-08 | Add ipa_hbac_treat_deny_as option | Stephen Gallagher | 6 | -2/+42 | |
By default, we will treat the presence of any DENY rule as denying all users. This option will allow the admin to explicitly ignore DENY rules during a transitional period. | |||||
2011-07-08 | Add ipa_hbac_refresh option | Stephen Gallagher | 7 | -1/+38 | |
This option describes the time between refreshes of the HBAC rules on the IPA server. | |||||
2011-07-08 | Add new HBAC lookup and evaluation routines | Stephen Gallagher | 2 | -124/+398 | |
2011-07-08 | Remove old HBAC implementation | Stephen Gallagher | 2 | -1595/+1 | |
2011-07-08 | Add helper functions for looking up HBAC rule components | Stephen Gallagher | 6 | -0/+2616 | |
2011-07-08 | Add HBAC evaluator and tests | Stephen Gallagher | 4 | -0/+1004 | |
2011-07-08 | Add helper function msgs2attrs_array | Stephen Gallagher | 2 | -0/+33 | |
This function converts a list of ldb_messages into a list of sysdb_attrs. | |||||
2011-07-05 | ipa_dyndns: Use sockaddr_storage for storing IP addresses | Jakub Hrozek | 1 | -12/+17 | |
https://fedorahosted.org/sssd/ticket/915 | |||||
2011-07-05 | Call ldap_install_tls() on ldaps connections | Sumit Bose | 1 | -0/+15 | |
2011-07-01 | Replace system() function with fork and execl call. | Matthew Ife | 1 | -22/+30 | |
This is much more selinux friendly as it allows policy makers to call nscd_domtrans to transition to nscd_t instead of giving more access to the system via the corcmd_exec_bin macro. Modified-by: Simo Sorce <ssorce@redhat.com> Signed-off-by: Simo Sorce <ssorce@redhat.com> | |||||
2011-07-01 | Do not access state after tevent_req_done() is called. | Sumit Bose | 1 | -10/+16 | |
2011-07-01 | Do not attempt to close() a file descriptor < 0 | Stephen Gallagher | 1 | -1/+3 | |
Coverity 10886 | |||||
2011-06-30 | Use ldap_init_fd() instead of ldap_initialize() if available | Sumit Bose | 6 | -38/+435 | |
2011-06-30 | Use name based URI instead of IP address based URIs | Sumit Bose | 2 | -38/+3 | |
2011-06-30 | Add sdap_call_conn_cb() to call add connection callback directly | Sumit Bose | 2 | -0/+40 | |
2011-06-30 | Add sockaddr_storage to sdap_service | Sumit Bose | 5 | -0/+62 | |
2011-06-27 | fix typos | Simo Sorce | 1 | -5/+5 | |
2011-06-24 | Fall back to polling when inotify fails | Jan Zeleny | 1 | -28/+68 | |
2011-06-21 | Log nsupdate message | Jakub Hrozek | 1 | -0/+3 | |
https://fedorahosted.org/sssd/ticket/893 | |||||
2011-06-16 | Test NULL server hostname in fail over tests | Jakub Hrozek | 1 | -8/+16 | |
2011-06-16 | Provide TTL structure names for c-ares < 1.7 | Jakub Hrozek | 2 | -0/+11 | |
https://fedorahosted.org/sssd/ticket/898 In c-ares 1.7, the upstream renamed the addrttl/addr6ttl structures to ares_addrttl/ares_addr6ttl so they are in the ares_ namespace. Because they are committed to stable ABI, the contents are the same, just the name changed -- so it is safe to just #define the new name for older c-ares version in case the new one is not detected in configure time. | |||||
2011-06-16 | Do not check pwdAttribute | Sumit Bose | 1 | -9/+0 | |
It is not safe to check pwdAttribute to see if server side password policies are active. Only if a LDAP_CONTROL_PASSWORDPOLICYRESPONSE is present the bind response we can assume that there is a server side password policy. | |||||
2011-06-15 | Switch resolver to using resolv_hostent and honor TTL | Jakub Hrozek | 10 | -276/+401 | |
2011-06-15 | Resolve hosts by name from DNS into resolv_hostent | Jakub Hrozek | 1 | -0/+254 | |
2011-06-15 | Resolve hosts by name from files into resolv_hostent | Jakub Hrozek | 1 | -0/+92 | |
2011-06-15 | Add new resolv_hostent data structure and utility functions | Jakub Hrozek | 2 | -0/+200 | |
2011-06-15 | Fix proxy provider return code for secondary missing groups | Sumit Bose | 1 | -1/+3 | |
2011-06-15 | Unit test for parge_args | Jakub Hrozek | 1 | -0/+58 | |
2011-06-15 | Make parse_args skip extra spaces | Jakub Hrozek | 1 | -16/+24 | |
https://fedorahosted.org/sssd/ticket/871 | |||||
2011-06-15 | Fix two typos | Sumit Bose | 1 | -2/+3 | |
2011-06-15 | Delete cached ccache file if password is expired | Sumit Bose | 1 | -8/+63 | |
2011-06-02 | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 3 | -31/+90 | |
2011-06-02 | Non-posix group processing - sysdb changes | Jan Zeleny | 3 | -23/+32 | |
2011-06-02 | Added sysdb_attrs_get_bool() function | Jan Zeleny | 2 | -0/+24 | |
2011-06-02 | Escape IPv6 IP addresses in the IPA provider | Jakub Hrozek | 1 | -4/+26 | |
https://fedorahosted.org/sssd/ticket/880 | |||||
2011-06-02 | Use escaped IP addresses in LDAP provider | Jakub Hrozek | 1 | -6/+56 | |
2011-06-02 | Add a utility function to escape IPv6 address for use in URIs | Jakub Hrozek | 2 | -0/+11 | |
2011-06-02 | Add utility function to return IP address as string | Jakub Hrozek | 4 | -17/+31 | |
2011-06-02 | Add online callback only once for TGT renewal | Sumit Bose | 1 | -25/+44 | |
2011-05-31 | Fix typo in initgroups negative cache check | Stephen Gallagher | 1 | -1/+1 | |
2011-05-31 | Changing default to Default for consistency | Kaushik Banerjee | 1 | -1/+1 | |
2011-05-27 | Add more detail to ldap_uri manpage entry | Stephen Gallagher | 1 | -1/+13 | |
2011-05-25 | Sanitize username during initgroups call | Sumit Bose | 1 | -1/+7 | |
2011-05-25 | Separate return paths for success and failure in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -6/+10 | |
2011-05-24 | Make "password" the default for ldap_default_authtok_type | Stephen Gallagher | 2 | -1/+4 | |
2011-05-24 | Fix uninitialized scalar variable in sdap_nested_group_check_cache | Jakub Hrozek | 1 | -2/+4 | |
https://fedorahosted.org/sssd/ticket/878 |