| Age | Commit message (Collapse) | Author | Files | Lines | |
|---|---|---|---|---|---|
| 2010-11-15 | Introduce pam_verbosity config option | Sumit Bose | 7 | -11/+126 | |
| Currently we display all PAM messages generated by sssd to the user. But only some of them are important and others are just some useful information. This patch introduces a new option to the PAM responder which controls what kind of messages are displayed. As an example the 'Authenticated with cached credentials' message is used. This message is only displayed if pam_verbosity=1 or if there is an expire date. | |||||
| 2010-11-15 | Avoid long long in messages to PAM client use int64_t | Sumit Bose | 3 | -16/+16 | |
| 2010-11-15 | Sanitize ldap attributes in the config file | Stephen Gallagher | 1 | -2/+21 | |
| https://fedorahosted.org/sssd/ticket/458 | |||||
| 2010-11-15 | Properly document ldap_purge_cache_timeout | Stephen Gallagher | 2 | -1/+28 | |
| Also allow it to be disabled entirely | |||||
| 2010-11-15 | Sanitize search filters in LDAP provider | Stephen Gallagher | 4 | -7/+61 | |
| 2010-11-15 | Add unit tests for users and groups with odd characters | Stephen Gallagher | 1 | -0/+145 | |
| 2010-11-15 | Sanitize sysdb dn for memberof lookup | Stephen Gallagher | 1 | -1/+11 | |
| 2010-11-15 | Sanitize search filters in memberOf plugin | Stephen Gallagher | 1 | -2/+20 | |
| 2010-11-15 | Sanitize sysdb DN helpers | Stephen Gallagher | 1 | -7/+83 | |
| 2010-11-15 | Sanitize sysdb filters in the LDAP provider | Stephen Gallagher | 1 | -2/+11 | |
| 2010-11-15 | Sanitize sysdb search filters in the IPA provider | Stephen Gallagher | 1 | -2/+17 | |
| 2010-11-15 | Sanitize search filters for the sysdb | Stephen Gallagher | 1 | -6/+39 | |
| 2010-11-15 | Add sysdb utility function for sanitizing DN | Stephen Gallagher | 2 | -0/+27 | |
| 2010-11-15 | Add utility function to sanitize LDAP/LDB filters | Stephen Gallagher | 3 | -0/+131 | |
| Also adds a unit test. | |||||
| 2010-11-05 | Properly check the return value from semanage_commit | Stephen Gallagher | 1 | -2/+2 | |
| semanage_commit() returns -1 on error, and can return a positive value on success. https://bugzilla.redhat.com/show_bug.cgi?id=649037 | |||||
| 2010-11-05 | Review comments for namingContexts patches | Sumit Bose | 3 | -23/+17 | |
| 2010-11-05 | Handle errors during log reopening better | Stephen Gallagher | 2 | -3/+30 | |
| 2010-11-04 | Make ldap_search_base a non-mandatory option | Sumit Bose | 3 | -39/+46 | |
| 2010-11-04 | Use (default)namingContext to set empty search bases | Sumit Bose | 4 | -1/+117 | |
| 2010-11-04 | Add defaultNamingContext to RootDSE attributes | Sumit Bose | 2 | -0/+3 | |
| 2010-11-04 | Call krb5_child to check access permissions | Sumit Bose | 2 | -4/+129 | |
| 2010-11-04 | Make handle_child_* request public | Sumit Bose | 3 | -325/+429 | |
| I took the opportunity to move everything related to the handling of the krb5_child into a separate file and cleaned the interfaces and related structures a bit. | |||||
| 2010-11-04 | Add krb5_kuserok() access check to krb5_child | Sumit Bose | 1 | -17/+73 | |
| 2010-11-04 | Make krb5_setup() public | Sumit Bose | 3 | -6/+8 | |
| 2010-11-04 | Add krb5_get_simple_upn() | Sumit Bose | 3 | -6/+30 | |
| 2010-11-04 | Add infrastructure for Kerberos access provider | Sumit Bose | 4 | -26/+184 | |
| 2010-11-04 | Store krb5 auth context for other targets | Sumit Bose | 1 | -1/+2 | |
| 2010-11-04 | Don't clean up groups for which a user has it as primary GID | Stephen Gallagher | 1 | -2/+15 | |
| We were cleaning up all groups that were expired and for which there existed no user with memberOf: <thegroup> as an attribute. This patch modifies the search to also check for cached users with this group's GID as their primary GID. Fixes https://fedorahosted.org/sssd/ticket/624 | |||||
| 2010-11-01 | Fix two return value checks | Sumit Bose | 1 | -2/+2 | |
| 2010-11-01 | Fix misused SDAP_SEARCH_BASE | Moritz Baumann | 1 | -1/+1 | |
| 2010-11-01 | Fix incorrect free of req in krb5_auth.c | Stephen Gallagher | 1 | -1/+1 | |
| 2010-10-27 | Allow authentication for referrals | Sumit Bose | 1 | -0/+193 | |
| 2010-10-26 | Always use uint32_t for UID/GID numbers | Jakub Hrozek | 8 | -50/+43 | |
| 2010-10-26 | Fix double free issue | Sumit Bose | 1 | -2/+2 | |
| 2010-10-26 | Always use talloc_zero() to allocate cmdctx | Sumit Bose | 2 | -3/+3 | |
| 2010-10-26 | Remove all nss requests after a reconnect | Sumit Bose | 3 | -1/+26 | |
| Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing. | |||||
| 2010-10-25 | Implement netgroups for proxy provider | Sumit Bose | 3 | -2/+143 | |
| 2010-10-25 | Add netgroups infrastructure to proxy provider | Sumit Bose | 3 | -0/+42 | |
| 2010-10-22 | Download only enabled IPA HBAC rules | Sumit Bose | 1 | -1/+3 | |
| 2010-10-22 | Add some missing ldap_memfree() | Sumit Bose | 2 | -3/+6 | |
| 2010-10-22 | Add ldap_deref option | Sumit Bose | 10 | -3/+103 | |
| 2010-10-19 | Write log opening failures to the syslog | Stephen Gallagher | 2 | -1/+4 | |
| If there is a problem with reopening the logs, it can be an audit trail issue. | |||||
| 2010-10-19 | Option krb5_server is now used to store a list of KDCs instead of krb5_kdcip. | Jan Zeleny | 12 | -10/+79 | |
| For the time being, if krb5_server is not found, still falls back to krb5_kdcip with a warning. If both options are present in config file, krb5_server has a higher priority. Fixes: #543 | |||||
| 2010-10-18 | Move all references to ldap_<entity>_search_base to "advanced" section | Jan Zeleny | 2 | -44/+52 | |
| The <entity> can be one of user, group or netgroup. The references were removed from example configuration and they were moved from section Configuration options to section Advanced options. Ticket: #607 | |||||
| 2010-10-18 | set in_transaction explicitly to false | Jakub Hrozek | 1 | -1/+1 | |
| 2010-10-18 | Use unsigned long for conversion to id_t | Jakub Hrozek | 4 | -40/+22 | |
| We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead. | |||||
| 2010-10-18 | Add proper nested initgroup support for RFC2307bis servers | Stephen Gallagher | 1 | -3/+761 | |
| 2010-10-18 | Modify sysdb_[add|remove]_group_member to accept users and groups | Stephen Gallagher | 4 | -44/+102 | |
| Previously, it assumed that all members were users. This changes the interface so that either a user or a group can be specified. Also, it eliminates the need for a memory context to be passed, since the internal memory should be self-contained. | |||||
| 2010-10-18 | Handle nested groups in RFC2307bis | Stephen Gallagher | 1 | -1/+776 | |
| This first approach handles the non-optimized "pure" RFC2307bis case. It recursively calls into nested groups until it it has found them all or hits the pre-defined nesting limit. It then saves all member users first, then all groups to the sysdb | |||||
| 2010-10-18 | Make sdap_save_users_send handle zero users gracefully | Stephen Gallagher | 1 | -0/+5 | |
| If we send a zero num_users value, we should just immediately return success, rather than starting a useless transaction | |||||
 |
index : sssd | |
| System Security Services Daemon | ben |
| summaryrefslogtreecommitdiff |