7171a7584dda534dde5409f3e7f4657e845ece15 |
|
24-Nov-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
SECRETS: Add configurable payload size limit of a secret
Resolves:
https://fedorahosted.org/sssd/ticket/3169
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
682c9c3467055c2149af28826f7458b857b0f8c4 |
|
10-Nov-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
SECRETS: Add allowed_sec_users_options
There are options (the proxying related ones) that only apply to the
secrets' subsections. In order to make config API able to catch those,
let's create a new section called allowed_sec_users_options) and move
there these proxying options.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
da8801c363716533f60bc78e10f3a2100cebc3a1 |
|
10-Nov-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
SECRETS: Fix secrets rule in the allowed sections
We have been matching an invalid subsection of the secrets' section,
like:
[secrets/users/]
Let's ensure that we only match the following cases:
[secrets]
[secrets/users/[0-9]+]
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
ce43f710c9638fbbeae077559cd7514370a10c0c |
|
02-Nov-2016 |
Sumit Bose <sbose@redhat.com> |
PAM: add pam_response_filter option
Currently the main use-case for this new option is to not set the
KRB5CCNAME environment varible for services like 'sudo-i'.
Resolves https://fedorahosted.org/sssd/ticket/2296
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
65a38b8c9cabde6c46cc0e9868f54cb9bb10afbf |
|
05-Oct-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
SECRETS: Add a configurable limit of secrets that can be stored
Related:
https://fedorahosted.org/sssd/ticket/3169
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
efc65e78fa4e01e6cecc8690a9899af61213be62 |
|
03-Oct-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
SECRETS: Add a configurable depth limit for nested containers
Resolves:
https://fedorahosted.org/sssd/ticket/3168
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
ba96228853da4981cc5c12904c52cd7242417d6d |
|
03-Oct-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
CONFIG: List allowed secrets responder options
Related:
https://fedorahosted.org/sssd/ticket/3207
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
5e17edfc899d4fffb15f8300d15e4412af0f2f7d |
|
03-Oct-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
CONFIG: Add secrets responder to the allowed sections
The regular expression used is quite specific for the two cases we
support:
- [secrets]
- [secrets/users/$uid]
It could be done a bit more generic, but the way it's right now it can
easily catch errors like: [secrets/usrs/$uid] or [secrets/].
Related:
https://fedorahosted.org/sssd/ticket/3207
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
aef0171e0bdc9a683958d69c7ee984fb10cd5de7 |
|
13-Sep-2016 |
Petr Cech <pcech@redhat.com> |
PROXY: Adding proxy_max_children option
The new option 'proxy_max_children' is applicable
in domain section. Default value is 10.
Resolves:
https://fedorahosted.org/sssd/ticket/3153
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com> |
081c6d8c7c8e75487d1c4e42862964be1e85b575 |
|
12-Sep-2016 |
Justin Stephenson <jstephen@redhat.com> |
MONITOR: Add disable_netlink option
Adding a new monitor boolean option to disable netlink support.
This will give users more control over sssd state changes without
having to modify systemd unit files.
Resolves:
https://fedorahosted.org/sssd/ticket/3142
Reviewed-by: Petr Cech <pcech@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |
5b0735876aa66464b24cb7736a74fafd8ec82128 |
|
31-Aug-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
MONITOR: Remove leftovers from kill_service
Seems that wen I sent the v2 of ac35fe74 I attached the wrong pacth that
ended up being pushed.
The patch was incomplete as there are still some leftovers.
The .po and sssd-docs.pot were not touched as I do believe they are
autogenerated from Zanata.
Related:
https://fedorahosted.org/sssd/ticket/3052
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Petr Čech <pcech@redhat.com> |
e04df9feca0c9877c69aa46450d04c556bcb23ad |
|
31-Aug-2016 |
Fabiano Fidêncio <fidencio@redhat.com> |
MONITOR: Remove leftovers from diag_cmd
Seems that when I sent the v2 of 7579cf99 I attached the wrong patch
that ended up being pushed.
That patch was incomplete as there are still some leftovers.
Related:
https://fedorahosted.org/sssd/ticket/3051
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Petr Čech <pcech@redhat.com> |
d940593e647731c0caec1fd04cf16a1b23578f32 |
|
23-Aug-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
CONFIG: session_provider does not exist anymore
The session_provider used to exist a long time ago when we used to set
the SELinux context from it, but the provider had been removed for a
long time. We just forgot to remove the value from the config API and
the validator.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
dec00197181ee8f7efbfbdadd73629f66f80f1ff |
|
23-Aug-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
CONFIG: selinux_provider is a valid provider type
We should not warn about it in the validator and should allow
selinux_provider from the config API.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
d6342c92c226becbdd254f90a0005b8c00c300dc |
|
17-Aug-2016 |
Petr Cech <pcech@redhat.com> |
AD_PROVIDER: Add ad_enabled_domains option
Resolves:
https://fedorahosted.org/sssd/ticket/2828
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
6d19051c50c10fc4de056ebb385c63ec0ed221cb |
|
12-Aug-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
CONFIG: re_expression is an allowed option for all domains
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
cc4d1af16820b15595b60c3df15220fb852eb897 |
|
12-Aug-2016 |
Jakub Hrozek <jhrozek@redhat.com> |
CONFIG: full_name_format is an allowed option for all domains
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
a20968099c0e02f17311ab4b20680a872d464393 |
|
10-Aug-2016 |
Lukas Slebodnik <lslebodn@redhat.com> |
config_schema: Add ldap_user_email to schema
Resolves:
https://fedorahosted.org/sssd/ticket/3068
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> |
aeab20358006d728a284f969f92f3890498cd651 |
|
12-Jul-2016 |
Michal Židek <mzidek@redhat.com> |
config: Add config_file_version to schema
Resolves:
https://fedorahosted.org/sssd/ticket/3068
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
1b9b5477027d86a2afb2e72981253d108c5398da |
|
12-Jul-2016 |
Michal Židek <mzidek@redhat.com> |
config: Allow timeout for all sevices
Allow option "timeout" for all sevices.
Also remove unused macro CONFDB_SERVICE_TIMEOUT.
Resolves:
https://fedorahosted.org/sssd/ticket/3068
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
0a172552ec16f3b84d127399551cad786da8fd9d |
|
12-Jul-2016 |
Michal Židek <mzidek@redhat.com> |
config: Fix user_attributes
Fixes:
https://fedorahosted.org/sssd/ticket/3068
Option user_attributes is also available in
NSS responder, but not in PAC responder.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
fc04d11c2fdde0bfe280c6030df2b1d6bf15ce63 |
|
12-Jul-2016 |
Michal Židek <mzidek@redhat.com> |
config: override_space is monitor's option
We read override_space from [sssd] not
[nss] section.
Resolves:
https://fedorahosted.org/sssd/ticket/3068
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> |
c42ca36247022490ad65a33c453cb5e43900dbe9 |
|
27-Jun-2016 |
Lukas Slebodnik <lslebodn@redhat.com> |
Prepare ini schema with rules for validation
Resolves:
https://fedorahosted.org/sssd/ticket/2028
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> |