pool/himmelblau
SHA256
2
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Commit Graph

  • b238a57a5c Accepting request 1232865 from network:idm factory Dominique Leuenberger 2024-12-20 22:11:43 +0000
  • 05fffb1524 - Update to version 0.8.0+git.0.249ba5f: * Branch version stable-0.8.x * Passwordless auth doesn't provide polling numbers * Resolve deadlock introduced by Fido auth * Implement NGC Passwordless authentication * Remove unused commit checklist * deps(rust): update bindgen requirement from 0.70.1 to 0.71.1 * Update libhimmelblau version * Custom domains matching * Fix IdmapError to indicate the failure * Fix Fedora build dependencies * Add Fido MFA * Add Debian 12 packaging * Disable SELinux labeling on build container volume mounts * Update github CI dependencies * Implement Hello Pin changes via PAM * Formatting fix * Utilize HimmelblauConfig directly in pam and nss * Add config parsing unit tests * Fix incorrect default domain * Fix config hsm type Tpm error * Include multi-domain important info in himmelblau.conf man * Update to the latest libhimmelblau * Add DAG flow as a fallback for MFA * Fix CVE-2024-11738: rustls network-reachable panic in Acceptor::accept * Update README.md with build requires * Enable module for utf8proc-devel in Rocky8 * Remove the org.samba.himmelblau dbus service * Fix missing dependency utf8proc_NFKC_Casefold * The tasks daemon needs /etc/groups write access * Revert "Fix Ubuntu PAM fallback to password prompt" * Fix Ubuntu PAM fallback to password prompt * Increase the cache timeout to 5 minutes * Always fetch and cache the graph url * Package Siemens Linux Entra SSO for Himmelblau * Add Kerberos CCache support * Update the tasks daemon man page * Add a himmelblau.conf man page, and package the man pages * Add SLE15SP6 packaging * Add Fedora 41 packaging * Add Fedora Rawhide packaging * Provide enhancement request template * Create an issue template * Hello support depends on openssl3 * Fix sshd rpm depends * Resolve RPM dependencies automatically * Revert "deps(rust): update notify-debouncer-full requirement from 0.3 to 0.4" * Add openSUSE Tumbleweed packaging * Fix RPM packaging placement of systemd files * Remove the failed attempt at debian packaging * Add stable-0.7.x to CI workflows * Version 0.8.0 devel David Mulder 2024-12-20 15:53:03 +0000
  • 42d0a90a30 Accepting request 1230640 from network:idm Ana Guerrero 2024-12-12 20:20:29 +0000
  • 5241be31da - Update to version 0.7.13+git.0.d790d31: * Version 0.7.13 * Fix Fedora build dependencies * Version 0.7.12 * Add Debian 12 packaging * Update github CI dependencies * Version 0.7.11 * Implement Hello Pin changes via PAM * Utilize HimmelblauConfig directly in pam and nss * Version 0.7.10 * Add config parsing unit tests * Fix incorrect default domain * Fix config hsm type Tpm error * Include multi-domain important info in himmelblau.conf man David Mulder 2024-12-12 16:10:23 +0000
  • 62690b8f3a Accepting request 1228554 from network:idm Ana Guerrero 2024-12-06 13:25:33 +0000
  • 8fafeaf3f0 - Update to version 0.7.9+git.0.93655d2: * Version 0.7.9 * Update to the latest libhimmelblau * Version 0.7.8 * Add a himmelblau.conf man page, and package the man pages * Add DAG flow as a fallback for MFA David Mulder 2024-12-05 15:23:23 +0000
  • 5e4e11cd10 Accepting request 1227827 from network:idm Ana Guerrero 2024-12-03 19:46:07 +0000
  • f5c44b0fe6 - Update to version 0.7.7+git.0.b48d0bb: * Version 0.7.7 * Fix CVE-2024-11738: rustls network-reachable panic in Acceptor::accept (bsc#1233949). * Version 0.7.6 * Enable module for utf8proc-devel in Rocky8 David Mulder 2024-12-02 17:13:08 +0000
  • ddca652778 Accepting request 1226359 from network:idm Ana Guerrero 2024-11-26 19:55:40 +0000
  • 396015f79c - Update to version 0.7.5+git.0.8f421b0: * Version 0.7.5 * Remove the org.samba.himmelblau dbus service David Mulder 2024-11-25 20:26:54 +0000
  • e1df878c48 - Update to version 0.7.4+git.0.d1291c6: * Version 0.7.4 * Fix missing dependency utf8proc_NFKC_Casefold * Package Siemens Linux Entra SSO for Himmelblau * Add SLE15SP6 packaging * Add Fedora 41 packaging * Add Fedora Rawhide packaging * The tasks daemon needs /etc/groups write access * Version 0.7.3 * Increase the cache timeout to 5 minutes * Always fetch and cache the graph url - Update to version 0.7.2+git.0.c76ac0e: * Version 0.7.2 * Hello support depends on openssl3 * Version 0.7.1 * Fix sshd rpm depends * Resolve RPM dependencies automatically * Revert "deps(rust): update notify-debouncer-full requirement from 0.3 to 0.4" * Add openSUSE Tumbleweed packaging * Fix RPM packaging placement of systemd files * Remove the failed attempt at debian packaging * Add stable-0.7.x to CI workflows * deps(rust): update utoipa requirement from 4.0.0 to 4.2.0 * deps(rust): update hashbrown requirement from 0.14.0 to 0.15.1 * Remove missing feature causing warnings * deps(rust): update notify-debouncer-full requirement from 0.3 to 0.4 * Specify scopes when making an SSO request * Implement logon script for ensuring compliance * Option for adding Entra Id users to local groups * Configure EL sshd with ChallengeResponseAuthentication yes * Add rocky 8 packaging * Add RPM packaging for EL9 * Modify Ubuntu defaults to fix snaps * Resolve Libreoffice fails to start on Ubuntu * Minor formatting fix * Revert RwLock -> Arc<Mutex> change in idmap * Ignore broker scopes requests for now * Ensure every file specifies the proper license * postinst should not fail on patch or apparmor update * Install pam module to additional location via make * Add sshd config to the Makefile * Don't use sudo in postinst/postrm scripts for deb * PAM should be placed first in the stack * Add the libutf8proc-dev dep for deb * Match the object ID of the fake user and group * Make it possible to stop the broker service * Move sshd config into it's own debian package * Allow the graph to start w/out network * Add hello_pin_min_length conf option * Don't attempt SFA fallback if AADSTSError * Have libhimmelblau handle the DAG fallback * Add a warning to user that SSH needs restarted * Ensure local users are ignored when CN mapping * Ensure DAG is rejected if lifetime expires * Rework the poll logic to resolve timeout issues * Add a sshd soft depends for the deb package * CN name mapping in PAM and NSS * Make CN an optional home directory attribute * Remove the sssd build dependencies * Configuration patches for himmelblau on Debian * Simplify PAM get_item_string calls * Bug in pam which needs defended against * Fix deb build by adding Broker service file * WIP: Install Ubuntu unix-chkpwd apparmor deps * Ensure make install places pam_himmelblau correctly * Add Ubuntu pam-config for pam_himmelblau * Never return Err(PAM_SUCCESS) from get_user * Never return the Pam result from get_user() * Revert "Speed up nss requests w/out auth attempt" * Speed up nss requests w/out auth attempt * Fix some broker responses * Fixes for the dbus broker * Attempt to fix the cargo version in launchpad build * Makefile typo fixes * Version 0.7.0 * Add libdbus-1-dev dep * Improve the README installation instructions * Add make install command * Improve Debian/Ubuntu install instructions * Fix tag push permissions for tag-version workflow * Add a version check script * Remove the rustc dependency, breaking rustup * Add a debug option to the config * DBus requires that the service file match the name * Add a pam option for the OpenSSH 2876 workaround * Update to the latest libhimmelblau David Mulder 2024-11-25 18:47:26 +0000
  • 2abf32e01b Accepting request 1217101 from network:idm Ana Guerrero 2024-10-23 19:10:13 +0000
  • 0d9f787f9a - Update to version 0.6.14+git.0.bbda0b6: * Version 0.6.14 * postinst should not fail on patch or apparmor update * Version 0.6.13 * Don't use sudo in postinst/postrm scripts for deb * Version 0.6.12 * PAM should be placed first in the stack * Match the object ID of the fake user and group * Version 0.6.11 * Move sshd config into it's own debian package * Version 0.6.10 * Allow the graph to start w/out network * Add hello_pin_min_length conf option * Version 0.6.9 * Don't attempt SFA fallback if AADSTSError * Have libhimmelblau handle the DAG fallback * Add a warning to user that SSH needs restarted * Version 0.6.8 * Ensure local users are ignored when CN mapping * Ensure DAG is rejected if lifetime expires * Version 0.6.7 * Rework the poll logic to resolve timeout issues * Version 0.6.6 * Add a sshd soft depends for the deb package * CN name mapping in PAM and NSS * Version 0.6.5 * Make CN an optional home directory attribute * Version 0.6.4 * Add Ubuntu pam-config for pam_himmelblau * Configuration patches for himmelblau on Debian * Version 0.6.3 * Bug in pam which needs defended against * Version 0.6.2 * Never return the Pam result from get_user() * Correct installation directory of the deb pam module * Makefile typo fixes * Add libdbus-1-dev dep * Version 0.6.1 * Debian build requires libdbus-1-dev David Mulder 2024-10-22 18:58:29 +0000
  • fea5ec396e Accepting request 1205551 from network:idm Ana Guerrero 2024-10-04 15:10:31 +0000
  • 27fb0ed447 - Update to version 0.6.0+git.0.b8dae18: * Attempt to fix the cargo version in launchpad build * Add branch stable-0.6.x to the workflows * Install the pam module to the proper location * Update README.md * Add a debug option to the config * Add a pam option for the OpenSSH 2876 workaround * Update to the latest libhimmelblau * Authorize all users when pam_allow_groups is empty * Fix clippy warnings * Fix pam echo not displayed via ssh * Fix pam failure to register Pin following mfa poll * Fork from kanidm * Version 0.6.0 * Add cargo deb build * Version 0.5.3 * Improve the README installation instructions * Add make install command * Improve Debian/Ubuntu install instructions * Fix tag push permissions for tag-version workflow * Version 0.5.2 * Add a version check script * Version 0.5.1 * Remove the rustc dependency, breaking rustup * Added Debian packaging workflow and files David Mulder 2024-10-03 15:07:24 +0000
  • c03ffbee46 Accepting request 1202070 from network:idm Ana Guerrero 2024-09-20 15:11:47 +0000
  • b9941a6026 - explicitly depend on cargo to pull in latest compiler revision William Brown 2024-09-20 04:35:19 +0000
  • 60f0b4c34d Accepting request 1198755 from network:idm Ana Guerrero 2024-09-05 13:47:03 +0000
  • 74dce81175 - Update to version 0.5.0+git.0.22f84f0: * Update workflows for 0.5.x * Update Debian dependencies in README.md * Compilation fails on Ubuntu, missing ldb header * Fix base32 with kandim updates * deps(rust): update base32 requirement from ^0.4.0 to ^0.5.0 * deps(rust): update scim_proto requirement from ^0.2.1 to ^1.3.2 * deps(rust): update bindgen requirement from 0.69.4 to 0.70.1 * Fix CI failures caused by cargo 1.80.1 * Update to libhimmelblau version 0.2.9 * deps(rust): update rusqlite requirement from ^0.31.0 to ^0.32.0 * deps(rust): update tonic requirement from 0.11.0 to 0.12.0 * update libnss requirement from 0.7.0 to 0.8.0 * Switch to using libhimmelblau * himmelblaud stops working after suspend * Update required packages for tumbleweed * Disable the SFA fallback by default * Fix ConsolidatedTelephony MFA method * Use the group ID for the name if no display name * Use latest msal with MFA fixes * PhoneAppNotification is not a cred request algorithm * The polling_interval is in milliseconds, not seconds * OneWaySMS is additionally a valid OTP * Relicensing as GPL3, as SSSD source inclusion requires * Utilize the graph code in msal * config: Remove comments about experimental policy enforement * Remove the experimental policy code from the id provider * Fix a refresh token leak in debug from msal * Correct README details * Always normalize idmap upn inputs * Add video links to the README * Minor updates to the Contributing section * Add a Installation section to the README * Add the new SSSD idmap build deps to the README * Add a section about donations * Include the Samba Technical matrix channel * Add github workflows for the 0.4.x branch * Version 0.5.0 bump for main David Mulder 2024-09-04 14:42:45 +0000
  • c8af9847a7 Accepting request 1187593 from network:idm Ana Guerrero 2024-07-16 20:02:31 +0000
  • 4aafa7a9f2 - Update to version 0.4.3+git.2.6379abc: * Specifically use msal 0.2.6 * Version 0.4.3 * update libnss requirement from 0.7.0 to 0.8.0 * himmelblaud stops working after suspend * Version 0.4.2 * Fix ConsolidatedTelephony MFA method David Mulder 2024-07-15 15:47:50 +0000
  • 2fb9c2dca7 Accepting request 1177635 from network:idm Ana Guerrero 2024-05-30 13:33:35 +0000
  • 1c1ddb7201 Accepting request 1177633 from home:dmulder:branches:network:idm David Mulder 2024-05-29 19:46:29 +0000
  • afb17011a9 Accepting request 1175969 from network:idm Ana Guerrero 2024-05-23 13:35:27 +0000
  • c5a3282d05 Accepting request 1175968 from home:dmulder:branches:network:idm David Mulder 2024-05-22 22:20:13 +0000
  • fd0f480b08 Accepting request 1175881 from network:idm Ana Guerrero 2024-05-22 19:33:32 +0000
  • 0f95c8caff Accepting request 1175878 from home:dmulder:branches:network:idm David Mulder 2024-05-22 14:36:26 +0000
  • 783f46fa6f Accepting request 1175396 from network:idm Ana Guerrero 2024-05-21 16:35:44 +0000
  • 4fe8fa1090 Accepting request 1175395 from home:dmulder:branches:network:idm David Mulder 2024-05-20 20:01:49 +0000
  • 89925322f8 Accepting request 1174276 from network:idm Ana Guerrero 2024-05-15 19:29:35 +0000
  • 2cf49ee383 Accepting request 1174273 from home:dmulder:branches:network:idm David Mulder 2024-05-15 15:44:05 +0000
  • 7945f30477 Accepting request 1173352 from network:idm Dominique Leuenberger 2024-05-11 16:21:11 +0000
  • d31179d24a Accepting request 1173351 from home:dmulder:branches:network:idm David Mulder 2024-05-10 19:10:44 +0000
  • ab0a443ca1 Accepting request 1172984 from home:dmulder:branches:network:idm David Mulder 2024-05-10 15:11:44 +0000
  • 3a8752f2a7 Accepting request 1172520 from network:idm Dominique Leuenberger 2024-05-08 09:39:40 +0000
  • 7ba405f72b Accepting request 1172517 from home:dmulder:branches:network:idm David Mulder 2024-05-07 19:13:19 +0000
  • 0ed174ef70 Accepting request 1170871 from network:idm Ana Guerrero 2024-04-30 15:27:32 +0000
  • 4b76431f32 Accepting request 1170870 from home:dmulder:branches:network:idm David Mulder 2024-04-29 19:59:34 +0000
  • 056370e6a9 Accepting request 1157018 from network:idm Ana Guerrero 2024-03-13 21:17:35 +0000
  • 4a01511bad Accepting request 1153594 from home:dmulder:branches:network:idm David Mulder 2024-03-11 18:13:50 +0000
  • a0757657fd Accepting request 1149609 from network:idm Ana Guerrero 2024-02-22 20:02:28 +0000
  • 85279f7dc9 Accepting request 1149608 from home:dmulder:branches:network:idm David Mulder 2024-02-22 17:27:24 +0000
  • 99ab2e913c Accepting request 1134659 from network:idm Ana Guerrero 2023-12-22 21:42:53 +0000
  • fb69b16705 - Update to version 0.1.1+git.10.4aa76b7: * daemon: Fix inverted logic on cache dir check * nss: Use upstream nss package * idprovider: Provider auth needs to point to just the host * config: Consistently use the config file provided to the daemon * cargo: Use relative paths and remove most symlinks * clippy: Add kanidm's clippy config * config: Only check for tenant_id, authority, graph if necessary * Correct the cargo version David Mulder 2023-12-22 18:09:05 +0000
  • 6e5c75a419 Accepting request 1125720 from network:idm Ana Guerrero 2023-11-14 20:42:22 +0000
  • 2987fae673 Accepting request 1113671 from home:jengelh:branches:network:idm David Mulder 2023-11-13 19:17:50 +0000
  • df971265d7 - Update to version 0.1.1+git.0.6d2f645: * config: Remove comments about experimental policy enforement * config: Fix typos in the config file David Mulder 2023-11-13 19:16:02 +0000
  • df41735328 Accepting request 1111412 from network:idm Ana Guerrero 2023-11-08 21:17:18 +0000
  • caa342d9e7 Accepting request 1111397 from network:samba:TESTING William Brown 2023-09-15 00:10:03 +0000