sssd.git/src/sss_client, branch refactor

PAM: fix handling the client fd in pam destructor

2012-10-12T08:11:16+00:00

* Protect the fd with a mutex when closing
* Set it to a safe value after closing

Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudo

2012-10-12T07:55:02+00:00

PAM: close socket fd with pam_set_data

2012-10-11T12:11:56+00:00

https://fedorahosted.org/sssd/ticket/1569

do not fail if POLLHUP occurs while reading data

2012-10-10T13:26:36+00:00

This cause troubles when we send data to a pipe and close the
file descriptor before data is read. The pipe is still readable,
but POLLHUP is detected and we fail to read them.

For example, this may cause a user beeing unable to log in.

Now if POLLHUP appears, we read the pipe and then close it on
the client side too.

SSH: Simplify public key formatting function

2012-09-04T08:17:42+00:00

SSH: Return error code in SSH utility functions

2012-09-04T08:17:42+00:00

Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client

2012-08-27T14:32:01+00:00

https://fedorahosted.org/sssd/ticket/1460

sss_client: Group lookups should work even when fastcache cannot be initialized

2012-08-13T18:43:30+00:00

https://fedorahosted.org/sssd/ticket/1415

Write SELinux config files in responder instead of PAM module

2012-07-27T12:46:16+00:00

Move SELinux processing from session to account PAM stack

2012-07-27T08:37:06+00:00

The idea is to rename session provider to selinux provider. Processing
of SELinux rules has to be performed in account stack in order to ensure
that pam_selinux (which is the first module in PAM session stack) will
get the correct input from SSSD.

Processing of account PAM stack is bound to access provider. That means
we need to have two providers executed when SSS_PAM_ACCT_MGMT message
is received from PAM responder. Change in data_provider_be.c ensures
just that - after access provider finishes its actions, the control is
given to selinux provider and only after this provider finishes is the
result returned to PAM responder.