sssd.git/src/util, branch nonroot-libcap

UTIL: Prefer libcap-ng for privilege drop operations

2014-10-07T17:51:12+00:00

UTIL: Add a function to convert id_t from a number or a name

2014-10-07T11:48:05+00:00

UTIL: Add the possibility to unit test server_setup

2014-10-07T11:48:05+00:00

SSSD: Add the possibility to specify a UID and GID to run as

2014-10-07T11:48:05+00:00

UTIL: Do not depend on monitor code

2014-10-07T11:48:05+00:00

Just moves code around. There should be a way to use the server.c module
without linking the monitor code.

UTIL: Move become_user outside krb5 tree

2014-10-07T11:48:04+00:00

In order for several other SSSD processes to run as a non-root user, we
need to move the functions to become another user to a shared space in
our source tree.

PAM: new options pam_trusted_users & pam_public_domains

2014-09-29T16:27:07+00:00

pam_public_domains option is a list of numerical UIDs or user names
that are trusted.

pam_public_domains option is a list of domains accessible even for
untrusted users.

Based on:
https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM

Reviewed-by: Lukáš Slebodník

krb5: make get_primary() a public call

2014-09-29T16:15:40+00:00

This patch changes get_primary() into sss_krb5_get_primary() so it can
be used by the AD provider to get the sAMAccountName from the hostname.

Reviewed-by: Jakub Hrozek

UTIL: Do not change SSSD domains in get_domains_head

2014-09-24T17:47:06+00:00

When there was more than one SSSD domain configured, actions performed
against domains later in the list would be incorrectly told to use the
first domain as the base for locating subdomains. This was because we
were rewinding the ->prev list on the sss_domain_info object, which is
only intended to be used by confdb code. The correct approach was to
use only the parent linkage, which would take us up to the top-level
domain in this SSSD domain.

LDAP: Ignore returned referrals if referral support is disabled

2014-09-02T12:36:28+00:00

Reviewed-by: Pavel Reichl