summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* rpm: put localized sssd_krb5_locator_plugin manpages into clientPavel Březina2012-09-171-1/+5
| | | | | | | Localized sssd_krb5_locator_plugin manpages were added into main sssd package instead of client. https://fedorahosted.org/sssd/ticket/1394
* Failover: use _srv_ when no primary server is definedPavel Březina2012-09-174-46/+12
| | | | https://fedorahosted.org/sssd/ticket/1521
* Updating the version for the RC1 releaseJakub Hrozek2012-09-131-1/+1
|
* Updating the translations for the 1.9.0 RC1 releasesssd-1_9_0_rc1sssd-1_8_98Jakub Hrozek2012-09-1330-214/+284
|
* SELinux: Always use the default if it exists on the serverJakub Hrozek2012-09-133-33/+39
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether
* DB: Always write the SELinux object to sysdbJakub Hrozek2012-09-131-70/+8
| | | | | | There's no point in checking if the object already exists because we always wipe the whole sysdb subtree. We were also immediatelly cancelling the transaction because we'd jump to goto, even though it was with EOK.
* FO: Check server validity before setting statusJakub Hrozek2012-09-137-33/+49
| | | | | | | | | | | | | | | | | The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364
* NSS: Fix off-by-one error in parse_getservbynameJakub Hrozek2012-09-131-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1438
* backend: initialize sudo only when it is enabled in servicesPavel Březina2012-09-121-3/+63
| | | | | | | https://fedorahosted.org/sssd/ticket/1458 When the responder is disabled and sudo_provider is set explicitly, a warning is print and the module will be initialized.
* be_process_init(): free ctx on errorPavel Březina2012-09-121-15/+21
|
* netgroup: resolve hostgroup membership correctlyPavel Březina2012-09-121-1/+1
| | | | | | | | https://fedorahosted.org/sssd/ticket/1519 IPA host refactoring changed mapping of memberOf attribute which caused SSSD being unable to retrieve membership of hostgroup when being interpreted as netgroup.
* Remove obsolete commentSimo Sorce2012-09-121-5/+0
| | | | Made obsolete by commit e2d17ea806d273784b621583dd0490c2f69f237d
* KRB5: Add a missing string argumentJakub Hrozek2012-09-101-1/+2
|
* SYSDB: NULL-terminate the output of sysdb_get_{ranges,subdomains}Jakub Hrozek2012-09-103-4/+7
|
* RPM: BuildRequire selinux-policy-targetedJakub Hrozek2012-09-101-0/+1
| | | | | | selinux-policy-targeted contains the /etc/selinux/targeted/logins directory that is checked during build time to determine if the platform supports SELinux user logins.
* KRB5: Return PAM_AUTH_ERR on incorrect passwordJakub Hrozek2012-09-101-19/+32
| | | | https://fedorahosted.org/sssd/ticket/1515
* KRB5: cancel the sysdb transaction on one place onlyJakub Hrozek2012-09-101-1/+0
| | | | | | | https://fedorahosted.org/sssd/ticket/1516 If sysdb_set_user_attr failed, we would cancel the transaction, then go to the error handler and attempt to close it again.
* Out-of-bounds read fix in hmac-sha-1Ondrej Kos2012-09-071-1/+3
|
* libsss_sudo should have a versioned dependency on SSSDJakub Hrozek2012-09-071-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1509
* Bumping version for the 1.9.0 beta 7 releaseJakub Hrozek2012-09-051-1/+1
|
* Update translations for 1.9.0 beta 7 releasesssd-1_9_0_beta7sssd-1_8_97Jakub Hrozek2012-09-0534-8623/+15821
|
* SIGUSR2 should force SSSD to reread resolv.conf as wellAriel Barria2012-09-051-2/+19
|
* Don't terminate the same connection twiceJakub Hrozek2012-09-051-6/+0
| | | | https://fedorahosted.org/sssd/ticket/1488
* Retry the next server if bind during LDAP auth times outJakub Hrozek2012-09-051-1/+6
|
* SYSDB: Abort unit test if sysdb_getpwnam failsJakub Hrozek2012-09-051-0/+3
|
* SYSDB: Commit transaction in sysdb_store_userJakub Hrozek2012-09-051-17/+19
|
* Unify usage of sysdb transactions (part 2).Michal Zidek2012-09-049-270/+330
|
* Check flat names when searching for sub-domains as wellSumit Bose2012-09-041-1/+3
|
* SSH: Add support for OpenSSH-style public keysJan Cholasta2012-09-041-13/+37
|
* SSH: Simplify public key formatting functionJan Cholasta2012-09-044-46/+12
|
* SSH: Return error code in SSH utility functionsJan Cholasta2012-09-044-29/+54
|
* Adding -std=gnu99 flag.Michal Zidek2012-09-041-1/+2
|
* Check if the SELinux login directory existsJakub Hrozek2012-09-043-3/+13
| | | | https://fedorahosted.org/sssd/ticket/1492
* RPM: Always include the patch fileJakub Hrozek2012-08-291-2/+0
|
* RPM: Switch the default ccache locationJakub Hrozek2012-08-283-1/+29
| | | | https://fedorahosted.org/sssd/ticket/1500
* Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek2012-08-273-8/+115
| | | | https://fedorahosted.org/sssd/ticket/1460
* Use new debug levels in validate_tgt()Sumit Bose2012-08-241-13/+16
|
* Fix fallback in validate_tgt()Sumit Bose2012-08-241-8/+20
| | | | | | | | | | To validate a TGT a keytab entry from the client realm is preferred but if none ca be found the last entry should be used. But the entry was freed and zeroed before it could be used. This should also fix the trusted domain use case mentioned in https://fedorahosted.org/sssd/ticket/1396 although a different approach then suggested in the ticket is used.
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-236-1/+67
| | | | https://fedorahosted.org/sssd/ticket/1365
* Unify usage of sysdb transactionsMichal Zidek2012-08-2320-67/+270
| | | | | | Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
* Typo in debug message (SSSd -> SSSD).Michal Zidek2012-08-231-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1434
* Clean up cache on server reinitializationPavel Březina2012-08-236-4/+404
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
* Consolidation of functions that make realm upper-caseOndrej Kos2012-08-235-31/+28
|
* AD context was set to null due to type mismatchOndrej Kos2012-08-233-1/+14
|
* Remove compilation warning: ret may be uninitializedPavel Březina2012-08-211-0/+2
|
* Unbreak build on RHEL5: replace ldap_destroy() with ldap_unbind_ext()Pavel Březina2012-08-211-1/+1
| | | | ldap_destroy() is not present in RHEL5
* Close LDAP connection when unable to install TLSPavel Březina2012-08-211-13/+13
| | | | | | | We were not closing LDAP connection when using SSL with invalid certificate. https://fedorahosted.org/sssd/ticket/1490
* accept_fd_handler: add missing returnSumit Bose2012-08-211-0/+1
|
* SYSDB: Make sysdb_attrs_get_el_int() publicStephen Gallagher2012-08-212-8/+10
| | | | Also rename it to sysdb_attrs_get_el_ext()
* Process all groups from a single nesting levelJakub Hrozek2012-08-211-4/+14
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
generated by cgit (git 2.34.1) at 2024-05-17 23:08:49 +0000