summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Potential memory leak in _nss_sss_*_r()Jakub Hrozek2010-06-142-0/+5
| | | | Fixes: #516
* Fix potential resource leak in copy_tree_ctx()Jakub Hrozek2010-06-141-2/+10
| | | | Ticket #515
* Remove the -g option from useraddJakub Hrozek2010-06-142-70/+2
| | | | | | The local domain has the magic private groups option set unconditionally. Therefore, it does not make any sense to let user configure the primary GID. As a side-effect, this fixes #522.
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-1411-64/+26
| | | | Fixes: #531
* get_uid_from_pid should use fstat rather than lstatJakub Hrozek2010-06-141-11/+11
| | | | Fixes: #541
* Add ldap_force_upper_case_realm to example AD configStephen Gallagher2010-06-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/532
* Properly null-terminate socket pathStephen Gallagher2010-06-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/540
* Addressing initialization issues.Dmitri Pal2010-06-101-6/+6
| | | | | Fixing bug found by coverity. Tciket #519
* Make sure to close varargs before returning from a functionStephen Gallagher2010-06-102-3/+2
| | | | https://fedorahosted.org/sssd/ticket/528
* Eliminate unused variable from pc_init_timeout()Stephen Gallagher2010-06-101-4/+0
| | | | https://fedorahosted.org/sssd/ticket/525
* Check return code of hash_delete in proxy_child_destructorStephen Gallagher2010-06-101-1/+7
| | | | | | | We can't do much about an error here, but we should be reporting it. https://fedorahosted.org/sssd/ticket/534
* Properly check that the timeout event was created for cleanup/enumStephen Gallagher2010-06-102-2/+46
| | | | | | | | | We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
* Check the correct variable for NULL after creating timerStephen Gallagher2010-06-103-4/+4
| | | | | | | | | In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
* Don't leak directory access resources on errors in directory_list()Stephen Gallagher2010-06-101-0/+8
| | | | https://fedorahosted.org/sssd/ticket/514
* Properly handle missing originalMemberOf entry in initgroupsStephen Gallagher2010-06-101-0/+1
| | | | | | | Failing to return after the tevent_req_post() here can result in a null-pointer dereference (along with other hard-to-track bugs) https://fedorahosted.org/sssd/ticket/507
* Avoid potential NULL dereferenceStephen Gallagher2010-06-101-3/+5
| | | | https://fedorahosted.org/sssd/ticket/506
* Fix misuse of errno in find_uid.cStephen Gallagher2010-06-101-17/+26
|
* Properly handle read() and write() throughout the SSSDStephen Gallagher2010-06-109-42/+131
| | | | | | | We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
* Add a missing free()Sumit Bose2010-06-091-0/+1
|
* Add a missing initializerSumit Bose2010-06-091-1/+1
|
* Add missing break to switch statementJakub Hrozek2010-06-091-0/+1
| | | | | | | Switch statement missing a break causes unintended implicit setting of 'm' options in sss_useradd. Fixes: #512
* Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher2010-06-092-3/+21
|
* Avoid a potential double-freeSumit Bose2010-06-091-0/+1
|
* Change default min_id to 1Stephen Gallagher2010-06-094-9/+16
| | | | | Also update manpage for min_id/max_id to be more clear about how it relates to primary GID.
* Disable connection callbacks when going onlineStephen Gallagher2010-06-093-0/+27
| | | | | | | | Under certain circumstances, the openldap libraries will continue internally trying to reconnect to a connection lost (as during a cable-pull test). We need to drop the reconnection callbacks when marking the backend offline in order to guarantee that they are not called with an invalid sdap_handle.
* Fix Incorrect NULL check in get_server_common()Jakub Hrozek2010-06-091-1/+1
| | | | Fixes: #518
* Fix potential NULL dereference in fail_over.cJakub Hrozek2010-06-091-2/+5
| | | | Fixes: #505
* Fix realm_str dereferenceJakub Hrozek2010-06-091-1/+1
| | | | Fixes: #508
* Fix typo in Makefile.amStephen Gallagher2010-06-091-1/+1
| | | | We weren't properly linking libsss_krb5.so against libkeyutils
* Skip empty attributes with warningJakub Hrozek2010-06-091-0/+4
| | | | Fixes: #488
* Don't return uninitialized value in proxy providerJakub Hrozek2010-06-061-1/+4
| | | | Fixes: #498
* Fix broken build against older versions of OpenLDAPStephen Gallagher2010-06-062-2/+12
| | | | | | OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
* Initialize pam_data in Kerberos child.Sumit Bose2010-06-061-1/+1
|
* Man page fixesJakub Hrozek2010-06-062-2/+6
| | | | Fixes: #496
* Remove dead code from the PAM responderJakub Hrozek2010-06-062-13/+0
|
* Unify sdap and sysdb data handlingSumit Bose2010-06-021-85/+104
|
* Compare full service nameSumit Bose2010-06-021-1/+2
|
* Remove service groupsSumit Bose2010-06-022-193/+7
| | | | | Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore.
* Use new schema for HBAC service checksSumit Bose2010-06-022-21/+641
|
* Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el()Sumit Bose2010-06-021-23/+12
| | | | | | | | sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT.
* Add sysdb_attrs_get_string_array()Sumit Bose2010-06-022-0/+35
|
* Fix typo in MakefileStephen Gallagher2010-06-021-1/+1
| | | | Caused the kerberos provider to not use the kernel keyring
* Check ipaEnabledFlagSumit Bose2010-05-271-5/+23
|
* Remove signal event if child was terminated by a signalSumit Bose2010-05-272-6/+29
|
* Fix check if LDAP id provider is already initializedSumit Bose2010-05-271-1/+1
|
* Reset run_online_cb flag even if there are no callbacksSumit Bose2010-05-271-8/+10
|
* Add ldap_access_filter optionStephen Gallagher2010-05-2715-4/+621
| | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com
* Add offline callback to disconnect global SDAP handleSumit Bose2010-05-274-1/+24
|
* Add krb5 SIGTERM handler to ipa auth providerSumit Bose2010-05-271-0/+6
|
* Refactor krb5 SIGTERM handler installationSumit Bose2010-05-273-14/+39
|