summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* Treat server names as case-insensitive in failover codeJakub Hrozek2010-04-261-2/+2
|
* Fix a potential memory violationSumit Bose2010-04-261-2/+4
| | | | If read() returns with errno set to EINTR -1 is added to total_len.
* Set LDAP_OPT_RESTART for all LDAP connectionsSumit Bose2010-04-261-7/+7
|
* Avoid accessing half-deallocated memory when using talloc_zfree macro.eindenbom2010-04-161-1/+5
| | | | | | The correct memory deallocation sequence is: - clear pointer to memory first - then deallocate memory
* Make ID provider init functions clearerStephen Gallagher2010-04-164-11/+11
| | | | | | | | | | | Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface.
* Give information about ldap_schema in the sample configStephen Gallagher2010-04-161-0/+7
| | | | Resolves: https://fedorahosted.org/sssd/ticket/438
* Use SO_PEERCRED on the PAM socketSumit Bose2010-04-166-3/+162
| | | | | | | | | | | | | | | | | This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
* Revert "Add better checks on PAM socket"Sumit Bose2010-04-164-274/+5
| | | | This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
* Remove unused configure macroStephen Gallagher2010-04-151-1/+0
|
* Update translations for SSSD 1.2 branchStephen Gallagher2010-04-1214-1689/+2416
|
* Support docdir and abs_builddirStephen Gallagher2010-04-122-0/+7
| | | | | | | | Old versions of autoconf (before 2.60) did not include support for the docdir and abs_builddir variables. This patch emulates support for them. Fixes https://fedorahosted.org/sssd/ticket/422
* Updating IT translationGuido Grazioli2010-04-081-135/+160
|
* Adding interface documentationDmitri Pal2010-04-086-20/+1728
| | | | Package refarray documentation by default
* SELinux login managementJakub Hrozek2010-04-0813-0/+437
| | | | | | | | | | Adds a new option -Z to sss_useradd and sss_usermod. This option allows user to specify the SELinux login context for the user. On deleting the user with sss_userdel, the login mapping is deleted, so subsequent adding of the same user would result in the default login context unless -Z is specified again. MLS security is not supported as of this patch.
* Move SELinux related functions into its own moduleJakub Hrozek2010-04-084-60/+86
| | | | Fix whitespace errors
* Adding Russion TranslationDmitry Drozdov2010-04-072-0/+861
|
* Protect against check-and-open race conditionsStephen Gallagher2010-04-063-30/+79
| | | | | | | | | | | | | | | | | There is a small window between running lstat() on a filename and opening it where it's possible for the file to have been modified. We were protecting against this by saving the stat data from the original file and verifying that it was the same file (by device and inode) when we opened it again, but this is an imperfect solution, as it is still possible for an attacker to modify the permissions during this window. It is much better to simply open the file and test on the active file descriptor. Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as without the initial lstat, we are implicitly accepting symlinks and only verifying the target file.
* Make sss_userdel check for logged in usersJakub Hrozek2010-04-063-3/+154
| | | | | | | | | | sss_userdel now warns if the deleted user was logged in at the time of deletion. Also adds a new parameter --kick to userdel that kills all user processes before actually deleting ther user. Fixes: #229
* Add userdel_cmd paramJakub Hrozek2010-04-066-0/+104
| | | | Fixes: #231
* Do not revert options to defaults in SSSDConfig.get_domain()Stephen Gallagher2010-03-311-1/+1
| | | | | | | | | There was a faulty check in get_domain() that led to the *_provider options being re-added, sometimes after options related to them had already been set. If those options had a default value, they would be overwritten by the default. Fixes: https://fedorahosted.org/sssd/ticket/441
* Add regression test for https://fedorahosted.org/sssd/ticket/441Stephen Gallagher2010-03-312-0/+6
|
* Fix typo in ldap_id_use_start_tls option descriptionStephen Gallagher2010-03-311-1/+1
|
* Allow arbitrary-length PAM messagesStephen Gallagher2010-03-257-43/+55
| | | | | | | | | The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432
* Fix path_utils_ut segfaultStephen Gallagher2010-03-251-2/+3
| | | | | | | | | In the case where the allocated buffer is not large enough to hold the resulting absolute path, we were writing out a null terminator outside of the buffer, instead of at its beginning. Also fixes potential issue where split_path would not initialize the count to zero if it returned a failure.
* Add a test for domain_to_basedn()Sumit Bose2010-03-251-0/+47
|
* Fix LDAP search paths for IPA HBACSumit Bose2010-03-256-43/+84
| | | | | | - use domain_to_basedn() to construct LDAP search paths for IPA HBAC - move domain_to_basedn() to a separate file to simplify the build of a test
* Add krb5_kpasswd to IPA providerEugene Indenbom2010-03-252-2/+3
| | | | The krb5 options were out of sync, causing a runtime abort.
* Regression test against RHBZ #576856Jakub Hrozek2010-03-253-5/+7
|
* Allow running with read only rootJakub Hrozek2010-03-253-1/+7
| | | | | | | Packages /etc/rwtab.d/sssd file that allows SSSD to run on a read-only root filesystem. Fixes: #428
* Fix warnings from -Wmissing-field-initializersSumit Bose2010-03-257-26/+28
| | | | This patch removes some tab-indentations from pamsrv.c, too.
* Set LDAP_OPT_RESTART for ldap_sasl_interactive_bind_s()Sumit Bose2010-03-251-0/+7
| | | | | | | This option is needed for the rare case where a poll() call during ldap_sasl_interactive_bind_s() is interrupted by a signal. LDAP_OPT_RESTART enables the handling of the EINTR error instead of returning an error.
* Fix kinit after password changeSumit Bose2010-03-251-2/+6
| | | | | | | | | | In an environment with slave KDCs and a central server where password changes are allowed the request for a new TGT immediately after the password change should be made against this server, because the slave server might not know the new password. To achieve this the Kerberos localtor plugin now returns the address of the kpasswd server as master_kdc.
* Generate doxygen documentation for path_utilsJakub Hrozek2010-03-256-113/+1849
|
* Unit tests for path_utilsJakub Hrozek2010-03-253-0/+741
| | | | Fixes: #81
* Fixes for path_utilsJakub Hrozek2010-03-251-63/+109
| | | | | | | | | * Do not segfault on passing NULL path to get_{dir,base}name * There is no way dirname can return "..", remove that code * Buffer overflow in path_concat * Expand . in get_basename * Return NULL rather than crash in split_path on passing NULL path * Be more defensive in directory_list
* Update zh_TW translationCheng-Chia Tseng2010-03-221-69/+101
|
* Improvements for LDAP Password Policy supportRalf Haferkamp2010-03-226-20/+201
| | | | | | | | Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server.
* Ensure the SSSDConfig creates sssd.conf with the correct modeStephen Gallagher2010-03-222-4/+87
|
* Lower debug level of unexpected LDAP result codesSumit Bose2010-03-221-0/+5
|
* Add generic error messageJakub Hrozek2010-03-221-0/+4
|
* Fix config file error messageJakub Hrozek2010-03-222-2/+2
|
* Update version in master branch to 1.1.90Stephen Gallagher2010-03-221-1/+1
|
* Fix multiple errors with destructors.Simo Sorce2010-03-191-2/+22
| | | | | | | | | | | | | | | | | This commits cleans up 3 segfaults/valgrind errors due to access to freed memory. 1. The spy wasn't clearing conn_spy causing the svc_destructor to try to clear the spy destructor when the spy was already freed 2. get_config_service was not setting the svc_destrcutor on services depending on the orderof frees at exit this was causing the spy destructor to try to access freed memory because it was not neutralized when the service was freed. 3. at exit the mt_ctx could be freed before services causing the svc_destrcutor to try to access freed memory when removing the service from the service list in the monitor context.
* Fix invalid read cause by premature free of tmpctxSimo Sorce2010-03-191-13/+10
|
* Add translated help text for ldap_tls_cacertdirStephen Gallagher2010-03-181-1/+2
|
* Add missing ldap_tls_cacertdir option to SSSDConfig APIStephen Gallagher2010-03-181-0/+1
|
* Update PT translationRui Gouveia2010-03-181-8/+8
|
* Fix error message for ldap_start_tlsStephen Gallagher2010-03-181-1/+1
|
* Fix a series of memory leaks in the SBUSStephen Gallagher2010-03-175-17/+30
|
* Add UK translationYuri Chornoivan2010-03-172-0/+877
|
generated by cgit (git 2.34.1) at 2025-09-28 22:49:17 +0000