summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Remove timestamp from doxygen footersrhel5-currentStephen Gallagher2010-10-088-4/+14
|
* Disable events on ldap fd when offline.Jan Zeleny2010-10-081-2/+4
| | | | | | | | | Erase events on LDAP socket when backend is offline and an event appears on the socket. Normally this would lead to infinite loop, because event is present on the fd, but instead of being processed, an error log is written and the program continues to wait for the event. Ticket: #599
* Treat a zero-length password as a failureStephen Gallagher2010-10-081-0/+7
| | | | | Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD.
* Fix chpass operations with LDAP providerStephen Gallagher2010-10-081-0/+1
| | | | | | | The initial verification of the old password was returning an error because we were not explicitly setting dp_err to DP_ERR_SUCCESS and it was initialized earlier in the function to DP_ERR_FATAL.
* Clean up initgroups processing for RFC2307Stephen Gallagher2010-10-089-17/+1187
| | | | | | | | Instead of recursively updating all users of each group the user being queried belongs to, just add or remove membership for the requested user. Resolves: rhbz#617623
* Allow sssd clients to reconnectSumit Bose2010-10-081-4/+3
| | | | | | | Currently the PAM and NSS client just return an error if there are problems on an open socket. This will lead to problems in long running programs like gdm if sssd is restarted, e.g. during an update. With this patch the socket is closed and reopened.
* Add sss_log() functionStephen Gallagher2010-10-087-5/+168
| | | | | | | | | | | | | | | | | Right now, this log function writes to the syslog. In the future, it could be modified to work with ELAPI or another logging API. Add log notifications for startup and shutdown. Add syslog messages for LDAP GSSAPI bind We will now emit a level 0 debug message on keytab errors, and also write to the syslog (LOG_DAEMON) Log TLS errors to syslog Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
* Add explicit requests for several operational attrsAlexander Gordeev2010-10-081-1/+12
| | | | | | | | | | | | | | | | Operational attributes are not returned in searched requests unless explicitly requested according to RFC 4512 section 5.1. Therefore to get several standard attributes of root DSE we have to request for them. The requested attrs are: - altServer - namingContexts - supportedControl - supportedExtension - supportedFeatures - supportedLDAPVersion - supportedSASLMechanisms Signed-off-by: Alexander Gordeev <lasaine@lvk.cs.msu.su>
* Make RootDSE optionalStephen Gallagher2010-10-082-3/+17
| | | | | | | | | | | In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
* Fix SASL authenticationSumit Bose2010-10-081-2/+2
|
* Fixing types in queue and stack interfacesDmitri Pal2010-10-087-21/+20
|
* Releasing SSSD 1.2.1sssd-1_2_1Stephen Gallagher2010-06-1815-1727/+1644
|
* Protect against segfault in remove_ldap_connection_callbacksStephen Gallagher2010-06-181-1/+6
| | | | | | | | | If sdap_mark_offline() is called before a live connection is established, sdap_fd_events could be NULL, causing a segfault when remove_ldap_connection_callbacks() attempts to free the sdap_fd_events->conncb https://fedorahosted.org/sssd/ticket/545
* Fix return value from remove_connection_callback() destructorStephen Gallagher2010-06-181-9/+2
| | | | | ldap_get_option() can only fail if the option we're removing has already been removed. It is sufficient to log this and continue.
* Fix potential resource leak in remove_tree_with_ctx()Stephen Gallagher2010-06-171-1/+10
| | | | https://fedorahosted.org/sssd/ticket/515
* Honor filter_users in PAMStephen Gallagher2010-06-173-10/+47
|
* Move setup of filter_users and filter_groups to negcache.cStephen Gallagher2010-06-173-187/+220
| | | | | Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
* Refactor the negative cacheStephen Gallagher2010-06-176-67/+68
| | | | | Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
* Initialize len before looping to read the pidfileStephen Gallagher2010-06-171-1/+1
| | | | https://fedorahosted.org/sssd/ticket/544
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-168-19/+19
| | | | https://fedorahosted.org/sssd/ticket/542
* Remove references to the DP service from the SSSDConfig API testsStephen Gallagher2010-06-162-6/+0
|
* Handle (ignore) unknown options in get_domain() and get_service()Stephen Gallagher2010-06-163-10/+72
| | | | | We will now eliminate any unknown options and providers to guarantee that the domain is safe for use.
* Add ldap_force_upper_case_realm to example AD configStephen Gallagher2010-06-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/532
* Print correct return codeJakub Hrozek2010-06-141-1/+1
| | | | Fixes: #535
* Check closedir call in find_uidJakub Hrozek2010-06-141-4/+9
| | | | Fixes: #503
* Potential memory leak in _nss_sss_*_r()Jakub Hrozek2010-06-142-0/+5
| | | | Fixes: #516
* Fix potential resource leak in copy_tree_ctx()Jakub Hrozek2010-06-141-2/+10
| | | | Ticket #515
* Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher2010-06-141-12/+13
| | | | https://fedorahosted.org/sssd/ticket/539
* Fix invalid talloc_move in groupshowJakub Hrozek2010-06-141-1/+7
|
* get_uid_from_pid should use fstat rather than lstatJakub Hrozek2010-06-141-11/+11
| | | | Fixes: #541
* Properly null-terminate socket pathStephen Gallagher2010-06-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/540
* Remove the -g option from useraddJakub Hrozek2010-06-142-93/+2
|
* Undocument the krb5_changepw_principal optionJakub Hrozek2010-06-145-20/+3
| | | | Fixes: #531
* Addressing initialization issues.Dmitri Pal2010-06-101-6/+6
| | | | | Fixing bug found by coverity. Tciket #519
* Make sure to close varargs before returning from a functionStephen Gallagher2010-06-102-3/+2
| | | | https://fedorahosted.org/sssd/ticket/528
* Eliminate unused variable from pc_init_timeout()Stephen Gallagher2010-06-101-4/+0
| | | | https://fedorahosted.org/sssd/ticket/525
* Check return code of hash_delete in proxy_child_destructorStephen Gallagher2010-06-101-1/+7
| | | | | | | We can't do much about an error here, but we should be reporting it. https://fedorahosted.org/sssd/ticket/534
* Properly check that the timeout event was created for cleanup/enumStephen Gallagher2010-06-102-2/+46
| | | | | | | | | We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
* Check the correct variable for NULL after creating timerStephen Gallagher2010-06-103-4/+4
| | | | | | | | | In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
* Don't leak directory access resources on errors in directory_list()Stephen Gallagher2010-06-101-0/+8
| | | | https://fedorahosted.org/sssd/ticket/514
* Properly handle missing originalMemberOf entry in initgroupsStephen Gallagher2010-06-101-0/+1
| | | | | | | Failing to return after the tevent_req_post() here can result in a null-pointer dereference (along with other hard-to-track bugs) https://fedorahosted.org/sssd/ticket/507
* Avoid potential NULL dereferenceStephen Gallagher2010-06-101-3/+5
| | | | https://fedorahosted.org/sssd/ticket/506
* Fixing NULL dereferencing in ini_configDmitri Pal2010-06-101-24/+34
| | | | Addressing ticket #504
* Memory leak in case of empty valueDmitri Pal2010-06-102-0/+44
| | | | | | | Addressing coverity issue. Ticket #513. The memory was really leaked when the configuration value was empty. Added unit test that confirmed the bug.
* Fix misuse of errno in find_uid.cStephen Gallagher2010-06-101-17/+26
|
* Properly handle read() and write() throughout the SSSDStephen Gallagher2010-06-109-42/+131
| | | | | | | We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
* Add a missing free()Sumit Bose2010-06-091-0/+1
|
* Add a missing breakSumit Bose2010-06-091-0/+1
|
* Add a missing initializerSumit Bose2010-06-091-1/+1
|
* Add a missing return valueSumit Bose2010-06-091-0/+1
|
generated by cgit (git 2.34.1) at 2024-04-19 09:31:53 +0000