| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
| |
backport of
https://fedorahosted.org/sssd/changeset/20e53344fbdfa215ff7633630feb10458a0274b9
|
|
|
|
|
| |
backport of
https://fedorahosted.org/sssd/changeset/4134936f56911686e908dbd6bc9634767f399e3d
|
|
|
|
|
| |
backport of
https://fedorahosted.org/sssd/changeset/6a9bdb6289bb374d203861cef16f312185725cbc
|
|
|
|
|
|
|
|
|
| |
The pam responder was not properly configured to recover from a backend
disconnect. The connections that were in flight before the disconnection
were never freed and new requests for the same user would just pile up on
top of the now phantom requests.
Fixes: https://fedorahosted.org/sssd/ticket/1655
|
| |
|
|
|
|
|
| |
don't fetch all host groups if this option is false
https://fedorahosted.org/sssd/ticket/1078
|
|
|
|
| |
Also rename it to sysdb_attrs_get_el_ext()
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=846664
If the first group was cached when processing the nested group membership,
we would call tevent_req_done, effectivelly marking the whole nesting
level as done.
|
|
|
|
|
|
|
|
|
|
| |
This code will now attempt first to see if it has privilege to set
the value as specified, and if not it will fall back to the
previous behavior. So on systems with the CAP_SYS_RESOURCE
capability granted to SSSD, it will be able to ignore the
limits.conf hard limit.
https://fedorahosted.org/sssd/ticket/1197
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function alters the memory hierarchy of the be_req
to ensure memory safety during shutdown. It creates a
spy on the be_cli object so that it will free the be_req
if the client is freed.
It is generally allocated atop the private data context
for the appropriate back-end against which it is being
filed.
https://fedorahosted.org/sssd/ticket/1226
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1130
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Converge accept_fd_handler and accept_priv_fd_handler
These two functions were almost identical. Better to maintain them
as a single function.
Set return errno to the value prior to calling close().
Log message if close() fails in destructor.
Do not send SIGPIPE on disconnection
Note we set MSG_NOSIGNAL to avoid
having to fiddle with signal masks
but also do not want to die in case
SIGPIPE gets raised and the application
does not handle it.
Add support for terminating idle connections
Conflicts:
src/responder/common/responder.h
src/responder/common/responder_common.c
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
LDAP: Make sdap_access_send/recv public
We want to consume this in the IPA provider.
IPA: Check nsAccountLock during PAM_ACCT_MGMT
https://fedorahosted.org/sssd/ticket/1227
Conflicts:
src/providers/ipa/ipa_access.h
src/providers/ipa/ipa_init.c
|
| |
|
|
|
|
|
|
|
|
| |
When the ldap child process is killed after a timeout, try the next KDC.
When none of the ldap child processes succeed, just abort the connection
because we wouldn't be able to authenticate to the LDAP server anyway.
https://fedorahosted.org/sssd/ticket/1324
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Rename fo_get_server_name to fo_get_server_str_name
fo_get_server_name() getter for a server name
Allows to be more concise in tests and more defensive in resolve
callbacks
Only do one cycle when resolving a server
https://fedorahosted.org/sssd/ticket/1214
Detect cycle in the fail over on subsequent resolve requests only
|
|
|
|
|
|
|
| |
This patch will increase the file descriptor limit to 8k or the
limits.conf maximum, whichever is lesser.
https://fedorahosted.org/sssd/ticket/1197
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes https://fedorahosted.org/sssd/ticket/967
Conflicts:
src/config/SSSDConfig.py
src/config/etc/sssd.api.d/sssd-ipa.conf
src/config/etc/sssd.api.d/sssd-ldap.conf
src/man/sssd-ldap.5.xml
src/providers/ipa/ipa_common.c
src/providers/ipa/ipa_common.h
src/providers/ldap/ldap_common.c
src/providers/ldap/sdap.h
|
|
|
|
|
| |
For older platforms, do not add the 'realm' line in
the update message
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/893
|
|
|
|
|
|
|
|
|
| |
In some cases, where there would be no response from the LDAP server,
there would be no R/W events on the LDAP fd, so
sdap_async_sys_connect_done would never be called.
This patch adds a tevent timer that cancels the connection after
SDAP_NETWORK_TIMEOUT seconds.
|
|
|
|
| |
Glib fails if the NULL-terminator is included when a length is specified.
|
|
|
|
|
| |
Glib fails if the NULL-terminator is included when a length is
specified.
|
| |
|
| |
|
| |
|
|
|
|
| |
This reverts commit c417f0b8cde38ff5cc10241383f1481e3440879c.
|
| |
|
|
|
|
|
| |
Includes several index updates necessary for major performance
improvements.
|
|
|
|
|
| |
Due to incorrectly written loop, SSSD would go into infitite loop if it
processed the same group on two different levels of membership.
|
| |
|
|
|
|
|
|
|
|
|
| |
There are several places (all error-handling) where sss_cmd_done()
is called with no response packet created. As a short-term
solution, we need to check whether the packet is NULL and simply
return EINVAL. client_send() (the consumer) will then forcibly
disconnect the client (which will return PAM_SYSTEM_ERR to the
client).
|
| |
|
|
|
|
|
|
|
|
| |
Utility functions for LDAP nested schema initgroups
Use fewer transactions during RFC2307bis initgroups
Use fewer transactions during IPA initgroups
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
Mention cache_credentials and tweak the AD example to match the wiki page.
https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fix off-by-one error in remove_socket_symlink()
https://fedorahosted.org/sssd/ticket/1043
Report on errno, not return code in create_socket_symlink
https://fedorahosted.org/sssd/ticket/1044
|
|
|
|
|
|
|
|
|
|
| |
HBAC: Do not save member/memberOf links
We can just trust the values from the FreeIPA server
HBAC: Use originalMember for identifying servicegroups
HBAC: Use originalMember for identifying hostgroups
|
| |
|
|
|
|
|
|
|
|
| |
Add option to follow symlinks to check_file()
Append PID to sbus server socket name, let clients use a symlink
https://fedorahosted.org/sssd/ticket/1034
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1024
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1014
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1013
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add sysdb interface to get name aliases
Add a sysdb_get_direct_parents function
Store name aliases for users, groups
Return users and groups based on alias
https://fedorahosted.org/sssd/ticket/926
Fix typo in sysdb_get_direct_parents
|
| |
|
| |
|
| |
|