summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Resend SIGINT as SIGTERM in servicesJakub Hrozek2010-06-282-0/+4
| | | | Fixes: #462
* Protect against segfault in remove_ldap_connection_callbacksStephen Gallagher2010-06-181-1/+6
| | | | | | | | | If sdap_mark_offline() is called before a live connection is established, sdap_fd_events could be NULL, causing a segfault when remove_ldap_connection_callbacks() attempts to free the sdap_fd_events->conncb https://fedorahosted.org/sssd/ticket/545
* Fix return value from remove_connection_callback() destructorStephen Gallagher2010-06-181-9/+2
| | | | | ldap_get_option() can only fail if the option we're removing has already been removed. It is sufficient to log this and continue.
* Fix potential resource leak in remove_tree_with_ctx()Stephen Gallagher2010-06-171-1/+10
| | | | https://fedorahosted.org/sssd/ticket/515
* Honor filter_users in PAMStephen Gallagher2010-06-173-10/+47
|
* Move setup of filter_users and filter_groups to negcache.cStephen Gallagher2010-06-173-187/+220
| | | | | Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
* Refactor the negative cacheStephen Gallagher2010-06-176-59/+60
| | | | | Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
* Ensure that all domains are checked for users/groupsStephen Gallagher2010-06-171-3/+15
| | | | | | | There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups)
* Initialize len before looping to read the pidfileStephen Gallagher2010-06-171-1/+1
| | | | https://fedorahosted.org/sssd/ticket/544
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-165-11/+11
| | | | https://fedorahosted.org/sssd/ticket/542
* Remove references to the DP service from the SSSDConfig API testsStephen Gallagher2010-06-162-6/+0
|
* Handle (ignore) unknown options in get_domain() and get_service()Stephen Gallagher2010-06-163-10/+72
| | | | | We will now eliminate any unknown options and providers to guarantee that the domain is safe for use.
* Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher2010-06-141-12/+13
| | | | https://fedorahosted.org/sssd/ticket/539
* Print correct return codeJakub Hrozek2010-06-141-1/+1
| | | | Fixes: #535
* Check closedir call in find_uidJakub Hrozek2010-06-141-4/+9
| | | | Fixes: #503
* Potential memory leak in _nss_sss_*_r()Jakub Hrozek2010-06-142-0/+5
| | | | Fixes: #516
* Fix potential resource leak in copy_tree_ctx()Jakub Hrozek2010-06-141-2/+10
| | | | Ticket #515
* Remove the -g option from useraddJakub Hrozek2010-06-142-70/+2
| | | | | | The local domain has the magic private groups option set unconditionally. Therefore, it does not make any sense to let user configure the primary GID. As a side-effect, this fixes #522.
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-1411-64/+26
| | | | Fixes: #531
* get_uid_from_pid should use fstat rather than lstatJakub Hrozek2010-06-141-11/+11
| | | | Fixes: #541
* Add ldap_force_upper_case_realm to example AD configStephen Gallagher2010-06-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/532
* Properly null-terminate socket pathStephen Gallagher2010-06-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/540
* Addressing initialization issues.Dmitri Pal2010-06-101-6/+6
| | | | | Fixing bug found by coverity. Tciket #519
* Make sure to close varargs before returning from a functionStephen Gallagher2010-06-102-3/+2
| | | | https://fedorahosted.org/sssd/ticket/528
* Eliminate unused variable from pc_init_timeout()Stephen Gallagher2010-06-101-4/+0
| | | | https://fedorahosted.org/sssd/ticket/525
* Check return code of hash_delete in proxy_child_destructorStephen Gallagher2010-06-101-1/+7
| | | | | | | We can't do much about an error here, but we should be reporting it. https://fedorahosted.org/sssd/ticket/534
* Properly check that the timeout event was created for cleanup/enumStephen Gallagher2010-06-102-2/+46
| | | | | | | | | We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
* Check the correct variable for NULL after creating timerStephen Gallagher2010-06-103-4/+4
| | | | | | | | | In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
* Don't leak directory access resources on errors in directory_list()Stephen Gallagher2010-06-101-0/+8
| | | | https://fedorahosted.org/sssd/ticket/514
* Properly handle missing originalMemberOf entry in initgroupsStephen Gallagher2010-06-101-0/+1
| | | | | | | Failing to return after the tevent_req_post() here can result in a null-pointer dereference (along with other hard-to-track bugs) https://fedorahosted.org/sssd/ticket/507
* Avoid potential NULL dereferenceStephen Gallagher2010-06-101-3/+5
| | | | https://fedorahosted.org/sssd/ticket/506
* Fix misuse of errno in find_uid.cStephen Gallagher2010-06-101-17/+26
|
* Properly handle read() and write() throughout the SSSDStephen Gallagher2010-06-109-42/+131
| | | | | | | We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
* Add a missing free()Sumit Bose2010-06-091-0/+1
|
* Add a missing initializerSumit Bose2010-06-091-1/+1
|
* Add missing break to switch statementJakub Hrozek2010-06-091-0/+1
| | | | | | | Switch statement missing a break causes unintended implicit setting of 'm' options in sss_useradd. Fixes: #512
* Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher2010-06-092-3/+21
|
* Avoid a potential double-freeSumit Bose2010-06-091-0/+1
|
* Change default min_id to 1Stephen Gallagher2010-06-094-9/+16
| | | | | Also update manpage for min_id/max_id to be more clear about how it relates to primary GID.
* Disable connection callbacks when going onlineStephen Gallagher2010-06-093-0/+27
| | | | | | | | Under certain circumstances, the openldap libraries will continue internally trying to reconnect to a connection lost (as during a cable-pull test). We need to drop the reconnection callbacks when marking the backend offline in order to guarantee that they are not called with an invalid sdap_handle.
* Fix Incorrect NULL check in get_server_common()Jakub Hrozek2010-06-091-1/+1
| | | | Fixes: #518
* Fix potential NULL dereference in fail_over.cJakub Hrozek2010-06-091-2/+5
| | | | Fixes: #505
* Fix realm_str dereferenceJakub Hrozek2010-06-091-1/+1
| | | | Fixes: #508
* Fix typo in Makefile.amStephen Gallagher2010-06-091-1/+1
| | | | We weren't properly linking libsss_krb5.so against libkeyutils
* Skip empty attributes with warningJakub Hrozek2010-06-091-0/+4
| | | | Fixes: #488
* Don't return uninitialized value in proxy providerJakub Hrozek2010-06-061-1/+4
| | | | Fixes: #498
* Fix broken build against older versions of OpenLDAPStephen Gallagher2010-06-062-2/+12
| | | | | | OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
* Initialize pam_data in Kerberos child.Sumit Bose2010-06-061-1/+1
|
* Man page fixesJakub Hrozek2010-06-062-2/+6
| | | | Fixes: #496
* Remove dead code from the PAM responderJakub Hrozek2010-06-062-13/+0
|
generated by cgit (git 2.34.1) at 2024-11-06 08:31:38 +0000