summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Updating version for 1.9.8sssd-1-9Jakub Hrozek2014-12-051-1/+1
|
* Updating translations for the 1.9.7 releasesssd-1_9_7Jakub Hrozek2014-12-0539-1913/+33721
|
* Do not switch to credentials everytime.Lukas Slebodnik2014-12-021-4/+69
| | | | | | | | | | | If user decide to kinit as another user we do not want to switch back to user ccache at another login. We will switch to new ccache if and only if default principal name is the same as current principal name, or there is not any default ccache. https://fedorahosted.org/sssd/ticket/1936 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Every time return directory for krb5 cache collection.Lukas Slebodnik2014-12-022-5/+65
| | | | | | | | | | Function krb5_cc_get_full_name is called only as a way to validate that, we have the right cache. Instead of returned name, location will be returned from function cc_dir_cache_for_princ. https://fedorahosted.org/sssd/ticket/1936 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Fix wrong detection of krb5 ccnameLukas Slebodnik2014-12-021-1/+4
| | | | | | | DIR:/run/user/1000/krb5cc is valid ccname, but function sss_krb5_cc_file_path returned NULL in this case. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* LDAP: Setup periodic task only once.Lukas Slebodnik2014-03-311-13/+41
| | | | | | | | | | | | | | If id provider is {ipa, ad} periodic task will be stared in sssm_{ipa,ad}_init If you enable enumeration and use different providers for id and sudo(autofs) then another periodic task will be scheduled. This can cause weird behaviour (e.g. missing members of group) Perodic tasks will be started only by id_provider. Resolves: https://fedorahosted.org/sssd/ticket/2153 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AUTOTOOLS: krb5 1.12 is also supported krb5 libsLukas Slebodnik2013-12-101-1/+2
| | | | pac responder was not properly detected with krb5 1.12 library
* NSS: Fix memory leak in sss_setnetgrentLukas Slebodnik2013-12-101-1/+1
| | | | | | | | | | | struct nss_cmd_ctx was not released in function nss_cmd_setnetgrent_done and it wasn't used in the other function, because getnetgrent creates its own nss_cmd_ctx context. struct nss_cmd_ctx was released after closing client because it was allocated under client context. Memory leak is apparent with long living clients. Resolves: https://fedorahosted.org/sssd/ticket/2170
* do not use default_domain_suffix with autofsAron Parsons2013-12-031-1/+1
|
* LDAP: Initialize user count for AD matching ruleJakub Hrozek2013-11-281-1/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/2157 If AD matching rule was selected, but the group was empty, the SSSD accessed random data. Initializing count to zero prevents that.
* LDAP: Search for original DN during auth if it's missingJakub Hrozek2013-11-201-16/+194
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2077 If during the LDAP authentication we find out that the originalDN to bind as is missing (because the ID module is not LDAP based), we can try to look up the user from LDAP without saving him just in order to receive the originalDN.
* LDAP: Split out a request to search for a user w/o savingJakub Hrozek2013-11-202-32/+146
| | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2077 Certain situations require that a user entry is downloaded for further inpection, but not saved to the sysdb right away. This patch splits the previously monolithic request into one that just downloads the data and one that uses the new one to download and save the user.
* PROXY: Handle empty GECOSJakub Hrozek2013-11-201-1/+8
| | | | | If the user's GECOS as returned by the proxied module is an empty string (as opposed to NULL), the ldb transaction would error out.
* proxy: Allow initgroup to return NOTFOUNDSimo Sorce2013-11-201-0/+16
| | | | | | | | | When the user is only member of its own primary group, initgroups_dyn may return NOTFOUND as, at least for the 'files' nss provider the code skips the passed in group. Resolves: https://fedorahosted.org/sssd/ticket/2051
* Inherit ID limits of parent domains if setJakub Hrozek2013-11-141-3/+5
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2123 Previously, the subdomains were always unbound even if the administrator limited the ranges with min_id/max_id. This could have posed problems when running programs that scan the whole ID space, such as "groupadd -r".
* Bumping the version for 1.9.7Jakub Hrozek2013-11-061-1/+1
|
* Updating translations for the 1.9.6 releasesssd-1_9_6Jakub Hrozek2013-11-0637-11389/+14131
|
* Updating Transifex URLJakub Hrozek2013-11-061-1/+1
| | | | | | Transifex recently changed their preferred URL from https://www.transifex.net to https://www.transifex.com and the certificate for .net is no longer available.
* be_spy_create: free be_req and not the long living dataSumit Bose2013-10-301-1/+1
|
* sdap_get_generic_ext_send: check if we a re still connectedSumit Bose2013-10-221-0/+7
| | | | | | | | | | | | | | At the beginning of a LDAP request we check if we are connecte and have a valid sdap handle. But for some requests more than one LDAP operation, typically a search, is needed. Due to the asynchronous handling of LDAP request it might be possible that a second request might detect a server error and close the connection while the first request just finished one LDAP search and wants to start a new LDAP search. This patch tries to make sure that there is a valid sdap handle before sending a LDAP search to the server. Fixes https://fedorahosted.org/sssd/ticket/2126
* Check slot validity before MC_SLOT_TO_PTR.Michal Zidek2013-09-232-15/+79
| | | | | resolves: https://fedorahosted.org/sssd/ticket/2049
* AUTOTOOLS: Fix warnings: macro xyz not found in libraryLukas Slebodnik2013-09-161-2/+2
| | | | | | This patch also fixes warning generated by newer version of automake. /usr/share/automake-1.13/am/ltlibrary.am: archiver requires 'AM_PROG_AR' in 'configure.ac'
* man sssd: Add note about SSS_NSS_USE_MEMCACHEMichal Zidek2013-09-131-0/+8
|
* Rename _SSS_MC_SPECIALMichal Zidek2013-09-131-2/+2
| | | | | | If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
* is_dn(): free dnPavel Březina2013-09-101-0/+2
|
* AUTOTOOLS: More robust detection of inotify.Lukas Slebodnik2013-09-094-5/+39
| | | | | | | | | We checked only header file "sys/inotify" for detection whether inotify works. Some platforms do not have built in inotify, but contain library, which provides inotify-compatible interface. This patch adds more robust detection of inotify in configuration time and appends linker flags to Makefile if inotify is provided by library.
* AUTOTOOLS: Use pkg-config to detect libraries.Lukas Slebodnik2013-09-096-27/+70
| | | | | | | | We used pkg-config only as a fallback if header files was not found, but detection of library failed in case of available header file and linking problem (missing -Ldir). This patch prefers pkg-config.
* AUTOTOOLS: add check for type intptr_tLukas Slebodnik2013-09-091-3/+6
| | | | | We check whether HAVE_INTPTR_T is defined in definition of macro discard_const_p, but autootols macro AC_CHECK_TYPE did not generate it.
* AUTOTOOLS: Refactor unicode library detectionLukas Slebodnik2013-09-093-15/+45
| | | | | | | | | If $libdir is not in default library path libunistring cannot be found. (pkg-config can not be used in this case). This patch helps to search libunistring in "$libdir" directory. In refactoring part, indentation was updated to be more readable and some duplicated parts were removed.
* AUTOTOOLS: Add directories for searching ldap headers and libsLukas Slebodnik2013-09-091-2/+2
|
* AUTOMAKE: Use portable way to link with gettextLukas Slebodnik2013-09-091-1/+4
| | | | | | | | | | | | Function gettext needn't be included in libc, it can be part of another library. Autotools macro AM_GNU_GETTEXT generate makefile variables (LIBINTL, LTLIBINTL), which contain necessary linker flags. checking for GNU gettext in libc... no checking for iconv... yes checking for GNU gettext in libintl... yes checking whether to use NLS... yes checking where the gettext function comes from... external libintl
* AUTOMAKE: Use portable way to link with dlopenLukas Slebodnik2013-09-092-2/+3
|
* AUTOTOOLS: Add missing AC_MSG_RESULTLukas Slebodnik2013-09-094-5/+10
| | | | | AC_MSG_RESULT was not used everywhere after AC_MSG_CHECKING. Therefore two lines from configure output was mixed in some cases.
* AUTOTOOLS: Add -LLIBDIR to PYTHON_LIBSLukas Slebodnik2013-09-091-1/+2
| | | | | Detect directory with python libraries and add this directory to the list of directories to be searched for linker.
* mmap_cache: Do not remove record from chain twiceLukas Slebodnik2013-09-091-0/+6
| | | | | | | | | | | It is not very likely, that record will have the same hash1 and hash2, but it is possible. In this situation, it does not make sense to remove record twice. Function sss_mc_rm_rec_from_chain was not robust and sssd_nss could crash in this situation. It was only possible if record was alone in chain. Resolves: https://fedorahosted.org/sssd/ticket/2049
* Make IPA SELinux provider aware of subdomain usersJakub Hrozek2013-09-034-12/+29
| | | | Fixes https://fedorahosted.org/sssd/ticket/1892
* UTIL: Use standard maximum value of type size_tLukas Slebodnik2013-09-032-9/+7
| | | | | | | It is better to use standard constant for maximum value of type size_t, instead of reinventing wheel with own defined constant SIZE_T_MAX This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
* Include sys/types.h for types id_t and uid_tLukas Slebodnik2013-09-032-0/+2
|
* SIGCHLD handler: do not call callback when pvt data was freedPavel Březina2013-08-305-5/+41
| | | | https://fedorahosted.org/sssd/ticket/1992
* CONFIGURE: Get rid of bashismLukas Slebodnik2013-08-281-1/+1
|
* IPA_HBAC: Explicitelly include header file time.hLukas Slebodnik2013-08-281-0/+1
| | | | | | | | struct hbac_eval_req is defined in header file and it has attribute request_time with type time_t, but header file "time.h" was not included. It was not problem, because time.h was indirectly included by stdlib.h (stdlib.h -> sys/types.h -> time.h) in implementation files, but other platforms can have other dependencies among header files.
* MEMBEROF: Remove temporary workaroundLukas Slebodnik2013-08-281-5/+0
|
* UTIL: Explicitly include header file sys/socket.hLukas Slebodnik2013-08-281-0/+1
| | | | | | | We use constant AF_INET6 in util.c, but we do not explicitly include header file sys/socket.h. This header file was indirectly incuded by another header file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can have other dependencies among header files.
* MONITOR: Move function declaration out of conditional buildLukas Slebodnik2013-08-281-5/+6
| | | | | | | Function monitor_config_file_fallback was defined inside of conditional block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block. This patch move declaration of function before start of conditional build section.
* CLIENT: Fix non gnu sss_strnlen implementationLukas Slebodnik2013-08-281-1/+1
| | | | | | last argument of function sss_strnlen "size_t *len" is output variable. We need to increment value of size_t being pointed to by pointer instead of incrementing pointer.
* UTIL: Create new wraper header file sss_endian.hLukas Slebodnik2013-08-288-32/+66
| | | | | | Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
* DP: Use the correct type for DBus booleanJakub Hrozek2013-08-281-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2057
* mmap_cache: Use stricter check for hash keys.Lukas Slebodnik2013-08-281-4/+6
| | | | ht_size is size of hash_table in bytes, but hash keys have type uint32_t
* mmap_cache: Skip records which doesn't have same hashLukas Slebodnik2013-08-281-2/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The code uses 2 hashes for each record, but only one hash table to index them both, furthermore each record has only one single 'next' pointer. This means that in certain conditions a record main end up being on a hash chain even though its hashes do not match the hash chain. This can happen when another record 'drags' it in from another hash chain where they both belong. If the record without matching hashes happens to be the second of the chain and the first record is removed, then the non matching record is left on the wrong chain. On removal of the non-matching record the hash chain will not be updated and the hash chain will end up pointing to an invalid slot. This slot may be later reused for another record and may not be the first slot of this new record. In this case the hash chain will point to arbitrary data and may cause issues if the slot is interpreted as the head of a record. By skipping any block that has no matching hashes upon removing the first record in a chain we insure that dangling references cannot be left in the hash table Resolves: https://fedorahosted.org/sssd/ticket/2049
* sss_packet_grow: correctly pad packet length to 512BPavel Březina2013-08-281-1/+1
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2059 If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL. It also does not pad the length, but usually allocates much more memory than is desired. len = 1024 n = 1024 % 512 + 1 = 0 + 1 = 1 totlen = 1 * 512 = 512 => totlen < len len = 511 n = 511 % 512 + 1 = 511 + 1 totlen = 512 * 512 = 262144 totlen is way bigger than it was supposed to be