summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Ignore NULL-terminator when checking UTF8-validitysssd-1.5.1-45.el5Stephen Gallagher2011-12-052-4/+4
| | | | | Glib fails if the NULL-terminator is included when a length is specified.
* Allow using Glib for UTF8 supportStephen Gallagher2011-12-058-54/+236
|
* RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher2011-12-057-2/+52
|
* LDAP: Try next failover server on any errorStephen Gallagher2011-12-051-9/+5
|
* Revert "RHEL5: Remove UTF8 support for RHEL5"Stephen Gallagher2011-12-053-6/+35
| | | | This reverts commit c417f0b8cde38ff5cc10241383f1481e3440879c.
* Add -fno-strict-aliasingsssd-1.5.1-43.el5Stephen Gallagher2011-11-281-1/+2
|
* SYSDB: Update sysdb version to latestsssd-1.5.1-40.el5Stephen Gallagher2011-11-022-1/+362
| | | | | Includes several index updates necessary for major performance improvements.
* RFC2307bis initgroups: fix nested groups processingJakub Hrozek2011-10-311-20/+33
| | | | | Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership.
* RHEL5: Remove UTF8 support for RHEL5Stephen Gallagher2011-10-263-35/+6
|
* RESPONDER: Fix segfault in sss_packet_send()Stephen Gallagher2011-10-261-0/+5
| | | | | | | | | There are several places (all error-handling) where sss_cmd_done() is called with no response packet created. As a short-term solution, we need to check whether the packet is NULL and simply return EINVAL. client_send() (the consumer) will then forcibly disconnect the client (which will return PAM_SYSTEM_ERR to the client).
* Plug memory leaks in LDAP providerJakub Hrozek2011-10-261-0/+3
|
* Use fewer transactions during RFC2307bis initgroupsJakub Hrozek2011-10-261-539/+802
| | | | | | | | Utility functions for LDAP nested schema initgroups Use fewer transactions during RFC2307bis initgroups Use fewer transactions during IPA initgroups
* MONITOR: fix timeout conversionStephen Gallagher2011-10-261-1/+1
|
* Sanitize DN in sysdb_get_direct_parentsJakub Hrozek2011-10-261-1/+7
|
* Add a missing breakJakub Hrozek2011-10-261-0/+1
|
* Update sssd-example.confMarko Myllynen2011-10-261-3/+6
| | | | | | Mention cache_credentials and tweak the AD example to match the wiki page. https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server
* Fixed timeout handling in respondersJan Zeleny2011-10-261-72/+72
|
* Fix Coverity issues introduced by DBUS socket patchJakub Hrozek2011-10-261-1/+3
| | | | | | | | | | Fix off-by-one error in remove_socket_symlink() https://fedorahosted.org/sssd/ticket/1043 Report on errno, not return code in create_socket_symlink https://fedorahosted.org/sssd/ticket/1044
* Improve performance of HBAC with large numbers of hostsStephen Gallagher2011-10-264-206/+334
| | | | | | | | | | HBAC: Do not save member/memberOf links We can just trust the values from the FreeIPA server HBAC: Use originalMember for identifying servicegroups HBAC: Use originalMember for identifying hostgroups
* Check if dp_requests hash table exists before using itJakub Hrozek2011-10-261-0/+5
|
* Append PID to sbus server socket name, let clients use a symlinkJakub Hrozek2011-10-2610-26/+208
| | | | | | | | Add option to follow symlinks to check_file() Append PID to sbus server socket name, let clients use a symlink https://fedorahosted.org/sssd/ticket/1034
* man page fix (lists are comma-separated)Jan Zeleny2011-10-263-4/+4
| | | | https://fedorahosted.org/sssd/ticket/1024
* Streamline the example configJakub Hrozek2011-10-261-72/+28
| | | | https://fedorahosted.org/sssd/ticket/1014
* Use explicit base 10 for converting strings to integersJakub Hrozek2011-10-265-8/+8
| | | | https://fedorahosted.org/sssd/ticket/1013
* Better handling for aliasesJakub Hrozek2011-10-267-103/+407
| | | | | | | | | | | | | | Add sysdb interface to get name aliases Add a sysdb_get_direct_parents function Store name aliases for users, groups Return users and groups based on alias https://fedorahosted.org/sssd/ticket/926 Fix typo in sysdb_get_direct_parents
* IPA access: hostname comparison should be case-insensitiveJakub Hrozek2011-10-261-1/+1
|
* HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher2011-10-261-3/+3
|
* Do not delete requests inside hash_iterate loopJakub Hrozek2011-10-261-10/+12
|
* Do not attempt to close() a file descriptor < 0Stephen Gallagher2011-10-261-1/+3
| | | | Coverity 10886
* Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek2011-10-261-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1003
* MONITOR: Correctly detect lack of response from servicesStephen Gallagher2011-10-261-21/+26
| | | | | | | | | | We were incorrectly using DBUS_ERROR_TIMEOUT here. The correct behaviour is to check for DBUS_ERROR_NO_REPLY. This way we will properly handle the three-tries in the tasks_check_handler(). Additionally, we weren't properly handling failure counts correctly, meaning we weren't restarting stuck services in a timely manner.
* Use sss_ldap_err2string() instead of ldap_err2string()Pavel Březina2011-10-265-40/+54
| | | | | | | | | | sss_ldap_err2string() - function created https://fedorahosted.org/sssd/ticket/986 sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() https://fedorahosted.org/sssd/ticket/986
* Improve error message for LDAP password constraint violationJakub Hrozek2011-10-263-16/+29
| | | | https://fedorahosted.org/sssd/ticket/985
* Do not access memory out of boundsSumit Bose2011-10-261-2/+2
|
* Add option to specify the kerberos replay cache dirStephen Gallagher2011-10-2610-0/+77
| | | | | | | Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
* HBAC: Properly skip all non-group memberOf entriesStephen Gallagher2011-10-261-1/+2
|
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-10-268-3/+33
| | | | https://fedorahosted.org/sssd/ticket/978
* HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher2011-10-261-4/+4
| | | | | We were trying to look up the wrong attribute for the name of the hostgroup.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-10-261-7/+21
|
* Improve password policy error code and messageSumit Bose2011-10-261-4/+9
| | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
* Use sysdb attribute name for GID, not LDAP attributeStephen Gallagher2011-10-261-3/+3
|
* Return the first value of name if the multivalued name attribute does not ↵Jakub Hrozek2011-10-261-3/+4
| | | | | | match RDN https://fedorahosted.org/sssd/ticket/926
* Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek2011-10-261-3/+55
| | | | https://fedorahosted.org/sssd/ticket/970
* Add vetoed_shells optionJohn Hodrien2011-10-266-15/+44
| | | | | | | | | | | | There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> Prevent segfault if vetoed_shells are specified without allowed_shells https://fedorahosted.org/sssd/ticket/954
* Fix returning groups when gidNumber attribute is not orderedJakub Hrozek2011-10-263-4/+10
| | | | https://fedorahosted.org/sssd/ticket/951
* pyhbac: Do not convert int to boolJakub Hrozek2011-10-261-2/+11
|
* Explicitly ignore groups with gidNumber=0Jakub Hrozek2011-10-262-11/+18
| | | | https://fedorahosted.org/sssd/ticket/916
* Set gidNumber of non-posix groups to 0 even on updatesJakub Hrozek2011-10-261-8/+44
|
* Fix indexing of skipped groupsJakub Hrozek2011-10-261-2/+4
| | | | https://fedorahosted.org/sssd/ticket/928
* sss_client: avoid leaking file descriptorsSimo Sorce2011-10-262-0/+15
| | | | | | | | | | If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
generated by cgit (git 2.34.1) at 2024-04-24 15:56:01 +0000