summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Do not fail if netgroup exists just update the attributesSumit Bose2010-10-131-1/+1
|
* Add handling of nested netgroups to nss clientSumit Bose2010-10-133-69/+113
|
* Return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUNDSumit Bose2010-10-131-1/+1
| | | | | NSS_STATUS_RETURN needs to be returned to glibc otherwise nested groups are not resolved by glibc.
* Add missing tevent_req_done()Sumit Bose2010-10-131-0/+1
|
* Add netgroup support to the NSS responderStephen Gallagher2010-10-139-2/+926
|
* Split out some helper functions for the NSS responderStephen Gallagher2010-10-132-83/+147
| | | | | Create a new private header and make some functions available for other object files.
* Add negative cache features for netgroupsStephen Gallagher2010-10-132-0/+39
|
* Add support for netgroups to NSS sss_clientStephen Gallagher2010-10-135-6/+367
|
* Rename group.c and passwd.c for clarityStephen Gallagher2010-10-134-4/+4
| | | | | Prefixing group.c and passwd.c with "nss_" similar to the way the PAM client sources are prefixed with "pam_"
* netgroup testsStephen Gallagher2010-10-131-0/+516
|
* Netgroups sysdb APIStephen Gallagher2010-10-134-2/+802
|
* Require explicit setting of callback context for check_cacheStephen Gallagher2010-10-131-7/+13
| | | | | Previously, it was implicitly using the nss_dom_ctx, but there are situations where we would want to send a different private context
* Store entry_cache_timeout in sss_domain_info objectStephen Gallagher2010-10-132-0/+9
| | | | | | This is useful so that the NSS responder can identify an domain's entry timeout for expiring the memory cache for a lookup such as with netgroups.
* Add utility function sss_strnlen()Stephen Gallagher2010-10-132-0/+34
| | | | This is useful for guaranteeing the size of an input buffer.
* Initialize kerberos service for GSSAPIJakub Hrozek2010-10-1310-5/+303
|
* Make ldap_child report kerberos return code to parentJakub Hrozek2010-10-134-13/+31
|
* Report Kerberos error code from ldap_child_get_tgt_syncJakub Hrozek2010-10-131-23/+16
|
* Add KDC to the list of LDAP optionsJakub Hrozek2010-10-135-1/+22
|
* Raise the required version of libdhashSumit Bose2010-10-131-1/+1
| | | | | libdhash version 0.4.2 is required because older versions cannot update hash entries.
* Remove unused definesSumit Bose2010-10-131-2/+0
|
* Distribute XML sources instead of man-pagesSumit Bose2010-10-131-2/+3
|
* Return all group members from getgr(nam|gid)Ralf Haferkamp2010-10-131-12/+374
| | | | | | | getgrnam()/getgrgid() should return all group members instead of only those which have already been cached (in sysdb). To achieve this every member that is currently not in the cache is looked up via LDAP and saved to the cache.
* Shortcut for save_group() to accept sysdb DNs as member attributesRalf Haferkamp2010-10-131-4/+19
| | | | | | Addtional parameter "populate_members" for save_group() and save_groups() to indicate that the "member" attribute of the groups is populated with sysdb DNs of the members (instead of LDAP DNs).
* Rename index to idxSumit Bose2010-10-131-4/+4
| | | | This patch suppresses a 'shadows a global declaration' warning.
* Add a missing include fileSumit Bose2010-10-131-0/+1
| | | | | strcasecmp() is defined in strings.h which might not be included under certain conditions.
* Use POPT_TABLEEND to close option tableSumit Bose2010-10-137-8/+8
|
* Man pages should mention supported providersJan Zeleny2010-10-134-13/+28
| | | | | | | Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615
* Add common hash table setupStephen Gallagher2010-10-083-1/+60
| | | | | sss_hash_create() produces a dhash table living in the talloc hierarchy.
* Disable events on ldap fd when offline.Jan Zeleny2010-10-081-2/+4
| | | | | | | | | Erase events on LDAP socket when backend is offline and an event appears on the socket. Normally this would lead to infinite loop, because event is present on the fd, but instead of being processed, an error log is written and the program continues to wait for the event. Ticket: #599
* Return offline instead of errorStephen Gallagher2010-10-041-1/+2
| | | | | | | | When the failover code returns that there are no available servers while we are marked offline, we were returning an error to the PAM authentication code. Instead, we should return success with a result value of SDAP_UNAVAIL so that the PAM responder will mark the domain offline and attempt offline authentication.
* Suppress some 'unchecked return value' warningsSumit Bose2010-09-281-6/+13
|
* Suppress some 'may be used uninitialized' warningsSumit Bose2010-09-284-9/+15
| | | | | Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
* Use new MIT krb5 API for better password expiration warningsSumit Bose2010-09-234-3/+79
|
* Save all data to sysdb in one transactionSumit Bose2010-09-231-222/+131
|
* Handle host objects like other objectsSumit Bose2010-09-232-129/+183
|
* Initialize debug_level to zero in crypto testsStephen Gallagher2010-09-221-1/+1
|
* Fix assorted specfile issuesStephen Gallagher2010-09-221-8/+6
| | | | | | | 1) Pam modules should be explicitly built for /lib64/security 2) The krb5 locator plugin is always built; remove the conditional 3) The krb5 locator plugin belongs in the sssd-client package 4) The sss_obfuscate manpage was not packaged
* Request the correct attribute nameJakub Hrozek2010-09-221-1/+1
|
* Fix sysdb_attrs_to_listJakub Hrozek2010-09-221-2/+2
|
* Fix sysdb_group_dn_nameJakub Hrozek2010-09-222-1/+43
|
* Initgroups on a non-cached user should go to the data providerStephen Gallagher2010-09-222-2/+13
| | | | | | | We were accidentally returning an error when sysdb_getpwnam() returned zero results internally in sysdb_initgroups(). The correct behavior here is to return EOK and a result object with zero entries.
* Fix missing variable substitution in DEBUG messageStephen Gallagher2010-09-221-2/+2
|
* Request all group attributes during initgroups processingStephen Gallagher2010-09-222-5/+7
| | | | | | | We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results. https://fedorahosted.org/sssd/ticket/622
* Check if control is supported before using it.Simo Sorce2010-09-154-14/+39
|
* Add parameter to skip cleanup in sysdb testJakub Hrozek2010-09-151-1/+4
| | | | This might be useful for examining the test database manually with LDB tools
* Use a different min_id for local domainJakub Hrozek2010-09-152-1/+17
| | | | | When we changed the default min_id to be 1, we forgot about the local domain. It makes sense to keep the minimum id larger there.
* Define objectclass with a constantJakub Hrozek2010-09-152-3/+4
| | | | Use a #define instead of hardcoded string
* Revert "Make ldap bind asynchronous"Jakub Hrozek2010-09-158-1222/+167
| | | | This reverts 56d8d19ac9d857580a233d8264e851883b883c67
* Store rootdse supported features in sdap_handlerSumit Bose2010-09-157-63/+112
|
* Fix parameter order when initializing decryptionJakub Hrozek2010-09-151-1/+1
|