summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Try all KDCs when getting TGT for LDAPsssd-1.5.1-52.el5Jakub Hrozek2012-06-041-15/+16
| | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
* Only do one cycle when resolving a serverJakub Hrozek2012-06-0411-64/+170
| | | | | | | | | | | | | | | Rename fo_get_server_name to fo_get_server_str_name fo_get_server_name() getter for a server name Allows to be more concise in tests and more defensive in resolve callbacks Only do one cycle when resolving a server https://fedorahosted.org/sssd/ticket/1214 Detect cycle in the fail over on subsequent resolve requests only
* RESPONDERS: Allow increasing the file-descriptor limitsssd-1.5.1-51.el5Stephen Gallagher2012-04-254-0/+49
| | | | | | | This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
* LDAP: Add option to disable paging controlStephen Gallagher2012-03-229-5/+40
| | | | | | | | | | | | | | | Fixes https://fedorahosted.org/sssd/ticket/967 Conflicts: src/config/SSSDConfig.py src/config/etc/sssd.api.d/sssd-ipa.conf src/config/etc/sssd.api.d/sssd-ldap.conf src/man/sssd-ldap.5.xml src/providers/ipa/ipa_common.c src/providers/ipa/ipa_common.h src/providers/ldap/ldap_common.c src/providers/ldap/sdap.h
* IPA: Detect nsupdate support for the realm directiveStephen Gallagher2012-01-173-15/+55
| | | | | For older platforms, do not add the 'realm' line in the update message
* Log nsupdate messageJakub Hrozek2012-01-101-0/+3
| | | | https://fedorahosted.org/sssd/ticket/893
* Handle timeout during sss_ldap_init_sendJakub Hrozek2011-12-133-3/+41
| | | | | | | | | In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
* Ignore NULL-terminator when checking UTF8-validity for netgroupssssd-1.5.1-46.el5Stephen Gallagher2011-12-091-1/+1
| | | | Glib fails if the NULL-terminator is included when a length is specified.
* Ignore NULL-terminator when checking UTF8-validitysssd-1.5.1-45.el5Stephen Gallagher2011-12-052-4/+4
| | | | | Glib fails if the NULL-terminator is included when a length is specified.
* Allow using Glib for UTF8 supportStephen Gallagher2011-12-058-54/+236
|
* RESPONDER: Ensure that all input strings are valid UTF-8Stephen Gallagher2011-12-057-2/+52
|
* LDAP: Try next failover server on any errorStephen Gallagher2011-12-051-9/+5
|
* Revert "RHEL5: Remove UTF8 support for RHEL5"Stephen Gallagher2011-12-053-6/+35
| | | | This reverts commit c417f0b8cde38ff5cc10241383f1481e3440879c.
* Add -fno-strict-aliasingsssd-1.5.1-43.el5Stephen Gallagher2011-11-281-1/+2
|
* SYSDB: Update sysdb version to latestsssd-1.5.1-40.el5Stephen Gallagher2011-11-022-1/+362
| | | | | Includes several index updates necessary for major performance improvements.
* RFC2307bis initgroups: fix nested groups processingJakub Hrozek2011-10-311-20/+33
| | | | | Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership.
* RHEL5: Remove UTF8 support for RHEL5Stephen Gallagher2011-10-263-35/+6
|
* RESPONDER: Fix segfault in sss_packet_send()Stephen Gallagher2011-10-261-0/+5
| | | | | | | | | There are several places (all error-handling) where sss_cmd_done() is called with no response packet created. As a short-term solution, we need to check whether the packet is NULL and simply return EINVAL. client_send() (the consumer) will then forcibly disconnect the client (which will return PAM_SYSTEM_ERR to the client).
* Plug memory leaks in LDAP providerJakub Hrozek2011-10-261-0/+3
|
* Use fewer transactions during RFC2307bis initgroupsJakub Hrozek2011-10-261-539/+802
| | | | | | | | Utility functions for LDAP nested schema initgroups Use fewer transactions during RFC2307bis initgroups Use fewer transactions during IPA initgroups
* MONITOR: fix timeout conversionStephen Gallagher2011-10-261-1/+1
|
* Sanitize DN in sysdb_get_direct_parentsJakub Hrozek2011-10-261-1/+7
|
* Add a missing breakJakub Hrozek2011-10-261-0/+1
|
* Update sssd-example.confMarko Myllynen2011-10-261-3/+6
| | | | | | Mention cache_credentials and tweak the AD example to match the wiki page. https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server
* Fixed timeout handling in respondersJan Zeleny2011-10-261-72/+72
|
* Fix Coverity issues introduced by DBUS socket patchJakub Hrozek2011-10-261-1/+3
| | | | | | | | | | Fix off-by-one error in remove_socket_symlink() https://fedorahosted.org/sssd/ticket/1043 Report on errno, not return code in create_socket_symlink https://fedorahosted.org/sssd/ticket/1044
* Improve performance of HBAC with large numbers of hostsStephen Gallagher2011-10-264-206/+334
| | | | | | | | | | HBAC: Do not save member/memberOf links We can just trust the values from the FreeIPA server HBAC: Use originalMember for identifying servicegroups HBAC: Use originalMember for identifying hostgroups
* Check if dp_requests hash table exists before using itJakub Hrozek2011-10-261-0/+5
|
* Append PID to sbus server socket name, let clients use a symlinkJakub Hrozek2011-10-2610-26/+208
| | | | | | | | Add option to follow symlinks to check_file() Append PID to sbus server socket name, let clients use a symlink https://fedorahosted.org/sssd/ticket/1034
* man page fix (lists are comma-separated)Jan Zeleny2011-10-263-4/+4
| | | | https://fedorahosted.org/sssd/ticket/1024
* Streamline the example configJakub Hrozek2011-10-261-72/+28
| | | | https://fedorahosted.org/sssd/ticket/1014
* Use explicit base 10 for converting strings to integersJakub Hrozek2011-10-265-8/+8
| | | | https://fedorahosted.org/sssd/ticket/1013
* Better handling for aliasesJakub Hrozek2011-10-267-103/+407
| | | | | | | | | | | | | | Add sysdb interface to get name aliases Add a sysdb_get_direct_parents function Store name aliases for users, groups Return users and groups based on alias https://fedorahosted.org/sssd/ticket/926 Fix typo in sysdb_get_direct_parents
* IPA access: hostname comparison should be case-insensitiveJakub Hrozek2011-10-261-1/+1
|
* HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher2011-10-261-3/+3
|
* Do not delete requests inside hash_iterate loopJakub Hrozek2011-10-261-10/+12
|
* Do not attempt to close() a file descriptor < 0Stephen Gallagher2011-10-261-1/+3
| | | | Coverity 10886
* Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek2011-10-261-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1003
* MONITOR: Correctly detect lack of response from servicesStephen Gallagher2011-10-261-21/+26
| | | | | | | | | | We were incorrectly using DBUS_ERROR_TIMEOUT here. The correct behaviour is to check for DBUS_ERROR_NO_REPLY. This way we will properly handle the three-tries in the tasks_check_handler(). Additionally, we weren't properly handling failure counts correctly, meaning we weren't restarting stuck services in a timely manner.
* Use sss_ldap_err2string() instead of ldap_err2string()Pavel Březina2011-10-265-40/+54
| | | | | | | | | | sss_ldap_err2string() - function created https://fedorahosted.org/sssd/ticket/986 sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string() https://fedorahosted.org/sssd/ticket/986
* Improve error message for LDAP password constraint violationJakub Hrozek2011-10-263-16/+29
| | | | https://fedorahosted.org/sssd/ticket/985
* Do not access memory out of boundsSumit Bose2011-10-261-2/+2
|
* Add option to specify the kerberos replay cache dirStephen Gallagher2011-10-2610-0/+77
| | | | | | | Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
* HBAC: Properly skip all non-group memberOf entriesStephen Gallagher2011-10-261-1/+2
|
* Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek2011-10-268-3/+33
| | | | https://fedorahosted.org/sssd/ticket/978
* HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher2011-10-261-4/+4
| | | | | We were trying to look up the wrong attribute for the name of the hostgroup.
* HBAC: Handle saving groups that have no membersStephen Gallagher2011-10-261-7/+21
|
* Improve password policy error code and messageSumit Bose2011-10-261-4/+9
| | | | | | Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
* Use sysdb attribute name for GID, not LDAP attributeStephen Gallagher2011-10-261-3/+3
|
* Return the first value of name if the multivalued name attribute does not ↵Jakub Hrozek2011-10-261-3/+4
| | | | | | match RDN https://fedorahosted.org/sssd/ticket/926