summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* 80 col and style fixesSimo Sorce2012-08-011-20/+48
| | | | | | | Something like this: sysdb = (be_req->sysdb)?be_req->sysdb:be_req->be_ctx->sysdb; really is not readable, and we always discourage using obfuscated C, please refrain in future.
* Make structure initializer more readableSimo Sorce2012-08-011-7/+15
|
* Fix return error and debug messageSimo Sorce2012-08-011-2/+7
| | | | | | The debuf message was trying to print the number of returned entries, but no integer was provided. Return ENOENT as the error for when there are no entries, not EINVAL.
* Use ldb_msg_add_string with bare stringsSimo Sorce2012-08-011-9/+7
|
* Fix wrong elements used in comparisonSimo Sorce2012-08-012-3/+3
|
* Fix double semi-colonsSimo Sorce2012-08-011-5/+5
|
* 80 columns policeSimo Sorce2012-08-011-8/+13
|
* tests: Remove useless constsSimo Sorce2012-08-011-27/+15
| | | | | Declaring a bunch of structures as const and then wrapping all uses in discard_const_p() is a bit silly. Remove all these useless decorations.
* Change subdomain_infoSimo Sorce2012-08-016-41/+47
| | | | | Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
* First-boot sss_seed toolNick Guay2012-08-017-3/+1011
|
* Fix bad checkJakub Hrozek2012-08-011-1/+1
|
* Require and call ldconfig from subpackages if appropriateVille Skyttä2012-08-011-5/+22
| | | | | The SSSD subpackages were not calling ldconfig even though they contain shared libraries.
* Added unit test for sysdb_ssh.cMichal Zidek2012-08-012-0/+461
|
* Primary server support: new option in AD providerJan Zeleny2012-08-016-2/+8
| | | | | | This patch adds support for new config option ad_backup_server. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new option in IPA providerJan Zeleny2012-08-016-5/+9
| | | | | | This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new options in krb5 providerJan Zeleny2012-08-0115-11/+45
| | | | | | This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new option in ldap providerJan Zeleny2012-08-0110-8/+21
| | | | | | This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
* Primary server support: man page, failover sectionJan Zeleny2012-08-011-1/+11
|
* Primary server support: AD adaptationJan Zeleny2012-08-013-35/+77
| | | | | | This patch adds support for the primary server functionality into AD provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: LDAP adaptationJan Zeleny2012-08-013-35/+84
| | | | | | This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: krb5 adaptationJan Zeleny2012-08-013-49/+94
| | | | | | This patch adds support for the primary server functionality into krb5 provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: IPA adaptationJan Zeleny2012-08-013-35/+77
| | | | | | This patch adds support for the primary server functionality into IPA provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: support for "disconnecting" connections in LDAPJan Zeleny2012-08-011-4/+37
| | | | | | | | | This patch adds support for marking existing connections as being disconnected. Each such connection can't be used for new queries and a new one has to be created instead if necessary. This will ensure that pending operations will end gracefully during reconnection. Also all new queries to the server we are reconnecting to will use another (probably newly created) connection.
* Primary server support: basic support in failover codeJan Zeleny2012-08-018-57/+264
| | | | | | | | Now there are two list of servers for each service. If currently selected server is only backup, then an event will be scheduled which tries to get connection to one of primary servers and if it succeeds, it starts using this server instead of the one which is currently connected to.
* Primary server support: introduce concept of reconnectionJan Zeleny2012-08-012-0/+43
| | | | | | | This patch adds two support functions for adding reconnection callbacks and invoking such callbacks. The concept of reconnection is simple: stop using current connection for for new queries to the server without actually going offline.
* Unbreak SASLPavel Březina2012-07-311-9/+12
| | | | | | | Patch bc76428246c4ce532abd0eadcd539069fc1d94a8 changed the data type of sasl_minssf from int to ber_len_t. Unfortunately, default value of ldap_sasl_minssf is -1 but ber_len_t is defined as unsigned long. This made SASL mechanism inoperative.
* Support fetching of host from sysdb in SELinux codeJan Zeleny2012-07-311-11/+55
| | | | | The host record will be fetched if HBAC is used as access provider since the record is already downloaded and it can be trusted to be valid.
* Support fetching of HBAC rules from sysdb in SELinux codeJan Zeleny2012-07-311-14/+47
| | | | | If HBAC is active, SELinux code will reuse them instead of downloading them from the server again.
* Modify hbac_get_cached_rules() so it can be used outside of HBAC codeJan Zeleny2012-07-312-14/+22
|
* sudo ldap provider: support autoconfiguration of hostnamesPavel Březina2012-07-302-9/+278
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1420 sudoHost attribute may contain hostname or fqdn of the machine. Sudo itself supports only one hostname and its fqdn - the one that is returned by gethostbyname(). This patch implements autoconfiguration of hostname and fqdn if it has not been set manually by ldap_sudo_hostnames option.
* manpage: sssd-sudo - documents how sudo works with sssdPavel Březina2012-07-305-0/+222
| | | | https://fedorahosted.org/sssd/ticket/1418
* Write SELinux config files in responder instead of PAM moduleJan Zeleny2012-07-274-105/+96
|
* tests: allow changing cwd in all testsPavel Březina2012-07-274-1/+13
|
* Remove unused member of be_reqJan Zeleny2012-07-271-3/+0
|
* Move SELinux processing from session to account PAM stackJan Zeleny2012-07-274-56/+90
| | | | | | | | | | | | | | The idea is to rename session provider to selinux provider. Processing of SELinux rules has to be performed in account stack in order to ensure that pam_selinux (which is the first module in PAM session stack) will get the correct input from SSSD. Processing of account PAM stack is bound to access provider. That means we need to have two providers executed when SSS_PAM_ACCT_MGMT message is received from PAM responder. Change in data_provider_be.c ensures just that - after access provider finishes its actions, the control is given to selinux provider and only after this provider finishes is the result returned to PAM responder.
* Renamed session provider to selinux providerJan Zeleny2012-07-279-66/+65
|
* Always free request in data provider PAM callbackJan Zeleny2012-07-271-2/+3
| | | | In case of error the request wasn't freed and the callback just ended.
* Provide counter of possible matches in SELinux IPA providerJan Zeleny2012-07-251-6/+6
| | | | | | The counter is important so the for cycle doesn't depend on the first NULL pointer. That would cause potential errors if more records are following after this first NULL pointer.
* Fix linking of HBAC rules and SELinux user mapsJan Zeleny2012-07-251-0/+13
| | | | | | | Translate manually memberHost and memberUser to originalMemberUser and originalMemberHost. Without this, the HBAC rule won't be matched against current user and/or host, meaning that no SELinux user map connected to it will be matched againts any user on the system.
* Remove ipa_selinux_map_merge()Jan Zeleny2012-07-253-55/+0
| | | | | This function is no longer necessary since sysdb interface for copying elements has been implemented.
* Fix SSSDConfigTestJakub Hrozek2012-07-241-1/+2
|
* manpage: seealso - include ssh conditionallyPavel Březina2012-07-231-6/+10
| | | | | SSH utilities were included in see also section even if SSSD is built without SSH support.
* add hostid and subdomains sections in sssd-ipa.confPavel Březina2012-07-231-1/+5
| | | | https://fedorahosted.org/sssd/ticket/1368
* Extend category support in SELinux user mapsJan Zeleny2012-07-231-6/+24
| | | | | | This patch adds the possibility for user/host category attributes to have more than one value. It also fixes semantically wrong evaluation of SELinux map priority.
* Added some DEBUG statements into SELinux related codeJan Zeleny2012-07-232-8/+38
|
* sdap_sudo.c: add missing end of line in few debug messagesPavel Březina2012-07-231-3/+3
|
* SYSDB: Add log message for unexpected LDB errorsStephen Gallagher2012-07-201-0/+3
|
* Fix sysdb_search_selinux_usermap_by_username return valueJakub Hrozek2012-07-201-0/+1
| | | | | | | | There was a logic bug in sysdb_search_selinux_usermap_by_username that resulted in returning the value the variable "ret" had after the last call to sysdb_attrs_get_uint32_t, which in cases the last rule processed did not have the requested attributes led to using the default user context.
* NSS: Add override_shell optionStephen Gallagher2012-07-209-2/+49
| | | | | | | | | If override_shell is specified in the [nss] section, all users managed by SSSD will have their shell set to this value. If it is specified in the [domain/DOMAINNAME] section, it will apply to only that domain (and override the [nss] value, if any). https://fedorahosted.org/sssd/ticket/1087
* MAN: Improvements to the AD provider manpageStephen Gallagher2012-07-202-0/+114
| | | | | | | Add information about ID mapping (including how to disable it) as well as information on how to handle homedir and shell. https://fedorahosted.org/sssd/ticket/1433
generated by cgit (git 2.34.1) at 2024-11-12 22:17:39 +0000