Commit message (Collapse)AuthorAgeFilesLines
* Update translations for 1.9.0 beta 3 releasesssd-1_9_0_beta3sssd-1_8_93Stephen Gallagher2012-06-2529-11034/+14681
* Set default for subdomain_homedirSumit Bose2012-06-253-1/+6
* BUILD: Change default unicode library to glib2Stephen Gallagher2012-06-253-12/+6
| | | | | This patch also removes the references to 'cvs' and 'nscd' from BUILD.txt, as they are no longer necessary.
* Add man page section for the PAC responderSumit Bose2012-06-252-1/+40
* Build pac responder tests only if pac responder is buildSumit Bose2012-06-251-2/+6
* SELinux user maps: pick just one mapJan Zeleny2012-06-251-12/+11
| | | | | | | | | This patch modifies behavior of SSSD when putting together content of the file for pam_selinux. SSSD will now pick only the first user map in the priority list which matches to the user logging in. Other maps are ignored.
* Fix re_expression matching with subdomainsJan Zeleny2012-06-214-85/+173
| | | | | | | | | | | This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
* UTILS: Fix segfault due to sss_parse_name_for_domainsStephen Gallagher2012-06-211-7/+10
| | | | | | | | The recent fixes for per-domain parsing can cause a segfault in the netgroup processing if the domain isn't set to NULL when it's parsed as "any domain".
* Try to build PAC responder only if all dependencies are availableSumit Bose2012-06-212-5/+18
* Add range support to PAC responderSumit Bose2012-06-213-45/+140
* Add support for ID rangesSumit Bose2012-06-2111-10/+584
* PAC client: add krb5 authdata pluginSumit Bose2012-06-215-0/+503
* PAC client: add basic support in common client codeSumit Bose2012-06-212-0/+38
* PAC responder: test suiteJan Zeleny2012-06-212-1/+124
* PAC responder: support in spec fileSumit Bose2012-06-211-0/+7
* PAC responder: add the core functionalitySumit Bose2012-06-213-2/+475
| | | | | | | This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution.
* PAC responder: add some utility functionsJan Zeleny2012-06-213-0/+550
* PAC responder: add basic infrastructureSumit Bose2012-06-218-1/+400
| | | | | This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
* Add close on exec support for old platformsSimo Sorce2012-06-211-1/+16
| | | | | | | Older platfroms like RHEL5 do not have support for O_CLOEXC and need an explicit fcntl after the fd is created. Add it conditionally so it can be clearly removed once we declared those platfroms obsolete and unsupported.
* Do not leak file descriptors in client libs.Simo Sorce2012-06-211-1/+1
| | | | | | We need to make sure the mc socket is not leaked otherwise child processes will pile up leaked file descriptors. Add O_CLOEXEC when opening the cache.
* Move some debug lines to new debug log levelsStef Walter2012-06-2014-26/+26
| | | | | | | * These are common lines of debug output when starting up sssd
* Fix possible segfault in sdap_save_group()Jan Zeleny2012-06-201-2/+11
* Make the client idle timeout configurableStephen Gallagher2012-06-187-5/+40
* Add support for terminating idle connectionsShantanu Goel2012-06-182-2/+67
* Do not send SIGPIPE on disconnectionShantanu Goel2012-06-181-6/+21
| | | | | | | | Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it.
* Log message if close() fails in destructor.Shantanu Goel2012-06-181-1/+12
* Set return errno to the value prior to calling close().Shantanu Goel2012-06-181-2/+2
* Fix typo breaking DIR cache detectionStephen Gallagher2012-06-181-2/+0
* Bumping version to 1.9.0 beta 3Stephen Gallagher2012-06-151-1/+1
* Updating translations for 1.9.0 beta 2 releasesssd-1_9_0_beta2sssd-1_8_92Stephen Gallagher2012-06-1526-6186/+5773
* KRB5: Avoid shadowing dirnameStephen Gallagher2012-06-151-20/+21
| | | | | The variable 'dirname' is a publicly declared variable in libgen.h on older systems such as RHEL 5
* KRB5: Auto-detect DIR cache support in configureStephen Gallagher2012-06-159-8/+61
| | | | | | We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
* KRB5: Update DEBUG macros for create_ccache_dir and find_ccdir_parent_dataStephen Gallagher2012-06-151-17/+30
* Fix compilation on older little-endian systemsStephen Gallagher2012-06-151-1/+2
* SSS_CLIENT: Fix uninitialized value errorStephen Gallagher2012-06-151-1/+1
| | | | | This would cause a crash if we jump to the done: label before it has been allocated.
* LDAP: Fix missing variable in debug messageStephen Gallagher2012-06-151-1/+1
* Fixed debug message in sdap_save_group()Jan Zeleny2012-06-151-1/+1
* Provide "service filter" for SELinux contextJan Zeleny2012-06-141-0/+20
| | | | | | | At this moment we will support only asterisk, designating "all services".
* Make krb5_ccname_template and krb5_ccachedir configurableJakub Hrozek2012-06-145-4/+41
* Use Kerberos context in KRB5_DEBUGJakub Hrozek2012-06-144-65/+73
| | | | | Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages.
* Add support for storing credential caches in the DIR: back endJakub Hrozek2012-06-1410-111/+615
| | | |
* Add a credential cache back end structureJakub Hrozek2012-06-1410-198/+417
| | | | | | To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
* Handle trailing slash in the ccname templateJakub Hrozek2012-06-141-8/+14
| | | | | | With the DIR cache support, it's perfectly legal to specify a ccname directory that ends with a slash. The create_dir function did not handle that situation correctly.
* Residual util functionsJakub Hrozek2012-06-142-0/+102
| | | | | | Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc.
* Add a krb5_child test toolJakub Hrozek2012-06-142-0/+575
| | | |
* Split parse_krb5_child_response so it can be reusedJakub Hrozek2012-06-143-119/+170
| | | | | krb5-child-test will be another consumer. It also makes the code more readable by splitting a huge function.
* Allow redefining the KRB5_CHILD pathJakub Hrozek2012-06-141-3/+7
| | | | | The krb5-child-test will want to run the child from the current directory.
* Provide more debugging in krb5_child and ldap_childJakub Hrozek2012-06-142-14/+73
| | | |
* Two small krb5_child fixesJakub Hrozek2012-06-141-3/+10
| | | | | * Allocation check was missing * a DEBUG statement overwrote errno
* Fix an issue in ghost usersJan Zeleny2012-06-131-75/+47
| | | | | | | | | | | | | | | | | There was an issue with ghost members in nested groups. Consider a scenario with two groups A and B, B being member of A and having some ghost members. In such case SSSD stored both groups, then added membership between them and then added ghost members to the group B. The problem was that adding ghost members to group B didn't propagate these ghost members to group A. This functionality could have been solved by memberof plugin but the logic is far more complicated that changes this patch introduces. The change is simple: add ghost members at the same time as the group is created, even if groups are supposed to be stored in two passes. That way ghost members will be present at the time A -> B membership is created and they will be propagated as expected.