summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* DNS sites support - SRV DNS lookup pluginPavel Březina2013-04-105-0/+522
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1032 This plugin mimics the current behaviour. If discovery_domain is set it is the only domain that is tried. If discovery_domain is not set, we try to autodetect domain first and if that fails or SRV lookup on this domain fails, we fallback to SSSD domain name.
* DNS sites support - SRV lookup plugin interfacePavel Březina2013-04-108-0/+140
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly.
* resolv: add resolv_discover_srv request to resolv utilsPavel Březina2013-04-102-0/+194
|
* resolv: add resolv_get_domain request to resolv utilsPavel Březina2013-04-103-1/+170
|
* cmocka unittest for io addedAbhishek Singh2013-04-102-1/+167
|
* cmocka unittest for find_uid addedAbhishek Singh2013-04-102-1/+125
|
* Allow using flatname for subdomain home dir templateJakub Hrozek2013-04-106-9/+33
| | | | https://fedorahosted.org/sssd/ticket/1609
* Put the override_homedir into an included xml fileJakub Hrozek2013-04-103-141/+56
| | | | | The description was duplicated on two places, leading to errors where one was amended but the other was not.
* LDAP: Always fail if a map can't be foundJakub Hrozek2013-04-091-4/+2
|
* Allocate PAM DP request data on responder contextJakub Hrozek2013-04-083-5/+54
| | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1869 Currently the private data passed to the PAM request is a structure allocated on the client context. But in the odd case where the back end would be stopped or stuck until the idle timeout hits, the DP callback would access data that were freed when the client timed out. This patch introduces a new structure allocated on responder context, whose only purpose is to live as long as the request is active.
* Wrong condition after waitpid.Michal Zidek2013-04-051-1/+1
| | | | On success, waitpid() returns pid of terminated child, not 0.
* Check for waitpid failure at wrong place.Michal Zidek2013-04-052-10/+9
| | | | | | Coverity bugs. https://fedorahosted.org/sssd/ticket/1865
* Check for the correct variablesJakub Hrozek2013-04-051-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1864
* Further restrict become_user drop of privileges.Simo Sorce2013-04-051-15/+18
| | | | | | | | | | | | | | | | We never need to regain root after we call become_user() so tighten up even further our privilege drop. Add a setgroups() call to remove all secondary groups root may have been given for whateve reason. Then use the setres[ug]id function to also drop the saved uid/gid so the process cannot regain back root id. Capabilities are also implicitly dropped here, no more CAP_SETUID so this is a Point of No Return, once changed to non-root the process can't get back. Remove redefinition of sys/types.h and unistd.h, they are already defined in util.h and they need to be included after _GNU_SOURCE/_BSD_SOURCE is defined or the prototypes for setres[ug]id will not be found. Add grp.h after util.h for the same reason.
* dyndns: Fix initializing sdap_id_ctxJakub Hrozek2013-04-041-1/+1
|
* LDAP: Fix value initialization warningsLukas Slebodnik2013-04-042-2/+2
|
* Centralize resolv_init, remove resolv context listJakub Hrozek2013-04-035-43/+7
|
* Init failover with be_res optionsJakub Hrozek2013-04-039-131/+125
|
* Allow setting krb5_renew_interval with a delimiterAriel Barria2013-04-039-13/+59
| | | | | | | https://fedorahosted.org/sssd/ticket/902 changed the data type the krb5_renew_interval to string. function krb5_string_to_deltat is used to convert and allow delimiters
* Check for correct variable nameJakub Hrozek2013-04-036-9/+5
| | | | https://fedorahosted.org/sssd/ticket/1864
* Return errno, not -1 on failure in files.cJakub Hrozek2013-04-031-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1862
* Fix potential out-of-bounds write in sss_idmap_sid_to_dom_sidJakub Hrozek2013-04-031-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1861
* pidfile(): Do not leak fd on errorJakub Hrozek2013-04-031-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1860
* krb5 child: Use the correct type when processing OTPJakub Hrozek2013-04-031-1/+1
|
* Fix typos in man pagesYuri Chornoivan2013-04-032-2/+2
|
* Updating the version for the 1.10 beta1 releaseJakub Hrozek2013-04-021-1/+1
|
* Updating the translations for the 1.10 alpha releasesssd-1_9_91sssd-1_10_alpha1Jakub Hrozek2013-04-0239-14769/+39742
|
* Improve syslog message when configuration cannot be loadedAriel Barria2013-04-021-1/+3
| | | | | | https://fedorahosted.org/sssd/ticket/1414 Error code was added and strerror(errno) to show cause in sss_log
* Making the authtok structure really opaque.Lukas Slebodnik2013-04-0219-137/+186
| | | | | | | | | | | | | | | | | | | | Definition of structure sss_auth_token was removed from header file authtok.h and there left only declaration of this structure. Therefore only way how to use this structure is to use accessory function from same header file. To creating new empty authotok can only be used newly created function sss_authtok_new(). TALLOC context was removed from copy and setter functions, because pointer to stuct sss_auth_token is used as a memory context. All declaration of struct sss_auth_token variables was replaced with pointer to this structure and related changes was made in source code. Function copy_pam_data can copy from argument src which was dynamically allocated with function create_pam_data() or zero initialized struct pam_data allocated on stack. https://fedorahosted.org/sssd/ticket/1830
* Reusing create_pam_data() on the other places.Lukas Slebodnik2013-04-025-4/+16
| | | | | | Function create_pam_data() should be only one way how to create new struct pam_data, because it also initialize destructor to created object.
* refactor nested group processing: replace old codePavel Březina2013-04-023-1721/+22
| | | | https://fedorahosted.org/sssd/ticket/1784
* refactor nested group processing: add new codePavel Březina2013-04-021-0/+2229
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1784 1. initialization (main-req), returns members of input group 2. evaluate group members (group) 3. perform individual search (no-deref) or dereference attribute (deref) 4a. no-deref 1. perform a lookup depending on the type of the member object 2. all direct members are evaluated first 3. then we step down in nesting level and evaluate nested groups 4b. deref 1. perform a dereference lookup on member attribute 2. all direct members are evaluated first 3. then we step down in nesting level and evaluate nested groups Tevent request flow: main-req | group |------------------------| no-deref deref | | |----|------|---------| | user group unknown recurse recurse / \ | | | ... | | | ... user group group group
* Provide libnl3 supportOndrej Kos2013-03-276-85/+207
| | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/812 Update the monitor code to be using the new libnl3 API. Changed configure option --with-libnl By default, it tries to build with libnl3, if not found, then with libnl1, if this isn't found either, build proceeds without libnl, just with warning. Specifing --with-libnl=<libnl3|libnl1|no> checks for the specific given version, if not found, configure ends with error.
* selinux: Remove unused parameterJakub Hrozek2013-03-271-1/+0
| | | | https://fedorahosted.org/sssd/ticket/1848
* LDAP: Fix value initializationOndrej Kos2013-03-271-1/+1
|
* filename in comment is correctedAbhishek Singh2013-03-271-1/+1
|
* Update README fileOndrej Kos2013-03-261-1/+7
|
* sssd-1.8.0: work around a bug in cov-build from CoverityKamil Dudka2013-03-261-0/+3
|
* Include config.h to build io.c on RHEL5Jakub Hrozek2013-03-251-0/+2
|
* Document what does access_provider=ad doJakub Hrozek2013-03-211-0/+14
| | | | https://fedorahosted.org/sssd/ticket/1841
* LDAP: If deref search fails, try again without derefJan Cholasta2013-03-215-4/+50
| | | | https://fedorahosted.org/sssd/ticket/1660
* Move signal.m4 from src/util to externalJakub Hrozek2013-03-212-1/+1
|
* Fixing duplicate constLukas Slebodnik2013-03-211-3/+3
| | | | const char const * --> const char *const
* Return error code from ipa_subdom_storeJakub Hrozek2013-03-201-5/+13
|
* coding style fixPavel Březina2013-03-201-1/+1
|
* change responder contexts hierarchyPavel Březina2013-03-206-65/+94
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.
* do not leak memory on failure in *_process_init()Pavel Březina2013-03-207-35/+62
|
* tests: Print warning if LDB_MODULES_PATH is not setMichal Zidek2013-03-204-0/+21
| | | | | | | Print warning if sysdb-tests or sysdb-ssh test are run individually and LDB_MODULES_PATH was not set. https://fedorahosted.org/sssd/ticket/1820
* correct order in error_to_str tablePavel Březina2013-03-201-1/+1
| | | | Also fixed typo.
* BUILD: Always run distcheck and RPM tests in /dev/shmStephen Gallagher2013-03-203-1/+10
| | | | | | | | Some of the tests (such as the sysdb tests) are highly I/O limited. By running them on a ramdisk, we can significantly speed up the test runs when doing a distcheck or RPM build. https://fedorahosted.org/sssd/ticket/1840