summaryrefslogtreecommitdiffstats
path: root/server
Commit message (Collapse)AuthorAgeFilesLines
* Remove unneeded files from sss_clientStephen Gallagher2010-02-1822-4031/+0
|
* Merge sss_client and sss_daemon translations togetherStephen Gallagher2010-02-1811-11/+1102
|
* Eliminate separate build tree for sss_clientStephen Gallagher2010-02-1840-5/+7397
|
* Use macros to hide memcpy callsJakub Hrozek2010-02-185-149/+71
| | | | | The memcpy calls introduced in the memalign patches are ugly. This patch hides them behind a set of macros.
* Supress warnings with -O2Jakub Hrozek2010-02-185-12/+10
|
* Add test for number of options in IPA and LDAP backendsJakub Hrozek2010-02-164-6/+75
|
* Synchronize IPA and LDAP optionsJakub Hrozek2010-02-161-2/+4
|
* Remove replaceSumit Bose2010-02-161-10/+0
|
* Make PAM responses more compatible with D-BUS specStephen Gallagher2010-02-152-34/+108
| | | | | | | | | | Previously, the PAM responses could contain an arbitrary number of arguments. This is not acceptable by the D-BUS protocol, as there is no way to introspect it. This patch converts the response objects to be an array of D-BUS structs. It also fixes two potential memory leaks by not unref'ing the reply object if we get an error.
* Make attr_type an integerStephen Gallagher2010-02-152-20/+14
| | | | | | Previously it was a string being passed and converted into an integer. It will be more efficient this way (and simpler for other implementers)
* Add doxygen docs for ConfDBStephen Gallagher2010-02-154-14/+1759
|
* Add check for broken LDAP connection callbacksSumit Bose2010-02-122-2/+12
|
* sss_groupshow: separate member lists by commaJakub Hrozek2010-02-121-3/+6
| | | | Fixes: #398
* Make change password errors more transparentSumit Bose2010-02-127-23/+184
|
* Don't pass a variable as format to talloc_asprintf()Martin Nagy2010-02-122-2/+2
| | | | This practice is not recommended and can also be dangerous.
* sss_groupshow improvementsJakub Hrozek2010-02-102-104/+698
| | | | | | | | | This patch fixes the following issues: * man page issues (#395) * show info on MPGs (#396) * recursively print indirect members (#397) * the list of groupnames is comma separated (#398) * output inconsistencies (#399)
* Fix other memory alignment issuesJakub Hrozek2010-02-104-42/+55
| | | | | | | Similar to George McCollister's patch to the pam code, this patch fixes other places in the code where we forced data into 32-bit alignment. Fixes: #390
* Few misc minor man page bugsJakub Hrozek2010-02-103-26/+23
| | | | | | | | | | | | | | | * sssd.conf * sbus_timeout was used in an example but explained nowhere * enum_cache_timeout unit was not defined * same for entry_cache_timeout * store_legacy_passwords option does not exist anymore * better example than domain/LOCAL - domain/LDAP which uses krb5/ldap * sssd.conf(5) listed sssd.conf(5) in SEE ALSO section * sssd-krb5, sssd-ldap * these include each other in SEE ALSO section Fixes: #393
* Make return values more specific during password changeSumit Bose2010-02-103-37/+58
| | | | | | | - return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password change operation fails - send a message to the user if the system is offline and the password cannot be changed
* Updating PL translationPiotr Drąg2010-02-101-4/+6
|
* Fix handling of the global context in the leak detectorSumit Bose2010-02-102-1/+3
|
* Send a message to the user if the login is delayedSumit Bose2010-02-105-35/+91
|
* Update translatable stringsStephen Gallagher2010-02-059-549/+675
|
* Document when LDAP referral chasing is availableSumit Bose2010-02-052-0/+17
|
* Reactivate old fd handling conditionallySumit Bose2010-02-055-1/+82
| | | | | | | Older versions of openLDAP do not provide a connection callback. This patch adds a configure check to see if the callback is available and activates the old way of handling the file description of the LDAP connection. This also means that it is not possible to follow referrals.
* Add mandatory flag to SSSD config schemaStephen Gallagher2010-02-058-207/+455
| | | | | | | | | Also add list_mandatory_options() to both SSSDService and SSSDDomain objects. There is a new list_options_with_mandatory() function that will return a longer tuple than list_options(), including the mandatory flag directly.
* Remove unnecessary explicit defaults from SSSDConfig APIStephen Gallagher2010-02-052-10/+10
|
* Added option to use libcrypto instead of NSS.George McCollister2010-02-057-11/+416
| | | | | | | | | | | | crypto_sha512crypt.c is a clone of nss_sha512crypt.c with the exception that all usage of NSS and related libraries has been switched to libcrypto. I renamed nss_sha512crypt.h to sha512crypt.h since it is common to both crypto_sha512crypt.c and nss_sha512crypt.c. Note that the random number generator is not seeded manually and thus relies on seeding done automatically by libcrypto. On some systems without /dev/urandom seeding may not be performed. See http://www.openssl.org/docs/crypto/RAND_add.html. Signed-off-by: George McCollister <georgem@novatech-llc.com>
* Internationalize the command-line help messageStephen Gallagher2010-02-055-15/+15
|
* Enable debug_timestamps by defaultStephen Gallagher2010-02-057-11/+11
| | | | | It can be overridden in the sssd.conf or on the commandline with --debug-timestamps=0
* Make krb5 and open checks work if forking is disabledSumit Bose2010-02-032-1/+6
| | | | | | | | | | | | | | | | When CK_FORK is set to 'no' the fixtures are executed for every new test inside of the same process. Global variables must be set to the expected values by the fixtures. check_and_open-tests.c: the filename template for mkstemp() was a globally defined character string. After the first call to mkstemp() the trailing XXXXXX are substituted by random values, a second call to mkstemp() with this character string fails. This patch initialize the filename template before mkstemp() is called with the help of strdup() and the memory is freed in the teardown fixture. krb5_utils-tests.c: this patch sets the just freed global talloc context to NULL to make a consistency check in the setup fixture pass.
* Make resolve and failover test work with CK_FORK=noSumit Bose2010-02-034-6/+11
| | | | | | | | | | | | | | | The leak checking code which is used by the resolve and failover tests frees talloc's autofree context which is not recommended. As a consequence the initialization of tevent failed when it was called by the second test and CF_FORK=no, because it holds some data in the autofree context. This patch introduces a global talloc context which should be uses by the test as the root of their memory hierarchy instead of NULL. This global context is used in the leak checking routines. Not all types of memory leaks can be detected by the new version , it is recommended to use valgrind or similar tools additionally.
* Split off libini_config into a shared libraryStephen Gallagher2010-02-033-5/+23
|
* Split off libcollection into a shared libraryStephen Gallagher2010-02-033-6/+24
|
* Warn the user if authentication happens offlineSumit Bose2010-02-024-13/+132
|
* Add offline failed login counterSumit Bose2010-02-029-17/+631
|
* Add new option ldap_referralsSumit Bose2010-02-027-1/+30
|
* Use ldap connection callbacks to get file descriptorsSumit Bose2010-02-024-43/+121
|
* Check cache_credentials in sysdb_cache_auth_send()Sumit Bose2010-02-022-0/+14
|
* Force offline operation with SIGUSR1Stephen Gallagher2010-02-013-0/+69
| | | | | | If the monitor receives SIGUSR1, it will instruct all providers to enter offline operation. If any individual provider receives SIGUSR1, it alone will enter offline operation.
* Avoid 'PAM' at the beginning of define and enum namesSumit Bose2010-02-015-25/+26
|
* Rename PAM_USER_INFO to PAM_SYSTEM_INFOSumit Bose2010-02-012-3/+3
|
* Fix size error on 64-bit systemsStephen Gallagher2010-01-251-1/+1
|
* Handle IPv6 addresses with the async resolverStephen Gallagher2010-01-224-13/+65
|
* Pointers to non 32 bit aligned data were being cast to uint32_t *George McCollister2010-01-222-9/+11
| | | | | | | | uint32_t pointers must point to 32 bit aligned data on ARM. Instead of padding the data to force it into alignment I altered the code to memcpy the data to an aligned location. I'd appreciate any and all feedback especially on whether I took the best approach. pam_test_client auth and pam_test_client acct now work on my armeb-xscale-linux-gnueabi target. Signed-off-by: George McCollister <georgem@opteron.novatech-llc.com>
* Fix async resolver integration with teventStephen Gallagher2010-01-221-7/+19
| | | | | | | We weren't properly setting read/write flags on the tevent fd events, so c-ares was unable to perform bidirectional communication for TCP DNS (in situations where the response is too large to send by UDP)
* Add missing link for KerberosStephen Gallagher2010-01-211-1/+2
|
* Use version.m4 for setting the SSSD versionStephen Gallagher2010-01-211-1/+4
| | | | | | | | This is the preferred way of setting the version in a file, as autotools will properly monitor this file for changes and rerun autoconf/configure when necessary to update the version. This means that we don't need to manually perform an autoreconf in order to build a new RPM
* Split off libdhash into a shared libraryStephen Gallagher2010-01-203-5/+23
| | | | | | | | Right now, the pkg-config checks for the system version of libdhash are forcibly disabled, requiring the SSSD to build it from its own tree. In the future, when we split the libraries off from the SSSD, it will be easy to switch this check to the external library.
* Fix a double free bugSumit Bose2010-01-201-3/+0
|