| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
| |
Sometimes, a value in LDAP will cease to exist (the classic
example being shadowExpire). We need to make sure we purge that
value from SSSD's sysdb as well.
https://fedorahosted.org/sssd/ticket/750
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/733
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Before setting the backend to online during a reset offline request the
check_online method if the ID provider is called. If the check_online
method returns that the ID provider is still not reachable the backend
stays offline. Otherwise the backend is switched to online and the
related callbacks are run.
Additionally the check online test is called during the res_init request
because a change in /etc/resolve.conf might also make a server reachable
which was assumed offline before.
|
| |
|
|
|
|
|
|
| |
We weren't decrementing the count of in-progress authentication
request child processes when they completed successfully. With
this patch, we will now guarantee that the process count is
accurate and that queued requests will be started when a slot is
freed up.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
We used strtol() on a number of places to convert into uid_t or gid_t
from a string representation such as LDAP attribute, but on some
platforms, unsigned long might be necessary to store big id_t values.
This patch converts to using strtoul() instead.
|
| |
|
|
|
| |
Additionally the handling of errno and the errno_t return value of
functions is fixed in krb5_common.c.
|
| |
|
|
|
|
|
| |
Dead assignments were deleted. Also prototype of function
sdap_access_decide_offline() has been changed, since its return
code was never used.
Ticket: #586
|
| |
|
|
|
|
|
| |
In function get_pw_name when allocation of memory fails, there
were two codepaths which could cause printing of undefined value.
This patch fixes both cases.
Ticket: #580
|
| |
|
|
|
|
|
|
|
|
|
|
| |
proxy.c was growing too large to manage (and some graphical
development tools could no longer open it because of memory
limitations).
This patch splits proxy.c into the following files:
proxy_init.c: Setup routines for the plugin
proxy_id.c: Functions to handle user and group lookups
proxy_auth.c: Functions to handle PAM interactions
proxy_common.c: Common utility routines
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/525
|
| |
|
|
|
|
|
| |
We can't do much about an error here, but we should be reporting
it.
https://fedorahosted.org/sssd/ticket/534
|
| |
|
|
| |
Fixes: #498
|
| |
|
|
|
| |
We were not passing the old authtok to the pam_chauthtok()
function, causing it to return PAM_AUTH_ERR.
|
|
|
This patch adds a new tevent_req to the proxy provider, which will
spawn short-lived child processes to handle PAM requests. These
processes then call the proxied PAM stack and return the results
via SBUS method reply. Once it is returned, the parent process
kills the child.
There is a maximum of ten child processes running simultaneously,
after which requests will be queued for sending once a child slot
frees up. The maximum processes will be made configurable at a
later date (as this would violate string freeze).
|
