summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* Try all KDCs when getting TGT for LDAPJakub Hrozek2012-05-091-15/+18
| | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324
* Special-case LDAP_SIZELIMIT_EXCEEDEDJakub Hrozek2012-05-071-4/+9
| | | | | | | | | | | | Previous version of the SSSD did not abort the async LDAP search operation on errors. In cases where the request ended in progress, such as when the paging was very strictly limited, the old versions at least returned partial data. This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a user-visible regression. https://fedorahosted.org/sssd/ticket/1322
* Read sysdb attribute name, not LDAP attribute map nameJakub Hrozek2012-05-031-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1320
* confdb_get_bool needs a TALLOC_CTX in sssd-1.8Jakub Hrozek2012-04-241-1/+1
|
* Get the RootDSE after binding if not successfull beforeJakub Hrozek2012-04-201-26/+104
| | | | https://fedorahosted.org/sssd/ticket/1258
* sdap_check_aliases must not error when detects the same userJakub Hrozek2012-04-201-13/+31
| | | | https://fedorahosted.org/sssd/ticket/1307
* proxy: new option proxy_fast_aliasJakub Hrozek2012-04-203-43/+123
|
* proxy: Canonicalize user and group namesJakub Hrozek2012-04-201-312/+354
| | | | https://fedorahosted.org/sssd/ticket/1249
* Use the correct options counterJakub Hrozek2012-04-051-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1282
* Clean up log messages about keytab_nameStephen Gallagher2012-04-052-9/+16
| | | | | | | | | There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288
* Catch cases where D-Bus connection is NULLJakub Hrozek2012-04-051-0/+20
| | | | https://fedorahosted.org/sssd/ticket/1270
* Proxy services: Save lowercased protocol names and aliases in ↵Jakub Hrozek2012-03-291-57/+17
| | | | case-insensitive domains
* LDAP services: Save lowercased protocol names in case-insensitive domainsJakub Hrozek2012-03-291-1/+17
| | | | https://fedorahosted.org/sssd/ticket/1260
* Return correct resolv_status on resolver timeoutJakub Hrozek2012-03-292-12/+17
| | | | https://fedorahosted.org/sssd/ticket/1274
* LDAP: Fix memory leaks in synchronous_tls_setupStephen Gallagher2012-03-261-8/+10
| | | | | | | | | | We were never freeing "result" if it was allocated by ldap_result(). We were also not freeing "errmsg" if it was allocated but ldap_parse_result() returned an error. Also disambiguate error messages from ldap_parse_result() and error messages from sss_ldap_get_diagnostic_msg() since they use differing memory-management functions.
* LDAP services: Keep the protocol aroundJakub Hrozek2012-03-261-0/+1
|
* LDAP: Add better error logging when ldap_result() failsStephen Gallagher2012-03-211-1/+3
|
* Make the string_equal() function publicJakub Hrozek2012-03-211-13/+4
|
* LDAP: Errors retrieving the RootDSE should not be fatalStephen Gallagher2012-03-161-15/+8
| | | | | | | | If we can't reach the RootDSE, let's just proceed as if it's unavailable with reasonable defaults. If we fail later on, that's fine. Fixes https://fedorahosted.org/sssd/ticket/1257
* Fix uninitialized variableJakub Hrozek2012-03-161-1/+1
|
* IPA: Allow service lookupsStephen Gallagher2012-03-161-0/+1
|
* IPA: Initialize hbac_ctx to NULLStephen Gallagher2012-03-121-1/+1
|
* Handle empty elements in proxy netgroups:Jakub Hrozek2012-03-091-3/+6
|
* Fix netgroup error handlingJakub Hrozek2012-03-091-17/+59
| | | | https://fedorahosted.org/sssd/ticket/1242
* PROXY: Create fake user entries for group lookupsStephen Gallagher2012-03-091-3/+85
|
* Missing debug message if sdap_sudo_refresh_set_timer failsPavel Březina2012-03-091-1/+5
| | | | https://fedorahosted.org/sssd/ticket/1238
* IPA: Check nsAccountLock during PAM_ACCT_MGMTStephen Gallagher2012-03-094-1/+69
| | | | https://fedorahosted.org/sssd/ticket/1227
* LDAP: Make sdap_access_send/recv publicStephen Gallagher2012-03-092-12/+17
| | | | We want to consume this in the IPA provider.
* Fix nested groups processingJakub Hrozek2012-03-081-26/+60
| | | | | | | Instead of keeping the number of parent groups in "state" and having to reset the count when moving to another group on the same level, keep track of the all groups on a particular level along with their parents and parent count.
* Detect cycle in the fail over on subsequent resolve requests onlyJakub Hrozek2012-03-085-23/+28
|
* krb5_child: set debugging soonerJakub Hrozek2012-03-062-23/+35
|
* Only do one cycle when resolving a serverJakub Hrozek2012-03-067-37/+105
| | | | https://fedorahosted.org/sssd/ticket/1214
* Use proper errno codeJakub Hrozek2012-03-051-1/+1
|
* DP: Reorganize memory hierarchy of requestsStephen Gallagher2012-03-051-24/+108
| | | | | | | | | | | | | This function alters the memory hierarchy of the be_req to ensure memory safety during shutdown. It creates a spy on the be_cli object so that it will free the be_req if the client is freed. It is generally allocated atop the private data context for the appropriate back-end against which it is being filed. https://fedorahosted.org/sssd/ticket/1226
* IPA: Fix segfault with srchost functionality enabledStephen Gallagher2012-03-051-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1215
* IPA: Set the DNS discovery domain to match ipa_domainStephen Gallagher2012-03-015-8/+17
| | | | https://fedorahosted.org/sssd/ticket/1217
* PAM: Don't send PAM_SYSTEM_INFO message if module unsetStephen Gallagher2012-02-271-7/+3
| | | | | | | | We now have a session module that is only available for the IPA provider. We should not be logging noisily that other providers do not have the session provider configured. https://fedorahosted.org/sssd/ticket/1211
* SSH: Save SSH host name aliasesJan Cholasta2012-02-272-28/+10
|
* LDAP: Remove unnecessary filter sanitizeStephen Gallagher2012-02-261-11/+5
| | | | | | The orig_dn here isn't being passed to a filter and therefore must not be santized, as the sanitization process would break DNs that contain (among other things) parentheses.
* Modifications to simplify list_missing_attrsJan Zeleny2012-02-248-44/+21
|
* Delete missing attributes from netgroups to be storedJan Zeleny2012-02-243-3/+28
| | | | https://fedorahosted.org/sssd/ticket/1136
* LDAP: Only use paging control on requests for multiple entriesStephen Gallagher2012-02-2416-40/+100
| | | | | | | | | | The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
* AUTOFS: Search all search bases for automounter map entriesJakub Hrozek2012-02-231-18/+86
| | | | https://fedorahosted.org/sssd/ticket/1168
* LDAP: Properly assign orig_dnStephen Gallagher2012-02-231-0/+1
| | | | This was only used for properly identifying debug messages.
* Save errno value before calling DEBUGJakub Hrozek2012-02-231-2/+4
|
* IPA: Add ipa_parse_search_base()Stephen Gallagher2012-02-233-19/+72
| | | | | | | | | | Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
* End request if ldap_parse_result failsJakub Hrozek2012-02-211-0/+3
|
* LDAP: Ignore group member users that do not have name attributesStephen Gallagher2012-02-171-2/+2
| | | | | | | | Instead of failing the group lookup, just skip them. This was impacting some users of ActiveDirectory where not all users had the appropriate attributes. https://fedorahosted.org/sssd/ticket/1169
* Redesign purging of the sudo cachePavel Březina2012-02-171-19/+55
| | | | https://fedorahosted.org/sssd/ticket/1173
* Fix memory hierarchy when processing nested group membershipsJakub Hrozek2012-02-144-11/+14
| | | | https://fedorahosted.org/sssd/ticket/1186
generated by cgit (git 2.34.1) at 2024-05-28 21:32:18 +0000