summaryrefslogtreecommitdiffstats
path: root/src/providers
Commit message (Collapse)AuthorAgeFilesLines
* Don't terminate the same connection twiceJakub Hrozek2012-09-051-6/+0
| | | | https://fedorahosted.org/sssd/ticket/1488
* Retry the next server if bind during LDAP auth times outJakub Hrozek2012-09-051-1/+6
|
* Use new debug levels in validate_tgt()Sumit Bose2012-08-241-13/+16
|
* Fix fallback in validate_tgt()Sumit Bose2012-08-241-8/+20
| | | | | | | | | | To validate a TGT a keytab entry from the client realm is preferred but if none ca be found the last entry should be used. But the entry was freed and zeroed before it could be used. This should also fix the trusted domain use case mentioned in https://fedorahosted.org/sssd/ticket/1396 although a different approach then suggested in the ticket is used.
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-234-1/+35
| | | | https://fedorahosted.org/sssd/ticket/1365
* Unify usage of sysdb transactionsMichal Zidek2012-08-2313-48/+167
| | | | | | Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
* Typo in debug message (SSSd -> SSSD).Michal Zidek2012-08-231-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1434
* Clean up cache on server reinitializationPavel Březina2012-08-235-4/+403
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
* Consolidation of functions that make realm upper-caseOndrej Kos2012-08-233-31/+4
|
* AD context was set to null due to type mismatchOndrej Kos2012-08-233-1/+14
|
* Remove compilation warning: ret may be uninitializedPavel Březina2012-08-211-0/+2
|
* Process all groups from a single nesting levelJakub Hrozek2012-08-211-4/+14
| | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
* KRB5: Only return PAM error for unreachable kpasswd when performing chpassJakub Hrozek2012-08-151-2/+4
| | | | https://fedorahosted.org/sssd/ticket/1452
* FO: Return EAGAIN if there are more servers to tryJakub Hrozek2012-08-151-0/+9
| | | | | The caller should issue a next request, which would just shortcut with ENOENT.
* FO: Don't retry the same server if it's not workingJakub Hrozek2012-08-151-2/+3
|
* Duplicate detection in fail over did not work.Michal Zidek2012-08-158-10/+64
| | | | https://fedorahosted.org/sssd/ticket/1472
* When ldap_group_nesting_level was reached, the LDAP provider tried to link ↵Michal Zidek2012-08-101-1/+45
| | | | | | group members with groups outside nesting limit. https://fedorahosted.org/sssd/ticket/1194
* Don't use server after SRV data collapsedJakub Hrozek2012-08-091-5/+8
|
* SRV resolution for backup servers should not be permitted.Michal Zidek2012-08-094-5/+36
| | | | https://fedorahosted.org/sssd/ticket/1463
* Change default for ldap_idmap_range_min to 200000Jakub Hrozek2012-08-093-3/+3
| | | | https://fedorahosted.org/sssd/ticket/1462
* Abort PAM access phase if HBAC does not return PAM_SUCCESSJakub Hrozek2012-08-091-0/+1
|
* Backward GOTOs rewritten into do-while loops.Ondrej Kos2012-08-092-245/+271
|
* Allocate on top of a talloc context, not NULLJakub Hrozek2012-08-081-0/+3
|
* Always mark SRV servers as primaryJakub Hrozek2012-08-071-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1459
* Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OCPavel Březina2012-08-072-3/+3
| | | | | It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion.
* Subdomains: Send the DP reply in the correct formatJakub Hrozek2012-08-071-14/+41
| | | | | The DP was sending the reply in a format the responder did not expect, so the responder always failed to parse the message.
* Failover: Return last tried server if it's still being triedJakub Hrozek2012-08-071-2/+6
| | | | | | | | | | | | | | | | | In the failover, we treat both KDC and LDAP on the IPA server as a single "port", numbered 0. This was done in order to make sure that the SSSD always talks to the same server for both LDAP and Kerberos. However, this clever hack breaks when the IPA provider needs to establish an GSSAPI encrypted LDAP connection because we're asking the fail over code to yield a server while no server has yet been marked as tried. This triggers a fail over for the KDC, so in effect, the TGT is received from second server. If the second server is not available for some reason, the whole provider goes offline. The fail over needs to detect that the server asked for is still being resolved and return the same pointer.
* IPA: Securely set umask for mkstemp in subdomain providerStephen Gallagher2012-08-061-0/+3
| | | | https://fedorahosted.org/sssd/ticket/1457
* IPA: Do not attempt to close the same file twiceStephen Gallagher2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1456
* shadow attributes can contain -1Pavel Březina2012-08-061-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1393
* Removed unused variable assignmentOndrej Kos2012-08-061-2/+0
| | | | https://fedorahosted.org/sssd/ticket/1453
* Don't call fo_set_{server,port}_status for SRV serversJakub Hrozek2012-08-031-2/+3
| | | | This bug was producing harmless, but annoying error messages.
* Create a domain-realm mapping for krb5.conf to be includedJakub Hrozek2012-08-011-0/+135
| | | | | | | | When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings
* Add automatic periodic retrieval of subdomainsSimo Sorce2012-08-011-1/+44
|
* Add online callback to enumerate subdomainsSimo Sorce2012-08-011-24/+49
|
* Limit refreshes keeping track of last refresh timeSimo Sorce2012-08-011-26/+46
|
* Change refreshing of subdomainsSimo Sorce2012-08-013-67/+156
| | | | | | | | | This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often.
* Expose an initializer function from subdomainSimo Sorce2012-08-013-32/+46
| | | | | | Instead of exporting internal structures, expose an initilizer function like the autofs code and initialize everything inside the ipa_subdomains.c file.
* Add realm paramter to subdomain listSimo Sorce2012-08-011-0/+27
| | | | This will be used later for setting domain_realm mappings in krb5.conf
* Use a more tractable name for subdomain requestSimo Sorce2012-08-013-10/+8
| | | | | I am all for readable names, but there is a tradeof between expressing purpose and compactness.
* 80 col and style fixesSimo Sorce2012-08-011-20/+48
| | | | | | | Something like this: sysdb = (be_req->sysdb)?be_req->sysdb:be_req->be_ctx->sysdb; really is not readable, and we always discourage using obfuscated C, please refrain in future.
* Make structure initializer more readableSimo Sorce2012-08-011-7/+15
|
* Fix wrong elements used in comparisonSimo Sorce2012-08-011-1/+1
|
* Change subdomain_infoSimo Sorce2012-08-012-7/+7
| | | | | Rename the structure to use a standard name prefix so it is properly name-spaced, in preparation for changing the structure itself.
* Primary server support: new option in AD providerJan Zeleny2012-08-013-1/+5
| | | | | | This patch adds support for new config option ad_backup_server. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new option in IPA providerJan Zeleny2012-08-013-4/+6
| | | | | | This patch adds support for new config option ipa_backup_server. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new options in krb5 providerJan Zeleny2012-08-018-8/+28
| | | | | | This patch adds support for new config options krb5_backup_server and krb5_backup_kpasswd. The description of this option's functionality is included in man page in one of previous patches.
* Primary server support: new option in ldap providerJan Zeleny2012-08-015-4/+11
| | | | | | This patch adds support for new config option ldap_backup_uri. The description of this option's functionality is included in man page in previous patch.
* Primary server support: AD adaptationJan Zeleny2012-08-013-35/+77
| | | | | | This patch adds support for the primary server functionality into AD provider. No backup servers are added at the moment, just the basic support is in place.
* Primary server support: LDAP adaptationJan Zeleny2012-08-013-35/+84
| | | | | | This patch adds support for the primary server functionality into LDAP provider. No backup servers are added at the moment, just the basic support is in place.
generated by cgit (git 2.34.1) at 2024-04-16 12:48:41 +0000