summaryrefslogtreecommitdiffstats
path: root/src/responder
Commit message (Collapse)AuthorAgeFilesLines
* Check that strings do not go beyond the end of the packet body in autofs and ↵Jan Cholasta2013-01-292-7/+7
| | | | | | | | SSH requests. This fixes CVE-2013-0220. https://fedorahosted.org/sssd/ticket/1781
* sssd_pam: Cleanup requests cache on sbus reconectSimo Sorce2013-01-291-1/+4
| | | | | | | | | The pam responder was not properly configured to recover from a backend disconnect. The connections that were in flight before the disconnection were never freed and new requests for the same user would just pile up on top of the now phantom requests. Fixes: https://fedorahosted.org/sssd/ticket/1655
* NSS: Fix netgroup midpoint cache refreshJakub Hrozek2013-01-293-3/+3
| | | | | | | | https://fedorahosted.org/sssd/ticket/1683 The result of the percent calculation was always 0 as it used plain ints. The patch switches to using explicit floats to avoid reintroducing the bug again even with brackets.
* responder_dp: Add timeout to side requetsSimo Sorce2013-01-291-1/+25
| | | | | | | This is an additional proteciont in case the provider misbheaves to avoid having requests pending forever. Fixes: https://fedorahosted.org/sssd/ticket/1717
* Do not always return PAM_SYSTEM_ERR when offline krb5 authentication failsJakub Hrozek2013-01-291-17/+12
|
* Free the internal DP requestJakub Hrozek2013-01-291-0/+8
|
* Make the client idle timeout configurableStephen Gallagher2012-06-182-4/+20
|
* Add support for terminating idle connectionsShantanu Goel2012-06-182-2/+67
|
* Log message if close() fails in destructor.Shantanu Goel2012-06-181-1/+12
|
* Send the correct enumeration requestJakub Hrozek2012-06-181-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1329
* NSS: Restore original protocol for getservbyportStephen Gallagher2012-05-251-1/+1
| | | | When fixing an endianness bug, we changed the protocol unnecessarily.
* Send 16bit protocol numbers from the sss_clientJakub Hrozek2012-05-251-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1348
* Use sized_string correctly in FQDN domainsJakub Hrozek2012-05-231-2/+2
|
* NSS: Expire in-memory netgroup cache before the nowait timeoutStephen Gallagher2012-05-161-1/+9
| | | | | | | | The fact that we were keeping it in memory for the full duration of the cache timeout meant that we would never reap the benefits of the midpoint cache refresh. https://fedorahosted.org/sssd/ticket/1340
* Send the correct enumeration requestJakub Hrozek2012-05-101-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1329
* Lowercase group members in case-insensitive domainsJakub Hrozek2012-04-241-1/+7
| | | | https://fedorahosted.org/sssd/ticket/1312
* NSS: Look for services with correct case when cache is updatedJakub Hrozek2012-03-211-7/+7
| | | | https://fedorahosted.org/sssd/ticket/1259
* Save alias of the primary name, tooJakub Hrozek2012-03-211-8/+14
|
* Free entry found in negative cacheJakub Hrozek2012-03-161-0/+3
|
* SSH: Allow clients to explicitly specify host aliasJan Cholasta2012-03-153-67/+38
| | | | | This change removes the need to canonicalize host names on the responder side - the relevant code was removed.
* SSH: Fix missing semicolonStephen Gallagher2012-03-091-1/+1
|
* Add umask before mkstemp() call in SSH responderJan Zeleny2012-03-091-0/+3
|
* Potential NULL-dereference in sudosrv_cmd_get_sudorulesPavel Březina2012-03-091-14/+12
| | | | https://fedorahosted.org/sssd/ticket/1236
* Use of unininitialized value in sudosrv_cache_set_entry and ↵Pavel Březina2012-03-091-0/+2
| | | | | | sudosrv_cache_lookup_internal https://fedorahosted.org/sssd/ticket/1232
* Handle errors from lookup_netgr_step gracefullyJakub Hrozek2012-03-081-3/+10
|
* Save original name into the in-memory cacheJakub Hrozek2012-03-081-1/+1
|
* Use the correct hash table for pending requestsSimo Sorce2012-03-087-10/+14
| | | | | | | | | | | | | The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229
* SSH: Replace blocking getaddrinfo call in the responder with asynchronous ↵Jan Cholasta2012-02-273-26/+56
| | | | resolver code
* SSH: Use fchmod instead of chmod on known_hosts fileJan Cholasta2012-02-271-8/+4
|
* SSH: Add more debugging messagesJan Cholasta2012-02-271-0/+8
|
* SSH: Don't abort known_hosts update when host search failsJan Cholasta2012-02-271-1/+1
|
* SSH: Manage global known_hosts file in the responderJan Cholasta2012-02-272-0/+134
| | | | https://fedorahosted.org/sssd/ticket/1193
* SSH: Save SSH host name aliasesJan Cholasta2012-02-272-1/+26
|
* AUTOFS: speed up the client by requesting multiple entries at onceJakub Hrozek2012-02-272-34/+79
| | | | https://fedorahosted.org/sssd/ticket/1166
* AUTOFS: Invoke implicit setautomntent if neededJakub Hrozek2012-02-232-45/+156
| | | | https://fedorahosted.org/sssd/ticket/1167
* Move sudo_dom_ctx.user to local variablePavel Březina2012-02-232-8/+8
|
* Honor case_sensitive option in sudo responderPavel Březina2012-02-234-21/+100
| | | | https://fedorahosted.org/sssd/ticket/1205
* RESPONDERS: Allow increasing the file-descriptor limitStephen Gallagher2012-02-174-0/+48
| | | | | | | This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
* Fix case insensitive service lookupsJakub Hrozek2012-02-171-6/+6
|
* NSS: Always return the same protocol that was requestedStephen Gallagher2012-02-172-9/+26
| | | | https://fedorahosted.org/sssd/ticket/1160
* Check for failure in sss_packet_grow()Stephen Gallagher2012-02-131-5/+5
| | | | Coverity #12489
* Avoid uninitialized value comparisonStephen Gallagher2012-02-131-0/+3
| | | | Coverity #12526
* SSH: Verify that names received from client are valid UTF-8 in responderJan Cholasta2012-02-131-0/+4
| | | | | | | Also added a comment describing the wire format of client requests and responses. https://fedorahosted.org/sssd/ticket/1177
* Allocate setent structure on state, not on the client contextJakub Hrozek2012-02-134-9/+9
| | | | https://fedorahosted.org/sssd/ticket/1189
* Remove setent structure when callback is calledJakub Hrozek2012-02-135-22/+16
|
* Only fetch SELinux string if the user is foundJakub Hrozek2012-02-101-1/+2
|
* SUDO responder: check if the input is a UTF-8 stringPavel Březina2012-02-101-0/+7
| | | | https://fedorahosted.org/sssd/ticket/1171
* Fix group enumerationJakub Hrozek2012-02-102-2/+9
| | | | | | Also adds some more debugging and fixes a code style issue. https://fedorahosted.org/sssd/ticket/1182
* Fix SSH compilation on RHEL5Jakub Hrozek2012-02-071-0/+3
|
* SSH: ResponderJan Cholasta2012-02-073-0/+872
|
generated by cgit (git 2.34.1) at 2024-06-12 10:31:17 +0000