Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Check that strings do not go beyond the end of the packet body in autofs and ↵ | Jan Cholasta | 2013-01-29 | 2 | -7/+7 |
| | | | | | | | | SSH requests. This fixes CVE-2013-0220. https://fedorahosted.org/sssd/ticket/1781 | ||||
* | sssd_pam: Cleanup requests cache on sbus reconect | Simo Sorce | 2013-01-29 | 1 | -1/+4 |
| | | | | | | | | | The pam responder was not properly configured to recover from a backend disconnect. The connections that were in flight before the disconnection were never freed and new requests for the same user would just pile up on top of the now phantom requests. Fixes: https://fedorahosted.org/sssd/ticket/1655 | ||||
* | NSS: Fix netgroup midpoint cache refresh | Jakub Hrozek | 2013-01-29 | 3 | -3/+3 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1683 The result of the percent calculation was always 0 as it used plain ints. The patch switches to using explicit floats to avoid reintroducing the bug again even with brackets. | ||||
* | responder_dp: Add timeout to side requets | Simo Sorce | 2013-01-29 | 1 | -1/+25 |
| | | | | | | | This is an additional proteciont in case the provider misbheaves to avoid having requests pending forever. Fixes: https://fedorahosted.org/sssd/ticket/1717 | ||||
* | Do not always return PAM_SYSTEM_ERR when offline krb5 authentication fails | Jakub Hrozek | 2013-01-29 | 1 | -17/+12 |
| | |||||
* | Free the internal DP request | Jakub Hrozek | 2013-01-29 | 1 | -0/+8 |
| | |||||
* | Make the client idle timeout configurable | Stephen Gallagher | 2012-06-18 | 2 | -4/+20 |
| | |||||
* | Add support for terminating idle connections | Shantanu Goel | 2012-06-18 | 2 | -2/+67 |
| | |||||
* | Log message if close() fails in destructor. | Shantanu Goel | 2012-06-18 | 1 | -1/+12 |
| | |||||
* | Send the correct enumeration request | Jakub Hrozek | 2012-06-18 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1329 | ||||
* | NSS: Restore original protocol for getservbyport | Stephen Gallagher | 2012-05-25 | 1 | -1/+1 |
| | | | | When fixing an endianness bug, we changed the protocol unnecessarily. | ||||
* | Send 16bit protocol numbers from the sss_client | Jakub Hrozek | 2012-05-25 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1348 | ||||
* | Use sized_string correctly in FQDN domains | Jakub Hrozek | 2012-05-23 | 1 | -2/+2 |
| | |||||
* | NSS: Expire in-memory netgroup cache before the nowait timeout | Stephen Gallagher | 2012-05-16 | 1 | -1/+9 |
| | | | | | | | | The fact that we were keeping it in memory for the full duration of the cache timeout meant that we would never reap the benefits of the midpoint cache refresh. https://fedorahosted.org/sssd/ticket/1340 | ||||
* | Send the correct enumeration request | Jakub Hrozek | 2012-05-10 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1329 | ||||
* | Lowercase group members in case-insensitive domains | Jakub Hrozek | 2012-04-24 | 1 | -1/+7 |
| | | | | https://fedorahosted.org/sssd/ticket/1312 | ||||
* | NSS: Look for services with correct case when cache is updated | Jakub Hrozek | 2012-03-21 | 1 | -7/+7 |
| | | | | https://fedorahosted.org/sssd/ticket/1259 | ||||
* | Save alias of the primary name, too | Jakub Hrozek | 2012-03-21 | 1 | -8/+14 |
| | |||||
* | Free entry found in negative cache | Jakub Hrozek | 2012-03-16 | 1 | -0/+3 |
| | |||||
* | SSH: Allow clients to explicitly specify host alias | Jan Cholasta | 2012-03-15 | 3 | -67/+38 |
| | | | | | This change removes the need to canonicalize host names on the responder side - the relevant code was removed. | ||||
* | SSH: Fix missing semicolon | Stephen Gallagher | 2012-03-09 | 1 | -1/+1 |
| | |||||
* | Add umask before mkstemp() call in SSH responder | Jan Zeleny | 2012-03-09 | 1 | -0/+3 |
| | |||||
* | Potential NULL-dereference in sudosrv_cmd_get_sudorules | Pavel Březina | 2012-03-09 | 1 | -14/+12 |
| | | | | https://fedorahosted.org/sssd/ticket/1236 | ||||
* | Use of unininitialized value in sudosrv_cache_set_entry and ↵ | Pavel Březina | 2012-03-09 | 1 | -0/+2 |
| | | | | | | sudosrv_cache_lookup_internal https://fedorahosted.org/sssd/ticket/1232 | ||||
* | Handle errors from lookup_netgr_step gracefully | Jakub Hrozek | 2012-03-08 | 1 | -3/+10 |
| | |||||
* | Save original name into the in-memory cache | Jakub Hrozek | 2012-03-08 | 1 | -1/+1 |
| | |||||
* | Use the correct hash table for pending requests | Simo Sorce | 2012-03-08 | 7 | -10/+14 |
| | | | | | | | | | | | | | The function that handled pending requests on reconnect was checking an orphaned global variable that was never used, redenring the whole function uselsess. This fixes a very nasty bug that was causing requests for which we never received an answer for (for example because the backend failed and was restarted) to be never removed and therefore causing a black hole effect for any other request of the same type. Fixes: https://fedorahosted.org/sssd/ticket/1229 | ||||
* | SSH: Replace blocking getaddrinfo call in the responder with asynchronous ↵ | Jan Cholasta | 2012-02-27 | 3 | -26/+56 |
| | | | | resolver code | ||||
* | SSH: Use fchmod instead of chmod on known_hosts file | Jan Cholasta | 2012-02-27 | 1 | -8/+4 |
| | |||||
* | SSH: Add more debugging messages | Jan Cholasta | 2012-02-27 | 1 | -0/+8 |
| | |||||
* | SSH: Don't abort known_hosts update when host search fails | Jan Cholasta | 2012-02-27 | 1 | -1/+1 |
| | |||||
* | SSH: Manage global known_hosts file in the responder | Jan Cholasta | 2012-02-27 | 2 | -0/+134 |
| | | | | https://fedorahosted.org/sssd/ticket/1193 | ||||
* | SSH: Save SSH host name aliases | Jan Cholasta | 2012-02-27 | 2 | -1/+26 |
| | |||||
* | AUTOFS: speed up the client by requesting multiple entries at once | Jakub Hrozek | 2012-02-27 | 2 | -34/+79 |
| | | | | https://fedorahosted.org/sssd/ticket/1166 | ||||
* | AUTOFS: Invoke implicit setautomntent if needed | Jakub Hrozek | 2012-02-23 | 2 | -45/+156 |
| | | | | https://fedorahosted.org/sssd/ticket/1167 | ||||
* | Move sudo_dom_ctx.user to local variable | Pavel Březina | 2012-02-23 | 2 | -8/+8 |
| | |||||
* | Honor case_sensitive option in sudo responder | Pavel Březina | 2012-02-23 | 4 | -21/+100 |
| | | | | https://fedorahosted.org/sssd/ticket/1205 | ||||
* | RESPONDERS: Allow increasing the file-descriptor limit | Stephen Gallagher | 2012-02-17 | 4 | -0/+48 |
| | | | | | | | This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197 | ||||
* | Fix case insensitive service lookups | Jakub Hrozek | 2012-02-17 | 1 | -6/+6 |
| | |||||
* | NSS: Always return the same protocol that was requested | Stephen Gallagher | 2012-02-17 | 2 | -9/+26 |
| | | | | https://fedorahosted.org/sssd/ticket/1160 | ||||
* | Check for failure in sss_packet_grow() | Stephen Gallagher | 2012-02-13 | 1 | -5/+5 |
| | | | | Coverity #12489 | ||||
* | Avoid uninitialized value comparison | Stephen Gallagher | 2012-02-13 | 1 | -0/+3 |
| | | | | Coverity #12526 | ||||
* | SSH: Verify that names received from client are valid UTF-8 in responder | Jan Cholasta | 2012-02-13 | 1 | -0/+4 |
| | | | | | | | Also added a comment describing the wire format of client requests and responses. https://fedorahosted.org/sssd/ticket/1177 | ||||
* | Allocate setent structure on state, not on the client context | Jakub Hrozek | 2012-02-13 | 4 | -9/+9 |
| | | | | https://fedorahosted.org/sssd/ticket/1189 | ||||
* | Remove setent structure when callback is called | Jakub Hrozek | 2012-02-13 | 5 | -22/+16 |
| | |||||
* | Only fetch SELinux string if the user is found | Jakub Hrozek | 2012-02-10 | 1 | -1/+2 |
| | |||||
* | SUDO responder: check if the input is a UTF-8 string | Pavel Březina | 2012-02-10 | 1 | -0/+7 |
| | | | | https://fedorahosted.org/sssd/ticket/1171 | ||||
* | Fix group enumeration | Jakub Hrozek | 2012-02-10 | 2 | -2/+9 |
| | | | | | | Also adds some more debugging and fixes a code style issue. https://fedorahosted.org/sssd/ticket/1182 | ||||
* | Fix SSH compilation on RHEL5 | Jakub Hrozek | 2012-02-07 | 1 | -0/+3 |
| | |||||
* | SSH: Responder | Jan Cholasta | 2012-02-07 | 3 | -0/+872 |
| |