Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Prevent segfault if vetoed_shells are specified without allowed_shells | Jakub Hrozek | 2011-08-08 | 1 | -16/+19 |
| | | | | https://fedorahosted.org/sssd/ticket/954 | ||||
* | Revert "Allow LDAP to decide when an expiration warning is warranted" | Stephen Gallagher | 2011-08-04 | 1 | -4/+3 |
| | | | | This reverts commit b3d6f8383b94ffe49e02bb156e1ab442b46b042c. | ||||
* | Add vetoed_shells option | John Hodrien | 2011-08-02 | 3 | -1/+17 |
| | | | | | | | | There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> | ||||
* | Allow LDAP to decide when an expiration warning is warranted | Stephen Gallagher | 2011-08-01 | 1 | -3/+4 |
| | | | | | | | | | Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it. | ||||
* | Fix indexing of skipped groups | Jakub Hrozek | 2011-07-21 | 1 | -2/+4 |
| | | | | https://fedorahosted.org/sssd/ticket/928 | ||||
* | Fix unchecked return values of pam_add_responsesssd-1_5_11 | Jakub Hrozek | 2011-07-05 | 1 | -4/+12 |
| | | | | https://fedorahosted.org/sssd/ticket/798 | ||||
* | Add new options to override shell value | Jakub Hrozek | 2011-06-02 | 3 | -1/+123 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/742 Conflicts: src/conf_macros.m4 | ||||
* | Add a new option to override home directory value | Jakub Hrozek | 2011-06-02 | 3 | -1/+140 |
| | | | | https://fedorahosted.org/sssd/ticket/551 | ||||
* | Add a new option to override primary GID number | Jakub Hrozek | 2011-06-02 | 2 | -2/+10 |
| | | | | https://fedorahosted.org/sssd/ticket/742 | ||||
* | Non-posix group processing - ldap provider and nss responder | Jan Zeleny | 2011-06-02 | 1 | -3/+11 |
| | |||||
* | Fix typo in initgroups negative cache check | Stephen Gallagher | 2011-05-31 | 1 | -1/+1 |
| | |||||
* | Fix regression where nonexistent entries were never added to the negative cache | Stephen Gallagher | 2011-04-15 | 1 | -21/+21 |
| | |||||
* | Fix a regression with the negative cache in multi-domain configurations | Stephen Gallagher | 2011-04-15 | 1 | -3/+18 |
| | |||||
* | Add debug logging to the negative cache | Stephen Gallagher | 2011-04-15 | 1 | -0/+5 |
| | |||||
* | Change state of hash entry if netgroup cannot be parsed | Sumit Bose | 2011-03-09 | 1 | -0/+2 |
| | |||||
* | Refactor set_netgroup_entry() | Sumit Bose | 2011-03-07 | 1 | -4/+7 |
| | | | | | | To avoid wrong or missing netgroup names in the getent_ctx destructor set_netgroup_entry() now takes the name out of the getent_ctx struct instead of using a separate argument. | ||||
* | Add missing name to struct getent_ctx for missing netgroup | Sumit Bose | 2011-03-07 | 1 | -0/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/817 | ||||
* | Perform initgroups lookups for all domains | Stephen Gallagher | 2011-02-21 | 1 | -3/+5 |
| | | | | | | | | | | Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched. | ||||
* | Perform initgroups lookup for PAM | Stephen Gallagher | 2011-01-21 | 1 | -1/+3 |
| | | | | | Previously we were only looking up the user, but we need to make sure that all groups are available for use by access providers. | ||||
* | Use DEFAULT_PAM_VERBOSITY if config value cannot be retrieved | Sumit Bose | 2011-01-19 | 1 | -1/+1 |
| | |||||
* | Add pam_pwd_expiration_warning config option | Sumit Bose | 2011-01-19 | 1 | -12/+47 |
| | |||||
* | Fix missing hash table bug | Stephen Gallagher | 2011-01-14 | 1 | -0/+1 |
| | | | | | | | When the automatic cleanup happened, if the netgroup had been created with no contents (to indicate an unknown netgroup), we weren't saving the hash table address and the talloc_free() was failing. | ||||
* | Validate user supplied size of data items | Sumit Bose | 2011-01-11 | 1 | -76/+75 |
| | | | | | | Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>. | ||||
* | Remove unused enumeration cache timeout checks | Sumit Bose | 2011-01-06 | 3 | -33/+2 |
| | | | | | The existence of the getent_ctx is used to track the enumeration cache timeout. | ||||
* | Post enumeration tevent request if needed | Sumit Bose | 2011-01-06 | 2 | -8/+43 |
| | |||||
* | Return groups and users from all domains during enumeration | Sumit Bose | 2011-01-06 | 1 | -3/+5 |
| | |||||
* | Update the ID cache for any PAM request | Stephen Gallagher | 2010-12-22 | 4 | -8/+23 |
| | | | | | | | | Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749 | ||||
* | Ensure ID is checked in all domains for PAM | Stephen Gallagher | 2010-12-22 | 1 | -0/+2 |
| | | | | | | | Previously, this was initialized to zero, so the first domain in the list wouldn't be checked for ID updates in pam_check_user_search. This initializes the first domain to check the provider. | ||||
* | Fix possible NULL-dereference in lookup_netgr_step() | Sumit Bose | 2010-12-17 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/735 | ||||
* | Fix unchecked return value in set_nonblocking | Stephen Gallagher | 2010-12-17 | 1 | -10/+53 |
| | | | | | | Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713 | ||||
* | Fix uninitialized value error in lookup_netgr_step() | Sumit Bose | 2010-12-15 | 1 | -146/+181 |
| | |||||
* | Remove unused newauthtok variable in LOCAL_pam_handler | Sumit Bose | 2010-12-14 | 1 | -3/+0 |
| | | | | https://fedorahosted.org/sssd/ticket/716 | ||||
* | Eliminate possible NULL-dereference in pam_check_user_search | Stephen Gallagher | 2010-12-14 | 1 | -0/+7 |
| | | | | https://fedorahosted.org/sssd/ticket/719 | ||||
* | Add support for server-side pam response messages | Sumit Bose | 2010-12-03 | 1 | -0/+2 |
| | |||||
* | Add a special filter type to handle enumerations | Sumit Bose | 2010-12-02 | 1 | -1/+1 |
| | |||||
* | Introduce pam_verbosity config option | Sumit Bose | 2010-11-15 | 1 | -11/+90 |
| | | | | | | | | | | | Currently we display all PAM messages generated by sssd to the user. But only some of them are important and others are just some useful information. This patch introduces a new option to the PAM responder which controls what kind of messages are displayed. As an example the 'Authenticated with cached credentials' message is used. This message is only displayed if pam_verbosity=1 or if there is an expire date. | ||||
* | Avoid long long in messages to PAM client use int64_t | Sumit Bose | 2010-11-15 | 1 | -7/+7 |
| | |||||
* | Fix double free issue | Sumit Bose | 2010-10-26 | 1 | -2/+2 |
| | |||||
* | Always use talloc_zero() to allocate cmdctx | Sumit Bose | 2010-10-26 | 2 | -3/+3 |
| | |||||
* | Remove all nss requests after a reconnect | Sumit Bose | 2010-10-26 | 3 | -1/+26 |
| | | | | | | | Currently we do not handle the open nss request after a reconnect and wait until they timeout (which is a couple of minutes!). This patch adds a handler that terminates all requests after a reconnect. Then responder will return matching cache entries or nothing. | ||||
* | sysdb interface for adding fake users | Jakub Hrozek | 2010-10-15 | 1 | -1/+1 |
| | |||||
* | sysdb interface for adding incomplete groups | Jakub Hrozek | 2010-10-15 | 1 | -1/+1 |
| | | | | Useful for optimizing the initgroups operation. | ||||
* | Also return member groups to the client | Sumit Bose | 2010-10-13 | 2 | -55/+85 |
| | |||||
* | Add handling of nested netgroups to nss client | Sumit Bose | 2010-10-13 | 1 | -1/+4 |
| | |||||
* | Add missing tevent_req_done() | Sumit Bose | 2010-10-13 | 1 | -0/+1 |
| | |||||
* | Add netgroup support to the NSS responder | Stephen Gallagher | 2010-10-13 | 7 | -2/+922 |
| | |||||
* | Split out some helper functions for the NSS responder | Stephen Gallagher | 2010-10-13 | 2 | -83/+147 |
| | | | | | Create a new private header and make some functions available for other object files. | ||||
* | Add negative cache features for netgroups | Stephen Gallagher | 2010-10-13 | 2 | -0/+39 |
| | |||||
* | Require explicit setting of callback context for check_cache | Stephen Gallagher | 2010-10-13 | 1 | -7/+13 |
| | | | | | Previously, it was implicitly using the nss_dom_ctx, but there are situations where we would want to send a different private context | ||||
* | Initgroups on a non-cached user should go to the data provider | Stephen Gallagher | 2010-09-22 | 1 | -1/+2 |
| | | | | | | | We were accidentally returning an error when sysdb_getpwnam() returned zero results internally in sysdb_initgroups(). The correct behavior here is to return EOK and a result object with zero entries. |