summaryrefslogtreecommitdiffstats
path: root/src/responder
Commit message (Collapse)AuthorAgeFilesLines
* Check if dp_requests hash table exists before using itJakub Hrozek2011-10-131-0/+5
|
* Use explicit base 10 for converting strings to integersJakub Hrozek2011-10-031-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1013
* Return users and groups based on aliasJakub Hrozek2011-09-281-2/+3
| | | | https://fedorahosted.org/sssd/ticket/926
* Enable the midpoint cache update by defaultStephen Gallagher2011-09-211-1/+1
| | | | https://fedorahosted.org/sssd/ticket/918
* New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina2011-08-252-2/+8
| | | | | | | | | | | | | | | | | | | | | Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
* New DEBUG facility - conversionPavel Březina2011-08-252-0/+4
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
* Do not delete requests inside hash_iterate loopJakub Hrozek2011-08-151-10/+12
|
* sysdb refactoring: memory context deletedJan Zeleny2011-08-152-9/+5
| | | | | | This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
* sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny2011-08-154-20/+13
| | | | | The patch also updates code using modified functions. Tests have also been adjusted.
* Remove unused temporary contextJakub Hrozek2011-08-081-5/+0
|
* Prevent segfault if vetoed_shells are specified without allowed_shellsJakub Hrozek2011-08-081-16/+19
| | | | https://fedorahosted.org/sssd/ticket/954
* Revert "Allow LDAP to decide when an expiration warning is warranted"Stephen Gallagher2011-08-041-4/+3
| | | | This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6.
* Allow LDAP to decide when an expiration warning is warrantedStephen Gallagher2011-08-011-3/+4
| | | | | | | | | Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
* Converge accept_fd_handler and accept_priv_fd_handlerStephen Gallagher2011-07-291-85/+50
| | | | | These two functions were almost identical. Better to maintain them as a single function.
* Add vetoed_shells optionJohn Hodrien2011-07-293-1/+17
| | | | | | | | There may be users in LDAP that have a valid but unwelcome shell set in their account. This adds a blacklist of shells that should always be replaced by the fallback_shell. Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Fix indexing of skipped groupsJakub Hrozek2011-07-211-2/+4
| | | | https://fedorahosted.org/sssd/ticket/928
* fix typosSimo Sorce2011-06-271-5/+5
|
* Non-posix group processing - ldap provider and nss responderJan Zeleny2011-06-021-3/+11
|
* Fix typo in initgroups negative cache checkStephen Gallagher2011-05-311-1/+1
|
* Set _GNU_SOURCE globallySumit Bose2011-05-231-3/+1
|
* Add new options to override shell valueJakub Hrozek2011-05-203-1/+123
| | | | https://fedorahosted.org/sssd/ticket/742
* Add a new option to override home directory valueJakub Hrozek2011-05-203-1/+140
| | | | https://fedorahosted.org/sssd/ticket/551
* Add a new option to override primary GID numberJakub Hrozek2011-05-202-2/+10
| | | | https://fedorahosted.org/sssd/ticket/742
* Allow changing the log level without restartStephen Gallagher2011-05-064-2/+17
| | | | | | We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
* Create common sss_monitor_init()Stephen Gallagher2011-05-061-34/+3
| | | | | | | | This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
* Do not leak netgroups hash tableJakub Hrozek2011-05-061-0/+12
|
* Don't use negative cache in netgroup lookupJan Zeleny2011-04-252-20/+20
| | | | | | | | | | | | | | In responder a negative cache is used to indicate that the record has not been found by previous lookup. This approach is however not applicable for netgroup lookup because the design of their lookup is a little different. This patch removes some pieces of code working with negative cache, because they didn't fuction well. Instead a new flag has been added to the positive cache. This flag indicates if the record in the cache is a record of existing netgroup or it's just a placeholder. https://fedorahosted.org/sssd/ticket/820
* Fix regression where nonexistent entries were never added to the negative cacheStephen Gallagher2011-04-151-21/+21
|
* Fix a regression with the negative cache in multi-domain configurationsStephen Gallagher2011-04-151-3/+18
|
* Add debug logging to the negative cacheStephen Gallagher2011-04-151-0/+5
|
* Fix unchecked return values of pam_add_responseJakub Hrozek2011-04-081-4/+12
| | | | https://fedorahosted.org/sssd/ticket/798
* Change state of hash entry if netgroup cannot be parsedSumit Bose2011-03-091-0/+2
|
* Refactor set_netgroup_entry()Sumit Bose2011-03-071-4/+7
| | | | | | To avoid wrong or missing netgroup names in the getent_ctx destructor set_netgroup_entry() now takes the name out of the getent_ctx struct instead of using a separate argument.
* Add missing name to struct getent_ctx for missing netgroupSumit Bose2011-03-071-0/+6
| | | | https://fedorahosted.org/sssd/ticket/817
* Perform initgroups lookups for all domainsStephen Gallagher2011-02-211-3/+5
| | | | | | | | | | Previously, we were setting the client context PAM lookup timeout after the first domain replied. However, if the user wasn't a member of the first domain, their information wasn't being updated. This patch ensures that we only set this timeout after the user has been found or all domains were searched.
* Perform initgroups lookup for PAMStephen Gallagher2011-01-211-1/+3
| | | | | Previously we were only looking up the user, but we need to make sure that all groups are available for use by access providers.
* Use DEFAULT_PAM_VERBOSITY if config value cannot be retrievedSumit Bose2011-01-191-1/+1
|
* Add pam_pwd_expiration_warning config optionSumit Bose2011-01-191-12/+47
|
* Fix missing hash table bugStephen Gallagher2011-01-141-0/+1
| | | | | | | When the automatic cleanup happened, if the netgroup had been created with no contents (to indicate an unknown netgroup), we weren't saving the hash table address and the talloc_free() was failing.
* Validate user supplied size of data itemsSumit Bose2011-01-111-76/+75
| | | | | | Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
* Remove unused enumeration cache timeout checksSumit Bose2011-01-063-33/+2
| | | | | The existence of the getent_ctx is used to track the enumeration cache timeout.
* Post enumeration tevent request if neededSumit Bose2011-01-062-8/+43
|
* Return groups and users from all domains during enumerationSumit Bose2011-01-061-3/+5
|
* Update the ID cache for any PAM requestStephen Gallagher2010-12-224-8/+23
| | | | | | | | Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
* Ensure ID is checked in all domains for PAMStephen Gallagher2010-12-221-0/+2
| | | | | | | Previously, this was initialized to zero, so the first domain in the list wouldn't be checked for ID updates in pam_check_user_search. This initializes the first domain to check the provider.
* Fix possible NULL-dereference in lookup_netgr_step()Sumit Bose2010-12-171-1/+1
| | | | https://fedorahosted.org/sssd/ticket/735
* Fix unchecked return value in set_nonblockingStephen Gallagher2010-12-171-10/+53
| | | | | | Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713
* Fix uninitialized value error in lookup_netgr_step()Sumit Bose2010-12-151-146/+181
|
* Remove unused newauthtok variable in LOCAL_pam_handlerSumit Bose2010-12-141-3/+0
| | | | https://fedorahosted.org/sssd/ticket/716
* Eliminate possible NULL-dereference in pam_check_user_searchStephen Gallagher2010-12-141-0/+7
| | | | https://fedorahosted.org/sssd/ticket/719
generated by cgit (git 2.34.1) at 2024-05-10 09:15:45 +0000