summaryrefslogtreecommitdiffstats
path: root/src/sss_client
Commit message (Collapse)AuthorAgeFilesLines
* Check slot validity before MC_SLOT_TO_PTR.sssd-1.9.2-128.el6Michal Zidek2013-09-261-0/+4
| | | | | resolves: https://fedorahosted.org/sssd/ticket/2049
* Rename _SSS_MC_SPECIALMichal Zidek2013-09-261-2/+2
| | | | | | If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
* mmap_cache: Off by one error.Michal Zidek2013-09-032-8/+8
| | | | | Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
* mmap_cache: Remove triple checks in client code.Michal Zidek2013-09-032-40/+20
| | | | | We had pattern in client code with 3 conditions that can be replaced with one.
* mmap_cache: Check data->name value in client codeMichal Zidek2013-09-032-0/+37
| | | | | | | | data->name value must be checked to prevent segfaults in case of corrupted memory cache. resolves: https://fedorahosted.org/sssd/ticket/2018
* mmap_cache: Check if slot and name_ptr are not invalid.sssd-1.9.2-118.el6Michal Zidek2013-08-112-0/+16
| | | | | | | This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
* autofs: Use SAFEALIGN_SET_UINT32 instead of SAFEALIGN_COPY_UINT32Jakub Hrozek2013-01-161-10/+5
|
* SUDO: Remove unused variableStephen Gallagher2012-11-191-1/+0
| | | | Eliminates a compiler warning
* sudo: do not send domain name with usernamePavel Březina2012-11-142-16/+6
| | | | | | | | This caused troubles with subdomain users and it is not really necessary. This patch does not change the protocol itself, that should be done on the earliest possible occasion. Part of https://fedorahosted.org/sssd/ticket/1616
* PAM: fix handling the client fd in pam destructorJakub Hrozek2012-10-123-18/+18
| | | | | * Protect the fd with a mutex when closing * Set it to a safe value after closing
* Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudoJakub Hrozek2012-10-121-12/+0
|
* PAM: close socket fd with pam_set_dataJakub Hrozek2012-10-113-0/+33
| | | | https://fedorahosted.org/sssd/ticket/1569
* do not fail if POLLHUP occurs while reading dataPavel Březina2012-10-101-1/+9
| | | | | | | | | | | This cause troubles when we send data to a pipe and close the file descriptor before data is read. The pipe is still readable, but POLLHUP is detected and we fail to read them. For example, this may cause a user beeing unable to log in. Now if POLLHUP appears, we read the pipe and then close it on the client side too.
* SSH: Simplify public key formatting functionJan Cholasta2012-09-041-2/+1
|
* SSH: Return error code in SSH utility functionsJan Cholasta2012-09-041-6/+7
|
* Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek2012-08-271-6/+90
| | | | https://fedorahosted.org/sssd/ticket/1460
* sss_client: Group lookups should work even when fastcache cannot be initializedJakub Hrozek2012-08-131-8/+2
| | | | https://fedorahosted.org/sssd/ticket/1415
* Write SELinux config files in responder instead of PAM moduleJan Zeleny2012-07-272-99/+0
|
* Move SELinux processing from session to account PAM stackJan Zeleny2012-07-271-55/+55
| | | | | | | | | | | | | | The idea is to rename session provider to selinux provider. Processing of SELinux rules has to be performed in account stack in order to ensure that pam_selinux (which is the first module in PAM session stack) will get the correct input from SSSD. Processing of account PAM stack is bound to access provider. That means we need to have two providers executed when SSS_PAM_ACCT_MGMT message is received from PAM responder. Change in data_provider_be.c ensures just that - after access provider finishes its actions, the control is given to selinux provider and only after this provider finishes is the result returned to PAM responder.
* Fix uninitialized valuesNick Guay2012-07-181-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1379
* sudo test client: avoid SIGSEGV when run without argumentsPavel Březina2012-07-161-1/+1
| | | | SIGSEGV occured when sss_sudo_cli was run without any arguments.
* Remove resource leak in sssdpac_import_authdataSumit Bose2012-07-101-3/+1
| | | | Fixes https://fedorahosted.org/sssd/ticket/1409
* Fix use-after-freeStephen Gallagher2012-07-091-0/+1
| | | | Coverity #12803
* sudo responder: change protocol version to 1Pavel Březina2012-06-291-1/+1
|
* sudo api: send uid, username and domainnamePavel Březina2012-06-295-66/+158
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1239 Test client was changed accordingly. The new usage is: sss_sudo_cli username [uid] If uid is not set, getpwnam(username) is called. It will retrieve both default options and rules.
* sudo api: remove EOKPavel Březina2012-06-292-13/+10
|
* PAC client: add krb5 authdata pluginSumit Bose2012-06-212-0/+467
|
* PAC client: add basic support in common client codeSumit Bose2012-06-212-0/+38
|
* PAC responder: add the core functionalitySumit Bose2012-06-211-0/+4
| | | | | | | This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution.
* Add close on exec support for old platformsSimo Sorce2012-06-211-1/+16
| | | | | | | Older platfroms like RHEL5 do not have support for O_CLOEXC and need an explicit fcntl after the fd is created. Add it conditionally so it can be clearly removed once we declared those platfroms obsolete and unsupported.
* Do not leak file descriptors in client libs.Simo Sorce2012-06-211-1/+1
| | | | | | We need to make sure the mc socket is not leaked otherwise child processes will pile up leaked file descriptors. Add O_CLOEXEC when opening the cache.
* Do not send SIGPIPE on disconnectionShantanu Goel2012-06-181-6/+21
| | | | | | | | Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it.
* Set return errno to the value prior to calling close().Shantanu Goel2012-06-181-2/+2
|
* SSS_CLIENT: Fix uninitialized value errorStephen Gallagher2012-06-151-1/+1
| | | | | This would cause a crash if we jump to the done: label before it has been allocated.
* Provide "service filter" for SELinux contextJan Zeleny2012-06-141-0/+20
| | | | | | | At this moment we will support only asterisk, designating "all services". https://fedorahosted.org/sssd/ticket/1360
* SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are ↵Jan Cholasta2012-05-311-36/+49
| | | | | | missing https://fedorahosted.org/sssd/ticket/1356
* SSH: Supress error message output in sss_ssh_knownhostsproxyJan Cholasta2012-05-312-15/+8
|
* Revert the client packet length, too, after reverting the packet protocolJakub Hrozek2012-05-291-1/+1
|
* NSS: Restore original protocol for getservbyportStephen Gallagher2012-05-251-2/+3
| | | | When fixing an endianness bug, we changed the protocol unnecessarily.
* Send 16bit protocol numbers from the sss_clientJakub Hrozek2012-05-251-6/+7
| | | | https://fedorahosted.org/sssd/ticket/1348
* Always use positional arguments in translatable stringsStephen Gallagher2012-05-221-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1336
* AUTOFS: remove unused assignmentsJakub Hrozek2012-05-031-1/+0
| | | | | Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails.
* PAM_SSS: report error code if write failsJakub Hrozek2012-05-021-2/+2
| | | | | clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message.
* SSH: Add support for hashed known_hostsJan Cholasta2012-04-241-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1203
* Convert read and write operations to sss_atomic_readJakub Hrozek2012-04-202-27/+27
| | | | https://fedorahosted.org/sssd/ticket/1209
* autofs: Raise the maximum key length to PATH_MAXJakub Hrozek2012-04-181-2/+4
| | | | https://fedorahosted.org/sssd/ticket/1300
* sudo api: check sss_status instead of errnop in sss_sudo_send_recv_generic()Pavel Březina2012-04-181-2/+4
|
* pam_sss: improve error handling in SELinux codeJakub Hrozek2012-04-181-3/+5
|
* Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTIONJakub Hrozek2012-04-051-3/+4
| | | | https://fedorahosted.org/sssd/ticket/1271
* Silence Coverity warning in the autofs test toolJakub Hrozek2012-03-281-8/+22
| | | | https://fedorahosted.org/sssd/ticket/1237
generated by cgit (git 2.34.1) at 2024-04-26 22:03:45 +0000