sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	utils: add ERR_DOMAIN_NOT_FOUND error code	Pavel Březina	2013-10-25	1	-0/+1
\| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/1968
*	krb5: Fetch ccname template from krb5.conf	Stephen Gallagher	2013-08-28	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \|	In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
*	failover: return error when SRV lookup returned only duplicates	Pavel Březina	2013-06-21	1	-0/+1
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1947 Otherwise we risk that the meta server is removed from the server list, but without a chance to return, because there may be no fo_server with srv_data = meta. Also if state->meta->next is NULL (it is still orphaned because we try to errornously expand it without invoking collapse first), state->out will be NULL and SSSD will crash. New error code: ERR_SRV_DUPLICATES
*	KRB: Handle preauthentication error correctly	Ondrej Kos	2013-06-14	1	-0/+1
\| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1873 KRB preauthentication error was later mishandled like authentication error.
*	Refactor dynamic DNS updates	Jakub Hrozek	2013-05-03	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \|	Provides two new layers instead of the previous IPA specific layer: 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its purpose it to make it possible for any back end to use dynamic DNS updates. 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some LDAP-specific features like autodetecting the address from the LDAP connection. Also converts the dyndns code to new specific error codes.
*	DNS sites support - SRV lookup plugin interface	Pavel Březina	2013-04-10	1	-0/+2
\| \| \| \| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly.
*	Convert sdap_access to new error codes	Simo Sorce	2013-03-19	1	-0/+1
\| \| \| \|	Also simplify sdap_access_send to avoid completely fake _send() routines.
*	Use common error facility instead of sdap_result	Simo Sorce	2013-03-19	1	-0/+3
\| \| \| \| \| \| \| \| \|	Simplifies and consolidates error reporting for ldap authentication paths. Adds 3 new error codes: ERR_CHPASS_DENIED - Used when password constraints deny password changes ERR_ACCOUNT_EXPIRED - Account is expired ERR_PASSWORD_EXPIRED - Password is expired
*	Improve IS_SSSD_ERROR() macro	Simo Sorce	2013-03-05	1	-2/+2
\| \| \| \| \| \| \| \| \| \|	We need to mask the first part with 0xFFFF or there is a slight chance an unrelated error code would match even if the upper part is not exactly equal to ERR_BASE but just has all it's bits and some more. Also make the macro more reasable by adding another helper macro for filtering the base. Finally compare err and ERR_LAST directly w/o masking err, or the comparison will always return true.
*	Cleanup error message handling for krb5 child	Simo Sorce	2013-03-04	1	-0/+5
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	Use the new internal SSSD errors, to simplify error handling. Instead of using up to 3 different error types (system, krb5 and pam_status), collapse all error reporting into one error type mapped on errno_t. The returned error can contain either SSSD internal errors, kerberos errors or system errors, they all use different number spaces so there is no overlap and they can be safely merged. This means that errors being sent from the child to the parent are not pam status error messages anymore. The callers have been changed to properly deal with that. Also note that this patch removes returning SSS_PAM_SYSTEM_INFO from the krb5_child for kerberos errors as all it was doing was simply to make the parent emit the same debug log already emitted by the child, and the code is simpler if we do not do that.
*	Use SSSD specific errors for offline auth	Simo Sorce	2013-03-04	1	-0/+5
\| \| \| \| \| \|	This prevents reportin false errors when internal functions return a generic EINVAL or EACCES that should just be treated as internal errors.
*	Add SSSD specific error codes and definitions	Simo Sorce	2013-03-04	1	-0/+75
	This code adds a new range of error codes specific to SSSD, It also provides helper functions to print out error defintions like you can do with system error messages and the strerror() function. The sss_strerror() function can accept both the new sssd errors and system errno_t errors falling back to the system strerror() if the error code provide is not a valid SSSD error code.