summaryrefslogtreecommitdiffstats
path: root/src/util
Commit message (Collapse)AuthorAgeFilesLines
* debug: print fatal and critical errors if debug level is unresolvedMichal Zidek2012-11-271-1/+4
| | | | | | | If global variable debug_level has value SSSDBG_UNRESOLVED, we should print at least fatal and critical errors. https://fedorahosted.org/sssd/ticket/1345
* MONITOR: Fix off-by-one error in add_string_to_listJakub Hrozek2012-11-211-1/+4
| | | | | We need to allocate num_services+2 - one extra space for the new service and one for NULL.
* Refactor the way subdomain accounts are savedSimo Sorce2012-11-191-1/+1
| | | | | | | | | | | | | | | | | The original sysdb code had a strong assumption that only users from one domain are saved in the databse, with the subdomain feature, we have changed reality, but have not adjusted all the code arund the sysdb calls to not rely on the original assumption. One of the side effects of this incongrunece is that currently group memberships do not return fully qualified names for subdomain users as they should. In oreder to fix this and other potential issues surrounding the violation of the original assumption, we need to fully qualify subdomain user names. By savin them fully qualified we do not risk aliasing local users and have group memberhips or other name based matching code mistake a domain user with subdomain usr or vice versa.
* SERVER: Check the return value of waitpidJakub Hrozek2012-11-191-11/+27
| | | | | | | We should at least print an error message and error out if waitpid() fails. https://fedorahosted.org/sssd/ticket/1651
* Do not always return PAM_SYSTEM_ERR when offline krb5 authentication failsJakub Hrozek2012-11-151-0/+42
|
* Only build extract_and_send_pac on platforms that support itJakub Hrozek2012-11-152-0/+118
|
* Always start PAC responder if IPA ID provider is configuredSumit Bose2012-11-141-0/+6
| | | | | | | | Since the PAC responder is used during the authentication of users from trusted realms it is started automatically if the IPA ID provider is configured for a domain to simplify the configuration. Fixes https://fedorahosted.org/sssd/ticket/1613
* Add string_in_list() and add_string_to_list() with testsSumit Bose2012-11-142-0/+69
| | | | | | | | string_in_list() and add_string_to_list() are two utilities for NULL terminated strings arrays. add_string_to_list() adds a new string to an existing list or creates a new one with the strings as only item if there is not list. string_in_list() checks if a given string is in the list. It can be used case sensitive or in-sensitive.
* util_lock.c: sss_br_lock_file accepted invalid parameter valueMichal Zidek2012-11-112-3/+7
| | | | | | Return EINVAL if number of tries is <= 0. Also the parameter retries was renamed to num_tries, so it is more obvious that it also includes the first try.
* util: Added new file util_lock.cMichal Zidek2012-11-062-0/+87
|
* exit original process after sssd is initializedPavel Březina2012-11-062-2/+30
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1357 Neither systemd or our init script use pid file as a notification that sssd is finished initializing. They will continue starting up next service right after the original (not daemonized) sssd process is terminated. If any of the responders fail to start, we will never terminate the original process via signal and "service sssd start" will hang. Thus we take this as an error and terminate the daemon with a non-zero value. This will also terminate the original process and init script or systemd will print failure.
* fix indendation, coding style and debug levels in server.cPavel Březina2012-11-061-110/+114
|
* add SSSDBG_IMPORTANT_INFO macroPavel Březina2012-11-061-0/+1
| | | | | | | We currently have only SSSDBG_FATAL_FAILURE macro that corresponds to original debug level 0. But there are several level 0 messages that are not actually failures but an important information. We should use this new macro to represent them.
* Make sub-domains case-insensitiveSumit Bose2012-11-051-1/+1
| | | | | | | | | | Currently the only type of supported sub-domains are AD domains which are not case-sensitive. To make it easier for Windows user we make sub-domains case-insensitive as well which allows to write the username in any case at the login prompt. If support for other types of sub-domains is added it might be necessary to set the case-sensitive flag based on the domain type.
* sss_parse_name_for_domains: always return the canonical domain nameSumit Bose2012-11-051-2/+7
| | | | | | Domains may have a flat or short name to save some keystrokes when typing fully qualified user names. Internally sssd will always use the canonical name to allow consistent processing.
* Add replacement for krb5_find_authdata()Sumit Bose2012-11-052-0/+19
| | | | | | | | | krb5_find_authdata() is only available in MIT Kerberos 1.10 or higher. To allow sssd to be compiled on platform with lower version of MIT Kerberos a replacement call is added. Please note that on those platform the replacement call will only return an error. If the krb5_find_authdata functionality is really needed on those platform it must be implemented by a different patch.
* Only call krb5_set_trace_callback on platforms that support itJakub Hrozek2012-10-122-4/+18
|
* Collect krb5 trace on high debug levelsJakub Hrozek2012-10-122-0/+19
| | | | | | | If the debug level contains SSSDBG_TRACE_ALL, then the logs would also include tracing information from libkrb5. https://fedorahosted.org/sssd/ticket/1539
* remove left over principal selectionPavel Březina2012-10-022-106/+0
| | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1303 Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times. The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781. This patch removes the second call.
* monitor: create pid file after all responders are startedPavel Březina2012-10-021-0/+1
| | | | https://fedorahosted.org/sssd/ticket/1357
* Use flat name for master domain as wellSumit Bose2012-10-011-1/+2
|
* Add new option default_domain_suffixSumit Bose2012-10-011-11/+41
|
* sss_cache tool invalidates records in memory cache.Michal Zidek2012-09-241-0/+2
|
* Add provider specific default regular expressionsSumit Bose2012-09-201-0/+62
| | | | Fixes https://fedorahosted.org/sssd/ticket/1524
* Out-of-bounds read fix in hmac-sha-1Ondrej Kos2012-09-071-1/+3
|
* Check flat names when searching for sub-domains as wellSumit Bose2012-09-041-1/+3
|
* SSH: Add support for OpenSSH-style public keysJan Cholasta2012-09-041-13/+37
|
* SSH: Simplify public key formatting functionJan Cholasta2012-09-042-40/+9
|
* SSH: Return error code in SSH utility functionsJan Cholasta2012-09-042-17/+40
|
* Fix: IPv6 address with square brackets doesn't work.Michal Zidek2012-08-232-0/+32
| | | | https://fedorahosted.org/sssd/ticket/1365
* Consolidation of functions that make realm upper-caseOndrej Kos2012-08-232-0/+24
|
* Unbreak build on RHEL5: replace ldap_destroy() with ldap_unbind_ext()Pavel Březina2012-08-211-1/+1
| | | | ldap_destroy() is not present in RHEL5
* Close LDAP connection when unable to install TLSPavel Březina2012-08-211-13/+13
| | | | | | | We were not closing LDAP connection when using SSL with invalid certificate. https://fedorahosted.org/sssd/ticket/1490
* Fix compilation error in Python murmurhash bindingsJakub Hrozek2012-08-161-0/+2
| | | | | | The compilation produced an error due to missing declaration of uint32_t and a couple of warnings caused by different prototypes of argument parsing functions in older Python releases.
* Extend category support in SELinux user mapsJan Zeleny2012-07-231-6/+24
| | | | | | This patch adds the possibility for user/host category attributes to have more than one value. It also fixes semantically wrong evaluation of SELinux map priority.
* Added some DEBUG statements into SELinux related codeJan Zeleny2012-07-231-4/+24
|
* Modify priority evaluation in SELinux user mapsJan Zeleny2012-07-182-6/+45
| | | | | | | | | | | | | | | | | | | The functionality now is following: When rule is being matched, its priority is determined as a combination of user and host specificity (host taking preference). After the rule is matched in provider, only its host priority is stored in sysdb for later usage. When rules are matched in the responder, their user priority is determined. After that their host priority is retrieved directly from sysdb and sum of both priorities is user to determine whether to use that rule or not. If more rules have the same priority, the order given in IPA config is used. https://fedorahosted.org/sssd/ticket/1360 https://fedorahosted.org/sssd/ticket/1395
* Check for errors from krb5_unparse_nameStephen Gallagher2012-07-091-1/+8
| | | | Coverity #12781
* Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8Stef Walter2012-07-062-151/+0
| | | | | | | | * This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate.
* DEBUG: Log to syslog if we are unable to open a debug fdStephen Gallagher2012-06-291-0/+5
|
* libcrypto fully implementedGeorge McCollister2012-06-264-9/+442
| | | | | | | | | | | | | | | | Implemented working versions of the following functions for libcrypto: sss_base64_encode sss_base64_decode sss_hmac_sha1 sss_password_encrypt sss_password_decrypt test_encrypt_decrypt now expects EOK from libcrypto. test_hmac_sha1 now expects EOK from libcrypto. Added test_base64_encode to test base64 encoding implementation. Added test_base64_decode to test base64 decoding implementation. Signed-off-by: George McCollister <George.McCollister@gmail.com>
* Fix re_expression matching with subdomainsJan Zeleny2012-06-211-15/+19
| | | | | | | | | | | This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
* UTILS: Fix segfault due to sss_parse_name_for_domainsStephen Gallagher2012-06-211-7/+10
| | | | | | | | The recent fixes for per-domain parsing can cause a segfault in the netgroup processing if the domain isn't set to NULL when it's parsed as "any domain". https://fedorahosted.org/sssd/ticket/1383
* Move some debug lines to new debug log levelsStef Walter2012-06-202-5/+5
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Fix typo breaking DIR cache detectionStephen Gallagher2012-06-181-2/+0
|
* KRB5: Auto-detect DIR cache support in configureStephen Gallagher2012-06-152-2/+18
| | | | | | We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
* Fix compilation on older little-endian systemsStephen Gallagher2012-06-151-1/+2
|
* Use Kerberos context in KRB5_DEBUGJakub Hrozek2012-06-141-0/+8
| | | | | Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages.
* Add support for storing credential caches in the DIR: back endJakub Hrozek2012-06-142-20/+4
| | | | https://fedorahosted.org/sssd/ticket/974
* Residual util functionsJakub Hrozek2012-06-142-0/+102
| | | | | | Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc.
generated by cgit (git 2.34.1) at 2024-05-01 14:01:19 +0000