summaryrefslogtreecommitdiffstats
path: root/src/util
Commit message (Collapse)AuthorAgeFilesLines
* UTIL: Sanitize whitespaces.Lukas Slebodnik2014-02-261-0/+10
| | | | | | | | | | | | | Original patches submitted by: mpesari(Thanks!!) It can cause problems if user will hit spaces before entering username. (e.g in gdm). Spaces are ignored by LDAP; it's better to escape them. Resolves: https://fedorahosted.org/sssd/ticket/1955 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 2b8208b45feb2aab64d560d3e12e01e7b6d00d39)
* LDAP: Detect the presence of POSIX attributesJakub Hrozek2014-02-122-0/+2
| | | | | | | | | | | | | | | | | | | | When the schema is set to AD and ID mapping is not used, there is a one-time check ran when searching for users to detect the presence of POSIX attributes in LDAP. If this check fails, the search fails as if no entry was found and returns a special error code. The sdap_server_opts structure is filled every time a client connects to a server so the posix check boolean is reset to false again on connecting to the server. It might be better to move the check to where the rootDSE is retrieved, but the check depends on several features that are not known to the code that retrieves the rootDSE (or the connection code for example) such as what the attribute mappings are or the authentication method that should be used. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit e81deec535d11912b87954c81a1edd768c1386c9)
* utils: handling NULL params in sss_parse_namePavel Reichl2014-02-112-26/+30
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: Inherit parent domain's default_shellJakub Hrozek2014-01-151-1/+4
| | | | | Some override parameters were not inherited when creating subdomains. Especially with AD trusts, this gave strange results.
* LDAP: Add a new error code for malformed access control filterJakub Hrozek2014-01-092-0/+2
| | | | | | | https://fedorahosted.org/sssd/ticket/2164 The patch adds a new error code and special cases the new code so that access is denied and a nicer log message is shown.
* Use lower-case name for case-insensitive searchesSumit Bose2013-12-192-0/+36
| | | | | | | | | | | | The patch makes sure that a completely lower-cased version of a fully qualified name is used for case insensitive searches. Currently there are code paths where the domain name was used as configured and was not lower-cased. To make sure this patch does not break with old entries in the cache or case sensitive domains a third template was added to the related filters templates which is either filled with a completely lower-cased version or with the old version. The other two template values are unchanged.
* SSSD: Improved domain detectionPavel Reichl2013-11-292-5/+29
| | | | | | | A bit more elegant way of detection of what domain the group member belongs to Resolves: https://fedorahosted.org/sssd/ticket/2132
* monitor: Specific error message for missing sssd.confPavel Reichl2013-11-272-0/+2
| | | | | | | | Specific error message is logged for missing sssd.conf file. New sssd specific error value is introduced for this case. Resolves: https://fedorahosted.org/sssd/ticket/2156
* utils: add ERR_DOMAIN_NOT_FOUND error codePavel Březina2013-10-252-0/+2
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* find_subdomain_by_sid: skip domains with missing domain_idSumit Bose2013-10-251-11/+19
|
* Inherit ID limits of parent domains if setJakub Hrozek2013-10-241-3/+5
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2123 Previously, the subdomains were always unbound even if the administrator limited the ranges with min_id/max_id. This could have posed problems when running programs that scan the whole ID space, such as "groupadd -r".
* INI: Disable line-wrapping functionalityJakub Hrozek2013-10-111-1/+1
| | | | | | | Supporting the latest INI release brought an incompatible change. Lines beginning with a whitespace were treated as continuation of the previous line. This patch reverts to ignoring the whitespace as we did previously so that the existing configurations keep working.
* ipa_server_mode: write capaths to krb5 include fileSumit Bose2013-09-272-2/+52
| | | | | | | | | | | | If there are member domains in a trusted forest which are DNS-wise not proper children of the forest root the IPA KDC needs some help to determine the right authentication path. In general this should be done internally by the IPA KDC but this works requires more effort than letting sssd write the needed data to the include file for krb5.conf. If this functionality is available for the IPA KDC this patch might be removed from the sssd tree. Fixes https://fedorahosted.org/sssd/ticket/2093
* IPA: store forest name for forest member domainsSumit Bose2013-09-272-2/+12
| | | | | In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
* util: add get_domains_head()Pavel Březina2013-09-262-0/+15
| | | | | | | This function will return head of the domain list. Resolves: https://fedorahosted.org/sssd/ticket/2066
* util: add find_subdomain_by_object_name()Pavel Březina2013-09-172-0/+39
| | | | | | | | This function will parse object name into name and domain name part and return appropriate sss domain. Resolves: https://fedorahosted.org/sssd/ticket/2034
* util: add find_subdomain_by_sid()Pavel Březina2013-09-172-0/+35
| | | | | | | | | | | | | | This function takes domain SID (doesn't have the last component) or object SID (have all components) and returns subdomain. The subdomain is found by comparing domain->domainid with the SID. E.g. domain SID: S-1-5-21-3940105347-3434501867-2690409756 object SID: S-1-5-21-3940105347-3434501867-2690409756-513 Resolves: https://fedorahosted.org/sssd/ticket/2034
* util: add sss_idmap_talloc[_free]Pavel Březina2013-09-172-0/+60
| | | | Remove code duplication.
* Enable printf format string checkingLukas Slebodnik2013-09-111-2/+8
| | | | https://fedorahosted.org/sssd/ticket/1945
* Fix formating of variables with type: id_tLukas Slebodnik2013-09-111-1/+25
|
* Fix formating of variables with type: rlim_tLukas Slebodnik2013-09-111-0/+7
|
* Fix formating of variables with type: key_serial_tLukas Slebodnik2013-09-111-0/+3
|
* Adding new header for printf formating macrosLukas Slebodnik2013-09-112-0/+33
|
* Fix formating of variables with type: size_tLukas Slebodnik2013-09-111-1/+1
|
* Fix formating of variables with type: ssize_tLukas Slebodnik2013-09-113-4/+5
|
* Fix formating of variables with type: intLukas Slebodnik2013-09-111-2/+3
|
* Fix formating of variables with type: longLukas Slebodnik2013-09-111-2/+2
|
* krb5: Remove unused helper functionsSimo Sorce2013-09-092-88/+0
| | | | | | | these functions are not needed anymore. Related: https://fedorahosted.org/sssd/ticket/2061
* krb5: Remove unused functionSimo Sorce2013-09-092-32/+0
| | | | | Related: https://fedorahosted.org/sssd/ticket/2061
* krb5: Make check_for_valid_tgt() staticSimo Sorce2013-09-092-76/+0
| | | | | | | check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there. Resolves: https://fedorahosted.org/sssd/ticket/2061
* utils: add is_host_in_domain()Pavel Březina2013-09-052-0/+17
|
* Rename SAFEALIGN macrosMichal Zidek2013-09-051-30/+40
| | | | | The new SAFEALIGN macros name turned to be inappropriate because they do not reflect what the macros really do.
* UTIL: Use standard maximum value of type size_tLukas Slebodnik2013-09-031-3/+2
| | | | | | | It is better to use standard constant for maximum value of type size_t, instead of reinventing wheel with own defined constant SIZE_T_MAX This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
* UTIL: Explicitly include header file sys/socket.hLukas Slebodnik2013-08-281-0/+1
| | | | | | | We use constant AF_INET6 in util.c, but we do not explicitly include header file sys/socket.h. This header file was indirectly incuded by another header file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can have other dependencies among header files.
* UTIL: Create new wraper header file sss_endian.hLukas Slebodnik2013-08-285-32/+61
| | | | | | Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
* Add a new option to control subdomain enumerationJakub Hrozek2013-08-282-1/+28
|
* Read enumerate state for subdomains from cacheJakub Hrozek2013-08-282-3/+5
| | | | | The enumerate flag will be read from the cache for subdomains and the domain object will be created accordingly.
* krb5: Fetch ccname template from krb5.confStephen Gallagher2013-08-282-0/+2
| | | | | | | | | | | | | In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
* KRB5: Add support for KEYRING cache typeStephen Gallagher2013-08-272-0/+16
| | | | https://fedorahosted.org/sssd/ticket/2036
* KRB5: Add low-level debugging to sss_get_ccache_name_for_principalStephen Gallagher2013-08-271-0/+6
|
* Fix memory leak insss_krb5_get_error_messageLukas Slebodnik2013-08-221-0/+1
| | | | warning reported by cppcheck
* Use brackets around macros.Lukas Slebodnik2013-08-221-4/+4
| | | | warnings reported by cppcheck.
* KRB5: Add new #define for collection cache typesStephen Gallagher2013-08-222-11/+11
| | | | | | Kerberos now supports multiple types of collection caches, not just DIR: caches. We should add a macro for generic collection behavior and use that where appropriate.
* mmap_cache: Use better checks for corrupted mc in responderMichal Zidek2013-08-191-2/+0
| | | | | We introduced new way to check integrity of memcache in the client code. We should use similiar checks in the responder.
* mmap_cache: Off by one error.Michal Zidek2013-08-191-0/+3
| | | | | Removes off by one error when using macro MC_SIZE_TO_SLOTS and adds new macro MC_SLOT_WITHIN_BOUNDS.
* UTIL: Remove obsolete compat macrosJakub Hrozek2013-08-191-19/+0
| | | | All supported tevent releases contain these macros.
* mmap_cache: Check if slot and name_ptr are not invalid.Michal Zidek2013-08-111-0/+3
| | | | | | | This patch prevents jumping outside of allocated memory in case of corrupted slot or name_ptr values. It is not proper solution, just hotfix until we find out what is the root cause of ticket https://fedorahosted.org/sssd/ticket/2018
* Fix warnings: uninitialized variableLukas Slebodnik2013-07-221-1/+1
|
* IPA: warn if full_name_format is customized in server modeJakub Hrozek2013-07-191-1/+1
| | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2009 If the IPA server mode is on and the SSSD is running on the IPA server, then the server's extdom plugin calls getpwnam_r to read info about trusted users from the AD server and return them to the clients that called the extended operation. The SSSD returns the subdomain users fully-qualified, ie "user@domain" by default. The format of the fully qualified name is configurable. However, the extdom plugin returns the user name without the domain component. With this patch, when ipa_server_mode is on, warn if the full_name_format is set to a non-default value. That would prompt the admin to change the format if he changed it to something exotic.
* Add mising argument required by format stringLukas Slebodnik2013-07-191-1/+1
|
generated by cgit (git 2.34.1) at 2024-04-27 17:57:08 +0000