sssd.git - sssd with jhrozek's patches

	Commit message (Collapse)	Author	Age	Files	Lines
*	SYSDB: Drop redundant sysdb_ctx parameter from sysdb.c	Michal Zidek	2013-11-15	20	-115/+89
\|
*	SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 2)	Michal Zidek	2013-11-15	43	-490/+372
\|
*	SYSDB: Drop the sysdb_ctx parameter from the sysdb_sudo.c module	Jakub Hrozek	2013-11-15	7	-74/+53
\|
*	SYSDB: Drop the sysdb_ctx parameter from the sysdb_idmap module	Jakub Hrozek	2013-11-15	3	-22/+16
\|
*	SYSDB: Drop the sysdb_ctx parameter - module sysdb_ops (part 1)	Michal Zidek	2013-11-15	22	-239/+159
\|
*	SYSDB: Drop the sysdb_ctx parameter from the sysdb_ssh module	Michal Zidek	2013-11-15	5	-45/+28
\|
*	SYSDB: Drop the sysdb_ctx parameter from the sysdb_services module	Michal Zidek	2013-11-15	11	-97/+71
\|
*	SYSDB: Drop the sysdb_ctx parameter from the sysdb_search module	Michal Zidek	2013-11-15	31	-182/+99
\|
*	SYSDB: Drop the sysdb_ctx parameter from SELinux functions	Jakub Hrozek	2013-11-15	3	-30/+21
\|
*	SYSDB: Drop the sysdb_ctx parameter from the autofs API	Jakub Hrozek	2013-11-15	8	-92/+60
\|
*	Merge ipa_selinux_common.c and ipa_selinux.c	Jakub Hrozek	2013-11-15	5	-185/+50
\| \| \| \| \|	Moved unused functions and merged ipa_selinux_common.c into ipa_selinux.c
*	monitor: return right error code	Lukas Slebodnik	2013-11-15	1	-1/+1
\| \| \| \|	If talloc_zero fails ENOMEM should be returned and no EIO
*	PAC: Free config attribute when it's processed	Jakub Hrozek	2013-11-14	1	-0/+1
\|
*	LDAP: Prevent from using uninitialized sdap_options	Lukas Slebodnik	2013-11-14	1	-1/+1
\| \| \| \| \| \| \| \|	ldap_get_options can fail in time of ldap back end initialisation and then sssd try to release uninitialised sdap_options. Resolves: https://fedorahosted.org/sssd/ticket/2147
*	Remove unused variable	Jakub Hrozek	2013-11-12	1	-1/+0
\|
*	BUILD: Change error message if missing cifsimap.h	Lukas Slebodnik	2013-11-12	1	-1/+4
\| \| \| \| \| \| \| \| \| \|	cifs-idmap plugin is enabled by default, but required header file cifsidmap.h needn't be available on other distributions. It was not clear that cifs-idmap plugin is optional feature of sssd. With this patch, configure will recommend to build sssd without cifs idmap plugin if cifsidmap.h is not available. Resolves: https://fedorahosted.org/sssd/ticket/2125
*	Signals: Refactor termination of processes	Simo Sorce	2013-11-12	4	-29/+13
\| \| \| \| \| \| \| \|	sig_term() was never used as a real signal handler, but only called by tevent signal handlers in the kerberos and ldap children. Also the same code was duplicated with separate local guard variables in other functions. Unify orderly termination handling, between all these functions.
*	Signals: Remove empty sig_hup	Simo Sorce	2013-11-12	1	-8/+0
\| \| \| \| \|	SIGHUP handling is implemented later using a tevent handler so sig_hup() is useless.
*	Signals: Remove unused functions	Simo Sorce	2013-11-12	2	-59/+0
\| \| \| \|	Cleanup unused signal functions
*	Add ldap_autofs_map_master_name option	Cove Schneider	2013-11-12	11	-9/+34
\|
*	BUILD: Explicitly link libsss_ad.so with sasl libs	Lukas Slebodnik	2013-11-11	1	-0/+17
\| \| \| \| \| \|	If openldap is not built with sasl support libsss_ad.so will not be linked with libsasl2 although sasl_client_init is called by function ad_sasl_initialize.
*	Initialize sid_str to NULL to avoid freeing random data	Jakub Hrozek	2013-11-08	2	-2/+2
\| \| \| \| \|	If any function before failed, sss_idmap_free_sid() might have been called with random data.
*	UTIL: Free log message when using journald	Jakub Hrozek	2013-11-07	1	-0/+2
\|
*	confdb: Make offline timeout configurable	Michal Zidek	2013-11-07	5	-2/+32
\| \| \| \| \| \| \|	Added and documented option offline_timeout. Resolves: https://fedorahosted.org/sssd/ticket/1718
*	responder: Access packet header using SAFEALIGN macros.	Michal Zidek	2013-11-07	1	-37/+68
\| \| \| \| \|	resolves: https://fedorahosted.org/sssd/ticket/1359
*	NSS: Set packet length for initgroups	Lukas Slebodnik	2013-11-07	1	-0/+7
\| \| \| \| \| \| \| \| \| \|	Some groups could be skipped, but packet length was not trimmed. This is a reason why valgrind reported access to uninitialised bytes. Actually, it isn't a problem, because the first uint32 in body is number of sended gids. Resolves: https://fedorahosted.org/sssd/ticket/2138
*	free idmapped binary SIDs correctly	Pavel Březina	2013-11-07	3	-7/+7
\| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2133
*	free idmapped smb SIDs correctly	Pavel Březina	2013-11-07	1	-3/+3
\| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2133
*	free idmapped dom SIDs correctly	Pavel Březina	2013-11-07	1	-6/+6
\| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2133
*	free idmapped SIDs correctly	Pavel Březina	2013-11-07	8	-13/+20
\| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2133
*	idmap: add API to free allocated SIDs	Pavel Březina	2013-11-07	2	-0/+84
\|
*	Enhance/add unit tests for find_subdomain_by_sid/name	Sumit Bose	2013-11-04	2	-0/+267
\|
*	Include ext headers with #include <foo.h> - cont	Pavel Reichl	2013-11-04	9	-9/+10
\| \| \| \|	Changing style of including header files from outside of sssd tree - from "header.h" to <header.h>
*	AD: Fix ad_access_filter parsing with empty filter	Jakub Hrozek	2013-10-30	2	-0/+24
\|
*	NSS: Fix parenthesis	Jakub Hrozek	2013-10-30	1	-1/+1
\|
*	LDAP: Check all search bases during nested group processing	Jakub Hrozek	2013-10-30	1	-13/+42
\|
*	nested groups: pick correct domain for cache lookups	Pavel Březina	2013-10-30	1	-4/+12
\| \| \| \| \| \| \| \| \|	Groups may contain members from different domains. We need to make sure that we always choose correct domain for subdomain users when looking up in sysdb. Resolves: https://fedorahosted.org/sssd/ticket/2064
*	sdap_fill_memberships: pick correct domain for every member	Pavel Březina	2013-10-30	1	-4/+19
\| \| \| \| \| \| \| \| \|	Groups may contain members from different domains. We need to make sure that we always choose correct domain for subdomain users when looking up in sysdb. Resolves: https://fedorahosted.org/sssd/ticket/2064
*	ghosts: pick correct domain for every member	Pavel Březina	2013-10-30	1	-10/+15
\| \| \| \| \| \| \| \| \|	Groups may contain members from different domains. We need to make sure that we store subdomain users with correct domain name. Resolves: https://fedorahosted.org/sssd/ticket/2064
*	sdap: add sdap_domain_get_by_dn()	Pavel Březina	2013-10-30	2	-0/+28
\| \| \| \| \| \| \| \|	This function will find sdap domain by comparing object dn with domain base dn. Resolves: https://fedorahosted.org/sssd/ticket/2064
*	sdap: store base dn in sdap_domain	Pavel Březina	2013-10-30	2	-15/+22
\| \| \| \| \| \| \| \| \|	Groups may contain members from different domains. Remembering base dn in domain object gives us the ability to simply lookup correct domain by comparing object dn with domain base dn. Resolves: https://fedorahosted.org/sssd/ticket/2064
*	ad: shortcut if possible during get object by ID or SID	Pavel Březina	2013-10-30	1	-0/+96
\| \| \| \| \| \| \| \| \| \|	When getByID or getBySID comes from responder, the request doesn't necessarily have to contain correct domain, since responder iterates over all domains until it finds a match. Every domain has its own ID range, so we can simply shortcut if domain does not match and avoid LDAP round trip. Responder will continue with next domain until it finds the correct one.
*	free sid obtained from sss_idmap_unix_to_sid()	Pavel Březina	2013-10-30	1	-0/+2
\|
*	be_spy_create: free be_req and not the long living data	Sumit Bose	2013-10-30	1	-1/+1
\|
*	LDAP: Return correct error code	Lukas Slebodnik	2013-10-30	1	-1/+1
\| \| \| \| \| \|	If talloc_array return NULL we should return right error code from function sdap_domain_subdom_add. It might happen that we could return either wrong error code or uninitialized variable ret.
*	MAN: Document that krb5 directories can only be created as private	Jakub Hrozek	2013-10-29	1	-10/+3
\|
*	NSS: Use new safealign macros in NSS responder	Jakub Hrozek	2013-10-29	1	-2/+2
\|
*	NSS: Fix service enumeration	Jakub Hrozek	2013-10-29	1	-1/+5
\| \| \| \| \| \| \|	The code wrote into the middle of the packet to a space that was already reserved and allocated but then still advanced the pointer to the buffer. https://fedorahosted.org/sssd/ticket/2124
*	ad_subdom_store: check ID mapping of the domain not of the parent	Sumit Bose	2013-10-29	1	-2/+2
\|
*	KRB5: Handle ERR_CHPASS_FAILED	Jakub Hrozek	2013-10-29	1	-0/+6
\| \| \| \| \| \| \|	The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which resulted in the default return code (System Error) to be returned if password change failed for pretty much any reason, including password too recent etc.