summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* sysdb: use sysdb_user/group_dnPavel Březina2015-03-094-38/+18
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: get rid of callback pointersPavel Březina2015-03-091-67/+31
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: support groupsPavel Březina2015-03-085-0/+63
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2346 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: support usersPavel Březina2015-03-085-0/+62
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2346 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: add sdap_refresh_initPavel Březina2015-03-085-30/+33
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: refactor netgroups refreshPavel Březina2015-03-081-32/+77
| | | | | | | This is a preparation to support other object types without introducing duplicated code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sdap_handle_acct_req_send: remove be_reqPavel Březina2015-03-084-17/+13
| | | | | | | | | | | be_req was used only as a talloc context for subreq. This memory context was replace by state of the parent request which is more suitable for tevent coding style. This change will allow us to use this function in be_refresh where none be_req is available. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* be_refresh: refresh all domains in backendPavel Březina2015-03-084-37/+66
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: fix minor neglect in is_account_locked()Pavel Reichl2015-03-061-0/+2
| | | | | | | | | | It would be better to return explicit error code, although access is still denied and error message printed. Relates: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* ldap_child: initialized ccname_file_dummySumit Bose2015-03-061-1/+1
| | | | | | | | | | ccname_file_dummy is used in the done-block which is called before ccname_file_dummy is set to a value. This patch initializes ccname_file_dummy to NULL. Related to https://fedorahosted.org/sssd/ticket/2592 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SDAP: Lock out ssh keys when account naturally expiresPavel Reichl2015-03-054-90/+245
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* UTIL: convert GeneralizedTime to unix timePavel Reichl2015-03-055-0/+115
| | | | | | | | New utility function *sss_utc_to_time_t* to convert GeneralizedTime to unix time. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* selinux: Delete existing user mapping on empty defaultJakub Hrozek2015-03-042-7/+17
| | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2587 The case of SELinux default user mapping being an empty string is valid, it should translate into "pick the default context on the target machine". In case the context is empty, we need to delete the per-user mapping from the SELinux database to make sure the default is used. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* LDAP: unlink ccname_file_dummy if there is an errorDaniel Hjorth2015-03-041-1/+11
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2592 If there is an error after ccname_file_dummy is created but before it is renamed then the file isn't removed. This can cause a lot of files to be created and take up inodes in a filesystem. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: enable change phase of pw expire policy checkPavel Reichl2015-03-037-1/+119
| | | | | | | | | | | | | Implement new option which does checking password expiration policy in accounting phase. This allows SSSD to issue shadow expiration warning even if alternate authentication method is used. Resolves: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com>
* SDAP: refactor pwexpire policyPavel Reichl2015-03-032-32/+90
| | | | | | | | | Move part of pwexpire policy code to a separate function. Relates to: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Use SRV TTL in fail over codeJakub Hrozek2015-03-0310-9/+647
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/1884 Removes the hardcoded SRV TTL timeout and uses TTL from the DNS instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* resolv: Use the same default timeout for SRV queries as previouslyJakub Hrozek2015-03-032-1/+7
| | | | | | | | | | | When we changed the resolver code to use the TTL values from the DNS queries instead of harcoded ones, we changed the default value by accident. Add a separate SRV TTL that is backwards-compatible with the old harcoded value. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* Remove useless assignment to function parameterLukas Slebodnik2015-03-023-3/+0
| | | | | | | | | | | | | Reported by: cppcheck void free_fun(struct info *info) free(info->name); free(info); info = NULL; ^^^^^^^^^^^ Assignment to function parameter has no effect outside the function. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* SDAP: log expired accounts at lower severity levelPavel Reichl2015-03-021-4/+16
| | | | | | | Attempts to log into expired accounts were logged as SSSDBG_CRIT_FAILURE which is misleading as no real failures were happening. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IPA: Remove unused argument from ipa_id_get_group_uuidsLukas Slebodnik2015-03-021-2/+0
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Remove unused argument from be_nsupdate_create_fwd_msgLukas Slebodnik2015-03-023-3/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PROXY: add missing space in debug messagePavel Reichl2015-02-271-2/+2
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: check return value of confdb_get_stringPavel Reichl2015-02-271-0/+6
| | | | | | Coverity found this neglect. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* PAM: print the pam status as string, tooJakub Hrozek2015-02-253-5/+9
| | | | | | | | On several places, let's add a pam_strerror() call so that it's easier to debug user problems. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
* SPEC: Build python3 bindings on available platformsLukas Slebodnik2015-02-252-5/+11
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2574 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* TESTS: Run python tests with all supported python versionsLukas Slebodnik2015-02-256-0/+30
| | | | | | | This patch add simple bash wrappers for python tests. They are executed either with python2 or python3. Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Add possibility to build python{2,3} bindingsLukas Slebodnik2015-02-253-17/+66
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2574 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Use python-config for detection *FLAGSLukas Slebodnik2015-02-251-31/+32
| | | | | | | | The script python-config was not available in older versions of python. This patch simplify detection of python CFLAGS and LDFLAGS and increase minimal required version of python to 2.6 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* UTIL: Remove python wrapper sss_python_unicode_from_stringLukas Slebodnik2015-02-254-24/+10
| | | | | | The function PyUnicode_FromString is available in python >= 2.6 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* UTIL: Remove compatibility macro PyModule_AddIntMacroLukas Slebodnik2015-02-252-6/+1
| | | | | | The macro PyModule_AddIntMacro is defined in python >= 2.6 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* UTIL: Remove python wrapper sss_python_set_checkLukas Slebodnik2015-02-254-15/+2
| | | | | | The macro PySet_Check is defined in python >= 2.6 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* UTIL: Remove python wrapper sss_python_set_addLukas Slebodnik2015-02-254-21/+3
| | | | | | The function PySet_Add is available in python >= 2.6 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* UTIL: Remove python wrapper sss_python_set_newLukas Slebodnik2015-02-254-14/+3
| | | | | | The function PySet_New is available in python >= 2.6 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Remove detection of type Py_ssize_tLukas Slebodnik2015-02-252-19/+0
| | | | | | The type Py_ssize_t is defined in python >= 2.6 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* BUILD: Remove unused variablesLukas Slebodnik2015-02-251-2/+0
| | | | Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* LDAP: Conditional jump depends on uninitialised valueLukas Slebodnik2015-02-231-3/+4
| | | | | | | | | | | | | | | | | | | | | | | | ==31767== at 0x5B66CFC: users_get_posix_check_done (ldap_id.c:346) ==31767== by 0x4DCC6AA: _tevent_req_notify_callback (tevent_req.c:112) ==31767== by 0x4DCC724: tevent_req_finish (tevent_req.c:149) ==31767== by 0x4DCC782: _tevent_req_error (tevent_req.c:167) ==31767== by 0x5B7ED43: sdap_posix_check_done (sdap_async.c:2486) ==31767== by 0x4DCC6AA: _tevent_req_notify_callback (tevent_req.c:112) ==31767== by 0x4DCC724: tevent_req_finish (tevent_req.c:149) ==31767== by 0x4DCC782: _tevent_req_error (tevent_req.c:167) ==31767== by 0x5B7DE37: sdap_get_generic_op_finished (sdap_async.c:1523) ==31767== by 0x5B7D62B: sdap_process_result (sdap_async.c:357) ==31767== by 0x4DCFC1C: tevent_common_loop_timer_delay (tevent_timed.c:341) ==31767== by 0x4DD0E12: epoll_event_loop_once (tevent_epoll.c:911) ==31767== by 0x4DCF23E: std_event_loop_once (tevent_standard.c:114) ==31767== by 0x4DCB38F: _tevent_loop_once (tevent.c:530) ==31767== by 0x4DCB58B: tevent_common_loop_wait (tevent.c:634) ==31767== by 0x4DCF1BE: std_event_loop_wait (tevent_standard.c:140) ==31767== by 0x4DCB627: _tevent_loop_wait (tevent.c:653) ==31767== by 0x489AB98: server_loop (server.c:668) ==31767== by 0x10D035: main (data_provider_be.c:2915) Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: warn all services about account expirationPavel Reichl2015-02-231-2/+17
| | | | | | | | | | if pam_verbose is above one then output warning about account expiration for all services. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com>
* PAM: new option pam_account_expired_messagePavel Reichl2015-02-236-5/+35
| | | | | | | | | | This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com>
* PAM: do not reject abruptlyPavel Reichl2015-02-233-5/+130
| | | | | | | | | If account has expired then pass message. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com>
* RESPONDERS: Warn to syslog about colliding objectsLukas Slebodnik2015-02-182-0/+18
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2203 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* LDAP: Handle ENOENT better in the cleanup taskJakub Hrozek2015-02-171-9/+8
| | | | | | | | | The cleanup task handled both count=0 and ret=ENOENT separately which makes no sense, the count=0 handler was dead code previously. Set count=0 on ENOENT instead to just bubble through the DEBUG message gracefully as well. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* LDAP: Add better DEBUG messages to the cleanup taskJakub Hrozek2015-02-171-0/+11
| | | | | | | | Some failures would shortcut to the done handler without telling us anything about why it failed. This commit decorates the cleanup task with more DEBUG statements. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* GPO: Better debugging for gpo_child's mkdirJakub Hrozek2015-02-171-1/+6
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sbus: add constant to represent subtreePavel Březina2015-02-173-2/+9
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: simplify object path constant namesPavel Březina2015-02-176-17/+15
| | | | | | | | | | | | | | | | | | | | The number of interfaces will grow and in order to keep names of object path constant consistent it means that also their names will grow. The new naming schema is: /org/freedesktop/sssd/infopipe -> IFP_PATH_ / -> _ everything uppercase Example: /org/freedesktop/sssd/infopipe/Components/Responders -> IFP_PATH_COMPONENTS_RESPONDERS If the path contains a _TREE suffix, it represents the whole subtree. For example: IFP_PATH_DOMAINS_TREE is /org/freedesktop/sssd/infopipe/Domains/* Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus codegen: do not prefix getters with iface namePavel Březina2015-02-177-133/+133
| | | | | | | | | | | | | | | | | | Prefixing getters with C name of the interface is just redundant since it is the same as the name of the structure that contains those fields. The following structure: struct test_pilot { $type test_pilot_get_name; } changes to: struct test_pilot { $type get_name; } Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: unify generated interfaces namesPavel Březina2015-02-178-214/+213
| | | | | | | | | | | | | | | Number of interfaces will grow. It is mandatory to unify names of generated structures and methods to simplify coding and debugging. The C name is created from D-Bus lowercased interface name using the following rewrite rules: org.freedesktop.sssd.infopipe -> iface_ifp . -> _ Example: org.freedesktop.sssd.infopipe.Domains -> iface_ifp_domains Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IFP: move interface definitions from ifpsrv.c into separate filePavel Březina2015-02-173-76/+112
| | | | | | | Number of IFP interfaces will grown up rapidly in the future. It is not convenient to keep it inside ifpsrv.c. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: remove unused 'reply as' functionsPavel Březina2015-02-173-350/+0
| | | | | | These functions became unused after previous patch. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-27 18:29:33 +0000