Commit message (Collapse) | Author | Age | Files | Lines | ||
---|---|---|---|---|---|---|
... | ||||||
* | Fix typo in Makefile | Stephen Gallagher | 2010-06-02 | 1 | -1/+1 | |
| | | | | Caused the kerberos provider to not use the kernel keyring | |||||
* | Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el() | Sumit Bose | 2010-06-02 | 1 | -23/+12 | |
| | | | | | | | | sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT. | |||||
* | Add sysdb_attrs_get_string_array() | Sumit Bose | 2010-06-02 | 2 | -0/+35 | |
| | ||||||
* | Compare full service name | Sumit Bose | 2010-06-02 | 1 | -1/+2 | |
| | ||||||
* | Fix handling of ccache file when going offline | Sumit Bose | 2010-06-02 | 2 | -32/+77 | |
| | | | | | | | The ccache file was removed too early if system is offline but the backend was not already marked offline. Now we remove the ccache file only if the successfully got a new one and it is not the same as the old one. | |||||
* | Update sv translation | Göran Uddeborg | 2010-06-02 | 1 | -36/+32 | |
| | ||||||
* | Updating sv translation | Göran Uddeborg | 2010-05-27 | 1 | -62/+53 | |
| | ||||||
* | Release SSSD version 1.2.0sssd-1_2_0 | Stephen Gallagher | 2010-05-24 | 14 | -128/+128 | |
| | ||||||
* | Support password changes in chpass_provider = proxy | Stephen Gallagher | 2010-05-24 | 1 | -5/+73 | |
| | | | | | We were not passing the old authtok to the pam_chauthtok() function, causing it to return PAM_AUTH_ERR. | |||||
* | Fix queuing bug in proxy provider | Stephen Gallagher | 2010-05-24 | 1 | -5/+7 | |
| | | | | | | | We weren't zeroing out the proxy_auth_ctx when we created it, so the 'running' element was sometimes being filled with garbage data that exceeded the maximum number of child processes. This meant that no requests were ever sent to the child processes. | |||||
* | Display name of PAM action in pam_print_data() | Stephen Gallagher | 2010-05-24 | 1 | -1/+22 | |
| | ||||||
* | Use new schema for HBAC service checks | Sumit Bose | 2010-05-23 | 2 | -22/+812 | |
| | ||||||
* | Check ipaEnabledFlag | Sumit Bose | 2010-05-23 | 1 | -5/+23 | |
| | ||||||
* | Proxy provider PAM handling in child process | Stephen Gallagher | 2010-05-23 | 4 | -148/+1561 | |
| | | | | | | | | | | | | | This patch adds a new tevent_req to the proxy provider, which will spawn short-lived child processes to handle PAM requests. These processes then call the proxied PAM stack and return the results via SBUS method reply. Once it is returned, the parent process kills the child. There is a maximum of ten child processes running simultaneously, after which requests will be queued for sending once a child slot frees up. The maximum processes will be made configurable at a later date (as this would violate string freeze). | |||||
* | Fix error reporting for be_pam_handler | Stephen Gallagher | 2010-05-23 | 1 | -1/+1 | |
| | ||||||
* | Make data provider id_callback public | Stephen Gallagher | 2010-05-23 | 2 | -2/+3 | |
| | ||||||
* | Move parse_args() to util | Sumit Bose | 2010-05-23 | 3 | -100/+101 | |
| | ||||||
* | Do not modify IPA_DOMAIN when setting Kerberos realm | Sumit Bose | 2010-05-23 | 1 | -6/+20 | |
| | ||||||
* | Remove signal event if child was terminated by a signal | Sumit Bose | 2010-05-23 | 2 | -6/+29 | |
| | ||||||
* | Update uk translation | Yuri Chornoivan | 2010-05-23 | 1 | -7/+6 | |
| | ||||||
* | Remove bash-isms from configure macros | Petter Reinholdtsen | 2010-05-21 | 3 | -14/+14 | |
| | ||||||
* | Copy-edit and format review sssd.conf | David O'Brien | 2010-05-21 | 1 | -18/+27 | |
| | | | | | | Updated EntryCache*Timeout to the correct values. Fixed one missed EntryCacheTimeout Added notes about perf hit of using enumeration. | |||||
* | Add enumerate details to the manpage and examples | Stephen Gallagher | 2010-05-20 | 2 | -3/+21 | |
| | ||||||
* | Copy pam data from DBus message | Sumit Bose | 2010-05-20 | 3 | -54/+75 | |
| | | | | | | | | Instead of just using references to the pam data inside of the DBus message the data is copied. New the DBus message can be freed at any time and the pam data is part of the memory hierarchy. Additionally it is possible to overwrite the authentication tokens in the DBus message, because it is not used elsewhere. | |||||
* | Defer sbus_dispatch() for 30ms during reconnect | Sumit Bose | 2010-05-20 | 1 | -1/+2 | |
| | ||||||
* | Fix check if LDAP id provider is already initialized | Sumit Bose | 2010-05-20 | 1 | -1/+1 | |
| | ||||||
* | Add a better error message for TLS failures | Stephen Gallagher | 2010-05-20 | 1 | -3/+32 | |
| | ||||||
* | Reset run_online_cb flag even if there are no callbacks | Sumit Bose | 2010-05-20 | 1 | -8/+10 | |
| | ||||||
* | SSSDConfigAPI fixes | Jakub Hrozek | 2010-05-20 | 4 | -6/+8 | |
| | | | | | | | | * add forgotten ldap_dns_service option * sync IPA and LDAP options (ldap_pwd_policy and ldap_tls_cacertdir) * ldap_uri is no longer mandatory for LDAP provider - the default is to use service discovery with no address set now. Ditto for krb5_kdcip and ipa_server | |||||
* | Update pl translation | Piotr Drąg | 2010-05-20 | 1 | -7/+3 | |
| | ||||||
* | Update version to 1.1.92sssd-1_1_92 | Stephen Gallagher | 2010-05-18 | 14 | -321/+409 | |
| | | | | Update translation strings. | |||||
* | Set ldap_search_timeout default to 5 seconds | Stephen Gallagher | 2010-05-18 | 5 | -2/+47 | |
| | | | | | | | | | The manpages had five seconds listed, but the source disagreed (it was set to 60 seconds). This resulted in long wait times when unlocking the screen after network disconnection, for example. If enumerate=True, we will set this value to a minimum of 30s | |||||
* | Remove unused ldap_offline_timeout option | Stephen Gallagher | 2010-05-18 | 8 | -7/+5 | |
| | ||||||
* | Add offline callback to disconnect global SDAP handle | Sumit Bose | 2010-05-18 | 4 | -1/+24 | |
| | ||||||
* | Add krb5 SIGTERM handler to ipa auth provider | Sumit Bose | 2010-05-18 | 1 | -0/+6 | |
| | ||||||
* | Refactor krb5 SIGTERM handler installation | Sumit Bose | 2010-05-18 | 3 | -14/+39 | |
| | ||||||
* | Krb5 locator plugin returns KRB5_PLUGIN_NO_HANDLE | Sumit Bose | 2010-05-18 | 1 | -6/+6 | |
| | | | | | | To allow a fallback to the setting in krb5.conf the locator plugin returns KRB5_PLUGIN_NO_HANDLE in nearly all error conditions. Only if the call back fails the error code of the callback is returned. | |||||
* | Add callback to remove krb5 info files when going offline | Sumit Bose | 2010-05-18 | 6 | -41/+162 | |
| | ||||||
* | Add run_callbacks flag | Sumit Bose | 2010-05-18 | 2 | -2/+25 | |
| | ||||||
* | Refactor krb5_finalize() | Sumit Bose | 2010-05-18 | 1 | -12/+27 | |
| | ||||||
* | Add offline callbacks | Sumit Bose | 2010-05-18 | 3 | -1/+32 | |
| | ||||||
* | Refactor data provider callbacks | Sumit Bose | 2010-05-18 | 4 | -142/+188 | |
| | ||||||
* | Revert "Create kdcinfo and kpasswdinfo file at startup" | Sumit Bose | 2010-05-18 | 3 | -50/+1 | |
| | | | | This reverts commit 4f5664a2ec401f43c090e6170ed9c78390c35272. | |||||
* | Add ldap_access_filter option | Stephen Gallagher | 2010-05-16 | 1 | -1/+1 | |
| | | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com | |||||
* | Add ldap_krb5_ticket_lifetime option | Sumit Bose | 2010-05-16 | 13 | -12/+58 | |
| | ||||||
* | Allow Debian/Ubuntu build to pass --install-layout=deb to setup.py | Petter Reinholdtsen | 2010-05-16 | 2 | -4/+13 | |
| | ||||||
* | Don't report a fatal error for an HBAC denial | Stephen Gallagher | 2010-05-16 | 1 | -1/+1 | |
| | ||||||
* | Add ldap_access_filter option | Stephen Gallagher | 2010-05-16 | 15 | -4/+748 | |
| | | | | | | | | | | This option (applicable to access_provider=ldap) allows the admin to set an additional LDAP search filter that must match in order for a user to be granted access to the system. Common examples for this would be limiting access to users by in a particular group, for example: ldap_access_filter = memberOf=cn=access_group,ou=Groups,dc=example,dc=com | |||||
* | Update uk translation | Yuri Chornoivan | 2010-05-10 | 1 | -28/+32 | |
| | ||||||
* | Update pl translation | Piotr Drąg | 2010-05-10 | 1 | -32/+32 | |
| |