Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Log message if close() fails in destructor. | Shantanu Goel | 2012-06-18 | 1 | -1/+12 |
| | |||||
* | Set return errno to the value prior to calling close(). | Shantanu Goel | 2012-06-18 | 1 | -2/+2 |
| | |||||
* | Send the correct enumeration request | Jakub Hrozek | 2012-06-18 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1329 | ||||
* | Provide "service filter" for SELinux context | Jan Zeleny | 2012-06-14 | 1 | -0/+28 |
| | | | | | | | At this moment we will support only asterisk, designating "all services". https://fedorahosted.org/sssd/ticket/1360 | ||||
* | Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION | Jakub Hrozek | 2012-06-13 | 3 | -9/+12 |
| | | | | https://fedorahosted.org/sssd/ticket/1271 | ||||
* | SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are ↵ | Jan Cholasta | 2012-05-31 | 1 | -36/+49 |
| | | | | | | missing https://fedorahosted.org/sssd/ticket/1356 | ||||
* | SSH: Supress error message output in sss_ssh_knownhostsproxy | Jan Cholasta | 2012-05-31 | 2 | -15/+8 |
| | |||||
* | SSH: Update sss_ssh_knownhostsproxy manual page | Jan Cholasta | 2012-05-31 | 1 | -1/+1 |
| | | | | | Don't use GlobalKnownHostsFile2 in ssh_config, as it has been deprecated in OpenSSH 5.9. | ||||
* | Updating translations for 1.8.4 releasesssd-1_8_4 | Stephen Gallagher | 2012-05-30 | 10 | -56/+718 |
| | |||||
* | Revert the client packet length, too, after reverting the packet protocol | Jakub Hrozek | 2012-05-29 | 1 | -1/+1 |
| | |||||
* | NSS: Restore original protocol for getservbyport | Stephen Gallagher | 2012-05-25 | 2 | -3/+4 |
| | | | | When fixing an endianness bug, we changed the protocol unnecessarily. | ||||
* | Send 16bit protocol numbers from the sss_client | Jakub Hrozek | 2012-05-25 | 2 | -7/+8 |
| | | | | https://fedorahosted.org/sssd/ticket/1348 | ||||
* | Use sized_string correctly in FQDN domains | Jakub Hrozek | 2012-05-23 | 1 | -2/+2 |
| | |||||
* | Fixed issue in SELinux user maps | Jan Zeleny | 2012-05-22 | 1 | -0/+2 |
| | | | | | | There was an issue when IPA provider didn't set PAM_SUCCESS when successfully finished loading SELinux user maps. This lead to the map not being read in the responder. | ||||
* | LDAP nested groups: Do not process callback with _post deep in the nested ↵ | Jakub Hrozek | 2012-05-22 | 1 | -12/+10 |
| | | | | | | structure https://fedorahosted.org/sssd/ticket/1343 | ||||
* | Remove erroneous failure message in find_principal_in_keytab | Stef Walter | 2012-05-22 | 2 | -2/+4 |
| | | | | | * When it's actually a failure, then the callers will print a message. Fine tune this. | ||||
* | If canon'ing principals, write ccache with updated default principal | Stef Walter | 2012-05-22 | 2 | -3/+8 |
| | | | | | | | | | | | * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518 | ||||
* | KRB5: Avoid NULL-dereference with empty keytab | Stephen Gallagher | 2012-05-22 | 1 | -7/+13 |
| | | | | https://fedorahosted.org/sssd/ticket/1330 | ||||
* | Limit krb5_get_init_creds_keytab() to etypes in keytab | Stef Walter | 2012-05-22 | 4 | -0/+181 |
| | | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375 | ||||
* | Warn to syslog when dereference requests fail | Ariel Barria | 2012-05-22 | 1 | -2/+2 |
| | |||||
* | NSS: Expire in-memory netgroup cache before the nowait timeout | Stephen Gallagher | 2012-05-16 | 1 | -1/+9 |
| | | | | | | | | The fact that we were keeping it in memory for the full duration of the cache timeout meant that we would never reap the benefits of the midpoint cache refresh. https://fedorahosted.org/sssd/ticket/1340 | ||||
* | Use the sysdb attribute name, not LDAP attribute name | Jakub Hrozek | 2012-05-16 | 2 | -2/+2 |
| | |||||
* | Potential NULL dereference in proxy provider | Ariel Barria | 2012-05-14 | 1 | -1/+1 |
| | |||||
* | murmurhash: Relax inline requirement | Stephen Gallagher | 2012-05-11 | 1 | -2/+2 |
| | |||||
* | SYSDB: Handle user and group renames better | Jakub Hrozek | 2012-05-11 | 2 | -7/+182 |
| | | | | | | | | | | | | Fixes a regression in the local domain tools where sss_groupadd no longer detected a GID duplicate. The check for EEXIST is moved one level up into more high level function. The patch also adds the same rename support for users. I found it odd that we allowed a rename of groups but not users. There is a catch when storing a user -- his cached password would be gone. I think that renaming a user is such a rare operation that it's not severe, plus there is a warning in the logs. | ||||
* | Send the correct enumeration request | Jakub Hrozek | 2012-05-10 | 1 | -1/+1 |
| | | | | https://fedorahosted.org/sssd/ticket/1329 | ||||
* | Try all KDCs when getting TGT for LDAP | Jakub Hrozek | 2012-05-09 | 1 | -15/+18 |
| | | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324 | ||||
* | krb5 locator: Do not leak addrinfo | Jakub Hrozek | 2012-05-07 | 1 | -0/+2 |
| | |||||
* | Kerberos locator: Include the correct krb5.h header file | Jakub Hrozek | 2012-05-07 | 2 | -2/+14 |
| | | | | https://fedorahosted.org/sssd/ticket/1325 | ||||
* | Special-case LDAP_SIZELIMIT_EXCEEDED | Jakub Hrozek | 2012-05-07 | 1 | -4/+9 |
| | | | | | | | | | | | | Previous version of the SSSD did not abort the async LDAP search operation on errors. In cases where the request ended in progress, such as when the paging was very strictly limited, the old versions at least returned partial data. This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a user-visible regression. https://fedorahosted.org/sssd/ticket/1322 | ||||
* | Update translations for 1.8.3 releasesssd-1_8_3 | Stephen Gallagher | 2012-05-03 | 9 | -4340/+5357 |
| | |||||
* | Read sysdb attribute name, not LDAP attribute map name | Jakub Hrozek | 2012-05-03 | 1 | -2/+2 |
| | | | | https://fedorahosted.org/sssd/ticket/1320 | ||||
* | Lowercase group members in case-insensitive domains | Jakub Hrozek | 2012-04-24 | 1 | -1/+7 |
| | | | | https://fedorahosted.org/sssd/ticket/1312 | ||||
* | confdb_get_bool needs a TALLOC_CTX in sssd-1.8 | Jakub Hrozek | 2012-04-24 | 1 | -1/+1 |
| | |||||
* | Fix typo in translation file | Stephen Gallagher | 2012-04-20 | 1 | -2/+2 |
| | |||||
* | Fix typo: retreiving->retrieving | Yuri Chornoivan | 2012-04-20 | 1 | -1/+1 |
| | |||||
* | Get the RootDSE after binding if not successfull before | Jakub Hrozek | 2012-04-20 | 1 | -26/+104 |
| | | | | https://fedorahosted.org/sssd/ticket/1258 | ||||
* | Update translation files | Stephen Gallagher | 2012-04-20 | 1 | -466/+578 |
| | |||||
* | Two manual pages fixes | Marco Pizzoli | 2012-04-20 | 2 | -1/+3 |
| | |||||
* | Document sss_tools better | Jakub Hrozek | 2012-04-20 | 9 | -0/+35 |
| | | | | https://fedorahosted.org/sssd/ticket/917 | ||||
* | sdap_check_aliases must not error when detects the same user | Jakub Hrozek | 2012-04-20 | 1 | -13/+31 |
| | | | | https://fedorahosted.org/sssd/ticket/1307 | ||||
* | proxy: new option proxy_fast_alias | Jakub Hrozek | 2012-04-20 | 7 | -43/+143 |
| | |||||
* | proxy: Canonicalize user and group names | Jakub Hrozek | 2012-04-20 | 1 | -312/+354 |
| | | | | https://fedorahosted.org/sssd/ticket/1249 | ||||
* | MAN: document the hostid and autofs providers | Jakub Hrozek | 2012-04-18 | 1 | -0/+60 |
| | |||||
* | MAN: timeout can be specified for services, too | Jakub Hrozek | 2012-04-18 | 1 | -14/+13 |
| | |||||
* | autofs: Raise the maximum key length to PATH_MAX | Jakub Hrozek | 2012-04-18 | 1 | -2/+4 |
| | | | | https://fedorahosted.org/sssd/ticket/1300 | ||||
* | sudo api: check sss_status instead of errnop in sss_sudo_send_recv_generic() | Pavel Březina | 2012-04-18 | 1 | -2/+4 |
| | |||||
* | Remove the "command" option from documentation | Jakub Hrozek | 2012-04-18 | 1 | -16/+0 |
| | | | | | | It is a low-level developer option not indended to be consumed by users https://fedorahosted.org/sssd/ticket/1174 | ||||
* | Fix erronous reference to the 'allow' access_provider | Stef Walter | 2012-04-18 | 1 | -1/+1 |
| | | | | | | | | * Should be 'permit' instead https://fedorahosted.org/sssd/ticket/1295 Signed-off-by: Stephen Gallagher <sgallagh@redhat.com> | ||||
* | pam_sss: improve error handling in SELinux code | Jakub Hrozek | 2012-04-18 | 1 | -3/+5 |
| |