summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Update translation files for string freezeStephen Gallagher2011-01-243-850/+1313
| | | | Earlier patch for strings was incomplete
* Updating translation files for string freezeStephen Gallagher2011-01-211-197/+212
|
* Updating uk manpage translationYuri Chornoivan2011-01-211-355/+496
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Delete attributes that are removed from LDAPStephen Gallagher2011-01-217-13/+297
| | | | | | | | Sometimes, a value in LDAP will cease to exist (the classic example being shadowExpire). We need to make sure we purge that value from SSSD's sysdb as well. https://fedorahosted.org/sssd/ticket/750
* Fix nested group handling during enumerationSumit Bose2011-01-211-0/+14
| | | | | Nested groups where not unrolled completely during the first enumeration run because not all where present in the cache.
* Fix uninitialized value errorSumit Bose2011-01-211-1/+1
|
* Rename dns_domain to discovery domain for fo_add_srv_server()Stephen Gallagher2011-01-212-8/+12
|
* Allow fallback to SSSD domainStephen Gallagher2011-01-213-7/+50
| | | | | | | | | | | | | | | | | | | | | For backwards-compatibility with older versions of the SSSD (such as 1.2.x), we need to be able to have our DNS SRV record lookup be capable of falling back to using the SSSD domain name as the DNS discovery domain. This patch modifies our DNS lookups so that they behave as follows: If dns_discovery_domain is specified, it is considered authoritative. No other discovery domains will be attempted. If dns_discovery_domain is not specified, we first attempt to look up the SRV records using the domain portion of the machine's hostname. If this returns "NOTFOUND", we will try performing an SRV record query using the SSSD domain name as the DNS discovery domain. https://fedorahosted.org/sssd/ticket/754
* Add missing include file to sdap_async_accounts.cStephen Gallagher2011-01-211-0/+1
|
* Perform initgroups lookup for PAMStephen Gallagher2011-01-211-1/+3
| | | | | Previously we were only looking up the user, but we need to make sure that all groups are available for use by access providers.
* Add the user's primary group to the initgroups lookupStephen Gallagher2011-01-213-14/+56
| | | | | The user may not be a direct member of their primary group, but we still want to make sure that group is cached on the system.
* NSS obfuscation code cleanupJakub Hrozek2011-01-201-38/+97
| | | | https://fedorahosted.org/sssd/ticket/752
* Add ldap_tls_{cert,key,cipher_suite} config optionsTyson Whitehead2011-01-209-1/+87
| | | | Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* Fix return value checkSumit Bose2011-01-191-2/+2
|
* Fix incorrect example fileStephen Gallagher2011-01-191-8/+7
| | | | | | | The example sssd.conf still had entry_cache_timeout listed in the [nss] section, and did not have correct values for entry_cache_nowait_percentage (it was listed as entry_cache_nowait_timeout and gave a value in seconds)
* Don't double-sanitize member DNsStephen Gallagher2011-01-191-12/+4
| | | | | | | | | After asking the cache for the list of member DNs for groups during an initgroups request, we were passing it through the sanitization function. Since this had already been done before they were saved to the cache, this meant that it was corrupting the results. It is safe to pass the returned DN directly into the sysdb_group_dn_name() function.
* Use DEFAULT_PAM_VERBOSITY if config value cannot be retrievedSumit Bose2011-01-191-1/+1
|
* Add pam_pwd_expiration_warning config optionSumit Bose2011-01-195-12/+68
|
* Add ipa_hbac_search_base config optionSumit Bose2011-01-197-54/+58
|
* Add LDAP expire policy base RHDS/IPA attributeSumit Bose2011-01-199-4/+76
| | | | | The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
* Add LDAP expire policy based on AD attributesSumit Bose2011-01-199-4/+141
| | | | | | The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
* Remove support for pre-1.1 netlinkStephen Gallagher2011-01-173-61/+27
| | | | | | | Netlink 1.0 and older is buggy and unreliable, occasionally causing tight-loops. We're no longer going to try to support it. https://fedorahosted.org/sssd/ticket/755
* Clarify nscd warningStephen Gallagher2011-01-171-4/+5
| | | | | | Removes the level-zero DEBUG message and modifies the syslog message to explain that NSCD is safe for maps that SSSD does not (yet) support.
* Do not force a default for debug_levelStephen Gallagher2011-01-172-4/+1
|
* Fix usability of sss_obfuscate commandStephen Gallagher2011-01-172-14/+23
|
* Update manpage translations for ldap_enumeration_search_timeoutStephen Gallagher2011-01-173-333/+391
|
* Add ldap_search_enumeration_timeout config optionSumit Bose2011-01-179-15/+38
|
* Add timeout parameter to sdap_get_generic_send()Sumit Bose2011-01-1710-55/+111
|
* Regenerate manpage po[t] filesStephen Gallagher2011-01-143-2955/+5262
| | | | Fixed several typos
* Fix manpage typosYuri Chornoivan2011-01-144-9/+9
|
* Add uk translation for manpagesYuri Chornoivan2011-01-142-1/+4386
|
* Fix missing hash table bugStephen Gallagher2011-01-141-0/+1
| | | | | | | When the automatic cleanup happened, if the netgroup had been created with no contents (to indicate an unknown netgroup), we weren't saving the hash table address and the talloc_free() was failing.
* Do not throw a DP error when a netgroup is not foundStephen Gallagher2011-01-142-6/+5
| | | | https://fedorahosted.org/sssd/ticket/775
* Add missing sysdb transaction to group enumerationsStephen Gallagher2011-01-141-12/+45
| | | | | | | | | | | | We were not enclosing group processing in a transaction, which was resulting in extremely high numbers of disk-writes. This patch adds a transaction around the sdap_process_group code to ensure that these actions take place within a transaction. This patch also adds a check around the missing member code for RFC2307bis so we don't go back to the LDAP server to look up entries that don't exist (since the enumeration first pass would already have guaranteed that we have all real users cached)
* Work around libldb bugStephen Gallagher2011-01-141-2/+10
| | | | | Libldb performs non-indexed searches for ONELEVEL requests. We'll use SUBTREE instead to reduce the performance hit substantially
* Add overflow check to SAFEALIGN_COPY_*_CHECK macrosSumit Bose2011-01-111-3/+6
|
* Validate user supplied size of data itemsSumit Bose2011-01-113-76/+94
| | | | | | Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
* Add syslog messages to authorized service access checkSumit Bose2011-01-061-1/+31
|
* Add syslog message to shadow access checkSumit Bose2011-01-061-6/+14
|
* Convert obfuscated password once at startupSumit Bose2011-01-062-14/+41
|
* Remove unused enumeration cache timeout checksSumit Bose2011-01-063-33/+2
| | | | | The existence of the getent_ctx is used to track the enumeration cache timeout.
* Post enumeration tevent request if neededSumit Bose2011-01-062-8/+43
|
* Return groups and users from all domains during enumerationSumit Bose2011-01-061-3/+5
|
* Rename SRV_NOT_RESOLVED to SRV_RESOLVE_ERRORSumit Bose2011-01-051-5/+5
|
* Use the right status when resetting service discoverySumit Bose2011-01-051-1/+1
|
* Fix boolean comparison against stringStephen Gallagher2011-01-051-2/+2
| | | | Coverity 10082 and 100083
* Build and install translated man pages by defaultSumit Bose2010-12-231-23/+31
|
* Update the ID cache for any PAM requestStephen Gallagher2010-12-228-8/+48
| | | | | | | | Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
* Ensure ID is checked in all domains for PAMStephen Gallagher2010-12-221-0/+2
| | | | | | | Previously, this was initialized to zero, so the first domain in the list wouldn't be checked for ID updates in pam_check_user_search. This initializes the first domain to check the provider.
* Add Czech translationJakub Hrozek2010-12-223-0/+8428
| | | | | Translated a couple of strings from manpages into Czech. Makes the manpage translation patch testable.
generated by cgit (git 2.34.1) at 2024-04-20 02:38:08 +0000