summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* AUTOTOOLS: Add missing AC_MSG_RESULTLukas Slebodnik2013-09-094-5/+10
| | | | | AC_MSG_RESULT was not used everywhere after AC_MSG_CHECKING. Therefore two lines from configure output was mixed in some cases.
* AUTOTOOLS: Add -LLIBDIR to PYTHON_LIBSLukas Slebodnik2013-09-091-1/+2
| | | | | Detect directory with python libraries and add this directory to the list of directories to be searched for linker.
* mmap_cache: Do not remove record from chain twiceLukas Slebodnik2013-09-091-0/+6
| | | | | | | | | | | It is not very likely, that record will have the same hash1 and hash2, but it is possible. In this situation, it does not make sense to remove record twice. Function sss_mc_rm_rec_from_chain was not robust and sssd_nss could crash in this situation. It was only possible if record was alone in chain. Resolves: https://fedorahosted.org/sssd/ticket/2049
* krb5: Ingnore unknown expansion sequencesSimo Sorce2013-09-092-30/+45
| | | | | | | | | | | | | | | | Recently support was added to use also libkrb5 style expansions that uses a %{varname} type of template. There are a number of templates we do not care/can't expand in sssd. The current code misses tests and failed to properly preserve some of the templates we do not want to handle. Addiotionally in order to be future proof this patch treats unknown templates as pass-through templates and defer any error checking to libkrb5, so that sssd is consistent with how kinit would behave. Resolves: https://fedorahosted.org/sssd/ticket/2076
* dyndns: do not modify global family_orderSumit Bose2013-09-051-3/+3
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2063
* AD: Rename parametrized #defineJakub Hrozek2013-09-051-3/+3
|
* Fix reference to sssd-krb5 man pageNikolai Kondrashov2013-09-051-1/+1
| | | | | Replace incorrect reference to "sssd-krb5.conf" manpage with the correct "sssd-krb5" in sssd_krb5_locator_plugin man page source.
* ad srv: prefer servers that are in the same domain as clientPavel Březina2013-09-051-0/+89
| | | | https://fedorahosted.org/sssd/ticket/2001
* utils: add is_host_in_domain()Pavel Březina2013-09-053-0/+45
|
* fo srv: add priority to fo_server_infoPavel Březina2013-09-052-0/+2
| | | | | This will give SRV plugins all information needed for additional sorting.
* resolv_sort_srv_reply: remove unnecessary mem_ctxPavel Březina2013-09-054-11/+15
|
* Rename SAFEALIGN macrosMichal Zidek2013-09-051-30/+40
| | | | | The new SAFEALIGN macros name turned to be inappropriate because they do not reflect what the macros really do.
* krb5_utils tests: fix some typosPavel Březina2013-09-051-8/+8
|
* MAN: Document that sss_cache should be run after changing the cache timeoutJakub Hrozek2013-09-051-0/+13
|
* Fix warning missing argumentsLukas Slebodnik2013-09-051-1/+1
|
* KRB5: Fix warning declaration shadows global declarationLukas Slebodnik2013-09-031-8/+8
| | | | | | src/providers/krb5/krb5_utils.c:193: warning: declaration of 'rewind' shadows a global declaration /usr/include/stdio.h:754: warning: shadowed declaration is here
* UTIL: Use standard maximum value of type size_tLukas Slebodnik2013-09-032-9/+8
| | | | | | | It is better to use standard constant for maximum value of type size_t, instead of reinventing wheel with own defined constant SIZE_T_MAX This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
* Include sys/types.h for types id_t and uid_tLukas Slebodnik2013-09-032-0/+2
|
* PROXY: Handle empty GECOSJakub Hrozek2013-09-031-1/+8
| | | | | If the user's GECOS as returned by the proxied module is an empty string (as opposed to NULL), the ldb transaction would error out.
* Fix czech specific character in my namePavel Březina2013-09-029-9/+9
|
* Updating translations for the 1.11.0 releaseJakub Hrozek2013-08-2815-4794/+5827
|
* IPA_HBAC: Explicitelly include header file time.hLukas Slebodnik2013-08-281-0/+1
| | | | | | | | struct hbac_eval_req is defined in header file and it has attribute request_time with type time_t, but header file "time.h" was not included. It was not problem, because time.h was indirectly included by stdlib.h (stdlib.h -> sys/types.h -> time.h) in implementation files, but other platforms can have other dependencies among header files.
* MEMBEROF: Remove temporary workaroundLukas Slebodnik2013-08-281-5/+0
|
* UTIL: Explicitly include header file sys/socket.hLukas Slebodnik2013-08-281-0/+1
| | | | | | | We use constant AF_INET6 in util.c, but we do not explicitly include header file sys/socket.h. This header file was indirectly incuded by another header file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can have other dependencies among header files.
* MONITOR: Move function declaration out of conditional buildLukas Slebodnik2013-08-281-5/+6
| | | | | | | Function monitor_config_file_fallback was defined inside of conditional block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block. This patch move declaration of function before start of conditional build section.
* CLIENT: Fix non gnu sss_strnlen implementationLukas Slebodnik2013-08-281-1/+1
| | | | | | last argument of function sss_strnlen "size_t *len" is output variable. We need to increment value of size_t being pointed to by pointer instead of incrementing pointer.
* UTIL: Create new wraper header file sss_endian.hLukas Slebodnik2013-08-286-32/+62
| | | | | | Some platform have header file endian.h and anothers have sys/endian.h. We nedd to use conditional build to handle it correctly, therefore new header file sss_endian.h was created.
* DP: Use the correct type for DBus booleanJakub Hrozek2013-08-281-2/+5
| | | | https://fedorahosted.org/sssd/ticket/2057
* IPA: Add forgotten declarationJakub Hrozek2013-08-281-0/+1
| | | | A conflict between two patches was not resolved correctly
* NSS: Descend into subdomains if enumerate=trueJakub Hrozek2013-08-281-12/+12
| | | | | | Since we now store the enumerate flag in sysdb for subdomains, we can always descend to all available subdomains and if they do not allow enumeration, simply skip them.
* IPA: enable enumeration if parent domain enumerates in server modeJakub Hrozek2013-08-281-12/+58
| | | | https://fedorahosted.org/sssd/ticket/1963
* Add a new option to control subdomain enumerationJakub Hrozek2013-08-288-1/+75
|
* Read enumerate state for subdomains from cacheJakub Hrozek2013-08-284-7/+23
| | | | | The enumerate flag will be read from the cache for subdomains and the domain object will be created accordingly.
* SYSDB: Store enumerate flag for subdomainJakub Hrozek2013-08-285-11/+38
|
* LDAP: Make sdap_id_setup_tasks reusable for subdomainsJakub Hrozek2013-08-285-9/+21
| | | | | Instead of always performing the setup for the main domain, the setup can now be performed for subdomains as well.
* LDAP: Make the cleanup task reusable for subdomainsJakub Hrozek2013-08-285-42/+73
| | | | | | Instead of always performing the cleanup on the main domain, the task now accepts a sdap_domain structure to perform the cleanup on. This change will make the cleanup task reusable for subdomains.
* LDAP: Make cleanup synchronousJakub Hrozek2013-08-283-150/+34
| | | | | | The LDAP cleanup request was asynchronous for no good reason, probably a leftover from the days of async sysdb. This patch makes it sychronous again, removing a lot of uneeded code.
* LDAP: Convert enumeration to the ptask APIJakub Hrozek2013-08-284-136/+132
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1942 Identity providers other than LDAP need to customize the enumeration in different ways while sharing the way the task is scheduled etc. The easiest way to accomplish it is to leverage the recently introduced ptask framework.
* LDAP: Move the ldap enum request to its own reusable moduleJakub Hrozek2013-08-286-642/+741
| | | | | | | | | | | The LDAP enumeration was too closely tied to the LDAP identity provider. Because some providers might need special handling such as refresh the master domain record before proceeding with the enumeration itself, this patch splits the request itself to a separate async request and lets the ldap_id_enum.c module only configure this new request. Also move the enum timestamp to sdap_domain to make the enum tracking per sdap domain. The cleanup timestamp will be moved in another patch.
* LDAP: Remove unused constantJakub Hrozek2013-08-281-2/+0
| | | | | The constant was not used since Euegene came up with his reconnection logic.
* LDAP: Add enum_{users,groups}_recv to follow the tevent_req styleJakub Hrozek2013-08-281-24/+19
| | | | | | | | The enum code was quite old and predated the tevent_req style. In particular, the enum code was checking tevent state direcly and not using _recv functions or the helper macros we added later. As a consequence, it was not easy to read. This patch adds the standard _recv functions to read the status of the enum requests.
* DB: remove unused realm parameter from sysdb_master_domain_add_infoJakub Hrozek2013-08-284-24/+4
| | | | The parameter was not used at all.
* DB: Update sss_domain_info with new updated dataJakub Hrozek2013-08-281-5/+5
|
* ipa-server-mode: add IPA group memberships to AD usersSumit Bose2013-08-284-8/+1005
| | | | | | | | | | | | | | | | When IPA trusts an AD domain the AD user or groups can be placed into IPA groups e.g. to put AD users under the control of HBAC. Since IPA group can only have members from the IPA directory tree and the AD users and groups are not stored there a special IPA object called external group was introduced. SIDs of users and groups can be added to the external group and since the external groups are in the IPA directory tree they can be member of IPA groups. To speed things up and to remove some load from the IPA servers SSSD reads all external groups and stores them in memory for some time before rereading the data. Enhances https://fedorahosted.org/sssd/ticket/1962
* mmap_cache: Use stricter check for hash keys.Lukas Slebodnik2013-08-281-4/+6
| | | | ht_size is size of hash_table in bytes, but hash keys have type uint32_t
* mmap_cache: Skip records which doesn't have same hashLukas Slebodnik2013-08-281-2/+34
| | | | | | | | | | | | | | | | | | | | | | | | | | | | The code uses 2 hashes for each record, but only one hash table to index them both, furthermore each record has only one single 'next' pointer. This means that in certain conditions a record main end up being on a hash chain even though its hashes do not match the hash chain. This can happen when another record 'drags' it in from another hash chain where they both belong. If the record without matching hashes happens to be the second of the chain and the first record is removed, then the non matching record is left on the wrong chain. On removal of the non-matching record the hash chain will not be updated and the hash chain will end up pointing to an invalid slot. This slot may be later reused for another record and may not be the first slot of this new record. In this case the hash chain will point to arbitrary data and may cause issues if the slot is interpreted as the head of a record. By skipping any block that has no matching hashes upon removing the first record in a chain we insure that dangling references cannot be left in the hash table Resolves: https://fedorahosted.org/sssd/ticket/2049
* sss_packet_grow: correctly pad packet length to 512BPavel Březina2013-08-281-1/+1
| | | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2059 If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number, we can end up with totlen < len and return EINVAL. It also does not pad the length, but usually allocates much more memory than is desired. len = 1024 n = 1024 % 512 + 1 = 0 + 1 = 1 totlen = 1 * 512 = 512 => totlen < len len = 511 n = 511 % 512 + 1 = 511 + 1 totlen = 512 * 512 = 262144 totlen is way bigger than it was supposed to be
* IPA: Enable AD sites when in server modeJakub Hrozek2013-08-283-2/+70
| | | | | | https://fedorahosted.org/sssd/ticket/1964 Currently the AD sites are enabled unconditionally
* krb5: Fetch ccname template from krb5.confStephen Gallagher2013-08-2810-16/+182
| | | | | | | | | | | | | In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036
* krb5_common: Refactor to use a talloc temp contextSimo Sorce2013-08-281-12/+28
| | | | | | | | In preparation for handling some more allocations in the following patches and fixes a curent memleak on the opts struct. Related: https://fedorahosted.org/sssd/ticket/2036
generated by cgit (git 2.34.1) at 2024-05-01 08:28:27 +0000