summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Add log notifications for startup and shutdown.Stephen Gallagher2010-07-091-1/+4
|
* Add sss_log() functionStephen Gallagher2010-07-093-1/+83
| | | | | Right now, this log function writes to the syslog. In the future, it could be modified to work with ELAPI or another logging API.
* Release SSSD 1.2.91 (1.3.0rc1)sssd-1_2_91Stephen Gallagher2010-07-0914-2083/+2908
|
* Use netlink to detect going onlineJakub Hrozek2010-07-099-1/+535
| | | | | | | | Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456
* Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom2010-07-091-9/+6
|
* Add try_inotify optionStephen Gallagher2010-07-093-1/+47
| | | | | | | | There are some special cases where inotify cannot be used, even if the host OS claims that it is supported. In these cases, it should be possible to explicitly disable the use of inotify. https://fedorahosted.org/sssd/ticket/484
* Remove remainder of now unused global LDAP connection handle.eindenbom2010-07-094-188/+1
|
* Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom2010-07-093-45/+126
|
* Use new LDAP connection framework in IPA access backend.eindenbom2010-07-093-308/+308
|
* Use new LDAP connection framework in LDAP access backend.eindenbom2010-07-091-59/+73
|
* Use new LDAP connection framework for LDAP user and group enumeration.eindenbom2010-07-091-236/+131
|
* Use new LDAP connection framework to get user account groups from LDAP.eindenbom2010-07-091-108/+67
|
* Use new LDAP connection framework to get group account info from LDAP.eindenbom2010-07-092-37/+66
|
* Use new LDAP connection framework to get user account info from LDAP.eindenbom2010-07-092-38/+91
|
* Add an interface to try next fail-over server after connection to the active ↵eindenbom2010-07-095-45/+81
| | | | server was unexpectedly dropped.
* LDAP connection usage tracking, sharing and failover retry framework.eindenbom2010-07-097-0/+872
|
* Added an interface to query number of configured (and currently resolved ↵eindenbom2010-07-094-0/+40
| | | | through SRV records) failover servers.
* GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom2010-07-096-17/+64
| | | | sdap_handle for future reference.
* Add dns_discovery_domain optionJakub Hrozek2010-06-3013-30/+242
| | | | | | | | | | | | The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
* Split proxy.c into smaller filesStephen Gallagher2010-06-308-2519/+2603
| | | | | | | | | | | | proxy.c was growing too large to manage (and some graphical development tools could no longer open it because of memory limitations). This patch splits proxy.c into the following files: proxy_init.c: Setup routines for the plugin proxy_id.c: Functions to handle user and group lookups proxy_auth.c: Functions to handle PAM interactions proxy_common.c: Common utility routines
* Rename proxy_ctx to proxy_id_ctx for clarityStephen Gallagher2010-06-301-14/+15
|
* Make RootDSE optionalStephen Gallagher2010-06-282-3/+17
| | | | | | | | | | | In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
* Add explicit requests for several operational attrsAlexander Gordeev2010-06-281-1/+12
| | | | | | | | | | | | | | | | Operational attributes are not returned in searched requests unless explicitly requested according to RFC 4512 section 5.1. Therefore to get several standard attributes of root DSE we have to request for them. The requested attrs are: - altServer - namingContexts - supportedControl - supportedExtension - supportedFeatures - supportedLDAPVersion - supportedSASLMechanisms Signed-off-by: Alexander Gordeev <lasaine@lvk.cs.msu.su>
* Fix SASL authenticationSumit Bose2010-06-281-2/+2
|
* Resend SIGINT as SIGTERM in servicesJakub Hrozek2010-06-282-0/+4
| | | | Fixes: #462
* Protect against segfault in remove_ldap_connection_callbacksStephen Gallagher2010-06-181-1/+6
| | | | | | | | | If sdap_mark_offline() is called before a live connection is established, sdap_fd_events could be NULL, causing a segfault when remove_ldap_connection_callbacks() attempts to free the sdap_fd_events->conncb https://fedorahosted.org/sssd/ticket/545
* Fix return value from remove_connection_callback() destructorStephen Gallagher2010-06-181-9/+2
| | | | | ldap_get_option() can only fail if the option we're removing has already been removed. It is sufficient to log this and continue.
* Fix potential resource leak in remove_tree_with_ctx()Stephen Gallagher2010-06-171-1/+10
| | | | https://fedorahosted.org/sssd/ticket/515
* Honor filter_users in PAMStephen Gallagher2010-06-173-10/+47
|
* Move setup of filter_users and filter_groups to negcache.cStephen Gallagher2010-06-173-187/+220
| | | | | Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
* Refactor the negative cacheStephen Gallagher2010-06-176-59/+60
| | | | | Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
* Ensure that all domains are checked for users/groupsStephen Gallagher2010-06-171-3/+15
| | | | | | | There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups)
* Initialize len before looping to read the pidfileStephen Gallagher2010-06-171-1/+1
| | | | https://fedorahosted.org/sssd/ticket/544
* Standardize on correct spelling of "principal" for krb5Stephen Gallagher2010-06-165-11/+11
| | | | https://fedorahosted.org/sssd/ticket/542
* Remove references to the DP service from the SSSDConfig API testsStephen Gallagher2010-06-162-6/+0
|
* Handle (ignore) unknown options in get_domain() and get_service()Stephen Gallagher2010-06-163-10/+72
| | | | | We will now eliminate any unknown options and providers to guarantee that the domain is safe for use.
* Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher2010-06-141-12/+13
| | | | https://fedorahosted.org/sssd/ticket/539
* Print correct return codeJakub Hrozek2010-06-141-1/+1
| | | | Fixes: #535
* Check closedir call in find_uidJakub Hrozek2010-06-141-4/+9
| | | | Fixes: #503
* Potential memory leak in _nss_sss_*_r()Jakub Hrozek2010-06-142-0/+5
| | | | Fixes: #516
* Fix potential resource leak in copy_tree_ctx()Jakub Hrozek2010-06-141-2/+10
| | | | Ticket #515
* Remove the -g option from useraddJakub Hrozek2010-06-142-70/+2
| | | | | | The local domain has the magic private groups option set unconditionally. Therefore, it does not make any sense to let user configure the primary GID. As a side-effect, this fixes #522.
* Remove krb5_changepw_principal optionJakub Hrozek2010-06-1411-64/+26
| | | | Fixes: #531
* get_uid_from_pid should use fstat rather than lstatJakub Hrozek2010-06-141-11/+11
| | | | Fixes: #541
* Add ldap_force_upper_case_realm to example AD configStephen Gallagher2010-06-141-0/+1
| | | | https://fedorahosted.org/sssd/ticket/532
* Properly null-terminate socket pathStephen Gallagher2010-06-141-2/+4
| | | | https://fedorahosted.org/sssd/ticket/540
* Make sure to close varargs before returning from a functionStephen Gallagher2010-06-102-3/+2
| | | | https://fedorahosted.org/sssd/ticket/528
* Eliminate unused variable from pc_init_timeout()Stephen Gallagher2010-06-101-4/+0
| | | | https://fedorahosted.org/sssd/ticket/525
* Check return code of hash_delete in proxy_child_destructorStephen Gallagher2010-06-101-1/+7
| | | | | | | We can't do much about an error here, but we should be reporting it. https://fedorahosted.org/sssd/ticket/534
* Properly check that the timeout event was created for cleanup/enumStephen Gallagher2010-06-102-2/+46
| | | | | | | | | We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
generated by cgit (git 2.34.1) at 2024-05-18 07:00:01 +0000