Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | SYSDB: Make sysdb_attrs_get_el_int() public | Stephen Gallagher | 2012-08-21 | 2 | -7/+9 |
| | | | | Also rename it to sysdb_attrs_get_el_ext() | ||||
* | Process all groups from a single nesting level | Jakub Hrozek | 2012-08-21 | 1 | -5/+18 |
| | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done. | ||||
* | Converge accept_fd_handler and accept_priv_fd_handler | Stephen Gallagher | 2012-06-22 | 1 | -96/+47 |
| | | | | | | | | These two functions were almost identical. Better to maintain them as a single function. Conflicts: src/responder/common/responder_common.c | ||||
* | RESPONDERS: Make the fd_limit setting configurable | Stephen Gallagher | 2012-06-22 | 8 | -4/+64 |
| | | | | | | | | | | | | | | | This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197 Conflicts: src/config/SSSDConfig.py src/config/SSSDConfigTest.py src/config/etc/sssd.api.conf | ||||
* | RESPONDERS: Allow increasing the file-descriptor limit | Stephen Gallagher | 2012-06-22 | 4 | -0/+49 |
| | | | | | | | This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197 | ||||
* | HBAC: create empty groups with one NULL element | Jakub Hrozek | 2012-06-22 | 1 | -16/+15 |
| | | | | https://fedorahosted.org/sssd/ticket/1130 | ||||
* | Also expire connections on the privileged pipe | Stephen Gallagher | 2012-06-22 | 1 | -0/+9 |
| | |||||
* | IPA: Check nsAccountLock during PAM_ACCT_MGMT | Stephen Gallagher | 2012-06-22 | 4 | -1/+69 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1227 Conflicts: src/providers/ipa/ipa_access.h src/providers/ipa/ipa_init.c | ||||
* | LDAP: Make sdap_access_send/recv public | Stephen Gallagher | 2012-06-22 | 2 | -12/+17 |
| | | | | We want to consume this in the IPA provider. | ||||
* | Make the client idle timeout configurable | Stephen Gallagher | 2012-06-18 | 7 | -5/+43 |
| | |||||
* | Add support for terminating idle connections | Shantanu Goel | 2012-06-18 | 2 | -4/+73 |
| | |||||
* | Do not send SIGPIPE on disconnection | Shantanu Goel | 2012-06-18 | 1 | -6/+21 |
| | | | | | | | | Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it. | ||||
* | Log message if close() fails in destructor. | Shantanu Goel | 2012-06-18 | 1 | -1/+12 |
| | |||||
* | Set return errno to the value prior to calling close(). | Shantanu Goel | 2012-06-18 | 1 | -2/+2 |
| | |||||
* | DP: Reorganize memory hierarchy of requests | Stephen Gallagher | 2012-06-10 | 1 | -15/+100 |
| | | | | | | | | | | | | | This function alters the memory hierarchy of the be_req to ensure memory safety during shutdown. It creates a spy on the be_cli object so that it will free the be_req if the client is freed. It is generally allocated atop the private data context for the appropriate back-end against which it is being filed. https://fedorahosted.org/sssd/ticket/1226 | ||||
* | Try all KDCs when getting TGT for LDAP | Jakub Hrozek | 2012-06-04 | 1 | -15/+16 |
| | | | | | | | | When the ldap child process is killed after a timeout, try the next KDC. When none of the ldap child processes succeed, just abort the connection because we wouldn't be able to authenticate to the LDAP server anyway. https://fedorahosted.org/sssd/ticket/1324 | ||||
* | Detect cycle in the fail over on subsequent resolve requests only | Jakub Hrozek | 2012-06-04 | 5 | -23/+28 |
| | |||||
* | Only do one cycle when resolving a server | Jakub Hrozek | 2012-06-04 | 7 | -29/+93 |
| | | | | https://fedorahosted.org/sssd/ticket/1214 | ||||
* | fo_get_server_name() getter for a server name | Jakub Hrozek | 2012-06-04 | 6 | -4/+32 |
| | | | | | Allows to be more concise in tests and more defensive in resolve callbacks | ||||
* | Rename fo_get_server_name to fo_get_server_str_name | Jakub Hrozek | 2012-06-04 | 7 | -11/+11 |
| | |||||
* | IPA: Detect nsupdate support for the realm directive | Stephen Gallagher | 2012-01-17 | 3 | -11/+46 |
| | | | | | For older platforms, do not add the 'realm' line in the update message | ||||
* | LDAP: Copy URI instead of pointing at failover service record | Stephen Gallagher | 2012-01-14 | 1 | -2/+8 |
| | | | | | | | | In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139 | ||||
* | Log fixes for sdap_call_conn_cb | Stephen Gallagher | 2012-01-14 | 2 | -2/+4 |
| | |||||
* | Fix potential resource leak in backup_file.c | Stephen Gallagher | 2011-12-09 | 1 | -1/+1 |
| | |||||
* | Translation update | Stephen Gallagher | 2011-12-09 | 45 | -44/+18096 |
| | |||||
* | Fixed incorrect return code in PAM client | Jan Zeleny | 2011-12-09 | 1 | -1/+1 |
| | | | | | | | The original return code when SSSD was not running was system_err, now it is authinfo_unavail. https://fedorahosted.org/sssd/ticket/1011 | ||||
* | Use neutral name for functions used by both pam and nss | Simo Sorce | 2011-12-09 | 3 | -49/+64 |
| | |||||
* | Ignore NULL-terminator when checking UTF8-validity for netgroups | Stephen Gallagher | 2011-12-08 | 1 | -1/+1 |
| | | | | Glib fails if the NULL-terminator is included when a length is specified. | ||||
* | DEBUG: fix bad backport containing new DEBUG representation | Stephen Gallagher | 2011-12-08 | 1 | -1/+1 |
| | |||||
* | LDAP provider: Error while setting the nocanon option should not be fatal | Jakub Hrozek | 2011-12-08 | 1 | -3/+9 |
| | | | | https://fedorahosted.org/sssd/ticket/1100 | ||||
* | Ignore NULL-terminator when checking UTF8-validity | Stephen Gallagher | 2011-12-05 | 2 | -4/+4 |
| | | | | | Glib fails if the NULL-terminator is included when a length is specified. | ||||
* | Fixed an error in macro for merging double linked lists | Jan Zeleny | 2011-12-05 | 1 | -1/+1 |
| | |||||
* | Allow using Glib for UTF8 support | Stephen Gallagher | 2011-12-05 | 6 | -42/+205 |
| | |||||
* | LDAP: Try next failover server on any error | Stephen Gallagher | 2011-11-29 | 1 | -9/+5 |
| | |||||
* | Fix FTBFS related to -Werror=format-security | Krzysztof Klimonda | 2011-11-21 | 2 | -2/+2 |
| | |||||
* | RESPONDER: Ensure that all input strings are valid UTF-8 | Stephen Gallagher | 2011-11-18 | 6 | -0/+48 |
| | |||||
* | Updating translation files for releasesssd-1_5_15 | Stephen Gallagher | 2011-11-02 | 50 | -71/+85 |
| | |||||
* | SYSDB: Update sysdb version to latest | Stephen Gallagher | 2011-10-31 | 2 | -1/+350 |
| | | | | | Includes several index updates necessary for major performance improvements. | ||||
* | Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents | Jakub Hrozek | 2011-10-31 | 1 | -2/+1 |
| | |||||
* | RFC2307bis initgroups: fix nested groups processing | Jakub Hrozek | 2011-10-31 | 1 | -20/+33 |
| | | | | | Due to incorrectly written loop, SSSD would go into infitite loop if it processed the same group on two different levels of membership. | ||||
* | RESPONDER: Fix segfault in sss_packet_send() | Stephen Gallagher | 2011-10-25 | 1 | -0/+5 |
| | | | | | | | | | There are several places (all error-handling) where sss_cmd_done() is called with no response packet created. As a short-term solution, we need to check whether the packet is NULL and simply return EINVAL. client_send() (the consumer) will then forcibly disconnect the client (which will return PAM_SYSTEM_ERR to the client). | ||||
* | Plug memory leaks in LDAP provider | Jakub Hrozek | 2011-10-25 | 1 | -0/+3 |
| | |||||
* | Updating translation filessssd-1_5_14 | Stephen Gallagher | 2011-10-18 | 64 | -14920/+47475 |
| | |||||
* | Use fewer transactions during IPA initgroups | Jakub Hrozek | 2011-10-17 | 1 | -171/+286 |
| | |||||
* | Use fewer transactions during RFC2307bis initgroups | Jakub Hrozek | 2011-10-17 | 1 | -368/+397 |
| | |||||
* | Utility functions for LDAP nested schema initgroups | Jakub Hrozek | 2011-10-17 | 1 | -0/+119 |
| | |||||
* | MONITOR: fix timeout conversion | Stephen Gallagher | 2011-10-17 | 1 | -1/+1 |
| | |||||
* | Sanitize DN in sysdb_get_direct_parents | Jakub Hrozek | 2011-10-17 | 1 | -1/+7 |
| | |||||
* | Add a missing break | Jakub Hrozek | 2011-10-17 | 1 | -0/+1 |
| | |||||
* | Update sssd-example.conf | Marko Myllynen | 2011-10-14 | 1 | -3/+6 |
| | | | | | | Mention cache_credentials and tweak the AD example to match the wiki page. https://fedorahosted.org/sssd/wiki/Configuring%20sssd%20to%20authenticate%20with%20a%20Windows%202008%20Domain%20Server |