summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* krb5 locator: Do not leak addrinfoJakub Hrozek2012-05-071-0/+2
|
* Special-case LDAP_SIZELIMIT_EXCEEDEDJakub Hrozek2012-05-071-4/+9
| | | | | | | | | | | | Previous version of the SSSD did not abort the async LDAP search operation on errors. In cases where the request ended in progress, such as when the paging was very strictly limited, the old versions at least returned partial data. This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a user-visible regression. https://fedorahosted.org/sssd/ticket/1322
* Kerberos locator: Include the correct krb5.h header fileJakub Hrozek2012-05-072-2/+14
| | | | https://fedorahosted.org/sssd/ticket/1325
* Fix typo in debug messagePavel Březina2012-05-071-1/+1
|
* Limit krb5_get_init_creds_keytab() to etypes in keytabStef Walter2012-05-074-0/+181
| | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
* Remove erroneous failure message in find_principal_in_keytabStef Walter2012-05-072-2/+4
| | | | | * When it's actually a failure, then the callers will print a message. Fine tune this.
* If canon'ing principals, write ccache with updated default principalStef Walter2012-05-042-3/+8
| | | | | | | | | | | * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518
* SSSDConfigAPI: Fix missing option in testsStephen Gallagher2012-05-041-0/+2
|
* Modify behavior of pam_pwd_expiration_warningJan Zeleny2012-05-049-52/+119
| | | | | | | | | | | | | | | | | | New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
* Fix endian issue in SID conversionSumit Bose2012-05-043-10/+18
| | | | | | Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID.
* LDAP: Add support for enumeration of ID-mapped users and groupsStephen Gallagher2012-05-031-31/+102
|
* MAN: Add manpage for ID mappingStephen Gallagher2012-05-033-0/+214
|
* LDAP: Treat groups with unmappable SIDs as non-POSIX groupsStephen Gallagher2012-05-031-9/+12
|
* LDAP: Add helper function to map IDsStephen Gallagher2012-05-035-119/+81
| | | | | This function will also auto-create a new ID map if the domain has not been seen previously.
* LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped ↵Stephen Gallagher2012-05-032-0/+16
| | | | entries
* LDAP: Add helper routine to convert LDAP blob to SID stringStephen Gallagher2012-05-035-68/+195
|
* LDAP: Map the user's primaryGroupIDStephen Gallagher2012-05-038-12/+73
|
* LDAP: Enable looking up id-mapped groups by GIDStephen Gallagher2012-05-031-2/+45
|
* LDAP: Allow looking up ID-mapped groups by nameStephen Gallagher2012-05-032-29/+125
|
* LDAP: Enable looking up id-mapped users by UIDStephen Gallagher2012-05-031-6/+43
|
* LDAP: Allow automatically-provisioning a domain and rangeStephen Gallagher2012-05-031-3/+43
| | | | | | | | If we get a user who is a member of a domain we haven't seen before, add a domain entry (auto-assigning its slice). Since we don't know the domain's real name, we'll just save the domain SID string as the name as well.
* LDAP: Add routine to extract domain SID from an object SIDStephen Gallagher2012-05-034-2/+52
| | | | Also makes the domain prefix macros from sss_idmap public.
* LDAP: Allow setting a default domain for id-mapping slice 0Stephen Gallagher2012-05-037-0/+48
|
* LDAP: Add autorid compatibility modeStephen Gallagher2012-05-037-8/+20
|
* LDAP: Enable looking up ID-mapped users by nameStephen Gallagher2012-05-033-9/+56
|
* LDAP: Initialize ID mapping when configuredStephen Gallagher2012-05-032-0/+10
|
* LDAP: Add ID mapping range settingsStephen Gallagher2012-05-036-0/+19
|
* LDAP: Add helper routines for ID-mappingStephen Gallagher2012-05-032-0/+334
|
* SYSDB: Add sysdb routines for ID-mappingStephen Gallagher2012-05-032-0/+346
|
* LDAP: Add id-mapping optionStephen Gallagher2012-05-036-0/+6
|
* LDAP: Add objectSID config optionStephen Gallagher2012-05-038-0/+47
|
* Read sysdb attribute name, not LDAP attribute map nameJakub Hrozek2012-05-031-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1320
* SSH: Add dp_get_host_send to common responder codeJakub Hrozek2012-05-038-52/+210
| | | | | | | | Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
* Rename split_service_name_filterJakub Hrozek2012-05-031-16/+16
| | | | | The function was used outside services code which was confusing due to its name. This patch renames it to sound more netrual.
* SYSDB: Handle upgrade script failures betterStephen Gallagher2012-05-031-4/+13
| | | | | | There was a bug in finish_upgrade() where it would return EOK if it succeeded in canceling the transaction due to an error. We should instead be returning the original error.
* AUTOFS: remove unused assignmentsJakub Hrozek2012-05-032-5/+9
| | | | | Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails.
* IPA: Check return valuesJakub Hrozek2012-05-032-2/+12
|
* PROXY: return correct return codesJakub Hrozek2012-05-031-7/+9
| | | | | We were reporting on the value of "status" instead of "ret'. We also didn't set ret to EOK in cases group contained no members.
* SSS_DEBUGLEVEL: silence analyzer warningsJakub Hrozek2012-05-031-2/+3
| | | | | | | Errno was returned instead of ret. The other hunk removes return code from fread - it is not needed, the NULL termination of the string is ensured by initializing the buffer.
* NSS: fix returning group from cacheJakub Hrozek2012-05-021-1/+1
|
* Handle endianness issues on older systemsStephen Gallagher2012-05-021-0/+17
| | | | | | | Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc.
* DP: return correct error message when subdomains back end target is not ↵Jakub Hrozek2012-05-021-1/+1
| | | | | | configured The done handler uses the value of status, not ret.
* HBAC: Prevent NULL dereference in hbac_evaluateJakub Hrozek2012-05-021-2/+4
| | | | 'info' is optional parameter and can be set to NULL
* ipa_get_config_send: remove unused assignmentJakub Hrozek2012-05-021-1/+0
|
* IPA netgroups: return EOK when there are no netgroups to processJakub Hrozek2012-05-021-0/+1
| | | | If the code fell through the loop, ret would have been random value.
* NSS: Check return code of sss_mmap_cache_gr_storeJakub Hrozek2012-05-021-0/+5
|
* PAM_SSS: report error code if write failsJakub Hrozek2012-05-021-2/+2
| | | | | clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message.
* PYHBAC: Return NULL on failureJakub Hrozek2012-05-021-0/+1
| | | | The error handler would simply fall through instead of returning NULL.
* RESPONDER: check return value from confdb_get_intJakub Hrozek2012-05-021-0/+7
| | | | sss_process_init forgot to check return value of confdb_get_int
* LDAP: check return value of sysdb_attrs_get_elJakub Hrozek2012-05-021-0/+7
|
generated by cgit (git 2.34.1) at 2024-04-28 04:07:48 +0000