summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* PAM: Better pam_reply messageStephen Gallagher2012-06-101-1/+2
|
* sss_idmap: fix typo which prevents sub auth larger then 2^31Sumit Bose2012-06-082-3/+40
| | | | A test to cover this is added as well.
* sss_idmap: add support for samba struct dom_sidSumit Bose2012-06-084-2/+405
| | | | | | | | The samba ndr libraries use struct dom_sid to handle SIDs. Since there is no public samba library which offers conversion from other representations, e.g. as string, this is added to libsss_idmap. To avoid compile-time or run-time dependency to any samba library or header file the definition of the struct is copied here.
* Fix the 0.11 sysdb upgradeJakub Hrozek2012-06-051-26/+26
| | | | | The block that upgraded the version was at a wrong indentation level, so it never ran if there were no fake users to convert
* Fix the default sssd.conf pathJakub Hrozek2012-06-051-1/+1
|
* Fixed setting of debug level in test suiteJan Zeleny2012-06-042-4/+2
|
* SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are ↵Jan Cholasta2012-05-311-36/+49
| | | | | | missing https://fedorahosted.org/sssd/ticket/1356
* SSH: Supress error message output in sss_ssh_knownhostsproxyJan Cholasta2012-05-312-15/+8
|
* Utilize attribute exclusion in LDAP initgroupsJan Zeleny2012-05-311-3/+33
| | | | | | | | | | Previous patch added the possibility to exclude some attributes from a map when building an attribute list to be sent to server. The original reason for this functionality is the code handling LDAP initgroups. In this code, there is no need to fetch members of groups in question. This can save some performance since the list of members can be pretty long in some cases. This case apllies only to RFC2307 and generic RFC2307bis, it doesn't apply for IPA schema.
* Add support for filtering atributesJan Zeleny2012-05-3117-41/+70
| | | | | This patch adds support for filtering attributes when constructing attribute list from a map for LDAP query.
* SSH: Update sss_ssh_knownhostsproxy manual pageJan Cholasta2012-05-311-1/+1
| | | | | Don't use GlobalKnownHostsFile2 in ssh_config, as it has been deprecated in OpenSSH 5.9.
* added DEBUG messages to krb5_child and ldap_childNick Guay2012-05-312-3/+19
|
* SSSDConfig: Make default config and schema file locations configurableStephen Gallagher2012-05-312-7/+7
| | | | https://fedorahosted.org/sssd/ticket/1008
* SSSDConfig: Make SSSDConfig a packageStephen Gallagher2012-05-314-5/+1
| | | | | We were polluting the primary Python space with several dependencies. We will now install them their own directory/module.
* Ghost members - various small changesJan Zeleny2012-05-313-3/+3
|
* Ghost members - modified sss_groupshowJan Zeleny2012-05-311-4/+40
|
* Ghost members - removed sdap_check_aliases()Jan Zeleny2012-05-314-127/+0
| | | | | | | This function is no longer necessary because we don't have fake user entries any more. The original purpose of this function was to check if there are fake user entries for particular user and, if yes, to update its membership.
* Ghost members - NSS responder changesJan Zeleny2012-05-311-89/+147
| | | | | | | | | Since there are two attributes storing information about user memberships of the group we have to include both of them in results. This will apply only for objects that have ghost members (i.e. they contain the SYSDB_GHOST attribute). If an object has this attribute, values of this attribute are not projected to the memberuid attribute.
* Ghost members - sysdb upgrade routineJan Zeleny2012-05-313-1/+157
| | | | | | | | | | | | It is remotely possible to have sysdb in an inconsistent state that might need upgrade. Consider scenario when user asks for group information. Some fake users are added as a part of this operation. Before users can be fully resolved and stored properly, SSSD is shut down and upgrade is performed. In this case we need to go over all fake user records (uidNumber=0) and replace each of them with ghost record in all group objects that are stated in its memberof attribute.
* Ghost members - modifications in memberof pluginJan Zeleny2012-05-311-6/+41
|
* Ghost members - modifications in sysdbJan Zeleny2012-05-312-80/+153
| | | | | | | | | | | Deleted sysdb_add_fake_user(): This function is no longer used. Modified sysdb_add_user(): When user object is added to sysdb, it is important to iterate over all groups that might have its name or any of its aliases as ghost member and replace this ghost membership by a real one. This will eliminate duplicite memberships.
* Ghost members - support in proxy providerJan Zeleny2012-05-311-6/+8
|
* Ghost members - support in LDAP providerJan Zeleny2012-05-311-186/+286
| | | | | | | | | | | | | | | | | | | | The original approach was to store name and original DN in an object in sysdb. When later referenced as member of a group, it was retrieved by its original DN and the correct information about its sysdb DN was stored in the group object which referenced it. The new approach doesn't use fake user objects, therefore this information has to be reached differently when constructing group memberships. The approach is to store all users to a hash table where original DN is used as the key and username as value. When constructing group memberships, the name is retrieved from this hash table instead of sysdb. This hash table is constructed when retrieving user objects from LDAP server - if the user is not present in sysdb, it is automatically stored in the hash table. Another situation is for rfc2307. Because there is no nesting there, we can construct the SYSDB_GHOST attribute directly and therefore don't need a hash table of ghost users.
* Ghost members - add the ghost attribute to sysdbJan Zeleny2012-05-311-0/+2
|
* Revert the client packet length, too, after reverting the packet protocolJakub Hrozek2012-05-291-1/+1
|
* NSS: Restore original protocol for getservbyportStephen Gallagher2012-05-252-3/+4
| | | | When fixing an endianness bug, we changed the protocol unnecessarily.
* Send 16bit protocol numbers from the sss_clientJakub Hrozek2012-05-252-7/+8
| | | | https://fedorahosted.org/sssd/ticket/1348
* NSS: Fix segfault when mmap cache cannot be initializedStephen Gallagher2012-05-241-2/+2
|
* Fixed issue in SELinux user mapsJan Zeleny2012-05-221-0/+2
| | | | | | There was an issue when IPA provider didn't set PAM_SUCCESS when successfully finished loading SELinux user maps. This lead to the map not being read in the responder.
* LDAP nested groups: Do not process callback with _post deep in the nested ↵Jakub Hrozek2012-05-221-12/+10
| | | | | | structure https://fedorahosted.org/sssd/ticket/1343
* Update translation sourcesStephen Gallagher2012-05-2210-41/+41
|
* Warn to syslog when dereference requests failAriel Barria2012-05-221-2/+2
|
* KRB5: Avoid NULL-dereference with empty keytabStephen Gallagher2012-05-221-7/+13
| | | | https://fedorahosted.org/sssd/ticket/1330
* Simple implementation of Netscape password warning expiration controlJoshua Roys2012-05-222-22/+82
|
* Always use positional arguments in translatable stringsStephen Gallagher2012-05-229-25/+25
| | | | https://fedorahosted.org/sssd/ticket/1336
* NSS: Expire in-memory netgroup cache before the nowait timeoutStephen Gallagher2012-05-161-1/+9
| | | | | | | | The fact that we were keeping it in memory for the full duration of the cache timeout meant that we would never reap the benefits of the midpoint cache refresh. https://fedorahosted.org/sssd/ticket/1340
* Use the sysdb attribute name, not LDAP attribute nameJakub Hrozek2012-05-162-2/+2
|
* Use sized_string correctly in FQDN domainsJakub Hrozek2012-05-151-2/+2
|
* NSS: keep a pointer to body after body is reallocatedJakub Hrozek2012-05-151-0/+3
|
* Rename struct dom_sid to struct sss_dom_sidSumit Bose2012-05-144-31/+31
| | | | | To avoid conflicts with struct dom_sid used by samba the sss_ prefix is added to the struct used by libsss_idmap.
* Fixed two minor memory leaksJan Zeleny2012-05-142-2/+6
|
* Fix typos in message and man pages.Yuri Chornoivan2012-05-143-4/+4
|
* Potential NULL dereference in proxy providerAriel Barria2012-05-141-1/+1
|
* Updating translations for 1.9.0 beta 1 releaseStephen Gallagher2012-05-1110-7608/+14545
|
* SYSDB: Handle user and group renames betterJakub Hrozek2012-05-112-7/+182
| | | | | | | | | | | | Fixes a regression in the local domain tools where sss_groupadd no longer detected a GID duplicate. The check for EEXIST is moved one level up into more high level function. The patch also adds the same rename support for users. I found it odd that we allowed a rename of groups but not users. There is a catch when storing a user -- his cached password would be gone. I think that renaming a user is such a rare operation that it's not severe, plus there is a warning in the logs.
* Bad check for id_provider=local and access_provider=permitAriel Barria2012-05-112-2/+2
| | | | | | documentation-access_provider Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
* sysdb: return proper error code from sysdb_sudo_purge_allJakub Hrozek2012-05-101-1/+1
|
* Filter out IP addresses inappropriate for DNS forward recordsJakub Hrozek2012-05-101-1/+57
| | | | https://fedorahosted.org/sssd/ticket/949
* subdomains: Fix error handling in Data ProviderJakub Hrozek2012-05-101-19/+37
| | | | | The subdomains back end request was sending replies in a format the responder did not understand in case the request failed.
* Send the correct enumeration requestJakub Hrozek2012-05-101-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1329
generated by cgit (git 2.34.1) at 2024-05-23 11:11:39 +0000