summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* Cache cleaning toolJan Zeleny2011-05-041-0/+360
|
* Add a function for searching netgroups with custom filterJan Zeleny2011-05-042-0/+65
|
* Make sysdb_ctx_list public structureJan Zeleny2011-05-043-8/+53
| | | | Also create a routine to initialize it
* Fixed lastUSN checking improvementsJan Zeleny2011-05-043-5/+23
| | | | | | | | This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
* Override config file debug_level with command-lineStephen Gallagher2011-05-044-22/+66
| | | | | | | | | | | This patch also makes the following changes: 1) The [sssd] debug_level setting no longer acts as a default for all other sections. 2) We will now skip passing the debug argument to the child processes from the master unless the SSSD was run with a command-line argument for the debug level. https://fedorahosted.org/sssd/ticket/764
* Do not leak LDAP URI with high log levelJakub Hrozek2011-05-041-2/+7
|
* Do not leak pcre contextJakub Hrozek2011-05-041-0/+12
|
* clients: use poll instead of selectSimo Sorce2011-05-031-9/+6
| | | | | | | select is limited to fd numbers up to 1024, we need to use poll() here to avoid causing memory corruption in the calling process. Fixes: https://fedorahosted.org/sssd/ticket/861
* Fix minor typo in error messageStephen Gallagher2011-05-021-1/+1
| | | | https://fedorahosted.org/sssd/ticket/825
* Return pam data to the renewal item if renewal failsSumit Bose2011-05-021-4/+9
| | | | | | | | | A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running.
* Fix order of arguments in select_principal_from_keytab() callJakub Hrozek2011-04-291-1/+1
|
* Fix bad password caching when using automatic TGT renewalStephen Gallagher2011-04-291-3/+12
| | | | Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
* Fix segfault in IPA providerStephen Gallagher2011-04-291-2/+2
| | | | | | We were trying to request the krb5 keytab from the auth provider configuration, but it hasn't yet been set up. Much better to use the value in the ID provider.
* Fix IPA config bug with SDAP_KRB5_REALMStephen Gallagher2011-04-281-1/+1
|
* Do not leak LDAP paging controlsJakub Hrozek2011-04-281-0/+5
|
* Regular translation updateStephen Gallagher2011-04-276-939/+1562
|
* Add "description" option to SSSDConfig APIStephen Gallagher2011-04-272-0/+3
| | | | https://fedorahosted.org/sssd/ticket/850
* Add ldap_page_size configuration optionStephen Gallagher2011-04-279-5/+28
|
* Enable paging support for LDAPStephen Gallagher2011-04-271-23/+117
|
* Log the LDAP message type we're processingStephen Gallagher2011-04-271-0/+57
|
* simple provider: Don't treat primary GID lookup failures as fatalStephen Gallagher2011-04-271-13/+19
|
* Require openssl-devel is libcrypto backend is selectedJakub Hrozek2011-04-273-17/+44
|
* Modify principal selection for keytab authenticationJan Zeleny2011-04-2510-30/+254
| | | | | | | | | | | | | | | | Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
* Case insensitive originalDN testJakub Hrozek2011-04-251-0/+47
|
* Added originalDN to attributes with case-insensitive searchJan Zeleny2011-04-252-1/+106
| | | | https://fedorahosted.org/sssd/ticket/808
* Configuration parsing updatesJan Zeleny2011-04-256-53/+19
| | | | | | | | | | | | These changes are all related to following ticket: https://fedorahosted.org/sssd/ticket/763 Changes in SSSDConfig.py merge old and new domain record instead of just deleting the old and inserting the new one. The old approach let to loss of some information like comments and blank lines in the config file. Changes in API config were performed so our Python scripts (like sss_obfuscate) don't add extra config options to the config file.
* Don't use negative cache in netgroup lookupJan Zeleny2011-04-252-20/+20
| | | | | | | | | | | | | | In responder a negative cache is used to indicate that the record has not been found by previous lookup. This approach is however not applicable for netgroup lookup because the design of their lookup is a little different. This patch removes some pieces of code working with negative cache, because they didn't fuction well. Instead a new flag has been added to the positive cache. This flag indicates if the record in the cache is a record of existing netgroup or it's just a placeholder. https://fedorahosted.org/sssd/ticket/820
* Allow new option to specify principal for FASTJan Zeleny2011-04-256-6/+67
| | | | https://fedorahosted.org/sssd/ticket/700
* Extend and move function for finding principal in keytabJan Zeleny2011-04-253-80/+163
| | | | | | | | The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
* Add last usn checking after reconnectionJan Zeleny2011-04-192-1/+31
| | | | | | | | | | | When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
* Add value of the last USN to server configurationStephen Gallagher2011-04-192-0/+16
| | | | | Related: https://fedorahosted.org/sssd/ticket/734
* Add user and group search LDAP filter optionsJakub Hrozek2011-04-195-19/+119
| | | | https://fedorahosted.org/sssd/ticket/647
* Always generate kpasswdinfo fileStephen Gallagher2011-04-191-2/+1
| | | | | Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
* Set same status for duplicate serversJakub Hrozek2011-04-151-0/+21
|
* Reopen the LDB after modifying itStephen Gallagher2011-04-151-3/+20
| | | | | If we change any of the special entries such as indexes or plugins, we need to close and reopen the LDB to ensure that they take effect.
* Run all appropriate upgradesStephen Gallagher2011-04-151-1/+17
| | | | | | Previously, if we were upgrading from version 0.4 or older, we would only run sysdb_upgrade_04() and exit, instead of also running sysdb_upgrade_05()
* Don't leak memory if sysdb_domain_init() failsStephen Gallagher2011-04-151-3/+6
|
* Fix regression where nonexistent entries were never added to the negative cacheStephen Gallagher2011-04-151-21/+21
|
* Fix a regression with the negative cache in multi-domain configurationsStephen Gallagher2011-04-151-3/+18
|
* Add debug logging to the negative cacheStephen Gallagher2011-04-151-0/+5
|
* Do not throw a DP error when failing to delete a nonexistent entityStephen Gallagher2011-04-151-4/+4
|
* memberof: free delete operation apyload once doneSimo Sorce2011-04-141-1/+13
| | | | | | | Large memberof delete operations can cause quite a number of searches and the results are attached to a delop operation structure. Make sure we free this payload once the operation is done and these results are not used anymore so that we get a smaller total memory footprint.
* memberof: fix calculation of replaced membersSimo Sorce2011-04-141-0/+1
| | | | | We were skipping the check on the next value in the added list when a match was found for the currentr value being checked.
* sysdb: use header defined macros instead of explicit valuesSimo Sorce2011-04-131-9/+9
|
* Never remove gecos from the sysdb cacheStephen Gallagher2011-04-121-0/+9
| | | | | Now that gecos can come from either the 'gecos' or 'cn' attributes, we need to ensure that we never remove it from the cache.
* Provide a configuration option to use systemd unit fileJakub Hrozek2011-04-122-0/+52
| | | | https://fedorahosted.org/sssd/ticket/837
* The systemd unit file should not require DBusJakub Hrozek2011-04-121-2/+0
| | | | | | This patch fixes the provided systemd unit file so it is the same as the one Jóhann B. Guðmundsson provided in Red Hat Bugzilla #689853 except for hardcoded paths.
* Use safe alignment macros for in-tree SRV record parsingJakub Hrozek2011-04-121-3/+3
| | | | | | The in-tree SRV record parsing is used with very old c-ares libraries that don't implement the parsing themselves (c-ares < 1.7, used in e.g. RHEL5)
* Initialise rootdse to NULL if not availableSumit Bose2011-04-121-0/+1
|
* Initialise srv_opts even if rootDSE is missingSumit Bose2011-04-112-46/+49
|
generated by cgit (git 2.34.1) at 2024-05-30 17:35:17 +0000