summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* Limit krb5_get_init_creds_keytab() to etypes in keytabStef Walter2012-05-074-0/+181
| | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
* Remove erroneous failure message in find_principal_in_keytabStef Walter2012-05-072-2/+4
| | | | | * When it's actually a failure, then the callers will print a message. Fine tune this.
* If canon'ing principals, write ccache with updated default principalStef Walter2012-05-042-3/+8
| | | | | | | | | | | * When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518
* SSSDConfigAPI: Fix missing option in testsStephen Gallagher2012-05-041-0/+2
|
* Modify behavior of pam_pwd_expiration_warningJan Zeleny2012-05-049-52/+119
| | | | | | | | | | | | | | | | | | New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
* Fix endian issue in SID conversionSumit Bose2012-05-043-10/+18
| | | | | | Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID.
* LDAP: Add support for enumeration of ID-mapped users and groupsStephen Gallagher2012-05-031-31/+102
|
* MAN: Add manpage for ID mappingStephen Gallagher2012-05-033-0/+214
|
* LDAP: Treat groups with unmappable SIDs as non-POSIX groupsStephen Gallagher2012-05-031-9/+12
|
* LDAP: Add helper function to map IDsStephen Gallagher2012-05-035-119/+81
| | | | | This function will also auto-create a new ID map if the domain has not been seen previously.
* LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped ↵Stephen Gallagher2012-05-032-0/+16
| | | | entries
* LDAP: Add helper routine to convert LDAP blob to SID stringStephen Gallagher2012-05-035-68/+195
|
* LDAP: Map the user's primaryGroupIDStephen Gallagher2012-05-038-12/+73
|
* LDAP: Enable looking up id-mapped groups by GIDStephen Gallagher2012-05-031-2/+45
|
* LDAP: Allow looking up ID-mapped groups by nameStephen Gallagher2012-05-032-29/+125
|
* LDAP: Enable looking up id-mapped users by UIDStephen Gallagher2012-05-031-6/+43
|
* LDAP: Allow automatically-provisioning a domain and rangeStephen Gallagher2012-05-031-3/+43
| | | | | | | | If we get a user who is a member of a domain we haven't seen before, add a domain entry (auto-assigning its slice). Since we don't know the domain's real name, we'll just save the domain SID string as the name as well.
* LDAP: Add routine to extract domain SID from an object SIDStephen Gallagher2012-05-034-2/+52
| | | | Also makes the domain prefix macros from sss_idmap public.
* LDAP: Allow setting a default domain for id-mapping slice 0Stephen Gallagher2012-05-037-0/+48
|
* LDAP: Add autorid compatibility modeStephen Gallagher2012-05-037-8/+20
|
* LDAP: Enable looking up ID-mapped users by nameStephen Gallagher2012-05-033-9/+56
|
* LDAP: Initialize ID mapping when configuredStephen Gallagher2012-05-032-0/+10
|
* LDAP: Add ID mapping range settingsStephen Gallagher2012-05-036-0/+19
|
* LDAP: Add helper routines for ID-mappingStephen Gallagher2012-05-032-0/+334
|
* SYSDB: Add sysdb routines for ID-mappingStephen Gallagher2012-05-032-0/+346
|
* LDAP: Add id-mapping optionStephen Gallagher2012-05-036-0/+6
|
* LDAP: Add objectSID config optionStephen Gallagher2012-05-038-0/+47
|
* Read sysdb attribute name, not LDAP attribute map nameJakub Hrozek2012-05-031-2/+2
| | | | https://fedorahosted.org/sssd/ticket/1320
* SSH: Add dp_get_host_send to common responder codeJakub Hrozek2012-05-038-52/+210
| | | | | | | | Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
* Rename split_service_name_filterJakub Hrozek2012-05-031-16/+16
| | | | | The function was used outside services code which was confusing due to its name. This patch renames it to sound more netrual.
* SYSDB: Handle upgrade script failures betterStephen Gallagher2012-05-031-4/+13
| | | | | | There was a bug in finish_upgrade() where it would return EOK if it succeeded in canceling the transaction due to an error. We should instead be returning the original error.
* AUTOFS: remove unused assignmentsJakub Hrozek2012-05-032-5/+9
| | | | | Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails.
* IPA: Check return valuesJakub Hrozek2012-05-032-2/+12
|
* PROXY: return correct return codesJakub Hrozek2012-05-031-7/+9
| | | | | We were reporting on the value of "status" instead of "ret'. We also didn't set ret to EOK in cases group contained no members.
* SSS_DEBUGLEVEL: silence analyzer warningsJakub Hrozek2012-05-031-2/+3
| | | | | | | Errno was returned instead of ret. The other hunk removes return code from fread - it is not needed, the NULL termination of the string is ensured by initializing the buffer.
* NSS: fix returning group from cacheJakub Hrozek2012-05-021-1/+1
|
* Handle endianness issues on older systemsStephen Gallagher2012-05-021-0/+17
| | | | | | | Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc.
* DP: return correct error message when subdomains back end target is not ↵Jakub Hrozek2012-05-021-1/+1
| | | | | | configured The done handler uses the value of status, not ret.
* HBAC: Prevent NULL dereference in hbac_evaluateJakub Hrozek2012-05-021-2/+4
| | | | 'info' is optional parameter and can be set to NULL
* ipa_get_config_send: remove unused assignmentJakub Hrozek2012-05-021-1/+0
|
* IPA netgroups: return EOK when there are no netgroups to processJakub Hrozek2012-05-021-0/+1
| | | | If the code fell through the loop, ret would have been random value.
* NSS: Check return code of sss_mmap_cache_gr_storeJakub Hrozek2012-05-021-0/+5
|
* PAM_SSS: report error code if write failsJakub Hrozek2012-05-021-2/+2
| | | | | clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message.
* PYHBAC: Return NULL on failureJakub Hrozek2012-05-021-0/+1
| | | | The error handler would simply fall through instead of returning NULL.
* RESPONDER: check return value from confdb_get_intJakub Hrozek2012-05-021-0/+7
| | | | sss_process_init forgot to check return value of confdb_get_int
* LDAP: check return value of sysdb_attrs_get_elJakub Hrozek2012-05-021-0/+7
|
* SERVER: use the correct return code of sss_atomic_write_sJakub Hrozek2012-05-021-1/+1
|
* SSH: return NULL on error in ssh_host_pubkeys_format_known_host_plainJakub Hrozek2012-05-021-1/+2
| | | | | The 'result' pointer must be initialized tin order to always return a defined value.
* SYSDB: check return valueJakub Hrozek2012-05-021-2/+2
| | | | | In addition to testing the number of elements, also check the return value of sysdb_attrs_get_el.
* SYSDB: return EOK if empty message is passed into get_rm_msgJakub Hrozek2012-05-021-0/+1
| | | | | If the code never entered the loop in get_rm_message, we would return arbitrary return value.
generated by cgit (git 2.34.1) at 2024-05-24 08:08:50 +0000