Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | Refactor sysdb_master_domain_add_info() | Simo Sorce | 2013-02-10 | 3 | -51/+28 |
| | |||||
* | Update main domain info in place | Simo Sorce | 2013-02-10 | 4 | -62/+38 |
| | |||||
* | Avoid sysdb_subdom in sysdb_get_subdomains() | Simo Sorce | 2013-02-10 | 6 | -102/+60 |
| | |||||
* | Add realm info to sss_domain_info | Simo Sorce | 2013-02-10 | 10 | -10/+25 |
| | |||||
* | NSS: Add original homedir to home directory template options | Stephen Gallagher | 2013-02-10 | 6 | -8/+29 |
| | | | | https://fedorahosted.org/sssd/ticket/1805 | ||||
* | Correct sss_ssh_knowhostsproxy typo in man pages | John Hodrien | 2013-02-01 | 1 | -1/+1 |
| | |||||
* | dp: check whether hostid backend is configured before filing be request | Pavel Březina | 2013-02-01 | 1 | -0/+8 |
| | |||||
* | Fix minor grammar error in log | Stephen Gallagher | 2013-01-30 | 1 | -1/+1 |
| | |||||
* | krb: recreate ccache if it was deleted | Pavel Březina | 2013-01-30 | 1 | -1/+8 |
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1512 If directory where a ccache file was stored was missing and user was still logged in, we erroneously considered the ccache file still active. Thus the ccache file was not recreated and user was unable to login. | ||||
* | TESTS: include error message on fail | Ondrej Kos | 2013-01-29 | 1 | -8/+8 |
| | |||||
* | TESTS: Fix coverity issues 13126, 13127 | Ondrej Kos | 2013-01-29 | 1 | -2/+6 |
| | | | | https://fedorahosted.org/sssd/ticket/1763 | ||||
* | Unchecked return value in files.c | Michal Zidek | 2013-01-29 | 1 | -1/+9 |
| | | | | | Found by coverity. https://fedorahosted.org/sssd/ticket/1791 | ||||
* | nested groups: fix group lookup hangs if member dn is incorrect | Pavel Březina | 2013-01-28 | 1 | -0/+24 |
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/1783 When dn in member attribute is invalid (e.g. rdn instead of dn) or it is outside of configured search bases, we might hit a situation when tevent_req is marked as done before any callback could be attached on it. | ||||
* | TOOLS: Compile on old platforms such as RHEL5 | Jakub Hrozek | 2013-01-28 | 1 | -37/+140 |
| | | | | | Provides compatible declarations for modern file management functions such as futimens or opening with the O_CLOEXEC flag | ||||
* | MAN: Clarify that saving users after enumerating large domain might be CPU ↵ | Jakub Hrozek | 2013-01-28 | 1 | -1/+9 |
| | | | | | | intensive https://fedorahosted.org/sssd/ticket/1732 | ||||
* | Possible null derefence in ipa_subdomains.c. | Michal Zidek | 2013-01-25 | 1 | -0/+4 |
| | | | | | Found by coverity. https://fedorahosted.org/sssd/ticket/1790 | ||||
* | SYSDB: Expire group if adding ghost users fails with EEXIST | Jakub Hrozek | 2013-01-23 | 1 | -2/+36 |
| | |||||
* | SYSDB: make the sss_ldb_modify_permissive function public | Jakub Hrozek | 2013-01-23 | 2 | -2/+11 |
| | |||||
* | TOOLS: Use file descriptor to avoid races when creating a home directory | Jakub Hrozek | 2013-01-23 | 4 | -354/+364 |
| | | | | | | | | | | | When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 | ||||
* | TOOLS: Use openat/unlinkat when removing the homedir | Jakub Hrozek | 2013-01-23 | 1 | -42/+41 |
| | | | | | | | | | | The removal of a home directory is sensitive to concurrent modification of the directory tree being removed and can unlink files outside the directory tree. This security issue was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782 | ||||
* | Check that strings do not go beyond the end of the packet body in autofs and ↵ | Jan Cholasta | 2013-01-23 | 2 | -7/+7 |
| | | | | | | | | SSH requests. This fixes CVE-2013-0220. https://fedorahosted.org/sssd/ticket/1781 | ||||
* | sudo responder: change num_rules type from size_t to uint32_t | Pavel Březina | 2013-01-22 | 7 | -25/+25 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1779 2^32 should be enough to store sudo rules. size_t type was causing troubles on big endian architectures, because it wasn't used correctly in combination with D-Bus. | ||||
* | Convert the value of pwd_exp_warning to seconds | Jakub Hrozek | 2013-01-22 | 1 | -5/+6 |
| | | | | | | | | When read from the domain section, the pwd_expiration_warning was properly converted to seconds from days, but not the pam_pwd_expiration_warning set in the [pam] section. https://fedorahosted.org/sssd/ticket/1773 | ||||
* | fix backend callbacks: remove callback properly from dlist | Pavel Březina | 2013-01-22 | 1 | -6/+18 |
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1776 Although cb->list got updated when the callback is removed, this change did not propagate to be_ctx->*_cb_list which caused dlist having invalid records. | ||||
* | Fix code style | Jakub Hrozek | 2013-01-22 | 1 | -1/+2 |
| | |||||
* | Make struct be_req opaque | Simo Sorce | 2013-01-21 | 2 | -18/+18 |
| | |||||
* | Add be_req_get_data() helper funciton. | Simo Sorce | 2013-01-21 | 17 | -32/+45 |
| | | | | In preparation for making struct be_req opaque. | ||||
* | Add be_req_get_be_ctx() helper. | Simo Sorce | 2013-01-21 | 22 | -133/+155 |
| | | | | In preparation for making be_req opaque | ||||
* | Add be_req_create() helper | Simo Sorce | 2013-01-21 | 3 | -40/+38 |
| | |||||
* | Introduce be_req_terminate() helper | Simo Sorce | 2013-01-21 | 18 | -129/+84 |
| | | | | | Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque. | ||||
* | Remove domain from be_req structure | Simo Sorce | 2013-01-21 | 7 | -64/+46 |
| | |||||
* | Pass domain not be_req to access check functions | Simo Sorce | 2013-01-21 | 5 | -22/+33 |
| | |||||
* | Split simple_access_check function out | Simo Sorce | 2013-01-21 | 3 | -206/+225 |
| | | | | | Need to split out the function or new additions to the handler funtion will not allow simple access tests to compile anymore. | ||||
* | Do not pass NULL to ipa_subdomain_retrieve() | Simo Sorce | 2013-01-21 | 1 | -18/+20 |
| | |||||
* | Move hbac_ctx_is_offline() | Simo Sorce | 2013-01-21 | 2 | -7/+6 |
| | |||||
* | Remove hbac_ctx_sdap_id_[ctx|op]() | Simo Sorce | 2013-01-21 | 2 | -18/+6 |
| | |||||
* | Remove hbac_ctx_ev() | Simo Sorce | 2013-01-21 | 2 | -10/+3 |
| | |||||
* | Remove hbac_ctx_be() | Simo Sorce | 2013-01-21 | 3 | -12/+4 |
| | |||||
* | Remove hbac_ctx_sysdb() | Simo Sorce | 2013-01-21 | 2 | -12/+4 |
| | |||||
* | Remove sysdb argument from hbac_get_cached_rules() | Simo Sorce | 2013-01-21 | 3 | -9/+6 |
| | |||||
* | Remove sysdb arg from [ipa_]hbac_sysdb_save() | Simo Sorce | 2013-01-21 | 3 | -36/+25 |
| | | | | Also make ipa_hbac_save_list() static | ||||
* | Remove sysdb arg from ipa_hbac_service_info_send() | Simo Sorce | 2013-01-21 | 3 | -5/+0 |
| | |||||
* | Remove sysdb arg from hbac_*host_attrs_to_rule() | Simo Sorce | 2013-01-21 | 3 | -11/+4 |
| | |||||
* | Remove sysdb arg from hbac_service_attrs_to_rule() | Simo Sorce | 2013-01-21 | 3 | -5/+2 |
| | |||||
* | Remove sysdb argument from hbac_user_attrs_to_rule() | Simo Sorce | 2013-01-21 | 3 | -6/+4 |
| | |||||
* | Remove unused structure | Simo Sorce | 2013-01-21 | 1 | -6/+0 |
| | |||||
* | Remove sysdb argument from ipa_host_info_send() | Simo Sorce | 2013-01-21 | 5 | -9/+3 |
| | |||||
* | Remove sysdb as a be request structure member | Simo Sorce | 2013-01-21 | 7 | -12/+9 |
| | | | | The sysdb context is already available through the 'domain' context. | ||||
* | Remove sysdb as a be context structure member | Simo Sorce | 2013-01-21 | 27 | -56/+52 |
| | | | | The sysdb context is already available through the 'domain' structure. | ||||
* | Move ldap provider access functions | Simo Sorce | 2013-01-21 | 2 | -59/+86 |
| | | | | | | It was confusing to see the ldap provider own handler mixed with the generic ldap access code used also by the ipa and ad providers. So move the ldap provider handler code in its own file. |