summaryrefslogtreecommitdiffstats
path: root/src/util
Commit message (Collapse)AuthorAgeFilesLines
* Unbreak build on RHEL5: replace ldap_destroy() with ldap_unbind_ext()Pavel Březina2012-08-211-1/+1
| | | | ldap_destroy() is not present in RHEL5
* Close LDAP connection when unable to install TLSPavel Březina2012-08-211-13/+13
| | | | | | | We were not closing LDAP connection when using SSL with invalid certificate. https://fedorahosted.org/sssd/ticket/1490
* Fix compilation error in Python murmurhash bindingsJakub Hrozek2012-08-161-0/+2
| | | | | | The compilation produced an error due to missing declaration of uint32_t and a couple of warnings caused by different prototypes of argument parsing functions in older Python releases.
* Extend category support in SELinux user mapsJan Zeleny2012-07-231-6/+24
| | | | | | This patch adds the possibility for user/host category attributes to have more than one value. It also fixes semantically wrong evaluation of SELinux map priority.
* Added some DEBUG statements into SELinux related codeJan Zeleny2012-07-231-4/+24
|
* Modify priority evaluation in SELinux user mapsJan Zeleny2012-07-182-6/+45
| | | | | | | | | | | | | | | | | | | The functionality now is following: When rule is being matched, its priority is determined as a combination of user and host specificity (host taking preference). After the rule is matched in provider, only its host priority is stored in sysdb for later usage. When rules are matched in the responder, their user priority is determined. After that their host priority is retrieved directly from sysdb and sum of both priorities is user to determine whether to use that rule or not. If more rules have the same priority, the order given in IPA config is used. https://fedorahosted.org/sssd/ticket/1360 https://fedorahosted.org/sssd/ticket/1395
* Check for errors from krb5_unparse_nameStephen Gallagher2012-07-091-1/+8
| | | | Coverity #12781
* Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8Stef Walter2012-07-062-151/+0
| | | | | | | | * This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate.
* DEBUG: Log to syslog if we are unable to open a debug fdStephen Gallagher2012-06-291-0/+5
|
* libcrypto fully implementedGeorge McCollister2012-06-264-9/+442
| | | | | | | | | | | | | | | | Implemented working versions of the following functions for libcrypto: sss_base64_encode sss_base64_decode sss_hmac_sha1 sss_password_encrypt sss_password_decrypt test_encrypt_decrypt now expects EOK from libcrypto. test_hmac_sha1 now expects EOK from libcrypto. Added test_base64_encode to test base64 encoding implementation. Added test_base64_decode to test base64 decoding implementation. Signed-off-by: George McCollister <George.McCollister@gmail.com>
* Fix re_expression matching with subdomainsJan Zeleny2012-06-211-15/+19
| | | | | | | | | | | This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
* UTILS: Fix segfault due to sss_parse_name_for_domainsStephen Gallagher2012-06-211-7/+10
| | | | | | | | The recent fixes for per-domain parsing can cause a segfault in the netgroup processing if the domain isn't set to NULL when it's parsed as "any domain". https://fedorahosted.org/sssd/ticket/1383
* Move some debug lines to new debug log levelsStef Walter2012-06-202-5/+5
| | | | | | | * These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
* Fix typo breaking DIR cache detectionStephen Gallagher2012-06-181-2/+0
|
* KRB5: Auto-detect DIR cache support in configureStephen Gallagher2012-06-152-2/+18
| | | | | | We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
* Fix compilation on older little-endian systemsStephen Gallagher2012-06-151-1/+2
|
* Use Kerberos context in KRB5_DEBUGJakub Hrozek2012-06-141-0/+8
| | | | | Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages.
* Add support for storing credential caches in the DIR: back endJakub Hrozek2012-06-142-20/+4
| | | | https://fedorahosted.org/sssd/ticket/974
* Residual util functionsJakub Hrozek2012-06-142-0/+102
| | | | | | Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc.
* sss_names_init: Report correct error code if allocation failedJakub Hrozek2012-06-131-1/+4
|
* Make re_expression and full_name_format per domain optionsStef Walter2012-06-123-7/+140
| | | | | | | | | | | * Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
* KRB5: Avoid NULL-dereference with empty keytabStephen Gallagher2012-05-221-7/+13
| | | | https://fedorahosted.org/sssd/ticket/1330
* Simple implementation of Netscape password warning expiration controlJoshua Roys2012-05-221-0/+8
|
* Limit krb5_get_init_creds_keytab() to etypes in keytabStef Walter2012-05-072-0/+145
| | | | | | | | | * Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
* Remove erroneous failure message in find_principal_in_keytabStef Walter2012-05-071-1/+1
| | | | | * When it's actually a failure, then the callers will print a message. Fine tune this.
* Modify behavior of pam_pwd_expiration_warningJan Zeleny2012-05-042-0/+6
| | | | | | | | | | | | | | | | | | New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
* Fix endian issue in SID conversionSumit Bose2012-05-041-0/+2
| | | | | | Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID.
* Handle endianness issues on older systemsStephen Gallagher2012-05-021-0/+17
| | | | | | | Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc.
* SERVER: use the correct return code of sss_atomic_write_sJakub Hrozek2012-05-021-1/+1
|
* execv, excvp and exec_child never return EOKStef Walter2012-05-012-8/+5
| | | | * So don't need to handle that case
* murmurhash: Relax inline requirementStephen Gallagher2012-04-241-2/+2
|
* Two fixes in responder subdomain codeJan Zeleny2012-04-241-1/+1
|
* SSH: Add support for hashed known_hostsJan Cholasta2012-04-242-3/+9
| | | | https://fedorahosted.org/sssd/ticket/1203
* UTIL: Add HMAC-SHA-1 functionJan Cholasta2012-04-243-0/+127
|
* Moved expand_homedir_template() from NSS responder to utility codeJan Zeleny2012-04-242-0/+167
|
* New config option for subdomainsJan Zeleny2012-04-241-0/+2
| | | | | subdomain_homedir - if set, it contains default value, can be overriden in further processing
* Add conn_name to allow different names for domains and connectionsJan Zeleny2012-04-241-2/+2
|
* Add some utility functions for subdomainsJan Zeleny2012-04-242-0/+119
|
* Convert read and write operations to sss_atomic_readJakub Hrozek2012-04-204-120/+89
| | | | https://fedorahosted.org/sssd/ticket/1209
* Move atomic io function to a separate moduleJakub Hrozek2012-04-204-43/+102
| | | | | | We'll be using it on various places of the SSSD. The function is in its own file to allow using just the one piece without having to drag in the whole util.c module.
* sss_atomic_io: Do not fail reads with EPIPE if there is not enough data to readJakub Hrozek2012-04-201-1/+2
| | | | Also adds a unit test for sss_atomic_io()
* Clean up log messages about keytab_nameStephen Gallagher2012-04-052-11/+21
| | | | | | | | | There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288
* Fix off-by-one error in principal selectionJakub Hrozek2012-03-291-3/+3
| | | | https://fedorahosted.org/sssd/ticket/1269
* Add sss_get_cased_name_list utility functionJakub Hrozek2012-03-292-0/+41
|
* Always initialize the returned data in sss_krb5_princ_realm()Sumit Bose2012-03-261-0/+3
|
* Make the string_equal() function publicJakub Hrozek2012-03-212-0/+10
|
* nsssrv: add handling of memory cache group mapSimo Sorce2012-03-191-0/+10
|
* util: Helper headers for shared memory cacheSimo Sorce2012-03-191-0/+117
|
* Handle cases where UID is -1Stephen Gallagher2012-02-291-6/+1
| | | | | | | Also removes an unnecessary range check (since it's already handled by strtoint32() https://fedorahosted.org/sssd/ticket/1216
* SSH: Add missing break statements to sss_ssh_format_pubkeyJan Cholasta2012-02-271-0/+2
|
generated by cgit (git 2.34.1) at 2024-04-24 02:32:48 +0000