summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* Fix recv sizesmartcardSumit Bose2016-10-191-1/+1
|
* nss-idmap: remove size limit on certificate lookupsSumit Bose2016-10-191-1/+7
|
* IPA: allow certificate lookup for sub-domainsSumit Bose2016-10-191-0/+1
|
* KRB5: allow pkinit pre-authenticationSumit Bose2016-10-193-11/+241
|
* pam: enhance Smartcard authentication tokenSumit Bose2016-10-194-15/+46
|
* authtok: add support for Smartcard auth blobsSumit Bose2016-10-195-17/+475
| | | | | | | The blobs contains beside the PIN the name of the PKCS#11 module and the token name where the certificate of the user was found. Those data will be used e.g. by the pkinit module to make sure them right certificate is used.
* p11: return name of PKCS#11 module to pam_sssSumit Bose2016-10-197-19/+113
|
* IDMAP: improve API documentation of free_funcSumit Bose2016-10-191-3/+4
|
* wip fix remove BNPSumit Bose2016-10-191-1/+1
|
* tests: fix for sysdb testSumit Bose2016-10-191-1/+1
|
* Fix indentationSumit Bose2016-10-191-4/+4
|
* LDAP: always store the certificate from the requestSumit Bose2016-10-191-1/+18
|
* PAM: forward Smartcard credentials to backendsSumit Bose2016-10-192-7/+49
|
* sdap_get_users_send(): new argument extra_attrsSumit Bose2016-10-194-4/+39
| | | | | extra_attrs can be a list of sysdb_attrs which are not available on the server side but should be store with the cached user entry.
* sysdb: add sysdb_attrs_copy()Sumit Bose2016-10-193-0/+112
|
* BNP patchSumit Bose2016-10-198-20/+100
|
* PAM: store user object in the preq contextSumit Bose2016-10-192-6/+7
|
* cert: add cert_get_san_values()Sumit Bose2016-10-193-0/+330
|
* TESTS: Fix check for py bindings in dlopen testsFabiano Fidêncio2016-10-171-2/+2
| | | | | | | | | The current code checks only for "HAVE_PYTHON_BINDINGS", which is not even a valid check. Let's do the proper check according to the python version (HAVE_PYTHON2_BINDINGS or HAVE_PYTHON3_BINDINGS). Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* TESTS: Adding intg. tests on nested groupsPetr Čech2016-10-141-0/+157
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2940 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: Removing of member link from groupSumit Bose2016-10-141-0/+9
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2940 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* libwbclient-sssd: update interface to version 0.13Sumit Bose2016-10-145-3/+71
| | | | | | | | | | This patch adds wbcCtxUnixIdsToSids() and wbcUnixIdsToSids() to SSSD's libwbclient and implements the latter. Resolves: https://fedorahosted.org/sssd/ticket/3181 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* sssctl: Fix a typo in preprocessor macroJakub Hrozek2016-10-141-1/+1
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* RPM: Require initscripts on non-systemd platformsJakub Hrozek2016-10-141-0/+3
| | | | | | | | In order for sssctl to work on platforms that do not use systemd, we need to require /sbin/service them for sssd-tools so that the binary can be invoked. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Not having /sbin/service is not fatalJakub Hrozek2016-10-141-1/+1
| | | | | | | If the target platform does not have the service executable, we must not fail the build, but proceed, just disabling the functionality in sssctl. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* BUILD: Only search for service in /sbin and /usr/sbinJakub Hrozek2016-10-141-1/+1
| | | | | | | The shell is executed for invocation of the service binary. Therefore it is better to search the binary only in safe paths. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sssctl: call service with absolute pathPavel Březina2016-10-111-3/+3
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Detect the path of the "service" executableJakub Hrozek2016-10-112-4/+15
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* sssctl: use systemd D-Bus APIPavel Březina2016-10-114-10/+154
| | | | | | | | | If systemd is used we leverage it's D-Bus API instead of running systemctl. Resolves: https://fedorahosted.org/sssd/ticket/3056 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* tests: Add tests for getorig by UPN NSS opJakub Hrozek2016-10-111-0/+34
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* tests: Add tests for sidbyname NSS operationJakub Hrozek2016-10-111-0/+129
| | | | | Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* nss: allow UPNs in SSS_NSS_GETSIDBYNAME and SSS_NSS_GETORIGBYNAMESumit Bose2016-10-101-10/+66
| | | | | | | | | | | | | | When adding support for UPNs, email addresses and aliases the SSS_NSS_GETSIDBYNAME and SSS_NSS_GETORIGBYNAME request were forgotten. This patch adds the missing support because it might be irritating if getpwnam() can resolve the name but the other requests fail. The same logic as for the plain user lookup is used, this add some code duplication which is expected to be removed when the nss responder will be switched to use the new cache_req code. Resolves https://fedorahosted.org/sssd/ticket/3194 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_cache: improve option argument handlingJustin Stephenson2016-10-102-1/+10
| | | | | | | | | | Print informational message and exit when multiple arguments are provided for single-argument options with sss_cache Resolves: https://fedorahosted.org/sssd/ticket/3180 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Wrong defaults for AD providerMichal Židek2016-10-071-2/+4
| | | | | | | | | | | ldap_user_name and ldap_group_name have different defalts then what the man page states. Resolves: https://fedorahosted.org/sssd/ticket/3022 Reviewed-by: Sumit Bose <sbose@redhat.com>
* MAN: Typo in id mapping explanationMichal Židek2016-10-071-2/+2
| | | | | | | | | | It is probably result of modifying the code and not updating the man page properly. Resolves: https://fedorahosted.org/sssd/ticket/3205 Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Remove a leftover debug messageFabiano Fidêncio2016-10-071-1/+0
| | | | | | | | | The debug message was introduced when I was testing 65a38b8c9, but ended up not removed before submitting the patch. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Petr Cech <pcech@redhat.com>
* SECRETS: Add a configurable limit of secrets that can be storedFabiano Fidêncio2016-10-0513-0/+99
| | | | | | | Related: https://fedorahosted.org/sssd/ticket/3169 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: Initialize a boolean control valueJakub Hrozek2016-10-041-1/+6
| | | | | | | | | | | | | | | | | | | | | | | without this patch, valgrind was reporting: ==30955== Conditional jump or move depends on uninitialised value(s) ==30955== at 0xDBBACC3: ipa_subdomains_slave_search_done (ipa_subdomains.c:1111) ==30955== by 0xE73B34D: sdap_search_bases_ex_done (sdap_ops.c:222) ==30955== by 0xE6FFA98: sdap_get_generic_done (sdap_async.c:1872) ==30955== by 0xE6FF4E2: generic_ext_search_handler (sdap_async.c:1689) ==30955== by 0xE6FF840: sdap_get_and_parse_generic_done (sdap_async.c:1797) ==30955== by 0xE6FEFB5: sdap_get_generic_op_finished (sdap_async.c:1579) ==30955== by 0xE6FB1D2: sdap_process_message (sdap_async.c:353) ==30955== by 0xE6FAD51: sdap_process_result (sdap_async.c:197) ==30955== by 0xE6FAA14: sdap_ldap_next_result (sdap_async.c:145) ==30955== by 0x8E157FF: tevent_common_loop_timer_delay (tevent_timed.c:341) ==30955== by 0x8E16809: epoll_event_loop_once (tevent_epoll.c:911) ==30955== by 0x8E14F09: std_event_loop_once (tevent_standard.c:114) ==30955== Resolves: https://fedorahosted.org/sssd/ticket/3213 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* SECRETS: Use HTTP error code 504 when a proxy server cannot be reachedJakub Hrozek2016-10-045-1/+8
| | | | | | | | | | | Previously, a generic 500 error code was returned. This patch adds a new error message on a failure to contact the proxy server and returns 504, "Gateway timeout" instead. Resolves: https://fedorahosted.org/sssd/ticket/3212 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* SECRETS: Fix a typo in function nameJakub Hrozek2016-10-041-7/+7
| | | | | | s/filed/field/ Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* SECRETS: Use a better data type for retJakub Hrozek2016-10-041-2/+2
| | | | | | | Normally we use errno_t for return codes and size_t for counting objects. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* SECRETS: Add DEBUG messages to the sssd-secrets providerJakub Hrozek2016-10-044-59/+441
| | | | | | | | | | Previously, it was not possible to follow the flow of the secrets responder or find out what went wrong on error. This patch adds DEBUG messages so that most failure cases have their own message. At the same time, running sssd-secrets with debug_level <= 3 does not emit any messages at all. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* SECRETS: Add a configurable depth limit for nested containersFabiano Fidêncio2016-10-0312-0/+71
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/3168 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SECRETS: Use a tmp_context on local_db_check_containers()Fabiano Fidêncio2016-10-031-7/+23
| | | | | | | | | Otherwise the struct ldb_dn will be hanging on the mem_ctx till it gets freed. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SECRETS: Make functions from local.c staticFabiano Fidêncio2016-10-031-43/+43
| | | | | | | | There's no reason for those functions to be exposed. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* CONFIG: Add secrets provider optionsFabiano Fidêncio2016-10-033-2/+27
| | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/3207 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* CONFIG: List allowed secrets responder optionsJakub Hrozek2016-10-031-0/+27
| | | | | | | Related: https://fedorahosted.org/sssd/ticket/3207 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
* CONFIG: Add secrets responder to the allowed sectionsFabiano Fidêncio2016-10-031-0/+1
| | | | | | | | | | | | | | | | | The regular expression used is quite specific for the two cases we support: - [secrets] - [secrets/users/$uid] It could be done a bit more generic, but the way it's right now it can easily catch errors like: [secrets/usrs/$uid] or [secrets/]. Related: https://fedorahosted.org/sssd/ticket/3207 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: sssd-secrets documentationJakub Hrozek2016-09-306-1/+458
| | | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/3053 Documents the API and the purpose of the sssd-secrets responder. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* BUILD: intgcheck need to fail if pytest failsLukas Slebodnik2016-09-261-0/+2
| | | | Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
generated by cgit (git 2.34.1) at 2024-05-07 01:23:48 +0000