sssd.git/src/responder, branch sasl_ad_compat Experimental work on SSSD - Systen Security Services Daemon PAM: Set negcache if user is not found after provider check 2013-08-07T22:44:19+00:00 Jakub Hrozek jhrozek@redhat.com 2013-08-07T09:25:50+00:00 efa8ca8cea5fb6153a42799544ab45fc96bc7ea5 






PAM: Check negcache when searching for fully qualified users, too
2013-08-07T22:44:19+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-08-07T09:25:20+00:00

ddbe6bc5595767e52a3893355515fc260b8f4be4












NSS: Clear cached netgroups if a request comes in from the sss_cache
2013-08-07T22:38:31+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-07-29T13:24:34+00:00

db440b3ba6b848010cf2a1fe9f76db394ce860da

In order for sss_cache to work correctly, we must also signal the nss
responder to invalidate the hash table requests.

https://fedorahosted.org/sssd/ticket/1759





In order for sss_cache to work correctly, we must also signal the nss
responder to invalidate the hash table requests.

https://fedorahosted.org/sssd/ticket/1759







NSS: allow removing entries from netgroup hash table
2013-08-07T22:38:31+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-07-29T12:45:35+00:00

ada4d12f2e625ad553c6944b7d84bff144c31398

There is a timed desctructor in the nss responder that, when the
entry timeout passes, removes the netgroup from the hash table while
the netgroup is freed. This patch adds a hash delete callback so that if the
netgroup is removed from the hash table with hash_delete, its hash table
pointer will be invalidated. Later, when the entry is being freed, the
destructor won't attempt to remove it from the hash table.





There is a timed desctructor in the nss responder that, when the
entry timeout passes, removes the netgroup from the hash table while
the netgroup is freed. This patch adds a hash delete callback so that if the
netgroup is removed from the hash table with hash_delete, its hash table
pointer will be invalidated. Later, when the entry is being freed, the
destructor won't attempt to remove it from the hash table.







SSH: Ensure that cmd_ctx->name will not be NULL.
2013-08-05T14:48:23+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-07-31T12:12:48+00:00

1d45113cd45f8509d1088f941da932c29dd8ab2a

If cmd_ctx->name was not initialized by sss_parse_name
then copy of name will be used.

https://fedorahosted.org/sssd/ticket/1970
Coverity ID: 11647





If cmd_ctx->name was not initialized by sss_parse_name
then copy of name will be used.

https://fedorahosted.org/sssd/ticket/1970
Coverity ID: 11647







Fix netgroup lookup when using fully qualified name
2013-07-31T09:00:55+00:00

Pavel Březina
pbrezina@redhat.com

2013-07-29T09:33:19+00:00

b410c7a9a80b0e44e3740f17d36574d3421626b7












Netgroups should ignore the 'use_fully_qualified_names' setting
2013-07-29T10:59:17+00:00

Stephen Gallagher
sgallagh@redhat.com

2013-07-11T14:06:09+00:00

1933ff17513da1d979dd22776a03478341ef5e6b

Netgroups often have memberNisNetgroup entries included in them
that will never process correctly if we require fully-qualified
names on the nested lookup. This patch alters the behavior of
netgroup lookups to check *all* domains for an unqualified
netgroup name, instead of only the ones not requiring fully-
qualified names.

https://fedorahosted.org/sssd/ticket/2013





Netgroups often have memberNisNetgroup entries included in them
that will never process correctly if we require fully-qualified
names on the nested lookup. This patch alters the behavior of
netgroup lookups to check *all* domains for an unqualified
netgroup name, instead of only the ones not requiring fully-
qualified names.

https://fedorahosted.org/sssd/ticket/2013







Remove unused memory context
2013-07-29T10:57:31+00:00

Lukas Slebodnik
lslebodn@redhat.com

2013-07-20T14:37:34+00:00

680ddbdf8478f26cbb5efc9b712ea35714e089ba












SUDO: realloc with sizeof(uint32_t) when adding uint32_t
2013-07-22T11:51:31+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-07-22T07:56:45+00:00

1b3144586978c47506eaa39db505e6231e3b0c0a












Do not try to set password when authtok_length is zero
2013-07-18T14:04:42+00:00

Ondrej Kos
okos@redhat.com

2013-06-24T14:58:23+00:00

3df593099ecb4b7570548bc14ca58960f79bc9b2

https://fedorahosted.org/sssd/ticket/1814

When the authtok_length is zero, it shouldn't call
sss_authtok_set_password, because it tries to determine lenght of passed
string by itself and would read parts of DBus message behind boundaries
of authtok.





https://fedorahosted.org/sssd/ticket/1814

When the authtok_length is zero, it shouldn't call
sss_authtok_set_password, because it tries to determine lenght of passed
string by itself and would read parts of DBus message behind boundaries
of authtok.