summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
* MEMBEROF: silence compilation warningsJakub Hrozek2012-12-171-15/+15
| | | | | | | | | | | | src/ldb_modules/memberof.c: In function ‘mbof_get_ghost_from_parent_cb’: src/ldb_modules/memberof.c:3085: warning: declaration of ‘dup’ shadows a global declaration /usr/include/unistd.h:528: warning: shadowed declaration is here src/ldb_modules/memberof.c: In function ‘mbof_inherited_mod’: src/ldb_modules/memberof.c:3253: warning: declaration of ‘dup’ shadows a global declaration /usr/include/unistd.h:528: warning: shadowed declaration is here src/ldb_modules/memberof.c: In function ‘mbof_fill_vals_array’: src/ldb_modules/memberof.c:3786: warning: declaration of ‘index’ shadows a global declaration /usr/include/string.h:489: warning: shadowed declaration is here
* PROXY: fix groups cachingOndrej Kos2012-12-171-0/+6
| | | | | | https://fedorahosted.org/sssd/ticket/1685 Properly react on deleting group which was not found in sysdb.
* let ldap_chpass_uri failover work when using same hostnamePavel Březina2012-12-151-11/+4
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1699 We want to continue with the next server on all errors, not only on ETIMEDOUT. This particullar ticket was dealing with ECONNREFUSED.
* sssd_pam: Cleanup requests cache on sbus reconectSimo Sorce2012-12-141-1/+4
| | | | | | | | | The pam responder was not properly configured to recover from a backend disconnect. The connections that were in flight before the disconnection were never freed and new requests for the same user would just pile up on top of the now phantom requests. Fixes: https://fedorahosted.org/sssd/ticket/1655
* Allow mmap calls to gracefully return absent ctxSimo Sorce2012-12-141-0/+25
| | | | | This is to allow to freely call mc functions even if initialization failed. They will now gracefully fail instead of segfaulting.
* MAN: Fix the title of sssd-sudoJakub Hrozek2012-12-131-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1710
* sudo: support generalized time formatPavel Březina2012-12-132-13/+34
| | | | | | | https://fedorahosted.org/sssd/ticket/1712 The timestamp doesn't have to be in the form yyyymmddHHMMSSZ any more. It can be in any form of generalized time format.
* tools: sss_userdel and groupdel remove entries from memory cacheMichal Zidek2012-12-133-0/+55
| | | | https://fedorahosted.org/sssd/ticket/1659
* sssd_nss: Remove entries from memory cache if not found in sysdbMichal Zidek2012-12-131-0/+23
| | | | | Functions nss_cmd_getXXnam remove entries from memory cache if not found in sysdb cache of a local domain.
* sudo: include primary group in user group listPavel Březina2012-12-131-1/+41
| | | | https://fedorahosted.org/sssd/ticket/1677
* sysdb_get_sudo_user_info() initialize attrs on declarationPavel Březina2012-12-131-4/+3
|
* Add a macro to copy with barriersSimo Sorce2012-12-131-17/+30
| | | | | | | We have 2 places where we memcpy memory and need barriers protection. Use a macro so we can consolidate code in one place. Second fix for: https://fedorahosted.org/sssd/ticket/1694
* SYSDB: More debugging during the conversion to ghost usersJakub Hrozek2012-12-121-0/+9
| | | | | | | We've been hitting situations where the sysdb conversion failed. Unfortunately, the current code doesn't include enough debugging info to pinpoint the failing entries. This patch adds more DEBUG statements for each processed entry.
* sudo: don't get stuck in rules and smart refresh when offlinePavel Březina2012-12-111-4/+14
| | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1682 The problem was in following code: if (ret != EOK || state->dp_error != DP_ERR_OK || state->error != EOK) { tevent_req_error(req, ret); return; } In situation when data provider error occurs (e.g. when offline), ret == EOK but dp_error != DP_ERR_OK and we take the true branch. This results in calling tevent_req_error(req, EOK). Unfortunately, with EOK tevent_req_error only returns false, but does not trigger callback and this tevent request hangs forever, because no tevent_req_done(req) is called.
* NSS: Fix the error handler in sss_mc_create_fileJakub Hrozek2012-12-111-10/+16
| | | | | | | https://fedorahosted.org/sssd/ticket/1704 The function is short enough so that we can simply stick with return and release resources before returning as appropriate.
* sudo manpage: clarify that sudoHost may contain wildcards and not regular ↵Pavel Březina2012-12-112-2/+2
| | | | | | expression https://fedorahosted.org/sssd/ticket/1690
* MEMBEROF: Fix copy-n-paste errorJakub Hrozek2012-12-101-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1703
* LDAP: remove dead assignmentJakub Hrozek2012-12-101-1/+0
|
* SYSDB: Move misplaced assignmentJakub Hrozek2012-12-101-2/+1
|
* PAC: check the return value of diff_git_listsJakub Hrozek2012-12-101-0/+4
|
* let krb5_kpasswd failover workPavel Březina2012-12-101-3/+7
| | | | | | | | | https://fedorahosted.org/sssd/ticket/1680 There were two errors: 1. kr->kpasswd_srv was never set 2. bad service name (KERBEROS) was provided when setting port status, thus the port status never changed
* SSH: Reject requests for authorized keys of rootJan Cholasta2012-12-101-0/+5
| | | | https://fedorahosted.org/sssd/ticket/1687
* PROXY: fix negative cacheOndrej Kos2012-12-101-20/+24
| | | | | | | | https://fedorahosted.org/sssd/ticket/1685 The PROXY provider wasn't storing credentials to negative cache due to bad return value. This was delegated from attempt to delete these credentials from local cache. Therefore ENOENT is replaced as EOK.
* Bump the version and reset release back to 0Jakub Hrozek2012-12-072-2/+2
|
* SUDO: strdup the input variableJakub Hrozek2012-12-071-1/+1
| | | | https://fedorahosted.org/sssd/ticket/1701
* sudo: print rule name if notBefore or notAfter attribute is missingPavel Březina2012-12-061-1/+1
| | | | | | | | | | | ...and if sudo_timed = true. https://fedorahosted.org/sssd/ticket/1688 A comma was missing in attribute list. This caused concatenation of the two attributes so we requested one attribute called "objectClasscn". This doesn't affect functionality, only debug messages.
* MAN: Move ssh_known_hosts_timeout documentation to the correct sectionJan Cholasta2012-12-051-12/+12
|
* Fix comment on wrong lineSimo Sorce2012-12-051-1/+1
|
* RESOLV: return ENOENT if the address list is emptyJakub Hrozek2012-12-051-0/+8
|
* MEMBEROF: Keep inherited ghost users around on modify operationJakub Hrozek2012-12-052-34/+637
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1652 It is possible to simply reset the list of ghost users to a different one during a modify operation. It is also actually how we update entries that are expired in the SSSD cache. In this case, we must be careful and retain the ghost users that are not native to the group we are processing but are rather inherited from child groups. The intention of the replace operation after all is to set the list of direct members of that group, not direct and indirect.
* MEMBEROF: Implement the modify operation for ghost usersJakub Hrozek2012-12-052-36/+715
| | | | | | | Similar to the add and delete operation, we also need to propagate the changes of the ghost user attribute to the parent groups so that if a nested group updates memberships, its parents also get the membership updated.
* MEMBEROF: Split the add ghost operation into a separate functionJakub Hrozek2012-12-051-17/+73
| | | | This new function will be reused by the modify operation later
* MEMBEROF: Split the del ghost attribute op into a reusable functionJakub Hrozek2012-12-051-12/+22
| | | | This new function is going to be reused by the modify operation
* MEMBEROF: split processing the member modify into a separate functionJakub Hrozek2012-12-051-47/+73
| | | | This will allow to process ghost users in a similar fashion
* MEMBEROF: Implement delete operation for ghost usersJakub Hrozek2012-12-052-7/+362
| | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1668 The memberof plugin did only expand the ghost users attribute to parents when adding a nested group, but didn't implement the reverse operation. This bug resulted in users being reported as group members even after the direct parent went away as the expanded ghost attributes were never removed from the parent entry. When a ghost entry is removed from a group, all its parent groups are expired from the cache by setting the expire timestamp to 1. Doing so would force the SSSD to re-read the group next time it is requested in order to make sure its members are really up-to-date.
* LDAP: Continue adjusting group membership even if there is nothing to addJakub Hrozek2012-12-051-2/+1
| | | | https://fedorahosted.org/sssd/ticket/1695
* Add memory barrier to mmap cache client code loopSimo Sorce2012-12-051-0/+3
| | | | Fixes https://fedorahosted.org/sssd/ticket/1694
* Always append rctx as private dataSimo Sorce2012-12-051-1/+1
| | | | This is used for the new calls back from the data provider.
* Add backchannel NSS provider query on initgr callsSimo Sorce2012-12-051-0/+165
| | | | | | | | | This is needed in order to assure the memcache is properly and promptly cleaned up if a user memberships change on login. The list of the current groups for the user is sourced before it is updated and sent to the NSS provider to verify if it has changed after the update call has been made.
* Hook for mmap cache update on initgroup callsSimo Sorce2012-12-054-0/+148
| | | | | This set of functions enumerate the user's groups and invalidate them all if the list does not matches what we get from the caller.
* Hook to perform a mmap cache update from sssd_nssSimo Sorce2012-12-054-0/+124
| | | | | This set of functions enumerate each user/group from all domains and invalidate any mmap cache record that matches.
* mmap cache: public functions to invalidate recordsSimo Sorce2012-12-052-0/+135
| | | | | | These functions can be called from the nss responder to invalidate records that have ceased to exist or that need to be refreshed the first time an application needs them.
* link sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy with -lpthreadTimo Aaltonen2012-12-041-0/+2
| | | | | | | | There used to be an overlinked dependency that's gone now, so to fix a build error add CLIENT_LIBS to sss_ssh_knownhostsproxy_LDFLAGS. v2: Fix sss_ssh_authorizedkeys linking as well.
* Use an entry type mask macro to filter entry typesSimo Sorce2012-12-045-5/+6
| | | | | Avoids hardcoding magic numbers everywhere and self documents why a mask is being applied.
* Streamline ipa_account_info handlerSimo Sorce2012-12-041-74/+55
| | | | | | | | | | In particular note that we merge ipa_account_info_netgroups_done() and ipa_account_info_users_done() into a single fucntion called ipa_account_info_done() that handles both cases We also remove the auxiliary function ipa_account_info_complete() that unnecessarily violates the tevent_req style and instead use a new function named ipa_account_info_error_text() to generate error text.
* Fix tevent_req style for get_netgroup in ipa_idSimo Sorce2012-12-041-80/+71
| | | | Also do not intermix two tevent_req sequences
* Fix ipa_subdomain_id names and tevent_req styleSimo Sorce2012-12-043-52/+36
|
* Fix tevent_req style for krb5_authSimo Sorce2012-12-044-371/+334
| | | | | | No functionality changes, just make the code respect the tevent_req style and naming conventions and enhance readability by adding some helper functions.
* do not crash when id_provider is not setPavel Březina2012-12-041-0/+6
| | | | https://fedorahosted.org/sssd/ticket/1686
* Missing parameter in DEBUG message.Michal Zidek2012-12-041-1/+2
|
generated by cgit (git 2.34.1) at 2024-09-28 01:23:49 +0000