| Commit message (Collapse) | Author | Age | Files | Lines | ||
|---|---|---|---|---|---|---|
| ... | ||||||
| * | Process all groups from a single nesting level | Jakub Hrozek | 2012-08-21 | 1 | -4/+14 | |
| | | | | | | | | | https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done. | |||||
| * | Fix compilation error in Python murmurhash bindings | Jakub Hrozek | 2012-08-16 | 2 | -4/+10 | |
| | | | | | | | The compilation produced an error due to missing declaration of uint32_t and a couple of warnings caused by different prototypes of argument parsing functions in older Python releases. | |||||
| * | Only create the SELinux login file if there are mappings on the server | Jakub Hrozek | 2012-08-16 | 2 | -51/+78 | |
| | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1455 In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers. The IPA default must be only used if there *are* rules on the server, but none matches. | |||||
| * | Do not try to remove the temp login file if already renamed | Jakub Hrozek | 2012-08-16 | 1 | -2/+3 | |
| | | | | | | | | | | write_selinux_string() would try to unlink the temporary file even after it was renamed. Failure to unlink the file would not be fatal, but would produce a confusing error message. Also don't use "0" for the default fd number, that's reserved for stdin. Using -1 is safer. | |||||
| * | Build SELinux code in responder conditionally | Jakub Hrozek | 2012-08-16 | 1 | -0/+7 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1480 | |||||
| * | Fix LOCAL domain lookups | Pavel Březina | 2012-08-15 | 1 | -19/+22 | |
| | | | | | | | https://fedorahosted.org/sssd/ticket/1436 Now subdomains are not evaluated for local domains. | |||||
| * | Add python bindings for murmurhash3 | Sumit Bose | 2012-08-15 | 2 | -0/+165 | |
| | | ||||||
| * | KRB5: Only return PAM error for unreachable kpasswd when performing chpass | Jakub Hrozek | 2012-08-15 | 1 | -2/+4 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1452 | |||||
| * | FO: Return EAGAIN if there are more servers to try | Jakub Hrozek | 2012-08-15 | 1 | -0/+9 | |
| | | | | | | The caller should issue a next request, which would just shortcut with ENOENT. | |||||
| * | FO: Don't retry the same server if it's not working | Jakub Hrozek | 2012-08-15 | 1 | -2/+3 | |
| | | ||||||
| * | Duplicate detection in fail over did not work. | Michal Zidek | 2012-08-15 | 9 | -15/+69 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1472 | |||||
| * | sss_client: Group lookups should work even when fastcache cannot be initialized | Jakub Hrozek | 2012-08-13 | 1 | -8/+2 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1415 | |||||
| * | Add autofs-related options to configAPI | Jakub Hrozek | 2012-08-13 | 2 | -1/+12 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1478 | |||||
| * | MAN: Improve description of ldap_*_search_base options | Stephen Gallagher | 2012-08-10 | 4 | -96/+63 | |
| | | | | | | It was ambiguous that these options supported the new multiple search base format, as well as the search filters. | |||||
| * | When ldap_group_nesting_level was reached, the LDAP provider tried to link ↵ | Michal Zidek | 2012-08-10 | 1 | -1/+45 | |
| | | | | | | | group members with groups outside nesting limit. https://fedorahosted.org/sssd/ticket/1194 | |||||
| * | Document entry_cache_autofs_timeout | Jakub Hrozek | 2012-08-10 | 1 | -0/+14 | |
| | | ||||||
| * | remove duplicate sss_obfuscate reference in seealso manpage section | Nick Guay | 2012-08-10 | 1 | -3/+0 | |
| | | ||||||
| * | MAN: Fix minor typo in ldap_search_base section | Stephen Gallagher | 2012-08-10 | 1 | -1/+1 | |
| | | ||||||
| * | Don't use server after SRV data collapsed | Jakub Hrozek | 2012-08-09 | 1 | -5/+8 | |
| | | ||||||
| * | SRV resolution for backup servers should not be permitted. | Michal Zidek | 2012-08-09 | 5 | -6/+37 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1463 | |||||
| * | Change default for ldap_idmap_range_min to 200000 | Jakub Hrozek | 2012-08-09 | 4 | -4/+4 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1462 | |||||
| * | Abort PAM access phase if HBAC does not return PAM_SUCCESS | Jakub Hrozek | 2012-08-09 | 1 | -0/+1 | |
| | | ||||||
| * | Backward GOTOs rewritten into do-while loops. | Ondrej Kos | 2012-08-09 | 2 | -245/+271 | |
| | | ||||||
| * | Change default value of ldap_sasl_string to host/hostname@REALM in man page. | Michal Zidek | 2012-08-09 | 1 | -1/+1 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1464 | |||||
| * | Replaced "id_max" & "id_min" | Ondrej Kos | 2012-08-08 | 1 | -4/+4 | |
| | | ||||||
| * | Allocate on top of a talloc context, not NULL | Jakub Hrozek | 2012-08-08 | 1 | -0/+3 | |
| | | ||||||
| * | Always mark SRV servers as primary | Jakub Hrozek | 2012-08-07 | 1 | -0/+1 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1459 | |||||
| * | Remove SYSDB_SUDO_CACHE_OC from attribute lists | Pavel Březina | 2012-08-07 | 2 | -2/+0 | |
| | | | | | It is not an attribute. | |||||
| * | Rename SYSDB_SUDO_CACHE_AT_OC to SYSDB_SUDO_CACHE_OC | Pavel Březina | 2012-08-07 | 5 | -8/+8 | |
| | | | | | | It does not contain name of the object class attribute but the value itself. I renamed it to avoid confusion. | |||||
| * | Remove redefinition of some SYSDB_* macros | Pavel Březina | 2012-08-07 | 1 | -10/+0 | |
| | | ||||||
| * | Subdomains: Send the DP reply in the correct format | Jakub Hrozek | 2012-08-07 | 1 | -14/+41 | |
| | | | | | | The DP was sending the reply in a format the responder did not expect, so the responder always failed to parse the message. | |||||
| * | monitor: set debug level when unable to load configuration | Pavel Březina | 2012-08-07 | 1 | -0/+6 | |
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/1345 When the monitor is unable to load configuration and non debug level is set (e.g. when sssd is started via 'service'), none message was saved into logs. This patch forces debug messages to be written in this scenario. | |||||
| * | Failover: Return last tried server if it's still being tried | Jakub Hrozek | 2012-08-07 | 1 | -2/+6 | |
| | | | | | | | | | | | | | | | | | | In the failover, we treat both KDC and LDAP on the IPA server as a single "port", numbered 0. This was done in order to make sure that the SSSD always talks to the same server for both LDAP and Kerberos. However, this clever hack breaks when the IPA provider needs to establish an GSSAPI encrypted LDAP connection because we're asking the fail over code to yield a server while no server has yet been marked as tried. This triggers a fail over for the KDC, so in effect, the TGT is received from second server. If the second server is not available for some reason, the whole provider goes offline. The fail over needs to detect that the server asked for is still being resolved and return the same pointer. | |||||
| * | Add end of line to debug message | Pavel Březina | 2012-08-07 | 1 | -2/+2 | |
| | | ||||||
| * | IPA: Securely set umask for mkstemp in subdomain provider | Stephen Gallagher | 2012-08-06 | 1 | -0/+3 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1457 | |||||
| * | SYSDB: Use ldb_msg_add_string for simple string additions | Jakub Hrozek | 2012-08-06 | 3 | -12/+12 | |
| | | ||||||
| * | IPA: Do not attempt to close the same file twice | Stephen Gallagher | 2012-08-06 | 1 | -1/+1 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1456 | |||||
| * | shadow attributes can contain -1 | Pavel Březina | 2012-08-06 | 1 | -1/+1 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1393 | |||||
| * | SYSDB: Check the return value | Jakub Hrozek | 2012-08-06 | 1 | -0/+1 | |
| | | ||||||
| * | Removed unused variable assignment | Ondrej Kos | 2012-08-06 | 1 | -2/+0 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1453 | |||||
| * | SSSDConfig: Fix nonfunctional SSSDDomain.remove_provider() | Stephen Gallagher | 2012-08-05 | 2 | -0/+10 | |
| | | | | | | | Also adds a regression test to the unit test suite. https://fedorahosted.org/sssd/ticket/1388 | |||||
| * | Fix various typos in documentation. | Yuri Chornoivan | 2012-08-03 | 4 | -5/+5 | |
| | | ||||||
| * | Don't call fo_set_{server,port}_status for SRV servers | Jakub Hrozek | 2012-08-03 | 1 | -2/+3 | |
| | | | | | This bug was producing harmless, but annoying error messages. | |||||
| * | Return value of fread in src/tools/sss_debuglevel.c no longer ignored. | Michal Zidek | 2012-08-03 | 1 | -1/+9 | |
| | | | | | https://fedorahosted.org/sssd/ticket/1426 | |||||
| * | Update translations for 1.9.0 beta 6 release | Jakub Hrozek | 2012-08-01 | 12 | -4172/+10100 | |
| | | ||||||
| * | Create a domain-realm mapping for krb5.conf to be included | Jakub Hrozek | 2012-08-01 | 1 | -0/+135 | |
| | | | | | | | | | When new subdomains are discovered, the SSSD creates a file that includes the domain-realm mappings. This file can in turn be included in the krb5.conf using the includedir directive, such as: includedir /var/lib/sss/pubconf/realm_mappings | |||||
| * | Add automatic periodic retrieval of subdomains | Simo Sorce | 2012-08-01 | 1 | -1/+44 | |
| | | ||||||
| * | Add online callback to enumerate subdomains | Simo Sorce | 2012-08-01 | 1 | -24/+49 | |
| | | ||||||
| * | Limit refreshes keeping track of last refresh time | Simo Sorce | 2012-08-01 | 1 | -26/+46 | |
| | | ||||||
| * | Change refreshing of subdomains | Simo Sorce | 2012-08-01 | 6 | -90/+185 | |
| | | | | | | | | | | This patch keeps a local copy of the subdomains in the ipa subdomains plugin context. This has 2 advantages: 1. allows to check if anything changed w/o always hitting the sysdb. 2. later will allows us to dump this information w/o having to retrieve it again. The timestamp also allows to avoid refreshing too often. | |||||
 |
index : sssd.git | |
| Experimental work on SSSD - Systen Security Services Daemon | Simo Sorce |
| summaryrefslogtreecommitdiffstats |