sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-01-19	Add LDAP expire policy based on AD attributes	Sumit Bose	9	-4/+141
	The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17	Remove support for pre-1.1 netlink	Stephen Gallagher	4	-62/+28
	Netlink 1.0 and older is buggy and unreliable, occasionally causing tight-loops. We're no longer going to try to support it. https://fedorahosted.org/sssd/ticket/755
2011-01-17	Clarify nscd warning	Stephen Gallagher	1	-4/+5
	Removes the level-zero DEBUG message and modifies the syslog message to explain that NSCD is safe for maps that SSSD does not (yet) support.
2011-01-17	Do not force a default for debug_level	Stephen Gallagher	2	-4/+1

2011-01-17	Fix usability of sss_obfuscate command	Stephen Gallagher	2	-14/+23

2011-01-17	Update manpage translations for ldap_enumeration_search_timeout	Stephen Gallagher	3	-333/+391

2011-01-17	Add ldap_search_enumeration_timeout config option	Sumit Bose	9	-15/+38

2011-01-17	Add timeout parameter to sdap_get_generic_send()	Sumit Bose	10	-55/+111

2011-01-14	Regenerate manpage po[t] files	Stephen Gallagher	3	-2955/+5262
	Fixed several typos
2011-01-14	Fix manpage typos	Yuri Chornoivan	4	-9/+9

2011-01-14	Add uk translation for manpages	Yuri Chornoivan	2	-1/+4386

2011-01-14	Fix missing hash table bug	Stephen Gallagher	1	-0/+1
	When the automatic cleanup happened, if the netgroup had been created with no contents (to indicate an unknown netgroup), we weren't saving the hash table address and the talloc_free() was failing.
2011-01-14	Do not throw a DP error when a netgroup is not found	Stephen Gallagher	2	-6/+5
	https://fedorahosted.org/sssd/ticket/775
2011-01-14	Add missing sysdb transaction to group enumerations	Stephen Gallagher	1	-12/+45
	We were not enclosing group processing in a transaction, which was resulting in extremely high numbers of disk-writes. This patch adds a transaction around the sdap_process_group code to ensure that these actions take place within a transaction. This patch also adds a check around the missing member code for RFC2307bis so we don't go back to the LDAP server to look up entries that don't exist (since the enumeration first pass would already have guaranteed that we have all real users cached)
2011-01-14	Work around libldb bug	Stephen Gallagher	1	-2/+10
	Libldb performs non-indexed searches for ONELEVEL requests. We'll use SUBTREE instead to reduce the performance hit substantially
2011-01-11	Add overflow check to SAFEALIGN_COPY_*_CHECK macros	Sumit Bose	1	-3/+6

2011-01-11	Validate user supplied size of data items	Sumit Bose	3	-76/+94
	Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
2011-01-06	Add syslog messages to authorized service access check	Sumit Bose	1	-1/+31

2011-01-06	Add syslog message to shadow access check	Sumit Bose	1	-6/+14

2011-01-06	Convert obfuscated password once at startup	Sumit Bose	2	-14/+41

2011-01-06	Remove unused enumeration cache timeout checks	Sumit Bose	3	-33/+2
	The existence of the getent_ctx is used to track the enumeration cache timeout.
2011-01-06	Post enumeration tevent request if needed	Sumit Bose	2	-8/+43

2011-01-06	Return groups and users from all domains during enumeration	Sumit Bose	1	-3/+5

2011-01-05	Rename SRV_NOT_RESOLVED to SRV_RESOLVE_ERROR	Sumit Bose	1	-5/+5

2011-01-05	Use the right status when resetting service discovery	Sumit Bose	1	-1/+1

2011-01-05	Fix boolean comparison against string	Stephen Gallagher	1	-2/+2
	Coverity 10082 and 100083
2010-12-23	Remove unnecessary po4a BuildRequires	Stephen Gallagher	1	-1/+0

2010-12-23	Build and install translated man pages by default	Sumit Bose	3	-27/+31

2010-12-23	Updating uk translation	Yuri Chornoivan	1	-66/+46

2010-12-23	Updating pl translation	Piotr Drąg	1	-91/+45

2010-12-22	Bumping version to 1.5.1	Stephen Gallagher	1	-1/+1

2010-12-22	Committing new translation updates for release	Stephen Gallagher	14	-1841/+4260

2010-12-22	Update the ID cache for any PAM request	Stephen Gallagher	8	-8/+48
	Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-12-22	Ensure ID is checked in all domains for PAM	Stephen Gallagher	1	-0/+2
	Previously, this was initialized to zero, so the first domain in the list wouldn't be checked for ID updates in pam_check_user_search. This initializes the first domain to check the provider.
2010-12-22	Add Czech translation	Jakub Hrozek	4	-0/+8430
	Translated a couple of strings from manpages into Czech. Makes the manpage translation patch testable.
2010-12-22	Make manual pages translatable	Jakub Hrozek	6	-39/+198
	Utilizes PO4A to extract translatable strings from Docbook XML sources and allows translators to submit ordinary .PO files. PO4A then generates translated Docbook documents that can be used to generate translated end user documentation. https://fedorahosted.org/sssd/ticket/297
2010-12-21	Add authorizedService support	Stephen Gallagher	10	-3/+176
	https://fedorahosted.org/sssd/ticket/670
2010-12-21	Pass all PAM data to the LDAP access provider	Stephen Gallagher	1	-9/+12
	Previously we were only passing the username.
2010-12-21	Fix potential NULL-dereference in krb5_auth_done()	Sumit Bose	1	-3/+3
	https://fedorahosted.org/sssd/ticket/745
2010-12-21	Remove unused member of a struct	Sumit Bose	1	-1/+0

2010-12-21	Add all values of a multi-valued user attribute	Sumit Bose	1	-12/+15

2010-12-21	Update config API files	Sumit Bose	3	-7/+47
	Over the time a couple of new config options didn't made it into the config API files. This patch updates the files and removes some duplications.
2010-12-20	Serialize requests of the same user in the krb5 provider	Sumit Bose	5	-0/+241

2010-12-20	Fixes for automatic ticket renewal	Sumit Bose	4	-44/+100
	- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
2010-12-20	Introduce sss_hash_create_ex()	Sumit Bose	2	-6/+29

2010-12-20	Avoid multiple initializations in LDAP provider	Sumit Bose	1	-39/+30
	Currently in a domain where LDAP was used for id and auth the LDAP UIR was added multiple times to the failover code which may cause unwanted delays.
2010-12-20	Add sysdb_has_enumerated and sysdb_set_enumerated helper functions	Stephen Gallagher	3	-0/+192
	Includes a unit test
2010-12-17	Start first enumeration immediately	Stephen Gallagher	3	-3/+47
	Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
2010-12-17	Fix possible NULL-dereference in lookup_netgr_step()	Sumit Bose	1	-1/+1
	https://fedorahosted.org/sssd/ticket/735
2010-12-17	Fix unchecked return value in set_nonblocking	Stephen Gallagher	1	-10/+53
	Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713