summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-06-29sudo provider: remove old timerPavel Březina9-357/+0
2012-06-29sudo provider: add ldap_sudo_full_refresh_intervalPavel Březina5-0/+5
2012-06-29sudo backend - add support for on demand refresh of specific rulesPavel Březina1-7/+61
2012-06-29sudo backend - support only on demand full refreshPavel Březina1-28/+4
2012-06-29sudo ldap provider: add support for on demand refresh of specific rulesPavel Březina3-0/+11
2012-06-29sudo ldap provider: provide API for refresh of specific rulesPavel Březina1-0/+93
2012-06-29sudo ldap provider: add support for on demand full refreshPavel Březina2-16/+26
2012-06-29sudo ldap provider: provide API for full refreshPavel Březina2-1/+126
2012-06-29sysdb: add getter/setter for last sudo full refresh timePavel Březina2-0/+147
2012-06-29sudo ldap provider: add expiration time to each rulePavel Březina3-8/+30
2012-06-29sudo ldap provider: add domain info in sdap_sudo_refresh_statePavel Březina1-0/+2
2012-06-29sudo ldap provider: add sysdb ctx in sdap_sudo_refresh_statePavel Březina1-7/+7
2012-06-29confdb: add entry_cache_sudo_timeout optionPavel Březina5-0/+17
2012-06-29sudo ldap provider: give sdap_sudo_refresh_send() search and purge filtersPavel Březina4-278/+93
2012-06-29sudo ldap provider: move async routines to sdap_async_sudo.cPavel Březina3-675/+711
2012-06-29sudo responder: discard in-memory cachePavel Březina4-376/+0
2012-06-29libsss_sudo: bump version to 2:0:1Pavel Březina1-1/+1
2012-06-29sudo responder: change protocol version to 1Pavel Březina2-1/+10
2012-06-29sudo api: send uid, username and domainnamePavel Březina9-175/+260
https://fedorahosted.org/sssd/ticket/1239 Test client was changed accordingly. The new usage is: sss_sudo_cli username [uid] If uid is not set, getpwnam(username) is called. It will retrieve both default options and rules.
2012-06-29sudo sysdb: make sysdb_get_sudo_user_info more configurablePavel Březina1-25/+35
2012-06-29sudo responder: get rid of dctx where possiblePavel Březina3-93/+102
2012-06-29sudo responder: remove code duplication in commandsPavel Březina4-277/+283
2012-06-29sudo api: remove EOKPavel Březina2-13/+10
2012-06-26libcrypto fully implementedGeorge McCollister6-17/+489
Implemented working versions of the following functions for libcrypto: sss_base64_encode sss_base64_decode sss_hmac_sha1 sss_password_encrypt sss_password_decrypt test_encrypt_decrypt now expects EOK from libcrypto. test_hmac_sha1 now expects EOK from libcrypto. Added test_base64_encode to test base64 encoding implementation. Added test_base64_decode to test base64 decoding implementation. Signed-off-by: George McCollister <George.McCollister@gmail.com>
2012-06-25Bumping version to 1.9.0 beta 4Stephen Gallagher1-1/+1
2012-06-25Update translations for 1.9.0 beta 3 releaseStephen Gallagher29-11034/+14681
2012-06-25Set default for subdomain_homedirSumit Bose3-1/+6
2012-06-25BUILD: Change default unicode library to glib2Stephen Gallagher3-12/+6
This patch also removes the references to 'cvs' and 'nscd' from BUILD.txt, as they are no longer necessary.
2012-06-25Add man page section for the PAC responderSumit Bose2-1/+40
2012-06-25Build pac responder tests only if pac responder is buildSumit Bose1-2/+6
2012-06-25SELinux user maps: pick just one mapJan Zeleny1-12/+11
This patch modifies behavior of SSSD when putting together content of the file for pam_selinux. SSSD will now pick only the first user map in the priority list which matches to the user logging in. Other maps are ignored. https://fedorahosted.org/sssd/ticket/1360
2012-06-21Fix re_expression matching with subdomainsJan Zeleny4-85/+173
This patch fixes an issue which resulted in a need to initialize responder with data from local domain, otherwise it would not correctly detect requests for subdomains. Similar situation can occur if new subdomain is added at runtime. The solution is to ask for a list of subdomains in case there is a candidate domain identified in the process of matching re_expressions with given name.
2012-06-21UTILS: Fix segfault due to sss_parse_name_for_domainsStephen Gallagher1-7/+10
The recent fixes for per-domain parsing can cause a segfault in the netgroup processing if the domain isn't set to NULL when it's parsed as "any domain". https://fedorahosted.org/sssd/ticket/1383
2012-06-21Try to build PAC responder only if all dependencies are availableSumit Bose2-5/+18
2012-06-21Add range support to PAC responderSumit Bose3-45/+140
2012-06-21Add support for ID rangesSumit Bose11-10/+584
2012-06-21PAC client: add krb5 authdata pluginSumit Bose5-0/+503
2012-06-21PAC client: add basic support in common client codeSumit Bose2-0/+38
2012-06-21PAC responder: test suiteJan Zeleny2-1/+124
2012-06-21PAC responder: support in spec fileSumit Bose1-0/+7
2012-06-21PAC responder: add the core functionalitySumit Bose3-2/+475
This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution.
2012-06-21PAC responder: add some utility functionsJan Zeleny3-0/+550
2012-06-21PAC responder: add basic infrastructureSumit Bose8-1/+400
This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
2012-06-21Add close on exec support for old platformsSimo Sorce1-1/+16
Older platfroms like RHEL5 do not have support for O_CLOEXC and need an explicit fcntl after the fd is created. Add it conditionally so it can be clearly removed once we declared those platfroms obsolete and unsupported.
2012-06-21Do not leak file descriptors in client libs.Simo Sorce1-1/+1
We need to make sure the mc socket is not leaked otherwise child processes will pile up leaked file descriptors. Add O_CLOEXEC when opening the cache.
2012-06-20Move some debug lines to new debug log levelsStef Walter14-26/+26
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-06-20Fix possible segfault in sdap_save_group()Jan Zeleny1-2/+11
2012-06-18Make the client idle timeout configurableStephen Gallagher7-5/+40
2012-06-18Add support for terminating idle connectionsShantanu Goel2-2/+67
2012-06-18Do not send SIGPIPE on disconnectionShantanu Goel1-6/+21
Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it.