Age | Commit message (Collapse) | Author | Files | Lines |
|
This option is needed for the rare case where a poll() call during
ldap_sasl_interactive_bind_s() is interrupted by a signal.
LDAP_OPT_RESTART enables the handling of the EINTR error instead of
returning an error.
|
|
In an environment with slave KDCs and a central server where password
changes are allowed the request for a new TGT immediately after the
password change should be made against this server, because the slave
server might not know the new password.
To achieve this the Kerberos localtor plugin now returns the address of
the kpasswd server as master_kdc.
|
|
|
|
Fixes: #81
|
|
* Do not segfault on passing NULL path to get_{dir,base}name
* There is no way dirname can return "..", remove that code
* Buffer overflow in path_concat
* Expand . in get_basename
* Return NULL rather than crash in split_path on passing NULL path
* Be more defensive in directory_list
|
|
|
|
Display warnings about remaining grace logins and password
expiration to the user, when LDAP Password Policies are used.
Improved detection if LDAP Password policies are supported by
LDAP Server.
|
|
|
|
|
|
|
|
|
|
|
|
This commits cleans up 3 segfaults/valgrind errors due to access
to freed memory.
1. The spy wasn't clearing conn_spy causing the svc_destructor to try
to clear the spy destructor when the spy was already freed
2. get_config_service was not setting the svc_destrcutor on services
depending on the orderof frees at exit this was causing the spy
destructor to try to access freed memory because it was not
neutralized when the service was freed.
3. at exit the mt_ctx could be freed before services causing the
svc_destrcutor to try to access freed memory when removing the
service from the service list in the monitor context.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
- catch all errors of send() and recv(), not only EAGAIN
- check if send() or recv() return EWOULDBLOCK or EINTR
- remove unused parameter from client_send() and client_recv()
- fix a debugging message
|
|
Additional changes.
|
|
buf needs to be 32 bit aligned on ARM. Also made the fix on the server side.
Signed-off-by: George McCollister <George.McCollister@gmail.com>
|
|
|
|
This patch replaces int with int32_t,
unsigned with uint32_t, long with int64_t,
unsigned long with uint64_t as values
that collection can store and hold.
|
|
|
|
|
|
|
|
|
|
|
|
Since we don't keep the changelog up to date, it makes more sense
to simply truncate it to always report that it is an automated
build.
|
|
This patch brings our spec file into compliance with Fedora python
requirements.
See http://fedoraproject.org/wiki/Packaging/Python#Macros for more
details
|
|
dbus_connection_send_with_reply() will report success and return
a NULL pending_reply when the connection is not open for
communication. This patch creates a new wrapper around
dbus_connection_send_with_reply() to properly detect this
condition and report it as an error.
|
|
|
|
When changing an expired password (during e.g. login) the PAM module needs
to prompt for the old password even when running as root.
|
|
|
|
When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful
authentication in SSS_PAM_CHAUTHTOK_PRELIM.
|
|
When the user's password is expired it might also be indicated by
the bind operation returning "INVALID_CREDENTIALS" with the ppolicy
control's errorcode set to "PP_passwordExpired".
|
|
|
|
|
|
|
|
Fixes: #221
|
|
|
|
|
|
|
|
tests/common.c is now required by all tests (check-based and not),
so we need to properly ifdef it
|
|
|
|
As with krb5_ccname_template sequences like %u can be used in the
krb5_ccachedir parameter which are expanded at runtime. If the directory
does not exist, it will be created. Depending on the used sequences it
is created as a public or private directory.
|
|
With complex hierarchies it could happen that the group just deleted was
re-added by mistake to the list of groups a user is member of, causing the user
to have a stray memberof value in its entry.
|