summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-02-27SSH: Replace blocking getaddrinfo call in the responder with asynchronous ↵Jan Cholasta4-27/+59
resolver code
2012-02-27SSH: Use fchmod instead of chmod on known_hosts fileJan Cholasta1-8/+4
2012-02-27SSH: Add missing break statements to sss_ssh_format_pubkeyJan Cholasta1-0/+2
2012-02-27SSH: Add more debugging messagesJan Cholasta5-8/+38
2012-02-27SSH: Don't abort known_hosts update when host search failsJan Cholasta1-1/+1
2012-02-27AUTOFS: speed up the client by requesting multiple entries at onceJakub Hrozek3-78/+239
https://fedorahosted.org/sssd/ticket/1166
2012-02-27Eliminate build-time requirement for nscdStephen Gallagher3-12/+12
We will now use the autodetected location if available, or else fall back to a value provided by --with-nscd in configure and finally resort to a hard-coded default of /usr/sbin/nscd.
2012-02-26LDAP: Remove unnecessary filter sanitizeStephen Gallagher1-11/+5
The orig_dn here isn't being passed to a filter and therefore must not be santized, as the sanitization process would break DNs that contain (among other things) parentheses.
2012-02-26SSH: Manage global known_hosts file in the responderJan Cholasta3-78/+136
https://fedorahosted.org/sssd/ticket/1193
2012-02-26SSH: Continue connecting to SSH server even when SSSD is not running in ↵Jan Cholasta1-112/+85
sss_ssh_knownhostsproxy Additionally, don't drop the connection when the sss_ssh_knownhostsproxy process receives a signal. https://fedorahosted.org/sssd/ticket/1179 https://fedorahosted.org/sssd/ticket/1184
2012-02-26UTIL: Add function for atomic I/OJan Cholasta2-0/+44
2012-02-26SSH: Refactor responder and client common codeJan Cholasta7-170/+301
2012-02-26SSH: Save SSH host name aliasesJan Cholasta6-42/+120
2012-02-24Modifications to simplify list_missing_attrsJan Zeleny8-44/+21
2012-02-24Delete missing attributes from netgroups to be storedJan Zeleny6-4/+45
https://fedorahosted.org/sssd/ticket/1136
2012-02-24SELinux related attributes added to config APIJan Zeleny2-1/+11
2012-02-24IPA hosts refactoringJan Zeleny18-154/+156
2012-02-24LDAP: Only use paging control on requests for multiple entriesStephen Gallagher16-40/+100
The paging control can cause issues on servers that put limits on how many paging controls can be active at one time (on some servers, it is limited to one per connection). We need to reduce our usage so that we only activate the paging control when making a request that may return an arbitrary number of results. https://fedorahosted.org/sssd/ticket/1202 phase one
2012-02-23AUTOFS: Search all search bases for automounter map entriesJakub Hrozek1-18/+86
https://fedorahosted.org/sssd/ticket/1168
2012-02-23AUTOFS: Invoke implicit setautomntent if neededJakub Hrozek2-45/+156
https://fedorahosted.org/sssd/ticket/1167
2012-02-23libnl: fix the path to phy80211 subdirectoryJakub Hrozek1-4/+20
2012-02-23Move sudo_dom_ctx.user to local variablePavel Březina2-8/+8
2012-02-23Honor case_sensitive option in sudo responderPavel Březina4-21/+100
https://fedorahosted.org/sssd/ticket/1205
2012-02-23LDAP: Properly assign orig_dnStephen Gallagher1-0/+1
This was only used for properly identifying debug messages.
2012-02-23Save errno value before calling DEBUGJakub Hrozek1-2/+4
2012-02-23pam_sss: keep selinux optionalSimo Sorce3-4/+7
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2012-02-23nss_group: Cache the result from sssd when the glibc provided buffer is too ↵Simo Sorce1-8/+145
small.
2012-02-23IPA: Add ipa_parse_search_base()Stephen Gallagher3-19/+72
Previously, we were using sdap_parse_search_base() for setting up the search_base objects for use in IPA. However, this was generating unfriendly log messages about unknown search base types. This patch creates a new common_parse_search_base() routine that can be used with either LDAP or IPA providers. https://fedorahosted.org/sssd/ticket/1151
2012-02-22Add tool to convert debug levelsStephen Gallagher1-0/+100
Older versions of SSSD (1.5 and earlier) would take a debug_level value set in the [sssd] section as authoritative for all other sections where not explicitly overridden. We changed this so that all sections need to set it if they want debug logs set. This script can be run to make the new version continue to produce the same logs as the old versions did, by explicitly adding debug_level to all domains and services that did not have it set already. Bugzilla https://bugzilla.redhat.com/show_bug.cgi?id=753763
2012-02-21Don't give memory context in confdb where not neededJan Zeleny17-55/+75
2012-02-21remove unused functionJakub Hrozek1-20/+0
2012-02-21End request if ldap_parse_result failsJakub Hrozek1-0/+3
2012-02-18Include the fd_limit configuration optionJakub Hrozek1-0/+1
2012-02-17RESPONDERS: Make the fd_limit setting configurableStephen Gallagher7-4/+63
This code will now attempt first to see if it has privilege to set the value as specified, and if not it will fall back to the previous behavior. So on systems with the CAP_SYS_RESOURCE capability granted to SSSD, it will be able to ignore the limits.conf hard limit. https://fedorahosted.org/sssd/ticket/1197
2012-02-17RESPONDERS: Allow increasing the file-descriptor limitStephen Gallagher4-0/+48
This patch will increase the file descriptor limit to 8k or the limits.conf maximum, whichever is lesser. https://fedorahosted.org/sssd/ticket/1197
2012-02-17Fix case insensitive service lookupsJakub Hrozek1-6/+6
2012-02-17LDAP: Ignore group member users that do not have name attributesStephen Gallagher1-2/+2
Instead of failing the group lookup, just skip them. This was impacting some users of ActiveDirectory where not all users had the appropriate attributes. https://fedorahosted.org/sssd/ticket/1169
2012-02-17NSS: Always return the same protocol that was requestedStephen Gallagher2-9/+26
https://fedorahosted.org/sssd/ticket/1160
2012-02-17Redesign purging of the sudo cachePavel Březina3-94/+370
https://fedorahosted.org/sssd/ticket/1173
2012-02-15Fix missing %endif in sssd.spec.inStephen Gallagher1-0/+1
2012-02-15Always include all manpage XML files in the distribution tarballStephen Gallagher1-2/+3
2012-02-15Move sss_ssh_* binaries to the main 'sssd' packageStephen Gallagher1-6/+7
The sssd-client subpackage is multilib, so it cannot contain conflicting /usr/bin executables.
2012-02-14Refactor sss_result into sss_sudo_resultPavel Březina5-36/+38
https://fedorahosted.org/sssd/ticket/1159
2012-02-14SSH: Build man pages conditionallyJan Cholasta2-4/+6
https://fedorahosted.org/sssd/ticket/1175
2012-02-14Fix memory hierarchy when processing nested group membershipsJakub Hrozek4-11/+14
https://fedorahosted.org/sssd/ticket/1186
2012-02-14Ensure NULL-termination in get_uid_from_pid()Stephen Gallagher1-0/+3
Coverity #12399
2012-02-13Fix uninitialized value error in proxy providerStephen Gallagher1-1/+1
Coverity #12467
2012-02-13Check for failure in sss_packet_grow()Stephen Gallagher1-5/+5
Coverity #12489
2012-02-13Fix bad failure handling in be_sudo_handler()Stephen Gallagher1-13/+13
If the dbus_message_get_args() failed, we would have been dereferencing a NULL be_req. Coverity #12490
2012-02-13Fix uninitialized in_transactionStephen Gallagher2-2/+2
Coverity #12521 and #12491