summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-06-17Ensure that all domains are checked for users/groupsStephen Gallagher1-3/+15
There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups)
2010-06-17Initialize len before looping to read the pidfileStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/544
2010-06-16Standardize on correct spelling of "principal" for krb5Stephen Gallagher5-11/+11
https://fedorahosted.org/sssd/ticket/542
2010-06-16Remove references to the DP service from the SSSDConfig API testsStephen Gallagher2-6/+0
2010-06-16Handle (ignore) unknown options in get_domain() and get_service()Stephen Gallagher3-10/+72
We will now eliminate any unknown options and providers to guarantee that the domain is safe for use.
2010-06-14Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher1-12/+13
https://fedorahosted.org/sssd/ticket/539
2010-06-14Print correct return codeJakub Hrozek1-1/+1
Fixes: #535
2010-06-14Check closedir call in find_uidJakub Hrozek1-4/+9
Fixes: #503
2010-06-14Potential memory leak in _nss_sss_*_r()Jakub Hrozek2-0/+5
Fixes: #516
2010-06-14Fix potential resource leak in copy_tree_ctx()Jakub Hrozek1-2/+10
Ticket #515
2010-06-14Remove the -g option from useraddJakub Hrozek2-70/+2
The local domain has the magic private groups option set unconditionally. Therefore, it does not make any sense to let user configure the primary GID. As a side-effect, this fixes #522.
2010-06-14Remove krb5_changepw_principal optionJakub Hrozek11-64/+26
Fixes: #531
2010-06-14get_uid_from_pid should use fstat rather than lstatJakub Hrozek1-11/+11
Fixes: #541
2010-06-14Add ldap_force_upper_case_realm to example AD configStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/532
2010-06-14Properly null-terminate socket pathStephen Gallagher1-2/+4
https://fedorahosted.org/sssd/ticket/540
2010-06-10Addressing initialization issues.Dmitri Pal1-6/+6
Fixing bug found by coverity. Tciket #519
2010-06-10Make sure to close varargs before returning from a functionStephen Gallagher2-3/+2
https://fedorahosted.org/sssd/ticket/528
2010-06-10Eliminate unused variable from pc_init_timeout()Stephen Gallagher1-4/+0
https://fedorahosted.org/sssd/ticket/525
2010-06-10Check return code of hash_delete in proxy_child_destructorStephen Gallagher1-1/+7
We can't do much about an error here, but we should be reporting it. https://fedorahosted.org/sssd/ticket/534
2010-06-10Properly check that the timeout event was created for cleanup/enumStephen Gallagher2-2/+46
We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
2010-06-10Check the correct variable for NULL after creating timerStephen Gallagher3-4/+4
In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
2010-06-10Don't leak directory access resources on errors in directory_list()Stephen Gallagher1-0/+8
https://fedorahosted.org/sssd/ticket/514
2010-06-10Properly handle missing originalMemberOf entry in initgroupsStephen Gallagher1-0/+1
Failing to return after the tevent_req_post() here can result in a null-pointer dereference (along with other hard-to-track bugs) https://fedorahosted.org/sssd/ticket/507
2010-06-10Avoid potential NULL dereferenceStephen Gallagher1-3/+5
https://fedorahosted.org/sssd/ticket/506
2010-06-10Fix misuse of errno in find_uid.cStephen Gallagher1-17/+26
2010-06-10Properly handle read() and write() throughout the SSSDStephen Gallagher9-42/+131
We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-06-09Add a missing free()Sumit Bose1-0/+1
2010-06-09Add a missing initializerSumit Bose1-1/+1
2010-06-09Add missing break to switch statementJakub Hrozek1-0/+1
Switch statement missing a break causes unintended implicit setting of 'm' options in sss_useradd. Fixes: #512
2010-06-09Allow ldap_access_filter values wrapped in parenthesesStephen Gallagher2-3/+21
2010-06-09Avoid a potential double-freeSumit Bose1-0/+1
2010-06-09Change default min_id to 1Stephen Gallagher4-9/+16
Also update manpage for min_id/max_id to be more clear about how it relates to primary GID.
2010-06-09Disable connection callbacks when going onlineStephen Gallagher3-0/+27
Under certain circumstances, the openldap libraries will continue internally trying to reconnect to a connection lost (as during a cable-pull test). We need to drop the reconnection callbacks when marking the backend offline in order to guarantee that they are not called with an invalid sdap_handle.
2010-06-09Fix Incorrect NULL check in get_server_common()Jakub Hrozek1-1/+1
Fixes: #518
2010-06-09Fix potential NULL dereference in fail_over.cJakub Hrozek1-2/+5
Fixes: #505
2010-06-09Fix realm_str dereferenceJakub Hrozek1-1/+1
Fixes: #508
2010-06-09Fix typo in Makefile.amStephen Gallagher1-1/+1
We weren't properly linking libsss_krb5.so against libkeyutils
2010-06-09Skip empty attributes with warningJakub Hrozek1-0/+4
Fixes: #488
2010-06-06Don't return uninitialized value in proxy providerJakub Hrozek1-1/+4
Fixes: #498
2010-06-06Fix broken build against older versions of OpenLDAPStephen Gallagher2-2/+12
OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
2010-06-06Initialize pam_data in Kerberos child.Sumit Bose1-1/+1
2010-06-06Man page fixesJakub Hrozek2-2/+6
Fixes: #496
2010-06-06Remove dead code from the PAM responderJakub Hrozek2-13/+0
2010-06-02Unify sdap and sysdb data handlingSumit Bose1-85/+104
2010-06-02Compare full service nameSumit Bose1-1/+2
2010-06-02Remove service groupsSumit Bose2-193/+7
Because the memberOf attribute is now set for the service objects we do not need to fetch the service groups separately anymore.
2010-06-02Use new schema for HBAC service checksSumit Bose2-21/+641
2010-06-02Use sysdb_attrs_get_string_array() instead of sysdb_attrs_get_el()Sumit Bose1-23/+12
sysdb_attrs_get_el() creates an empty element in the sysdb_attrs structure if the requested element does not exist. Recent versions of libldb do not accept empty elements when writing new objects to disk. sysdb_attrs_get_string_array() does not create an empty element but returns ENOENT.
2010-06-02Add sysdb_attrs_get_string_array()Sumit Bose2-0/+35
2010-06-02Fix typo in MakefileStephen Gallagher1-1/+1
Caused the kerberos provider to not use the kernel keyring