summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-09-02Add option to specify the kerberos replay cache dirStephen Gallagher10-0/+77
Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
2011-08-29HBAC: Properly skip all non-group memberOf entriesStephen Gallagher1-1/+2
2011-08-29Fix moving to next entry in deref codeJakub Hrozek1-1/+6
https://fedorahosted.org/sssd/ticket/973
2011-08-26HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher1-4/+4
We were trying to look up the wrong attribute for the name of the hostgroup.
2011-08-26HBAC: Handle saving groups that have no membersStephen Gallagher1-7/+21
2011-08-26Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek1-3/+55
https://fedorahosted.org/sssd/ticket/970
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek8-3/+33
https://fedorahosted.org/sssd/ticket/978
2011-08-25--debug-timestamps=1 is not passed to providersPavel Březina3-55/+77
https://fedorahosted.org/sssd/ticket/972 --debug-timestamps=1 is now passed to providers
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina30-49/+99
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - unit testsPavel Březina2-0/+753
https://fedorahosted.org/sssd/ticket/925
2011-08-25New DEBUG facility - man pagesPavel Březina3-17/+62
https://fedorahosted.org/sssd/ticket/925 Modified sssd and sssd.conf man pages to reflect new levels. Added new man include: include/debug_levels.xml
2011-08-25New DEBUG facility - conversionPavel Březina40-61/+62
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-25New DEBUG facility - modified DEBUGPavel Březina1-6/+41
https://fedorahosted.org/sssd/ticket/925 Modified: DEBUG() macro to work with new levels There are several new macros in util/util.h: - DEBUG_MSG(level, function, message) which will format the debug message like "(time) [prg_name] [function] (level): message\n" - DEBUG_IS_SET(level) that you should use to check if the level is allowed to be logged You can use it like: if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {...}
2011-08-25New DEBUG facility - new levelsPavel Březina2-2/+89
https://fedorahosted.org/sssd/ticket/925 Added functions: - debug_convert_old_level() to convert levels 0-9 to appropriate bitmask debug_convert_old_level(5) returns 0x03F0 (= 0 | 1 | 2 | 3 | 4 | 5) - debug_get_level() to convert old level number to its new value debug_get_level(5) returns 0x0200 (= 5) There are several new macros in util/util.h: - SSSDBG_* to reflect a debug level (same names as in the ticket) - please, don't use magic numbers anymore
2011-08-25Improve password policy error code and messageSumit Bose1-4/+9
Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
2011-08-25Return the first value of name if the multivalued name attribute does not ↵Jakub Hrozek1-3/+4
match RDN https://fedorahosted.org/sssd/ticket/926
2011-08-25IPA dyndns: do not segfault if the server cannot be resolvedJakub Hrozek1-4/+2
https://fedorahosted.org/sssd/ticket/963
2011-08-15Handle timeout during sss_ldap_init_sendJakub Hrozek3-3/+41
In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-15Do not delete requests inside hash_iterate loopJakub Hrozek1-10/+12
2011-08-15Handle errno properly in set_debug_file_from_fd()Jakub Hrozek1-2/+5
2011-08-15Moved some functions in sdap_async_initgroupsJan Zeleny1-345/+349
2011-08-15Moved some functions in sdap_async_groupsJan Zeleny1-122/+112
2011-08-15Confusing part of code cleared outJan Zeleny1-34/+32
2011-08-15sdap_async_accounts.c splitJan Zeleny5-2516/+2594
The file has been split in three: sdap_async_users.c sdap_async_groups.c sdap_async_initgroups.c https://fedorahosted.org/sssd/ticket/864
2011-08-15Remaining memory context variables renamedJan Zeleny2-75/+75
memctx to mem_ctx tmpctx to tmp_ctx
2011-08-15sysdb refactoring: memory context deletedJan Zeleny20-455/+429
This patch deletes memory context parameter in those places in sysdb where it is not necessary. The code using modified functions has been updated. Tests updated as well.
2011-08-15sysdb refactoring: deleted domain variables in sysdb APIJan Zeleny42-538/+254
The patch also updates code using modified functions. Tests have also been adjusted.
2011-08-15Added sysdb_ctx_get_domain functionJan Zeleny2-0/+7
2011-08-15sysdb refactoring: renamed ctx variable to sysdbJan Zeleny4-348/+348
2011-08-11Use sysdb attribute name for GID, not LDAP attributeStephen Gallagher1-3/+3
2011-08-11Allow the O_NONBLOCK flag to be reset correctlyRalf Haferkamp1-14/+0
sssd set the O_NONBLOCK flag on the LDAP socket twice. First in set_fd_flags_and_opts(). And the second time in sdap_async_sys_connect_send() after storing a backup in the local state structure. The backup is later used to restore the original flags (after connect() succeeded). As NONBLOCK was already set before it didn't correctly reset that flag. https://fedorahosted.org/sssd/ticket/952
2011-08-11Fix broken RHEL5 buildStephen Gallagher1-0/+1
RPM in RHEL 5 requires %ghost entries to be present in the build root.
2011-08-10Fix potential double-free issueStephen Gallagher1-1/+1
tmp_ctx is a child of ctx.
2011-08-10Cancel sysdb upgrade transaction if commit failsStephen Gallagher1-60/+30
2011-08-10Remove private shared object Provides: for pysss.so and pyhbac.soStephen Gallagher1-0/+6
2011-08-10Include the configuration file as a %ghost entryStephen Gallagher1-0/+1
The recent change to cease installing the sample configuration file caused existing config files to be removed on upgrade. This will prevent that from happening.
2011-08-08Remove unused temporary contextJakub Hrozek1-5/+0
2011-08-08Prevent segfault if vetoed_shells are specified without allowed_shellsJakub Hrozek1-16/+19
https://fedorahosted.org/sssd/ticket/954
2011-08-08Fixed implicit declaration of function 'time' in src/sss_client/common.c.Pavel Březina1-0/+1
2011-08-08debug_timestamps fixesPavel Březina4-14/+24
Fixed: could not overwrite debug_timestamps when set in sssd.conf Fixed: invalid description of debug_timestamps in sssd man page
2011-08-08Rename sssd.conf to sssd-example.confStephen Gallagher3-6/+5
This file should not be installed by default. It leads to user confusion. We will instead install it as documentation. Fix incorrect example of entry_cache_nowait_percentage
2011-08-04Revert "Allow LDAP to decide when an expiration warning is warranted"Stephen Gallagher1-4/+3
This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6.
2011-08-04Fix returning groups when gidNumber attribute is not orderedJakub Hrozek3-4/+10
https://fedorahosted.org/sssd/ticket/951
2011-08-04pyhbac: Do not convert int to boolJakub Hrozek1-2/+11
2011-08-03Fix two man page typosYuri Chornoivan2-2/+2
2011-08-02Bumping version to 1.7.0Stephen Gallagher1-1/+1
2011-08-02Updating translations for 1.6.0 releaseStephen Gallagher20-4822/+7254
2011-08-01Allow LDAP to decide when an expiration warning is warrantedStephen Gallagher1-3/+4
Previously, we were only displaying expiration warnings if the password was going to expire within a day. We'll allow LDAP to make this decision (by whether it passes us the expiration time). In the future, we can add an option to clamp this down to a shorter period if the local admin prefers it.
2011-08-01Request password control unconditionally during bindJakub Hrozek1-6/+6
https://fedorahosted.org/sssd/ticket/940
2011-08-01HBAC rule validation Python bindingsJakub Hrozek2-0/+129
https://fedorahosted.org/sssd/ticket/943