sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2011-05-20	Add a new option to override primary GID number	Jakub Hrozek	8	-2/+33
	https://fedorahosted.org/sssd/ticket/742
2011-05-20	Fixed copying of pam_data structure	Jan Zeleny	1	-0/+1
	Related ticket: https://fedorahosted.org/sssd/ticket/855
2011-05-20	Rename label in expand_ccname_template	Jakub Hrozek	1	-17/+17
	The label was named fail but used also in success cases.
2011-05-20	Remove append_attrs_to_array	Jakub Hrozek	2	-12/+0
	This function was not used anywhere
2011-05-20	IPA Provider: don't fail if user is not a member of any groups	Stephen Gallagher	1	-2/+5

2011-05-16	Fixed uninitialized value in sss_cache	Jan Zeleny	1	-0/+1
	https://fedorahosted.org/sssd/ticket/865
2011-05-16	Fixed unitialized pointer in select_principal_from_keytab	Jan Zeleny	1	-1/+1
	https://fedorahosted.org/sssd/ticket/857
2011-05-16	Fixed unitialized return value in match_principal	Jan Zeleny	1	-2/+1
	https://fedorahosted.org/sssd/ticket/858
2011-05-16	Possible memory leak fixed	Jan Zeleny	1	-1/+1

2011-05-16	Fixed wrong variable in sdap_initgr_nested_store	Jan Zeleny	1	-1/+1

2011-05-16	Fixed --debug-to-files for nss and pam services	Jan Zeleny	1	-4/+4
	This error caused that monitor didn't pass --debug-to-files option to nss and pam services when creating them.
2011-05-12	Set c-ares to retry nameservers	Jakub Hrozek	1	-1/+1
	https://fedorahosted.org/sssd/ticket/867
2011-05-12	Use a temporary memory context in expand_ccname_template	Jakub Hrozek	1	-20/+33

2011-05-06	Add support for openldap24 package on RHEL 5.7	Sumit Bose	3	-2/+32

2011-05-06	Allow changing the log level without restart	Stephen Gallagher	10	-17/+89
	We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2011-05-06	Create common sss_monitor_init()	Stephen Gallagher	4	-69/+55
	This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
2011-05-06	Remove unused constants from data_provider.h	Jakub Hrozek	1	-11/+0

2011-05-06	Do not leak netgroups hash table	Jakub Hrozek	1	-0/+12

2011-05-05	Added some kerberos functions for building on RHEL5	Jan Zeleny	4	-8/+192

2011-05-04	Include manpage for sss_cache	Stephen Gallagher	1	-0/+1

2011-05-04	Man page for sss_cache	Jan Zeleny	2	-1/+123

2011-05-04	Some minor fixes and changes in sysdb_ops	Jan Zeleny	1	-17/+40

2011-05-04	Cache cleaning tool	Jan Zeleny	3	-1/+370

2011-05-04	Add a function for searching netgroups with custom filter	Jan Zeleny	2	-0/+65

2011-05-04	Make sysdb_ctx_list public structure	Jan Zeleny	3	-8/+53
	Also create a routine to initialize it
2011-05-04	Fixed lastUSN checking improvements	Jan Zeleny	3	-5/+23
	This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
2011-05-04	Override config file debug_level with command-line	Stephen Gallagher	4	-22/+66
	This patch also makes the following changes: 1) The [sssd] debug_level setting no longer acts as a default for all other sections. 2) We will now skip passing the debug argument to the child processes from the master unless the SSSD was run with a command-line argument for the debug level. https://fedorahosted.org/sssd/ticket/764
2011-05-04	Do not leak LDAP URI with high log level	Jakub Hrozek	1	-2/+7

2011-05-04	Do not leak pcre context	Jakub Hrozek	1	-0/+12

2011-05-03	clients: use poll instead of select	Simo Sorce	1	-9/+6
	select is limited to fd numbers up to 1024, we need to use poll() here to avoid causing memory corruption in the calling process. Fixes: https://fedorahosted.org/sssd/ticket/861
2011-05-02	Fix minor typo in error message	Stephen Gallagher	1	-1/+1
	https://fedorahosted.org/sssd/ticket/825
2011-05-02	Return pam data to the renewal item if renewal fails	Sumit Bose	1	-4/+9
	A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running.
2011-04-29	Fix order of arguments in select_principal_from_keytab() call	Jakub Hrozek	1	-1/+1

2011-04-29	Fix bad password caching when using automatic TGT renewal	Stephen Gallagher	1	-3/+12
	Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
2011-04-29	Fix segfault in IPA provider	Stephen Gallagher	1	-2/+2
	We were trying to request the krb5 keytab from the auth provider configuration, but it hasn't yet been set up. Much better to use the value in the ID provider.
2011-04-28	Fix IPA config bug with SDAP_KRB5_REALM	Stephen Gallagher	1	-1/+1

2011-04-28	Do not leak LDAP paging controls	Jakub Hrozek	1	-0/+5

2011-04-27	Regular translation update	Stephen Gallagher	20	-1971/+2773

2011-04-27	Add "description" option to SSSDConfig API	Stephen Gallagher	2	-0/+3
	https://fedorahosted.org/sssd/ticket/850
2011-04-27	Add ldap_page_size configuration option	Stephen Gallagher	9	-5/+28

2011-04-27	Enable paging support for LDAP	Stephen Gallagher	1	-23/+117

2011-04-27	Log the LDAP message type we're processing	Stephen Gallagher	1	-0/+57

2011-04-27	simple provider: Don't treat primary GID lookup failures as fatal	Stephen Gallagher	1	-13/+19

2011-04-27	Disable libcrypto code	Jakub Hrozek	1	-9/+2

2011-04-27	Warn that some crypto features are implemented in NSS only	Jakub Hrozek	2	-0/+9

2011-04-27	Require openssl-devel is libcrypto backend is selected	Jakub Hrozek	4	-17/+52

2011-04-25	Modify principal selection for keytab authentication	Jan Zeleny	10	-30/+254
	Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-25	Case insensitive originalDN test	Jakub Hrozek	1	-0/+47

2011-04-25	Added originalDN to attributes with case-insensitive search	Jan Zeleny	2	-1/+106
	https://fedorahosted.org/sssd/ticket/808
2011-04-25	Configuration parsing updates	Jan Zeleny	6	-53/+19
	These changes are all related to following ticket: https://fedorahosted.org/sssd/ticket/763 Changes in SSSDConfig.py merge old and new domain record instead of just deleting the old and inserting the new one. The old approach let to loss of some information like comments and blank lines in the config file. Changes in API config were performed so our Python scripts (like sss_obfuscate) don't add extra config options to the config file.