Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-05-04 | If canon'ing principals, write ccache with updated default principal | Stef Walter | 2 | -3/+8 | |
* When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518 | |||||
2012-05-04 | SSSDConfigAPI: Fix missing option in tests | Stephen Gallagher | 1 | -0/+2 | |
2012-05-04 | Modify behavior of pam_pwd_expiration_warning | Jan Zeleny | 9 | -52/+119 | |
New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider. | |||||
2012-05-04 | Fix endian issue in SID conversion | Sumit Bose | 3 | -10/+18 | |
Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID. | |||||
2012-05-03 | LDAP: Add support for enumeration of ID-mapped users and groups | Stephen Gallagher | 1 | -31/+102 | |
2012-05-03 | MAN: Add manpage for ID mapping | Stephen Gallagher | 3 | -0/+214 | |
2012-05-03 | LDAP: Treat groups with unmappable SIDs as non-POSIX groups | Stephen Gallagher | 1 | -9/+12 | |
2012-05-03 | LDAP: Add helper function to map IDs | Stephen Gallagher | 5 | -119/+81 | |
This function will also auto-create a new ID map if the domain has not been seen previously. | |||||
2012-05-03 | LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped ↵ | Stephen Gallagher | 2 | -0/+16 | |
entries | |||||
2012-05-03 | LDAP: Add helper routine to convert LDAP blob to SID string | Stephen Gallagher | 5 | -68/+195 | |
2012-05-03 | LDAP: Map the user's primaryGroupID | Stephen Gallagher | 8 | -12/+73 | |
2012-05-03 | LDAP: Enable looking up id-mapped groups by GID | Stephen Gallagher | 1 | -2/+45 | |
2012-05-03 | LDAP: Allow looking up ID-mapped groups by name | Stephen Gallagher | 2 | -29/+125 | |
2012-05-03 | LDAP: Enable looking up id-mapped users by UID | Stephen Gallagher | 1 | -6/+43 | |
2012-05-03 | LDAP: Allow automatically-provisioning a domain and range | Stephen Gallagher | 1 | -3/+43 | |
If we get a user who is a member of a domain we haven't seen before, add a domain entry (auto-assigning its slice). Since we don't know the domain's real name, we'll just save the domain SID string as the name as well. | |||||
2012-05-03 | LDAP: Add routine to extract domain SID from an object SID | Stephen Gallagher | 4 | -2/+52 | |
Also makes the domain prefix macros from sss_idmap public. | |||||
2012-05-03 | LDAP: Allow setting a default domain for id-mapping slice 0 | Stephen Gallagher | 7 | -0/+48 | |
2012-05-03 | LDAP: Add autorid compatibility mode | Stephen Gallagher | 7 | -8/+20 | |
2012-05-03 | LDAP: Enable looking up ID-mapped users by name | Stephen Gallagher | 3 | -9/+56 | |
2012-05-03 | LDAP: Initialize ID mapping when configured | Stephen Gallagher | 2 | -0/+10 | |
2012-05-03 | LDAP: Add ID mapping range settings | Stephen Gallagher | 6 | -0/+19 | |
2012-05-03 | LDAP: Add helper routines for ID-mapping | Stephen Gallagher | 3 | -2/+340 | |
2012-05-03 | SYSDB: Add sysdb routines for ID-mapping | Stephen Gallagher | 3 | -0/+347 | |
2012-05-03 | LDAP: Add id-mapping option | Stephen Gallagher | 6 | -0/+6 | |
2012-05-03 | LDAP: Add objectSID config option | Stephen Gallagher | 8 | -0/+47 | |
2012-05-03 | Read sysdb attribute name, not LDAP attribute map name | Jakub Hrozek | 1 | -2/+2 | |
https://fedorahosted.org/sssd/ticket/1320 | |||||
2012-05-03 | SSH: Add dp_get_host_send to common responder code | Jakub Hrozek | 9 | -52/+211 | |
Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176 | |||||
2012-05-03 | Rename split_service_name_filter | Jakub Hrozek | 1 | -16/+16 | |
The function was used outside services code which was confusing due to its name. This patch renames it to sound more netrual. | |||||
2012-05-03 | Fix typo in spec file | Sumit Bose | 1 | -1/+1 | |
2012-05-03 | SYSDB: Handle upgrade script failures better | Stephen Gallagher | 1 | -4/+13 | |
There was a bug in finish_upgrade() where it would return EOK if it succeeded in canceling the transaction due to an error. We should instead be returning the original error. | |||||
2012-05-03 | AUTOFS: remove unused assignments | Jakub Hrozek | 2 | -5/+9 | |
Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails. | |||||
2012-05-03 | IPA: Check return values | Jakub Hrozek | 2 | -2/+12 | |
2012-05-03 | PROXY: return correct return codes | Jakub Hrozek | 1 | -7/+9 | |
We were reporting on the value of "status" instead of "ret'. We also didn't set ret to EOK in cases group contained no members. | |||||
2012-05-03 | SSS_DEBUGLEVEL: silence analyzer warnings | Jakub Hrozek | 1 | -2/+3 | |
Errno was returned instead of ret. The other hunk removes return code from fread - it is not needed, the NULL termination of the string is ensured by initializing the buffer. | |||||
2012-05-02 | NSS: fix returning group from cache | Jakub Hrozek | 1 | -1/+1 | |
2012-05-02 | Handle endianness issues on older systems | Stephen Gallagher | 1 | -0/+17 | |
Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc. | |||||
2012-05-02 | DP: return correct error message when subdomains back end target is not ↵ | Jakub Hrozek | 1 | -1/+1 | |
configured The done handler uses the value of status, not ret. | |||||
2012-05-02 | HBAC: Prevent NULL dereference in hbac_evaluate | Jakub Hrozek | 1 | -2/+4 | |
'info' is optional parameter and can be set to NULL | |||||
2012-05-02 | ipa_get_config_send: remove unused assignment | Jakub Hrozek | 1 | -1/+0 | |
2012-05-02 | IPA netgroups: return EOK when there are no netgroups to process | Jakub Hrozek | 1 | -0/+1 | |
If the code fell through the loop, ret would have been random value. | |||||
2012-05-02 | NSS: Check return code of sss_mmap_cache_gr_store | Jakub Hrozek | 1 | -0/+5 | |
2012-05-02 | PAM_SSS: report error code if write fails | Jakub Hrozek | 1 | -2/+2 | |
clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message. | |||||
2012-05-02 | PYHBAC: Return NULL on failure | Jakub Hrozek | 1 | -0/+1 | |
The error handler would simply fall through instead of returning NULL. | |||||
2012-05-02 | RESPONDER: check return value from confdb_get_int | Jakub Hrozek | 1 | -0/+7 | |
sss_process_init forgot to check return value of confdb_get_int | |||||
2012-05-02 | LDAP: check return value of sysdb_attrs_get_el | Jakub Hrozek | 1 | -0/+7 | |
2012-05-02 | SERVER: use the correct return code of sss_atomic_write_s | Jakub Hrozek | 1 | -1/+1 | |
2012-05-02 | SSH: return NULL on error in ssh_host_pubkeys_format_known_host_plain | Jakub Hrozek | 1 | -1/+2 | |
The 'result' pointer must be initialized tin order to always return a defined value. | |||||
2012-05-02 | SYSDB: check return value | Jakub Hrozek | 1 | -2/+2 | |
In addition to testing the number of elements, also check the return value of sysdb_attrs_get_el. | |||||
2012-05-02 | SYSDB: return EOK if empty message is passed into get_rm_msg | Jakub Hrozek | 1 | -0/+1 | |
If the code never entered the loop in get_rm_message, we would return arbitrary return value. | |||||
2012-05-02 | SUDO: Return ret, not EOK | Jakub Hrozek | 1 | -1/+1 | |
This patch fixes bad refactoring - the function used to return value directly on error and EOK as the last statement. If was then converted into using goto label, but the last statement was still returning EOK instead of the value it should. |