summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-07-12Add newline to DEBUG messagesJakub Hrozek1-2/+2
2012-07-10Fix typo: exhasution->exhaustion.Yuri Chornoivan1-1/+1
2012-07-10Bumping version to 1.9.0 beta 5Jakub Hrozek1-1/+1
2012-07-10Update translations for 1.9.0 beta 4 releaseJakub Hrozek32-9370/+15153
2012-07-10Cast uid_t to unsigned long long in DEBUG messagesJakub Hrozek4-10/+11
2012-07-10Print based on pointer contents not addressJakub Hrozek1-1/+3
2012-07-10Fix segfault when using local providerStephen Gallagher1-6/+5
The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412
2012-07-10pac responder: limit access by checking UIDsSumit Bose10-11/+394
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382
2012-07-10Remove dead code in ipa_subdomains_handler_done()Sumit Bose1-1/+1
Fixes https://fedorahosted.org/sssd/ticket/1410
2012-07-10Remove resource leak in sssdpac_import_authdataSumit Bose1-3/+1
Fixes https://fedorahosted.org/sssd/ticket/1409
2012-07-09Fix incorrect error-checkStephen Gallagher1-1/+1
Coverity #12770
2012-07-09Check for errors from krb5_unparse_nameStephen Gallagher1-1/+8
Coverity #12781
2012-07-09Add missing return value checkStephen Gallagher1-1/+1
Coverity #12782
2012-07-09Avoid NULL-dereference in error-handlingStephen Gallagher1-1/+3
Coverity #12783
2012-07-09Fix uninitialized memcpy errorStephen Gallagher1-0/+2
Coverity #12784
2012-07-09Fix uninitialized value returnStephen Gallagher1-1/+1
Coverity #12786
2012-07-09Fix potential NULL-dereferenceStephen Gallagher1-1/+3
Coverity #12797
2012-07-09Fix incorrect return value in testsStephen Gallagher1-0/+2
Coverity #12798
2012-07-09Fix potential NULL-dereferenceStephen Gallagher1-1/+2
Coverity #12800
2012-07-09Fix potential NULL-dereferenceStephen Gallagher1-1/+3
Coverity #12801
2012-07-09Fix uninitialized variableStephen Gallagher1-0/+1
Coverity #12802
2012-07-09Fix use-after-freeStephen Gallagher1-0/+1
Coverity #12803
2012-07-09heimdal: use sss_krb5_princ_realm to access realmRambaldi1-4/+11
2012-07-09heimdal: fix compile error in krb5-child-testRambaldi2-0/+5
2012-07-06Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8Stef Walter4-187/+0
* This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate.
2012-07-06AD: Force case-insensitive operation in AD providerStephen Gallagher1-0/+18
2012-07-06CONFDB: Add the ability to set a boolean value in the confdbStephen Gallagher2-0/+80
2012-07-06AD: Add manpages and SSSDConfig entriesStephen Gallagher9-2/+290
2012-07-06AD: use krb5_keytab for validation and GSSAPIStephen Gallagher3-3/+12
This simplifies configuration by eliminating the need to specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is not located at /etc/krb5.keytab
2012-07-06AD: Add AD provider to the spec fileStephen Gallagher1-0/+1
2012-07-06AD: Add AD access-control providerStephen Gallagher5-1/+190
This patch adds support for checking whether a user is expired or disabled in AD.
2012-07-06AD: Add AD auth and chpass providersStephen Gallagher4-1/+159
These new providers take advantage of existing code for the KRB5 provider, providing sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-07-06AD: Add AD identity providerStephen Gallagher8-0/+1316
This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server.
2012-07-06LDAP: Rename user and group maps for ADStephen Gallagher2-4/+4
This will eliminate ambiguity for the AD provider
2012-07-06KRB5: Create a common init routine for krb5_child optionsStephen Gallagher5-99/+138
This will reduce code duplication between the krb5, ipa and ad providers
2012-07-06KRB5: Drop memctx parameter of krb5_try_kdcipStephen Gallagher4-15/+17
This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels.
2012-07-06KRB5_LOCATOR: Print the filename that couldn't be openedStephen Gallagher1-1/+2
2012-07-06KRB5: Some logging enhancements for krb5_childStephen Gallagher1-6/+13
2012-07-06MAN: Unify "SEE ALSO" sectionsStephen Gallagher22-331/+111
2012-07-06Set file descriptor limits in pac responderSumit Bose1-0/+15
2012-07-06Fix SSSDConfigTest for separate build directoriesSumit Bose1-8/+9
2012-07-06Fix crash when interface doesn't have an addressStef Walter1-0/+3
* This is similar to the code in ipa_dyndns_update_send()
2012-07-02LDAP: Print extended failure message for SASL bindStephen Gallagher1-2/+14
2012-07-02IPA: Don't hang onto memory longer than necessaryStephen Gallagher1-0/+1
This request and attached memory would be freed at the end of access-check processing, but it's a waste to keep it around.
2012-06-30Fix segfault when sudo is not configured.Simo Sorce1-1/+2
Sudo support is optional, when it is not configured sudorules_map is not initialized and dereferencing it will cause a segmentation fault.
2012-06-29KRB5: Initialize the credential cache type properlyStephen Gallagher1-0/+11
We weren't guaranteeing that the cctype-specific callbacks were initialized before using them. This bug only presented itself for users who were logging in without a ccacheFile attribute in the LDB (for example, first-time logins).
2012-06-29DEBUG: Log to syslog if we are unable to open a debug fdStephen Gallagher1-0/+5
2012-06-29TESTS: Print messages when LDAP options do not matchStephen Gallagher1-2/+10
2012-06-29sudo: manpage updatedPavel Březina2-34/+131
Removes old options and adds new ones.
2012-06-29sudo ldap provider: support autoconfiguration of IP addressesPavel Březina1-1/+179
sudoHost attribute may contain IPv4 or IPv6 host/network address. This patch adds support for autoconfiguration of these information.