summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-02-02Use ldap connection callbacks to get file descriptorsSumit Bose4-43/+121
2010-02-02Check cache_credentials in sysdb_cache_auth_send()Sumit Bose2-0/+14
2010-02-01COLLECTION: Fixing queue collection and unit tests.Dmitri Pal4-298/+478
This patch includes following functionality: 1) Fixed the invalid handling of the pointers in the collection when last element is removed from the collection. 2) Added unit test to verify the fix. 3) Modified the three unit test to be verbose on demand. 4) Switched the main of the unit test to use array of functions rather than big if statement.
2010-02-01Force offline operation with SIGUSR1Stephen Gallagher3-0/+69
If the monitor receives SIGUSR1, it will instruct all providers to enter offline operation. If any individual provider receives SIGUSR1, it alone will enter offline operation.
2010-02-01Improve logging of pam_sssSumit Bose1-9/+46
To avoid unnecessary messages in the log files of the system we only send log messages for PAM modules type which are explicitly handled by sssd. Furthermore only the authentication modules sends a log message when the operation was successful. All other modules only sends a message if an error occurs. This patch should fix bz556534.
2010-02-01Avoid 'PAM' at the beginning of define and enum namesSumit Bose7-69/+71
2010-02-01Rename PAM_USER_INFO to PAM_SYSTEM_INFOSumit Bose4-6/+6
2010-01-25Fix size error on 64-bit systemsStephen Gallagher1-1/+1
2010-01-22Handle IPv6 addresses with the async resolverStephen Gallagher4-13/+65
2010-01-22Fix release script to use version.m4Stephen Gallagher1-1/+1
2010-01-22Pointers to non 32 bit aligned data were being cast to uint32_t *George McCollister3-36/+49
uint32_t pointers must point to 32 bit aligned data on ARM. Instead of padding the data to force it into alignment I altered the code to memcpy the data to an aligned location. I'd appreciate any and all feedback especially on whether I took the best approach. pam_test_client auth and pam_test_client acct now work on my armeb-xscale-linux-gnueabi target. Signed-off-by: George McCollister <georgem@opteron.novatech-llc.com>
2010-01-22Fix async resolver integration with teventStephen Gallagher1-7/+19
We weren't properly setting read/write flags on the tevent fd events, so c-ares was unable to perform bidirectional communication for TCP DNS (in situations where the response is too large to send by UDP)
2010-01-21REFARRAY: New referenced array objectDmitri Pal9-2/+802
This object allows creation the arrays with the reference count. Usefull when there are many instances of some object have to reference dynamically allocated array which is common for all these instances. In case of ELAPI the event object keeps a referecne to the common array of the sinks in the fail over order. We decided that it will be a common object not specific only to ELAPI. All the review concerns related to this object have been addressed in this patch. It also has been moved to the common area.
2010-01-21INI: Added method to get string list with empty valuesDmitri Pal3-54/+117
The original implementation was compressing the list, throwing away empty strings. The function that did that was pretty brain damaging. I cleaned it up and adjusted so that it could return list with empty values and without them. The old function was turned into a wrapper and a new high level function was intorduced to provide ability to get both empty and non empty strings.
2010-01-21Add missing link for KerberosStephen Gallagher1-1/+2
2010-01-21Add 'prerelease-rpms' target to MakefileStephen Gallagher1-0/+8
This target is available only if building from a git checkout. It will automatically populate the PRERELEASE_VERSION in version.m4 with the current datestamp and git commit id for creating an RPM.
2010-01-21Add 'prerelease-srpms' target to MakefileStephen Gallagher2-0/+10
This target is available only if building from a git checkout. It will automatically populate the PRERELEASE_VERSION in version.m4 with the current datestamp and git commit id for creating an SRPM.
2010-01-21Use version.m4 for setting the SSSD versionStephen Gallagher7-14/+23
This is the preferred way of setting the version in a file, as autotools will properly monitor this file for changes and rerun autoconf/configure when necessary to update the version. This means that we don't need to manually perform an autoreconf in order to build a new RPM
2010-01-20Update the url in the spec filesSumit Bose2-2/+2
2010-01-20Split off libdhash into a shared libraryStephen Gallagher9-15/+94
Right now, the pkg-config checks for the system version of libdhash are forcibly disabled, requiring the SSSD to build it from its own tree. In the future, when we split the libraries off from the SSSD, it will be easy to switch this check to the external library.
2010-01-20License libdhash under the LGPLStephen Gallagher3-0/+844
2010-01-20Fix a double free bugSumit Bose1-3/+0
2010-01-20Fix timeout memory heirarchyStephen Gallagher1-2/+14
This fixes two issues: 1) Eliminates a double-free when a timeout occurs (we were freeing the running event context) 2) Ensures that we don't continue to schedule unnecessary timeout checks
2010-01-20Deleting nonexistent users or groups is not a noopJakub Hrozek2-4/+2
The manual pages for userdel and groupdel utilities incorrectly stated that deleting a nonexistent user or group is a noop. We changed that behavior, but forgot to sync the documentation.
2010-01-20document debug_timestampsJakub Hrozek2-0/+22
2010-01-20Add sysdb request to authenticate against a cached passwordSumit Bose8-217/+378
The code for authentication against a cached password is moved from the pam responder to a generic sysdb tevent request. The new code can be used by other components of sssd to verify passwords on their own. Tests for the sysdb_cache_password and sysdb_cache_auth request are added and some unneeded or unused code and variables are removed.
2010-01-20sss_groupshow - a utility to print properties of a local groupJakub Hrozek10-2/+454
This patch adds a utility called sss_groupshow that allows user to print properties of a group in the local domain. Fixes: #306
2010-01-14Resetting VERSION to 1.0.99Stephen Gallagher1-1/+1
This shouldn't be set to 1.1.0 until it's ready for release
2010-01-14Updating version to 1.1Stephen Gallagher1-1/+1
2010-01-14Update version to 1.0.2Stephen Gallagher1-1/+1
2010-01-14Copy-edit, mainly fixing typos and EnglishDavid O'Brien2-71/+68
Some reformatting to stay within 79 char line length. Better definition of server vs. machine usage in failover section.
2010-01-14Make sure callbacks never retry when ares channel is destroyedMartin Nagy1-4/+12
When the resolv context destructor is invoked, the callbacks for pending queries could have been called with ARES_EDESTRUCTION and try to re-send the query.
2010-01-14Don't recursively call ares_process_fd() from fd_event()Martin Nagy1-17/+0
Since ares_process_fd() might also cause fd_event() to be called again, calling ares_process_fd() is unwise. The bug will cause a crash if c-ares is using tcp connections. Fixes: #384
2010-01-14Make periodic checks for DNS timeoutsMartin Nagy1-1/+82
Since we only call c-ares to process input on FD when there is an activity on them, c-ares never gets a chance to react to a timed-out request. This caused SSSD to hang. Fixes: #381
2010-01-14Explicitly set async DNS timeoutStephen Gallagher5-6/+15
We will allow 5s per DNS server, no retries.
2010-01-12Fix #382, a segfault bug in the memberof plugin.Simo Sorce1-1/+1
2010-01-12Re-create c-ares channels if /etc/resolv.conf is modifiedMartin Nagy3-14/+95
Fixes: #378
2010-01-12Remove local and kerberos providers from the access_provider listStephen Gallagher3-6/+2
Update tests to reflect these removals.
2010-01-12Update SV translationPiotr Drąg1-3/+2
2010-01-11Releasing version 1.0.1Stephen Gallagher1-1/+1
2010-01-11Fix return value when offline and TGT is validSumit Bose1-1/+1
Fixes CVE-2010-0014
2010-01-05Update SV translationGöran Uddeborg1-3/+3
2010-01-05Update translations for masterStephen Gallagher11-413/+402
2010-01-05Don't free timer events within the handler.Simo Sorce1-16/+12
Tevent frees timer handlers once done, so freeing the timer within the event is going to cause double frees. Just attach the timer event to the request it depends on and make sure to steal it on NULL if we are going to free the request from within the handler.
2010-01-05Return an error for an unknown PAM requestSumit Bose4-12/+41
2009-12-21Allow debug_timestamps setting on a per-domain basisStephen Gallagher2-0/+3
This was missing from the SSSDConfig API, though it was supported by the daemon.
2009-12-18Release SSSD 1.0Stephen Gallagher1-1/+1
2009-12-18Fix broken password changes for local usersStephen Gallagher1-1/+6
2009-12-18Do not blindly accept zero-length passwordsStephen Gallagher2-8/+17
2009-12-18Fix ldap child memory hierarchy and other issuesSimo Sorce8-306/+482
The timeout handler was not a child of the request so it could fire even though the request was already freed. The code wouldn't use async writes to the children so it could incur in a short write with no way to detect or recover from it. Also fixed style of some helper functions to pass explicit paramters instead of a general structure. Add common code to do async writes to pipes. Fixed async write issue for the krb5_child as well. Fix also sdap_kinit_done(), a return statement was missing and we were mixing SDAP_AUTH and errno return codes in state->result Remove usless helper function that just replicates talloc_strndup()