summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-09-28HBAC: fix typos preventing proper hostgroup evaluationStephen Gallagher1-3/+3
2011-09-28Fixed bad logic in processing netgroups in LDAP providerJan Zeleny1-1/+3
2011-09-28IPA access: hostname comparison should be case-insensitiveJakub Hrozek1-1/+1
2011-09-28Unbreak ./configureMarko Myllynen1-1/+1
./configure at least from 1.5.13 is failing on Ubuntu Oneiric. The node ``Conditionals'' of automake manual states: Note that you must arrange for _every_ `AM_CONDITIONAL' to be invoked every time `configure' is run. If `AM_CONDITIONAL' is run conditionally (e.g., in a shell `if' statement), then the result will confuse `automake'. So the trick is to run AM_CONDITIONAL unconditionally.
2011-09-28Multiline macro cleanupJakub Hrozek18-22/+24
This is mostly a cosmetic patch. The purpose of wrapping a multi-line macro in a do { } while(0) is to make the macro usable as a regular statement, not a compound statement. When the while(0) is terminated with a semicolon, the do { } while(0); block becomes a compound statement again.
2011-09-21Enable the midpoint cache update by defaultStephen Gallagher2-2/+2
https://fedorahosted.org/sssd/ticket/918
2011-09-20Added quiet option to pam_sssPavel Březina2-5/+36
https://fedorahosted.org/sssd/ticket/894
2011-09-20Fix wrong buffer size in has_phy_80211_subdir()Jakub Hrozek1-2/+3
https://fedorahosted.org/sssd/ticket/1002
2011-09-20Fix uninitialized pointer read in sdap_gssapi_get_default_realm()Jakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1003
2011-09-20Add missing options to sssd.api.confMarko Myllynen3-3/+26
2011-09-20MAN: Add more information about internal credential storageStephen Gallagher2-1/+8
2011-09-15Fix typo in specfileStephen Gallagher1-2/+2
2011-09-15Do not build documentation on RHEL 5Stephen Gallagher1-1/+17
RHEL 5 has a very old version of doxygen that does not search the correct locations for documentation.
2011-09-15MONITOR: Correctly detect lack of response from servicesStephen Gallagher1-21/+26
We were incorrectly using DBUS_ERROR_TIMEOUT here. The correct behaviour is to check for DBUS_ERROR_NO_REPLY. This way we will properly handle the three-tries in the tasks_check_handler(). Additionally, we weren't properly handling failure counts correctly, meaning we weren't restarting stuck services in a timely manner.
2011-09-08DEBUG timestamps offer higher precision - SSSDConfig updatedPavel Březina3-0/+3
https://fedorahosted.org/sssd/ticket/956
2011-09-08DEBUG timestamps offer higher precision - unit tests updatedPavel Březina1-14/+215
https://fedorahosted.org/sssd/ticket/956
2011-09-08DEBUG timestamps offer higher precision - man page updatedPavel Březina2-0/+27
https://fedorahosted.org/sssd/ticket/956
2011-09-08DEBUG timestamps offer higher precisionPavel Březina9-21/+116
https://fedorahosted.org/sssd/ticket/956 Added: --debug-microseconds=0/1 Added: debug_microseconds to sssd.conf
2011-09-08Add libipa_hbac documentation to the -devel packageStephen Gallagher1-1/+5
2011-09-08Improve documentation of libipa_hbacStephen Gallagher4-22/+1699
2011-09-07Do not access memory out of boundsSumit Bose1-2/+2
2011-09-06Keep deref controls until the whole request is finishedJakub Hrozek1-8/+45
https://fedorahosted.org/sssd/ticket/989 John Hodrien found out that when paging is used while dereferencing an entry, sssd_be may segfault on the second page. This was because paging returned the control to sdap_generic_search multiple times but sssd was freeing dereference control after the first search invocation. The subsequend sdap searched accessed memory that was already freed.
2011-09-06Improve error message for LDAP password constraint violationJakub Hrozek3-16/+29
https://fedorahosted.org/sssd/ticket/985
2011-09-06Subscribe to netlink route and addr messagesJakub Hrozek1-5/+244
https://fedorahosted.org/sssd/ticket/955 In addition to carrier up messages, also subscribe to any messages describing that an address has been added or removed or routing table changed.
2011-09-06Discard carrier messages from non-ethernet devicesJakub Hrozek1-3/+155
IFF_LOWER_UP has no meaning for wireless interfaces, it can mean that an association has been made with an access point, but it does not mean that an addressing has been completed. This patch discards "carrier up" messages from interfaces that do not look like ethernet devices.
2011-09-06Change libnl monitor callback to only signal going onlineJakub Hrozek3-14/+5
This feature was not used and would probably never be used, because it is much safer to rely on online actions to time out. Moreover, it would make implementing the new features more complex.
2011-09-06Remove all libtool .la files from RPMStephen Gallagher1-13/+2
2011-09-06Allow turning dereference off by setting the threshold to 0Jakub Hrozek4-3/+13
2011-09-06sss_debuglevel - change the debug levels on the flyPavel Březina7-2/+474
https://fedorahosted.org/sssd/ticket/950
2011-09-06sss_ldap_err2string() - ldap_err2string() to sss_ldap_err2string()Pavel Březina4-38/+38
https://fedorahosted.org/sssd/ticket/986
2011-09-06sss_ldap_err2string() - function createdPavel Březina3-2/+16
https://fedorahosted.org/sssd/ticket/986
2011-09-02Fix typo in %configureStephen Gallagher1-1/+1
2011-09-02Add option to specify the kerberos replay cache dirStephen Gallagher10-0/+77
Adds a configure option to set the distribution default as well as an sssd.conf option to override it. https://fedorahosted.org/sssd/ticket/980
2011-08-29HBAC: Properly skip all non-group memberOf entriesStephen Gallagher1-1/+2
2011-08-29Fix moving to next entry in deref codeJakub Hrozek1-1/+6
https://fedorahosted.org/sssd/ticket/973
2011-08-26HBAC: Use of hostgroups for targethost or sourcehost was brokenStephen Gallagher1-4/+4
We were trying to look up the wrong attribute for the name of the hostgroup.
2011-08-26HBAC: Handle saving groups that have no membersStephen Gallagher1-7/+21
2011-08-26Use the default Kerberos realm for LDAP with GSSAPI authJakub Hrozek1-3/+55
https://fedorahosted.org/sssd/ticket/970
2011-08-26Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANONJakub Hrozek8-3/+33
https://fedorahosted.org/sssd/ticket/978
2011-08-25--debug-timestamps=1 is not passed to providersPavel Březina3-55/+77
https://fedorahosted.org/sssd/ticket/972 --debug-timestamps=1 is now passed to providers
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina30-49/+99
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - unit testsPavel Březina2-0/+753
https://fedorahosted.org/sssd/ticket/925
2011-08-25New DEBUG facility - man pagesPavel Březina3-17/+62
https://fedorahosted.org/sssd/ticket/925 Modified sssd and sssd.conf man pages to reflect new levels. Added new man include: include/debug_levels.xml
2011-08-25New DEBUG facility - conversionPavel Březina40-61/+62
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-25New DEBUG facility - modified DEBUGPavel Březina1-6/+41
https://fedorahosted.org/sssd/ticket/925 Modified: DEBUG() macro to work with new levels There are several new macros in util/util.h: - DEBUG_MSG(level, function, message) which will format the debug message like "(time) [prg_name] [function] (level): message\n" - DEBUG_IS_SET(level) that you should use to check if the level is allowed to be logged You can use it like: if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {...}
2011-08-25New DEBUG facility - new levelsPavel Březina2-2/+89
https://fedorahosted.org/sssd/ticket/925 Added functions: - debug_convert_old_level() to convert levels 0-9 to appropriate bitmask debug_convert_old_level(5) returns 0x03F0 (= 0 | 1 | 2 | 3 | 4 | 5) - debug_get_level() to convert old level number to its new value debug_get_level(5) returns 0x0200 (= 5) There are several new macros in util/util.h: - SSSDBG_* to reflect a debug level (same names as in the ticket) - please, don't use magic numbers anymore
2011-08-25Improve password policy error code and messageSumit Bose1-4/+9
Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the requested password policy cannot be found we return PAM_PERM_DENIED. Additionally the log message says that the access is denied.
2011-08-25Return the first value of name if the multivalued name attribute does not ↵Jakub Hrozek1-3/+4
match RDN https://fedorahosted.org/sssd/ticket/926
2011-08-25IPA dyndns: do not segfault if the server cannot be resolvedJakub Hrozek1-4/+2
https://fedorahosted.org/sssd/ticket/963
2011-08-15Handle timeout during sss_ldap_init_sendJakub Hrozek3-3/+41
In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.