Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-07-10 | Bumping version to 1.9.0 beta 5 | Jakub Hrozek | 1 | -1/+1 | |
2012-07-10 | Update translations for 1.9.0 beta 4 release | Jakub Hrozek | 32 | -9370/+15153 | |
2012-07-10 | Cast uid_t to unsigned long long in DEBUG messages | Jakub Hrozek | 4 | -10/+11 | |
2012-07-10 | Print based on pointer contents not address | Jakub Hrozek | 1 | -1/+3 | |
2012-07-10 | Fix segfault when using local provider | Stephen Gallagher | 1 | -6/+5 | |
The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412 | |||||
2012-07-10 | pac responder: limit access by checking UIDs | Sumit Bose | 10 | -11/+394 | |
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382 | |||||
2012-07-10 | Remove dead code in ipa_subdomains_handler_done() | Sumit Bose | 1 | -1/+1 | |
Fixes https://fedorahosted.org/sssd/ticket/1410 | |||||
2012-07-10 | Remove resource leak in sssdpac_import_authdata | Sumit Bose | 1 | -3/+1 | |
Fixes https://fedorahosted.org/sssd/ticket/1409 | |||||
2012-07-09 | Fix incorrect error-check | Stephen Gallagher | 1 | -1/+1 | |
Coverity #12770 | |||||
2012-07-09 | Check for errors from krb5_unparse_name | Stephen Gallagher | 1 | -1/+8 | |
Coverity #12781 | |||||
2012-07-09 | Add missing return value check | Stephen Gallagher | 1 | -1/+1 | |
Coverity #12782 | |||||
2012-07-09 | Avoid NULL-dereference in error-handling | Stephen Gallagher | 1 | -1/+3 | |
Coverity #12783 | |||||
2012-07-09 | Fix uninitialized memcpy error | Stephen Gallagher | 1 | -0/+2 | |
Coverity #12784 | |||||
2012-07-09 | Fix uninitialized value return | Stephen Gallagher | 1 | -1/+1 | |
Coverity #12786 | |||||
2012-07-09 | Fix potential NULL-dereference | Stephen Gallagher | 1 | -1/+3 | |
Coverity #12797 | |||||
2012-07-09 | Fix incorrect return value in tests | Stephen Gallagher | 1 | -0/+2 | |
Coverity #12798 | |||||
2012-07-09 | Fix potential NULL-dereference | Stephen Gallagher | 1 | -1/+2 | |
Coverity #12800 | |||||
2012-07-09 | Fix potential NULL-dereference | Stephen Gallagher | 1 | -1/+3 | |
Coverity #12801 | |||||
2012-07-09 | Fix uninitialized variable | Stephen Gallagher | 1 | -0/+1 | |
Coverity #12802 | |||||
2012-07-09 | Fix use-after-free | Stephen Gallagher | 1 | -0/+1 | |
Coverity #12803 | |||||
2012-07-09 | heimdal: use sss_krb5_princ_realm to access realm | Rambaldi | 1 | -4/+11 | |
2012-07-09 | heimdal: fix compile error in krb5-child-test | Rambaldi | 2 | -0/+5 | |
2012-07-06 | Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8 | Stef Walter | 4 | -187/+0 | |
* This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate. | |||||
2012-07-06 | AD: Force case-insensitive operation in AD provider | Stephen Gallagher | 1 | -0/+18 | |
2012-07-06 | CONFDB: Add the ability to set a boolean value in the confdb | Stephen Gallagher | 2 | -0/+80 | |
2012-07-06 | AD: Add manpages and SSSDConfig entries | Stephen Gallagher | 9 | -2/+290 | |
2012-07-06 | AD: use krb5_keytab for validation and GSSAPI | Stephen Gallagher | 3 | -3/+12 | |
This simplifies configuration by eliminating the need to specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is not located at /etc/krb5.keytab | |||||
2012-07-06 | AD: Add AD provider to the spec file | Stephen Gallagher | 1 | -0/+1 | |
2012-07-06 | AD: Add AD access-control provider | Stephen Gallagher | 5 | -1/+190 | |
This patch adds support for checking whether a user is expired or disabled in AD. | |||||
2012-07-06 | AD: Add AD auth and chpass providers | Stephen Gallagher | 4 | -1/+159 | |
These new providers take advantage of existing code for the KRB5 provider, providing sensible defaults for operating against an Active Directory 2008 R2 or later server. | |||||
2012-07-06 | AD: Add AD identity provider | Stephen Gallagher | 8 | -0/+1316 | |
This new identity provider takes advantage of existing code for the LDAP provider, but provides sensible defaults for operating against an Active Directory 2008 R2 or later server. | |||||
2012-07-06 | LDAP: Rename user and group maps for AD | Stephen Gallagher | 2 | -4/+4 | |
This will eliminate ambiguity for the AD provider | |||||
2012-07-06 | KRB5: Create a common init routine for krb5_child options | Stephen Gallagher | 5 | -99/+138 | |
This will reduce code duplication between the krb5, ipa and ad providers | |||||
2012-07-06 | KRB5: Drop memctx parameter of krb5_try_kdcip | Stephen Gallagher | 4 | -15/+17 | |
This function is not supposed to return any newly-allocated memory directly. It was actually leaking the memory for krb5_servers if krb5_kdcip was being used, though it was undetectable because it was allocated on the provided memctx. This patch removes the memctx parameter and allocates krb5_servers temporarily on NULL and ensures that it is freed on all exit conditions. It is not necessary to retain this memory, as dp_opt_set_string() performs a talloc_strdup onto the appropriate context internally. It also updates the DEBUG messages for this function to the appropriate new macro levels. | |||||
2012-07-06 | KRB5_LOCATOR: Print the filename that couldn't be opened | Stephen Gallagher | 1 | -1/+2 | |
2012-07-06 | KRB5: Some logging enhancements for krb5_child | Stephen Gallagher | 1 | -6/+13 | |
2012-07-06 | MAN: Unify "SEE ALSO" sections | Stephen Gallagher | 22 | -331/+111 | |
2012-07-06 | Set file descriptor limits in pac responder | Sumit Bose | 1 | -0/+15 | |
2012-07-06 | Fix SSSDConfigTest for separate build directories | Sumit Bose | 1 | -8/+9 | |
2012-07-06 | Fix crash when interface doesn't have an address | Stef Walter | 1 | -0/+3 | |
* This is similar to the code in ipa_dyndns_update_send() | |||||
2012-07-02 | LDAP: Print extended failure message for SASL bind | Stephen Gallagher | 1 | -2/+14 | |
2012-07-02 | IPA: Don't hang onto memory longer than necessary | Stephen Gallagher | 1 | -0/+1 | |
This request and attached memory would be freed at the end of access-check processing, but it's a waste to keep it around. | |||||
2012-06-30 | Fix segfault when sudo is not configured. | Simo Sorce | 1 | -1/+2 | |
Sudo support is optional, when it is not configured sudorules_map is not initialized and dereferencing it will cause a segmentation fault. | |||||
2012-06-29 | KRB5: Initialize the credential cache type properly | Stephen Gallagher | 1 | -0/+11 | |
We weren't guaranteeing that the cctype-specific callbacks were initialized before using them. This bug only presented itself for users who were logging in without a ccacheFile attribute in the LDB (for example, first-time logins). | |||||
2012-06-29 | DEBUG: Log to syslog if we are unable to open a debug fd | Stephen Gallagher | 1 | -0/+5 | |
2012-06-29 | TESTS: Print messages when LDAP options do not match | Stephen Gallagher | 1 | -2/+10 | |
2012-06-29 | sudo: manpage updated | Pavel Březina | 2 | -34/+131 | |
Removes old options and adds new ones. | |||||
2012-06-29 | sudo ldap provider: support autoconfiguration of IP addresses | Pavel Březina | 1 | -1/+179 | |
sudoHost attribute may contain IPv4 or IPv6 host/network address. This patch adds support for autoconfiguration of these information. | |||||
2012-06-29 | sudo ldap provider: do per-host updates | Pavel Březina | 1 | -3/+160 | |
Add host information to LDAP filters. | |||||
2012-06-29 | sudo ldap provider: mark sdap_sudo_setup_periodical_refresh() as static | Pavel Březina | 1 | -2/+2 | |