summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-01-26PAM: Do not overwrite retJakub Hrozek1-3/+1
2012-01-23SYSDB: Move add_string and add_ulong to sysdb_private.hStephen Gallagher2-4/+9
2012-01-23UTIL: Add strtouint16Stephen Gallagher2-0/+20
2012-01-23Move sized_string declaration to utilsStephen Gallagher4-19/+19
2012-01-23LDAP: Improve debugging for sdap_parse_derefStephen Gallagher1-4/+7
Move the debug statement identifying the DN to an earlier line, so if we get a reply with no attributes, we know which entry is at fault.
2012-01-23DP: Fix bugs in sss_dp_get_account_intStephen Gallagher4-66/+47
The conversion to the tevent_req style introduced numerous bugs related to memory management of the various client requests. In some circumstances, this could cause memory corruption and segmentation faults in the NSS responder. This patch makes the following changes: 1) Rename the internal lookup from subreq to sidereq, to indicate that it is not a sub-request of the current lookup (and therefore is not cancelled if the current request is). 2) Change the handling of the callback loops since they call tevent_req_[done|error], which results in them being freed (and therefore removed from the cb_list. This was the source of the memory corruption that would occasionally result in dereferencing an unreadable request. 3) Remove the unnecessary sss_dp_get_account_int_recv() function and change sss_dp_get_account_done() so that it only frees the sidereq. All of the waiting processes have already been signaled with the final results from sss_dp_get_account_int_done()
2012-01-21RESPONDER: Extend sss_dp_account_send() to include extra dataStephen Gallagher5-14/+32
Some NSS maps such as 'services' require more values to be passed to the data provider than just the name or ID. In these cases, we will amend an optional component to filter value to pass to the data provider backend.
2012-01-21Fix invalid index in pidfile()Stephen Gallagher1-1/+3
If we hit the "read too much, this should never happen" line, we would write a NULL-terminator past the end of the static buffer. Coverity 12472
2012-01-21SYSDB: Redundant check is redundant.Stephen Gallagher1-5/+0
Coverity 12480
2012-01-18SUDO: include the sources in the IPA provider, tooJakub Hrozek1-0/+6
2012-01-18PAM: Fix reversed logicJakub Hrozek1-1/+1
2012-01-18LDAP: Add option to disable paging controlStephen Gallagher9-5/+40
Fixes https://fedorahosted.org/sssd/ticket/967
2012-01-18NSS: Add sss_readrep_copy_stringStephen Gallagher5-181/+131
There were many places in the client code where we were duplicating a loop to copy data in from the response buffer. This patch turns those loops into a function for easier maintenance and easier-to-read *readrep() routines.
2012-01-18Do not use sudo symbols in LDAP provider unconditionallyJakub Hrozek1-0/+2
2012-01-17Add a new Makefile target to build RPMs with the experimental flagJakub Hrozek2-5/+53
2012-01-17Export libsss_sudo as a separate packageJakub Hrozek4-8/+58
2012-01-17Add a configure switch to specify 3rd party app libraries locationJakub Hrozek2-1/+19
2012-01-17SUDO Integration - periodical update of rules in data providerPavel Březina11-1/+354
https://fedorahosted.org/sssd/ticket/1110 Adds new configuration options: - ldap_sudo_refresh_enabled - enable/disable periodical updates - ldap_sudo_refresh_timeout - rules timeout (refresh period)
2012-01-17SUDO Integration - functions for manipulating with 'refreshed' attributePavel Březina2-0/+68
https://fedorahosted.org/sssd/ticket/1110
2012-01-17sysdb_get_bool() and sysdb_get_bool() functionsPavel Březina2-51/+108
2012-01-17SUDO Integration - wrap data provider with tevent_reqPavel Březina2-43/+138
https://fedorahosted.org/sssd/ticket/1110
2012-01-17SUDO Integration review issuesPavel Březina16-41/+68
2012-01-17IPA: Detect nsupdate support for the realm directiveStephen Gallagher3-15/+55
For older platforms, do not add the 'realm' line in the update message
2012-01-17Raise the debug level of two very noisy statementsStephen Gallagher2-4/+6
2012-01-17NSS: Improve DEBUG messages for netgroup cacheStephen Gallagher1-2/+2
2012-01-14Support multiple search bases in HBACJan Zeleny5-39/+176
2012-01-14Add info about ipa_host_search_base to man pageJan Zeleny1-0/+29
Also add comment that setting ipa_hbac_support_srchost to False disables search filters given in ipa_host_search_base
2012-01-14NSS: Validate input string lengthsStephen Gallagher4-9/+32
Also fixes a return value bug where we were returning errno error codes instead of nss_status codes. Fixes https://fedorahosted.org/sssd/ticket/1135
2012-01-14LDAP: Copy URI instead of pointing at failover service recordStephen Gallagher1-2/+8
In a heavy load environment, sometimes the failover service record would be updated and free the URI value. We need to guarantee that this URI string remains valid throughout the entire request. https://fedorahosted.org/sssd/ticket/1139
2012-01-14Log fixes for sdap_call_conn_cbStephen Gallagher2-2/+4
2012-01-09util: Fix murmurhash3 on machines with old glibcSimo Sorce1-0/+10
2012-01-09Add a random + identity test for murmurhash3Simo Sorce1-0/+29
This test always generate a random string so each time the test is run we will test the hash function with a new value. It also hashes the same string twice and compares the result so that we have a chance of catching if uninitialized variables are getting mixed into the value calculation and end up generating different results for the same input.
2012-01-09util: add murmurhash3 hash functionSimo Sorce4-1/+147
2012-01-09nsssrv: use sized_string in fill_grentSimo Sorce1-35/+48
2012-01-09nsssrv: use sized_string in fill_pwentSimo Sorce1-41/+56
2012-01-09nsssrv: add string manipulation helperSimo Sorce2-0/+19
the sized_string structure makes it easier to keep track of string lengths and makes passing around data more compat and readable.
2012-01-06IPA netgroups: Do not reuse loop iterator variableJakub Hrozek1-3/+3
2012-01-06Do not call krb5_child when changing passwords and provider went offlineJakub Hrozek1-1/+11
https://fedorahosted.org/sssd/ticket/1131
2012-01-06HBAC: create empty groups with one NULL elementJakub Hrozek1-16/+15
https://fedorahosted.org/sssd/ticket/1130
2012-01-04nsssrv: remove unused macroSimo Sorce1-2/+0
2012-01-04tests: fix test group of utf8 testsSimo Sorce1-5/+5
2012-01-04make dist fixesSimo Sorce1-1/+1
Use pax format for tar as it is the only one that will succeed (albeit spitting warnings) to create a tar file if user UID values are above ~2M
2011-12-22Importing new translations for 1.7.0 releaseStephen Gallagher73-4219/+2919
2011-12-22Add compatibility layer for Heimdal Kerberos implementationStephen Gallagher6-21/+99
2011-12-21Honor case sensitive flag when creating the ccname templateJakub Hrozek4-12/+56
2011-12-21Return user and group names lowercased in case insensitive domainsJakub Hrozek1-12/+32
2011-12-21sss_get_cased_name utility functionJakub Hrozek5-11/+24
2011-12-20Bump version to 1.8.0Stephen Gallagher1-1/+1
2011-12-20Save original memberof, not memberofJakub Hrozek1-4/+16
2011-12-20Failover: Introduce a per-service timeoutJakub Hrozek4-5/+67
https://fedorahosted.org/sssd/ticket/976