summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2011-05-06Add support for openldap24 package on RHEL 5.7Sumit Bose3-2/+32
2011-05-06Allow changing the log level without restartStephen Gallagher10-17/+89
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2011-05-06Create common sss_monitor_init()Stephen Gallagher4-69/+55
This was implemented almost identically for both the responders and the providers. It is easier to maintain as a single routine. This patch also adds the ability to provide a private context to attach to the sbus_connection for later use.
2011-05-06Remove unused constants from data_provider.hJakub Hrozek1-11/+0
2011-05-06Do not leak netgroups hash tableJakub Hrozek1-0/+12
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny4-8/+192
2011-05-04Include manpage for sss_cacheStephen Gallagher1-0/+1
2011-05-04Man page for sss_cacheJan Zeleny2-1/+123
2011-05-04Some minor fixes and changes in sysdb_opsJan Zeleny1-17/+40
2011-05-04Cache cleaning toolJan Zeleny3-1/+370
2011-05-04Add a function for searching netgroups with custom filterJan Zeleny2-0/+65
2011-05-04Make sysdb_ctx_list public structureJan Zeleny3-8/+53
Also create a routine to initialize it
2011-05-04Fixed lastUSN checking improvementsJan Zeleny3-5/+23
This patch fixes some issues with setting lastUSN attribute and it adds check against the highest user/group USN after enumeration to keep better track of the real highest USN. Optimal solution here would be to schedule a check of rootDSE entry right after the enumeration finishes, but for the moment this is good enough.
2011-05-04Override config file debug_level with command-lineStephen Gallagher4-22/+66
This patch also makes the following changes: 1) The [sssd] debug_level setting no longer acts as a default for all other sections. 2) We will now skip passing the debug argument to the child processes from the master unless the SSSD was run with a command-line argument for the debug level. https://fedorahosted.org/sssd/ticket/764
2011-05-04Do not leak LDAP URI with high log levelJakub Hrozek1-2/+7
2011-05-04Do not leak pcre contextJakub Hrozek1-0/+12
2011-05-03clients: use poll instead of selectSimo Sorce1-9/+6
select is limited to fd numbers up to 1024, we need to use poll() here to avoid causing memory corruption in the calling process. Fixes: https://fedorahosted.org/sssd/ticket/861
2011-05-02Fix minor typo in error messageStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/825
2011-05-02Return pam data to the renewal item if renewal failsSumit Bose1-4/+9
A previous patch changed a talloc_steal() into a talloc_move(). Now it is not enough to change the parent memory context with talloc_steal to give back the data, but it has to be assigned back too. Additionally this patch uses the missing pam data as an indication that a renewal request for this data is currently running.
2011-04-29Fix order of arguments in select_principal_from_keytab() callJakub Hrozek1-1/+1
2011-04-29Fix bad password caching when using automatic TGT renewalStephen Gallagher1-3/+12
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
2011-04-29Fix segfault in IPA providerStephen Gallagher1-2/+2
We were trying to request the krb5 keytab from the auth provider configuration, but it hasn't yet been set up. Much better to use the value in the ID provider.
2011-04-28Fix IPA config bug with SDAP_KRB5_REALMStephen Gallagher1-1/+1
2011-04-28Do not leak LDAP paging controlsJakub Hrozek1-0/+5
2011-04-27Regular translation updateStephen Gallagher20-1971/+2773
2011-04-27Add "description" option to SSSDConfig APIStephen Gallagher2-0/+3
https://fedorahosted.org/sssd/ticket/850
2011-04-27Add ldap_page_size configuration optionStephen Gallagher9-5/+28
2011-04-27Enable paging support for LDAPStephen Gallagher1-23/+117
2011-04-27Log the LDAP message type we're processingStephen Gallagher1-0/+57
2011-04-27simple provider: Don't treat primary GID lookup failures as fatalStephen Gallagher1-13/+19
2011-04-27Disable libcrypto codeJakub Hrozek1-9/+2
2011-04-27Warn that some crypto features are implemented in NSS onlyJakub Hrozek2-0/+9
2011-04-27Require openssl-devel is libcrypto backend is selectedJakub Hrozek4-17/+52
2011-04-25Modify principal selection for keytab authenticationJan Zeleny10-30/+254
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-25Case insensitive originalDN testJakub Hrozek1-0/+47
2011-04-25Added originalDN to attributes with case-insensitive searchJan Zeleny2-1/+106
https://fedorahosted.org/sssd/ticket/808
2011-04-25Configuration parsing updatesJan Zeleny6-53/+19
These changes are all related to following ticket: https://fedorahosted.org/sssd/ticket/763 Changes in SSSDConfig.py merge old and new domain record instead of just deleting the old and inserting the new one. The old approach let to loss of some information like comments and blank lines in the config file. Changes in API config were performed so our Python scripts (like sss_obfuscate) don't add extra config options to the config file.
2011-04-25Don't use negative cache in netgroup lookupJan Zeleny2-20/+20
In responder a negative cache is used to indicate that the record has not been found by previous lookup. This approach is however not applicable for netgroup lookup because the design of their lookup is a little different. This patch removes some pieces of code working with negative cache, because they didn't fuction well. Instead a new flag has been added to the positive cache. This flag indicates if the record in the cache is a record of existing netgroup or it's just a placeholder. https://fedorahosted.org/sssd/ticket/820
2011-04-25Allow new option to specify principal for FASTJan Zeleny6-6/+67
https://fedorahosted.org/sssd/ticket/700
2011-04-25Extend and move function for finding principal in keytabJan Zeleny3-80/+163
The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
2011-04-19Add last usn checking after reconnectionJan Zeleny2-1/+31
When reconnecting to the LDAP server supporting USNs (either because of new incomming id operation or invokation of callback responsible for checking status of the backend), detect whether the highest USN is lower than the one SSSD has recorded. If so, setup enumeration/cleanup to refresh potentionally changed account information in the SSSD cache. Related ticket: https://fedorahosted.org/sssd/ticket/734
2011-04-19Add value of the last USN to server configurationStephen Gallagher2-0/+16
Related: https://fedorahosted.org/sssd/ticket/734
2011-04-19Add user and group search LDAP filter optionsJakub Hrozek5-19/+119
https://fedorahosted.org/sssd/ticket/647
2011-04-19Always generate kpasswdinfo fileStephen Gallagher1-2/+1
Previously, we only generated it when performing a password change, but this didn't play nicely with kpasswd.
2011-04-15Set same status for duplicate serversJakub Hrozek1-0/+21
2011-04-15Reopen the LDB after modifying itStephen Gallagher1-3/+20
If we change any of the special entries such as indexes or plugins, we need to close and reopen the LDB to ensure that they take effect.
2011-04-15Run all appropriate upgradesStephen Gallagher1-1/+17
Previously, if we were upgrading from version 0.4 or older, we would only run sysdb_upgrade_04() and exit, instead of also running sysdb_upgrade_05()
2011-04-15Don't leak memory if sysdb_domain_init() failsStephen Gallagher1-3/+6
2011-04-15Fix regression where nonexistent entries were never added to the negative cacheStephen Gallagher1-21/+21
2011-04-15Fix a regression with the negative cache in multi-domain configurationsStephen Gallagher1-3/+18