summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2010-10-13Distribute XML sources instead of man-pagesSumit Bose1-2/+3
2010-10-13Return all group members from getgr(nam|gid)Ralf Haferkamp1-12/+374
getgrnam()/getgrgid() should return all group members instead of only those which have already been cached (in sysdb). To achieve this every member that is currently not in the cache is looked up via LDAP and saved to the cache.
2010-10-13Shortcut for save_group() to accept sysdb DNs as member attributesRalf Haferkamp1-4/+19
Addtional parameter "populate_members" for save_group() and save_groups() to indicate that the "member" attribute of the groups is populated with sysdb DNs of the members (instead of LDAP DNs).
2010-10-13Rename index to idxSumit Bose1-4/+4
This patch suppresses a 'shadows a global declaration' warning.
2010-10-13Add a missing include fileSumit Bose1-0/+1
strcasecmp() is defined in strings.h which might not be included under certain conditions.
2010-10-13Use POPT_TABLEEND to close option tableSumit Bose7-8/+8
2010-10-13Man pages should mention supported providersJan Zeleny4-13/+28
Each back end can support id, auth or access provider, but each back end supports different subset of these. Man pages should describe which providers are supported by each back end. Ticket: #615
2010-10-08Add common hash table setupStephen Gallagher3-1/+60
sss_hash_create() produces a dhash table living in the talloc hierarchy.
2010-10-08Disable events on ldap fd when offline.Jan Zeleny1-2/+4
Erase events on LDAP socket when backend is offline and an event appears on the socket. Normally this would lead to infinite loop, because event is present on the fd, but instead of being processed, an error log is written and the program continues to wait for the event. Ticket: #599
2010-10-04Return offline instead of errorStephen Gallagher1-1/+2
When the failover code returns that there are no available servers while we are marked offline, we were returning an error to the PAM authentication code. Instead, we should return success with a result value of SDAP_UNAVAIL so that the PAM responder will mark the domain offline and attempt offline authentication.
2010-09-28Suppress some 'unchecked return value' warningsSumit Bose1-6/+13
2010-09-28Suppress some 'may be used uninitialized' warningsSumit Bose4-9/+15
Additionally the handling of errno and the errno_t return value of functions is fixed in krb5_common.c.
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose4-3/+79
2010-09-23Save all data to sysdb in one transactionSumit Bose1-222/+131
2010-09-23Handle host objects like other objectsSumit Bose2-129/+183
2010-09-22Initialize debug_level to zero in crypto testsStephen Gallagher1-1/+1
2010-09-22Fix assorted specfile issuesStephen Gallagher1-8/+6
1) Pam modules should be explicitly built for /lib64/security 2) The krb5 locator plugin is always built; remove the conditional 3) The krb5 locator plugin belongs in the sssd-client package 4) The sss_obfuscate manpage was not packaged
2010-09-22Request the correct attribute nameJakub Hrozek1-1/+1
2010-09-22Fix sysdb_attrs_to_listJakub Hrozek1-2/+2
2010-09-22Fix sysdb_group_dn_nameJakub Hrozek2-1/+43
2010-09-22Initgroups on a non-cached user should go to the data providerStephen Gallagher2-2/+13
We were accidentally returning an error when sysdb_getpwnam() returned zero results internally in sysdb_initgroups(). The correct behavior here is to return EOK and a result object with zero entries.
2010-09-22Fix missing variable substitution in DEBUG messageStephen Gallagher1-2/+2
2010-09-22Request all group attributes during initgroups processingStephen Gallagher2-5/+7
We tried to be too clever and only requested the name of the group, but we require the objectClass to validate the results. https://fedorahosted.org/sssd/ticket/622
2010-09-15Check if control is supported before using it.Simo Sorce4-14/+39
2010-09-15Add parameter to skip cleanup in sysdb testJakub Hrozek1-1/+4
This might be useful for examining the test database manually with LDB tools
2010-09-15Use a different min_id for local domainJakub Hrozek2-1/+17
When we changed the default min_id to be 1, we forgot about the local domain. It makes sense to keep the minimum id larger there.
2010-09-15Define objectclass with a constantJakub Hrozek2-3/+4
Use a #define instead of hardcoded string
2010-09-15Revert "Make ldap bind asynchronous"Jakub Hrozek8-1222/+167
This reverts 56d8d19ac9d857580a233d8264e851883b883c67
2010-09-15Store rootdse supported features in sdap_handlerSumit Bose7-63/+112
2010-09-15Fix parameter order when initializing decryptionJakub Hrozek1-1/+1
2010-09-15Remove generated manpages when performing "make clean"Stephen Gallagher1-0/+1
Fixes https://fedorahosted.org/sssd/ticket/614
2010-09-08Handle multiple simultaneous enumeration requestsStephen Gallagher2-289/+717
Previously, if a second enumeration request arrived while one was already being processed, each process would receive only a subset of the total number of available users or groups. This is because we were maintaining the response object as a global value in the NSS responder. The second request would come in, see that the data set was already populated, and start reading from wherever the cursor was currently pointed. With this patch, we now move the cursor to the client context instead of the global NSS context. Additionally, this patch completely rewrites the approach to enumerations in the tevent_req style. This makes it much easier to follow in the code. In order to ensure that a slow or malicious client cannot hold onto a reference for the setent result object indefinitely, we set an expiration on the object. We use the enum_cache_timeout here, since that is an appropriate value. If the timeout fires during the normal operation of the get*ent() loop of a client program, we will save the current values of the read index so that we can resume as soon as the object has been refreshed by an implicit setent call. Instead of deleting the enumeration result object immediately after the last in-progress client has read it, we'll keep the object around for the lifetime of enum_cache_timeout. This way, additional clients making enumeration requests can still access the results in-memory.
2010-09-08Fix assorted minor bugs in sss_ toolsJakub Hrozek9-47/+37
Fixes: #585
2010-09-08Dead assignments cleanup in various places in SSSDJan Zeleny5-6/+8
Three assignments deleted, two return code inspection added. Also found and fixed one critical bug caused by dead assignment. Ticket: #590
2010-09-08Dead assignments cleanup in memberof moduleJan Zeleny1-6/+3
Some assignments deleted, two return value inspections were added. Ticket: #589
2010-09-08Dead assignments cleanup in NSS responderJan Zeleny2-7/+7
Various dead assignments were deleted, some return value inspections were added. Ticket: #588
2010-09-08Dead assignments cleanup in providers codeJan Zeleny6-20/+9
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
2010-09-08Deobfuscate password in back endsJakub Hrozek3-10/+66
When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-08sss_obfuscate toolJakub Hrozek4-1/+204
A tool to add obfuscated passwords into the SSSD config file
2010-09-08Python bindings for obfuscationJakub Hrozek1-3/+180
2010-09-08Fix pysss linkingJakub Hrozek1-0/+3
2010-09-08Password obfuscation utility functionsJakub Hrozek5-1/+667
Adds two utility functions to obfuscate a password and inverse to extract the cleartext password back. So far, only NSS-based implementation is provided.
2010-09-08Add safe copy/move macros for uint16_tJakub Hrozek1-1/+11
2010-09-08Move crypto functions into its own subdirJakub Hrozek8-47/+119
A refactoring patch that creates a common util/crypto subdir with per-implementation subdirectories for each underlying crypto library supported by SSSD.
2010-09-07Fixed small issue in memory context hierarchyJan Zeleny1-1/+1
In fail_over.c, there was a small bug causing subrequest to have wrong parent memory context. This patch fixes it.
2010-09-07Reviewed sssd-ldap man pageJan Zeleny1-7/+207
Some config options updated, newly documented 12 new options.
2010-09-07Cleaned some dead assignmentsJan Zeleny2-15/+13
Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582
2010-09-02Package systemd unit fileJakub Hrozek2-1/+18
So far, the systemd unit file is only packaged but not used in any of the packaged spec files. Fixes: #483
2010-09-02Fixed uninialized value in proxy_id providerJan Zeleny1-0/+2
In function get_pw_name when allocation of memory fails, there were two codepaths which could cause printing of undefined value. This patch fixes both cases. Ticket: #580
2010-09-02Fixed printing of undefined value in sdap_async_accounts.cJan Zeleny1-1/+1
If sysdb_attrs_get_el() call failed in function sdap_save_group(), it would result in printing an undefined value of variable name. This is now fixed by initializing the variable. Ticket: #579