summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2012-09-10RPM: BuildRequire selinux-policy-targetedJakub Hrozek1-0/+1
selinux-policy-targeted contains the /etc/selinux/targeted/logins directory that is checked during build time to determine if the platform supports SELinux user logins.
2012-09-10KRB5: Return PAM_AUTH_ERR on incorrect passwordJakub Hrozek1-19/+32
https://fedorahosted.org/sssd/ticket/1515
2012-09-10KRB5: cancel the sysdb transaction on one place onlyJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1516 If sysdb_set_user_attr failed, we would cancel the transaction, then go to the error handler and attempt to close it again.
2012-09-07Out-of-bounds read fix in hmac-sha-1Ondrej Kos1-1/+3
2012-09-07libsss_sudo should have a versioned dependency on SSSDJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1509
2012-09-05Bumping version for the 1.9.0 beta 7 releaseJakub Hrozek1-1/+1
2012-09-05Update translations for 1.9.0 beta 7 releaseJakub Hrozek34-8623/+15821
2012-09-05SIGUSR2 should force SSSD to reread resolv.conf as wellAriel Barria1-2/+19
2012-09-05Don't terminate the same connection twiceJakub Hrozek1-6/+0
https://fedorahosted.org/sssd/ticket/1488
2012-09-05Retry the next server if bind during LDAP auth times outJakub Hrozek1-1/+6
2012-09-05SYSDB: Abort unit test if sysdb_getpwnam failsJakub Hrozek1-0/+3
2012-09-05SYSDB: Commit transaction in sysdb_store_userJakub Hrozek1-17/+19
2012-09-04Unify usage of sysdb transactions (part 2).Michal Zidek9-270/+330
2012-09-04Check flat names when searching for sub-domains as wellSumit Bose1-1/+3
2012-09-04SSH: Add support for OpenSSH-style public keysJan Cholasta1-13/+37
2012-09-04SSH: Simplify public key formatting functionJan Cholasta4-46/+12
2012-09-04SSH: Return error code in SSH utility functionsJan Cholasta4-29/+54
2012-09-04Adding -std=gnu99 flag.Michal Zidek1-1/+2
2012-09-04Check if the SELinux login directory existsJakub Hrozek3-3/+13
https://fedorahosted.org/sssd/ticket/1492
2012-08-29RPM: Always include the patch fileJakub Hrozek1-2/+0
2012-08-28RPM: Switch the default ccache locationJakub Hrozek3-1/+29
https://fedorahosted.org/sssd/ticket/1500
2012-08-27Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek3-8/+115
https://fedorahosted.org/sssd/ticket/1460
2012-08-24Use new debug levels in validate_tgt()Sumit Bose1-13/+16
2012-08-24Fix fallback in validate_tgt()Sumit Bose1-8/+20
To validate a TGT a keytab entry from the client realm is preferred but if none ca be found the last entry should be used. But the entry was freed and zeroed before it could be used. This should also fix the trusted domain use case mentioned in https://fedorahosted.org/sssd/ticket/1396 although a different approach then suggested in the ticket is used.
2012-08-23Fix: IPv6 address with square brackets doesn't work.Michal Zidek6-1/+67
https://fedorahosted.org/sssd/ticket/1365
2012-08-23Unify usage of sysdb transactionsMichal Zidek20-67/+270
Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
2012-08-23Typo in debug message (SSSd -> SSSD).Michal Zidek1-1/+1
https://fedorahosted.org/sssd/ticket/1434
2012-08-23Clean up cache on server reinitializationPavel Březina6-4/+404
https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
2012-08-23Consolidation of functions that make realm upper-caseOndrej Kos5-31/+28
2012-08-23AD context was set to null due to type mismatchOndrej Kos3-1/+14
2012-08-21Remove compilation warning: ret may be uninitializedPavel Březina1-0/+2
2012-08-21Unbreak build on RHEL5: replace ldap_destroy() with ldap_unbind_ext()Pavel Březina1-1/+1
ldap_destroy() is not present in RHEL5
2012-08-21Close LDAP connection when unable to install TLSPavel Březina1-13/+13
We were not closing LDAP connection when using SSL with invalid certificate. https://fedorahosted.org/sssd/ticket/1490
2012-08-21accept_fd_handler: add missing returnSumit Bose1-0/+1
2012-08-21SYSDB: Make sysdb_attrs_get_el_int() publicStephen Gallagher2-8/+10
Also rename it to sysdb_attrs_get_el_ext()
2012-08-21Process all groups from a single nesting levelJakub Hrozek1-4/+14
https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
2012-08-16Fix compilation error in Python murmurhash bindingsJakub Hrozek2-4/+10
The compilation produced an error due to missing declaration of uint32_t and a couple of warnings caused by different prototypes of argument parsing functions in older Python releases.
2012-08-16Only create the SELinux login file if there are mappings on the serverJakub Hrozek2-51/+78
https://fedorahosted.org/sssd/ticket/1455 In case there are no rules on the IPA server, we must simply avoid generating the login file. That would make us fall back to the system-wide default defined in /etc/selinux/targeted/seusers. The IPA default must be only used if there *are* rules on the server, but none matches.
2012-08-16Do not try to remove the temp login file if already renamedJakub Hrozek1-2/+3
write_selinux_string() would try to unlink the temporary file even after it was renamed. Failure to unlink the file would not be fatal, but would produce a confusing error message. Also don't use "0" for the default fd number, that's reserved for stdin. Using -1 is safer.
2012-08-16Build SELinux code in responder conditionallyJakub Hrozek1-0/+7
https://fedorahosted.org/sssd/ticket/1480
2012-08-15Fix LOCAL domain lookupsPavel Březina1-19/+22
https://fedorahosted.org/sssd/ticket/1436 Now subdomains are not evaluated for local domains.
2012-08-15Add python bindings for murmurhash3Sumit Bose4-3/+184
2012-08-15KRB5: Only return PAM error for unreachable kpasswd when performing chpassJakub Hrozek1-2/+4
https://fedorahosted.org/sssd/ticket/1452
2012-08-15FO: Return EAGAIN if there are more servers to tryJakub Hrozek1-0/+9
The caller should issue a next request, which would just shortcut with ENOENT.
2012-08-15FO: Don't retry the same server if it's not workingJakub Hrozek1-2/+3
2012-08-15Duplicate detection in fail over did not work.Michal Zidek9-15/+69
https://fedorahosted.org/sssd/ticket/1472
2012-08-13sss_client: Group lookups should work even when fastcache cannot be initializedJakub Hrozek1-8/+2
https://fedorahosted.org/sssd/ticket/1415
2012-08-13Add autofs-related options to configAPIJakub Hrozek2-1/+12
https://fedorahosted.org/sssd/ticket/1478
2012-08-10MAN: Improve description of ldap_*_search_base optionsStephen Gallagher4-96/+63
It was ambiguous that these options supported the new multiple search base format, as well as the search filters.
2012-08-10When ldap_group_nesting_level was reached, the LDAP provider tried to link ↵Michal Zidek1-1/+45
group members with groups outside nesting limit. https://fedorahosted.org/sssd/ticket/1194