sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2012-05-07	Limit krb5_get_init_creds_keytab() to etypes in keytab	Stef Walter	4	-0/+181
	* Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375
2012-05-07	Remove erroneous failure message in find_principal_in_keytab	Stef Walter	2	-2/+4
	* When it's actually a failure, then the callers will print a message. Fine tune this.
2012-05-04	If canon'ing principals, write ccache with updated default principal	Stef Walter	2	-3/+8
	* When calling krb5_get_init_creds_keytab() with krb5_get_init_creds_opt_set_canonicalize() the credential principal can get updated. * Create the cache file with the correct default credential. * LDAP GSSAPI SASL would fail due to the mismatched credentials before this patch. https://bugzilla.redhat.com/show_bug.cgi?id=811518
2012-05-04	SSSDConfigAPI: Fix missing option in tests	Stephen Gallagher	1	-0/+2

2012-05-04	Modify behavior of pam_pwd_expiration_warning	Jan Zeleny	9	-52/+119
	New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider.
2012-05-04	Fix endian issue in SID conversion	Sumit Bose	3	-10/+18
	Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID.
2012-05-03	LDAP: Add support for enumeration of ID-mapped users and groups	Stephen Gallagher	1	-31/+102

2012-05-03	MAN: Add manpage for ID mapping	Stephen Gallagher	3	-0/+214

2012-05-03	LDAP: Treat groups with unmappable SIDs as non-POSIX groups	Stephen Gallagher	1	-9/+12

2012-05-03	LDAP: Add helper function to map IDs	Stephen Gallagher	5	-119/+81
	This function will also auto-create a new ID map if the domain has not been seen previously.
2012-05-03	LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped ↵	Stephen Gallagher	2	-0/+16
	entries
2012-05-03	LDAP: Add helper routine to convert LDAP blob to SID string	Stephen Gallagher	5	-68/+195

2012-05-03	LDAP: Map the user's primaryGroupID	Stephen Gallagher	8	-12/+73

2012-05-03	LDAP: Enable looking up id-mapped groups by GID	Stephen Gallagher	1	-2/+45

2012-05-03	LDAP: Allow looking up ID-mapped groups by name	Stephen Gallagher	2	-29/+125

2012-05-03	LDAP: Enable looking up id-mapped users by UID	Stephen Gallagher	1	-6/+43

2012-05-03	LDAP: Allow automatically-provisioning a domain and range	Stephen Gallagher	1	-3/+43
	If we get a user who is a member of a domain we haven't seen before, add a domain entry (auto-assigning its slice). Since we don't know the domain's real name, we'll just save the domain SID string as the name as well.
2012-05-03	LDAP: Add routine to extract domain SID from an object SID	Stephen Gallagher	4	-2/+52
	Also makes the domain prefix macros from sss_idmap public.
2012-05-03	LDAP: Allow setting a default domain for id-mapping slice 0	Stephen Gallagher	7	-0/+48

2012-05-03	LDAP: Add autorid compatibility mode	Stephen Gallagher	7	-8/+20

2012-05-03	LDAP: Enable looking up ID-mapped users by name	Stephen Gallagher	3	-9/+56

2012-05-03	LDAP: Initialize ID mapping when configured	Stephen Gallagher	2	-0/+10

2012-05-03	LDAP: Add ID mapping range settings	Stephen Gallagher	6	-0/+19

2012-05-03	LDAP: Add helper routines for ID-mapping	Stephen Gallagher	3	-2/+340

2012-05-03	SYSDB: Add sysdb routines for ID-mapping	Stephen Gallagher	3	-0/+347

2012-05-03	LDAP: Add id-mapping option	Stephen Gallagher	6	-0/+6

2012-05-03	LDAP: Add objectSID config option	Stephen Gallagher	8	-0/+47

2012-05-03	Read sysdb attribute name, not LDAP attribute map name	Jakub Hrozek	1	-2/+2
	https://fedorahosted.org/sssd/ticket/1320
2012-05-03	SSH: Add dp_get_host_send to common responder code	Jakub Hrozek	9	-52/+211
	Instead of using account_info request, creates a new ssh specific request. This improves code readability and will make the code more flexible in the future. https://fedorahosted.org/sssd/ticket/1176
2012-05-03	Rename split_service_name_filter	Jakub Hrozek	1	-16/+16
	The function was used outside services code which was confusing due to its name. This patch renames it to sound more netrual.
2012-05-03	Fix typo in spec file	Sumit Bose	1	-1/+1

2012-05-03	SYSDB: Handle upgrade script failures better	Stephen Gallagher	1	-4/+13
	There was a bug in finish_upgrade() where it would return EOK if it succeeded in canceling the transaction due to an error. We should instead be returning the original error.
2012-05-03	AUTOFS: remove unused assignments	Jakub Hrozek	2	-5/+9
	Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails.
2012-05-03	IPA: Check return values	Jakub Hrozek	2	-2/+12

2012-05-03	PROXY: return correct return codes	Jakub Hrozek	1	-7/+9
	We were reporting on the value of "status" instead of "ret'. We also didn't set ret to EOK in cases group contained no members.
2012-05-03	SSS_DEBUGLEVEL: silence analyzer warnings	Jakub Hrozek	1	-2/+3
	Errno was returned instead of ret. The other hunk removes return code from fread - it is not needed, the NULL termination of the string is ensured by initializing the buffer.
2012-05-02	NSS: fix returning group from cache	Jakub Hrozek	1	-1/+1

2012-05-02	Handle endianness issues on older systems	Stephen Gallagher	1	-0/+17
	Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc.
2012-05-02	DP: return correct error message when subdomains back end target is not ↵	Jakub Hrozek	1	-1/+1
	configured The done handler uses the value of status, not ret.
2012-05-02	HBAC: Prevent NULL dereference in hbac_evaluate	Jakub Hrozek	1	-2/+4
	'info' is optional parameter and can be set to NULL
2012-05-02	ipa_get_config_send: remove unused assignment	Jakub Hrozek	1	-1/+0

2012-05-02	IPA netgroups: return EOK when there are no netgroups to process	Jakub Hrozek	1	-0/+1
	If the code fell through the loop, ret would have been random value.
2012-05-02	NSS: Check return code of sss_mmap_cache_gr_store	Jakub Hrozek	1	-0/+5

2012-05-02	PAM_SSS: report error code if write fails	Jakub Hrozek	1	-2/+2
	clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message.
2012-05-02	PYHBAC: Return NULL on failure	Jakub Hrozek	1	-0/+1
	The error handler would simply fall through instead of returning NULL.
2012-05-02	RESPONDER: check return value from confdb_get_int	Jakub Hrozek	1	-0/+7
	sss_process_init forgot to check return value of confdb_get_int
2012-05-02	LDAP: check return value of sysdb_attrs_get_el	Jakub Hrozek	1	-0/+7

2012-05-02	SERVER: use the correct return code of sss_atomic_write_s	Jakub Hrozek	1	-1/+1

2012-05-02	SSH: return NULL on error in ssh_host_pubkeys_format_known_host_plain	Jakub Hrozek	1	-1/+2
	The 'result' pointer must be initialized tin order to always return a defined value.
2012-05-02	SYSDB: check return value	Jakub Hrozek	1	-2/+2
	In addition to testing the number of elements, also check the return value of sysdb_attrs_get_el.