Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-07-18 | Update translations for 1.9.0 beta 5 release | Jakub Hrozek | 31 | -2890/+16150 | |
2012-07-18 | PAM: Fix off-by-one-error in the SELinux session code | Jakub Hrozek | 1 | -1/+1 | |
2012-07-18 | AD: Fix defaults for krb5_canonicalize | Stephen Gallagher | 1 | -2/+2 | |
The AD provider cannot function with canonicalization because of a bug in Active Directory rendering it unable to complete a password-change while canonicalization is enabled. | |||||
2012-07-18 | Fix uninitialized values | Nick Guay | 12 | -23/+23 | |
https://fedorahosted.org/sssd/ticket/1379 | |||||
2012-07-18 | IPA: Return and save all SELinux rules in the provider | Jakub Hrozek | 1 | -47/+27 | |
https://fedorahosted.org/sssd/ticket/1421 | |||||
2012-07-18 | SYSDB: Delete SELinux mappings | Jakub Hrozek | 2 | -0/+19 | |
2012-07-18 | IPA: Download defaults even if there are no SELinux mappings | Jakub Hrozek | 1 | -60/+59 | |
We should always download the defaults because even if there are no rules, we might want to use (or update) the defaults. | |||||
2012-07-18 | Modify priority evaluation in SELinux user maps | Jan Zeleny | 5 | -9/+113 | |
The functionality now is following: When rule is being matched, its priority is determined as a combination of user and host specificity (host taking preference). After the rule is matched in provider, only its host priority is stored in sysdb for later usage. When rules are matched in the responder, their user priority is determined. After that their host priority is retrieved directly from sysdb and sum of both priorities is user to determine whether to use that rule or not. If more rules have the same priority, the order given in IPA config is used. https://fedorahosted.org/sssd/ticket/1360 https://fedorahosted.org/sssd/ticket/1395 | |||||
2012-07-18 | Add function sysdb_attrs_copy_values() | Jan Zeleny | 2 | -0/+27 | |
This function copies all values from one sysdb_attrs structure to another | |||||
2012-07-18 | LDAP: Properly cast type for MINSSF value | Jan Vcelak | 1 | -11/+9 | |
2012-07-18 | Fixed: Uninitialized value in krb5_child-test if ccname was specified. | Michal Zidek | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/1411 | |||||
2012-07-18 | Fixed: Unchecked return value from dp_opt_set_int. | Michal Zidek | 1 | -1/+5 | |
2012-07-16 | Fixed wrong number in shadowLastChange | Jan Zeleny | 1 | -1/+2 | |
The attribute is supposed to contain number of days since the epoch, not the number of seconds. | |||||
2012-07-16 | sudo test client: avoid SIGSEGV when run without arguments | Pavel Březina | 1 | -1/+1 | |
SIGSEGV occured when sss_sudo_cli was run without any arguments. | |||||
2012-07-16 | resolv_gethostbyname_send: strdup hostname to work properly when hostname is ↵ | Pavel Březina | 1 | -5/+12 | |
allocated on stack If we provide a hostname that was allocated on stack, it may contain invalid data in the time when it is actually resolved. This patch fixes it. | |||||
2012-07-16 | Add missing "%" to specfile | Jakub Hrozek | 1 | -1/+1 | |
2012-07-16 | AD: Add missing DP option terminator | Stephen Gallagher | 1 | -1/+2 | |
2012-07-13 | RPM: Own several directories | Jakub Hrozek | 1 | -0/+4 | |
2012-07-12 | Add newline to DEBUG messages | Jakub Hrozek | 1 | -2/+2 | |
2012-07-10 | Fix typo: exhasution->exhaustion. | Yuri Chornoivan | 1 | -1/+1 | |
2012-07-10 | Bumping version to 1.9.0 beta 5 | Jakub Hrozek | 1 | -1/+1 | |
2012-07-10 | Update translations for 1.9.0 beta 4 release | Jakub Hrozek | 32 | -9370/+15153 | |
2012-07-10 | Cast uid_t to unsigned long long in DEBUG messages | Jakub Hrozek | 4 | -10/+11 | |
2012-07-10 | Print based on pointer contents not address | Jakub Hrozek | 1 | -1/+3 | |
2012-07-10 | Fix segfault when using local provider | Stephen Gallagher | 1 | -6/+5 | |
The name context was not being initialized for local provider domains because it was handled after skipping over the back-end initialization routine. This patch moves the name context init routine to occur earlier. https://fedorahosted.org/sssd/ticket/1412 | |||||
2012-07-10 | pac responder: limit access by checking UIDs | Sumit Bose | 10 | -11/+394 | |
A check for allowed UIDs is added in the common responder code directly after accept(). If the platform does not support reading the UID of the peer but allowed UIDs are configured, access is denied. Currently only the PAC responder sets the allowed UIDs for a socket. The default is that only root is allowed to access the socket of the PAC responder. Fixes: https://fedorahosted.org/sssd/ticket/1382 | |||||
2012-07-10 | Remove dead code in ipa_subdomains_handler_done() | Sumit Bose | 1 | -1/+1 | |
Fixes https://fedorahosted.org/sssd/ticket/1410 | |||||
2012-07-10 | Remove resource leak in sssdpac_import_authdata | Sumit Bose | 1 | -3/+1 | |
Fixes https://fedorahosted.org/sssd/ticket/1409 | |||||
2012-07-09 | Fix incorrect error-check | Stephen Gallagher | 1 | -1/+1 | |
Coverity #12770 | |||||
2012-07-09 | Check for errors from krb5_unparse_name | Stephen Gallagher | 1 | -1/+8 | |
Coverity #12781 | |||||
2012-07-09 | Add missing return value check | Stephen Gallagher | 1 | -1/+1 | |
Coverity #12782 | |||||
2012-07-09 | Avoid NULL-dereference in error-handling | Stephen Gallagher | 1 | -1/+3 | |
Coverity #12783 | |||||
2012-07-09 | Fix uninitialized memcpy error | Stephen Gallagher | 1 | -0/+2 | |
Coverity #12784 | |||||
2012-07-09 | Fix uninitialized value return | Stephen Gallagher | 1 | -1/+1 | |
Coverity #12786 | |||||
2012-07-09 | Fix potential NULL-dereference | Stephen Gallagher | 1 | -1/+3 | |
Coverity #12797 | |||||
2012-07-09 | Fix incorrect return value in tests | Stephen Gallagher | 1 | -0/+2 | |
Coverity #12798 | |||||
2012-07-09 | Fix potential NULL-dereference | Stephen Gallagher | 1 | -1/+2 | |
Coverity #12800 | |||||
2012-07-09 | Fix potential NULL-dereference | Stephen Gallagher | 1 | -1/+3 | |
Coverity #12801 | |||||
2012-07-09 | Fix uninitialized variable | Stephen Gallagher | 1 | -0/+1 | |
Coverity #12802 | |||||
2012-07-09 | Fix use-after-free | Stephen Gallagher | 1 | -0/+1 | |
Coverity #12803 | |||||
2012-07-09 | heimdal: use sss_krb5_princ_realm to access realm | Rambaldi | 1 | -4/+11 | |
2012-07-09 | heimdal: fix compile error in krb5-child-test | Rambaldi | 2 | -0/+5 | |
2012-07-06 | Revert commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8 | Stef Walter | 4 | -187/+0 | |
* This broke corner cases when used with default_tkt_types = des-cbc-crc and DES enabled on an AD domain. * This is fixed in kerberos instead, in a more correct way and in a way which we cannot replicate. | |||||
2012-07-06 | AD: Force case-insensitive operation in AD provider | Stephen Gallagher | 1 | -0/+18 | |
2012-07-06 | CONFDB: Add the ability to set a boolean value in the confdb | Stephen Gallagher | 2 | -0/+80 | |
2012-07-06 | AD: Add manpages and SSSDConfig entries | Stephen Gallagher | 9 | -2/+290 | |
2012-07-06 | AD: use krb5_keytab for validation and GSSAPI | Stephen Gallagher | 3 | -3/+12 | |
This simplifies configuration by eliminating the need to specifiy both krb5_keytab and ldap_krb5_keytab if the keytab is not located at /etc/krb5.keytab | |||||
2012-07-06 | AD: Add AD provider to the spec file | Stephen Gallagher | 1 | -0/+1 | |
2012-07-06 | AD: Add AD access-control provider | Stephen Gallagher | 5 | -1/+190 | |
This patch adds support for checking whether a user is expired or disabled in AD. | |||||
2012-07-06 | AD: Add AD auth and chpass providers | Stephen Gallagher | 4 | -1/+159 | |
These new providers take advantage of existing code for the KRB5 provider, providing sensible defaults for operating against an Active Directory 2008 R2 or later server. |