summaryrefslogtreecommitdiff
AgeCommit message (Collapse)AuthorFilesLines
2013-09-16Add missing new line in DEBUG messageLukas Slebodnik1-2/+3
2013-09-16util: Use systemd-login to check user sessionsSimo Sorce4-5/+51
Use systemd-lgin in preference to check if the user is logged in or not. Fall back to the old method if no systemd-login support is available at compile time or if it returns a fatal error, and can't determine the status of the user on its own. This will allow to consider a user really active (in order to reuse or refresh crdentials) only if it really is logged into the system, and not just if one of the user's processes is stuck around. Resolves: https://fedorahosted.org/sssd/ticket/2084
2013-09-13man sssd: Add note about SSS_NSS_USE_MEMCACHEMichal Zidek1-0/+8
2013-09-13Rename _SSS_MC_SPECIALMichal Zidek1-2/+2
If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
2013-09-13IPA: Deprecate ipa_hbac_support_srchost optionOndrej Kos3-23/+11
This option got already deprecated on the ipa server side. Option is undocumented and warning is printed both to the sssd log files and syslog. Resolves: https://fedorahosted.org/sssd/ticket/1918
2013-09-13MAN: Remove IPA specific LDAP settingsOndrej Kos1-218/+0
Resolves: https://fedorahosted.org/sssd/ticket/1187
2013-09-13Bump version to track 1.12 developmentJakub Hrozek1-1/+1
2013-09-12KRB: Remove unused function parametersLukas Slebodnik1-4/+2
Parameter "int *dp_err" and parameter "int *pam_status" were unused in static function krb5_auth_prepare_ccache_name.
2013-09-12KRB: Remove unused memory contextLukas Slebodnik3-3/+3
mem_ctx was unused in function get_domain_or_subdomain
2013-09-12TESTS: Remove unused variableJakub Hrozek1-4/+0
The tmpl variable was only ever used to default to FILE backend in case absolute patch w/o ccache type was selected. Since backends are no longer there, we can remove the variable, too.
2013-09-12Remove unused codeJakub Hrozek2-69/+0
2013-09-11Enable printf format string checkingLukas Slebodnik2-2/+26
https://fedorahosted.org/sssd/ticket/1945
2013-09-11Fix formating of variables with type: gid_tLukas Slebodnik7-25/+27
2013-09-11Fix formating of variables with type: uid_tLukas Slebodnik9-18/+27
2013-09-11Fix formating of variables with type: id_tLukas Slebodnik5-7/+38
2013-09-11Use right formating to print stringLukas Slebodnik1-1/+1
format specifies type 'int' but the argument has type 'const char *'
2013-09-11Fix warning: data argument not used by format stringLukas Slebodnik1-2/+5
2013-09-11Fix formating of variables with ber_ typeLukas Slebodnik2-3/+4
2013-09-11Fix formating of variables with type: time_tLukas Slebodnik7-9/+10
2013-09-11Fix formating of variables with type defined in stdint.hLukas Slebodnik4-11/+14
2013-09-11Fix formating of variables with type: rlim_tLukas Slebodnik2-5/+12
2013-09-11Fix formating of variables with type: key_serial_tLukas Slebodnik2-1/+5
2013-09-11Adding new header for printf formating macrosLukas Slebodnik3-0/+34
2013-09-11Fix formating of variables with type: size_tLukas Slebodnik33-69/+82
2013-09-11Fix formating of variables with type: ssize_tLukas Slebodnik7-10/+11
2013-09-11Use the same variable type like in struct ldb_message_elementLukas Slebodnik1-1/+1
struct ldb_message_element.num_values is unsigned This patch indirectly fixes printf format string warning.
2013-09-11Fix pointer formattingLukas Slebodnik1-5/+5
2013-09-11Fix formating of variables with type: intLukas Slebodnik3-5/+7
2013-09-11Fix formating of variables with type: unsigned longLukas Slebodnik2-2/+2
2013-09-11Fix formating of variables with type: longLukas Slebodnik7-13/+16
2013-09-11LDAP: Store cleanup timestamp after initial cleanupJakub Hrozek3-10/+10
When the SSSD changes serves (and hence lastUSN) we perform a cleanup as well. However, after recent changes, we didn't set the cleanup timestamp correctly, which made the lastUSN logic fail.
2013-09-10is_dn(): free dnPavel Březina1-0/+2
2013-09-10krb5: Fix warning sometimes uninitializedLukas Slebodnik1-0/+2
warning: variable 'ret' is used uninitialized whenever 'if' condition is false if (kerr) { ^~~~
2013-09-10DB: Rise search functions debug levelsOndrej Kos1-9/+9
2013-09-10DB: Add user/group lookup by SIDOndrej Kos3-23/+134
2013-09-10sysdb_search_group_by_gid: obtain gid instead of uidPavel Březina1-1/+1
2013-09-09krb5: Remove unused helper functionsSimo Sorce2-88/+0
these functions are not needed anymore. Related: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5_child: Simplify ccache creationSimo Sorce1-387/+87
The containing ccache directory is precreated by the parent code, so there is no special need to do so here for any type. Also the special handling for the FILE ccache temporary file is not really useful, because libkrb5 internally unlinks and then recreate the file, so mkstemp cannot really prevent subtle races, it can only make sure the file is unique at creation time. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Add file/dir path precheckSimo Sorce2-0/+35
Add a precheck on the actual existence at all of the file/dir ccname targeted (for FILE/DIR types), and bail early if nothing is available. While testing I found out that without this check, the krb5_cc_resolve() function we call as user to check old paths would try to create the directory if it didn't exist. With a ccname of DIR:/tmp/ccdir_1000 saved in the user entry this would cause two undesirable side effects: First it would actually create a directory with the old name, when it should not. Second, because for some reason the umask is set to 0127 in sssd_be, it would create the directory with permission 600 (missing the 'x' traverse bit on the directory. If the new ccache has the same name it would cause the krb5_child process to fal to store the credential cache in it. Related: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Remove unused functionSimo Sorce2-32/+0
Related: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Remove unused ccache backend infrastructureSimo Sorce7-167/+14
Remove struct sss_krb5_cc_be and the remaining functions that reference it as they are all unused now. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Unify function to create ccache filesSimo Sorce5-94/+43
Only 2 types (FILE and DIR) need to precreate files or directories on the file system, and the 2 functions were basically identical. Consolidate all in one common function and use that function directly where needed instead of using indirection. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Use new function to validate ccachesSimo Sorce3-371/+88
This function replaces and combines check_for_valid_tgt() and type specific functions that checked for ccache existence by using generic krb5 cache function and executing them as the target user (implicitly validate the target use rcan properly access the ccache). Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Make check_for_valid_tgt() staticSimo Sorce3-76/+74
check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: move template check to initializzationSimo Sorce4-24/+22
The randomized template check realy only makes sense for the FILE ccache which is the only one that normally needs to use randomizing chars. Also it is better to warn the admin early rather than to warn 'when it is too late'. So move the check at initialization time when we determine what the template actually is. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Move determination of user being activeSimo Sorce3-43/+17
The way a user is checked for being active does not depend on the ccache type so move that check out of the ccache specific functions. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Replace type-specific ccache/principal checkSimo Sorce3-148/+89
Instead of having duplicate functions that are type custom use a signle common function that also performs access to the cache as the user owner, implicitly validating correctness of ownership. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Use krb5_cc_destroy to remove old ccachesSimo Sorce5-119/+21
This completely replaces the per-ccache-type custom code to remove old cacches and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as the user owner. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Add helper to destroy ccache as userSimo Sorce2-0/+111
This function safely destroy a ccache given a cache name and user crdentials. It becomes the user so no possible races can compromise the system, then uses libkrb5 functions to properly destroy a ccache, independently of the cache type. Finally restores the original credentials after closing the ccache handlers. Resolves: https://fedorahosted.org/sssd/ticket/2061
2013-09-09krb5: Add calls to change and restore credentialsSimo Sorce2-0/+131
In some cases we want to temporarily assume user credentials but allow the process to regain back the original credentials (normally regaining uid 0). Related: https://fedorahosted.org/sssd/ticket/2061