sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2009-12-09	Add German translation	Fabian Affolter	4	-0/+696

2009-12-09	Add missing options to sssd-ipa configuraion	Stephen Gallagher	1	-0/+72

2009-12-09	Properly deny id_provider=files	Stephen Gallagher	2	-6/+7

2009-12-09	Correctly restart server status after the timeout	Martin Nagy	1	-1/+1
	The macro STATUS_DIFF() was wrong causing the result to always be lower than 0, therefore the timeout was never reached. Fixes: #302
2009-12-09	Add some debugging statements to fail_over and resolver	Martin Nagy	2	-5/+69
	These were very useful for debugging and hopefully still will be in the future.
2009-12-09	Ensure that list_active_domains returns the real value	Stephen Gallagher	1	-4/+16
	Previously, we were accidentally filtering out domains that were not configured, so deleted domains might still appear in the active domain list. This patch should ensure that this never happens.
2009-12-09	SSSDConfig.get_domain() should properly detect active state	Stephen Gallagher	2	-0/+30

2009-12-09	Don't build the SRV and TXT parsing code except for tests	Jakub Hrozek	2	-8/+18

2009-12-09	Import ares 1.7.0 helpers	Jakub Hrozek	10	-116/+374

2009-12-09	Change ares usage to be c-ares 1.7.0 compatible	Jakub Hrozek	3	-87/+102
	* Rename structure accordingly to ares upstream * Use new ares parsing functions in the wrappers * fix tests for ares 1.7
2009-12-09	SSSDConfig API: fix deactivate_domain()	Stephen Gallagher	2	-2/+73
	deactivate_domain() would crash if it attempted to deactivate an already-inactive domain
2009-12-09	Fix egg-info file generation in the spec file	Martin Nagy	1	-4/+4
	We were actually listing files that are on the system, not those that we created in the $RPM_BUILD_ROOT. Also, by doing an echo with the regular expression, we put more than one file on one line. Rpmbuild doesn't like that and will not generate the rpms.
2009-12-09	Reduce code duplication between LDAP child and Kerberos child	Jakub Hrozek	4	-234/+160
	Fixes: #294
2009-12-09	Fix RPM spec for RHEL6	Stephen Gallagher	1	-1/+6

2009-12-08	Do not start with provider=files	Jakub Hrozek	1	-0/+6
	Fixes: #233
2009-12-08	Fix SSSDConfig API bugs around [de-]activation of domains	Stephen Gallagher	2	-7/+152
	Adds two new public functions: SSSDConfig.activate_domain() SSSDConfig.deactivate_domain() These two functions are used during the save_domain() call to ensure that the active domain list is always kept up to date.
2009-12-08	Fix broken SSSDChangeConf.set() function	Stephen Gallagher	1	-1/+1
	The set function didn't do anything at all. It needed to use the ipachangeconf.merge() function to behave properly instead of mergeNew()
2009-12-08	Reduce the verbosity of the SSSDConfigTest	Stephen Gallagher	1	-4/+4
	Now it will report only failures or final success
2009-12-08	Add SSSDDomain.set_name() function to SSSDConfig API	Stephen Gallagher	2	-3/+77
	This function will change the name of an existing domain
2009-12-08	Add comments to document latest changes	Simo Sorce	1	-0/+7

2009-12-08	dhash: Add private pointer for delete callback	Simo Sorce	6	-15/+38
	Also pass a flag to the delete callback to tell it if this is a normal entry removal or we are cleaning up the tbale definitively.
2009-12-08	Add Spanish translation	beckerde	2	-174/+201

2009-12-08	Add Portuguese translation	ruigo	4	-0/+693

2009-12-08	Run dhash tests	Stephen Gallagher	1	-0/+2
	Previously we were only building them but not running them.
2009-12-08	Make SSSDDomain.remove_provider() remove configured options	Stephen Gallagher	2	-6/+54
	We will remove all options for a provider that are not also required by another configured provider. (For example, we will not remove krb5_realm when deleting the krb5 auth provider if the LDAP provider is in use, since it may still require this argument).
2009-12-08	SSSDDomain.remove_provider() requires only the provider type	Stephen Gallagher	2	-12/+18
	There was no valid reason to require the backend type when specifying a provider to remove.
2009-12-08	Fix potential uninitialized value error in responder_dp.c	Stephen Gallagher	1	-1/+1
	If we fell into the default case of the switch statement, we would attempt to talloc_free() a random memory location. This patch guarantees that sdp_req is NULL if it has not been initialized.
2009-12-08	Fix potential uninitialized value errors in nsssrv_cmd.c	Stephen Gallagher	1	-1/+2

2009-12-08	Avoid returning uninitialized result.	Stephen Gallagher	1	-0/+1
	If grouplist was a zero-length array, we would return ret unitialized.
2009-12-08	Add allocation error check	Stephen Gallagher	1	-7/+10

2009-12-08	Change dhash API to be talloc-friendly	Simo Sorce	4	-55/+82

2009-12-08	Add dummy credentials to an empty ccache file	Sumit Bose	1	-2/+54
	Application like krb5-auth-dialog might get confused if there is a credential cache file without any credentials in it. This patch adds an expired credential where only the client and the server principal are set. The client principal is the user's principal and the server principal corresponds to a TGT principal of the realm the user belongs to.
2009-12-08	Fail on nonexistent input file	Jakub Hrozek	2	-3/+12

2009-12-08	Handle spaces in config parser	Jakub Hrozek	3	-2/+43
	Fixes: #301
2009-12-07	Fix bug #311, properly set callback attribute	Simo Sorce	1	-0/+1

2009-12-07	Allow nesting to fix #310	Simo Sorce	3	-0/+5

2009-12-07	Add offline support for ipa_access	Sumit Bose	2	-17/+134

2009-12-07	Add checks to test the memberuid handling	Sumit Bose	1	-13/+495

2009-12-07	Try to renew Kerberos credentials	Sumit Bose	5	-2/+189
	When using GSSAPI we need a valid service ticket to talk to the LDAP server. If the ticket is expired the LDAP client returns with 'Can't contact LDAP server'. Currently we set the backend offline if this error occurs although the server is still available. This patch checks if the TGT is expired and tries to renew the credentials before going offline.
2009-12-07	Make packaging of *.egg-info files more flexible	Sumit Bose	1	-1/+4

2009-12-07	Add basic OS detection	Sumit Bose	4	-2/+40
	Detect if the OS is Fedora, RHEL or SUSE and install the SUSE start-script on SUSE systems.
2009-12-07	Fix nested group memberships	Simo Sorce	6	-221/+299
	Search the local db to find the local DN using the original DN as search key. This way we do not have to rely on weak and faulty heuristicts based on DN names. Add a few helper functions in the process and change the way we pass members to sysdb_store_group_send(), instead of passing users and groups list, just add member DNs to the other sysdb attrs.
2009-12-07	Make strdn build functions more available	Simo Sorce	3	-42/+58

2009-12-07	Resolve nested groups also when rfc2307bis is used	Simo Sorce	1	-68/+2

2009-12-07	Do not treat missing proc files as errors.	Sumit Bose	1	-0/+10

2009-12-07	Add sysdb_search_custom request	Sumit Bose	3	-74/+206

2009-12-03	Raise debug log level for LDB_DEBUG_WARNING	Stephen Gallagher	1	-1/+1
	Level 3 was far too low for mostly-useless messages
2009-12-03	Make debug log timestamps human-readable	Stephen Gallagher	2	-4/+13

2009-12-03	Use the custom password field in groups too.	Simo Sorce	1	-3/+5
	Groups also need to honor the settable password field and use * by default.
2009-12-03	Use memberuid and not member in group enumerations	Simo Sorce	2	-54/+9
	This allows for correctly reporting nested group members, while at the same time not paying a too high price for caluclating nested groups at runtime e very time a search is made.