summaryrefslogtreecommitdiff
path: root/src/providers
AgeCommit message (Collapse)AuthorFilesLines
2012-10-02Flip the default value of ldap_initgroups_use_matching_rule_in_chainJakub Hrozek2-2/+2
https://fedorahosted.org/sssd/ticket/1535
2012-10-02remove left over principal selectionPavel Březina1-21/+0
https://fedorahosted.org/sssd/ticket/1303 Domain start up was taking too long when there are many principals in a kerberos keytab. We were looking up in the keytab two times. The first time we try to select a proper principal and remember it. The second call happens almost right after the first one and it is just a check if the principal exists in the keytab, without any output information other than success/failure. It is probably a left over from https://fedorahosted.org/sssd/ticket/781. This patch removes the second call.
2012-09-26LDAP: Handle empty namingContexts values safelyStephen Gallagher1-0/+8
Certain LDAP servers can return an empty string as the value of namingContexts. We need to treat these as NULL so that we can fail gracefully. https://fedorahosted.org/sssd/ticket/1542
2012-09-24KRB5: Recover gracefully if the ccache file could not be reusedJakub Hrozek1-4/+6
https://fedorahosted.org/sssd/ticket/1384
2012-09-24Bad debug message when no dns_discovery_domain specified.Michal Zidek1-3/+11
https://fedorahosted.org/sssd/ticket/920
2012-09-24SYSDB: Remove unnecessary domain parameter from several sysdb callsJakub Hrozek5-12/+6
The domain can be read from the sysdb object. Removing the domain string makes the API more self-contained.
2012-09-24AUTOFS: Use both key and value in entry RDNJakub Hrozek1-2/+10
This patch switches from using just key in the RDN to using both key and value. That is neccessary to allow multiple direct mounts in a single map.
2012-09-24AUTOFS: Add entry objects below map objectsJakub Hrozek1-43/+91
https://fedorahosted.org/sssd/ticket/1506 Changes how the new autofs entry objects are handled. Instead of creating the entry on the cn=autofs,cn=custom level, the entry is created below the map it belongs to.
2012-09-24AUTOFS: Do not fail if search base is not providedJakub Hrozek1-2/+2
2012-09-24AD: Handle sysdb lookup failure during tokenGroups processingStephen Gallagher1-0/+6
2012-09-24Make subdomain discovery less noisySumit Bose1-15/+16
Fixes https://fedorahosted.org/sssd/ticket/1517
2012-09-24sdap_add_incomplete_groups(): fix ret may be uninitialized warningPavel Březina1-1/+1
2012-09-24AD: Optimize initgroups lookups with tokenGroupsStephen Gallagher3-4/+313
https://fedorahosted.org/sssd/ticket/1355
2012-09-24AD: Detect domain controller compatibility versionStephen Gallagher3-0/+44
2012-09-24AD: autorid compatibility should recommend the use of default domainStephen Gallagher1-4/+4
Previously, we were failing to start if ldap_idmap_autorid_compat was True but the default domain SID was unspecified. This is the recommended configuration, but it is functional without it. There is just a slight risk that the IDs will be inconsistent between machines if the first user requested is not from the default domain. https://fedorahosted.org/sssd/ticket/1530
2012-09-20SSSD fails to store users if any of the requested attribute is empty.Michal Zidek1-0/+6
https://fedorahosted.org/sssd/ticket/1440
2012-09-20Add more debuginfo into ldap_childOndrej Kos1-23/+36
https://fedorahosted.org/sssd/ticket/1225 krb5_child already updated before. Adding more debuginfo into ldap_child. Also old debug levels rewritten into new macros.
2012-09-20KRB5 child: handle more error codes gracefullyJakub Hrozek1-31/+26
This patch changes handling of krb5 child error codes so that it's on par with the 1.8 branch after Joschi Brauchle reviewed the 1.8 backport.
2012-09-20KRB5 child: Don't return System Error on empty passwordJakub Hrozek1-0/+4
https://fedorahosted.org/sssd/ticket/1310
2012-09-17Failover: use _srv_ when no primary server is definedPavel Březina4-46/+12
https://fedorahosted.org/sssd/ticket/1521
2012-09-13SELinux: Always use the default if it exists on the serverJakub Hrozek1-9/+9
https://fedorahosted.org/sssd/ticket/1513 This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045 During an e-mail discussion, it was decided that * if the default is set in the IPA config object, the SSSD would use that default no matter what * if the default is not set (aka empty or missing), the SSSD would just use the system default and skip creating the login file altogether
2012-09-13FO: Check server validity before setting statusJakub Hrozek7-33/+49
The list of resolved servers is allocated on the back end context and kept in the fo_service structure. However, a single request often resolves a server and keeps a pointer until the end of a request and only then gives feedback about the server based on the request result. This presents a big race condition in case the SRV resolution is used. When there are requests coming in in parallel, it is possible that an incoming request will invalidate a server until another request that holds a pointer to the original server is able to give a feedback. This patch simply checks if a server is in the list of servers maintained by a service before reading its status. https://fedorahosted.org/sssd/ticket/1364
2012-09-12backend: initialize sudo only when it is enabled in servicesPavel Březina1-3/+63
https://fedorahosted.org/sssd/ticket/1458 When the responder is disabled and sudo_provider is set explicitly, a warning is print and the module will be initialized.
2012-09-12be_process_init(): free ctx on errorPavel Březina1-15/+21
2012-09-12netgroup: resolve hostgroup membership correctlyPavel Březina1-1/+1
https://fedorahosted.org/sssd/ticket/1519 IPA host refactoring changed mapping of memberOf attribute which caused SSSD being unable to retrieve membership of hostgroup when being interpreted as netgroup.
2012-09-10KRB5: Add a missing string argumentJakub Hrozek1-1/+2
2012-09-10KRB5: Return PAM_AUTH_ERR on incorrect passwordJakub Hrozek1-19/+32
https://fedorahosted.org/sssd/ticket/1515
2012-09-10KRB5: cancel the sysdb transaction on one place onlyJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1516 If sysdb_set_user_attr failed, we would cancel the transaction, then go to the error handler and attempt to close it again.
2012-09-05Don't terminate the same connection twiceJakub Hrozek1-6/+0
https://fedorahosted.org/sssd/ticket/1488
2012-09-05Retry the next server if bind during LDAP auth times outJakub Hrozek1-1/+6
2012-08-24Use new debug levels in validate_tgt()Sumit Bose1-13/+16
2012-08-24Fix fallback in validate_tgt()Sumit Bose1-8/+20
To validate a TGT a keytab entry from the client realm is preferred but if none ca be found the last entry should be used. But the entry was freed and zeroed before it could be used. This should also fix the trusted domain use case mentioned in https://fedorahosted.org/sssd/ticket/1396 although a different approach then suggested in the ticket is used.
2012-08-23Fix: IPv6 address with square brackets doesn't work.Michal Zidek4-1/+35
https://fedorahosted.org/sssd/ticket/1365
2012-08-23Unify usage of sysdb transactionsMichal Zidek13-48/+167
Removing bad examples of usage of sysdb_transaction_start/commit/end functions and making it more consistent (all files except of src/db/sysdb_*.c).
2012-08-23Typo in debug message (SSSd -> SSSD).Michal Zidek1-1/+1
https://fedorahosted.org/sssd/ticket/1434
2012-08-23Clean up cache on server reinitializationPavel Březina5-4/+403
https://fedorahosted.org/sssd/ticket/734 We successfully detect when the server is reinitialized by testing the new lastUSN value. The maximum USN values are set to zero, but the current cache content remains. This patch removes records that were deleted from the server. It uses the following approach: 1. remove entryUSN attribute from all entries 2. run enumeration 3. remove records that doesn't have entryUSN attribute updated We don't need to do this for sudo rules, they will be refreshed automatically during next smart/full refresh, or when an expired rule is deleted.
2012-08-23Consolidation of functions that make realm upper-caseOndrej Kos3-31/+4
2012-08-23AD context was set to null due to type mismatchOndrej Kos3-1/+14
2012-08-21Remove compilation warning: ret may be uninitializedPavel Březina1-0/+2
2012-08-21Process all groups from a single nesting levelJakub Hrozek1-4/+14
https://bugzilla.redhat.com/show_bug.cgi?id=846664 If the first group was cached when processing the nested group membership, we would call tevent_req_done, effectivelly marking the whole nesting level as done.
2012-08-15KRB5: Only return PAM error for unreachable kpasswd when performing chpassJakub Hrozek1-2/+4
https://fedorahosted.org/sssd/ticket/1452
2012-08-15FO: Return EAGAIN if there are more servers to tryJakub Hrozek1-0/+9
The caller should issue a next request, which would just shortcut with ENOENT.
2012-08-15FO: Don't retry the same server if it's not workingJakub Hrozek1-2/+3
2012-08-15Duplicate detection in fail over did not work.Michal Zidek8-10/+64
https://fedorahosted.org/sssd/ticket/1472
2012-08-10When ldap_group_nesting_level was reached, the LDAP provider tried to link ↵Michal Zidek1-1/+45
group members with groups outside nesting limit. https://fedorahosted.org/sssd/ticket/1194
2012-08-09Don't use server after SRV data collapsedJakub Hrozek1-5/+8
2012-08-09SRV resolution for backup servers should not be permitted.Michal Zidek4-5/+36
https://fedorahosted.org/sssd/ticket/1463
2012-08-09Change default for ldap_idmap_range_min to 200000Jakub Hrozek3-3/+3
https://fedorahosted.org/sssd/ticket/1462
2012-08-09Abort PAM access phase if HBAC does not return PAM_SUCCESSJakub Hrozek1-0/+1
2012-08-09Backward GOTOs rewritten into do-while loops.Ondrej Kos2-245/+271