Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2010-05-07 | Fix memory hierarchy in the ipa timerules | Jakub Hrozek | 1 | -4/+4 | |
2010-05-07 | Split pam_data utilities into a separate file | Sumit Bose | 2 | -35/+60 | |
2010-05-07 | Use all available servers in LDAP provider | Jakub Hrozek | 3 | -14/+91 | |
2010-05-07 | Fix segfault in GSSAPI reconnect code | Stephen Gallagher | 2 | -57/+41 | |
Also clean up some duplicated code into a single common routine sdap_account_info_common_done() | |||||
2010-05-03 | Fix a wrong return value in IPA HBAC | Sumit Bose | 1 | -2/+2 | |
2010-05-03 | Avoid freeing sdap_handle too early | Simo Sorce | 2 | -18/+46 | |
Prevent freeing the sdap_handle by failing in the destructor if we are trying to recurse. | |||||
2010-05-03 | Better handle sdap_handle memory from callers. | Simo Sorce | 7 | -42/+144 | |
Always just mark the sdap_handle as not connected and let later _send() functions to take care of freeing the handle before reconnecting. Introduce restart functions to avoid calling _send() functions in _done() functions error paths as this would have the same effect as directly freeing the sdap_handle and cause access to freed memory in sdap_handle_release() By freeing sdap_handle only in the connection _recv() function we guarantee it can never be done within sdap_handle_release() but only in a following event. | |||||
2010-05-03 | Fix uninitialized variable | Jakub Hrozek | 1 | -0/+1 | |
2010-04-30 | Add dns_resolver_timeout option | Stephen Gallagher | 1 | -1/+9 | |
We had a hard-coded timeout of five seconds for DNS lookups in the async resolver. This patch adds an option 'dns_resolver_timeout' to specify this value (Default: 5) | |||||
2010-04-30 | Silence warnings with -O2 | Jakub Hrozek | 2 | -8/+22 | |
2010-04-30 | Support SRV servers in failover | Jakub Hrozek | 2 | -51/+523 | |
Adds a new failover API call fo_add_srv_server that allows the caller to specify a server that is later resolved into a list of specific servers using SRV requests. Also adds a new failover option that specifies how often should the servers resolved from SRV query considered valid until we need a refresh. The "real" servers to connect to are returned to the user as usual, using the fo_resolve_service_{send,recv} calls. Make SRV resolution work with c-ares 1.6 | |||||
2010-04-30 | Remove freed server_common entities from list | Jakub Hrozek | 1 | -1/+24 | |
2010-04-26 | Display a message if a password reset by root fails | Sumit Bose | 2 | -0/+15 | |
2010-04-26 | Make the handling of fd events opaque | Sumit Bose | 5 | -184/+278 | |
Depending on the version of the OpenLDAP libraries we use two different schemes to find the file descriptor of the connection to the LDAP server. This patch removes the related ifdefs from the main code and introduces helper functions which can handle the specific cases. | |||||
2010-04-26 | Treat server names as case-insensitive in failover code | Jakub Hrozek | 1 | -2/+2 | |
2010-04-26 | Set LDAP_OPT_RESTART for all LDAP connections | Sumit Bose | 1 | -7/+7 | |
2010-04-16 | Make ID provider init functions clearer | Stephen Gallagher | 4 | -11/+11 | |
Using sssm_*_init() as the name of the initialization function for identity providers was a holdover from earlier development when we thought we would only have a single "provider" entry in the config file. As we have now separated out the initialization functions for auth, chpass and access, we should rename sssm_*_init() to sssm_*_id_init() for a cleaner interface. | |||||
2010-04-12 | sysydb: Finally stop using a common event context | Simo Sorce | 1 | -1/+1 | |
This commit completes the migration to a synchronous sysdb | |||||
2010-04-12 | sysdb: remove remaining traces of sysdb_handle | Simo Sorce | 2 | -6/+0 | |
2010-04-12 | sysdb: convert sysdb_get_user_attr | Simo Sorce | 2 | -172/+82 | |
2010-04-12 | Remove remaining use of sysdb_transaction_send | Simo Sorce | 3 | -491/+173 | |
2010-04-12 | proxy: complete conversion to synchronous sysdb | Simo Sorce | 1 | -1113/+428 | |
This makes proxy use only synchronous functions again. | |||||
2010-04-12 | sysdb: convert sysdb_search_groups | Simo Sorce | 1 | -133/+57 | |
2010-04-12 | sysdb: delete sysdb_delete_group | Simo Sorce | 3 | -184/+65 | |
2010-04-12 | sysdb: convert sysdb_delete_user | Simo Sorce | 3 | -227/+74 | |
2010-04-12 | sysdb: convert sysdb_search_users | Simo Sorce | 1 | -67/+37 | |
2010-04-12 | sysdb: convert sysdb_asq_search | Simo Sorce | 1 | -150/+69 | |
2010-04-12 | sysdb: convert sysdb_store_custom | Simo Sorce | 1 | -113/+35 | |
2010-04-12 | sysdb: convert sysdb_search_custom | Simo Sorce | 1 | -42/+60 | |
2010-04-12 | sysdb: convert sysdb_cache_password | Simo Sorce | 3 | -89/+28 | |
2010-04-12 | sysdb: convert sysdb_store/add(_basic)_group | Simo Sorce | 2 | -403/+158 | |
2010-04-12 | sysdb: convert sysdb_store/add(_basic)_user | Simo Sorce | 2 | -367/+219 | |
2010-04-12 | sysdb: convert sysdb_set_entry/user/group_attr | Simo Sorce | 1 | -23/+4 | |
2010-04-12 | sysdb: convert sysdb_search_user_by_name/uid | Simo Sorce | 1 | -61/+14 | |
2010-04-12 | sysdb: convert sysdb_search_entry and sysdb_delete_recursive | Simo Sorce | 2 | -62/+16 | |
2010-04-12 | sysdb: convert sysdb_delete_entry | Stephen Gallagher | 1 | -66/+42 | |
2010-03-25 | Allow arbitrary-length PAM messages | Stephen Gallagher | 5 | -37/+27 | |
The PAM standard allows for messages of any length to be returned to the client. We were discarding all messages of length greater than 255. This patch dynamically allocates the message buffers so we can pass the complete message. This resolves https://fedorahosted.org/sssd/ticket/432 | |||||
2010-03-25 | Fix LDAP search paths for IPA HBAC | Sumit Bose | 5 | -43/+81 | |
- use domain_to_basedn() to construct LDAP search paths for IPA HBAC - move domain_to_basedn() to a separate file to simplify the build of a test | |||||
2010-03-25 | Add krb5_kpasswd to IPA provider | Eugene Indenbom | 2 | -2/+3 | |
The krb5 options were out of sync, causing a runtime abort. | |||||
2010-03-25 | Regression test against RHBZ #576856 | Jakub Hrozek | 2 | -5/+5 | |
2010-03-25 | Fix warnings from -Wmissing-field-initializers | Sumit Bose | 1 | -1/+3 | |
This patch removes some tab-indentations from pamsrv.c, too. | |||||
2010-03-25 | Set LDAP_OPT_RESTART for ldap_sasl_interactive_bind_s() | Sumit Bose | 1 | -0/+7 | |
This option is needed for the rare case where a poll() call during ldap_sasl_interactive_bind_s() is interrupted by a signal. LDAP_OPT_RESTART enables the handling of the EINTR error instead of returning an error. | |||||
2010-03-22 | Improvements for LDAP Password Policy support | Ralf Haferkamp | 4 | -13/+103 | |
Display warnings about remaining grace logins and password expiration to the user, when LDAP Password Policies are used. Improved detection if LDAP Password policies are supported by LDAP Server. | |||||
2010-03-22 | Lower debug level of unexpected LDAP result codes | Sumit Bose | 1 | -0/+5 | |
2010-03-18 | Fix error message for ldap_start_tls | Stephen Gallagher | 1 | -1/+1 | |
2010-03-17 | Fix a series of memory leaks in the SBUS | Stephen Gallagher | 1 | -1/+5 | |
2010-03-15 | Properly handle dbus send attempts on a closed connection | Stephen Gallagher | 1 | -22/+1 | |
dbus_connection_send_with_reply() will report success and return a NULL pending_reply when the connection is not open for communication. This patch creates a new wrapper around dbus_connection_send_with_reply() to properly detect this condition and report it as an error. | |||||
2010-03-15 | Fixed authentication check for CHAUTHTOK_PRELIM | Ralf Haferkamp | 1 | -1/+1 | |
When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful authentication in SSS_PAM_CHAUTHTOK_PRELIM. | |||||
2010-03-15 | Fixed check for expired passwords | Ralf Haferkamp | 1 | -2/+4 | |
When the user's password is expired it might also be indicated by the bind operation returning "INVALID_CREDENTIALS" with the ppolicy control's errorcode set to "PP_passwordExpired". | |||||
2010-03-12 | Add krb5_kpasswd option | Sumit Bose | 7 | -32/+208 | |