Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
|
|
https://fedorahosted.org/sssd/ticket/954
|
|
This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6.
|
|
Previously, we were only displaying expiration warnings if the
password was going to expire within a day. We'll allow LDAP to
make this decision (by whether it passes us the expiration time).
In the future, we can add an option to clamp this down to a
shorter period if the local admin prefers it.
|
|
These two functions were almost identical. Better to maintain them
as a single function.
|
|
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
https://fedorahosted.org/sssd/ticket/928
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/742
|
|
https://fedorahosted.org/sssd/ticket/551
|
|
https://fedorahosted.org/sssd/ticket/742
|
|
We will now re-read the confdb debug_level value when processing
the monitor_common_logrotate() function, which occurs when the
monitor receives a SIGHUP.
|
|
This was implemented almost identically for both the responders
and the providers. It is easier to maintain as a single routine.
This patch also adds the ability to provide a private context to
attach to the sbus_connection for later use.
|
|
|
|
In responder a negative cache is used to indicate that the record has
not been found by previous lookup. This approach is however not
applicable for netgroup lookup because the design of their lookup is a
little different.
This patch removes some pieces of code working with negative cache,
because they didn't fuction well. Instead a new flag has been added to
the positive cache. This flag indicates if the record in the cache
is a record of existing netgroup or it's just a placeholder.
https://fedorahosted.org/sssd/ticket/820
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/798
|
|
|
|
To avoid wrong or missing netgroup names in the getent_ctx destructor
set_netgroup_entry() now takes the name out of the getent_ctx struct
instead of using a separate argument.
|
|
https://fedorahosted.org/sssd/ticket/817
|
|
Previously, we were setting the client context PAM lookup timeout
after the first domain replied. However, if the user wasn't a
member of the first domain, their information wasn't being
updated.
This patch ensures that we only set this timeout after the user
has been found or all domains were searched.
|
|
Previously we were only looking up the user, but we need to make
sure that all groups are available for use by access providers.
|
|
|
|
|
|
When the automatic cleanup happened, if the netgroup had been
created with no contents (to indicate an unknown netgroup), we
weren't saving the hash table address and the talloc_free() was
failing.
|
|
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
|
|
The existence of the getent_ctx is used to track the enumeration cache
timeout.
|
|
|
|
|
|
Also adds an option to limit how often we check the ID provider,
so that conversations with multiple PAM requests won't update the
cache multiple times.
https://fedorahosted.org/sssd/ticket/749
|
|
Previously, this was initialized to zero, so the first domain in
the list wouldn't be checked for ID updates in
pam_check_user_search. This initializes the first domain to check
the provider.
|
|
https://fedorahosted.org/sssd/ticket/735
|
|
Also fixes the same problem with set_close_on_exec
https://fedorahosted.org/sssd/ticket/713
|
|
|
|
https://fedorahosted.org/sssd/ticket/716
|
|
https://fedorahosted.org/sssd/ticket/719
|
|
|
|
|
|
Currently we display all PAM messages generated by sssd to the user. But
only some of them are important and others are just some useful
information.
This patch introduces a new option to the PAM responder which controls
what kind of messages are displayed. As an example the 'Authenticated
with cached credentials' message is used. This message is only displayed
if pam_verbosity=1 or if there is an expire date.
|
|
|
|
|
|
|