Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-10-12 | PAM: fix handling the client fd in pam destructor | Jakub Hrozek | 3 | -18/+18 | |
* Protect the fd with a mutex when closing * Set it to a safe value after closing | |||||
2012-10-12 | Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudo | Jakub Hrozek | 1 | -12/+0 | |
2012-10-11 | PAM: close socket fd with pam_set_data | Jakub Hrozek | 3 | -0/+33 | |
https://fedorahosted.org/sssd/ticket/1569 | |||||
2012-10-10 | do not fail if POLLHUP occurs while reading data | Pavel Březina | 1 | -1/+9 | |
This cause troubles when we send data to a pipe and close the file descriptor before data is read. The pipe is still readable, but POLLHUP is detected and we fail to read them. For example, this may cause a user beeing unable to log in. Now if POLLHUP appears, we read the pipe and then close it on the client side too. | |||||
2012-09-04 | SSH: Simplify public key formatting function | Jan Cholasta | 1 | -2/+1 | |
2012-09-04 | SSH: Return error code in SSH utility functions | Jan Cholasta | 1 | -6/+7 | |
2012-08-27 | Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client | Jakub Hrozek | 1 | -6/+90 | |
https://fedorahosted.org/sssd/ticket/1460 | |||||
2012-08-13 | sss_client: Group lookups should work even when fastcache cannot be initialized | Jakub Hrozek | 1 | -8/+2 | |
https://fedorahosted.org/sssd/ticket/1415 | |||||
2012-07-27 | Write SELinux config files in responder instead of PAM module | Jan Zeleny | 2 | -99/+0 | |
2012-07-27 | Move SELinux processing from session to account PAM stack | Jan Zeleny | 1 | -55/+55 | |
The idea is to rename session provider to selinux provider. Processing of SELinux rules has to be performed in account stack in order to ensure that pam_selinux (which is the first module in PAM session stack) will get the correct input from SSSD. Processing of account PAM stack is bound to access provider. That means we need to have two providers executed when SSS_PAM_ACCT_MGMT message is received from PAM responder. Change in data_provider_be.c ensures just that - after access provider finishes its actions, the control is given to selinux provider and only after this provider finishes is the result returned to PAM responder. | |||||
2012-07-18 | Fix uninitialized values | Nick Guay | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/1379 | |||||
2012-07-16 | sudo test client: avoid SIGSEGV when run without arguments | Pavel Březina | 1 | -1/+1 | |
SIGSEGV occured when sss_sudo_cli was run without any arguments. | |||||
2012-07-10 | Remove resource leak in sssdpac_import_authdata | Sumit Bose | 1 | -3/+1 | |
Fixes https://fedorahosted.org/sssd/ticket/1409 | |||||
2012-07-09 | Fix use-after-free | Stephen Gallagher | 1 | -0/+1 | |
Coverity #12803 | |||||
2012-06-29 | sudo responder: change protocol version to 1 | Pavel Březina | 1 | -1/+1 | |
2012-06-29 | sudo api: send uid, username and domainname | Pavel Březina | 5 | -66/+158 | |
https://fedorahosted.org/sssd/ticket/1239 Test client was changed accordingly. The new usage is: sss_sudo_cli username [uid] If uid is not set, getpwnam(username) is called. It will retrieve both default options and rules. | |||||
2012-06-29 | sudo api: remove EOK | Pavel Březina | 2 | -13/+10 | |
2012-06-21 | PAC client: add krb5 authdata plugin | Sumit Bose | 2 | -0/+467 | |
2012-06-21 | PAC client: add basic support in common client code | Sumit Bose | 2 | -0/+38 | |
2012-06-21 | PAC responder: add the core functionality | Sumit Bose | 1 | -0/+4 | |
This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution. | |||||
2012-06-21 | Add close on exec support for old platforms | Simo Sorce | 1 | -1/+16 | |
Older platfroms like RHEL5 do not have support for O_CLOEXC and need an explicit fcntl after the fd is created. Add it conditionally so it can be clearly removed once we declared those platfroms obsolete and unsupported. | |||||
2012-06-21 | Do not leak file descriptors in client libs. | Simo Sorce | 1 | -1/+1 | |
We need to make sure the mc socket is not leaked otherwise child processes will pile up leaked file descriptors. Add O_CLOEXEC when opening the cache. | |||||
2012-06-18 | Do not send SIGPIPE on disconnection | Shantanu Goel | 1 | -6/+21 | |
Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it. | |||||
2012-06-18 | Set return errno to the value prior to calling close(). | Shantanu Goel | 1 | -2/+2 | |
2012-06-15 | SSS_CLIENT: Fix uninitialized value error | Stephen Gallagher | 1 | -1/+1 | |
This would cause a crash if we jump to the done: label before it has been allocated. | |||||
2012-06-14 | Provide "service filter" for SELinux context | Jan Zeleny | 1 | -0/+20 | |
At this moment we will support only asterisk, designating "all services". https://fedorahosted.org/sssd/ticket/1360 | |||||
2012-05-31 | SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are ↵ | Jan Cholasta | 1 | -36/+49 | |
missing https://fedorahosted.org/sssd/ticket/1356 | |||||
2012-05-31 | SSH: Supress error message output in sss_ssh_knownhostsproxy | Jan Cholasta | 2 | -15/+8 | |
2012-05-29 | Revert the client packet length, too, after reverting the packet protocol | Jakub Hrozek | 1 | -1/+1 | |
2012-05-25 | NSS: Restore original protocol for getservbyport | Stephen Gallagher | 1 | -2/+3 | |
When fixing an endianness bug, we changed the protocol unnecessarily. | |||||
2012-05-25 | Send 16bit protocol numbers from the sss_client | Jakub Hrozek | 1 | -6/+7 | |
https://fedorahosted.org/sssd/ticket/1348 | |||||
2012-05-22 | Always use positional arguments in translatable strings | Stephen Gallagher | 1 | -2/+2 | |
https://fedorahosted.org/sssd/ticket/1336 | |||||
2012-05-03 | AUTOFS: remove unused assignments | Jakub Hrozek | 1 | -1/+0 | |
Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails. | |||||
2012-05-02 | PAM_SSS: report error code if write fails | Jakub Hrozek | 1 | -2/+2 | |
clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message. | |||||
2012-04-24 | SSH: Add support for hashed known_hosts | Jan Cholasta | 1 | -1/+1 | |
https://fedorahosted.org/sssd/ticket/1203 | |||||
2012-04-20 | Convert read and write operations to sss_atomic_read | Jakub Hrozek | 2 | -27/+27 | |
https://fedorahosted.org/sssd/ticket/1209 | |||||
2012-04-18 | autofs: Raise the maximum key length to PATH_MAX | Jakub Hrozek | 1 | -2/+4 | |
https://fedorahosted.org/sssd/ticket/1300 | |||||
2012-04-18 | sudo api: check sss_status instead of errnop in sss_sudo_send_recv_generic() | Pavel Březina | 1 | -2/+4 | |
2012-04-18 | pam_sss: improve error handling in SELinux code | Jakub Hrozek | 1 | -3/+5 | |
2012-04-05 | Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION | Jakub Hrozek | 1 | -3/+4 | |
https://fedorahosted.org/sssd/ticket/1271 | |||||
2012-03-28 | Silence Coverity warning in the autofs test tool | Jakub Hrozek | 1 | -8/+22 | |
https://fedorahosted.org/sssd/ticket/1237 | |||||
2012-03-26 | AUTOFS: fix copy-and-paste bug in the autofs client | Jakub Hrozek | 1 | -1/+1 | |
2012-03-20 | SSH: Fix infinite loop in sss_ssh_knownhostsproxy | Jan Cholasta | 1 | -6/+9 | |
https://fedorahosted.org/sssd/ticket/1268 | |||||
2012-03-19 | sss_client: shared memory cache group map support | Simo Sorce | 3 | -0/+268 | |
2012-03-19 | sss_client: shared memory cache passwd map support | Simo Sorce | 3 | -0/+262 | |
2012-03-19 | sss_client: Add common shared memory cache utils | Simo Sorce | 2 | -0/+334 | |
2012-03-15 | SSH: Canonicalize host name and do reverse DNS lookup in sss_ssh_knownhostsproxy | Jan Cholasta | 1 | -26/+38 | |
https://fedorahosted.org/sssd/ticket/1245 | |||||
2012-03-15 | SSH: Allow clients to explicitly specify host alias | Jan Cholasta | 4 | -6/+25 | |
This change removes the need to canonicalize host names on the responder side - the relevant code was removed. | |||||
2012-03-09 | Fixed resource leak in ssh client code | Jan Zeleny | 1 | -0/+1 | |
2012-03-09 | Fixed uninitialized pointer in SSH authorized keys client | Jan Zeleny | 1 | -1/+1 | |