summaryrefslogtreecommitdiff
path: root/src/sss_client
AgeCommit message (Collapse)AuthorFilesLines
2012-10-12PAM: fix handling the client fd in pam destructorJakub Hrozek3-18/+18
* Protect the fd with a mutex when closing * Set it to a safe value after closing
2012-10-12Remove libsss_sudo.pc and move libsss_sudo.so to libsss_sudoJakub Hrozek1-12/+0
2012-10-11PAM: close socket fd with pam_set_dataJakub Hrozek3-0/+33
https://fedorahosted.org/sssd/ticket/1569
2012-10-10do not fail if POLLHUP occurs while reading dataPavel Březina1-1/+9
This cause troubles when we send data to a pipe and close the file descriptor before data is read. The pipe is still readable, but POLLHUP is detected and we fail to read them. For example, this may cause a user beeing unable to log in. Now if POLLHUP appears, we read the pipe and then close it on the client side too.
2012-09-04SSH: Simplify public key formatting functionJan Cholasta1-2/+1
2012-09-04SSH: Return error code in SSH utility functionsJan Cholasta1-6/+7
2012-08-27Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the clientJakub Hrozek1-6/+90
https://fedorahosted.org/sssd/ticket/1460
2012-08-13sss_client: Group lookups should work even when fastcache cannot be initializedJakub Hrozek1-8/+2
https://fedorahosted.org/sssd/ticket/1415
2012-07-27Write SELinux config files in responder instead of PAM moduleJan Zeleny2-99/+0
2012-07-27Move SELinux processing from session to account PAM stackJan Zeleny1-55/+55
The idea is to rename session provider to selinux provider. Processing of SELinux rules has to be performed in account stack in order to ensure that pam_selinux (which is the first module in PAM session stack) will get the correct input from SSSD. Processing of account PAM stack is bound to access provider. That means we need to have two providers executed when SSS_PAM_ACCT_MGMT message is received from PAM responder. Change in data_provider_be.c ensures just that - after access provider finishes its actions, the control is given to selinux provider and only after this provider finishes is the result returned to PAM responder.
2012-07-18Fix uninitialized valuesNick Guay1-1/+1
https://fedorahosted.org/sssd/ticket/1379
2012-07-16sudo test client: avoid SIGSEGV when run without argumentsPavel Březina1-1/+1
SIGSEGV occured when sss_sudo_cli was run without any arguments.
2012-07-10Remove resource leak in sssdpac_import_authdataSumit Bose1-3/+1
Fixes https://fedorahosted.org/sssd/ticket/1409
2012-07-09Fix use-after-freeStephen Gallagher1-0/+1
Coverity #12803
2012-06-29sudo responder: change protocol version to 1Pavel Březina1-1/+1
2012-06-29sudo api: send uid, username and domainnamePavel Březina5-66/+158
https://fedorahosted.org/sssd/ticket/1239 Test client was changed accordingly. The new usage is: sss_sudo_cli username [uid] If uid is not set, getpwnam(username) is called. It will retrieve both default options and rules.
2012-06-29sudo api: remove EOKPavel Březina2-13/+10
2012-06-21PAC client: add krb5 authdata pluginSumit Bose2-0/+467
2012-06-21PAC client: add basic support in common client codeSumit Bose2-0/+38
2012-06-21PAC responder: add the core functionalitySumit Bose1-0/+4
This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution.
2012-06-21Add close on exec support for old platformsSimo Sorce1-1/+16
Older platfroms like RHEL5 do not have support for O_CLOEXC and need an explicit fcntl after the fd is created. Add it conditionally so it can be clearly removed once we declared those platfroms obsolete and unsupported.
2012-06-21Do not leak file descriptors in client libs.Simo Sorce1-1/+1
We need to make sure the mc socket is not leaked otherwise child processes will pile up leaked file descriptors. Add O_CLOEXEC when opening the cache.
2012-06-18Do not send SIGPIPE on disconnectionShantanu Goel1-6/+21
Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it.
2012-06-18Set return errno to the value prior to calling close().Shantanu Goel1-2/+2
2012-06-15SSS_CLIENT: Fix uninitialized value errorStephen Gallagher1-1/+1
This would cause a crash if we jump to the done: label before it has been allocated.
2012-06-14Provide "service filter" for SELinux contextJan Zeleny1-0/+20
At this moment we will support only asterisk, designating "all services". https://fedorahosted.org/sssd/ticket/1360
2012-05-31SSH: Don't abort connection in sss_ssh_knownhostsproxy when DNS records are ↵Jan Cholasta1-36/+49
missing https://fedorahosted.org/sssd/ticket/1356
2012-05-31SSH: Supress error message output in sss_ssh_knownhostsproxyJan Cholasta2-15/+8
2012-05-29Revert the client packet length, too, after reverting the packet protocolJakub Hrozek1-1/+1
2012-05-25NSS: Restore original protocol for getservbyportStephen Gallagher1-2/+3
When fixing an endianness bug, we changed the protocol unnecessarily.
2012-05-25Send 16bit protocol numbers from the sss_clientJakub Hrozek1-6/+7
https://fedorahosted.org/sssd/ticket/1348
2012-05-22Always use positional arguments in translatable stringsStephen Gallagher1-2/+2
https://fedorahosted.org/sssd/ticket/1336
2012-05-03AUTOFS: remove unused assignmentsJakub Hrozek1-1/+0
Also changes setautomntent_send so that is only return NULL in case the tevent_req creation fails.
2012-05-02PAM_SSS: report error code if write failsJakub Hrozek1-2/+2
clang had reported this as "value of ret is never used", I think it would be nice to report a meaningful error message.
2012-04-24SSH: Add support for hashed known_hostsJan Cholasta1-1/+1
https://fedorahosted.org/sssd/ticket/1203
2012-04-20Convert read and write operations to sss_atomic_readJakub Hrozek2-27/+27
https://fedorahosted.org/sssd/ticket/1209
2012-04-18autofs: Raise the maximum key length to PATH_MAXJakub Hrozek1-2/+4
https://fedorahosted.org/sssd/ticket/1300
2012-04-18sudo api: check sss_status instead of errnop in sss_sudo_send_recv_generic()Pavel Březina1-2/+4
2012-04-18pam_sss: improve error handling in SELinux codeJakub Hrozek1-3/+5
2012-04-05Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTIONJakub Hrozek1-3/+4
https://fedorahosted.org/sssd/ticket/1271
2012-03-28Silence Coverity warning in the autofs test toolJakub Hrozek1-8/+22
https://fedorahosted.org/sssd/ticket/1237
2012-03-26AUTOFS: fix copy-and-paste bug in the autofs clientJakub Hrozek1-1/+1
2012-03-20SSH: Fix infinite loop in sss_ssh_knownhostsproxyJan Cholasta1-6/+9
https://fedorahosted.org/sssd/ticket/1268
2012-03-19sss_client: shared memory cache group map supportSimo Sorce3-0/+268
2012-03-19sss_client: shared memory cache passwd map supportSimo Sorce3-0/+262
2012-03-19sss_client: Add common shared memory cache utilsSimo Sorce2-0/+334
2012-03-15SSH: Canonicalize host name and do reverse DNS lookup in sss_ssh_knownhostsproxyJan Cholasta1-26/+38
https://fedorahosted.org/sssd/ticket/1245
2012-03-15SSH: Allow clients to explicitly specify host aliasJan Cholasta4-6/+25
This change removes the need to canonicalize host names on the responder side - the relevant code was removed.
2012-03-09Fixed resource leak in ssh client codeJan Zeleny1-0/+1
2012-03-09Fixed uninitialized pointer in SSH authorized keys clientJan Zeleny1-1/+1