| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Also fixes a return value bug where we were returning errno error
codes instead of nss_status codes.
Fixes https://fedorahosted.org/sssd/ticket/1135
|
|
|
|
|
|
|
|
|
|
The original return code when SSSD was not running was system_err, now
it is authinfo_unavail.
https://fedorahosted.org/sssd/ticket/1011
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/894
|
|
|
|
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
|
On RHEL 5 and other older platforms, failing to set _GNU_SOURCE
early would cause some functions - such as strndup() - to be
unavailable.
|
|
Since memcpy() is used in sss_cli.h it should be declared here, too.
|
|
|
|
select is limited to fd numbers up to 1024, we need to use poll() here
to avoid causing memory corruption in the calling process.
Fixes: https://fedorahosted.org/sssd/ticket/861
|
|
|
|
Fixes: https://fedorahosted.org/sssd/ticket/790
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/723
|
|
https://fedorahosted.org/sssd/ticket/731
|
|
https://fedorahosted.org/sssd/ticket/723
|
|
https://fedorahosted.org/sssd/ticket/715
|
|
|
|
Add mutexes around nss operations and serialize them.
This is necessary because nss operations may have global state.
For pam it is sufficient to protect socket operations instead.
As pam functions use only the provided pam handler.
Fixes: https://fedorahosted.org/sssd/ticket/640
|
|
https://fedorahosted.org/sssd/ticket/657
|
|
|
|
|
|
The structure which is used to store the result also provides elements to
store a context for the netgroup enumeration call.
|
|
|
|
NSS_STATUS_RETURN needs to be returned to glibc otherwise nested groups
are not resolved by glibc.
|
|
|
|
Prefixing group.c and passwd.c with "nss_" similar to the way the
PAM client sources are prefixed with "pam_"
|
|
This is useful for guaranteeing the size of an input buffer.
|
|
Currently the PAM and NSS client just return an error if there are
problems on an open socket. This will lead to problems in long running
programs like gdm if sssd is restarted, e.g. during an update. With this
patch the socket is closed and reopened.
|
|
Fixes: #516
|
|
We need to guarantee at all times that reads and writes complete
successfully. This means that they must be checked for returning
EINTR and EAGAIN, and all writes must be wrapped in a loop to
ensure that they do not truncate their output.
|
|
|
|
|
|
|
|
|
|
|
|
If there was a failure during a password change a wrong return value was
send back to the PAM stack.
|
|
|
|
|
|
This is the second attempt to let the PAM client and the PAM responder
exchange their credentials, i.e. uid, gid and pid. Because this approach
does not require any message interchange between the client and the
server the protocol version number is not changed.
On the client side the connection is terminated it the responder is not
run by root. On the server side the effective uid and gid and the pid of
the client are available for future use.
The following additional changes are made by this patch:
- the checks of the ownership and the permissions on the PAM sockets are
enhanced
- internal error codes are introduced on the client side to generate
more specific log messages if an error occurs
|
|
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
|
|
The PAM standard allows for messages of any length to be returned
to the client. We were discarding all messages of length greater
than 255. This patch dynamically allocates the message buffers so
we can pass the complete message.
This resolves https://fedorahosted.org/sssd/ticket/432
|
|
Display warnings about remaining grace logins and password
expiration to the user, when LDAP Password Policies are used.
Improved detection if LDAP Password policies are supported by
LDAP Server.
|
