sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2012-01-18	NSS: Add sss_readrep_copy_string	Stephen Gallagher	5	-181/+131
	There were many places in the client code where we were duplicating a loop to copy data in from the response buffer. This patch turns those loops into a function for easier maintenance and easier-to-read *readrep() routines.
2012-01-17	Export libsss_sudo as a separate package	Jakub Hrozek	2	-0/+27

2012-01-17	SUDO Integration review issues	Pavel Březina	4	-7/+8

2012-01-14	NSS: Validate input string lengths	Stephen Gallagher	4	-9/+32
	Also fixes a return value bug where we were returning errno error codes instead of nss_status codes. Fixes https://fedorahosted.org/sssd/ticket/1135
2011-12-16	SUDO Integration - pseudo client for testing	Pavel Březina	1	-0/+167

2011-12-16	SUDO Integration - API for sudo	Pavel Březina	4	-0/+553

2011-12-16	SUDO Integration - responder	Pavel Březina	1	-0/+3

2011-12-16	SUDO integration - client common interface	Pavel Březina	2	-0/+24

2011-12-08	Fixed incorrect return code in PAM client	Jan Zeleny	1	-1/+1
	The original return code when SSSD was not running was system_err, now it is authinfo_unavail. https://fedorahosted.org/sssd/ticket/1011
2011-11-28	sss_cli.h - fix: function declaration after the header guard	Pavel Březina	1	-2/+2

2011-11-22	Cleanup: Remove unused parameters	Jakub Hrozek	1	-8/+2

2011-09-20	Added quiet option to pam_sss	Pavel Březina	1	-5/+25
	https://fedorahosted.org/sssd/ticket/894
2011-08-08	Fixed implicit declaration of function 'time' in src/sss_client/common.c.	Pavel Březina	1	-0/+1

2011-07-29	sss_client: avoid leaking file descriptors	Simo Sorce	1	-0/+3
	If a pam or nss module is dlcolse()d and unloaded we were leaking the file descriptor used to communicate to sssd in the process. Make sure the fucntion used to close the socket file descriptor is called on dlclose() Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
2011-05-23	Import config.h earlier	Stephen Gallagher	1	-1/+1
	On RHEL 5 and other older platforms, failing to set _GNU_SOURCE early would cause some functions - such as strndup() - to be unavailable.
2011-05-23	Include string.h in sss_cli.h	Sumit Bose	1	-0/+1
	Since memcpy() is used in sss_cli.h it should be declared here, too.
2011-05-23	Set _GNU_SOURCE globally	Sumit Bose	2	-7/+1

2011-05-03	clients: use poll instead of select	Simo Sorce	1	-9/+6
	select is limited to fd numbers up to 1024, we need to use poll() here to avoid causing memory corruption in the calling process. Fixes: https://fedorahosted.org/sssd/ticket/861
2011-02-11	Use neutral name for functions used by both pam and nss	Simo Sorce	3	-49/+64

2011-02-08	Check that the socket is really ours before attempting to close it.	Simo Sorce	1	-13/+42
	Fixes: https://fedorahosted.org/sssd/ticket/790
2010-12-17	Fix wrong test in pam_sss	Simo Sorce	1	-1/+1

2010-12-16	Fix segfault for PAM_TEXT_INFO conversations	Stephen Gallagher	1	-1/+1

2010-12-15	Fix another possible memory leak in sss_nss_recv_rep()	Sumit Bose	1	-8/+19
	https://fedorahosted.org/sssd/ticket/723
2010-12-15	Fix possible memory leak in do_pam_conversation	Sumit Bose	1	-16/+28
	https://fedorahosted.org/sssd/ticket/731
2010-12-14	Fix possible memory leak in sss_nss_recv_rep()	Sumit Bose	1	-8/+13
	https://fedorahosted.org/sssd/ticket/723
2010-12-14	Fix improper bit manipulation in pam_sss	Sumit Bose	1	-1/+1
	https://fedorahosted.org/sssd/ticket/715
2010-12-03	Add a renew task to krb5_child	Sumit Bose	1	-1/+7

2010-11-22	sss_client: make code thread-safe	Simo Sorce	5	-58/+219
	Add mutexes around nss operations and serialize them. This is necessary because nss operations may have global state. For pam it is sufficient to protect socket operations instead. As pam functions use only the provided pam handler. Fixes: https://fedorahosted.org/sssd/ticket/640
2010-11-15	Fix incorrect type comparison	Stephen Gallagher	1	-1/+1
	https://fedorahosted.org/sssd/ticket/657
2010-11-15	Fix cast warning for pam_sss.c	Stephen Gallagher	1	-8/+11

2010-11-15	Avoid long long in messages to PAM client use int64_t	Sumit Bose	2	-9/+9

2010-10-13	Avoid a global variable in netgroup client.	Sumit Bose	2	-38/+26
	The structure which is used to store the result also provides elements to store a context for the netgroup enumeration call.
2010-10-13	Add handling of nested netgroups to nss client	Sumit Bose	2	-68/+109

2010-10-13	Return NSS_STATUS_RETURN instead of NSS_STATUS_NOTFOUND	Sumit Bose	1	-1/+1
	NSS_STATUS_RETURN needs to be returned to glibc otherwise nested groups are not resolved by glibc.
2010-10-13	Add support for netgroups to NSS sss_client	Stephen Gallagher	4	-5/+364

2010-10-13	Rename group.c and passwd.c for clarity	Stephen Gallagher	2	-0/+0
	Prefixing group.c and passwd.c with "nss_" similar to the way the PAM client sources are prefixed with "pam_"
2010-10-13	Add utility function sss_strnlen()	Stephen Gallagher	2	-0/+34
	This is useful for guaranteeing the size of an input buffer.
2010-07-23	Allow sssd clients to reconnect	Sumit Bose	1	-4/+3
	Currently the PAM and NSS client just return an error if there are problems on an open socket. This will lead to problems in long running programs like gdm if sssd is restarted, e.g. during an update. With this patch the socket is closed and reopened.
2010-06-14	Potential memory leak in _nss_sss_*_r()	Jakub Hrozek	2	-0/+5
	Fixes: #516
2010-06-10	Properly handle read() and write() throughout the SSSD	Stephen Gallagher	2	-1/+17
	We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-06-09	Add a missing free()	Sumit Bose	1	-0/+1

2010-06-09	Avoid a potential double-free	Sumit Bose	1	-0/+1

2010-05-26	Handle Krb5 password expiration warning	Sumit Bose	2	-2/+18

2010-05-07	Add retry option to pam_sss	Sumit Bose	1	-92/+147

2010-05-07	Improve the offline authentication message	Jakub Hrozek	1	-2/+2

2010-04-30	Fix wrong return value	Sumit Bose	1	-15/+14
	If there was a failure during a password change a wrong return value was send back to the PAM stack.
2010-04-26	Display a message if a password reset by root fails	Sumit Bose	1	-8/+198

2010-04-26	Unset authentication tokens if password change fails	Sumit Bose	1	-27/+52

2010-04-16	Use SO_PEERCRED on the PAM socket	Sumit Bose	3	-2/+95
	This is the second attempt to let the PAM client and the PAM responder exchange their credentials, i.e. uid, gid and pid. Because this approach does not require any message interchange between the client and the server the protocol version number is not changed. On the client side the connection is terminated it the responder is not run by root. On the server side the effective uid and gid and the pid of the client are available for future use. The following additional changes are made by this patch: - the checks of the ownership and the permissions on the PAM sockets are enhanced - internal error codes are introduced on the client side to generate more specific log messages if an error occurs
2010-04-16	Revert "Add better checks on PAM socket"	Sumit Bose	1	-122/+4
	This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.