Age | Commit message (Collapse) | Author | Files | Lines | |
---|---|---|---|---|---|
2012-06-15 | KRB5: Auto-detect DIR cache support in configure | Stephen Gallagher | 2 | -2/+18 | |
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems. | |||||
2012-06-15 | Fix compilation on older little-endian systems | Stephen Gallagher | 1 | -1/+2 | |
2012-06-14 | Use Kerberos context in KRB5_DEBUG | Jakub Hrozek | 1 | -0/+8 | |
Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages. | |||||
2012-06-14 | Add support for storing credential caches in the DIR: back end | Jakub Hrozek | 2 | -20/+4 | |
https://fedorahosted.org/sssd/ticket/974 | |||||
2012-06-14 | Residual util functions | Jakub Hrozek | 2 | -0/+102 | |
Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc. | |||||
2012-06-13 | sss_names_init: Report correct error code if allocation failed | Jakub Hrozek | 1 | -1/+4 | |
2012-06-12 | Make re_expression and full_name_format per domain options | Stef Walter | 3 | -7/+140 | |
* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663 | |||||
2012-05-22 | KRB5: Avoid NULL-dereference with empty keytab | Stephen Gallagher | 1 | -7/+13 | |
https://fedorahosted.org/sssd/ticket/1330 | |||||
2012-05-22 | Simple implementation of Netscape password warning expiration control | Joshua Roys | 1 | -0/+8 | |
2012-05-07 | Limit krb5_get_init_creds_keytab() to etypes in keytab | Stef Walter | 2 | -0/+145 | |
* Load the enctypes for the keys in the keytab and pass them to krb5_get_init_creds_keytab(). * This fixes the problem where the server offers a enctype that krb5 supports, but we don't have a key for in the keytab. https://bugzilla.redhat.com/show_bug.cgi?id=811375 | |||||
2012-05-07 | Remove erroneous failure message in find_principal_in_keytab | Stef Walter | 1 | -1/+1 | |
* When it's actually a failure, then the callers will print a message. Fine tune this. | |||||
2012-05-04 | Modify behavior of pam_pwd_expiration_warning | Jan Zeleny | 2 | -0/+6 | |
New option pwd_expiration_warning is introduced which can be set per domain and can override the value specified by the original pam_pwd_expiration_warning. If the value of expiration warning is set to zero, the filter isn't apllied at all - if backend server returns the warning, it will be automatically displayed. Default value for Kerberos: 7 days Default value for LDAP: don't apply the filter Technical note: default value when creating the domain is -1. This is important so we can distinguish between "no value set" and 0. Without this possibility it would be impossible to set different values for LDAP and Kerberos provider. | |||||
2012-05-04 | Fix endian issue in SID conversion | Sumit Bose | 1 | -0/+2 | |
Since the byte-order is only important when dealing with the binary SID the sub-auth values are stored in host order and are only converted while reading or writing the binary SID. | |||||
2012-05-02 | Handle endianness issues on older systems | Stephen Gallagher | 1 | -0/+17 | |
Older versions of glibc (like that on RHEL 5) do not have the le32toh() function exposed. We need this for handling the Active Directory ID-mapping, so we'll copy these macros from endian.h on a newer glibc. | |||||
2012-05-02 | SERVER: use the correct return code of sss_atomic_write_s | Jakub Hrozek | 1 | -1/+1 | |
2012-05-01 | execv, excvp and exec_child never return EOK | Stef Walter | 2 | -8/+5 | |
* So don't need to handle that case | |||||
2012-04-24 | murmurhash: Relax inline requirement | Stephen Gallagher | 1 | -2/+2 | |
2012-04-24 | Two fixes in responder subdomain code | Jan Zeleny | 1 | -1/+1 | |
2012-04-24 | SSH: Add support for hashed known_hosts | Jan Cholasta | 2 | -3/+9 | |
https://fedorahosted.org/sssd/ticket/1203 | |||||
2012-04-24 | UTIL: Add HMAC-SHA-1 function | Jan Cholasta | 3 | -0/+127 | |
2012-04-24 | Moved expand_homedir_template() from NSS responder to utility code | Jan Zeleny | 2 | -0/+167 | |
2012-04-24 | New config option for subdomains | Jan Zeleny | 1 | -0/+2 | |
subdomain_homedir - if set, it contains default value, can be overriden in further processing | |||||
2012-04-24 | Add conn_name to allow different names for domains and connections | Jan Zeleny | 1 | -2/+2 | |
2012-04-24 | Add some utility functions for subdomains | Jan Zeleny | 2 | -0/+119 | |
2012-04-20 | Convert read and write operations to sss_atomic_read | Jakub Hrozek | 4 | -120/+89 | |
https://fedorahosted.org/sssd/ticket/1209 | |||||
2012-04-20 | Move atomic io function to a separate module | Jakub Hrozek | 4 | -43/+102 | |
We'll be using it on various places of the SSSD. The function is in its own file to allow using just the one piece without having to drag in the whole util.c module. | |||||
2012-04-20 | sss_atomic_io: Do not fail reads with EPIPE if there is not enough data to read | Jakub Hrozek | 1 | -1/+2 | |
Also adds a unit test for sss_atomic_io() | |||||
2012-04-05 | Clean up log messages about keytab_name | Stephen Gallagher | 2 | -11/+21 | |
There were many places where we were printing (null) to the logs because a NULL keytab name tells libkrb5 to use its configured default instead of a particular path. This patch should clean up all uses of this to print "default" in the logs. https://fedorahosted.org/sssd/ticket/1288 | |||||
2012-03-29 | Fix off-by-one error in principal selection | Jakub Hrozek | 1 | -3/+3 | |
https://fedorahosted.org/sssd/ticket/1269 | |||||
2012-03-29 | Add sss_get_cased_name_list utility function | Jakub Hrozek | 2 | -0/+41 | |
2012-03-26 | Always initialize the returned data in sss_krb5_princ_realm() | Sumit Bose | 1 | -0/+3 | |
2012-03-21 | Make the string_equal() function public | Jakub Hrozek | 2 | -0/+10 | |
2012-03-19 | nsssrv: add handling of memory cache group map | Simo Sorce | 1 | -0/+10 | |
2012-03-19 | util: Helper headers for shared memory cache | Simo Sorce | 1 | -0/+117 | |
2012-02-29 | Handle cases where UID is -1 | Stephen Gallagher | 1 | -6/+1 | |
Also removes an unnecessary range check (since it's already handled by strtoint32() https://fedorahosted.org/sssd/ticket/1216 | |||||
2012-02-27 | SSH: Add missing break statements to sss_ssh_format_pubkey | Jan Cholasta | 1 | -0/+2 | |
2012-02-27 | SSH: Add more debugging messages | Jan Cholasta | 1 | -0/+1 | |
2012-02-26 | UTIL: Add function for atomic I/O | Jan Cholasta | 2 | -0/+44 | |
2012-02-26 | SSH: Refactor responder and client common code | Jan Cholasta | 2 | -0/+233 | |
2012-02-21 | Don't give memory context in confdb where not needed | Jan Zeleny | 1 | -4/+4 | |
2012-02-14 | Ensure NULL-termination in get_uid_from_pid() | Stephen Gallagher | 1 | -0/+3 | |
Coverity #12399 | |||||
2012-02-07 | UTIL: Provide base64 encoding and decoding functions | Jan Cholasta | 4 | -36/+139 | |
2012-02-06 | Added some SELinux-related utility functions | Jan Zeleny | 2 | -0/+232 | |
2012-01-23 | UTIL: Add strtouint16 | Stephen Gallagher | 2 | -0/+20 | |
2012-01-23 | Move sized_string declaration to utils | Stephen Gallagher | 2 | -0/+19 | |
2012-01-21 | Fix invalid index in pidfile() | Stephen Gallagher | 1 | -1/+3 | |
If we hit the "read too much, this should never happen" line, we would write a NULL-terminator past the end of the static buffer. Coverity 12472 | |||||
2012-01-17 | Raise the debug level of two very noisy statements | Stephen Gallagher | 1 | -2/+3 | |
2012-01-14 | Log fixes for sdap_call_conn_cb | Stephen Gallagher | 1 | -1/+2 | |
2012-01-09 | util: Fix murmurhash3 on machines with old glibc | Simo Sorce | 1 | -0/+10 | |
2012-01-09 | util: add murmurhash3 hash function | Simo Sorce | 2 | -0/+120 | |