Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
On RHEL 5 and other older platforms, failing to set _GNU_SOURCE
early would cause some functions - such as strndup() - to be
unavailable.
|
|
|
|
For more details on ASQ, see:
http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
|
|
https://fedorahosted.org/sssd/ticket/857
|
|
https://fedorahosted.org/sssd/ticket/858
|
|
We will now re-read the confdb debug_level value when processing
the monitor_common_logrotate() function, which occurs when the
monitor receives a SIGHUP.
|
|
|
|
This patch also makes the following changes:
1) The [sssd] debug_level setting no longer acts as a default for
all other sections.
2) We will now skip passing the debug argument to the child
processes from the master unless the SSSD was run with a
command-line argument for the debug level.
https://fedorahosted.org/sssd/ticket/764
|
|
Currently we construct the principal as host/fqdn@REALM. The problem
with this is that this principal doesn't have to be in the keytab. In
that case the provider fails to start. It is better to scan the keytab
and find the most suitable principal to use. Only in case no suitable
principal is found the backend should fail to start.
The second issue solved by this patch is that the realm we are
authenticating the machine to can be in general different from the realm
our users are part of (in case of cross Kerberos trust).
The patch adds new configuration option SDAP_SASL_REALM.
https://fedorahosted.org/sssd/ticket/781
|
|
The function now supports finding principal in keytab not only based on
realm, but based on both realm and primary/instance parts. The function
also supports * wildcard at the beginning or at the end of primary
principal part. The function for finding principal has been moved to
util/sss_krb5.c, so it can be used in other parts of the code.
|
|
https://fedorahosted.org/sssd/ticket/643
|
|
|
|
https://fedorahosted.org/sssd/ticket/752
|
|
|
|
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
|
|
|
|
https://fedorahosted.org/sssd/ticket/711
|
|
https://fedorahosted.org/sssd/ticket/730
|
|
https://fedorahosted.org/sssd/ticket/720
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also adds a unit test.
|
|
|
|
|
|
If there is a problem with reopening the logs, it can be an audit
trail issue.
|
|
We used strtol() on a number of places to convert into uid_t or gid_t
from a string representation such as LDAP attribute, but on some
platforms, unsigned long might be necessary to store big id_t values.
This patch converts to using strtoul() instead.
|
|
strcasecmp() is defined in strings.h which might not be included under
certain conditions.
|
|
sss_hash_create() produces a dhash table living in the talloc
hierarchy.
|
|
|
|
|
|
Three assignments deleted, two return code inspection added.
Also found and fixed one critical bug caused by dead assignment.
Ticket: #590
|
|
Adds two utility functions to obfuscate a password and inverse to
extract the cleartext password back.
So far, only NSS-based implementation is provided.
|
|
|
|
A refactoring patch that creates a common util/crypto subdir with
per-implementation subdirectories for each underlying crypto library
supported by SSSD.
|
|
|
|
Includes a unit test
|
|
In addition to validating the keytab everytime a TGT is requested, we
also validate the keytab on back end startup to give early warning that
the keytab is not usable.
Fixes: #556
|
|
|
|
Right now, this log function writes to the syslog. In the future,
it could be modified to work with ELAPI or another logging API.
|
|
Fixes: #462
|
|
https://fedorahosted.org/sssd/ticket/544
|
|
Fixes: #503
|
|
Fixes: #541
|
|
|
|
We need to guarantee at all times that reads and writes complete
successfully. This means that they must be checked for returning
EINTR and EAGAIN, and all writes must be wrapped in a loop to
ensure that they do not truncate their output.
|