summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2013-04-10DNS sites support - add IPA SRV pluginPavel Březina8-5/+397
https://fedorahosted.org/sssd/ticket/1032
2013-04-10DNS sites support - use SRV DNS lookup plugin in all providersPavel Březina3-0/+29
https://fedorahosted.org/sssd/ticket/1032 We set a plugin during an initialization of ID provider, which is an authoritative provider for a plugin choice. The plugin is set only once. When other provider is initalized (e.g. id = IPA, sudo = LDAP), we do not overwrite the plugin. Since sssm_*_id_init() is called from all module constructors, this patch relies on the fact, that ID provider is initialized before all other providers.
2013-04-10DNS sites support - replace SRV lookup code with a plugin callPavel Březina1-258/+73
https://fedorahosted.org/sssd/ticket/1032 Removes hard coded SRV lookup code with a plugin call. This patch breaks SRV lookups as there is currently no plugin in use. It is fixed in next patch.
2013-04-10fail over - add function to insert multiple servers to the listPavel Březina1-10/+101
2013-04-10DNS sites support - SRV DNS lookup pluginPavel Březina4-0/+521
https://fedorahosted.org/sssd/ticket/1032 This plugin mimics the current behaviour. If discovery_domain is set it is the only domain that is tried. If discovery_domain is not set, we try to autodetect domain first and if that fails or SRV lookup on this domain fails, we fallback to SSSD domain name.
2013-04-10DNS sites support - SRV lookup plugin interfacePavel Březina7-0/+139
https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly.
2013-04-10resolv: add resolv_discover_srv request to resolv utilsPavel Březina2-0/+194
2013-04-10resolv: add resolv_get_domain request to resolv utilsPavel Březina2-0/+168
2013-04-10cmocka unittest for io addedAbhishek Singh1-0/+157
2013-04-10cmocka unittest for find_uid addedAbhishek Singh1-0/+105
2013-04-10Allow using flatname for subdomain home dir templateJakub Hrozek6-9/+33
https://fedorahosted.org/sssd/ticket/1609
2013-04-10Put the override_homedir into an included xml fileJakub Hrozek3-141/+56
The description was duplicated on two places, leading to errors where one was amended but the other was not.
2013-04-09LDAP: Always fail if a map can't be foundJakub Hrozek1-4/+2
2013-04-08Allocate PAM DP request data on responder contextJakub Hrozek3-5/+54
https://fedorahosted.org/sssd/ticket/1869 Currently the private data passed to the PAM request is a structure allocated on the client context. But in the odd case where the back end would be stopped or stuck until the idle timeout hits, the DP callback would access data that were freed when the client timed out. This patch introduces a new structure allocated on responder context, whose only purpose is to live as long as the request is active.
2013-04-05Wrong condition after waitpid.Michal Zidek1-1/+1
On success, waitpid() returns pid of terminated child, not 0.
2013-04-05Check for waitpid failure at wrong place.Michal Zidek2-10/+9
Coverity bugs. https://fedorahosted.org/sssd/ticket/1865
2013-04-05Check for the correct variablesJakub Hrozek1-2/+2
https://fedorahosted.org/sssd/ticket/1864
2013-04-05Further restrict become_user drop of privileges.Simo Sorce1-15/+18
We never need to regain root after we call become_user() so tighten up even further our privilege drop. Add a setgroups() call to remove all secondary groups root may have been given for whateve reason. Then use the setres[ug]id function to also drop the saved uid/gid so the process cannot regain back root id. Capabilities are also implicitly dropped here, no more CAP_SETUID so this is a Point of No Return, once changed to non-root the process can't get back. Remove redefinition of sys/types.h and unistd.h, they are already defined in util.h and they need to be included after _GNU_SOURCE/_BSD_SOURCE is defined or the prototypes for setres[ug]id will not be found. Add grp.h after util.h for the same reason.
2013-04-04dyndns: Fix initializing sdap_id_ctxJakub Hrozek1-1/+1
2013-04-04LDAP: Fix value initialization warningsLukas Slebodnik2-2/+2
2013-04-03Centralize resolv_init, remove resolv context listJakub Hrozek5-43/+7
2013-04-03Init failover with be_res optionsJakub Hrozek8-131/+124
2013-04-03Allow setting krb5_renew_interval with a delimiterAriel Barria9-13/+59
https://fedorahosted.org/sssd/ticket/902 changed the data type the krb5_renew_interval to string. function krb5_string_to_deltat is used to convert and allow delimiters
2013-04-03Check for correct variable nameJakub Hrozek6-9/+5
https://fedorahosted.org/sssd/ticket/1864
2013-04-03Return errno, not -1 on failure in files.cJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1862
2013-04-03Fix potential out-of-bounds write in sss_idmap_sid_to_dom_sidJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1861
2013-04-03pidfile(): Do not leak fd on errorJakub Hrozek1-0/+1
https://fedorahosted.org/sssd/ticket/1860
2013-04-03krb5 child: Use the correct type when processing OTPJakub Hrozek1-1/+1
2013-04-03Fix typos in man pagesYuri Chornoivan2-2/+2
2013-04-02Updating the translations for the 1.10 alpha releaseJakub Hrozek16-8900/+31591
2013-04-02Improve syslog message when configuration cannot be loadedAriel Barria1-1/+3
https://fedorahosted.org/sssd/ticket/1414 Error code was added and strerror(errno) to show cause in sss_log
2013-04-02Making the authtok structure really opaque.Lukas Slebodnik19-137/+186
Definition of structure sss_auth_token was removed from header file authtok.h and there left only declaration of this structure. Therefore only way how to use this structure is to use accessory function from same header file. To creating new empty authotok can only be used newly created function sss_authtok_new(). TALLOC context was removed from copy and setter functions, because pointer to stuct sss_auth_token is used as a memory context. All declaration of struct sss_auth_token variables was replaced with pointer to this structure and related changes was made in source code. Function copy_pam_data can copy from argument src which was dynamically allocated with function create_pam_data() or zero initialized struct pam_data allocated on stack. https://fedorahosted.org/sssd/ticket/1830
2013-04-02Reusing create_pam_data() on the other places.Lukas Slebodnik5-4/+16
Function create_pam_data() should be only one way how to create new struct pam_data, because it also initialize destructor to created object.
2013-04-02refactor nested group processing: replace old codePavel Březina2-1721/+21
https://fedorahosted.org/sssd/ticket/1784
2013-04-02refactor nested group processing: add new codePavel Březina1-0/+2229
https://fedorahosted.org/sssd/ticket/1784 1. initialization (main-req), returns members of input group 2. evaluate group members (group) 3. perform individual search (no-deref) or dereference attribute (deref) 4a. no-deref 1. perform a lookup depending on the type of the member object 2. all direct members are evaluated first 3. then we step down in nesting level and evaluate nested groups 4b. deref 1. perform a dereference lookup on member attribute 2. all direct members are evaluated first 3. then we step down in nesting level and evaluate nested groups Tevent request flow: main-req | group |------------------------| no-deref deref | | |----|------|---------| | user group unknown recurse recurse / \ | | | ... | | | ... user group group group
2013-03-27Provide libnl3 supportOndrej Kos3-78/+201
https://fedorahosted.org/sssd/ticket/812 Update the monitor code to be using the new libnl3 API. Changed configure option --with-libnl By default, it tries to build with libnl3, if not found, then with libnl1, if this isn't found either, build proceeds without libnl, just with warning. Specifing --with-libnl=<libnl3|libnl1|no> checks for the specific given version, if not found, configure ends with error.
2013-03-27selinux: Remove unused parameterJakub Hrozek1-1/+0
https://fedorahosted.org/sssd/ticket/1848
2013-03-27LDAP: Fix value initializationOndrej Kos1-1/+1
2013-03-27filename in comment is correctedAbhishek Singh1-1/+1
2013-03-25Include config.h to build io.c on RHEL5Jakub Hrozek1-0/+2
2013-03-21Document what does access_provider=ad doJakub Hrozek1-0/+14
https://fedorahosted.org/sssd/ticket/1841
2013-03-21LDAP: If deref search fails, try again without derefJan Cholasta5-4/+50
https://fedorahosted.org/sssd/ticket/1660
2013-03-21Move signal.m4 from src/util to externalJakub Hrozek1-0/+0
2013-03-21Fixing duplicate constLukas Slebodnik1-3/+3
const char const * --> const char *const
2013-03-20Return error code from ipa_subdom_storeJakub Hrozek1-5/+13
2013-03-20coding style fixPavel Březina1-1/+1
2013-03-20change responder contexts hierarchyPavel Březina6-65/+94
https://fedorahosted.org/sssd/ticket/1575 The hierarchy is now: main_ctx -> responder_ctx -> specific_ctx where specific_ctx is one of sudo, pam, etc.
2013-03-20do not leak memory on failure in *_process_init()Pavel Březina7-35/+62
2013-03-20tests: Print warning if LDB_MODULES_PATH is not setMichal Zidek4-0/+21
Print warning if sysdb-tests or sysdb-ssh test are run individually and LDB_MODULES_PATH was not set. https://fedorahosted.org/sssd/ticket/1820
2013-03-20correct order in error_to_str tablePavel Březina1-1/+1
Also fixed typo.