Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
dbus_connection_send_with_reply() will report success and return
a NULL pending_reply when the connection is not open for
communication. This patch creates a new wrapper around
dbus_connection_send_with_reply() to properly detect this
condition and report it as an error.
|
|
|
|
When changing an expired password (during e.g. login) the PAM module needs
to prompt for the old password even when running as root.
|
|
|
|
When changing passwords, treat SDAP_AUTH_PW_EXPIRED as a successful
authentication in SSS_PAM_CHAUTHTOK_PRELIM.
|
|
When the user's password is expired it might also be indicated by
the bind operation returning "INVALID_CREDENTIALS" with the ppolicy
control's errorcode set to "PP_passwordExpired".
|
|
|
|
|
|
|
|
Fixes: #221
|
|
|
|
tests/common.c is now required by all tests (check-based and not),
so we need to properly ifdef it
|
|
|
|
As with krb5_ccname_template sequences like %u can be used in the
krb5_ccachedir parameter which are expanded at runtime. If the directory
does not exist, it will be created. Depending on the used sequences it
is created as a public or private directory.
|
|
With complex hierarchies it could happen that the group just deleted was
re-added by mistake to the list of groups a user is member of, causing the user
to have a stray memberof value in its entry.
|
|
|
|
|
|
- check if the public socket belongs to root and has 0666 permissions
- use a SCM_CREDENTIALS message if available
|
|
|
|
|
|
Updates the .po files to add these strings.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Fixes: #290
|
|
|
|
|
|
Upon receiving SIGHUP, the monitor signals all services to reopen their
debug logs. It is also possible to signal individual services to reopen
their particular files.
Fixes: #332
|
|
One of our resolv tests tries to resolve a nonexistent hostname. Do not
run this test unless we are explicitly told that a network connection
is available (-n). Also do not automatically resolving localhost.
|
|
I fixed a handful of alignment problems in sss_client and nss responder.
Enumerating group and passwd with getgrent and getpwent now works correctly
on ARM.
Signed-off-by: George McCollister <georgem@novatech-llc.com>
|
|
|
|
It was broken when the default was changed, making it impossible to silence
from the config file.
|
|
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so
I decided to fix them. I also made a quick grep through the code and
found other places so I fixed them too.
|
|
|
|
We disabled live reconfiguration a long time ago with the intent
of fixing it so that it wasn't completely broken, but we've
decided that live updates are too delicate to handle all cases
gracefully. For the forseeable future, we will rely on process
restart for updating the configuration.
Furthermore, we had not completely disabled live updates. It would
still attempt to run if we sent a SIGHUP. This has also been
eliminated.
|
|
All 'make check' tests will chdir() into this directory before
running the suite. This provides the option of having temporary
files generated in a tmpfs or ramdisk
|
|
_GNU_SOURCE needs to be defined when using strndup.
Signed-off-by: George McCollister <georgem@novatech-llc.com>
|
|
|
|
|
|
Make the counter optional so that alignment safe macros can be used also where
there is no counter to update.
Change arguments names so that they are not deceiving (ptr normlly identify a
pointer)
Turn the memcpy substitute into an inline function so that passing a pointer to
rp and checking for it doesn't make the compiler spit lots of warnings.
|
|
|
|
|
|
There were inconsistencies between what sssd.conf manpage said
and what the code enforces.
|
|
When refactoring talloc_asprintf calls a check was left behind that
cased the backend to go offline immediately.
|
|
Implements a different mechanism for cleanup task. Instead of just
deleting expired entries, this patch adds a new option
account_cache_expiration for domains. If an entry is expired and the last
login was more days in the past that account_cache_expiration, the entry is
deleted.
Groups are deleted if they are expired and and no user references them
(no user has memberof: attribute pointing at that group).
The parameter account_cache_expiration is not LDAP-specific, so that other
future backends might use the same timeout setting.
Fixes: #391
|