summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2011-01-19Use DEFAULT_PAM_VERBOSITY if config value cannot be retrievedSumit Bose1-1/+1
2011-01-19Add pam_pwd_expiration_warning config optionSumit Bose5-12/+68
2011-01-19Add ipa_hbac_search_base config optionSumit Bose7-54/+58
2011-01-19Add LDAP expire policy base RHDS/IPA attributeSumit Bose9-4/+76
The attribute nsAccountLock is used by RHDS, IPA and other directory servers to indicate that the account is locked.
2011-01-19Add LDAP expire policy based on AD attributesSumit Bose9-4/+141
The second bit of userAccountControl is used to determine if the account is enabled or disabled. accountExpires is checked to see if the account is expired.
2011-01-17Remove support for pre-1.1 netlinkStephen Gallagher3-61/+27
Netlink 1.0 and older is buggy and unreliable, occasionally causing tight-loops. We're no longer going to try to support it. https://fedorahosted.org/sssd/ticket/755
2011-01-17Clarify nscd warningStephen Gallagher1-4/+5
Removes the level-zero DEBUG message and modifies the syslog message to explain that NSCD is safe for maps that SSSD does not (yet) support.
2011-01-17Do not force a default for debug_levelStephen Gallagher2-4/+1
2011-01-17Fix usability of sss_obfuscate commandStephen Gallagher2-14/+23
2011-01-17Update manpage translations for ldap_enumeration_search_timeoutStephen Gallagher3-333/+391
2011-01-17Add ldap_search_enumeration_timeout config optionSumit Bose9-15/+38
2011-01-17Add timeout parameter to sdap_get_generic_send()Sumit Bose10-55/+111
2011-01-14Regenerate manpage po[t] filesStephen Gallagher3-2955/+5262
Fixed several typos
2011-01-14Fix manpage typosYuri Chornoivan4-9/+9
2011-01-14Add uk translation for manpagesYuri Chornoivan2-1/+4386
2011-01-14Fix missing hash table bugStephen Gallagher1-0/+1
When the automatic cleanup happened, if the netgroup had been created with no contents (to indicate an unknown netgroup), we weren't saving the hash table address and the talloc_free() was failing.
2011-01-14Do not throw a DP error when a netgroup is not foundStephen Gallagher2-6/+5
https://fedorahosted.org/sssd/ticket/775
2011-01-14Add missing sysdb transaction to group enumerationsStephen Gallagher1-12/+45
We were not enclosing group processing in a transaction, which was resulting in extremely high numbers of disk-writes. This patch adds a transaction around the sdap_process_group code to ensure that these actions take place within a transaction. This patch also adds a check around the missing member code for RFC2307bis so we don't go back to the LDAP server to look up entries that don't exist (since the enumeration first pass would already have guaranteed that we have all real users cached)
2011-01-14Work around libldb bugStephen Gallagher1-2/+10
Libldb performs non-indexed searches for ONELEVEL requests. We'll use SUBTREE instead to reduce the performance hit substantially
2011-01-11Add overflow check to SAFEALIGN_COPY_*_CHECK macrosSumit Bose1-3/+6
2011-01-11Validate user supplied size of data itemsSumit Bose3-76/+94
Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
2011-01-06Add syslog messages to authorized service access checkSumit Bose1-1/+31
2011-01-06Add syslog message to shadow access checkSumit Bose1-6/+14
2011-01-06Convert obfuscated password once at startupSumit Bose2-14/+41
2011-01-06Remove unused enumeration cache timeout checksSumit Bose3-33/+2
The existence of the getent_ctx is used to track the enumeration cache timeout.
2011-01-06Post enumeration tevent request if neededSumit Bose2-8/+43
2011-01-06Return groups and users from all domains during enumerationSumit Bose1-3/+5
2011-01-05Rename SRV_NOT_RESOLVED to SRV_RESOLVE_ERRORSumit Bose1-5/+5
2011-01-05Use the right status when resetting service discoverySumit Bose1-1/+1
2011-01-05Fix boolean comparison against stringStephen Gallagher1-2/+2
Coverity 10082 and 100083
2010-12-23Build and install translated man pages by defaultSumit Bose1-23/+31
2010-12-22Update the ID cache for any PAM requestStephen Gallagher8-8/+48
Also adds an option to limit how often we check the ID provider, so that conversations with multiple PAM requests won't update the cache multiple times. https://fedorahosted.org/sssd/ticket/749
2010-12-22Ensure ID is checked in all domains for PAMStephen Gallagher1-0/+2
Previously, this was initialized to zero, so the first domain in the list wouldn't be checked for ID updates in pam_check_user_search. This initializes the first domain to check the provider.
2010-12-22Add Czech translationJakub Hrozek3-0/+8428
Translated a couple of strings from manpages into Czech. Makes the manpage translation patch testable.
2010-12-22Make manual pages translatableJakub Hrozek3-1/+183
Utilizes PO4A to extract translatable strings from Docbook XML sources and allows translators to submit ordinary .PO files. PO4A then generates translated Docbook documents that can be used to generate translated end user documentation. https://fedorahosted.org/sssd/ticket/297
2010-12-21Add authorizedService supportStephen Gallagher10-3/+176
https://fedorahosted.org/sssd/ticket/670
2010-12-21Pass all PAM data to the LDAP access providerStephen Gallagher1-9/+12
Previously we were only passing the username.
2010-12-21Fix potential NULL-dereference in krb5_auth_done()Sumit Bose1-3/+3
https://fedorahosted.org/sssd/ticket/745
2010-12-21Remove unused member of a structSumit Bose1-1/+0
2010-12-21Add all values of a multi-valued user attributeSumit Bose1-12/+15
2010-12-21Update config API filesSumit Bose3-7/+47
Over the time a couple of new config options didn't made it into the config API files. This patch updates the files and removes some duplications.
2010-12-20Serialize requests of the same user in the krb5 providerSumit Bose4-0/+239
2010-12-20Fixes for automatic ticket renewalSumit Bose4-44/+100
- do not recreate the ccache file when renewing the TGT - use user principal name as hash key instead of ccfile name - let krb5_child return Kerberos error codes
2010-12-20Introduce sss_hash_create_ex()Sumit Bose2-6/+29
2010-12-20Avoid multiple initializations in LDAP providerSumit Bose1-39/+30
Currently in a domain where LDAP was used for id and auth the LDAP UIR was added multiple times to the failover code which may cause unwanted delays.
2010-12-20Add sysdb_has_enumerated and sysdb_set_enumerated helper functionsStephen Gallagher3-0/+192
Includes a unit test
2010-12-17Start first enumeration immediatelyStephen Gallagher3-3/+47
Previously, we would wait for ten seconds before starting an enumeration. However, this meant that on the first startup (before we had run our first enumeration) there was a ten-second window where clients would immediately get back a response with no entries instead of blocking until the enumeration completed. With this patch, SSSD will now run an enumeration immediately upon startup. Further startups will retain the ten-second delay so as not to slow down system bootups. https://fedorahosted.org/sssd/ticket/616
2010-12-17Fix possible NULL-dereference in lookup_netgr_step()Sumit Bose1-1/+1
https://fedorahosted.org/sssd/ticket/735
2010-12-17Fix unchecked return value in set_nonblockingStephen Gallagher1-10/+53
Also fixes the same problem with set_close_on_exec https://fedorahosted.org/sssd/ticket/713
2010-12-17Fix wrong test in pam_sssSimo Sorce1-1/+1
generated by cgit (git 2.34.1) at 2025-02-07 04:18:45 +0000