summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2012-06-21Try to build PAC responder only if all dependencies are availableSumit Bose1-5/+8
2012-06-21Add range support to PAC responderSumit Bose3-45/+140
2012-06-21Add support for ID rangesSumit Bose10-10/+583
2012-06-21PAC client: add krb5 authdata pluginSumit Bose3-0/+481
2012-06-21PAC client: add basic support in common client codeSumit Bose2-0/+38
2012-06-21PAC responder: test suiteJan Zeleny1-0/+106
2012-06-21PAC responder: add the core functionalitySumit Bose3-2/+475
This adds support for parsing PAC and storing information contained within. In particular the user and all his memberships are stored. In case it is necessary, getgrgid() requests are sent to provider for group resolution.
2012-06-21PAC responder: add some utility functionsJan Zeleny2-0/+549
2012-06-21PAC responder: add basic infrastructureSumit Bose6-1/+378
This adds only the basic outline of the PAC responder, it won't support any operations, it will just start and initialize itself.
2012-06-21Add close on exec support for old platformsSimo Sorce1-1/+16
Older platfroms like RHEL5 do not have support for O_CLOEXC and need an explicit fcntl after the fd is created. Add it conditionally so it can be clearly removed once we declared those platfroms obsolete and unsupported.
2012-06-21Do not leak file descriptors in client libs.Simo Sorce1-1/+1
We need to make sure the mc socket is not leaked otherwise child processes will pile up leaked file descriptors. Add O_CLOEXEC when opening the cache.
2012-06-20Move some debug lines to new debug log levelsStef Walter14-26/+26
* These are common lines of debug output when starting up sssd https://bugzilla.redhat.com/show_bug.cgi?id=811113
2012-06-20Fix possible segfault in sdap_save_group()Jan Zeleny1-2/+11
2012-06-18Make the client idle timeout configurableStephen Gallagher7-5/+40
2012-06-18Add support for terminating idle connectionsShantanu Goel2-2/+67
2012-06-18Do not send SIGPIPE on disconnectionShantanu Goel1-6/+21
Note we set MSG_NOSIGNAL to avoid having to fiddle with signal masks but also do not want to die in case SIGPIPE gets raised and the application does not handle it.
2012-06-18Log message if close() fails in destructor.Shantanu Goel1-1/+12
2012-06-18Set return errno to the value prior to calling close().Shantanu Goel1-2/+2
2012-06-18Fix typo breaking DIR cache detectionStephen Gallagher1-2/+0
2012-06-15Updating translations for 1.9.0 beta 2 releaseStephen Gallagher9-817/+357
2012-06-15KRB5: Avoid shadowing dirnameStephen Gallagher1-20/+21
The variable 'dirname' is a publicly declared variable in libgen.h on older systems such as RHEL 5
2012-06-15KRB5: Auto-detect DIR cache support in configureStephen Gallagher9-8/+61
We can't support the DIR cache features in systems with kerberos libraries older than 1.10. Make sure we don't build it on those systems.
2012-06-15KRB5: Update DEBUG macros for create_ccache_dir and find_ccdir_parent_dataStephen Gallagher1-17/+30
2012-06-15Fix compilation on older little-endian systemsStephen Gallagher1-1/+2
2012-06-15SSS_CLIENT: Fix uninitialized value errorStephen Gallagher1-1/+1
This would cause a crash if we jump to the done: label before it has been allocated.
2012-06-15LDAP: Fix missing variable in debug messageStephen Gallagher1-1/+1
2012-06-15Fixed debug message in sdap_save_group()Jan Zeleny1-1/+1
2012-06-14Provide "service filter" for SELinux contextJan Zeleny1-0/+20
At this moment we will support only asterisk, designating "all services". https://fedorahosted.org/sssd/ticket/1360
2012-06-14Make krb5_ccname_template and krb5_ccachedir configurableJakub Hrozek3-4/+34
2012-06-14Use Kerberos context in KRB5_DEBUGJakub Hrozek4-65/+73
Passing Kerberos context to sss_krb5_get_error_message will allow us to get better error messages.
2012-06-14Add support for storing credential caches in the DIR: back endJakub Hrozek10-111/+615
https://fedorahosted.org/sssd/ticket/974
2012-06-14Add a credential cache back end structureJakub Hrozek9-198/+414
To be able to add support for new credential cache types easily, this patch creates a new structure sss_krb5_cc_be that defines common operations with a credential cache, such as create, check if used or remove.
2012-06-14Handle trailing slash in the ccname templateJakub Hrozek1-8/+14
With the DIR cache support, it's perfectly legal to specify a ccname directory that ends with a slash. The create_dir function did not handle that situation correctly.
2012-06-14Residual util functionsJakub Hrozek2-0/+102
Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch adds a couple of utilities to support parsing if ccache locations, checking types etc.
2012-06-14Add a krb5_child test toolJakub Hrozek1-0/+551
https://fedorahosted.org/sssd/ticket/1127
2012-06-14Split parse_krb5_child_response so it can be reusedJakub Hrozek3-119/+170
krb5-child-test will be another consumer. It also makes the code more readable by splitting a huge function.
2012-06-14Allow redefining the KRB5_CHILD pathJakub Hrozek1-3/+7
The krb5-child-test will want to run the child from the current directory.
2012-06-14Provide more debugging in krb5_child and ldap_childJakub Hrozek2-14/+73
https://fedorahosted.org/sssd/ticket/1225
2012-06-14Two small krb5_child fixesJakub Hrozek1-3/+10
* Allocation check was missing * a DEBUG statement overwrote errno
2012-06-13Fix an issue in ghost usersJan Zeleny1-75/+47
There was an issue with ghost members in nested groups. Consider a scenario with two groups A and B, B being member of A and having some ghost members. In such case SSSD stored both groups, then added membership between them and then added ghost members to the group B. The problem was that adding ghost members to group B didn't propagate these ghost members to group A. This functionality could have been solved by memberof plugin but the logic is far more complicated that changes this patch introduces. The change is simple: add ghost members at the same time as the group is created, even if groups are supposed to be stored in two passes. That way ghost members will be present at the time A -> B membership is created and they will be propagated as expected.
2012-06-13LDAP: Auto-detect support for the ldap match ruleStephen Gallagher7-6/+120
This patch extends the RootDSE lookup so that we will perform a second request to test whether the match rule syntax can be used. If both groups and initgroups are disabled in the configuration, this lookup request can be skipped.
2012-06-13LDAP: Add support for AD chain matching extension in initgroupsStephen Gallagher3-9/+325
2012-06-13LDAP: Add support for AD chain matching extension in group lookupsStephen Gallagher3-9/+417
2012-06-13LDAP: Add ldap_*_use_matching_rule_in_chain optionsStephen Gallagher8-0/+65
2012-06-13sss_names_init: Report correct error code if allocation failedJakub Hrozek1-1/+4
2012-06-12Clarify how comments work in sssd.confAriel Barria1-1/+2
2012-06-12Make re_expression and full_name_format per domain optionsStef Walter19-83/+252
* Allows different user/domain qualified names for different domains. For example Domain\User or user@domain. * The global re_expression and full_name_format options remain as defaults for the domains. * Subdomains get the re_expression and full_name_format of their parent domain. https://bugzilla.redhat.com/show_bug.cgi?id=811663
2012-06-12LDAP: Make sdap_initgr_common_store() non-staticStephen Gallagher2-7/+15
Move it to a private header so it can be reused by other initgroups C files.
2012-06-12LDAP: Add helper function to get list of a user's groups from sysdbStephen Gallagher2-33/+69
2012-06-12LDAP: Fix incorrect switch statement in sdap_get_initgr_done()Stephen Gallagher1-1/+1
SDAP_SCHEMA_AD needs to be calling sdap_initgr_rfc2307bis_recv(), not sdap_initgr_nested_recv(). By coincidence both recv functions happened to be identical, but if one or the other changed, this would break unexpectedly.
generated by cgit (git 2.34.1) at 2024-11-29 21:17:54 +0000