summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2010-07-23Allow sssd clients to reconnectSumit Bose1-4/+3
Currently the PAM and NSS client just return an error if there are problems on an open socket. This will lead to problems in long running programs like gdm if sssd is restarted, e.g. during an update. With this patch the socket is closed and reopened.
2010-07-23Fix IPA access backend handling of obsolete and missing HBAC entries:eindenbom1-9/+68
- Ticket #567: Fix removal of obsolete HBAC host, rules and service records from sysdb. - Ticket #565: When no HBAC host record is found return PAM_PERM_DENIED instead of PAM_SYSTEM_ERROR.
2010-07-23Do not treat missing HBAC rules as an errorSumit Bose1-0/+5
2010-07-20Updating es translationHéctor Daniel Cabrera1-13/+13
2010-07-20Updating uk translationYuri Chornoivan1-21/+23
2010-07-20Updating es translationHéctor Daniel Cabrera1-150/+131
2010-07-20Updating pl translationPiotr Drąg1-29/+20
2010-07-09Log TLS errors to syslogStephen Gallagher2-1/+23
Also adds support for detecting LDAPS errors by adding a check for SDAP_DIAGNOSTIC_MESSAGE after ldap_search_ext()
2010-07-09Add syslog messages for LDAP GSSAPI bindStephen Gallagher1-2/+58
We will now emit a level 0 debug message on keytab errors, and also write to the syslog (LOG_DAEMON)
2010-07-09Add log notifications for startup and shutdown.Stephen Gallagher1-1/+4
2010-07-09Add sss_log() functionStephen Gallagher3-1/+83
Right now, this log function writes to the syslog. In the future, it could be modified to work with ELAPI or another logging API.
2010-07-09Release SSSD 1.2.91 (1.3.0rc1)Stephen Gallagher14-2083/+2908
2010-07-09Use netlink to detect going onlineJakub Hrozek9-1/+535
Integrates libnl to detect adding routes. When a route is added, the offline status of all back ends is reset. This patch adds no heuristics to detect whether back end went offline. Fixes: #456
2010-07-09Eliminate delayed sdap_handle destruction after fail-over retry.eindenbom1-9/+6
2010-07-09Add try_inotify optionStephen Gallagher3-1/+47
There are some special cases where inotify cannot be used, even if the host OS claims that it is supported. In these cases, it should be possible to explicitly disable the use of inotify. https://fedorahosted.org/sssd/ticket/484
2010-07-09Remove remainder of now unused global LDAP connection handle.eindenbom4-188/+1
2010-07-09Use new LDAP connection framework in IPA dynamic DNS forwarder.eindenbom3-45/+126
2010-07-09Use new LDAP connection framework in IPA access backend.eindenbom3-308/+308
2010-07-09Use new LDAP connection framework in LDAP access backend.eindenbom1-59/+73
2010-07-09Use new LDAP connection framework for LDAP user and group enumeration.eindenbom1-236/+131
2010-07-09Use new LDAP connection framework to get user account groups from LDAP.eindenbom1-108/+67
2010-07-09Use new LDAP connection framework to get group account info from LDAP.eindenbom2-37/+66
2010-07-09Use new LDAP connection framework to get user account info from LDAP.eindenbom2-38/+91
2010-07-09Add an interface to try next fail-over server after connection to the active ↵eindenbom5-45/+81
server was unexpectedly dropped.
2010-07-09LDAP connection usage tracking, sharing and failover retry framework.eindenbom7-0/+872
2010-07-09Added an interface to query number of configured (and currently resolved ↵eindenbom4-0/+40
through SRV records) failover servers.
2010-07-09GSSAPI ticket expiry time is returned from ldap_child and stored in ↵eindenbom6-17/+64
sdap_handle for future reference.
2010-06-30Add dns_discovery_domain optionJakub Hrozek13-30/+242
The service discovery used to use the SSSD domain name to perform DNS queries. This is not an optimal solution, for example from the point of view of authconfig. This patch introduces a new option "dns_discovery_domain" that allows to set the domain part of a DNS SRV query. If this option is not set, the default behavior is to use the domain part of the machine's hostname. Fixes: #479
2010-06-30Split proxy.c into smaller filesStephen Gallagher8-2519/+2603
proxy.c was growing too large to manage (and some graphical development tools could no longer open it because of memory limitations). This patch splits proxy.c into the following files: proxy_init.c: Setup routines for the plugin proxy_id.c: Functions to handle user and group lookups proxy_auth.c: Functions to handle PAM interactions proxy_common.c: Common utility routines
2010-06-30Rename proxy_ctx to proxy_id_ctx for clarityStephen Gallagher1-14/+15
2010-06-28Make RootDSE optionalStephen Gallagher2-3/+17
In violation of the standard, some LDAP servers control access to the RootDSE, thus preventing us from being able to read it before performing a bind. This patch will allow us to continue on if the RootDSE was inaccessible. All of the places that we use the return value of the RootDSE after this are already checked for NULL and use sane defaults if the RootDSE is unavailable
2010-06-28Add explicit requests for several operational attrsAlexander Gordeev1-1/+12
Operational attributes are not returned in searched requests unless explicitly requested according to RFC 4512 section 5.1. Therefore to get several standard attributes of root DSE we have to request for them. The requested attrs are: - altServer - namingContexts - supportedControl - supportedExtension - supportedFeatures - supportedLDAPVersion - supportedSASLMechanisms Signed-off-by: Alexander Gordeev <lasaine@lvk.cs.msu.su>
2010-06-28Fix SASL authenticationSumit Bose1-2/+2
2010-06-28Resend SIGINT as SIGTERM in servicesJakub Hrozek2-0/+4
Fixes: #462
2010-06-18Protect against segfault in remove_ldap_connection_callbacksStephen Gallagher1-1/+6
If sdap_mark_offline() is called before a live connection is established, sdap_fd_events could be NULL, causing a segfault when remove_ldap_connection_callbacks() attempts to free the sdap_fd_events->conncb https://fedorahosted.org/sssd/ticket/545
2010-06-18Fix return value from remove_connection_callback() destructorStephen Gallagher1-9/+2
ldap_get_option() can only fail if the option we're removing has already been removed. It is sufficient to log this and continue.
2010-06-17Fix potential resource leak in remove_tree_with_ctx()Stephen Gallagher1-1/+10
https://fedorahosted.org/sssd/ticket/515
2010-06-17Honor filter_users in PAMStephen Gallagher3-10/+47
2010-06-17Move setup of filter_users and filter_groups to negcache.cStephen Gallagher3-187/+220
Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
2010-06-17Refactor the negative cacheStephen Gallagher6-59/+60
Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
2010-06-17Ensure that all domains are checked for users/groupsStephen Gallagher1-3/+15
There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups)
2010-06-17Initialize len before looping to read the pidfileStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/544
2010-06-16Standardize on correct spelling of "principal" for krb5Stephen Gallagher5-11/+11
https://fedorahosted.org/sssd/ticket/542
2010-06-16Remove references to the DP service from the SSSDConfig API testsStephen Gallagher2-6/+0
2010-06-16Handle (ignore) unknown options in get_domain() and get_service()Stephen Gallagher3-10/+72
We will now eliminate any unknown options and providers to guarantee that the domain is safe for use.
2010-06-14Don't segfault if ldap_access_filter is unspecifiedStephen Gallagher1-12/+13
https://fedorahosted.org/sssd/ticket/539
2010-06-14Print correct return codeJakub Hrozek1-1/+1
Fixes: #535
2010-06-14Check closedir call in find_uidJakub Hrozek1-4/+9
Fixes: #503
2010-06-14Potential memory leak in _nss_sss_*_r()Jakub Hrozek2-0/+5
Fixes: #516
2010-06-14Fix potential resource leak in copy_tree_ctx()Jakub Hrozek1-2/+10
Ticket #515
generated by cgit (git 2.34.1) at 2025-02-11 07:05:22 +0000