summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2013-02-14Lower the DEBUG level if an entry cannot be deleted from memcacheJakub Hrozek1-3/+3
2013-02-14get_next_domain() test dom->parent->next for NULLPavel Březina1-1/+1
Otherwise dom may be set to NULL and we will segfault when dereferencing dom.
2013-02-12Filter out multicast addresses from IPA DNS updatesJakub Hrozek1-1/+1
https://fedorahosted.org/sssd/ticket/1804
2013-02-11LDAP: Check for authtok validityJakub Hrozek1-7/+9
The default authtok type in the LDAP provider (unlike the new IPA and AD providers) is "password". This oddity dates back to when password was the only supported authtok type in the SSSD, so configuration specifying only the password and bind DN was valid. We need to check the authtok validity as well before attempting to use it.
2013-02-11krb5: include backwards compatible declaration of krb5_trace_infoJakub Hrozek2-2/+8
krb5-1.10 used to include "struct krb5_trace_info", now krb5-1.11 includes a "krb5_trace_info" typedefed from "struct _krb5_trace_info". Do the same in the SSSD to allow compiling with both 1.10 and 1.11.
2013-02-10Introduce IS_SUBDOMAIN() macroSimo Sorce8-13/+15
Fixes https://fedorahosted.org/sssd/ticket/1766
2013-02-10Parent and subdomains use the same sysdbSimo Sorce2-71/+8
Remove code that tries to get the 'right' sysdb, as it is always going to get the same answer anyway since the recent patches to rework the domains/sysdb relationship.
2013-02-10Change the way domains are linked.Simo Sorce13-414/+225
- Use a double-linked list for domains and subdomains. - Never remove a subdomain, simply mark it as disabled if it becomes unused. - Rework the way subdomains are refreshed. Now sysdb_update_subdomains() actually updates the current subdomains and marks as disabled the ones not found in the sysdb or add new ones found. It never removes them. Removal of missing domains from sysdb is deferred to the providers, which will perform it at refresh time, for the ipa provider that is done by ipa_subdomains_write_mappings() now. sysdb_update_subdomains() is then used to update the memory hierarchy of the subdomains. - Removes sysdb_get_subdomains() - Removes copy_subdomain() - Add sysdb_subdomain_delete()
2013-02-10Add ability to disable domainsSimo Sorce2-8/+14
2013-02-10Add function get_next_domain()Simo Sorce18-112/+119
Use this function instead of explicitly calling domain->next This function allows to get the next primary domain or to descend into the subdomains and replaces also get_next_dom_or_subdom()
2013-02-10Remove sysdb_subdom completelySimo Sorce4-127/+131
struct sss_domain_info is always used to represent domains now. Adjust tests accordingly.
2013-02-10Add sysdb_subdomain_store() functionSimo Sorce2-37/+103
Replaces sysdb_add_subdomain_attributes and is a public sysdb interface.
2013-02-10Refactor sysdb_master_domain_add_info()Simo Sorce3-51/+28
2013-02-10Update main domain info in placeSimo Sorce4-62/+38
2013-02-10Avoid sysdb_subdom in sysdb_get_subdomains()Simo Sorce6-102/+60
2013-02-10Add realm info to sss_domain_infoSimo Sorce10-10/+25
2013-02-10NSS: Add original homedir to home directory template optionsStephen Gallagher6-8/+29
https://fedorahosted.org/sssd/ticket/1805
2013-02-01Correct sss_ssh_knowhostsproxy typo in man pagesJohn Hodrien1-1/+1
2013-02-01dp: check whether hostid backend is configured before filing be requestPavel Březina1-0/+8
2013-01-30Fix minor grammar error in logStephen Gallagher1-1/+1
2013-01-30krb: recreate ccache if it was deletedPavel Březina1-1/+8
https://fedorahosted.org/sssd/ticket/1512 If directory where a ccache file was stored was missing and user was still logged in, we erroneously considered the ccache file still active. Thus the ccache file was not recreated and user was unable to login.
2013-01-29TESTS: include error message on failOndrej Kos1-8/+8
2013-01-29TESTS: Fix coverity issues 13126, 13127Ondrej Kos1-2/+6
https://fedorahosted.org/sssd/ticket/1763
2013-01-29Unchecked return value in files.cMichal Zidek1-1/+9
Found by coverity. https://fedorahosted.org/sssd/ticket/1791
2013-01-28nested groups: fix group lookup hangs if member dn is incorrectPavel Březina1-0/+24
https://fedorahosted.org/sssd/ticket/1783 When dn in member attribute is invalid (e.g. rdn instead of dn) or it is outside of configured search bases, we might hit a situation when tevent_req is marked as done before any callback could be attached on it.
2013-01-28TOOLS: Compile on old platforms such as RHEL5Jakub Hrozek1-37/+140
Provides compatible declarations for modern file management functions such as futimens or opening with the O_CLOEXEC flag
2013-01-28MAN: Clarify that saving users after enumerating large domain might be CPU ↵Jakub Hrozek1-1/+9
intensive https://fedorahosted.org/sssd/ticket/1732
2013-01-25Possible null derefence in ipa_subdomains.c.Michal Zidek1-0/+4
Found by coverity. https://fedorahosted.org/sssd/ticket/1790
2013-01-23SYSDB: Expire group if adding ghost users fails with EEXISTJakub Hrozek1-2/+36
2013-01-23SYSDB: make the sss_ldb_modify_permissive function publicJakub Hrozek2-2/+11
2013-01-23TOOLS: Use file descriptor to avoid races when creating a home directoryJakub Hrozek4-354/+364
When creating a home directory, the destination tree can be modified in various ways while it is being constructed because directory permissions are set before populating the directory. This can lead to file creation and permission changes outside the target directory tree, using hard links. This security problem was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782
2013-01-23TOOLS: Use openat/unlinkat when removing the homedirJakub Hrozek1-42/+41
The removal of a home directory is sensitive to concurrent modification of the directory tree being removed and can unlink files outside the directory tree. This security issue was assigned CVE-2013-0219 https://fedorahosted.org/sssd/ticket/1782
2013-01-23Check that strings do not go beyond the end of the packet body in autofs and ↵Jan Cholasta2-7/+7
SSH requests. This fixes CVE-2013-0220. https://fedorahosted.org/sssd/ticket/1781
2013-01-22sudo responder: change num_rules type from size_t to uint32_tPavel Březina7-25/+25
https://fedorahosted.org/sssd/ticket/1779 2^32 should be enough to store sudo rules. size_t type was causing troubles on big endian architectures, because it wasn't used correctly in combination with D-Bus.
2013-01-22Convert the value of pwd_exp_warning to secondsJakub Hrozek1-5/+6
When read from the domain section, the pwd_expiration_warning was properly converted to seconds from days, but not the pam_pwd_expiration_warning set in the [pam] section. https://fedorahosted.org/sssd/ticket/1773
2013-01-22fix backend callbacks: remove callback properly from dlistPavel Březina1-6/+18
https://fedorahosted.org/sssd/ticket/1776 Although cb->list got updated when the callback is removed, this change did not propagate to be_ctx->*_cb_list which caused dlist having invalid records.
2013-01-22Fix code styleJakub Hrozek1-1/+2
2013-01-21Make struct be_req opaqueSimo Sorce2-18/+18
2013-01-21Add be_req_get_data() helper funciton.Simo Sorce17-32/+45
In preparation for making struct be_req opaque.
2013-01-21Add be_req_get_be_ctx() helper.Simo Sorce22-133/+155
In preparation for making be_req opaque
2013-01-21Add be_req_create() helperSimo Sorce3-40/+38
2013-01-21Introduce be_req_terminate() helperSimo Sorce18-129/+84
Call it everywhere instead of directly dereferencing be_req->fn This is in preparation of making be_req opaque.
2013-01-21Remove domain from be_req structureSimo Sorce7-64/+46
2013-01-21Pass domain not be_req to access check functionsSimo Sorce5-22/+33
2013-01-21Split simple_access_check function outSimo Sorce3-206/+225
Need to split out the function or new additions to the handler funtion will not allow simple access tests to compile anymore.
2013-01-21Do not pass NULL to ipa_subdomain_retrieve()Simo Sorce1-18/+20
2013-01-21Move hbac_ctx_is_offline()Simo Sorce2-7/+6
2013-01-21Remove hbac_ctx_sdap_id_[ctx|op]()Simo Sorce2-18/+6
2013-01-21Remove hbac_ctx_ev()Simo Sorce2-10/+3
2013-01-21Remove hbac_ctx_be()Simo Sorce3-12/+4