sssd - System Security Services Daemon

Age	Commit message (Collapse)	Author	Files	Lines
2010-06-28	Resend SIGINT as SIGTERM in services	Jakub Hrozek	2	-0/+4
	Fixes: #462
2010-06-18	Protect against segfault in remove_ldap_connection_callbacks	Stephen Gallagher	1	-1/+6
	If sdap_mark_offline() is called before a live connection is established, sdap_fd_events could be NULL, causing a segfault when remove_ldap_connection_callbacks() attempts to free the sdap_fd_events->conncb https://fedorahosted.org/sssd/ticket/545
2010-06-18	Fix return value from remove_connection_callback() destructor	Stephen Gallagher	1	-9/+2
	ldap_get_option() can only fail if the option we're removing has already been removed. It is sufficient to log this and continue.
2010-06-17	Fix potential resource leak in remove_tree_with_ctx()	Stephen Gallagher	1	-1/+10
	https://fedorahosted.org/sssd/ticket/515
2010-06-17	Honor filter_users in PAM	Stephen Gallagher	3	-10/+47

2010-06-17	Move setup of filter_users and filter_groups to negcache.c	Stephen Gallagher	3	-187/+220
	Creates a new function - sss_ncache_prepopulate() - that can be shared with other responders, such as PAM.
2010-06-17	Refactor the negative cache	Stephen Gallagher	6	-59/+60
	Rename functions from nss_ncache_* to sss_ncache_* Move negative cache to responder/common and rename as negcache.c/h
2010-06-17	Ensure that all domains are checked for users/groups	Stephen Gallagher	1	-3/+15
	There was a bug in the negative cache checks (probably a leftover from when filter_users was global-only) that meant that if a user was filtered out of a domain, the remaining domains would not be checked for that user. (Same for groups/initgroups)
2010-06-17	Initialize len before looping to read the pidfile	Stephen Gallagher	1	-1/+1
	https://fedorahosted.org/sssd/ticket/544
2010-06-16	Standardize on correct spelling of "principal" for krb5	Stephen Gallagher	5	-11/+11
	https://fedorahosted.org/sssd/ticket/542
2010-06-16	Remove references to the DP service from the SSSDConfig API tests	Stephen Gallagher	2	-6/+0

2010-06-16	Handle (ignore) unknown options in get_domain() and get_service()	Stephen Gallagher	3	-10/+72
	We will now eliminate any unknown options and providers to guarantee that the domain is safe for use.
2010-06-14	Don't segfault if ldap_access_filter is unspecified	Stephen Gallagher	1	-12/+13
	https://fedorahosted.org/sssd/ticket/539
2010-06-14	Print correct return code	Jakub Hrozek	1	-1/+1
	Fixes: #535
2010-06-14	Check closedir call in find_uid	Jakub Hrozek	1	-4/+9
	Fixes: #503
2010-06-14	Potential memory leak in _nss_sss_*_r()	Jakub Hrozek	2	-0/+5
	Fixes: #516
2010-06-14	Fix potential resource leak in copy_tree_ctx()	Jakub Hrozek	1	-2/+10
	Ticket #515
2010-06-14	Remove the -g option from useradd	Jakub Hrozek	2	-70/+2
	The local domain has the magic private groups option set unconditionally. Therefore, it does not make any sense to let user configure the primary GID. As a side-effect, this fixes #522.
2010-06-14	Remove krb5_changepw_principal option	Jakub Hrozek	11	-64/+26
	Fixes: #531
2010-06-14	get_uid_from_pid should use fstat rather than lstat	Jakub Hrozek	1	-11/+11
	Fixes: #541
2010-06-14	Add ldap_force_upper_case_realm to example AD config	Stephen Gallagher	1	-0/+1
	https://fedorahosted.org/sssd/ticket/532
2010-06-14	Properly null-terminate socket path	Stephen Gallagher	1	-2/+4
	https://fedorahosted.org/sssd/ticket/540
2010-06-10	Make sure to close varargs before returning from a function	Stephen Gallagher	2	-3/+2
	https://fedorahosted.org/sssd/ticket/528
2010-06-10	Eliminate unused variable from pc_init_timeout()	Stephen Gallagher	1	-4/+0
	https://fedorahosted.org/sssd/ticket/525
2010-06-10	Check return code of hash_delete in proxy_child_destructor	Stephen Gallagher	1	-1/+7
	We can't do much about an error here, but we should be reporting it. https://fedorahosted.org/sssd/ticket/534
2010-06-10	Properly check that the timeout event was created for cleanup/enum	Stephen Gallagher	2	-2/+46
	We need to make sure that if we didn't create the timeout, that we cancel the request so there's no chance of ending up with two enumerations/cleanups running simultaneously. We'll attempt to reschedule later, if possible. https://fedorahosted.org/sssd/ticket/524
2010-06-10	Check the correct variable for NULL after creating timer	Stephen Gallagher	3	-4/+4
	In several places, we were creating a new timer and assigning it to the tev variable, but then we were checking for NULL from the te variable (which, incidentally, is guaranteed never to be NULL in this situation) https://fedorahosted.org/sssd/ticket/523
2010-06-10	Properly handle missing originalMemberOf entry in initgroups	Stephen Gallagher	1	-0/+1
	Failing to return after the tevent_req_post() here can result in a null-pointer dereference (along with other hard-to-track bugs) https://fedorahosted.org/sssd/ticket/507
2010-06-10	Avoid potential NULL dereference	Stephen Gallagher	1	-3/+5
	https://fedorahosted.org/sssd/ticket/506
2010-06-10	Fix misuse of errno in find_uid.c	Stephen Gallagher	1	-17/+26

2010-06-10	Properly handle read() and write() throughout the SSSD	Stephen Gallagher	9	-42/+131
	We need to guarantee at all times that reads and writes complete successfully. This means that they must be checked for returning EINTR and EAGAIN, and all writes must be wrapped in a loop to ensure that they do not truncate their output.
2010-06-09	Add a missing free()	Sumit Bose	1	-0/+1

2010-06-09	Add a missing initializer	Sumit Bose	1	-1/+1

2010-06-09	Add missing break to switch statement	Jakub Hrozek	1	-0/+1
	Switch statement missing a break causes unintended implicit setting of 'm' options in sss_useradd. Fixes: #512
2010-06-09	Allow ldap_access_filter values wrapped in parentheses	Stephen Gallagher	2	-3/+21

2010-06-09	Avoid a potential double-free	Sumit Bose	1	-0/+1

2010-06-09	Change default min_id to 1	Stephen Gallagher	4	-9/+16
	Also update manpage for min_id/max_id to be more clear about how it relates to primary GID.
2010-06-09	Disable connection callbacks when going online	Stephen Gallagher	3	-0/+27
	Under certain circumstances, the openldap libraries will continue internally trying to reconnect to a connection lost (as during a cable-pull test). We need to drop the reconnection callbacks when marking the backend offline in order to guarantee that they are not called with an invalid sdap_handle.
2010-06-09	Fix Incorrect NULL check in get_server_common()	Jakub Hrozek	1	-1/+1
	Fixes: #518
2010-06-09	Fix potential NULL dereference in fail_over.c	Jakub Hrozek	1	-2/+5
	Fixes: #505
2010-06-09	Fix realm_str dereference	Jakub Hrozek	1	-1/+1
	Fixes: #508
2010-06-09	Fix typo in Makefile.am	Stephen Gallagher	1	-1/+1
	We weren't properly linking libsss_krb5.so against libkeyutils
2010-06-09	Skip empty attributes with warning	Jakub Hrozek	1	-0/+4
	Fixes: #488
2010-06-06	Don't return uninitialized value in proxy provider	Jakub Hrozek	1	-1/+4
	Fixes: #498
2010-06-06	Fix broken build against older versions of OpenLDAP	Stephen Gallagher	2	-2/+12
	OpenLDAP < 2.4 used LDAP_OPT_ERROR_STRING. It was changed to LDAP_OPT_DIAGNOSTIC_MESSAGE in 2.4. This patch will allow the TLS error messages to be displayed on either version.
2010-06-06	Initialize pam_data in Kerberos child.	Sumit Bose	1	-1/+1

2010-06-06	Man page fixes	Jakub Hrozek	2	-2/+6
	Fixes: #496
2010-06-06	Remove dead code from the PAM responder	Jakub Hrozek	2	-13/+0

2010-06-02	Unify sdap and sysdb data handling	Sumit Bose	1	-85/+104

2010-06-02	Compare full service name	Sumit Bose	1	-1/+2