summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2010-09-15Add parameter to skip cleanup in sysdb testJakub Hrozek1-1/+4
This might be useful for examining the test database manually with LDB tools
2010-09-15Use a different min_id for local domainJakub Hrozek2-1/+17
When we changed the default min_id to be 1, we forgot about the local domain. It makes sense to keep the minimum id larger there.
2010-09-15Define objectclass with a constantJakub Hrozek2-3/+4
Use a #define instead of hardcoded string
2010-09-15Revert "Make ldap bind asynchronous"Jakub Hrozek7-1219/+167
This reverts 56d8d19ac9d857580a233d8264e851883b883c67
2010-09-15Store rootdse supported features in sdap_handlerSumit Bose7-63/+112
2010-09-15Fix parameter order when initializing decryptionJakub Hrozek1-1/+1
2010-09-08Handle multiple simultaneous enumeration requestsStephen Gallagher2-289/+717
Previously, if a second enumeration request arrived while one was already being processed, each process would receive only a subset of the total number of available users or groups. This is because we were maintaining the response object as a global value in the NSS responder. The second request would come in, see that the data set was already populated, and start reading from wherever the cursor was currently pointed. With this patch, we now move the cursor to the client context instead of the global NSS context. Additionally, this patch completely rewrites the approach to enumerations in the tevent_req style. This makes it much easier to follow in the code. In order to ensure that a slow or malicious client cannot hold onto a reference for the setent result object indefinitely, we set an expiration on the object. We use the enum_cache_timeout here, since that is an appropriate value. If the timeout fires during the normal operation of the get*ent() loop of a client program, we will save the current values of the read index so that we can resume as soon as the object has been refreshed by an implicit setent call. Instead of deleting the enumeration result object immediately after the last in-progress client has read it, we'll keep the object around for the lifetime of enum_cache_timeout. This way, additional clients making enumeration requests can still access the results in-memory.
2010-09-08Fix assorted minor bugs in sss_ toolsJakub Hrozek9-47/+37
Fixes: #585
2010-09-08Dead assignments cleanup in various places in SSSDJan Zeleny5-6/+8
Three assignments deleted, two return code inspection added. Also found and fixed one critical bug caused by dead assignment. Ticket: #590
2010-09-08Dead assignments cleanup in memberof moduleJan Zeleny1-6/+3
Some assignments deleted, two return value inspections were added. Ticket: #589
2010-09-08Dead assignments cleanup in NSS responderJan Zeleny2-7/+7
Various dead assignments were deleted, some return value inspections were added. Ticket: #588
2010-09-08Dead assignments cleanup in providers codeJan Zeleny6-20/+9
Dead assignments were deleted. Also prototype of function sdap_access_decide_offline() has been changed, since its return code was never used. Ticket: #586
2010-09-08Deobfuscate password in back endsJakub Hrozek2-8/+62
When obfuscated password is used in config file, the LDAP backend converts it back to clear text and uses it to authenticate to the server.
2010-09-08sss_obfuscate toolJakub Hrozek2-0/+194
A tool to add obfuscated passwords into the SSSD config file
2010-09-08Python bindings for obfuscationJakub Hrozek1-3/+180
2010-09-08Password obfuscation utility functionsJakub Hrozek4-0/+649
Adds two utility functions to obfuscate a password and inverse to extract the cleartext password back. So far, only NSS-based implementation is provided.
2010-09-08Add safe copy/move macros for uint16_tJakub Hrozek1-1/+11
2010-09-08Move crypto functions into its own subdirJakub Hrozek7-44/+111
A refactoring patch that creates a common util/crypto subdir with per-implementation subdirectories for each underlying crypto library supported by SSSD.
2010-09-07Fixed small issue in memory context hierarchyJan Zeleny1-1/+1
In fail_over.c, there was a small bug causing subrequest to have wrong parent memory context. This patch fixes it.
2010-09-07Reviewed sssd-ldap man pageJan Zeleny1-7/+207
Some config options updated, newly documented 12 new options.
2010-09-07Cleaned some dead assignmentsJan Zeleny2-15/+13
Two needless assignments were deleted, two were complemented with code checking function results. Ticket: #582
2010-09-02Package systemd unit fileJakub Hrozek1-0/+16
So far, the systemd unit file is only packaged but not used in any of the packaged spec files. Fixes: #483
2010-09-02Fixed uninialized value in proxy_id providerJan Zeleny1-0/+2
In function get_pw_name when allocation of memory fails, there were two codepaths which could cause printing of undefined value. This patch fixes both cases. Ticket: #580
2010-09-02Fixed printing of undefined value in sdap_async_accounts.cJan Zeleny1-1/+1
If sysdb_attrs_get_el() call failed in function sdap_save_group(), it would result in printing an undefined value of variable name. This is now fixed by initializing the variable. Ticket: #579
2010-09-02Fixed potential comparison of undefined variableJan Zeleny1-0/+1
If the allocation on line 678 failed, the value of ret was undefined in following comparison. ENOMEM is now assigned before the comparison. Ticket: #578
2010-09-02Initialized return value in dp_copy_options()Jan Zeleny1-1/+1
In the very unlikely case dp_copy_options was called with num_options == 0, the return value as well as the left operand of comparison on line 214 would be undefined. Ticket: #577
2010-09-02Fix wrong return value in HBAC time rules evaluationJakub Hrozek1-0/+1
Fixes: #584
2010-09-02Add gentoo-specific init dirMaxim1-0/+3
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2010-09-02Add gentoo distrubutionsMaxim2-1/+23
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
2010-09-02Make ldap bind asynchronousMartin Nagy7-167/+1219
Every ldap function that could possibly create a new connection is now wrapped in a tevent_req. If the connection is created, we will call the function again after the socket is ready for writing.
2010-09-02Properly handle errors from a password change operationStephen Gallagher1-8/+14
2010-08-24Treat a zero-length password as a failureStephen Gallagher1-0/+7
Some LDAP servers allow binding with blank passwords. We should not allow a blank password to authenticate the SSSD.
2010-08-23Fix configure check for ldbMaxim1-1/+1
2010-08-23Remove src/Makefile.am and src/configure.acStephen Gallagher2-1226/+0
They are no longer used. The toplevel Makefile.am builds everything now.
2010-08-19Rewrite toplevel MakefileStephen Gallagher21-13530/+25
There is no longer a need to have nested Makefiles and configure scripts. This patch combines the src/ Makefile and configure.ac into the root.
2010-08-04Fix chpass operations with LDAP providerStephen Gallagher1-0/+1
The initial verification of the old password was returning an error because we were not explicitly setting dp_err to DP_ERR_SUCCESS and it was initialized earlier in the function to DP_ERR_FATAL.
2010-08-03Releasing SSSD 1.3.0Stephen Gallagher14-273/+297
2010-08-03Clean up initgroups processing for RFC2307Stephen Gallagher1-11/+89
Instead of recursively updating all users of each group the user being queried belongs to, just add or remove membership for the requested user. Fixes https://fedorahosted.org/sssd/ticket/478
2010-08-03Add sysdb_update_members functionStephen Gallagher3-0/+117
This function will take a user, a list of groups that this user should be added to and a list of groups the user should be removed from and will recursively call sysdb_[add|remove]_group_member Includes a unit test
2010-08-03Add dup_string_list() utility functionStephen Gallagher2-0/+37
2010-08-03Add sysdb_group_dn_name utility functionStephen Gallagher2-0/+24
2010-08-03Add diff_string_lists utility functionStephen Gallagher4-1/+449
Includes a unit test
2010-08-03Add sysdb_attrs_to_list() utility functionStephen Gallagher3-0/+112
2010-08-03Return proper error value when SRV lookup failsJakub Hrozek1-1/+1
Fixes: #587
2010-08-03Fix check_time_rule() return value on failureJakub Hrozek1-1/+1
The value returned in the 'done:' label was always EOK which is wrong as any parsing errors are not returned to the caller. Fixes: #583
2010-08-03be_pam_handler(): Fix potential NULL dereferenceStephen Gallagher1-1/+2
2010-08-03Fix two problems with --as-neededJakub Hrozek2-3/+4
2010-08-03Validate keytab at startupJakub Hrozek4-48/+181
In addition to validating the keytab everytime a TGT is requested, we also validate the keytab on back end startup to give early warning that the keytab is not usable. Fixes: #556
2010-08-03Fix getting default realm in the ldap childJakub Hrozek1-1/+10
2010-08-03Require -ltalloc for tevent configure checkStephen Gallagher1-2/+8