summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)AuthorFilesLines
2010-03-15Remove unused M4 codeJakub Hrozek1-14/+0
2010-03-15Flush NSCD cache after modifying local databaseJakub Hrozek9-1/+153
Fixes: #221
2010-03-12Add krb5_kpasswd optionSumit Bose12-71/+373
2010-03-12Fix build when check-devel is not installedStephen Gallagher4-86/+115
tests/common.c is now required by all tests (check-based and not), so we need to properly ifdef it
2010-03-11Write the IP address of the KDC to the kdcinfo fileSumit Bose3-58/+63
2010-03-11Add expandable sequences to krb5_ccachedirSumit Bose8-114/+773
As with krb5_ccname_template sequences like %u can be used in the krb5_ccachedir parameter which are expanded at runtime. If the directory does not exist, it will be created. Depending on the used sequences it is created as a public or private directory.
2010-03-11Fix memberof calculation when deleting groupsSimo Sorce1-0/+5
With complex hierarchies it could happen that the group just deleted was re-added by mistake to the list of groups a user is member of, causing the user to have a stray memberof value in its entry.
2010-03-11Updating PL translationPiotr Drąg1-27/+28
2010-03-11Updating PT translationRui Gouveia1-27/+27
2010-03-11Add better checks on PAM socketSumit Bose4-5/+266
- check if the public socket belongs to root and has 0666 permissions - use a SCM_CREDENTIALS message if available
2010-03-09Adding empty zh_TW translation filesCheng-Chia Tseng2-0/+817
2010-03-09Update ES translationHéctor Daniel Cabrera1-27/+27
2010-03-09Update POTFILES.in to include missing translatable stringsStephen Gallagher12-1803/+3009
Updates the .po files to add these strings.
2010-03-09Add ID translation for SSSD 1.1.0Stephen Gallagher2-0/+728
2010-03-09Updating ES translation for 1.1.0Héctor Daniel Cabrera1-3/+4
2010-03-09Updating PT translation for 1.1.0Rui Gouveia1-7/+7
2010-03-09Updating PL translation for 1.1Piotr Drąg1-3/+3
2010-03-08Update translatable strings for string freezeStephen Gallagher10-241/+326
2010-03-08Add simple access providerSumit Bose9-5/+540
2010-03-08Make filter_users and filter_groups also per-domainJakub Hrozek4-14/+118
Fixes: #290
2010-03-08Updating ES translationHéctor Daniel Cabrera1-106/+101
2010-03-08Package example logrotate scriptJakub Hrozek2-0/+12
2010-03-08Reopen logs when SIGHUP is caughtJakub Hrozek9-3/+62
Upon receiving SIGHUP, the monitor signals all services to reopen their debug logs. It is also possible to signal individual services to reopen their particular files. Fixes: #332
2010-03-08Do not run negative resolv test with no networkJakub Hrozek1-3/+73
One of our resolv tests tries to resolve a nonexistent hostname. Do not run this test unless we are explicitly told that a network connection is available (-n). Also do not automatically resolving localhost.
2010-03-08Fixed alignment problems in nss client/serverGeorge McCollister4-13/+37
I fixed a handful of alignment problems in sss_client and nss responder. Enumerating group and passwd with getgrent and getpwent now works correctly on ARM. Signed-off-by: George McCollister <georgem@novatech-llc.com>
2010-03-08groupshow: only show all parents in recursive modeJakub Hrozek2-21/+225
2010-03-04Fix debug_timestampsSimo Sorce1-0/+1
It was broken when the default was changed, making it impossible to silence from the config file.
2010-03-04Add forgotten \n in DEBUG statementsMartin Nagy15-33/+33
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so I decided to fix them. I also made a quick grep through the code and found other places so I fixed them too.
2010-03-04Make confdb_init's confdb_location parameter constMartin Nagy2-2/+2
2010-03-04Eliminate monitor reconfigStephen Gallagher4-380/+4
We disabled live reconfiguration a long time ago with the intent of fixing it so that it wasn't completely broken, but we've decided that live updates are too delicate to handle all cases gracefully. For the forseeable future, we will rely on process restart for updating the configuration. Furthermore, we had not completely disabled live updates. It would still attempt to run if we sent a SIGHUP. This has also been eliminated.
2010-03-04Add --with-test-dir option to configureStephen Gallagher19-21/+113
All 'make check' tests will chdir() into this directory before running the suite. This provides the option of having temporary files generated in a tmpfs or ramdisk
2010-03-04Define _GNU_SOURCE in pam_sss.c.George McCollister1-0/+4
_GNU_SOURCE needs to be defined when using strndup. Signed-off-by: George McCollister <georgem@novatech-llc.com>
2010-03-04Updating PL translationPiotr Drąg1-9/+6
2010-03-04Updating PT translationRui Gouveia1-15/+18
2010-03-03Improve safe alignment buffer handling macrosSimo Sorce5-64/+74
Make the counter optional so that alignment safe macros can be used also where there is no counter to update. Change arguments names so that they are not deceiving (ptr normlly identify a pointer) Turn the memcpy substitute into an inline function so that passing a pointer to rp and checking for it doesn't make the compiler spit lots of warnings.
2010-03-03proxy: use correct _recv functionSimo Sorce1-1/+1
2010-02-25Update translations for releaseStephen Gallagher10-667/+795
2010-02-25Fix check for values of expiration limitsJakub Hrozek2-3/+3
There were inconsistencies between what sssd.conf manpage said and what the code enforces.
2010-02-25Remove a check that was left behindJakub Hrozek1-7/+1
When refactoring talloc_asprintf calls a check was left behind that cased the backend to go offline immediately.
2010-02-23Better cleanup task handlingJakub Hrozek11-39/+263
Implements a different mechanism for cleanup task. Instead of just deleting expired entries, this patch adds a new option account_cache_expiration for domains. If an entry is expired and the last login was more days in the past that account_cache_expiration, the entry is deleted. Groups are deleted if they are expired and and no user references them (no user has memberof: attribute pointing at that group). The parameter account_cache_expiration is not LDAP-specific, so that other future backends might use the same timeout setting. Fixes: #391
2010-02-23Store lastLogin attribute when authenticating onlineJakub Hrozek1-0/+5
2010-02-23Revert "Change default for enumeration to TRUE"Stephen Gallagher2-2/+2
This reverts commit 75a9f18ad8ac6e885ac34cdeebc4d8f8734713f8.
2010-02-23Do not check entries during cleanup taskJakub Hrozek3-82/+60
Do not attempt to validate expired entries in cache, just delete them. Also increase the cache timeouts. Fixes: #331
2010-02-23Do not schedule enumeration after a cleanupJakub Hrozek1-2/+2
2010-02-23Handle expired passwords like other PAM modulesSumit Bose4-21/+53
So far we handled expired password during authentication. Other PAM modules typically detect expired password during account management and return PAM_NEW_AUTHTOK_REQD if the password is expired and should be changed. The PAM library then calls the change password routines. To meet these standards pam_sss is change accordingly. As a result it is now possible to update an expired password via ssh if sssd is running with PasswordAuthentication=yes. One drawback due to limitations of PAM is that the user now has to type his current password again before setting a new one.
2010-02-23Fix file permissions of config.ldbSumit Bose1-0/+4
2010-02-23Check and set permissions on SBUS socketsSumit Bose7-25/+141
2010-02-22Restrict family lookupsJakub Hrozek12-34/+172
Adds a new option that tells resolver which address family to prefer or use exclusively. Fixes: #404
2010-02-22Remove Kerberos options from confdb.hJakub Hrozek1-8/+0
Kerberos-specific options are pulled using dp_get_opts() and defined in Kerberos subtree. There is no need to keep these in confdb.
2010-02-22Remove unnecessary domain parameter from PAM requestsStephen Gallagher2-28/+5
If we're sending a message to the backend, we already know which domain the request is targeting. Carrying this information is not useful and confuses the interface.