[Pkg-sssd-devel] sssd: Changes to 'refs/tags/debian/1.10.0-1'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Wed Jul 10 09:17:52 UTC 2013
Tag 'debian/1.10.0-1' created by Timo Aaltonen <tjaalton at ubuntu.com> at 2013-07-10 09:15 +0000
tagging 1.10.0-1
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
iQIcBAABAgAGBQJR3SY7AAoJEMtwMWWoiYTcRhYP/2HZO63Adi8hy9nciYdIC9Wz
0dM9EX3qx4aGGWIZ6ZLjybt90Aneaig00lRqwhE5n7w2b9UuH7JouGs1wXpBEKLc
whrydzY5y+exCzO9MFVVbgN9lbl3+C3eEAAp8LFI6HieltcJT0oq+SSrGRdvpHVK
gnkfUproUU5AEqSYS4GyqZFyox/FktydhiA4/dMItqMaRBQX+07Zq4fQC72vxkCJ
RBLLj7CbJu3JoEAhk/6k225Sj0fWEcqATIuYisYRumjjJKQY/lTDujSK+cjdHDQP
HNiTmYtE6dPHuQgJe2hHLYkmOn1kyQ5A3G+KGxzkrDl30/XlF/WU7USM3QQpjvzd
i5vEs95cqD3O4x0r0MB4dsRrHd6xc2HXITjzfUzx8+xnIkZ8If863xfU2t7WsB2j
raHnNNMcJ6cHfbAiTC0tpo2pL/qDvpazXeBZeoslxpKL8mk8J4xCH+Sx9Sv/1I7h
crs9z4hiVSy98AmXcX08BRaf+OIwUWBGs0RSM6tiIRLCbYYkN5410SWqdsWS9mEX
kIxvvoRiH82H14T4GdBR6W3FFsHiiF3yuoGokNsjdgVaWkRBnACV7yFZnIGJ6U5I
OvFBXTluvUxpdq4wZbXJJSM0AW7Tql2zmHvRRR2iMNrKJ/3baB6l1mfRqd6IB7Yf
cC6Qy5+viqWwCkKq/su7
=/SL6
-----END PGP SIGNATURE-----
Changes since the dawn of time:
Abhishek Singh (4):
filename in comment is corrected
cmocka unittest for find_uid added
cmocka unittest for io added
Fix segmentation fault in test_io.
Alexander Gordeev (1):
Add explicit requests for several operational attrs
Ana Beatriz Guerrero López (8):
add missing changelog from zumbi's NMU
update changelog lines related to b-d
group changelog lines related to new version
update list of new binaries packages
remove morten from uploaders
fully merge lines related to new binary packages
add new maintainer line and close RFA bug
remove line from bug already closed in the changelog
Ariel Barria (12):
Bad check for id_provider=local and access_provider=permit
Potential NULL dereference in proxy provider
Potential NULL dereference in proxy provider
Warn to syslog when dereference requests fail
Warn to syslog when dereference requests fail
Clarify how comments work in sssd.conf
SIGUSR2 should force SSSD to reread resolv.conf as well
Missing resolv.conf should be non-fatal
Improve syslog message when configuration cannot be loaded
Allow setting krb5_renew_interval with a delimiter
Confusing error messages for invalid sssd.conf
Removing BUILD.txt content
Ariel O. Barria (2):
Monitor quit when not exists no process no stops
Monitor quit when not exists no process no stops
Bouska (1):
Add French translation to sss_client
Cheng-Chia Tseng (3):
Adding empty zh_TW translation files
Updating zh_TW translation
Update zh_TW translation
David O'Brien (3):
Copy-edit sssd-ipa man page
Copy-edit, mainly fixing typos and English
Copy-edit and format review sssd.conf
Dmitri Pal (81):
First commit of basic collection API.
First attempt to produce INI interface.
INI component: Fixed issues introduced by cleanup.
Added functions to create list of sections and attributes.
The lower level function now returns NOENT if file is not found.
Fixing memory issues in ini and collection
INI parser. Better error handling if something bad happens.
INI parser. Cleanup. Prep for INI validation.
INI parser. Removing inlines.
INI parser. Adding comments to avoid confusion.
INI parser. Fix for line numbers.
Adding INSERT into collection functionality.
FORMATTING - minor cleanup of the unit test.
Queue and stack APIs using collection.
New deletion unit test.
Changing function names for collection API.
Adding wrappers to free data in INI API.
Fixing build issues
COLLECTION Removing static placeholder structure.
COLLECTION Adding flat traversal & copy
COLLECTION Fixed: iterator_up and insert_into_current
ELAPI First part of the interface
INI Refactoring code a bit
COLLECTION Add remove item functions
COLLECTION Improving searches
COLLECTION & INI Cleanup
INI Simple fix to properly process multi value config parameters.
ELAPI Next round of functionality - logging part of the interface
TRACE: Making sure trace is safe to output NULL strings
ELAPI: Adding concept of targets
COMMON Fixes to return values, errno, leaks
ELAPI Shortening names
ELAPI sinks and providers
ELAPI Adding file provider and CSV format
ELAPI Laying foundation for the async processing
COLLECTION Copy collection flat with concatenated names
COLLECTION Improvements to copy functions
COLLECTION Functions to deal with hash
ELAPI Better separation from collection internals.
INI Error handling and interface cleanup
COLLECTION Adding item comparison and sorting
COLLECTION Realigning collection code
COLLECTION Making iterations pinnable
COLLECTION Enhancing hashing and iteration functions
ELAPI Event resolver
ELAPI Resolving message attribute
ELAPI Fixing warnings in the example
ELAPI Rename variables and functions not to use word template
ELAPI Fixed the host name resolution
ELAPI Compatibility code for getifaddr()
COMMON Improvements to the trace macro
COLLECTION Create reference to the top level collection
COLLECTION: Cleaning FIXME comments
INI: Cleaning FIXME comments.
INI Correcting build warnings.
INI: Added method to get string list with empty values
REFARRAY: New referenced array object
COLLECTION: Fixing queue collection and unit tests.
Documentation for collection interface
Do not generate man pages for COLLECION for now.
Fixing verbosity and formatting of the INI unit test.
Adding interface description using doxygen.
Convert collection to use sized values.
Fixing type conversion in INI interface.
Adding interface documentation
Adding metadata interface
Adding content to the metadata
Resolve paths for reporting purposes
Acess control and config change checks
Add ability to trace 64bit numbers
Fixing spec file to match version.
Fixing build
Code restructuring
Extending refarray interface
Introducing a comment object
Adding support for explicit 32/64 types (attempt 2).
Addressing initialization issues.
Fixing types in queue and stack interfaces
Fixing memory leaks in the unit test.
Fixing NULL dereferencing in ini_config
Memory leak in case of empty value
Dmitry Drozdov (1):
Adding Russion Translation
Domingo Becker (1):
Updating ES translation
E Deon Lackey (1):
Fix language errors in the sssd-krb5.conf man page
Eugene Indenbom (1):
Add krb5_kpasswd to IPA provider
Fabian Affolter (1):
Add German translation
George McCollister (6):
Pointers to non 32 bit aligned data were being cast to uint32_t *
Added option to use libcrypto instead of NSS.
Define _GNU_SOURCE in pam_sss.c.
Fixed alignment problems in nss client/server
Fixed buffer alignment in exchange_credentials().
libcrypto fully implemented
Gowrishankar Rajaiyan (4):
removing password option functionality
updating sss_obfuscate man page accordingly
removing password option functionality
updating sss_obfuscate man page accordingly
Guido Grazioli (1):
Updating IT translation
Göran Uddeborg (5):
Add Swedish translation for sss_client
Add Swedish translation for SSSD server
Update SV translation
Update SV translation
Update SV translation
Héctor Daniel Cabrera (7):
Updating ES translation
Updating ES translation for 1.1.0
Update ES translation
Updating ES translation for 1.1.0
Updating ES translation
Updating es translation
Updating es translation
Jakub Hrozek (1162):
top-level Makefile, create libdir/name in server/Makefile.in
Create and own /var/lib/sss, memberof.so packaging
Make tests configurable
sss_userdel
Specfile changes related to package review, package initscript Call ldconfig
sss_groupadd
sss_groupdel, delete by DN in sss_userdel
Clients subpackage
Fix initialization problems
defattr
Fix parameter parsing and adding to groups in useradd
sss_usermod
sss_groupmod
Correct use of chkconfig in initscript and specfile
Hide uid and gid options in usermod and groupmod
sssd 0.3.2
Stress test
Invoke shadow-utils in sss_ tools
Add debug param to the tools, fix lock/unlock in sss_usermod
redirect stderr to /dev/null in initscript
Use tevent for shutdown signals, remove old pidfile, make sssd single-instance.
Chdir to / when daemonizing
Check for valid ID range, domains overlap
More useful error message when adding user/group that already exists
Manpage generation
Read the config before startup, fail if cannot be read
Fix initscript return codes
Fix typos in the Introspection XML file
Add some more InfoPipe tests
Fix infopipe packaging
Fix manual UID assignment in sysdb
Move useradd defaults to confdb
Fix release.sh
Do not fire up backend search when the data provider is local
Adjust sysdb tests to the new confdb interface and improve sysdb test coverage
special-case NSS calls in PAM code
Make Data Provider a mandatory service
Add more manpages
sssd.conf(5) man page
man page for LDAP domains
fix shadow-utils base path
PRINT and ERROR macros
Gettextize the sss_ tools
Check for root before initializing
Fix saving new nextID
Async DNS integration
Add ares helpers into sssd
Add async resolver tests
Improve error messages
Add ignore_not_found parameter to sysdb delete functions
Use correct return codes
Notify user when deleting nonexistent user or group
Correct check for local domain in tools
Consolidate tevent helpers
Fix adding to groups on user creation
Move parsing of names and domains into util/
Parse fully qualified names in tools
Add configure checks for docbook XSL templates and XML tools
Make child processes exit when parent dies
Tools ID range fixes
Make "files" a reserved word for legacy local domain
Disallow all operations outside domains, fix deleting cache for files
Fix sysdb tests
Remove shadow-utils support from tools
Small changes to the example config and manpage
Add copyright notices
ELAPI: Fix dispatcher structure initialization
Add binaries and backup files to .gitignore
Refactor tools code
Decouple synchronous sysdb interface from tools
Provide python bindings for sysdb
Use syslog for logging error conditions in SSSD
ELAPI: fix varargs call, update unit tests
ELAPI: Ticket 161: Initialize structures with calloc instead of enumerating members
Allow entering parent groups as FQDN
Remove provider=files
Manpages update
script to upgrade config to v2
Send debug messages to logfile
Convert the example config to v2 format, upgrade config on update only
Fix python sync operations and mem hierarchy
Fix error messages in tools
User home directories management
Fix migration script for pre-0.5 local domains
Do not migrate Data Provider
Free the PCRE regexp with destructor
Do not delete users, groups outside domain range
Add missing include
IPA time rules parsing routines
Fix regression in error message when deleting groups
Assorted manpage fixes
Make the password field configurable in NSS
Add Simo's ipachangeconf
SSSDChangeConf - a wrapper around ipachangeconf
Change the upgrade script to use ipachangeconf
Convert SSSDConfig API to ipachangeconf
SSSDConfigAPI fixes
upgrade_config fixes for SSSD 0.6 and later
Split helpers for child processes
Get TGT in a child process.
Warn visibly about permission problems with the config file
Better error message when there is no local domain configured
Setup ldap child logging from IPA backend
Check the services started against a list of known services
Handle spaces in config parser
Fail on nonexistent input file
Do not start with provider=files
Reduce code duplication between LDAP child and Kerberos child
Change ares usage to be c-ares 1.7.0 compatible
Import ares 1.7.0 helpers
Don't build the SRV and TXT parsing code except for tests
Document the failover feature in manpages
Consolidate code for splitting strings by separator
sss_groupshow - a utility to print properties of a local group
document debug_timestamps
Deleting nonexistent users or groups is not a noop
Add missing include
Few misc minor man page bugs
Fix other memory alignment issues
sss_groupshow improvements
gitignore additions
sss_groupshow: separate member lists by comma
Synchronize IPA and LDAP options
Add test for number of options in IPA and LDAP backends
Supress warnings with -O2
Use macros to hide memcpy calls
Remove Kerberos options from confdb.h
Restrict family lookups
Do not schedule enumeration after a cleanup
Do not check entries during cleanup task
Store lastLogin attribute when authenticating online
Better cleanup task handling
Remove a check that was left behind
Fix check for values of expiration limits
groupshow: only show all parents in recursive mode
Do not run negative resolv test with no network
Reopen logs when SIGHUP is caught
Package example logrotate script
Make filter_users and filter_groups also per-domain
Flush NSCD cache after modifying local database
Remove unused M4 code
Fix segfault in the locator plugin
Fix config file error message
Add generic error message
Fixes for path_utils
Unit tests for path_utils
Generate doxygen documentation for path_utils
Allow running with read only root
Regression test against RHBZ #576856
Add userdel_cmd param
Make sss_userdel check for logged in users
Move SELinux related functions into its own module
SELinux login management
Treat server names as case-insensitive in failover code
Do not mark a request as failed twice
Sort SRV replies according to RFC 2782
Remove freed server_common entities from list
Support SRV servers in failover
Silence warnings with -O2
Fix uninitialized variable
Add a README file
Use all available servers in LDAP provider
Improve the offline authentication message
Fix memory hierarchy in the ipa timerules
Use service discovery in backends
SSSDConfigAPI fixes
Try all servers during Kerberos auth
Remove dead code from the PAM responder
Man page fixes
Don't return uninitialized value in proxy provider
Skip empty attributes with warning
Fix realm_str dereference
Fix potential NULL dereference in fail_over.c
Fix Incorrect NULL check in get_server_common()
Add missing break to switch statement
get_uid_from_pid should use fstat rather than lstat
Remove krb5_changepw_principal option
Remove the -g option from useradd
Fix potential resource leak in copy_tree_ctx()
Potential memory leak in _nss_sss_*_r()
Check closedir call in find_uid
Print correct return code
Resend SIGINT as SIGTERM in services
Add dns_discovery_domain option
Use netlink to detect going online
Fix getting default realm in the ldap child
Validate keytab at startup
Fix two problems with --as-needed
Fix check_time_rule() return value on failure
Return proper error value when SRV lookup fails
Fix wrong return value in HBAC time rules evaluation
Package systemd unit file
Move crypto functions into its own subdir
Add safe copy/move macros for uint16_t
Password obfuscation utility functions
Fix pysss linking
Python bindings for obfuscation
sss_obfuscate tool
Deobfuscate password in back ends
Fix assorted minor bugs in sss_ tools
Fix parameter order when initializing decryption
Revert "Make ldap bind asynchronous"
Define objectclass with a constant
Use a different min_id for local domain
Add parameter to skip cleanup in sysdb test
Fix sysdb_group_dn_name
Fix sysdb_attrs_to_list
Request the correct attribute name
Add KDC to the list of LDAP options
Report Kerberos error code from ldap_child_get_tgt_sync
Make ldap_child report kerberos return code to parent
Initialize kerberos service for GSSAPI
Check for GSSAPI before attempting to kinit
Add sysdb_attrs_get_ulong utility function
sysdb interface for adding incomplete groups
Save dummy groups to cache during initgroups
sysdb interface for adding fake users
Save dummy member users during RFC2307 getgr{nam,gid}
Use unsigned long for conversion to id_t
set in_transaction explicitly to false
Always use uint32_t for UID/GID numbers
Internal DNS resolver should check /etc/hosts
Allow protocol fallback for SRV queries
Make manual pages translatable
Add Czech translation
NSS obfuscation code cleanup
Use realm for basedn instead of IPA domain
Reset server status after timeout
Use realm for basedn instead of IPA domain
Reset server status after timeout
Prevent segfault in failover code
Prevent segfault in failover code
Always expire host name resolution
Always expire host name resolution
Run callbacks if server IP changes
Run callbacks if server IP changes
Mention Samba libraries URLs in BUILD.txt
Mention Samba libraries URLs in BUILD.txt
Fix LDAP search filter for nested initgroups
Fix LDAP search filter for nested initgroups
Add originalDN to fake groups
Use fake groups during IPA schema initgroups
Add originalDN to fake groups
Use fake groups during IPA schema initgroups
Return from functions in LDAP provider after marking request as failed
Return from functions in LDAP provider after marking request as failed
Fix typo in sdap_nested_group_process_step
Mark transaction as done when cancelled
Fix typo in sdap_nested_group_process_step
Mark transaction as done when cancelled
Only save members for successfully saved groups
Do not attempt to resolve nameless servers
Do not attempt to resolve nameless servers
Don't pass NULL to printf for TLS errors
Fix unchecked return values of pam_add_response
Remove detection of duplicates from SRV result processing
Remove detection of duplicates from SRV result processing
Use safe alignment macros for in-tree SRV record parsing
The systemd unit file should not require DBus
Provide a configuration option to use systemd unit file
Use safe alignment macros for in-tree SRV record parsing
Only check systemd unit dir if systemd is selected
Set same status for duplicate servers
Add user and group search LDAP filter options
Case insensitive originalDN test
Require openssl-devel is libcrypto backend is selected
Warn that some crypto features are implemented in NSS only
Disable libcrypto code
Do not leak LDAP paging controls
Fix order of arguments in select_principal_from_keytab() call
Do not leak pcre context
Do not leak LDAP URI with high log level
Do not leak netgroups hash table
Remove unused constants from data_provider.h
Use a temporary memory context in expand_ccname_template
Set c-ares to retry nameservers
Set c-ares to retry nameservers
Remove append_attrs_to_array
Rename label in expand_ccname_template
Add a new option to override primary GID number
Add a new option to override home directory value
Add new options to override shell value
sdap_get_generic_ext
Generic dereference data structures and utilities
Add support for Attribute Scoped Queries
OpenLDAP dereference searches
Generic dereference search
Change sysdb_add_fake_user to add OriginalDN
Use fake users during RFC2307bis nested group processing
Refactor RFC2307bis nested group processing
Use dereference when processing RFC2307bis nested groups
Fix bad comparison in sdap_has_deref_support
Fix uninitialized pointer read in sdap_x_deref_parse_entry
Fix uninitialized scalar variable in sdap_nested_group_check_cache
Only save members for successfully saved groups
Separate return paths for success and failure in sdap_nested_group_check_cache
Add utility function to return IP address as string
Add a utility function to escape IPv6 address for use in URIs
Use escaped IP addresses in LDAP provider
Escape IPv6 IP addresses in the IPA provider
Add utility function to return IP address as string
Add a utility function to escape IPv6 address for use in URIs
Use escaped IP addresses in LDAP provider
Escape IPv6 IP addresses in the IPA provider
Add a new option to override primary GID number
Add a new option to override home directory value
Add new options to override shell value
Make parse_args skip extra spaces
Unit test for parge_args
Add new resolv_hostent data structure and utility functions
Resolve hosts by name from files into resolv_hostent
Resolve hosts by name from DNS into resolv_hostent
Switch resolver to using resolv_hostent and honor TTL
Provide TTL structure names for c-ares < 1.7
Test NULL server hostname in fail over tests
Log nsupdate message
Add new resolv_hostent data structure and utility functions
Resolve hosts by name from files into resolv_hostent
Resolve hosts by name from DNS into resolv_hostent
Switch resolver to using resolv_hostent and honor TTL
Provide TTL structure names for c-ares < 1.7
Test NULL server hostname in fail over tests
Log nsupdate message
Don't pass NULL to printf for TLS errors
ipa_dyndns: Use sockaddr_storage for storing IP addresses
ipa_dyndns: Use sockaddr_storage for storing IP addresses
Fix unchecked return values of pam_add_response
Provide python bindings for the HBAC evaluator library
Move IP adress escaping from the LDAP namespace
Escape IP address in kdcinfo
Do not hardcode default resolver timeout
Split reading resolver family order into a separate function
Allow returning arbitrary address from resolv_hostent as string
Check DNS records before updating
Remove unused krb5_service structure member
Use ares_search instead of ares_query for hostname resolution
Use ares_search instead of ares_query for hostname resolution
Fixes for python HBAC bindings
Fix python HBAC bindings for python <= 2.4
Do not add a NULL host parsed from LDAP URI
Only print server address if one is available
Rename fo_get_server_name to fo_get_server_str_name
fo_get_server_name() getter for a server name
Fix indexing of skipped groups
Do not add a NULL host parsed from LDAP URI
Only print server address if one is available
Fix indexing of skipped groups
Set gidNumber of non-posix groups to 0 even on updates
Explicitly ignore groups with gidNumber=0
Set gidNumber of non-posix groups to 0 even on updates
Explicitly ignore groups with gidNumber=0
Remove dead code from python HBAC bindings
Handle allocation error in python HBAC bindings
UTF8 HBAC test
Wrong paramater to sysdb_attrs_add_uint32
Wrong paramater to sysdb_attrs_add_uint32
Change the default value of ldap_tls_cacert in IPA provider
Change the default value of ldap_tls_cacert in IPA provider
HBAC rule validation Python bindings
Request password control unconditionally during bind
Provide python bindings for the HBAC evaluator library
Fixes for python HBAC bindings
Fix python HBAC bindings for python <= 2.4
Remove dead code from python HBAC bindings
Handle allocation error in python HBAC bindings
UTF8 HBAC test
HBAC rule validation Python bindings
Request password control unconditionally during bind
pyhbac: Do not convert int to bool
pyhbac: Do not convert int to bool
Fix returning groups when gidNumber attribute is not ordered
Fix returning groups when gidNumber attribute is not ordered
Prevent segfault if vetoed_shells are specified without allowed_shells
Remove unused temporary context
Prevent segfault if vetoed_shells are specified without allowed_shells
Handle errno properly in set_debug_file_from_fd()
Do not delete requests inside hash_iterate loop
Handle timeout during sss_ldap_init_send
Handle timeout during sss_ldap_init_send
IPA dyndns: do not segfault if the server cannot be resolved
Return the first value of name if the multivalued name attribute does not match RDN
Return the first value of name if the multivalued name attribute does not match RDN
Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
Use the default Kerberos realm for LDAP with GSSAPI auth
Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON
Use the default Kerberos realm for LDAP with GSSAPI auth
Fix moving to next entry in deref code
Allow turning dereference off by setting the threshold to 0
Change libnl monitor callback to only signal going online
Discard carrier messages from non-ethernet devices
Subscribe to netlink route and addr messages
Improve error message for LDAP password constraint violation
Improve error message for LDAP password constraint violation
Keep deref controls until the whole request is finished
Fix uninitialized pointer read in sdap_gssapi_get_default_realm()
Fix wrong buffer size in has_phy_80211_subdir()
Fix uninitialized pointer read in sdap_gssapi_get_default_realm()
Multiline macro cleanup
IPA access: hostname comparison should be case-insensitive
IPA access: hostname comparison should be case-insensitive
Add sysdb interface to get name aliases
Add a sysdb_get_direct_parents function
Store name aliases for users, groups
Return users and groups based on alias
Add sysdb interface to get name aliases
Add a sysdb_get_direct_parents function
Store name aliases for users, groups
Return users and groups based on alias
Use explicit base 10 for converting strings to integers
Use explicit base 10 for converting strings to integers
Fix typo in sysdb_get_direct_parents
Fix typo in sysdb_get_direct_parents
Add option to follow symlinks to check_file()
Append PID to sbus server socket name, let clients use a symlink
Streamline the example config
Add option to follow symlinks to check_file()
Append PID to sbus server socket name, let clients use a symlink
Streamline the example config
Check if dp_requests hash table exists before using it
Do not delete requests inside hash_iterate loop
Check if dp_requests hash table exists before using it
Fix off-by-one error in remove_socket_symlink()
Report on errno, not return code in create_socket_symlink
Fix off-by-one error in remove_socket_symlink()
Report on errno, not return code in create_socket_symlink
Add a missing break
Sanitize DN in sysdb_get_direct_parents
gitignore additions
Utility functions for LDAP nested schema initgroups
Use fewer transactions during RFC2307bis initgroups
Use fewer transactions during IPA initgroups
Add a missing break
Sanitize DN in sysdb_get_direct_parents
gitignore additions
Cancel transactions correctly during initgroups
Utility functions for LDAP nested schema initgroups
Use fewer transactions during RFC2307bis initgroups
Use fewer transactions during IPA initgroups
Plug memory leaks in LDAP provider
Plug memory leaks in LDAP provider
Plug memory leaks in sysdb_ops
Do not leak hash table iterator during proxy auth
resolver: Free the whole hostent structure
RFC2307bis initgroups: fix nested groups processing
RFC2307bis initgroups: fix nested groups processing
Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents
Steal result onto mem_ctx in sdap_initgr_nested_get_direct_parents
Use LDAPDerefSpec properly
Remove confusing do-while loop
Fix segfault in sdap_get_initgr_user
Use correct state struct in sdap_initgr_rfc2307bis_next_base
configAPI: Fix removing in old domain when saving a new domain
Squash transactions in sdap_initgr_common_store
Use one transaction instead of two during RFC2307bis group processing
Prevent printing NULL in several places of LDAP provider
Cleanup: Remove unused parameters
Fix sdap_id_ctx/ipa_id_ctx mismatch in IPA provider
Provide means of forcing TLS and GSSAPI enabled/disabled for sdap connections
IPA migration fixes
Fix two small bugs in group dereferencing
Use dereference during IPA provider initgroups
Pass the correct private data into Data Provider callback
Always attempt to connect in sdap_async_sys_connect_done
LDAP provider: Error while setting the nocanon option should not be fatal
LDAP provider: Error while setting the nocanon option should not be fatal
Cancel ping_check if service goes away
sss_utf8_tolower utility function+unit tests
Responders: Split getting domain by name into separate function
Canonicalize username in PAM provider
Use the case sensitivity flag in responders
Refactor saving sdap entities
sysdb_get_real_name helper function
Use the case sensitivity flag in the LDAP provider
Use the case sensitivity flag in the simple access provider
Use the case sensitivity flag in the proxy provider
Export the function to convert ldb_result to sysdb_attrs
SUDO Integration - sysdb interface
SUDO Integration - LDAP provider - save sudo rules functions
SUDO Integration - responder - get sudo rules logic
DP: Remove processed callbacks
Pass client context to sss_dp_get_account_send
Pass sdap_id_ctx to online check from IPA provider
Error out if local domain is case insensitive
Resolver: Introduce a per-request timeout
Do not touch resolve_service_state in fo_resolve_service_done
Failover: Introduce a per-service timeout
Save original memberof, not memberof
sss_get_cased_name utility function
Return user and group names lowercased in case insensitive domains
Honor case sensitive flag when creating the ccname template
HBAC: create empty groups with one NULL element
Do not call krb5_child when changing passwords and provider went offline
IPA netgroups: Do not reuse loop iterator variable
Add a configure switch to specify 3rd party app libraries location
Export libsss_sudo as a separate package
Add a new Makefile target to build RPMs with the experimental flag
Do not use sudo symbols in LDAP provider unconditionally
PAM: Fix reversed logic
SUDO: include the sources in the IPA provider, too
PAM: Do not overwrite ret
DP: Refactor responder_dp_req so it's reusable by other responders
SUDO: Provide a sudo DP request based on the internal_req
Use the new SUDO request in DP and sudo responder
Fix sudo compilation on RHEL5
Include sudo manual pages only conditionally
docs: Use absolute srcdir path
SUDO: Provide documentation for the SUDO API
SYSDB: index sudoUser
Refactor nss_cmd_send_empty
Use profiling Docbook XSLT only if available, fall back to normal
RESPONDERS: Provide a common sss_cmd_send_error function
NSS: Use sss_hash_create instead of destructor
Fixes for sudo_timed
ConfigAPI: add sudo to known services
SUDO: introduce a new config option --with-sudo
Move BUILD_SUDO outside the generic LDAP source files
Fix configure with old autoconf versions
BUILD: Introduce a --with-autofs config option
SYSDB: Remove code duplication between member_add and member_del
AUTOFS: sysdb interface
AUTOFS: a client library
AUTOFS: a command-line test client
AUTOFS: Data Provider request
RESPONDERS: Refactor setent_req_list
Split the logic to check cache expiration into separate function
AUTOFS: responder
AUTOFS: LDAP provider
Do not call sudo functions if built without-sudo
Make sudo installation path configurable, install into libdir by default
Fix SSH compilation on RHEL5
Fix SSH compilation on RHEL5
AUTOFS: IPA provider
Two sssd-ldap manual pages fixes
AUTOFS: IPA provider
Two sssd-ldap manual pages fixes
Fix group enumeration
Fix group enumeration
Only fetch SELinux string if the user is found
Only fetch SELinux string if the user is found
Remove setent structure when callback is called
Allocate setent structure on state, not on the client context
Remove setent structure when callback is called
Allocate setent structure on state, not on the client context
Fix memory hierarchy when processing nested group memberships
Fix memory hierarchy when processing nested group memberships
Fix case insensitive service lookups
Fix case insensitive service lookups
Include the fd_limit configuration option
End request if ldap_parse_result fails
remove unused function
End request if ldap_parse_result fails
remove unused function
Save errno value before calling DEBUG
Save errno value before calling DEBUG
libnl: fix the path to phy80211 subdirectory
AUTOFS: Invoke implicit setautomntent if needed
AUTOFS: Search all search bases for automounter map entries
libnl: fix the path to phy80211 subdirectory
AUTOFS: Invoke implicit setautomntent if needed
AUTOFS: Search all search bases for automounter map entries
AUTOFS: speed up the client by requesting multiple entries at once
AUTOFS: speed up the client by requesting multiple entries at once
Use proper errno code
Use proper errno code
Only do one cycle when resolving a server
krb5_child: set debugging sooner
Search netgroups by alias, too
Only do one cycle when resolving a server
krb5_child: set debugging sooner
Search netgroups by alias, too
Detect cycle in the fail over on subsequent resolve requests only
Detect cycle in the fail over on subsequent resolve requests only
Autofs: operate on contents of double-pointer, not address
Only free returned values on success
Autofs: operate on contents of double-pointer, not address
Only free returned values on success
Save original name into the in-memory cache
Handle errors from lookup_netgr_step gracefully
Fix nested groups processing
Save original name into the in-memory cache
Handle errors from lookup_netgr_step gracefully
Fix nested groups processing
Fix netgroup error handling
Handle empty elements in proxy netgroups:
Fix netgroup error handling
Handle empty elements in proxy netgroups:
Fix uninitialized variable
Fix uninitialized variable
Free entry found in negative cache
Free entry found in negative cache
Make the string_equal() function public
Save alias of the primary name, too
NSS: Look for services with correct case when cache is updated
Make the string_equal() function public
Save alias of the primary name, too
NSS: Look for services with correct case when cache is updated
AUTOFS: fix copy-and-paste bug in the autofs client
LDAP services: Keep the protocol around
AUTOFS: fix copy-and-paste bug in the autofs client
LDAP services: Keep the protocol around
Silence Coverity warning in the autofs test tool
Silence Coverity warning in the autofs test tool
Return correct resolv_status on resolver timeout
Add sss_get_cased_name_list utility function
LDAP services: Save lowercased protocol names in case-insensitive domains
Proxy services: Save lowercased protocol names and aliases in case-insensitive domains
Fix off-by-one error in principal selection
Return correct resolv_status on resolver timeout
Add sss_get_cased_name_list utility function
LDAP services: Save lowercased protocol names in case-insensitive domains
Proxy services: Save lowercased protocol names and aliases in case-insensitive domains
Fix off-by-one error in principal selection
Catch cases where D-Bus connection is NULL
Use HTML_TIMESTAMP instead of HTML_FOOTER_DESCRIPTION
Fix regression in SSSDConfig.py
Catch cases where D-Bus connection is NULL
Fix regression in SSSDConfig.py
Use the correct options counter
netlink integration: ensure that interface name is NULL-terminated
netlink integration: ensure that interface name is NULL-terminated
Remove forgotten DEBUG message
autofs: load the correct option
man: document that referral chasing might bring performance penalty
Prevent printing NULL from DEBUG messages
Do not call sdap_auth if not needed
pam_sss: improve error handling in SELinux code
Remove the "command" option from documentation
Add sysdb_set_service_attr and sysdb_set_autofsmap_attr
sss_cache: support invalidating services and autofs maps
autofs: Raise the maximum key length to PATH_MAX
sss_cache: Better error reporting
MAN: timeout can be specified for services, too
MAN: document the hostid and autofs providers
man: document that referral chasing might bring performance penalty
pam_sss: improve error handling in SELinux code
Remove the "command" option from documentation
autofs: Raise the maximum key length to PATH_MAX
MAN: timeout can be specified for services, too
MAN: document the hostid and autofs providers
proxy: Canonicalize user and group names
proxy: new option proxy_fast_alias
Free controls in sdap_rebind_proc
Make the monitor SIGKILL time configurable
sdap_check_aliases must not error when detects the same user
sss_atomic_io: Do not fail reads with EPIPE if there is not enough data to read
Move atomic io function to a separate module
Convert read and write operations to sss_atomic_read
Document sss_tools better
Warn on 'make update-po' if there are manpages not listed in po4a.cfg
Test RFC2307bis and RFC2307 option maps
proxy: Canonicalize user and group names
proxy: new option proxy_fast_alias
sdap_check_aliases must not error when detects the same user
Document sss_tools better
Get the RootDSE after binding if not successfull before
Get the RootDSE after binding if not successfull before
confdb_get_bool needs a TALLOC_CTX in sssd-1.8
Lowercase group members in case-insensitive domains
Lowercase group members in case-insensitive domains
NSS: Only return data from initgroups once
SUDO: Return ret, not EOK
SYSDB: return EOK if empty message is passed into get_rm_msg
SYSDB: check return value
SSH: return NULL on error in ssh_host_pubkeys_format_known_host_plain
SERVER: use the correct return code of sss_atomic_write_s
LDAP: check return value of sysdb_attrs_get_el
RESPONDER: check return value from confdb_get_int
PYHBAC: Return NULL on failure
PAM_SSS: report error code if write fails
NSS: Check return code of sss_mmap_cache_gr_store
IPA netgroups: return EOK when there are no netgroups to process
ipa_get_config_send: remove unused assignment
HBAC: Prevent NULL dereference in hbac_evaluate
DP: return correct error message when subdomains back end target is not configured
NSS: fix returning group from cache
SSS_DEBUGLEVEL: silence analyzer warnings
PROXY: return correct return codes
IPA: Check return values
AUTOFS: remove unused assignments
Rename split_service_name_filter
SSH: Add dp_get_host_send to common responder code
Read sysdb attribute name, not LDAP attribute map name
Read sysdb attribute name, not LDAP attribute map name
Kerberos locator: Include the correct krb5.h header file
Special-case LDAP_SIZELIMIT_EXCEEDED
krb5 locator: Do not leak addrinfo
Only reset kpasswd server status when performing a chpass operation
Special-case LDAP_SIZELIMIT_EXCEEDED
Kerberos locator: Include the correct krb5.h header file
krb5 locator: Do not leak addrinfo
Try all KDCs when getting TGT for LDAP
Try all KDCs when getting TGT for LDAP
Send the correct enumeration request
subdomains: Fix error handling in Data Provider
Send the correct enumeration request
Filter out IP addresses inappropriate for DNS forward records
sysdb: return proper error code from sysdb_sudo_purge_all
SYSDB: Handle user and group renames better
SYSDB: Handle user and group renames better
NSS: keep a pointer to body after body is reallocated
Use sized_string correctly in FQDN domains
Use the sysdb attribute name, not LDAP attribute name
Use the sysdb attribute name, not LDAP attribute name
LDAP nested groups: Do not process callback with _post deep in the nested structure
LDAP nested groups: Do not process callback with _post deep in the nested structure
Use sized_string correctly in FQDN domains
Send 16bit protocol numbers from the sss_client
Send 16bit protocol numbers from the sss_client
Revert the client packet length, too, after reverting the packet protocol
Revert the client packet length, too, after reverting the packet protocol
Fix the default sssd.conf path
Fix the 0.11 sysdb upgrade
sss_names_init: Report correct error code if allocation failed
Two small krb5_child fixes
Provide more debugging in krb5_child and ldap_child
Allow redefining the KRB5_CHILD path
Split parse_krb5_child_response so it can be reused
Add a krb5_child test tool
Residual util functions
Handle trailing slash in the ccname template
Add a credential cache back end structure
Add support for storing credential caches in the DIR: back end
Use Kerberos context in KRB5_DEBUG
Make krb5_ccname_template and krb5_ccachedir configurable
Print based on pointer contents not address
Cast uid_t to unsigned long long in DEBUG messages
Update translations for 1.9.0 beta 4 release
Bumping version to 1.9.0 beta 5
Add newline to DEBUG messages
RPM: Own several directories
Add missing "%" to specfile
IPA: Download defaults even if there are no SELinux mappings
SYSDB: Delete SELinux mappings
IPA: Return and save all SELinux rules in the provider
PAM: Fix off-by-one-error in the SELinux session code
Update translations for 1.9.0 beta 5 release
Bumping version to 1.9.0 beta 6
Fix sysdb_search_selinux_usermap_by_username return value
Fix SSSDConfigTest
Fix bad check
Create a domain-realm mapping for krb5.conf to be included
Update translations for 1.9.0 beta 6 release
Bumping version for the 1.9.0 release
Don't call fo_set_{server,port}_status for SRV servers
Fix the version number
SYSDB: Check the return value
SYSDB: Use ldb_msg_add_string for simple string additions
Failover: Return last tried server if it's still being tried
Subdomains: Send the DP reply in the correct format
Always mark SRV servers as primary
Allocate on top of a talloc context, not NULL
Abort PAM access phase if HBAC does not return PAM_SUCCESS
Change default for ldap_idmap_range_min to 200000
Don't use server after SRV data collapsed
Document entry_cache_autofs_timeout
Add autofs-related options to configAPI
sss_client: Group lookups should work even when fastcache cannot be initialized
FO: Don't retry the same server if it's not working
FO: Return EAGAIN if there are more servers to try
KRB5: Only return PAM error for unreachable kpasswd when performing chpass
Build SELinux code in responder conditionally
Do not try to remove the temp login file if already renamed
Only create the SELinux login file if there are mappings on the server
Fix compilation error in Python murmurhash bindings
Process all groups from a single nesting level
Use PTHREAD_MUTEX_ROBUST to avoid deadlock in the client
RPM: Switch the default ccache location
RPM: Always include the patch file
Check if the SELinux login directory exists
SYSDB: Commit transaction in sysdb_store_user
SYSDB: Abort unit test if sysdb_getpwnam fails
Retry the next server if bind during LDAP auth times out
Don't terminate the same connection twice
Update translations for 1.9.0 beta 7 release
Bumping version for the 1.9.0 beta 7 release
libsss_sudo should have a versioned dependency on SSSD
KRB5: cancel the sysdb transaction on one place only
KRB5: Return PAM_AUTH_ERR on incorrect password
RPM: BuildRequire selinux-policy-targeted
SYSDB: NULL-terminate the output of sysdb_get_{ranges,subdomains}
KRB5: Add a missing string argument
NSS: Fix off-by-one error in parse_getservbyname
FO: Check server validity before setting status
DB: Always write the SELinux object to sysdb
SELinux: Always use the default if it exists on the server
Updating the translations for the 1.9.0 RC1 release
Updating the version for the RC1 release
KRB5 child: Don't return System Error on empty password
KRB5 child: handle more error codes gracefully
DB: Cancel transaction in sysdb_store_user if sysdb_add_user fails
Mark the fastcache files in the spec file as %ghost
autofs, sudo, ssh and PAC are not experimental anymore
AUTOFS: Do not fail if search base is not provided
AUTOFS: Add sysdb tests
AUTOFS: Add entry objects below map objects
AUTOFS: Use both key and value in entry RDN
More information about the Pkg-sssd-devel
mailing list