sssd.git/src/confdb, branch adlookup sssd with jhrozek's patches CONFDB: Assume config file version 2 if missing 2015-09-03T07:32:15+00:00 Michal Židek mzidek@redhat.com 2015-07-07T13:15:32+00:00 175613be0cfb0890174d12d941e634d833b63dd9 Default to config file version 2 if the version is not specified explicitly. Ticket: https://fedorahosted.org/sssd/ticket/2688 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Default to config file version 2 if the version
is not specified explicitly.

Ticket:
https://fedorahosted.org/sssd/ticket/2688

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sudo: use "higher value wins" when ordering rules 2015-08-14T20:47:45+00:00 Pavel Březina pbrezina@redhat.com 2015-07-29T12:51:30+00:00 52e3ee5c5ff2c5a4341041826a803ad42d2b2de7 This commit changes the default ordering logic (lower value wins) to a correct one that is used by native ldap support. It also adds a new option sudo_inverse_order to switch to the original SSSD (incorrect) behaviour if needed. Resolves: https://fedorahosted.org/sssd/ticket/2682 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This commit changes the default ordering logic (lower value wins) to
a correct one that is used by native ldap support. It also adds a new
option sudo_inverse_order to switch to the original SSSD (incorrect)
behaviour if needed.

Resolves:
https://fedorahosted.org/sssd/ticket/2682

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ssh: generate public keys from certificate 2015-07-31T07:52:06+00:00 Sumit Bose sbose@redhat.com 2015-07-15T07:40:00+00:00 4de84af23db74e13e867985c9093f394c9fa8d51 Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2711

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
PAM: add certificate support to PAM (pre-)auth requests 2015-07-31T07:52:01+00:00 Sumit Bose sbose@redhat.com 2015-07-10T15:54:07+00:00 a8d887323f83984679a7d9b827a70146656bb7b2 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
TESTS: fix compiler warnings 2015-07-28T11:30:46+00:00 Pavel Reichl preichl@redhat.com 2015-07-28T08:12:48+00:00 4f68747b1baca78be496e9a5ebe4b89a9845dc8d Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
IFP: Add wildcard requests 2015-07-15T15:32:49+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-17T11:39:43+00:00 bdf32fbb3c947dd1b2c54d1c21d8028a1ddc80e6 Resolves: https://fedorahosted.org/sssd/ticket/2553 Can be used as: dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByName \ string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Users \ org.freedesktop.sssd.infopipe.Users.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \ /org/freedesktop/sssd/infopipe/Groups \ org.freedesktop.sssd.infopipe.Groups.ListByDomainAndName \ string:ipaldap string:r\* uint32:10 By default the wildcard_limit is unset, that is, the request will return all cached entries that match. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Resolves:
    https://fedorahosted.org/sssd/ticket/2553

Can be used as:

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Users \
        org.freedesktop.sssd.infopipe.Users.ListByName \
        string:r\* uint32:10

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Groups \
        org.freedesktop.sssd.infopipe.Groups.ListByName \
        string:r\* uint32:10

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Users \
        org.freedesktop.sssd.infopipe.Users.ListByDomainAndName \
        string:ipaldap string:r\* uint32:10

dbus-send --print-reply --system --dest=org.freedesktop.sssd.infopipe \
        /org/freedesktop/sssd/infopipe/Groups \
        org.freedesktop.sssd.infopipe.Groups.ListByDomainAndName \
        string:ipaldap string:r\* uint32:10

By default the wildcard_limit is unset, that is, the request will return
all cached entries that match.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: authenticate agains cache 2015-07-06T18:19:09+00:00 Pavel Reichl preichl@redhat.com 2015-04-16T07:41:58+00:00 0aa18cc0bf3447ca734476926724f1632e160807 Enable authenticating users from cache even when SSSD is in online mode. Introduce new option `cached_auth_timeout`. Resolves: https://fedorahosted.org/sssd/ticket/1807 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Enable authenticating users from cache even when SSSD is in online mode.

Introduce new option `cached_auth_timeout`.

Resolves:
https://fedorahosted.org/sssd/ticket/1807

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SYSDB: Add a forest root attribute to sss_domain_info 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-01T19:58:15+00:00 b50baee36c9ba9e1dd3f6b9c1356482aecd08128 Instead of complex forest root search methods, establish forest root during subdomain list update. The subdomain code can then just use the forest_root pointer. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Instead of complex forest root search methods, establish forest root
during subdomain list update. The subdomain code can then just use the
forest_root pointer.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Store trust direction for subdomains 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-05-12T12:24:00+00:00 ea224c3813a537639778f91ac762732b3c289603 We need to store the subdomain trust direction in order to recover the structure after SSSD restart. The trust direction is a plain uint32_t to avoid leaking the knowledge about AD trust directions to sysdb while at the same time making it easy to compare values between sysdb and LDAP and avoid translating the values. Reviewed-by: Sumit Bose <sbose@redhat.com> 
We need to store the subdomain trust direction in order to recover the
structure after SSSD restart.

The trust direction is a plain uint32_t to avoid leaking the knowledge
about AD trust directions to sysdb while at the same time making it easy
to compare values between sysdb and LDAP and avoid translating the
values.

Reviewed-by: Sumit Bose <sbose@redhat.com>
confdb: Add new option subdomain_inherit 2015-06-05T14:39:18+00:00 Jakub Hrozek jhrozek@redhat.com 2015-04-29T17:41:14+00:00 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8 Adds a new option subdomain_inherit that would allow administrators to pick and choose which option to pass to subdomains. This option is required for: https://fedorahosted.org/sssd/ticket/2644 as a short-term fix. The proper solution is described in: https://fedorahosted.org/sssd/ticket/2599 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Adds a new option subdomain_inherit that would allow administrators to pick
and choose which option to pass to subdomains.

This option is required for:
    https://fedorahosted.org/sssd/ticket/2644
as a short-term fix.

The proper solution is described in:
    https://fedorahosted.org/sssd/ticket/2599

Reviewed-by: Pavel Reichl <preichl@redhat.com>