sssd.git/src/confdb, branch mdbtest sssd with jhrozek's patches Add missing new lines to debug messages 2015-03-17T13:40:19+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-02-17T15:40:01+00:00 87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Use FQDN if default domain was set 2015-03-11T09:30:09+00:00 Michal Zidek mzidek@redhat.com 2015-01-30T14:48:04+00:00 804df4040eb142f82a44c019c7a55b5ce524583c https://fedorahosted.org/sssd/ticket/2569 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
https://fedorahosted.org/sssd/ticket/2569

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Log reason in debug message why ldb_modify failed 2015-03-11T09:04:30+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-10T15:35:03+00:00 04d138472cc086fb7961f0d378852b09961b1a33 Reviewed-by: Sumit Bose <sbose@redhat.com> 
Reviewed-by: Sumit Bose <sbose@redhat.com>
PAM: new option pam_account_expired_message 2015-02-23T12:47:53+00:00 Pavel Reichl preichl@redhat.com 2015-02-19T16:17:36+00:00 e039f1aefecc65a7b3c2d4a13a612bff1dd367c8 This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> 
This option sets string to be printed when authenticating using SSH
keys and account is expired.

Resolves:
https://fedorahosted.org/sssd/ticket/2050

Reviewed-by: Sumit Bose <sbose@redhat.com>
CONFDB: Typo in debug message 2015-01-05T15:37:39+00:00 Pavel Reichl preichl@redhat.com 2015-01-05T08:10:23+00:00 b147a7918a4f9672058da1e0f4e06021d508cd7c Reviewed-by: Sumit Bose <sbose@redhat.com> 
Reviewed-by: Sumit Bose <sbose@redhat.com>
confdb: Make confdb_set_string accept const char pointer 2014-11-28T15:09:53+00:00 Michal Zidek mzidek@redhat.com 2014-11-24T21:36:48+00:00 4b6fa94d1a00b07c4310678ec721282288a186a0 The last parameter (value) in the confdb_set_string is not modified, so it makes sense to make it const to avoid unnecessary warnings or casts. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
The last parameter (value) in the confdb_set_string
is not modified, so it makes sense to make it const
to avoid unnecessary warnings or casts.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
CONFDB: Detect&fix misconf opt refresh_expired_interval 2014-11-04T11:35:41+00:00 Pavel Reichl preichl@redhat.com 2014-10-30T16:50:27+00:00 ad132722d6f3393ae1e6d720a222a0f880f2ea54 Related to: https://fedorahosted.org/sssd/ticket/2102 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to:
https://fedorahosted.org/sssd/ticket/2102

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
SSSD: Load a user to run a service as from configuration 2014-10-22T13:44:13+00:00 Jakub Hrozek jhrozek@redhat.com 2014-08-05T11:52:48+00:00 a10ac1d0a7210def232205a48c53a075930e82f6 Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Related:
    https://fedorahosted.org/sssd/ticket/2370

Adds a option, user to run as, that is specified in the [sssd] section. When
this option is specified, SSSD will run as this user and his private
group. When these are not specified, SSSD will run as the configure-time
user and group (usually root).

Currently all services and providers are started as root. There is a
temporary svc_supported_as_nonroot() function that returns true for a
service if that service runs and was tested as nonroot and false
otherwise. Currently this function always returns false, but will be
amended in future patches.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
confdb: add has_views and view_name to sss_domain_info 2014-10-20T14:14:10+00:00 Sumit Bose sbose@redhat.com 2014-09-24T11:01:20+00:00 e7cc651468ab8b1462a6a39e712e7b8d36a3a166 To let the responders know which view is applied and to make view handling more efficiently especially when no view is applied/available two new member are added to the sss_domain_info struct. view_name is the name of the view if available. has_views is only true if the client has a specific view applied, i.e. it is false for the case when there are no views at all (e.g. plain LDAP provider) or the client has the FreeIPA default view. This allows the responders to easily bypass any view related code. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
To let the responders know which view is applied and to make view
handling more efficiently especially when no view is applied/available
two new member are added to the sss_domain_info struct.

view_name is the name of the view if available. has_views is only true
if the client has a specific view applied, i.e. it is false for the case
when there are no views at all (e.g. plain LDAP provider) or the client
has the FreeIPA default view. This allows the responders to easily
bypass any view related code.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: new options pam_trusted_users & pam_public_domains 2014-09-29T16:27:07+00:00 Pavel Reichl preichl@redhat.com 2014-09-25T13:52:31+00:00 830ded27453015080a54d6ba85fd4999ee7e9af1 pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
pam_public_domains option is a list of numerical UIDs or user names
that are trusted.

pam_public_domains option is a list of domains accessible even for
untrusted users.

Based on:
https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>