sssd.git/src/confdb, branch sid_index sssd with jhrozek's patches confdb: Add new option subdomain_inherit 2015-06-08T10:55:29+00:00 Jakub Hrozek jhrozek@redhat.com 2015-04-29T17:41:14+00:00 da2d33f81746a9bf8abd97becaf17005e4f89d2c Adds a new option subdomain_inherit that would allow administrators to pick and choose which option to pass to subdomains. This option is required for: https://fedorahosted.org/sssd/ticket/2644 as a short-term fix. The proper solution is described in: https://fedorahosted.org/sssd/ticket/2599 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8) 
Adds a new option subdomain_inherit that would allow administrators to pick
and choose which option to pass to subdomains.

This option is required for:
    https://fedorahosted.org/sssd/ticket/2644
as a short-term fix.

The proper solution is described in:
    https://fedorahosted.org/sssd/ticket/2599

Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit 1711cbfd2e36d44af1ae50e3a2beeec3a1f0b5e8)
Log reason in debug message why ldb_modify failed 2015-03-11T09:07:51+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-03-10T15:35:03+00:00 182675e355aa1013f847d47d21a251250962e61f Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 04d138472cc086fb7961f0d378852b09961b1a33) 
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 04d138472cc086fb7961f0d378852b09961b1a33)
PAM: new option pam_account_expired_message 2015-02-23T12:49:53+00:00 Pavel Reichl preichl@redhat.com 2015-02-19T16:17:36+00:00 a81b2ae67c7b011c74c0d37df5bdaef2ef2bbb4a This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e039f1aefecc65a7b3c2d4a13a612bff1dd367c8) 
This option sets string to be printed when authenticating using SSH
keys and account is expired.

Resolves:
https://fedorahosted.org/sssd/ticket/2050

Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit e039f1aefecc65a7b3c2d4a13a612bff1dd367c8)
Add missing new lines to debug messages 2015-02-18T15:16:50+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-02-17T15:40:01+00:00 7bc69afc71c0b8f48bdbf0b5b79d229a47aa49f2 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
CONFDB: Typo in debug message 2015-01-05T15:37:39+00:00 Pavel Reichl preichl@redhat.com 2015-01-05T08:10:23+00:00 b147a7918a4f9672058da1e0f4e06021d508cd7c Reviewed-by: Sumit Bose <sbose@redhat.com> 
Reviewed-by: Sumit Bose <sbose@redhat.com>
confdb: Make confdb_set_string accept const char pointer 2014-11-28T15:09:53+00:00 Michal Zidek mzidek@redhat.com 2014-11-24T21:36:48+00:00 4b6fa94d1a00b07c4310678ec721282288a186a0 The last parameter (value) in the confdb_set_string is not modified, so it makes sense to make it const to avoid unnecessary warnings or casts. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
The last parameter (value) in the confdb_set_string
is not modified, so it makes sense to make it const
to avoid unnecessary warnings or casts.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
CONFDB: Detect&fix misconf opt refresh_expired_interval 2014-11-04T11:35:41+00:00 Pavel Reichl preichl@redhat.com 2014-10-30T16:50:27+00:00 ad132722d6f3393ae1e6d720a222a0f880f2ea54 Related to: https://fedorahosted.org/sssd/ticket/2102 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to:
https://fedorahosted.org/sssd/ticket/2102

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
SSSD: Load a user to run a service as from configuration 2014-10-22T13:44:13+00:00 Jakub Hrozek jhrozek@redhat.com 2014-08-05T11:52:48+00:00 a10ac1d0a7210def232205a48c53a075930e82f6 Related: https://fedorahosted.org/sssd/ticket/2370 Adds a option, user to run as, that is specified in the [sssd] section. When this option is specified, SSSD will run as this user and his private group. When these are not specified, SSSD will run as the configure-time user and group (usually root). Currently all services and providers are started as root. There is a temporary svc_supported_as_nonroot() function that returns true for a service if that service runs and was tested as nonroot and false otherwise. Currently this function always returns false, but will be amended in future patches. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Related:
    https://fedorahosted.org/sssd/ticket/2370

Adds a option, user to run as, that is specified in the [sssd] section. When
this option is specified, SSSD will run as this user and his private
group. When these are not specified, SSSD will run as the configure-time
user and group (usually root).

Currently all services and providers are started as root. There is a
temporary svc_supported_as_nonroot() function that returns true for a
service if that service runs and was tested as nonroot and false
otherwise. Currently this function always returns false, but will be
amended in future patches.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
confdb: add has_views and view_name to sss_domain_info 2014-10-20T14:14:10+00:00 Sumit Bose sbose@redhat.com 2014-09-24T11:01:20+00:00 e7cc651468ab8b1462a6a39e712e7b8d36a3a166 To let the responders know which view is applied and to make view handling more efficiently especially when no view is applied/available two new member are added to the sss_domain_info struct. view_name is the name of the view if available. has_views is only true if the client has a specific view applied, i.e. it is false for the case when there are no views at all (e.g. plain LDAP provider) or the client has the FreeIPA default view. This allows the responders to easily bypass any view related code. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
To let the responders know which view is applied and to make view
handling more efficiently especially when no view is applied/available
two new member are added to the sss_domain_info struct.

view_name is the name of the view if available. has_views is only true
if the client has a specific view applied, i.e. it is false for the case
when there are no views at all (e.g. plain LDAP provider) or the client
has the FreeIPA default view. This allows the responders to easily
bypass any view related code.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: new options pam_trusted_users & pam_public_domains 2014-09-29T16:27:07+00:00 Pavel Reichl preichl@redhat.com 2014-09-25T13:52:31+00:00 830ded27453015080a54d6ba85fd4999ee7e9af1 pam_public_domains option is a list of numerical UIDs or user names that are trusted. pam_public_domains option is a list of domains accessible even for untrusted users. Based on: https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
pam_public_domains option is a list of numerical UIDs or user names
that are trusted.

pam_public_domains option is a list of domains accessible even for
untrusted users.

Based on:
https://fedorahosted.org/sssd/wiki/DesignDocs/RestrictDomainsInPAM

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>