sssd.git/src/providers, branch simo_ccname sssd with jhrozek's patches krb5: Replace type-specific ccache/principal check 2013-08-30T05:00:33+00:00 Simo Sorce simo@redhat.com 2013-08-30T04:58:24+00:00 4b1e4af6b7d2e86f3bfaccba07acc9beb44b3182 Instead of having duplicate functions that are type custom use a signle common function that also performs access to the cache as the user owner, implicitly validating correctness of ownership. Resolves: https://fedorahosted.org/sssd/ticket/2061 
Instead of having duplicate functions that are type custom use a signle common
function that also performs access to the cache as the user owner, implicitly
validating correctness of ownership.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
krb5: Use krb5_cc_destroy to remove old ccaches 2013-08-29T03:36:50+00:00 Simo Sorce simo@redhat.com 2013-08-29T03:18:37+00:00 be894d65471bb6de25623f01a02c606a20b76468 This completely replaces the per-ccache-type custom code to remove old cacches and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as the user owner. Resolves: https://fedorahosted.org/sssd/ticket/2061 
This completely replaces the per-ccache-type custom code to remove old cacches
and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as
the user owner.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
krb5: Add helper to destroy ccache as user 2013-08-29T02:28:35+00:00 Simo Sorce simo@redhat.com 2013-08-29T02:12:07+00:00 c0b30b30d087cfa1051b86c432fdbda8c03e9f9d This function safely destroy a ccache given a cache name and user crdentials. It becomes the user so no possible races can compromise the system, then uses libkrb5 functions to properly destroy a ccache, independently of the cache type. Finally restores the original credentials after closing the ccache handlers. Resolves: https://fedorahosted.org/sssd/ticket/2061 
This function safely destroy a ccache given a cache name and user crdentials.
It becomes the user so no possible races can compromise the system, then
uses libkrb5 functions to properly destroy a ccache, independently of the
cache type.
Finally restores the original credentials after closing the ccache handlers.

Resolves:
https://fedorahosted.org/sssd/ticket/2061
krb5: Add calls to change and restore credentials 2013-08-29T02:17:12+00:00 Simo Sorce simo@redhat.com 2013-08-29T01:19:32+00:00 44a9fd23f1da009e03f60e4d297a5e1d51caa533 In some cases we want to temporarily assume user credentials but allow the process to regain back the original credentials (normally regaining uid 0). Related: https://fedorahosted.org/sssd/ticket/2061 
In some cases we want to temporarily assume user credentials but allow the
process to regain back the original credentials (normally regaining uid 0).

Related:
https://fedorahosted.org/sssd/ticket/2061
IPA_HBAC: Explicitelly include header file time.h 2013-08-28T20:02:49+00:00 Lukas Slebodnik lslebodn@redhat.com 2013-08-28T06:31:18+00:00 7ef1ff8673668c5254db9194a125f58755e2d2b1 struct hbac_eval_req is defined in header file and it has attribute request_time with type time_t, but header file "time.h" was not included. It was not problem, because time.h was indirectly included by stdlib.h (stdlib.h -> sys/types.h -> time.h) in implementation files, but other platforms can have other dependencies among header files. 
struct hbac_eval_req is defined in header file and it has attribute
request_time with type time_t, but header file "time.h" was not included.
It was not problem, because time.h was indirectly included by stdlib.h
(stdlib.h -> sys/types.h -> time.h) in implementation files,
but other platforms can have other dependencies among header files.
IPA: Add forgotten declaration 2013-08-28T17:22:39+00:00 Jakub Hrozek jhrozek@redhat.com 2013-08-28T17:22:16+00:00 6fab6db37339833a1534221f9f8b86c1fac427f0 A conflict between two patches was not resolved correctly 
A conflict between two patches was not resolved correctly
IPA: enable enumeration if parent domain enumerates in server mode 2013-08-28T16:08:29+00:00 Jakub Hrozek jhrozek@redhat.com 2013-08-21T03:15:36+00:00 31dd31b00ad759f256282ef0f7054e60672161ce https://fedorahosted.org/sssd/ticket/1963 
https://fedorahosted.org/sssd/ticket/1963
SYSDB: Store enumerate flag for subdomain 2013-08-28T16:06:57+00:00 Jakub Hrozek jhrozek@redhat.com 2013-08-21T15:22:59+00:00 b3458bbb5315b05d7ac1abc58f1c380761756603 






LDAP: Make sdap_id_setup_tasks reusable for subdomains
2013-08-28T16:06:57+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-08-22T09:03:01+00:00

1c4144a6ce68dbd54c7c08a517d1f982ea57f19a

Instead of always performing the setup for the main domain, the setup
can now be performed for subdomains as well.





Instead of always performing the setup for the main domain, the setup
can now be performed for subdomains as well.







LDAP: Make the cleanup task reusable for subdomains
2013-08-28T16:06:57+00:00

Jakub Hrozek
jhrozek@redhat.com

2013-08-22T09:02:32+00:00

66edf42c51f8591c93204b6490c103fa51346f47

Instead of always performing the cleanup on the main domain, the task
now accepts a sdap_domain structure to perform the cleanup on. This
change will make the cleanup task reusable for subdomains.





Instead of always performing the cleanup on the main domain, the task
now accepts a sdap_domain structure to perform the cleanup on. This
change will make the cleanup task reusable for subdomains.