sssd.git/src/responder/ssh, branch subdomfo sssd with jhrozek's patches SSH: Use sss_unique_file_ex to create the known hosts file 2015-08-17T13:22:15+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-12T11:05:32+00:00 84493af37d4b57294e94b7bb0596dec51e06b7b0 Simplifies the code. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Simplifies the code.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
ssh: generate public keys from certificate 2015-07-31T07:52:06+00:00 Sumit Bose sbose@redhat.com 2015-07-15T07:40:00+00:00 4de84af23db74e13e867985c9093f394c9fa8d51 Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2711

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
responders: reset ncache after domains are discovered during startup 2015-04-09T06:35:23+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-29T14:31:19+00:00 0528fdec17d0031996e919fcd852459e86592c35 After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SSH: Ignore the default_domain_suffix 2015-04-01T11:50:21+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-24T20:19:03+00:00 eeecc48d22a28bb69da56f6ffd8824163fc9bf00 https://fedorahosted.org/sssd/ticket/2609 In a trust setup, hosts are normally only stored on the IPA server. The default_domain_suffix option is only recommended for the IPA-AD trust scenario as well. Therefore we should ignore this option in the SSH provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> 
https://fedorahosted.org/sssd/ticket/2609

In a trust setup, hosts are normally only stored on the IPA server. The
default_domain_suffix option is only recommended for the IPA-AD trust
scenario as well. Therefore we should ignore this option in the SSH
provider.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jan Cholasta <jcholast@redhat.com>
Fix: always check return value of unlink() 2014-11-28T15:16:37+00:00 Pavel Reichl preichl@redhat.com 2014-11-28T13:17:44+00:00 aff8b0e3b41644c70704b78e15501779d52b6ff4 Resolves: https://fedorahosted.org/sssd/ticket/2506 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2506

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Views: apply user SSH public key override 2014-11-05T14:26:36+00:00 Sumit Bose sbose@redhat.com 2014-10-16T11:17:37+00:00 ab355eced46b5f488ed62a79a7f2e5ac2b6a574c With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
With this patch the SSH public key override attribute is read from the
FreeIPA server and saved in the cache with the other override data.

Since it is possible to have multiple public SSH keys this override
value does not replace any other data but will be added to existing
values.

Fixes https://fedorahosted.org/sssd/ticket/2454

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDERS: Set default value for umask 2014-10-29T09:41:06+00:00 Pavel Reichl preichl@redhat.com 2014-10-24T11:42:50+00:00 458f5245dd5130d12666cce6faf8ef1ec7f80169 Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2468

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSH: Run the ssh responder as the SSSD user 2014-10-22T13:44:53+00:00 Jakub Hrozek jhrozek@redhat.com 2014-10-17T16:14:53+00:00 76c8dafad2a18cf1514635aa766062085c23a5c8 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
responders: Do not initialize pipe fd if already present 2014-10-22T13:44:39+00:00 Michal Zidek mzidek@redhat.com 2014-10-15T16:01:55+00:00 8bccd95e275fae760a991da394235e4e70e57bbd Allow to skip initialization of pipe file descriptor if the responder context already has one. Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Allow to skip initialization of pipe file descriptor
if the responder context already has one.

Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
SSSD: Add the options to specify a UID and GID to run as 2014-10-20T19:43:40+00:00 Jakub Hrozek jhrozek@redhat.com 2014-10-06T14:28:13+00:00 ac40d2f2b2b2fc35c95389f5e28febd580bd2b7a Adds new command line options --uid and --gid to all SSSD servers, making it possible to switch to another user ID if needed. So far all code still runs as root. Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Adds new command line options --uid and --gid to all SSSD servers,
making it possible to switch to another user ID if needed.

So far all code still runs as root.

Reviewed-by: Pavel Reichl <preichl@redhat.com>