sssd.git/src/util/util_errors.c, branch rhel7.0 sssd with jhrozek's patches LDAP: Ignore returned referrals if referral support is disabled 2014-10-14T09:04:41+00:00 Jakub Hrozek jhrozek@redhat.com 2014-08-20T12:00:38+00:00 b224c49b8f0a9cdf343a443fdf2190dc6f047508 Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2) 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit a2ea3f5d9ef9f17efbb61e942c2bc6cff7d1ebf2)
LDAP: Detect the presence of POSIX attributes 2014-02-12T15:14:19+00:00 Jakub Hrozek jhrozek@redhat.com 2013-12-16T17:36:12+00:00 3b0d429051648a1545de528ec760c4823088a1d9 When the schema is set to AD and ID mapping is not used, there is a one-time check ran when searching for users to detect the presence of POSIX attributes in LDAP. If this check fails, the search fails as if no entry was found and returns a special error code. The sdap_server_opts structure is filled every time a client connects to a server so the posix check boolean is reset to false again on connecting to the server. It might be better to move the check to where the rootDSE is retrieved, but the check depends on several features that are not known to the code that retrieves the rootDSE (or the connection code for example) such as what the attribute mappings are or the authentication method that should be used. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit e81deec535d11912b87954c81a1edd768c1386c9) 
When the schema is set to AD and ID mapping is not used, there is a one-time
check ran when searching for users to detect the presence of POSIX
attributes in LDAP. If this check fails, the search fails as if no entry
was found and returns a special error code.

The sdap_server_opts structure is filled every time a client connects to
a server so the posix check boolean is reset to false again on connecting
to the server.

It might be better to move the check to where the rootDSE is retrieved,
but the check depends on several features that are not known to the code
that retrieves the rootDSE (or the connection code for example) such as what
the attribute mappings are or the authentication method that should be used.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit e81deec535d11912b87954c81a1edd768c1386c9)
LDAP: Add a new error code for malformed access control filter 2014-01-09T11:32:03+00:00 Jakub Hrozek jhrozek@redhat.com 2014-01-08T16:12:17+00:00 91ab35daf713e146dfae53a67f6b86b424c897d5 https://fedorahosted.org/sssd/ticket/2164 The patch adds a new error code and special cases the new code so that access is denied and a nicer log message is shown. 
https://fedorahosted.org/sssd/ticket/2164

The patch adds a new error code and special cases the new code so that
access is denied and a nicer log message is shown.
monitor: Specific error message for missing sssd.conf 2013-12-02T03:57:24+00:00 Pavel Reichl pavel.reichl@redhat.com 2013-11-19T11:24:31+00:00 08134dde5a6c8b23cf40ec8f0020cd553af2667e Specific error message is logged for missing sssd.conf file. New sssd specific error value is introduced for this case. Resolves: https://fedorahosted.org/sssd/ticket/2156 
Specific error message is logged for missing sssd.conf file. New sssd specific
error value is introduced for this case.

Resolves:
https://fedorahosted.org/sssd/ticket/2156
utils: add ERR_DOMAIN_NOT_FOUND error code 2013-10-25T20:18:54+00:00 Pavel Březina pbrezina@redhat.com 2013-10-22T13:25:47+00:00 ed01e2d2b0886f44b4a6d19e96db4262d0c7bf62 Resolves: https://fedorahosted.org/sssd/ticket/1968 
Resolves:
https://fedorahosted.org/sssd/ticket/1968
krb5: Fetch ccname template from krb5.conf 2013-08-28T09:00:03+00:00 Stephen Gallagher sgallagh@redhat.com 2013-08-27T17:36:41+00:00 dcc6877aa2e2dd63a9dc9c411a9c58feaeb36b9a In order to use the same defaults in all system daemons that needs to know how to generate or search for ccaches we introduce ode here to take advantage of the new option called default_ccache_name provided by libkrb5. If set this variable we establish the same default for all programs that surce it out of krb5.conf therefore providing a consistent experience across the system. Related: https://fedorahosted.org/sssd/ticket/2036 
In order to use the same defaults in all system daemons that needs to know how
to generate or search for ccaches we introduce ode here to take advantage of
the new option called default_ccache_name provided by libkrb5.

If set this variable we establish the same default for all programs that surce
it out of krb5.conf therefore providing a consistent experience across the
system.

Related:
https://fedorahosted.org/sssd/ticket/2036
failover: return error when SRV lookup returned only duplicates 2013-06-21T08:00:28+00:00 Pavel Březina pbrezina@redhat.com 2013-06-18T10:28:36+00:00 e5f455afbc2d149527bfd08f4e89903a3a8da17a https://fedorahosted.org/sssd/ticket/1947 Otherwise we risk that the meta server is removed from the server list, but without a chance to return, because there may be no fo_server with srv_data = meta. Also if state->meta->next is NULL (it is still orphaned because we try to errornously expand it without invoking collapse first), state->out will be NULL and SSSD will crash. New error code: ERR_SRV_DUPLICATES 
https://fedorahosted.org/sssd/ticket/1947

Otherwise we risk that the meta server is removed from the server list,
but without a chance to return, because there may be no fo_server with
srv_data = meta.

Also if state->meta->next is NULL (it is still orphaned because we try
to errornously expand it without invoking collapse first), state->out
will be NULL and SSSD will crash.

New error code: ERR_SRV_DUPLICATES
KRB: Handle preauthentication error correctly 2013-06-14T11:39:08+00:00 Ondrej Kos okos@redhat.com 2013-06-13T13:28:23+00:00 22a21e910fd216ec1468fe769dcc29f1621a52a4 https://fedorahosted.org/sssd/ticket/1873 KRB preauthentication error was later mishandled like authentication error. 
https://fedorahosted.org/sssd/ticket/1873

KRB preauthentication error was later mishandled like authentication error.
Refactor dynamic DNS updates 2013-05-03T18:22:29+00:00 Jakub Hrozek jhrozek@redhat.com 2013-03-26T15:49:26+00:00 9cb46bc62f22e0104f1b41a423b014c281ef5fc2 Provides two new layers instead of the previous IPA specific layer: 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its purpose it to make it possible for any back end to use dynamic DNS updates. 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some LDAP-specific features like autodetecting the address from the LDAP connection. Also converts the dyndns code to new specific error codes. 
Provides two new layers instead of the previous IPA specific layer:
 1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its
 purpose it to make it possible for any back end to use dynamic DNS
 updates.
 2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some
 LDAP-specific features like autodetecting the address from the LDAP
 connection.

Also converts the dyndns code to new specific error codes.
DNS sites support - SRV lookup plugin interface 2013-04-10T13:36:55+00:00 Pavel Březina pbrezina@redhat.com 2013-03-19T14:53:44+00:00 f9961e5f82e0ef474d6492371bfdf9e74e208a99 https://fedorahosted.org/sssd/ticket/1032 Introduces two new error codes: - ERR_SRV_NOT_FOUND - ERR_SRV_LOOKUP_ERROR Since id_provider is authoritative in case of SRV plugin choise, ability to override the selected pluging during runtime is not desirable. We rely on the fact that id_provider is initialized before all other providers, thus the plugin is set correctly. 
https://fedorahosted.org/sssd/ticket/1032

Introduces two new error codes:
- ERR_SRV_NOT_FOUND
- ERR_SRV_LOOKUP_ERROR

Since id_provider is authoritative in case of SRV plugin choise,
ability to override the selected pluging during runtime is not
desirable. We rely on the fact that id_provider is initialized
before all other providers, thus the plugin is set correctly.