sssd.git/src/util, branch memberof sssd with jhrozek's patches simple-access-provider: make user grp res more robust 2015-04-28T09:58:53+00:00 Pavel Reichl preichl@redhat.com 2015-04-20T15:33:29+00:00 82a958e6592c4a4078e45b7197bbe4751b70f511 Not all user groups need to be resolved if group deny list is empty. Resolves: https://fedorahosted.org/sssd/ticket/2519 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Not all user groups need to be resolved if group deny list is empty.

Resolves:
https://fedorahosted.org/sssd/ticket/2519

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
selinux: Only call semanage if the context actually changes 2015-04-14T17:58:30+00:00 Jakub Hrozek jhrozek@redhat.com 2015-04-09T20:18:35+00:00 1e0fa55fb377db788e065de917ba8e149eb56161 https://fedorahosted.org/sssd/ticket/2624 Add a function to query the libsemanage database for a user context and only update the database if the context differes from the one set on the server. Adds talloc dependency to libsss_semanage. Reviewed-by: Michal Židek <mzidek@redhat.com> 
https://fedorahosted.org/sssd/ticket/2624

Add a function to query the libsemanage database for a user context and
only update the database if the context differes from the one set on the
server.

Adds talloc dependency to libsss_semanage.

Reviewed-by: Michal Židek <mzidek@redhat.com>
selinux: Begin and end the transaction on the same nesting level 2015-04-14T17:58:21+00:00 Jakub Hrozek jhrozek@redhat.com 2015-04-10T09:06:44+00:00 748b38a7991d78cbf4726f2a14ace5e926629a54 Transaction should be started and commited on the same code nesting or abstraction level. Also, transactions are really costly with libselinux and splitting them from initialization will make init function reusable by read-only libsemanage functions. Reviewed-by: Michal Židek <mzidek@redhat.com> 
Transaction should be started and commited on the same code nesting or
abstraction level. Also, transactions are really costly with libselinux
and splitting them from initialization will make init function reusable
by read-only libsemanage functions.

Reviewed-by: Michal Židek <mzidek@redhat.com>
selinux: Disconnect before closing the handle 2015-04-14T17:58:13+00:00 Jakub Hrozek jhrozek@redhat.com 2015-04-10T08:55:22+00:00 aa00d67b2a8e07c9080e7798defdc6c774c93465 libsemanage documentation says: ~~~~ be sure that a semanage_disconnect() was previously called if the handle was connected. ~~~~ Otherwise we get a memory leak. Reviewed-by: Michal Židek <mzidek@redhat.com> 
libsemanage documentation says:
~~~~
be sure that a semanage_disconnect() was previously called if the handle
was connected.
~~~~

Otherwise we get a memory leak.

Reviewed-by: Michal Židek <mzidek@redhat.com>
UTIL: Add a simple function to get the fd of debug_file 2015-04-14T09:35:31+00:00 Jakub Hrozek jhrozek@redhat.com 2015-04-08T12:29:05+00:00 843a66170a4e51e0a614498e74f3526afc4bff52 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
ncache: Silence critical error from filter_users when default_domain_suffix is set 2015-04-09T06:35:16+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-27T11:30:53+00:00 1aa492ce890f362564bfac21f3cfb0a3e38608bd When default_domain_suffix is used and filter_users is set (at least root is always, by default), SSSD tried to add the negcache entry to the default domain. But since the default domain is not known after start up, adding the entries fail with a verbose error message. This patch handles EAGAIN returned from the parsing function while setting negcache entries gracefully and also makes the debug message in parsing function more precise. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
When default_domain_suffix is used and filter_users is set (at least
root is always, by default), SSSD tried to add the negcache entry to the
default domain. But since the default domain is not known after start
up, adding the entries fail with a verbose error message.

This patch handles EAGAIN returned from the parsing function while
setting negcache entries gracefully and also makes the debug message in
parsing function more precise.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
IPA: Use custom error codes when validating HBAC rules 2015-03-24T20:03:26+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-16T09:35:59+00:00 1243e093fd31c5660adf1bb3dd477d6935a755be https://fedorahosted.org/sssd/ticket/2603 Instead of reusing EINVAL/ENOENT, use more descriptive error codes. This will be useful in the next patch where we act on certain codes. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
https://fedorahosted.org/sssd/ticket/2603

Instead of reusing EINVAL/ENOENT, use more descriptive error codes. This
will be useful in the next patch where we act on certain codes.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
sdap: properly handle binary objectGuid attribute 2015-03-20T11:26:47+00:00 Sumit Bose sbose@redhat.com 2015-02-17T03:41:21+00:00 1d93029624d708119bbf803e6647a2cbb271f001 Although in the initial processing SSSD treats the binary value right at some point it mainly assumes that it is a string. Depending on the value this might end up with the correct binary value stored in the cache but in most cases there will be only a broken entry in the cache. This patch converts the binary value into a string representation which is described in [MS-DTYP] and stores the result in the cache. Resolves https://fedorahosted.org/sssd/ticket/2588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Although in the initial processing SSSD treats the binary value right at
some point it mainly assumes that it is a string. Depending on the value
this might end up with the correct binary value stored in the cache but
in most cases there will be only a broken entry in the cache.

This patch converts the binary value into a string representation which
is described in [MS-DTYP] and stores the result in the cache.

Resolves https://fedorahosted.org/sssd/ticket/2588

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Add missing new lines to debug messages 2015-03-17T13:40:19+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-02-17T15:40:01+00:00 87f8bee53ee1b4ca87b602ff8536bc5fd5b5b595 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
test: Check ERR_LAST 2015-03-13T08:34:10+00:00 Michal Zidek mzidek@redhat.com 2015-03-10T17:38:10+00:00 7650ded4ffa87fcf7ce5adf00920fecf89cffcf5 Check if number of error codes and messages is the same. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Check if number of error codes and messages is the same.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>