sssd.git/src/util, branch review-negcache sssd with jhrozek's patches nss_check_name_of_well_known_sid() improve name splitting 2015-07-16T13:26:29+00:00 Sumit Bose sbose@redhat.com 2015-07-14T12:41:34+00:00 4f1897ad419790834573643e88ac03e6c5c1c4be Currently in the default configuration nss_check_name_of_well_known_sid() can only split fully-qualified names in the user@domain.name style. DOM\user style names will cause an error and terminate the whole request. With this patch both styles can be handled by default, additionally if the name could not be split nss_check_name_of_well_known_sid() returns ENOENT which can be handled more gracefully by the caller. Resolves https://fedorahosted.org/sssd/ticket/2717 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Currently in the default configuration
nss_check_name_of_well_known_sid() can only split fully-qualified names
in the user@domain.name style. DOM\user style names will cause an error
and terminate the whole request.

With this patch both styles can be handled by default, additionally if
the name could not be split nss_check_name_of_well_known_sid() returns
ENOENT which can be handled more gracefully by the caller.

Resolves https://fedorahosted.org/sssd/ticket/2717

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Use NSCD path in execl() 2015-07-15T19:57:30+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-05T15:10:21+00:00 f6a71ab5f06642727d5004b9a745a1b8e0393d78 man execl says: The first argument, by convention, should point to the filename associated with the file being executed. We used just 'nscd' instead. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
man execl says:
    The first argument, by convention, should point to the filename
    associated with the file being executed.

We used just 'nscd' instead.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
UTIL: Add sss_filter_sanitize_ex 2015-07-15T15:32:26+00:00 Jakub Hrozek jhrozek@redhat.com 2015-05-04T11:10:01+00:00 fa7921c8259539b750f7e9e7bcd82aa72020826a Related: https://fedorahosted.org/sssd/ticket/2553 In order to support wildcard request, we need to introduce an optionally relaxed version of sss_filter_sanitize that allows to select which characters are exempt from sanitizing. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related:
    https://fedorahosted.org/sssd/ticket/2553

In order to support wildcard request, we need to introduce an optionally
relaxed version of sss_filter_sanitize that allows to select which
characters are exempt from sanitizing.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
nss: Store entries in responder to initgr mmap cache 2015-07-03T13:16:44+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-06-30T11:50:51+00:00 ebf6735dd4f71bf3dc9105e5d04d11e744c64a59 Resolves: https://fedorahosted.org/sssd/ticket/2485 Reviewed-by: Michal Židek <mzidek@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2485

Reviewed-by: Michal Židek <mzidek@redhat.com>
utils: add get_last_x_chars() 2015-06-19T16:48:13+00:00 Sumit Bose sbose@redhat.com 2015-06-16T14:58:23+00:00 a99845006f96f9d1e7af871ec67c71cee8408a62 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
certs: add PEM/DER conversion utilities 2015-06-19T16:48:13+00:00 Sumit Bose sbose@redhat.com 2015-05-08T07:02:26+00:00 bf01e8179cbb2be476805340636098deda7e1366 Related to https://fedorahosted.org/sssd/ticket/2596 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to https://fedorahosted.org/sssd/ticket/2596

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: Fetch keytab for 1way trusts 2015-06-14T19:47:20+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-04T08:51:05+00:00 64ea4127f463798410a2c20e0261c6b15f60257f Uses the ipa-getkeytab call to retrieve keytabs for one-way trust relationships. https://fedorahosted.org/sssd/ticket/2636 Reviewed-by: Sumit Bose <sbose@redhat.com> 
Uses the ipa-getkeytab call to retrieve keytabs for one-way trust
relationships.

https://fedorahosted.org/sssd/ticket/2636

Reviewed-by: Sumit Bose <sbose@redhat.com>
IPA: Include ipaNTTrustDirection in the attribute set for trusted domains 2015-06-14T19:47:11+00:00 Jakub Hrozek jhrozek@redhat.com 2015-05-26T10:41:36+00:00 05d935cc9d04f03522d0bb44598d22d99b085926 Allows to distinguish the trust directions for trusted domains. For domains where we don't know the direction in server mode, we assume two-way trusts. Member domains do not have the direction, but rather the forest root direction is used. Reviewed-by: Sumit Bose <sbose@redhat.com> 
Allows to distinguish the trust directions for trusted domains. For
domains where we don't know the direction in server mode, we assume
two-way trusts.

Member domains do not have the direction, but rather the forest root
direction is used.

Reviewed-by: Sumit Bose <sbose@redhat.com>
UTIL/SYSDB: Move new_subdomain() to sysdb_subdomains.c and make it private 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-06-01T14:53:01+00:00 50936fc7230a9b3f01e285e72c4182013542f53e In order to make updating the subdomain list a two-step process. Therefore we need to make sure that update_subdomains() is the only interface towards the SSSD that changes the subdomain list. Move the new_subdomain() function to sysdb_subdomains.c and only make it available through a private header so it's usable by unit tests. Reviewed-by: Sumit Bose <sbose@redhat.com> 
In order to make updating the subdomain list a two-step process.
Therefore we need to make sure that update_subdomains() is the only
interface towards the SSSD that changes the subdomain list.

Move the new_subdomain() function to sysdb_subdomains.c and only make it
available through a private header so it's usable by unit tests.

Reviewed-by: Sumit Bose <sbose@redhat.com>
SYSDB: Store trust direction for subdomains 2015-06-14T19:44:39+00:00 Jakub Hrozek jhrozek@redhat.com 2015-05-12T12:24:00+00:00 ea224c3813a537639778f91ac762732b3c289603 We need to store the subdomain trust direction in order to recover the structure after SSSD restart. The trust direction is a plain uint32_t to avoid leaking the knowledge about AD trust directions to sysdb while at the same time making it easy to compare values between sysdb and LDAP and avoid translating the values. Reviewed-by: Sumit Bose <sbose@redhat.com> 
We need to store the subdomain trust direction in order to recover the
structure after SSSD restart.

The trust direction is a plain uint32_t to avoid leaking the knowledge
about AD trust directions to sysdb while at the same time making it easy
to compare values between sysdb and LDAP and avoid translating the
values.

Reviewed-by: Sumit Bose <sbose@redhat.com>