summaryrefslogtreecommitdiffstats
Commit message (Collapse)AuthorAgeFilesLines
...
* ifp: fix potential memory leak in check_and_get_component_from_path()Pavel Březina2015-01-231-0/+4
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: add sbus_opath_get_object_name()Pavel Březina2015-01-235-26/+67
| | | | | | | This function assumes that the last component of the object path is an object name. It will return the part unescaped. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: move common opath functions from ifp to sbus codePavel Březina2015-01-239-304/+398
| | | | | | | These functions are quite general thus they may be part of sbus interface. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* BUILD: Include python-test.py in the tarballJakub Hrozek2015-01-231-1/+3
|
* sbus: unify naming of handler data variablePavel Březina2015-01-237-92/+92
| | | | | | | | | We used three different names to express handler data: - pvt - instace_data - handler_data Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: support org.freedesktop.DBus.PropertiesPavel Březina2015-01-235-222/+328
| | | | | | | Bring back org.freedesktop.DBus.Properties with support of multiple interfaces on single object path. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: support org.freedesktop.DBus.IntrospectablePavel Březina2015-01-234-274/+275
| | | | | | | | | This commit brings back support of Introspectable interface and enables support of multiple interfaces there. It also refactors the old code so the generator and introspect xml format especially is more readable. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: add sbus_opath_hash_lookup_supported()Pavel Březina2015-01-232-5/+129
| | | | | | | This function acquires list of all interfaces that are supported on given object path. It is a preparation for Introspect interface. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: add object path to sbus requestPavel Březina2015-01-235-19/+13
| | | | | | | | | Object path is heavily used in implementation of methods from interfaces that are supported on whole subtrees. Although it can be obtained from a D-Bus message, it is nice to have it accessible directly. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: support multiple interfaces on single pathPavel Březina2015-01-236-301/+455
| | | | | | | | | | | | | | | | | | | This patch removes the old message handler which is replaced with a new one that supports multiple interfaces registered on single object path. A hash table is used to store registered object paths and their interfaces. When an entry or the table itself is destroyed, registered object path is unregistered through delete callback. It temporarily removes support of Introspect and Properties standard D-Bus interfaces and disables unit tests of those interfaces. The support is brought back by following patches. Resolves: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: use 'path/*' to represent a D-Bus fallbackPavel Březina2015-01-233-38/+58
| | | | | | | | | | | | | | | | | | | | | Use 'path/*' instead of 'path*' since it better describes what we are actually doing i.e. registering a message handler for a subtree. Although D-Bus fallback will invoke a message handler for both 'path' and 'path/subtree' object paths it does not make usually sence to support the same interfaces for both parent and it children. This commit also renames related functions to better describe what are they doing. Note: the tilda in comments is used to suppress -Wcomment warning Preparation for: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: move iface and object path code to separate filePavel Březina2015-01-234-190/+220
| | | | | | | | | | This is done to better distinguish between connection code and interface stuff. It will help with orientation and thus simplify next changes. Preparation for: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sbus: add new iface via sbus_conn_register_iface()Pavel Březina2015-01-2311-94/+43
| | | | | | | | | | | | | | | | | | | Rename sbus_conn_add_interface() to sbus_conn_register_iface() and remove sbus_new_interface() calls since it is just one more unnecessary call outside the sbus code. The function sbus_new_interface() is made static and used directly in sbus_conn_register_iface(). The name was chosen to better describe what the function is doing. That it registers an interface on a given object path. The same interface can be used with different paths so it is not really about adding an interface. Preparation for: https://fedorahosted.org/sssd/ticket/2339 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: fix SID lookupsSumit Bose2015-01-231-1/+9
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* IPA: properly handle mixed-case trusted domainsSumit Bose2015-01-234-2/+133
| | | | | | | | | | | | In the SSSD cache domain names are handled case-sensitive. As a result fully-qualified names in RDN contain the domain part in the original spelling. When IPA client lookup up group-memberships on the IPA server via the extdom plugin the names returned are all lower case. To make sure new DNs are generated correctly the domain part must adjusted. Related to https://fedorahosted.org/sssd/ticket/2159 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* views: fix GID overrride for mpg domainsSumit Bose2015-01-211-1/+20
| | | | | | | | | | | When adding a user sysdb internally adds a value to SYSDB_GIDNUM for mpg domain which might cause conflicts with the one we added to users git GID overrides. With this patch the override GID is added after the user is created but in the same transaction Releted to https://fedorahosted.org/sssd/ticket/2514 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Open the PAC socket from krb5_child before dropping rootJakub Hrozek2015-01-213-0/+27
| | | | | | | | | | The PAC responder by default allows only connections from the root user. This patch opens the socket to the PAC responder before the krb5_child drops privileges so the connection seemingly comes from root. https://fedorahosted.org/sssd/ticket/2559 Reviewed-by: Sumit Bose <sbose@redhat.com>
* nss: Add original DN and memberOf to origbyname requestSumit Bose2015-01-202-2/+5
| | | | | | | | | IPA HBAC evaluation relies on the original values for DN and memberOf attributes. Resolves https://fedorahosted.org/sssd/ticket/2560 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: refactor fill_orig()Sumit Bose2015-01-201-67/+66
| | | | | | The two loops in fill_orig were almost identical. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: make fill_orig() multi-value awareSumit Bose2015-01-202-21/+198
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAKE: Don't include autoconf generated file to tarballLukas Slebodnik2015-01-201-1/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SPEC: Use libnl3 for epel6Lukas Slebodnik2015-01-201-4/+0
| | | | | | RHEL6.6 contains libnl3. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* krb5: fix entry order in MEMORY keytabSumit Bose2015-01-192-28/+172
| | | | | | | | | | | | | | | Since krb5_kt_add_entry() adds new entries at the beginning of a MEMORY type keytab and not at the end a simple copy into a MEMORY type keytab will revert the order of the keytab entries. Since e.g. the sssd_krb5 man page give hints about where to add entries into keytab files to help SSSD to find a right entry we have to keep the order when coping a keytab into a MEMORY type keytab. This patch fixes this by doing a second copy to retain the original order. Resolves https://fedorahosted.org/sssd/ticket/2557 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* Bump version to track 1.13 developmentLukas Slebodnik2015-01-161-1/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: add dots as valid character in domain namesPavel Reichl2015-01-151-1/+1
| | | | | | | | | Add dots into a set of allowed characters for domain names. Resolves: https://fedorahosted.org/sssd/ticket/2527 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: dyndns_iface supports only one interfacePavel Reichl2015-01-152-0/+6
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2548 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* MAN: Amend the description of ignore_group_membersJohn Dickerson2015-01-151-1/+19
| | | | | | | | | | | | The option description should hint that enabling this option may have a positive effect on access control, especially with large groups. See https://bugzilla.redhat.com/show_bug.cgi?id=1172338 for an example where ignoring the group members helped. Signed-off-by: Jakub Hrozek <jakub.hrozek@posteo.se> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* GPO: add systemd-user to gpo default permit listPavel Reichl2015-01-152-1/+8
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2556 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
* UTIL: Unify the fd_nonblocking implementationJakub Hrozek2015-01-1510-57/+68
| | | | | | | The responder and child_common modules each had their own implementation. Unify it instead and add a unit test. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL: Remove child_cleanupJakub Hrozek2015-01-152-24/+0
| | | | | | Not used anymore after previous patch. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* LDAP: Use child_io_destructor instead of child_cleanup in a custom desctructorJakub Hrozek2015-01-151-22/+17
| | | | | | | | ldap_child was the only child process that used child_cleanup instead of the common child_io_destructor. Unify the implementation to use the common function instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* TESTS: Cover child_common.c with unit testsJakub Hrozek2015-01-153-1/+333
| | | | | | The module wasn't tested properly, which made it harder to patch it Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* UTIL: Make two child_common.c functions staticJakub Hrozek2015-01-152-20/+20
| | | | | | | Two functions were only used internally, makes no sense to keep them in the child_common module API. Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* server-tests: use strtouint32 instead strtolPavel Březina2015-01-151-4/+7
| | | | | | | | | | PID may be greater than 0xffff thus we remove this check but it is supposed to be in range of uint32. There are also some improvements to get more information from assertions. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* Fix warning: for loop has empty bodyLukas Slebodnik2015-01-151-3/+9
| | | | | | | | Example of warning: src/ldb_modules/memberof.c:4203:536: error: for loop has empty body [-Werror,-Wempty-body] src/ldb_modules/memberof.c:4203:536: note: put the semicolon on a separate line to silence this warning Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* MAN: Remove indentation in element programlisteningLukas Slebodnik2015-01-146-38/+38
| | | | | | | | The indentation is automatically in resulting man page. It isn't necessary to add spaces and moreover it can cause unreadable page asi in case of ad_gpo_map examples. Reviewed-by: Roland Mainz <rmainz@redhat.com>
* krb5_child: Return ERR_NETWORK_IO on KRB5_KDCREP_SKEWJakub Hrozek2015-01-141-0/+1
| | | | | | Previously, we were only handling KRB5KRB_AP_ERR_SKEW Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: set SYSDB_INITGR_EXPIRE for RESP_USER_GROUPLISTSumit Bose2015-01-141-0/+14
| | | | | | | Since RESP_USER_GROUPLIST contains all group memberships it is effectively an initgroups request hence SYSDB_INITGR_EXPIRE will be set. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: resolve missing membersSumit Bose2015-01-141-14/+48
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: rename ipa_s2n_get_groups_send() to ipa_s2n_get_fqlist_send()Sumit Bose2015-01-141-50/+50
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: process_members() optionally return missing members listSumit Bose2015-01-141-18/+67
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: add missing breakSumit Bose2015-01-141-0/+1
| | | | | | | The current request already returned the SID, we do not need to request it separately. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: make version check more preciseSumit Bose2015-01-141-2/+2
| | | | | | | | | The call protected by the check does not only expect the version 1 of the extdom plugin is used but a specific response type as well. Since version 1 can return older response types as well we want to be on the safe side. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: do not look up overrides on client with default viewSumit Bose2015-01-141-14/+49
| | | | | | | | The IPA extdom plugin returns the data with the default view already applied hence it is on needed to look up the override data if the client has the default view assigned. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* SYSDB: Reduce code duplication in sysdb_gpo.cJakub Hrozek2015-01-132-52/+27
| | | | | | | | | Two places in sysdb_gpo.c were searching for the GPO result object while the only difference was the attributes searched for. Remove this duplication and make the search function static as it's not used outside the module. Reviewed-by: Pavel Reichl <preichl@redhat.com>
* IPA: ipa_resolve_user_list_send() take care of overridesSumit Bose2015-01-131-10/+8
| | | | | | | Currently ipa_resolve_user_list_send() only looks up the related user objects but do not check for overrides. This patch tries to fix this. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sysdb: fix group members with overridden namesSumit Bose2015-01-132-11/+63
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: resolve ghost members if a non-default view is appliedSumit Bose2015-01-132-0/+213
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA: add get_be_acct_req_for_user_name()Sumit Bose2015-01-132-0/+18
| | | | | | Related to https://fedorahosted.org/sssd/ticket/2481 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* GPO: Extract server hostname after connectingJakub Hrozek2015-01-131-29/+29
| | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2543 The LDAP URI is not valid prior to connecting to LDAP. Moreover, reconnecting to a different server might invalidate the URI. Move reading the URI after the connection has been established. Reviewed-by: Sumit Bose <sbose@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-28 07:45:59 +0000