| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the returned TGT contains a different user principal name (upn) than
used in the request, i.e. the upn was canonicalized, we currently save
it to sysdb into the same attribute where the upn coming from an LDAP
server is stored as well. This means the canonical upn might be
overwritten when the user data is re-read from the LDAP server.
To avoid this this patch add a new attribute to sysdb where the
canonical upn is stored and makes sure it is used when available.
Fixes https://fedorahosted.org/sssd/ticket/2060
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2075
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2067
Some AD or AD-like servers do not contain the netlogon attribute in the
master domain name. Instead of failing completely, we should just abort
the master domain request and carry on. The only functionality we miss
would be getting users by domain flat name.
|
|
|
|
|
| |
The check worked for simple setups but fails e.g. in environment with
trusts.
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2085
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2068
With the current design, downloading master domain data was tied to
subdomains refresh, triggered by responders. But because enumeration is
a background task that can't be triggered on its own, we can't rely on
responders to download the master domain data and we need to check the
master domain on each enumeration request.
|
|
|
|
| |
AD provider will override the default with its own.
|
|
|
|
| |
Adds a reusable async request to download the master domain info.
|
| |
|
|
|
|
|
|
|
|
| |
When comparing username and his groups to access list, we will
obey case sensitivity of object from access list.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
|
|
|
|
| |
Recent simple access provider patches started using
be_ctx during access check. This caused segfault in
unit tests, since be_ctx wasn't initialized.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
|
|
|
| |
This function will parse object name into name and domain
name part and return appropriate sss domain.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function takes domain SID (doesn't have the last component)
or object SID (have all components) and returns subdomain.
The subdomain is found by comparing domain->domainid with the SID.
E.g.
domain SID: S-1-5-21-3940105347-3434501867-2690409756
object SID: S-1-5-21-3940105347-3434501867-2690409756-513
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
| |
|
|
|
|
| |
Remove code duplication.
|
| |
|
|
|
|
|
|
| |
If the environment variable _SSS_MC_SPECIAL is set to "NO", the
mmap cache is skipped in the client code. The name is not very
descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
|
|
|
|
|
| |
Parameter "int *dp_err" and parameter "int *pam_status" were unused
in static function krb5_auth_prepare_ccache_name.
|
|
|
|
| |
mem_ctx was unused in function get_domain_or_subdomain
|
|
|
|
|
|
| |
The tmpl variable was only ever used to default to FILE backend in case
absolute patch w/o ccache type was selected. Since backends are no
longer there, we can remove the variable, too.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1945
|
| |
|
| |
|
| |
|
|
|
|
| |
format specifies type 'int' but the argument has type 'const char *'
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
struct ldb_message_element.num_values is unsigned
This patch indirectly fixes printf format string warning.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
When the SSSD changes serves (and hence lastUSN) we perform a cleanup as
well. However, after recent changes, we didn't set the cleanup timestamp
correctly, which made the lastUSN logic fail.
|
| |
|
|
|
|
|
|
|
| |
warning: variable 'ret' is used uninitialized whenever
'if' condition is false
if (kerr) {
^~~~
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
these functions are not needed anymore.
Related:
https://fedorahosted.org/sssd/ticket/2061
|
|
|
|
|
|
|
|
|
|
|
|
| |
The containing ccache directory is precreated by the parent code,
so there is no special need to do so here for any type.
Also the special handling for the FILE ccache temporary file is not really
useful, because libkrb5 internally unlinks and then recreate the file, so
mkstemp cannot really prevent subtle races, it can only make sure the file is
unique at creation time.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|