| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
| |
|
|
|
|
| |
When fixing an endianness bug, we changed the protocol unnecessarily.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1348
|
| |
|
|
|
|
|
|
| |
There was an issue when IPA provider didn't set PAM_SUCCESS when
successfully finished loading SELinux user maps. This lead to the map
not being read in the responder.
|
|
|
|
|
|
| |
structure
https://fedorahosted.org/sssd/ticket/1343
|
|
|
|
|
| |
* When it's actually a failure, then the callers will print
a message. Fine tune this.
|
|
|
|
|
|
|
|
|
|
|
| |
* When calling krb5_get_init_creds_keytab() with
krb5_get_init_creds_opt_set_canonicalize() the credential
principal can get updated.
* Create the cache file with the correct default credential.
* LDAP GSSAPI SASL would fail due to the mismatched credentials
before this patch.
https://bugzilla.redhat.com/show_bug.cgi?id=811518
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1330
|
|
|
|
|
|
|
|
|
| |
* Load the enctypes for the keys in the keytab and pass
them to krb5_get_init_creds_keytab().
* This fixes the problem where the server offers a enctype
that krb5 supports, but we don't have a key for in the keytab.
https://bugzilla.redhat.com/show_bug.cgi?id=811375
|
| |
|
|
|
|
|
|
|
|
| |
The fact that we were keeping it in memory for the full duration
of the cache timeout meant that we would never reap the benefits
of the midpoint cache refresh.
https://fedorahosted.org/sssd/ticket/1340
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Our previous detection for this was flawed, because the %{rhel}
macro did not exist on the version of RPM shipped with RHEL 5, but
it worked when building for RHEL 5 through mock. This new patch
relies on grepping /etc/redhat-release for the version
information.
https://fedorahosted.org/sssd/ticket/1206
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -fno-strict-aliasing -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,--version-script -Wl,./src/providers/sssd_be.exports -o sssd_be src/providers/data_provider_be.o src/providers/data_provider_fo.o src/providers/data_provider_opts.o src/providers/data_provider_callbacks.o src/providers/fail_over.o src/resolv/async_resolv.o -Wl,--export-dynamic -lpam -lcares ./.libs/libsss_util.a -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config -lcollection -ldhash -llber -lldap -ltdb -lunistring -lcrypto
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: src/providers/data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5'
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: note: 'dlsym@@GLIBC_2.2.5' is defined in DSO /lib64/libdl.so.2 so try adding it to the linker command line
/lib64/libdl.so.2: could not read symbols: Invalid operation
collect2: error: ld returned 1 exit status
make[2]: *** [sssd_be] Error 1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.
The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1329
|
|
|
|
|
|
|
|
| |
When the ldap child process is killed after a timeout, try the next KDC.
When none of the ldap child processes succeed, just abort the connection
because we wouldn't be able to authenticate to the LDAP server anyway.
https://fedorahosted.org/sssd/ticket/1324
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1325
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous version of the SSSD did not abort the async LDAP search
operation on errors. In cases where the request ended in progress, such
as when the paging was very strictly limited, the old versions at least
returned partial data.
This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a
user-visible regression.
https://fedorahosted.org/sssd/ticket/1322
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1320
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1312
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1258
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/917
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1307
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1249
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1300
|
| |
|
|
|
|
|
|
| |
It is a low-level developer option not indended to be consumed by users
https://fedorahosted.org/sssd/ticket/1174
|
|
|
|
|
|
|
|
| |
* Should be 'permit' instead
https://fedorahosted.org/sssd/ticket/1295
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1265
|
| |
|
| |
|