| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 034ffb3c69cd04f03b36b89766c47a7c9bd9b831)
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2257
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 90afedb00608547ae1f32aa7aafd552c4b306909)
|
| |
|
|
|
|
| |
New functions were added.
|
|
|
|
|
|
|
|
|
|
| |
ad_id.c and ad_access.c used the same block of code. With the upcoming
option to disable GC lookups, we should unify the code in a function to
avoid breaking one of the code paths.
The same applies for the LDAP connection to the trusted AD DC.
Includes a unit test.
|
|
|
|
|
|
|
| |
Unit test testing detection of the right domain when processing group with members from several domains
Resolves:
https://fedorahosted.org/sssd/ticket/2132
|
|
|
|
|
|
| |
Libraries MUST be specified in LDADD/LIBADD, not LDFLAGS, because
LDFLAGS appear earlier in the command line and library order is
significant.
|
| |
|
|
|
|
|
| |
If sssd is compiled with disabled link_all_deplibs (debian) some test could not
be properly linked. This patch add missing libraries
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2082
Adds a new option that allows the admin to specify a LDAP access filter
that can be applied globally, per-domain or per-forest.
|
| |
|
| |
|
|
|
|
| |
Adds a reusable async request to download the master domain info.
|
|
|
|
| |
Remove code duplication.
|
| |
|
|
|
|
|
|
|
|
|
| |
This completely replaces the per-ccache-type custom code to remove old cacches
and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as
the user owner.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
|
|
|
|
| |
This tests dlopens and resolves all symbols to make sure there are no missing
symbols in our provider modules.
|
|
|
|
|
|
|
|
|
| |
We checked only header file "sys/inotify" for detection whether inotify
works. Some platforms do not have built in inotify, but contain library,
which provides inotify-compatible interface.
This patch adds more robust detection of inotify in configuration time and
appends linker flags to Makefile if inotify is provided by library.
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function gettext needn't be included in libc, it can be part of another
library. Autotools macro AM_GNU_GETTEXT generate makefile variables
(LIBINTL, LTLIBINTL), which contain necessary linker flags.
checking for GNU gettext in libc... no
checking for iconv... yes
checking for GNU gettext in libintl... yes
checking whether to use NLS... yes
checking where the gettext function comes from... external libintl
|
| |
|
|
|
|
| |
The $(PAM_LIBS) variable should be added to LDADD not LDFLAGS
|
| |
|
|
|
|
|
|
| |
Some platform have header file endian.h and anothers have sys/endian.h.
We nedd to use conditional build to handle it correctly, therefore new header
file sss_endian.h was created.
|
|
|
|
|
|
|
|
|
|
|
| |
The LDAP enumeration was too closely tied to the LDAP identity provider.
Because some providers might need special handling such as refresh the
master domain record before proceeding with the enumeration itself, this
patch splits the request itself to a separate async request and lets the
ldap_id_enum.c module only configure this new request.
Also move the enum timestamp to sdap_domain to make the enum tracking
per sdap domain. The cleanup timestamp will be moved in another patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When IPA trusts an AD domain the AD user or groups can be placed into
IPA groups e.g. to put AD users under the control of HBAC. Since IPA
group can only have members from the IPA directory tree and the AD users
and groups are not stored there a special IPA object called external
group was introduced. SIDs of users and groups can be added to the
external group and since the external groups are in the IPA directory
tree they can be member of IPA groups.
To speed things up and to remove some load from the IPA servers SSSD
reads all external groups and stores them in memory for some time before
rereading the data.
Enhances https://fedorahosted.org/sssd/ticket/1962
|
|
|
|
|
|
|
|
|
| |
Now that we use the libkrb5 defaults for the default ccname template
we do not need the patch that changes the man pages defaults nor the
configure options to change sssd defaults anymore.
Related:
https://fedorahosted.org/sssd/ticket/2036
|
|
|
|
|
|
|
| |
When we're running 'make rpms' for development purposes, the nested
call to 'make distdir' ends up forcing an update of the translation pot
files. With this patch, we'll automatically ignore them during (S)RPM
actions.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2025
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2023
When the option values are copied using dp_opt_copy_map, the .val member
is used if it's not NULL. At the same time, the bool options are never
NULL, unlike integers or strings that can have special NULL-like values
such as NULL_STRING. This effectively means that when copying a bool
option, the .val member is always used.
But in the AD maps, some .val fields were set differently from the
.def_val fields. The effect was that when the AD subdomain provider was
initialized from IPA subdomain provider using only the defaults, some
options (notably referral chasing) were set to a value that didn't make
sense for the AD provider.
This patch makes sure that for all boolean option, the .val is always
the same as .def_val.
|
|
|
|
|
|
|
|
|
|
| |
This patch introduces a new structure that holds information about a
subdomain and its ad_id_ctx. This structure will be used only in server
mode to make it possible to search subdomains with a particular
ad_id_ctx.
Subtask of:
https://fedorahosted.org/sssd/ticket/1962
|
|
|
|
|
|
| |
Use the sdap_idmap context for the IPA provider as well.
https://fedorahosted.org/sssd/ticket/1961
|
|
|
|
|
| |
This patch implements some unit tests for the recent enhancements to
libsss_idmap.
|
|
|
|
|
| |
It seems that some linkers have problem with wrong order of libraries.
This commit only change order.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
Add new option refresh_expired_interval.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1891
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1845
libsss_sudo and libsss_autofs are separate packages that contain just a
single client library with no additional dependencies. This separation
comes from the F-17 timeframe where the feature was really just a tech
preview so we didn't want it to be packaged in sssd proper. On the other
hand users are getting regularly confused about "sudo not working" when
all they really miss is the single library.
This patch moves the files owned by the libsss_autofs and libsss_sudo
packages back to the main sssd package. We also no longer build the
libsss_sudo documentation by default and do not ship the header file as
it was just a private one.
|
|
|
|
|
| |
The utility function will be reused to guess search base from the base
DN of AD trusted domains.
|
|
|
|
|
|
|
|
|
|
|
| |
This patch modifies the PAC responder so that it can be used with the AD
provider as well. The main difference is that the POSIX UIDs and GIDs
are now lookup up with the help of the SID instead of being calculated
algorithmically. This was necessary because the AD provider allows
either algorithmic mapping or reading the value from attributes stored
in AD.
Fixes https://fedorahosted.org/sssd/ticket/1558
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
From the Debian patch:
># Do not link against deplibs. This is not needed for shared libs
># on at least ELF systems since those already know which libs they
># need themself. This seems to break a few things and will be fixed
># in a better way in a future upstream version.
Overlinking has several issues. An obvious one is performance on startup,
a more serious is if one of the lib deps changes soname of something it links
against, and you could load two versions to the memory at the same time..
This patch changes dependencies among libsss_util and libsss_child,
libsss_crypt, libsss_debug. Library libsss_util no longer depends on
any internal library. Each program, which was linked with libsss_util,
now directly link necessary libraries
(libsss_child, libsss_crypt, libsss_debug)
https://fedorahosted.org/sssd/ticket/1928
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1648
Adds another expansion in the printf format that allows the user to use
the domain flat name in the format.
|
|
|
|
|
|
|
|
|
| |
--removed duplicated test-io
--reusing library libsss_test_common in other tests
--cmocka test sss_nss_idmap-tests was moved to cmocka dir
--moved leak_check.c to libsss_test_common
--moved common_tev.c,common_dom.c to libsss_test_common
(leak_check.c,common_tev.c,common_dom.c) are test framework independent
|
|
|
|
|
|
| |
SSSD 1.10 and later will no longer support RHEL 5, so we should be
using the native hash algorithm on the newer versions of RPM by
default.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1785
nscd.conf file is now checked for the presence of caching settings for
databases controlled by SSSD. Syslog warning is now written only if NSCD
is running with interfering configuration or if configuration file
couldn't be loaded.
New configure option added to support non-standard locations
--with-nscd-conf=PATH (defaultly set to /etc/nscd.conf)
This is just a workaround until the following bugzilla is resolved:
https://bugzilla.redhat.com/show_bug.cgi?id=963908
|
|
|
|
|
|
| |
Preparation for the following patch which will include the nscd.c in the
monitor code due to newly introduced function for checking the nscd
configuration file.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1772
SAFEALIGN macros have been renamed in this patch to
make it easy to pick the right macro when data is copied
from byte buffer to a variable or vice versa.
The renamed macros are placed in new header file to
avoid code duplication (the old ones were defined in
two files, one for the client code and one for the rest
of sssd).
|