| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1818
I have here a LDAP user entry which has this attribute
loginAllowedTimeMap::
AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA
In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)
Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.
The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.
|
|
|
|
|
|
|
|
| |
Currently only the LDB error code indicating that an entry already
exists is translated to EEXIST. To make debugging easier and return a
better indication of the reason for an error in the logs this patch
translates the LDB error code for an already existing attribute or value
to EEXIST as well.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1674
|
|
|
|
|
|
|
| |
In subdomains we have to use fully qualified usernames.
Unfortunately we have no other good option than simply removing
caches for users of subdomains.
This is because the memberof plugin does not support the rename operation.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1589
Added check for determining, whether database version is higher or
lower than expected. To distinguish it from other errors it uses
following retun values (further used for appropriate error message):
EMEDIUMTYPE for lower version than expected
EUCLEAN for higher version than expected
When SSSD or one of it's tools fails on DB version mismatch, new error
message is showed suggesting how to proceed.
|
|
|
|
|
| |
Add a help function which returns the ldb_dn object for the base dn of
the cache.
|
| |
|
|
|
|
|
| |
The domain can be read from the sysdb object. Removing the domain string
makes the API more self-contained.
|
| |
|
| |
|
|
|
|
| |
Also rename it to sysdb_attrs_get_el_ext()
|
| |
|
| |
|
|
|
|
|
| |
This function copies all values from one sysdb_attrs structure to
another
|
|
|
|
|
|
|
|
|
|
|
|
| |
It is remotely possible to have sysdb in an inconsistent state that
might need upgrade. Consider scenario when user asks for group
information. Some fake users are added as a part of this operation.
Before users can be fully resolved and stored properly, SSSD is shut
down and upgrade is performed.
In this case we need to go over all fake user records (uidNumber=0) and
replace each of them with ghost record in all group objects that are stated in
its memberof attribute.
|
|
|
|
|
| |
In addition to testing the number of elements, also check the return
value of sysdb_attrs_get_el.
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1253
|
| |
|
| |
|
|
|
|
|
| |
Most of the the searches in the Sudo responder include the sudoUser
attribute. Indexing it will make the responder faster.
|
| |
|
| |
|
|
|
|
| |
Coverity 12480
|
| |
|
| |
|
|
|
|
| |
It will be reused later in the sudo responder
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1013
|
| |
|
|
|
|
|
|
| |
match RDN
https://fedorahosted.org/sssd/ticket/926
|
|
|
|
|
|
| |
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
|
|
|
| |
The patch also updates code using modified functions. Tests have also
been adjusted.
|
| |
|
| |
|
|
|
|
| |
tmp_ctx is a child of ctx.
|
| |
|
|
|
|
| |
ldb_dn_new_fmt() has a bug and cannot take a NULL memory context
|
| |
|
|
|
|
| |
Also create a routine to initialize it
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/808
|
|
|
|
|
| |
If we change any of the special entries such as indexes or plugins,
we need to close and reopen the LDB to ensure that they take effect.
|
|
|
|
|
|
| |
Previously, if we were upgrading from version 0.4 or older, we
would only run sysdb_upgrade_04() and exit, instead of also
running sysdb_upgrade_05()
|
| |
|
| |
|