| Commit message (Collapse) | Author | Age | Files | Lines |
... | |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG* macro invocations, which use literal
numbers for levels, to use bitmask macros instead:
grep -rl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e 'use strict;
use File::Slurp;
my @map=qw"
SSSDBG_FATAL_FAILURE
SSSDBG_CRIT_FAILURE
SSSDBG_OP_FAILURE
SSSDBG_MINOR_FAILURE
SSSDBG_CONF_SETTINGS
SSSDBG_FUNC_DATA
SSSDBG_TRACE_FUNC
SSSDBG_TRACE_LIBS
SSSDBG_TRACE_INTERNAL
SSSDBG_TRACE_ALL
";
my $text=read_file(\*STDIN);
my $repl;
$text=~s/
^
(
.*
\b
(DEBUG|DEBUG_PAM_DATA|DEBUG_GR_MEM)
\s*
\(\s*
)(
[0-9]
)(
\s*,
)
(
\s*
)
(
.*
)
$
/
$repl = $1.$map[$3].$4.$5.$6,
length($repl) <= 80
? $repl
: $1.$map[$3].$4."\n".(" " x length($1)).$6
/xmge;
print $text;
' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use a script to update DEBUG macro invocations to use it as a variadic
macro, supplying format string and its arguments directly, instead of
wrapping them in parens.
This script was used to update the code:
grep -rwl --include '*.[hc]' DEBUG . |
while read f; do
mv "$f"{,.orig}
perl -e \
'use strict;
use File::Slurp;
my $text=read_file(\*STDIN);
$text=~s#(\bDEBUG\s*\([^(]+)\((.*?)\)\s*\)\s*;#$1$2);#gs;
print $text;' < "$f.orig" > "$f"
rm "$f.orig"
done
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
strptime() which is used to parse LDAP time value does not initialize
all fields of tm structure (especially tm_isdst). This results in
random behavior - when the tm is converted into timestamp via mktime(),
the result depends on current value of tm_isdst.
Resolves:
https://fedorahosted.org/sssd/ticket/2213
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2160
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
The patch makes sure that a completely lower-cased version of a fully
qualified name is used for case insensitive searches. Currently there
are code paths where the domain name was used as configured and was not
lower-cased.
To make sure this patch does not break with old entries in the cache or
case sensitive domains a third template was added to the related filters
templates which is either filled with a completely lower-cased version or
with the old version. The other two template values are unchanged.
|
| |
|
|
|
|
|
| |
else-if statement is checking for condition which is handled by previous if
statement.
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
sysdb_add_user fails with EIO if enumeration is disabled and user contains
backslashes.
We try to remove ghost attributes from groups with disabled enumeration,
but unsanitized filter is used to find ghost attributes
"(|(ghost=usr\\\\002)" and ldb cannot parse this filter.
Resolves:
https://fedorahosted.org/sssd/ticket/2163
|
|
|
|
|
|
|
|
|
|
| |
sysdb_delete_user fails with EIO if user does not exist and contains
backslashes.
ldb could not parse filter (&(objectclass=group)(ghost=usr\\\\001)),
because ghost value was not sanitized
Resolves:
https://fedorahosted.org/sssd/ticket/2163
|
|
|
|
|
|
|
| |
We use '_' as prefix for output parameters. In function
sysdb_get_rdn we wrongly used this prefix for input
parameter, which caused some confusion when reading
the code.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
It was not easy find out why netgroup could not be covert into result entries.
Problem was that nisNetgroupTriple contained unexpected string "(,user01)"
This patch will ignore only malformed attribute and processing of netgroup
will not fail.
Resolves:
https://fedorahosted.org/sssd/ticket/2137
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Moved unused functions and merged ipa_selinux_common.c into
ipa_selinux.c
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
A bad comparison resulted in the sysdb_sudo_check_time() function
always printing a debug message saying that the time matched.
Resolves:
Coverity Issue #12031
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2100
|
|
|
|
|
| |
In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of
the forest must be known for a member domain of the forest.
|
|
|
|
|
|
|
|
|
| |
We need to work with distinguish names when processing
cross-domain membership, because groups and users may
be stored in different sysdb tree.
Resolves:
https://fedorahosted.org/sssd/ticket/2066
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the returned TGT contains a different user principal name (upn) than
used in the request, i.e. the upn was canonicalized, we currently save
it to sysdb into the same attribute where the upn coming from an LDAP
server is stored as well. This means the canonical upn might be
overwritten when the user data is re-read from the LDAP server.
To avoid this this patch add a new attribute to sysdb where the
canonical upn is stored and makes sure it is used when available.
Fixes https://fedorahosted.org/sssd/ticket/2060
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
The enumerate flag will be read from the cache for subdomains and
the domain object will be created accordingly.
|
| |
|
|
|
|
| |
The parameter was not used at all.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When IPA trusts an AD domain the AD user or groups can be placed into
IPA groups e.g. to put AD users under the control of HBAC. Since IPA
group can only have members from the IPA directory tree and the AD users
and groups are not stored there a special IPA object called external
group was introduced. SIDs of users and groups can be added to the
external group and since the external groups are in the IPA directory
tree they can be member of IPA groups.
To speed things up and to remove some load from the IPA servers SSSD
reads all external groups and stores them in memory for some time before
rereading the data.
Enhances https://fedorahosted.org/sssd/ticket/1962
|
|
|
|
|
|
| |
During initgroups request we read the SID of a group from the server but
do not save it to the cache. This patch fixes this and might help to
avoid an additional lookup of the SID later.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In some cases when MPG domains are used the information about the
original primary group of a user cannot be determined by looking at
the explicit group memberships. In those cases the GID related to the
original primary group is stored in a special attribute of the user
object.
This patch adds the GID of the original primary group when available and
needed.
Fixes https://fedorahosted.org/sssd/ticket/2027
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If ID mapping is enabled we use magic private groups (MPG) for
subdomains, i.e. the UID and the primary GID of the user will have the
same numerical value. As a consequence the information about the
original primary group might get lost because neither in AD domains nor
on a typical UNIX system the user is an explicit member of it's primary
group.
With this patch the mapped GID or the original primary group is saved in
the cached user object under a new attribute.
Fixes https://fedorahosted.org/sssd/ticket/2027
|