| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function sysdb_attrs_get_el can enlarge array of ldb_message_element in "struct
sysdb_attrs" if attribute is not among available attributes. Array will be
enlarged with function talloc_realloc but realloc can move array to another
place in memory therefore ldb_message_element should not be used after next
call of function sysdb_attrs_get_el
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_USER, &user_found);
sysdb_attrs_get_el(netgroup, SYSDB_ORIG_MEMBER_HOST, &host_found);
With netgroups, it is common to omit user or host from netgroup triple.
There is very high probability that realloc will be called. it is possible
pointer user_found can refer to the old area after the second call of function
sysdb_attrs_get_el.
Resolves:
https://fedorahosted.org/sssd/ticket/2284
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit c048657aa2fbb246b5dc199ef6101bfd6e5eeaea)
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
Previously an sdap_id_ctx was always tied to one domain with a single
set of search bases. But with the introduction of Global Catalog
lookups, primary domain and subdomains might have different search
bases.
This patch introduces a new structure sdap_domain that contains an sssd
domain or subdomain and a set of search bases. With this patch, there is
only one sdap_domain that describes the primary domain.
|
| | |
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1519
IPA host refactoring changed mapping of memberOf attribute
which caused SSSD being unable to retrieve membership of
hostgroup when being interpreted as netgroup.
|
| |
|
|
|
| |
This patch adds support for filtering attributes when constructing
attribute list from a map for LDAP query.
|
| |
|
|
|
|
|
| |
This is necessary because in several places in the code, we are
appending to the attrs returned from this value, and if we relied
on the map size macro, we would be appending after the NULL
terminator if one or more attributes were defined as NULL.
|
| |
|
|
| |
If the code fell through the loop, ret would have been random value.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1136
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
The paging control can cause issues on servers that put limits on
how many paging controls can be active at one time (on some
servers, it is limited to one per connection). We need to reduce
our usage so that we only activate the paging control when making
a request that may return an arbitrary number of results.
https://fedorahosted.org/sssd/ticket/1202 phase one
|
| |
|
|
|
| |
This issue led to a netgroup with one triple (-,-,domain) when it
contained no triples on the IPA server.
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1016
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1152
|
| | |
|
| |
|
|
|
|
|
| |
DEBUG message can print an unitialized value if the first netgroup
has no members.
Coverity 12382
|
| |
|
|
|
|
|
|
| |
In case IPA netgroup had indirect member hosts, they wouldn't be
detected.
This patch also modifies debug messages for easier debugging in the
future.
|
| | |
|
| | |
|
| |
|
