| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This is WIP patch to unify format of
usernames and groupnames in sssd internals.
In current form it breaks just about everything.
The sysdb update function is just placeholder
and it's contents are irelevant.
Currently I am working on fqname attribute
removal because it seems to just add confusion.
If you decide to look into the code, please use
sunglasses or other other protective gear and play
some calm music in your backgroun to prevent
eye or brain injury.
|
|
|
|
|
|
|
|
| |
We would previously only print the generic warning, not the
user-supplied error message.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Since originalMemerberOf is not mapped directly to an original attribute
and is handled specially it is not automatically removed if there is no
memberOf in the original object anymore. This patch put
originalMemerberOf on the list of attribute which should be removed in
that case.
Resolves https://fedorahosted.org/sssd/ticket/2917
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2765
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2910
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2910
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2899
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
It may be NULL in _send if SSSD has not been connected to LDAP so far.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
So we compare proper data types.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
It is not used anywhere anyway.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2672
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
USN value should be always known now if at least one full refresh
was successful.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Preparation for:
https://fedorahosted.org/sssd/ticket/2672
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Reduce code duplication.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
The old search base iterator was difficult to read since its logic
spread through all functions. This patch also shorten names.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
This fix huge violation of tevent coding style.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Rearrage and rename functions in sdap_async_sudo.c to obey
tevent style and improve readability.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Adds missing sdap_id_op_done call and retry logic.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
This patch removes state->error and uses only ret instead since
state->error was only duplication anyway.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
We let sdap_id_op decide if we are offline or not here but we
should not get to this code since ptask is disabled and we will
not get through sudo handler if offline.
This simplyfies the code and make it more similar to other providers.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
sdap_sudo.c will contain only initialization and handlers.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes old sudo timer and simplyfies code a lot. It also
allows to manage offline/online state.
- Full and smart refresh are disabled when offline.
- Full refresh is run immediately when sssd is back online.
- Smart refresh is scheduled normally when sssd is back online.
Resolves:
https://fedorahosted.org/sssd/ticket/1943
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch adds debug message that inform user when KRB5_CHILD calls
PAC responder. This action might take a bit of time in case the cache
is not populated or up to date.
Resolves:
https://fedorahosted.org/sssd/ticket/2846
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Function get_object_from_cache() does not handle services.
This patch adds quick shortcut to avoid sending an LDAP query
to cache.
Resolves:
https://fedorahosted.org/sssd/ticket/2747
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2830
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Instead of setting the three same variables over again, add a structure
be_sbus_reply_data with a default initializer BE_SBUS_REPLY_DATA_INIT.
The handlers can then set the structure to BE_SBUS_REPLY_DATA_INIT on
declaration or set a particular value with be_sbus_reply_data_set.
The handler can also reply to the message (typically on failure state)
with be_sbus_req_reply_data()
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
Instead of calling sbus_request_return_and_finish() directly with the
same checks copied over, add a be_sbus_reply() helper instead.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2866
If the LDAP connection is still established when the client moves
offline, we rely on the search timeout to find out the client is
offline. The override search used the enum timeout defaults to 60 seconds.
That caused too long delays in going offline.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If a fo_resolve_service callback would modify the server->common member
in any way, for example by dereferencing the server and lowering the
refcount to 0, which would free the common structure, then the next
iteration of fo_resolve_service_done would access memory that was
already gone.
Please see
https://tevent.samba.org/group__tevent__request.html#ga09373077d0b39e321a196a86bfebf280
for more details.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2866
This would help users who authenticate to AD trust servers while offline
and see error messages such as:
[get_and_save_tgt] (0x0020): 996: [-1765328230][Cannot find KDC for realm "AD.EXAMPLE.COM"]
in the krb5_child.log
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
| |
The error itself doesn't matter that much, because pam_sss.so handles
all preauth errors gracefully already, but the issue triggered a loud
and confusing debug message in the logs.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2868
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2868
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1632
Adds the possibility to configure:
autofs_provider = ad
The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is
different (at the moment) from using autofs_provider=ldap with
ldap_schema=ad.
Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
belonging to a domain controller.
Resolves:
https://fedorahosted.org/sssd/ticket/2870
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If the user name of a AD user is overridden with the name itself in an
IPA override object SSSD adds this name twice to the alias list causing
an ldb error when trying to write the user object to the cache. As a
result the user is not available.
This patch makes sure that there are no duplicated alias names.
Resolves https://fedorahosted.org/sssd/ticket/2874
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2861
Messages passed from Data Provider to responder must be valid UTF-8
strings. Because providers might not be completely under our control,
we need to check if the messages we receive are valid UTF-8 and if they
are not, use a fallback.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2861
All back end requests were using pam_strerror() to print additional info
about why request failed. Since pam_strerror() returns localized message
and we don't know the locale beforehand, this message failed to be
transferred through D-Bus, resulting in a crash.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
This debug message is mostly a left over from development and doesn't
give us any useful information. It is just annoying in the logs.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
It could be unitialized only in case if we add new enum be_ptask_schedule
Currently, we have only BE_PTASK_SCHEDULE_FROM_NOW and
BE_PTASK_SCHEDULE_FROM_LAST which are properly covered in switch case.
src/providers/dp_ptask.c:200: warning: ‘tv’ may be used uninitialized in this function
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|