| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes an issue which resulted in a need to initialize
responder with data from local domain, otherwise it would not correctly
detect requests for subdomains. Similar situation can occur if new
subdomain is added at runtime.
The solution is to ask for a list of subdomains in case there is a
candidate domain identified in the process of matching re_expressions
with given name.
|
|
|
|
|
|
|
|
|
|
|
| |
* Allows different user/domain qualified names for different
domains. For example Domain\User or user@domain.
* The global re_expression and full_name_format options remain
as defaults for the domains.
* Subdomains get the re_expression and full_name_format of
their parent domain.
https://bugzilla.redhat.com/show_bug.cgi?id=811663
|
| |
|
|
|
|
|
|
|
|
|
| |
Since there are two attributes storing information about user
memberships of the group we have to include both of them in results.
This will apply only for objects that have ghost members (i.e. they
contain the SYSDB_GHOST attribute). If an object has this attribute,
values of this attribute are not projected to the memberuid attribute.
|
| |
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1329
|
|
|
|
|
|
|
| |
This option will allow administrators to set a default shell to be
used if a user does not have one set in the identity provider.
https://fedorahosted.org/sssd/ticket/1289
|
|
|
|
|
|
|
|
| |
This option is similar to override_homedir, except that it will
take effect only for users that do not have an explicit home
directory specified in LDAP.
https://fedorahosted.org/sssd/ticket/1250
|
| |
|
| |
|
|
|
|
|
|
|
|
|
| |
Do not let nss_cmd_initgroups_search() return data itself, but let the
caller return data. This is more intuitive and more consistent with the
rest of the nss_cmd_*_search() functions.
Also fixes a typo - nss_cmd_initgroups_cb used to call getpw_send_reply
instead of initgr_send_reply.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1312
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Now it checks for subdomains as well as for the domain itself
|
| |
|
| |
|
| |
|
| |
|
|
|
|
| |
Coverity #12526
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1189
|
| |
|
|
|
|
|
|
| |
Also adds some more debugging and fixes a code style issue.
https://fedorahosted.org/sssd/ticket/1182
|
| |
|
|
|
|
|
| |
Makes the setent_add_ref() and setent_notify_*() functions more generic
to be reusable by the autofs responder.
|
|
|
|
| |
The common function could be reused in new responders
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The conversion to the tevent_req style introduced numerous bugs
related to memory management of the various client requests. In
some circumstances, this could cause memory corruption and
segmentation faults in the NSS responder. This patch makes the
following changes:
1) Rename the internal lookup from subreq to sidereq, to indicate
that it is not a sub-request of the current lookup (and therefore
is not cancelled if the current request is).
2) Change the handling of the callback loops since they call
tevent_req_[done|error], which results in them being freed (and
therefore removed from the cb_list. This was the source of the
memory corruption that would occasionally result in dereferencing
an unreadable request.
3) Remove the unnecessary sss_dp_get_account_int_recv() function
and change sss_dp_get_account_done() so that it only frees the
sidereq. All of the waiting processes have already been signaled
with the final results from sss_dp_get_account_int_done()
|
|
|
|
|
|
|
| |
Some NSS maps such as 'services' require more values to be passed
to the data provider than just the name or ID. In these cases, we
will amend an optional component to filter value to pass to the
data provider backend.
|
| |
|
| |
|
|
|
|
|
| |
the sized_string structure makes it easier to keep track of string lengths
and makes passing around data more compat and readable.
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Glib fails if the NULL-terminator is included when a length is
specified.
|
| |
|
| |
|
|
|
|
|
| |
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/954
|
|
|
|
|
|
|
|
| |
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|