| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Previously, it assumed that all members were users. This changes
the interface so that either a user or a group can be specified.
|
| |
|
|
| |
Useful for optimizing the initgroups operation.
|
| |
|
|
|
|
|
|
| |
This function will take a user, a list of groups that this user
should be added to and a list of groups the user should be removed
from and will recursively call sysdb_[add|remove]_group_member
Includes a unit test
|
| |
|
|
| |
Includes a unit test
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/542
|
| |
|
|
| |
Fixes: #535
|
| |
|
|
|
|
|
| |
If the configuration option krb5_store_password_if_offline is set to
true and the backend is offline the plain text user password is stored
and used to request a TGT if the backend becomes online. If available
the Linux kernel key retention service is used.
|
| |
|
|
|
|
|
|
|
|
| |
RFC 2782 defines a way to sort replies to a SRV query. In short, the
algorithm sorts all replies by priority and then does a weight-based
selection for every priority level.
For details, please see the sections "Usage rules" for overview of the
algorithm and section "The 'Weight' field" for description on the weight
selection.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a small window between running lstat() on a filename and
opening it where it's possible for the file to have been modified.
We were protecting against this by saving the stat data from the
original file and verifying that it was the same file (by device
and inode) when we opened it again, but this is an imperfect
solution, as it is still possible for an attacker to modify the
permissions during this window.
It is much better to simply open the file and test on the active
file descriptor.
Resolves https://fedorahosted.org/sssd/ticket/425 incidentally, as
without the initial lstat, we are implicitly accepting symlinks
and only verifying the target file.
|
| | |
|
| | |
|
| |
|
|
|
| |
tests/common.c is now required by all tests (check-based and not),
so we need to properly ifdef it
|
| |
|
|
|
|
|
| |
As with krb5_ccname_template sequences like %u can be used in the
krb5_ccachedir parameter which are expanded at runtime. If the directory
does not exist, it will be created. Depending on the used sequences it
is created as a public or private directory.
|
| | |
|
| |
|
|
|
|
| |
One of our resolv tests tries to resolve a nonexistent hostname. Do not
run this test unless we are explicitly told that a network connection
is available (-n). Also do not automatically resolving localhost.
|
| |
|
|
|
|
| |
Logs from confdb with missing '\n' in the DEBUG statements annoyed me so
I decided to fix them. I also made a quick grep through the code and
found other places so I fixed them too.
|
| |
|
|
|
|
| |
All 'make check' tests will chdir() into this directory before
running the suite. This provides the option of having temporary
files generated in a tmpfs or ramdisk
|
| | |
|
| |
|
|
|
|
|
| |
Adds a new option that tells resolver which address family to prefer or
use exclusively.
Fixes: #404
|
| | |
|
| | |
|
|
|
Also update BUILD.txt
|
