| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
W:438,17: Unused variable 'gids' (unused-variable)
W:438,10: Unused variable 'errno' (unused-variable)
E:618,31: Undefined variable 'user' (undefined-variable)
W:443,17: Unused variable 'gids' (unused-variable)
W:443,10: Unused variable 'errno' (unused-variable)
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
The 'as' syntax works from Python 2 on, and Python 3
dropped the "comma" syntax.
Reviewed-by: Christian Heimes <cheimes@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Enum member SDAP_CACHE_PURGE_TIMEOUT has counter-intuitive name as it's used
to access 'ldap_purge_cache_timeout' option.
SDAP_CACHE_PURGE_TIMEOUT is more fitting name.
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
| |
Resolves: https://fedorahosted.org/sssd/ticket/2711
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Objects doesn't have to have overrideDN specified when using LOCAL view.
Since the view is not stored on the server we do not want to contact
LDAP therefore we special case LOCAL view saying that it is OK that
this attribute is missing.
Preparation for:
https://fedorahosted.org/sssd/ticket/2584
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2731
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Workaround for:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
When dyndns_iface option was not used, address of connection to LDAP
was used. This patch proposes following change:
* Interface containing address of connection is found.
* All A and AAAA addresses of this interface are collected.
* Collected addresses are sent during DDNS update.
* Function sss_iface_addr_add() is removed.
Resolves:
https://fedorahosted.org/sssd/ticket/2558
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2558
|
|
|
|
|
|
|
| |
If none of eligible interfaces matches ifname then ENOENT is returned.
Resolves:
https://fedorahosted.org/sssd/ticket/2549
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently in the default configuration
nss_check_name_of_well_known_sid() can only split fully-qualified names
in the user@domain.name style. DOM\user style names will cause an error
and terminate the whole request.
With this patch both styles can be handled by default, additionally if
the name could not be split nss_check_name_of_well_known_sid() returns
ENOENT which can be handled more gracefully by the caller.
Resolves https://fedorahosted.org/sssd/ticket/2717
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2553
In order to support wildcard request, we need to introduce an optionally
relaxed version of sss_filter_sanitize that allows to select which
characters are exempt from sanitizing.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2553
Adds two new functions to the cache_req API:
- cache_req_user_by_filter_send
- cache_req_group_by_filter_send
These functions can be used to retrieve users or groups that match a
specified filter.
Also renames a variable to avoid constant confusion -- the variable is
only used for debug output.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
filter
Related:
https://fedorahosted.org/sssd/ticket/2553
Adds new sysdb function:
- sysdb_enumpwent_filter
- sysdb_enumpwent_filter_with_views
- sysdb_enumgrent_filter
- sysdb_enumgrent_filter_with_views
These are similar to enumeration functions, but optionally allow to
specify a filter to be applied on user/group names. Also an additional
custom filter can be applied.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Avoids code duplication
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
pam_helpers.h had to be included after util.h.
Removed exara empty line.
Fixed code alignment
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2701
Previously, only the krb5 provides used to queue requests, which
resulted in concurrent authentication requests stepping on one another.
This patch queues requests by default.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
It seems that gcc did some optimization and
used execve instead of execle when the code was
instrumented for coverage analysis.
So the exec* function was not wrapped and it tried to call
real binary ipa-getkeytab
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2596
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
For one-way trusts we can assume that AD domain is the same as the
Kerberis realm. On the other hand, SASL realm and keytab path are
specified, unlike two-way trusts that use the system keytab.
Includes a unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Removed code duplication. Amends unit test to make sure we don't
regress.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Make the function reusable and add a simple unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2638
Better reflects what's going on in the function. Also adds a unit test.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Uses the ipa-getkeytab call to retrieve keytabs for one-way trust
relationships.
https://fedorahosted.org/sssd/ticket/2636
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|