summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* fix upn cache_req for sub-domain usersSumit Bose2015-10-081-2/+7
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix ldb_search usageSumit Bose2015-10-081-8/+1
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: remove raw_name and do not touch orig_namePavel Březina2015-10-081-23/+29
| | | | | | | Parsed name or UPN is now stored in input->name instead of touching orig_name and storing the original name in raw_name. Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req tests: reduce code duplicationPavel Březina2015-10-081-1230/+394
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: add support for UPNPavel Březina2015-10-089-42/+674
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: provide extra flag for oob requestPavel Březina2015-10-081-5/+6
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* man: Note filter_groups are not affecting nestingNikolai Kondrashov2015-10-071-0/+8
| | | | | | | Note that the "filter_groups" option doesn't affect nested member inheritance, on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* man: Mention groups in filter_groups descriptionNikolai Kondrashov2015-10-071-5/+5
| | | | | | | | Mention groups (not only users) in the combined "filter_users"/"filter_groups" option description on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Consolidate connection list construction on ad_common.cJakub Hrozek2015-10-074-17/+71
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: Provide common connection list construction functionsJakub Hrozek2015-10-075-34/+80
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2810 Provides a new AD common function ad_ldap_conn_list() that creates a list of AD connection to use along with properties to avoid mistakes when manually constructing these lists. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Make whitespace_test pass without whitespaceNikolai Kondrashov2015-10-071-1/+6
| | | | | | | | | | Make whitespace_test pass if no trailing whitespace was detected at all. Add two comments explaining how searching and failure handling works. Fixes: https://fedorahosted.org/sssd/ticket/2816 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* DYNDNS: improve nsupdate_msg_add_fwd()Pavel Reichl2015-10-052-20/+316
| | | | | | | | | | | | | | | | | | | | | Update nsupdate_msg_add_fwd() to group commands by address family processed IP address belongs to. It's better to group removing old A addresses and adding new A addresses in a single transaction. Same goes for AAAA addresses. Separate transaction for A and AAAA addresses updates are important because server might block updates for one of these families and thus the update even for the non-blocked address family would unnecessarily fail. For more details please see: https://fedorahosted.org/sssd/wiki/DesignDocs/DDNSMessagesUpdate Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: use realm and server commands only as fallbackPavel Reichl2015-10-055-40/+35
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_override: amend man page - overrides do not stackPavel Reichl2015-10-041-2/+6
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* PROXY: fix minor memory leakPavel Reichl2015-10-021-2/+2
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: fix minor memory leakPavel Reichl2015-10-022-2/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: fix minor memory leakPavel Reichl2015-10-021-1/+1
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: fix minor memory leakPavel Reichl2015-10-021-2/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: Relax POSIX checkPavel Reichl2015-10-021-4/+6
| | | | | | | | | | | Relax the check on UID or GID just to check if at least one of them is present but do not require them to be positive numbers. Add requirement on objectclass attributes to be user or group to make check more reliable. Resolves: https://fedorahosted.org/sssd/ticket/2800
* MAN: proxy and krb5 are valid access control modulesJakub Hrozek2015-10-021-0/+10
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* MAN: Clarify pam_trusted_users option descriptionJakub Hrozek2015-10-021-5/+9
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* Add Catalan translation to LINGUASRobert Antoni Buj Gelonch2015-10-021-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss tools: improve option handlingPavel Březina2015-10-022-20/+30
| | | | | | | | | | | | The crash describe by ticket #2802 is caused by providing NULL options in popt and yet trying to iterate over them. Instead of simply testing for NULL this patch creates a new option table table merges several option tables together, thus improving and simplifying usage string. Resolves: https://fedorahosted.org/sssd/ticket/2802 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: only allow missing user name for certificate authenticationSumit Bose2015-10-022-3/+47
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2811 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sbus codegen tests: free ctxPavel Březina2015-10-021-0/+2
| | | | | | | | | | Memory context was not freed therefore we got stuck in tevent loop that mocks D-Bus. Resolves: https://fedorahosted.org/sssd/ticket/2759 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* HBAC: Better libhbac debuggingPetr Cech2015-10-014-2/+243
| | | | | | | | | | | | | Added support for logging via external log function. Log provides information about rules evaluating (HBAC_DBG_INFO level) and additionally can describe rules (HBAC_DBG_TRACE level). Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* TESTS: Fixing of uninitialized pointer.Petr Cech2015-10-011-1/+1
| | | | | | | | | | | | | | | There was a bug with uninitialized pointer during solving ticket 2703. More details: rules[0]->services->names[1] is initialized on line 361, but initializing of rules[0]->srchosts->names[1] was missing. Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* confdb: warn if memcache_timeout > than entry_cachePavel Reichl2015-09-301-0/+25
| | | | | | | | | | Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: add debug messages for netlogon get infoPavel Reichl2015-09-301-1/+4
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* Updating translations for the 1.13.1 releaseJakub Hrozek2015-09-3016-8043/+13684
|
* AD: inicialize root_domain_attrs fieldPavel Reichl2015-09-301-1/+2
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2805 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* test_pam_srv: Run cert test only with NSSLukas Slebodnik2015-09-301-0/+3
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* sysdb-tests: Use valid base64 encoded certificate for searchLukas Slebodnik2015-09-301-1/+1
| | | | | | | sh$ printf "ABC" | base64 -d base64: invalid input Reviewed-by: Michal Židek <mzidek@redhat.com>
* IFP: Suppress warning from static analyzerLukas Slebodnik2015-09-263-6/+6
| | | | | | | It seems that clang expected that errno can change to 0 in case of error. It might be a bug in static analyzer. But the workaround does not change the logic and the errno is read just once.
* CONFIGURE: Remove bashismLukas Slebodnik2015-09-262-2/+2
| | | | | | | | | | | | | | There were errors in configure script when /bin/sh was not bash ./configure: 15889: test: xfedora: unexpected operator ./configure: 19981: test: xyes: unexpected operator ./configure: 23103: test: x1: unexpected operator The equality operator "==" works in bash but it's not a standard. The man page test(1) also does not mention it. There is only short version "=" STRING1 = STRING2 the strings are equal
* IPA: Retry fetching keytab if IPA user lookup failsJakub Hrozek2015-09-232-14/+185
| | | | | | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Instead of calling ipa_get_ad_acct_send directly, call a new request ipa_srv_ad_acct_send. The new request wraps ipa_get_ad_acct_send and either tries to request a new keytab every time the lookup fails but the domain is online. be_mark_dom_offline() is called when the retry fails with the new code. The retry tries to re-setup the trusted domain. With two-way setups, the request is a no-op. With one-way trust setups, the request re-fetches new keytab unconditionally. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Also reset the server common data in addition to SRVJakub Hrozek2015-09-232-50/+142
| | | | | | | | | | | In a server that is expanded from a SRV query was reset, only it's 'meta-server' status was set to neutral, but the server->common structure still retained its not_working status. This patch also resets the status of the common structure so that both the SRV query and resolving the server are retried next time. Reviewed-by: Sumit Bose <sbose@redhat.com>
* FO: Add an API to reset all servers in a single serviceJakub Hrozek2015-09-234-10/+42
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Previously, we had a function that allowed the caller to reset the status of all services in the global fail over context. This patch adds a new function that allows the caller to reset a single service instead. The main user would be IPA subdomain provider that might need to reset the status of an AD trusted domain on demand. Reviewed-by: Sumit Bose <sbose@redhat.com>
* IPA: Change ipa_server_trust_add_send request to be reusable from ID codeJakub Hrozek2015-09-232-58/+75
| | | | | | | | | | | | | | Required for: https://fedorahosted.org/sssd/ticket/2639 Expose a request ipa_server_trusted_dom_setup_send that sets up a trusted domain. The setup might include actions like retrieving a keytab for one-way trusts. Creating the AD ID context for the trused domain is now done in the caller of this new request. Reviewed-by: Sumit Bose <sbose@redhat.com>
* tests: Set p11_child_timeout to 30 in testsMichal Židek2015-09-231-4/+31
| | | | | | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Add way to set pam specific options in pam_test_setup adn use it to set the p11_child_timeout value to 30. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: Make p11_child timeout configurableMichal Židek2015-09-235-25/+53
| | | | | | | | Ticket: https://fedorahosted.org/sssd/ticket/2773 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com>
* Fix memory leak in sssdpac_verify()Thomas Oulevey2015-09-231-0/+3
| | | | | | Resolves https://fedorahosted.org/sssd/ticket/2803 Reviewed-by: Sumit Bose <sbose@redhat.com>
* DYNDNS: Return right error code in case of failureLukas Slebodnik2015-09-231-0/+1
| | | | | | | | The variable will be zero if getifaddrs succeeds and therefore wrong error code will be returned in case of insufficient memory (talloc_zero failed) Reviewed-by: Pavel Reichl <preichl@redhat.com>
* DDNS: execute nsupdate for single update of PTR recPavel Reichl2015-09-224-72/+219
| | | | | | | | | | | nsupdate fails definitely if any of update request fails when GSSAPI is used. As tmp solution nsupdate is executed for each update. Resolves: https://fedorahosted.org/sssd/ticket/2783 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* IPA PROVIDER: Resolve nested netgroup membershipPetr Cech2015-09-221-10/+19
| | | | | | | | | | | | Informations about usergroup membership are stored in memberOf attribute. And informations about hostgroup membership are stored in originalMemberOf. This patch add appropriate memberOf attributes for searching in. Ticket: https://fedorahosted.org/sssd/ticket/2275 Reviewed-by: Sumit Bose <sbose@redhat.com>
* LDAP: Filter out multiple entries when searching overlapping domainsJakub Hrozek2015-09-225-20/+302
| | | | | | | | | | In case domain overlap, we might download multiple objects. To avoid saving them all, we attempt to filter out the objects from foreign domains. We can only do this optimization for non-wildcard lookups. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: Move sdap_create_search_base from ldap to sdap codeJakub Hrozek2015-09-224-70/+68
| | | | | | | | The function shouldn't be placed in the LDAP tree, but in the SDAP tree to make it usable from tests without linking to libraries that are normally linked from LDAP provider (such as confdb) Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Move named_domain from test_utils to common test codeJakub Hrozek2015-09-224-34/+26
| | | | | | This handy function should be reused by other parts of the code. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* LDAP: imposing sizelimit=1 for single-entry searches breaks overlapping domainsJakub Hrozek2015-09-222-13/+0
| | | | | | | | | | | | | | | | | | | https://fedorahosted.org/sssd/ticket/2723 In case there are overlapping sdap domains, a search for a single user might match and return multiple entries. For instance, with AD domains represented by search bases: DC=win,DC=trust,DC=test DC=child,DC=win,DC=trust,DC=test A search for user from win.trust.test would be based at: DC=win,DC=trust,DC=test but would match both search bases and return both users. Instead of performing complex filtering, just save both users. The responder would select the entry that matches the user's search. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: remove -d from manpagePavel Březina2015-09-211-1/+1
| | | | | | Short version of --debug is not acepted. Reviewed-by: Pavel Reichl <preichl@redhat.com>
generated by cgit (git 2.34.1) at 2025-09-26 01:48:55 +0000