| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
| |
The domain was already marked as enumerated using sysdb_set_enumerated
in the enumeration request itself.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1568
|
|
|
|
|
| |
sdap_get_ad_tokengroups_initgroups is split into more parts so
it can be reused later.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The group memberships cannot be reliable retrieved from the Global
Catalog. By default the memberOf attribute is not replicated to the GC
at all and the member attribute is copied from the local LDAP instance
to the GC running on the same host, but is only replicated to other GC
instances for groups with universal scope. Additionally the tokenGroups
attribute contains invalid SIDs when used with the GC for users from a
different domains than the GC belongs to.
As a result the requests which tries to resolve group-memberships of a
AD user have to go to a LDAP server from the domain of the user.
Fixes https://fedorahosted.org/sssd/ticket/2161 and
https://fedorahosted.org/sssd/ticket/2148 as a side-effect.
|
|
|
|
| |
pac responder was not properly detected with krb5 1.12 library
|
|
|
|
|
|
|
|
| |
Properly align buffer address to sizeof(char *) when storing
pointers to strings.
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
|
|
|
|
|
|
|
| |
struct nss_cmd_ctx was not released in function nss_cmd_setnetgrent_done
and it wasn't used in the other function, because getnetgrent creates its own
nss_cmd_ctx context. struct nss_cmd_ctx was released after closing client
because it was allocated under client context. Memory leak is apparent with
long living clients.
Resolves:
https://fedorahosted.org/sssd/ticket/2170
|
|
|
|
|
|
|
|
|
|
| |
If Data Provider was unable to refresh the subdomain list, the
sss_domain_info->subdomains list was NULL. Which meant that no DP
request matched any known domain and hence offline authentication was
not working correctly.
Resolves:
https://fedorahosted.org/sssd/ticket/2168
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
|
| |
If primary servers lookup failed, dns_domain is not set.
Resolves:
https://fedorahosted.org/sssd/ticket/2173
|
|
|
|
|
| |
If there are multiple members in the sdom list, always the search base
of the first entry were used.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2162
|
|
|
|
| |
In case *mt_svc_restart* event can't be created free *svc* directly.
|
|
|
|
|
|
| |
After freeing *svc* return immediately instead of creating event operating on
*svc* (use-after-free). Also check tevent_add_timer failure and remove unused
sigkill_ev variable.
|
|
|
|
|
|
| |
*monitor_kill_service* may create timed event which operates on *svc* and
therefore *svc* should not be freed right after call of *monitor_kill_sercice*.
*svc* is supposed to be freed by *mt_svc_restart*.
|
|
|
|
|
|
|
| |
Output from init scripts should go to a file (ideally in
/var/log directory) instead of stderr.
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
|
|
|
|
|
|
|
| |
Allow sssd to use the xdm wrapper so login managers can
use sssd to authenticate users.
Signed-off-by: Markos Chandras <hwoarang@gentoo.org>
|
| |
|
| |
|
|
|
|
|
| |
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
|
| |
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
|
|
|
|
|
|
| |
Unit test testing detection of the right domain when processing group with members from several domains
Resolves:
https://fedorahosted.org/sssd/ticket/2132
|
|
|
|
|
|
|
| |
A bit more elegant way of detection of what domain the group member belongs to
Resolves:
https://fedorahosted.org/sssd/ticket/2132
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1096
In case the KDC has skewed time, we can retry with the next one and
eventually go offline if no KDC has time in sync with the client.
Previously, authentication with wrong time resulted in System Error.
|
|
|
|
|
|
|
|
|
|
|
| |
sysdb_add_user fails with EIO if enumeration is disabled and user contains
backslashes.
We try to remove ghost attributes from groups with disabled enumeration,
but unsanitized filter is used to find ghost attributes
"(|(ghost=usr\\\\002)" and ldb cannot parse this filter.
Resolves:
https://fedorahosted.org/sssd/ticket/2163
|
|
|
|
|
|
|
|
|
|
| |
sysdb_delete_user fails with EIO if user does not exist and contains
backslashes.
ldb could not parse filter (&(objectclass=group)(ghost=usr\\\\001)),
because ghost value was not sanitized
Resolves:
https://fedorahosted.org/sssd/ticket/2163
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|