| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
| |
This completely replaces the per-ccache-type custom code to remove old cacches
and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as
the user owner.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
| |
|
|
|
|
|
|
|
|
|
| |
This function safely destroy a ccache given a cache name and user crdentials.
It becomes the user so no possible races can compromise the system, then
uses libkrb5 functions to properly destroy a ccache, independently of the
cache type.
Finally restores the original credentials after closing the ccache handlers.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
| |
|
|
|
|
|
|
| |
In some cases we want to temporarily assume user credentials but allow the
process to regain back the original credentials (normally regaining uid 0).
Related:
https://fedorahosted.org/sssd/ticket/2061
|
| |
|
|
|
| |
This tests dlopens and resolves all symbols to make sure there are no missing
symbols in our provider modules.
|
| |
|
|
|
|
|
|
|
| |
We checked only header file "sys/inotify" for detection whether inotify
works. Some platforms do not have built in inotify, but contain library,
which provides inotify-compatible interface.
This patch adds more robust detection of inotify in configuration time and
appends linker flags to Makefile if inotify is provided by library.
|
| |
|
|
|
|
|
|
| |
We used pkg-config only as a fallback if header files was not found,
but detection of library failed in case of available header file and
linking problem (missing -Ldir).
This patch prefers pkg-config.
|
| |
|
|
|
| |
We check whether HAVE_INTPTR_T is defined in definition of macro
discard_const_p, but autootols macro AC_CHECK_TYPE did not generate it.
|
| |
|
|
|
|
|
|
|
| |
If $libdir is not in default library path libunistring cannot be
found. (pkg-config can not be used in this case).
This patch helps to search libunistring in "$libdir" directory.
In refactoring part, indentation was updated to be more readable
and some duplicated parts were removed.
|
| | |
|
| |
|
|
|
| |
AC_MSG_RESULT was not used everywhere after AC_MSG_CHECKING.
Therefore two lines from configure output was mixed in some cases.
|
| |
|
|
|
| |
Detect directory with python libraries and add this
directory to the list of directories to be searched for linker.
|
| |
|
|
|
|
|
|
|
|
|
| |
It is not very likely, that record will have the same hash1 and hash2, but it
is possible. In this situation, it does not make sense to remove record twice.
Function sss_mc_rm_rec_from_chain was not robust and sssd_nss could crash
in this situation. It was only possible if record was alone in chain.
Resolves:
https://fedorahosted.org/sssd/ticket/2049
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Recently support was added to use also libkrb5 style expansions that
uses a %{varname} type of template.
There are a number of templates we do not care/can't expand in sssd.
The current code misses tests and failed to properly preserve some of
the templates we do not want to handle.
Addiotionally in order to be future proof this patch treats unknown
templates as pass-through templates and defer any error checking to
libkrb5, so that sssd is consistent with how kinit would behave.
Resolves:
https://fedorahosted.org/sssd/ticket/2076
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2063
|
| | |
|
| |
|
|
|
| |
Replace incorrect reference to "sssd-krb5.conf" manpage with the correct
"sssd-krb5" in sssd_krb5_locator_plugin man page source.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/2001
|
| | |
|
| |
|
|
|
| |
This will give SRV plugins all information needed for additional
sorting.
|
| | |
|
| |
|
|
|
| |
The new SAFEALIGN macros name turned to be inappropriate because
they do not reflect what the macros really do.
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
| |
src/providers/krb5/krb5_utils.c:193: warning: declaration of 'rewind' shadows a
global declaration
/usr/include/stdio.h:754: warning: shadowed declaration is here
|
| |
|
|
|
|
|
| |
It is better to use standard constant for maximum value of type size_t,
instead of reinventing wheel with own defined constant SIZE_T_MAX
This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
|
| | |
|
| |
|
|
|
| |
If the user's GECOS as returned by the proxied module is an empty string
(as opposed to NULL), the ldb transaction would error out.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
struct hbac_eval_req is defined in header file and it has attribute
request_time with type time_t, but header file "time.h" was not included.
It was not problem, because time.h was indirectly included by stdlib.h
(stdlib.h -> sys/types.h -> time.h) in implementation files,
but other platforms can have other dependencies among header files.
|
| | |
|
| |
|
|
|
|
|
| |
We use constant AF_INET6 in util.c, but we do not explicitly include header
file sys/socket.h. This header file was indirectly incuded by another header
file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can
have other dependencies among header files.
|
| |
|
|
|
|
|
| |
Function monitor_config_file_fallback was defined inside of conditional
block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block.
This patch move declaration of function before start of conditional build
section.
|
| |
|
|
|
|
| |
last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.
|
| |
|
|
|
|
| |
Some platform have header file endian.h and anothers have sys/endian.h.
We nedd to use conditional build to handle it correctly, therefore new header
file sss_endian.h was created.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/2057
|
| |
|
|
| |
A conflict between two patches was not resolved correctly
|
| |
|
|
|
|
| |
Since we now store the enumerate flag in sysdb for subdomains, we can
always descend to all available subdomains and if they do not allow
enumeration, simply skip them.
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1963
|
| | |
|
| |
|
|
|
| |
The enumerate flag will be read from the cache for subdomains and
the domain object will be created accordingly.
|
| | |
|
| |
|
|
|
| |
Instead of always performing the setup for the main domain, the setup
can now be performed for subdomains as well.
|
| |
|
|
|
|
| |
Instead of always performing the cleanup on the main domain, the task
now accepts a sdap_domain structure to perform the cleanup on. This
change will make the cleanup task reusable for subdomains.
|
| |
|
|
|
|
| |
The LDAP cleanup request was asynchronous for no good reason, probably a
leftover from the days of async sysdb. This patch makes it sychronous
again, removing a lot of uneeded code.
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1942
Identity providers other than LDAP need to customize the enumeration in
different ways while sharing the way the task is scheduled etc. The
easiest way to accomplish it is to leverage the recently introduced
ptask framework.
|
| |
|
|
|
|
|
|
|
|
|
| |
The LDAP enumeration was too closely tied to the LDAP identity provider.
Because some providers might need special handling such as refresh the
master domain record before proceeding with the enumeration itself, this
patch splits the request itself to a separate async request and lets the
ldap_id_enum.c module only configure this new request.
Also move the enum timestamp to sdap_domain to make the enum tracking
per sdap domain. The cleanup timestamp will be moved in another patch.
|
| |
|
|
|
| |
The constant was not used since Euegene came up with his reconnection
logic.
|
| |
|
|
|
|
|
|
| |
The enum code was quite old and predated the tevent_req style. In
particular, the enum code was checking tevent state direcly and not
using _recv functions or the helper macros we added later.
As a consequence, it was not easy to read. This patch adds the standard
_recv functions to read the status of the enum requests.
|
