summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* IPA: store forest name for forest member domainsSumit Bose2013-09-278-16/+158
| | | | | In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of the forest must be known for a member domain of the forest.
* IPA: Ignore dns_discovery_domain in server modeJakub Hrozek2013-09-261-0/+36
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2079 If the dns_discovery_domain is set in the server mode, then the current failover code will use it to discover the AD servers as well. This patch resets the discovery domain unless the admin configured SRV resolution for IPA servers manually. In the case he did, we try to warn him that service discovery of AD servers will most likely fail.
* ad: store group in correct tree on initgroups via tokenGroupsPavel Březina2013-09-261-11/+41
| | | | | | | | | If tokenGroups contains group from different domain than user's, we stored it under the user's domain tree in sysdb. This patch changes it so we store it under group's domain tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
* sysdb: sysdb_update_members can take either name or dnPavel Březina2013-09-264-25/+65
| | | | | | | | | We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
* sysdb: get_sysdb_grouplist() can return either names or dnPavel Březina2013-09-262-16/+55
| | | | | | | | | We need to work with distinguish names when processing cross-domain membership, because groups and users may be stored in different sysdb tree. Resolves: https://fedorahosted.org/sssd/ticket/2066
* util: add get_domains_head()Pavel Březina2013-09-262-0/+15
| | | | | | | This function will return head of the domain list. Resolves: https://fedorahosted.org/sssd/ticket/2066
* KRB5: Fix bad comparisonJakub Hrozek2013-09-261-1/+1
|
* krb5: Be more lenient on failures for old ccacheSimo Sorce2013-09-252-2/+2
| | | | | | | | | | | Fix a check for an error return code that can be returned when the ccache is not found. Even in case of other errors still do not fail authentication but allow it to proceed using a new ccache file if necessary. Related: https://fedorahosted.org/sssd/ticket/2053
* NSS: Failure to store entry negative cache should not be fatalJakub Hrozek2013-09-251-18/+31
| | | | | The only effect the failure to store a result to negative cache might have would be a slower lookup next time.
* NSS: Set UID and GID to negative cache after searching all domainsJakub Hrozek2013-09-251-66/+105
| | | | | | | https://fedorahosted.org/sssd/ticket/2090 Previously, when searching by UID or GID, the negative cache will only work in case the UID was searched for using fully qualified names.
* man: server side password policies always takes precedencePavel Březina2013-09-241-0/+5
| | | | https://fedorahosted.org/sssd/ticket/2091
* Convert IN_MULTICAST parameter to host orderJakub Hrozek2013-09-243-3/+3
| | | | | | | https://fedorahosted.org/sssd/ticket/2087 IN_MULTICAST accepts address in the host order, but network order was supplied.
* Check slot validity before MC_SLOT_TO_PTR.Michal Zidek2013-09-232-15/+79
| | | | | resolves: https://fedorahosted.org/sssd/ticket/2049
* krb5: do not expand enterprise principals is offlineSumit Bose2013-09-231-1/+1
| | | | | | | | Expanding a principle to an enterprise principal only makes sense if there is a KDC available which can process it. If we are offline the plain principal should be used, e.g. to create an expired ccache. Fixes https://fedorahosted.org/sssd/ticket/2060
* krb5: save canonical upn to sysdbSumit Bose2013-09-235-20/+58
| | | | | | | | | | | | | If the returned TGT contains a different user principal name (upn) than used in the request, i.e. the upn was canonicalized, we currently save it to sysdb into the same attribute where the upn coming from an LDAP server is stored as well. This means the canonical upn might be overwritten when the user data is re-read from the LDAP server. To avoid this this patch add a new attribute to sysdb where the canonical upn is stored and makes sure it is used when available. Fixes https://fedorahosted.org/sssd/ticket/2060
* LDAP: Use primary cn to search netgroupLukas Slebodnik2013-09-223-7/+22
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2075
* AD: Failure to get flat name is not fatalJakub Hrozek2013-09-223-68/+86
| | | | | | | | | https://fedorahosted.org/sssd/ticket/2067 Some AD or AD-like servers do not contain the netlogon attribute in the master domain name. Instead of failing completely, we should just abort the master domain request and carry on. The only functionality we miss would be getting users by domain flat name.
* sdap_domain_add: remove too strict consistency checkSumit Bose2013-09-201-10/+0
| | | | | The check worked for simple setups but fails e.g. in environment with trusts.
* man: improve sssd-sudo manual pagePavel Březina2013-09-201-2/+22
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2085
* AD: Download master domain info when enumeratingJakub Hrozek2013-09-185-7/+211
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2068 With the current design, downloading master domain data was tied to subdomains refresh, triggered by responders. But because enumeration is a background task that can't be triggered on its own, we can't rely on responders to download the master domain data and we need to check the master domain on each enumeration request.
* LDAP: sdap_id_setup_tasks accepts a custom enum requestJakub Hrozek2013-09-184-18/+29
| | | | AD provider will override the default with its own.
* AD: async request to retrieve master domain infoJakub Hrozek2013-09-184-214/+414
| | | | Adds a reusable async request to download the master domain info.
* KRB5: Call umask before mkstemp in the krb5 child codeJakub Hrozek2013-09-171-0/+3
|
* simple provider: obey case sensitivity for subdomain users and groupsPavel Březina2013-09-171-7/+43
| | | | | | | | When comparing username and his groups to access list, we will obey case sensitivity of object from access list. Resolves: https://fedorahosted.org/sssd/ticket/2034
* simple access test: initialize be_ctx for all testsPavel Březina2013-09-171-15/+16
| | | | | | | | | Recent simple access provider patches started using be_ctx during access check. This caused segfault in unit tests, since be_ctx wasn't initialized. Resolves: https://fedorahosted.org/sssd/ticket/2034
* simple provider: support subdomain groupsPavel Březina2013-09-171-23/+64
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2034
* util: add find_subdomain_by_object_name()Pavel Březina2013-09-172-0/+39
| | | | | | | | This function will parse object name into name and domain name part and return appropriate sss domain. Resolves: https://fedorahosted.org/sssd/ticket/2034
* util: add find_subdomain_by_sid()Pavel Březina2013-09-172-0/+35
| | | | | | | | | | | | | | This function takes domain SID (doesn't have the last component) or object SID (have all components) and returns subdomain. The subdomain is found by comparing domain->domainid with the SID. E.g. domain SID: S-1-5-21-3940105347-3434501867-2690409756 object SID: S-1-5-21-3940105347-3434501867-2690409756-513 Resolves: https://fedorahosted.org/sssd/ticket/2034
* simple provider: support subdomain usersPavel Březina2013-09-171-5/+10
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2034
* simple access tests: fix typosPavel Březina2013-09-171-5/+5
|
* util: add sss_idmap_talloc[_free]Pavel Březina2013-09-177-61/+73
| | | | Remove code duplication.
* man sssd: Add note about SSS_NSS_USE_MEMCACHEMichal Zidek2013-09-131-0/+8
|
* Rename _SSS_MC_SPECIALMichal Zidek2013-09-131-2/+2
| | | | | | If the environment variable _SSS_MC_SPECIAL is set to "NO", the mmap cache is skipped in the client code. The name is not very descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
* KRB: Remove unused function parametersLukas Slebodnik2013-09-121-4/+2
| | | | | Parameter "int *dp_err" and parameter "int *pam_status" were unused in static function krb5_auth_prepare_ccache_name.
* KRB: Remove unused memory contextLukas Slebodnik2013-09-123-3/+3
| | | | mem_ctx was unused in function get_domain_or_subdomain
* TESTS: Remove unused variableJakub Hrozek2013-09-121-4/+0
| | | | | | The tmpl variable was only ever used to default to FILE backend in case absolute patch w/o ccache type was selected. Since backends are no longer there, we can remove the variable, too.
* Remove unused codeJakub Hrozek2013-09-122-69/+0
|
* Enable printf format string checkingLukas Slebodnik2013-09-111-2/+8
| | | | https://fedorahosted.org/sssd/ticket/1945
* Fix formating of variables with type: gid_tLukas Slebodnik2013-09-117-25/+27
|
* Fix formating of variables with type: uid_tLukas Slebodnik2013-09-119-18/+27
|
* Fix formating of variables with type: id_tLukas Slebodnik2013-09-115-7/+38
|
* Use right formating to print stringLukas Slebodnik2013-09-111-1/+1
| | | | format specifies type 'int' but the argument has type 'const char *'
* Fix warning: data argument not used by format stringLukas Slebodnik2013-09-111-2/+5
|
* Fix formating of variables with ber_ typeLukas Slebodnik2013-09-112-3/+4
|
* Fix formating of variables with type: time_tLukas Slebodnik2013-09-117-9/+10
|
* Fix formating of variables with type defined in stdint.hLukas Slebodnik2013-09-114-11/+14
|
* Fix formating of variables with type: rlim_tLukas Slebodnik2013-09-112-5/+12
|
* Fix formating of variables with type: key_serial_tLukas Slebodnik2013-09-112-1/+5
|
* Adding new header for printf formating macrosLukas Slebodnik2013-09-112-0/+33
|
* Fix formating of variables with type: size_tLukas Slebodnik2013-09-1133-69/+82
|
generated by cgit (git 2.34.1) at 2024-06-19 11:56:16 +0000