summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
* SSSD: Unit test - sss_ldap_dn_in_search_basesPavel Reichl2013-11-291-0/+191
| | | | | | | Unit test testing detection of the right domain when processing group with members from several domains Resolves: https://fedorahosted.org/sssd/ticket/2132
* SSSD: Improved domain detectionPavel Reichl2013-11-293-16/+57
| | | | | | | A bit more elegant way of detection of what domain the group member belongs to Resolves: https://fedorahosted.org/sssd/ticket/2132
* SYSDB: Sanitize filter before removing ghost attrsLukas Slebodnik2013-11-292-1/+27
| | | | | | | | | | | sysdb_add_user fails with EIO if enumeration is disabled and user contains backslashes. We try to remove ghost attributes from groups with disabled enumeration, but unsanitized filter is used to find ghost attributes "(|(ghost=usr\\\\002)" and ldb cannot parse this filter. Resolves: https://fedorahosted.org/sssd/ticket/2163
* SYSDB: Sanitize filter before sysdb_search_groupsLukas Slebodnik2013-11-292-1/+13
| | | | | | | | | | sysdb_delete_user fails with EIO if user does not exist and contains backslashes. ldb could not parse filter (&(objectclass=group)(ghost=usr\\\\001)), because ghost value was not sanitized Resolves: https://fedorahosted.org/sssd/ticket/2163
* LDAP: Initialize user count for AD matching ruleJakub Hrozek2013-11-281-1/+1
| | | | | | | https://fedorahosted.org/sssd/ticket/2157 If AD matching rule was selected, but the group was empty, the SSSD accessed random data. Initializing count to zero prevents that.
* AD: Fix a typo in the man pageJakub Hrozek2013-11-271-1/+1
| | | | https://fedorahosted.org/sssd/ticket/2154
* monitor: Specific error message for missing sssd.confPavel Reichl2013-11-274-3/+16
| | | | | | | | Specific error message is logged for missing sssd.conf file. New sssd specific error value is introduced for this case. Resolves: https://fedorahosted.org/sssd/ticket/2156
* pac: fix potential memory leaksPavel Březina2013-11-261-5/+5
|
* pac: fix double freePavel Březina2013-11-261-8/+6
|
* LDAP: Search for original DN during auth if it's missingJakub Hrozek2013-11-201-16/+194
| | | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2077 If during the LDAP authentication we find out that the originalDN to bind as is missing (because the ID module is not LDAP based), we can try to look up the user from LDAP without saving him just in order to receive the originalDN.
* LDAP: Split out a request to search for a user w/o savingJakub Hrozek2013-11-202-33/+147
| | | | | | | | | | Related: https://fedorahosted.org/sssd/ticket/2077 Certain situations require that a user entry is downloaded for further inpection, but not saved to the sysdb right away. This patch splits the previously monolithic request into one that just downloads the data and one that uses the new one to download and save the user.
* do not use default_domain_suffix with autofsAron Parsons2013-11-181-1/+1
|
* SYSDB: Skip malformed netgroup attribute.Lukas Slebodnik2013-11-151-1/+5
| | | | | | | | | | It was not easy find out why netgroup could not be covert into result entries. Problem was that nisNetgroupTriple contained unexpected string "(,user01)" This patch will ignore only malformed attribute and processing of netgroup will not fail. Resolves: https://fedorahosted.org/sssd/ticket/2137
* LDAP: Prevent from using uninitialized sdap_optionsLukas Slebodnik2013-11-141-1/+1
| | | | | | | | ldap_get_options can fail in time of ldap back end initialisation and then sssd try to release uninitialised sdap_options. Resolves: https://fedorahosted.org/sssd/ticket/2147
* Initialize sid_str to NULL to avoid freeing random dataJakub Hrozek2013-11-082-2/+2
| | | | | If any function before failed, sss_idmap_free_sid() might have been called with random data.
* NSS: Set packet length for initgroupsLukas Slebodnik2013-11-071-0/+7
| | | | | | | | | | Some groups could be skipped, but packet length was not trimmed. This is a reason why valgrind reported access to uninitialised bytes. Actually, it isn't a problem, because the first uint32 in body is number of sended gids. Resolves: https://fedorahosted.org/sssd/ticket/2138
* free idmapped binary SIDs correctlyPavel Březina2013-11-072-6/+6
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2133
* free idmapped smb SIDs correctlyPavel Březina2013-11-071-3/+3
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2133
* free idmapped dom SIDs correctlyPavel Březina2013-11-071-6/+6
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2133
* free idmapped SIDs correctlyPavel Březina2013-11-078-13/+20
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/2133
* idmap: add API to free allocated SIDsPavel Březina2013-11-072-0/+84
|
* Updating translation for the 1.11.2 releasesssd-1_11_2Jakub Hrozek2013-10-3015-2244/+3694
|
* AD: Fix ad_access_filter parsing with empty filterJakub Hrozek2013-10-302-0/+24
|
* NSS: Fix parenthesisJakub Hrozek2013-10-301-1/+1
|
* LDAP: Check all search bases during nested group processingJakub Hrozek2013-10-301-13/+42
|
* nested groups: pick correct domain for cache lookupsPavel Březina2013-10-301-4/+12
| | | | | | | | | Groups may contain members from different domains. We need to make sure that we always choose correct domain for subdomain users when looking up in sysdb. Resolves: https://fedorahosted.org/sssd/ticket/2064
* sdap_fill_memberships: pick correct domain for every memberPavel Březina2013-10-301-4/+19
| | | | | | | | | Groups may contain members from different domains. We need to make sure that we always choose correct domain for subdomain users when looking up in sysdb. Resolves: https://fedorahosted.org/sssd/ticket/2064
* ghosts: pick correct domain for every memberPavel Březina2013-10-301-10/+15
| | | | | | | | | Groups may contain members from different domains. We need to make sure that we store subdomain users with correct domain name. Resolves: https://fedorahosted.org/sssd/ticket/2064
* sdap: add sdap_domain_get_by_dn()Pavel Březina2013-10-302-0/+28
| | | | | | | | This function will find sdap domain by comparing object dn with domain base dn. Resolves: https://fedorahosted.org/sssd/ticket/2064
* sdap: store base dn in sdap_domainPavel Březina2013-10-302-15/+22
| | | | | | | | | Groups may contain members from different domains. Remembering base dn in domain object gives us the ability to simply lookup correct domain by comparing object dn with domain base dn. Resolves: https://fedorahosted.org/sssd/ticket/2064
* ad: shortcut if possible during get object by ID or SIDPavel Březina2013-10-301-0/+96
| | | | | | | | | | When getByID or getBySID comes from responder, the request doesn't necessarily have to contain correct domain, since responder iterates over all domains until it finds a match. Every domain has its own ID range, so we can simply shortcut if domain does not match and avoid LDAP round trip. Responder will continue with next domain until it finds the correct one.
* free sid obtained from sss_idmap_unix_to_sid()Pavel Březina2013-10-301-0/+2
|
* be_spy_create: free be_req and not the long living dataSumit Bose2013-10-301-1/+1
|
* LDAP: Return correct error codeLukas Slebodnik2013-10-301-1/+1
| | | | | | If talloc_array return NULL we should return right error code from function sdap_domain_subdom_add. It might happen that we could return either wrong error code or uninitialized variable ret.
* MAN: Document that krb5 directories can only be created as privateJakub Hrozek2013-10-291-10/+3
|
* NSS: Fix service enumerationJakub Hrozek2013-10-291-1/+5
| | | | | | | The code wrote into the middle of the packet to a space that was already reserved and allocated but then still advanced the pointer to the buffer. https://fedorahosted.org/sssd/ticket/2124
* ad_subdom_store: check ID mapping of the domain not of the parentSumit Bose2013-10-291-2/+2
|
* KRB5: Handle ERR_CHPASS_FAILEDJakub Hrozek2013-10-291-0/+6
| | | | | | | The Kerberos provider didn't handle ERR_CHPASS_FAILED at all, which resulted in the default return code (System Error) to be returned if password change failed for pretty much any reason, including password too recent etc.
* NSS: Print FQDN for groups with mixed domain membershipJakub Hrozek2013-10-292-9/+239
| | | | | | | | | | | | | | | | | This patch is a workaround until https://fedorahosted.org/sssd/ticket/2129 is fixed properly. Consider a group entry such as: cn: subgroup@subdom ghost: someuser ghost: anotheruser@subdom Currently in order to print all group members as FQDN (which is the default for AD provider), the code needs to iterate over the ghost attributes and parse them into (name,domain) and optionally re-add the domain. The proper fix would be to store always just the FQDN in the hardcoded form of user@domain
* TEST: Test getgrnam with emphasis on membersJakub Hrozek2013-10-291-8/+386
|
* sdap_save_group: try to determine domain by SIDPavel Březina2013-10-291-7/+18
| | | | | | | | | | | | | GC contains objects from both parent domain and subdomain. Lets say we have group with UID 5000 that belongs to a subdomain and overlapping search bases dc=ad,dc=pb and dc=sub,dc=ad,dc=pb. Now we call 'getent group 5000' and this request goes through data provider, searching in parent domain first. Even though this group does not belong to this domain it is found and stored as ad.pb group. With this patch we look at group's SID and put it into correct domain.
* sdap_save_user: try to determine domain by SIDPavel Březina2013-10-291-22/+32
| | | | | | | | | | | | | GC contains objects from both parent domain and subdomain. Lets say we have user with UID 5000 that belongs to a subdomain and overlapping search bases dc=ad,dc=pb and dc=sub,dc=ad,dc=pb. Now we call 'getent passwd 5000' and this request goes through data provider, searching in parent domain first. Even though this user does not belong to this domain it is found and stored as ad.pb user. With this patch we look at user's SID and put it into correct domain.
* ad: destroy ptasks when subdomain is removedPavel Březina2013-10-251-0/+3
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* ipa: destroy cleanup task when subdomain is removedPavel Březina2013-10-251-0/+1
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* dp: convert cleanup task to be_ptaskPavel Březina2013-10-254-73/+64
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* be_ptask: add be_ptask_create_sync()Pavel Březina2013-10-252-0/+117
| | | | | | | | This is a wrapper around be_ptask_create() that allows to create synchronous periodic tasks. Resolves: https://fedorahosted.org/sssd/ticket/1968
* dp: free sdap domain if subdomain is removedPavel Březina2013-10-252-0/+15
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* dp: add function to terminate request of specific domainPavel Březina2013-10-252-0/+23
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
* dp: set request domainPavel Březina2013-10-251-0/+43
| | | | | | | | Every request is attached to be_ctx->domain by default. We will change the domain to a subdomain if it is relevant. Resolves: https://fedorahosted.org/sssd/ticket/1968
* utils: add ERR_DOMAIN_NOT_FOUND error codePavel Březina2013-10-252-0/+2
| | | | | Resolves: https://fedorahosted.org/sssd/ticket/1968
generated by cgit (git 2.34.1) at 2024-05-07 21:56:23 +0000