| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1108
The patch adds support for IPA SUDO attributes and maps.
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1108
IPA SUDO Provider uses LDAP sudo plugin for downloading sudo rules from IPA.
It also uses its purge/store sysdb functions.
|
|
|
|
|
|
|
| |
Fix creation of mixed user/group "member" attribute for RFC2307bis
group entries in ldap_ent.py.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Use a function to generate basic sssd.conf in test_ldap.py to reduce
code duplication.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Split ldap_test.py fixtures into several functions to allow for partial
fixtures and direct use within tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
Support passing all user attributes to ldap_ent.py's user-creation
functions, in integration tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Don't use the global LDAP_BASE_DN in integration tests and fixtures, but
instead take it from the LDAP connection object (ldap_conn) passed to
them explicitly. This makes the tests and fixtures a bit more modular.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Since msgs is attached to tmp_ctx then all the strings are freed
with tmp_ctx. Now steal the strings to objs.
Resolves:
https://fedorahosted.org/sssd/ticket/2826
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
|
|
| |
HBAC deny rules are no longer supported. This comment should have
been removed as part of 'Remove HBAC DENY rules from SSSD'
https://fedorahosted.org/sssd/ticket/912
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
| |
Parsed name or UPN is now stored in input->name instead of touching
orig_name and storing the original name in raw_name.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
It's not necessary to bundle libsss_crypto to crypto_tests.
We can link it directly.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
It should prevent such failures as in commit
73ec8fdfddb2d4bf99977f758eec80e1b1ee8542
BUILD: Link test_data_provider_be with -ldl
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Note that the "filter_groups" option doesn't affect nested member
inheritance, on the sssd.conf(5) manpage.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Mention groups (not only users) in the combined
"filter_users"/"filter_groups" option description on the sssd.conf(5)
manpage.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2810
Provides a new AD common function ad_ldap_conn_list() that creates a
list of AD connection to use along with properties to avoid mistakes
when manually constructing these lists.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Make whitespace_test pass if no trailing whitespace was detected at all.
Add two comments explaining how searching and failure handling works.
Fixes:
https://fedorahosted.org/sssd/ticket/2816
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Update nsupdate_msg_add_fwd() to group commands by address family
processed IP address belongs to.
It's better to group removing old A addresses and adding new A
addresses in a single transaction. Same goes for AAAA addresses.
Separate transaction for A and AAAA addresses updates are important
because server might block updates for one of these families and thus
the update even for the non-blocked address family would unnecessarily
fail.
For more details please see:
https://fedorahosted.org/sssd/wiki/DesignDocs/DDNSMessagesUpdate
Resolves:
https://fedorahosted.org/sssd/ticket/2495
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2495
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
p.communicate() return bytes on python3
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
Exclude whitespace_test from Valgrind checks in contrib/ci/run to
prevent it from failing the tests due to Bash bugs.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Relax the check on UID or GID just to check if at least one of them is
present but do not require them to be positive numbers.
Add requirement on objectclass attributes to be user or group to make
check more reliable.
Resolves:
https://fedorahosted.org/sssd/ticket/2800
|
|
|
|
| |
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
| |
Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
The crash describe by ticket #2802 is caused by providing NULL options
in popt and yet trying to iterate over them. Instead of simply testing
for NULL this patch creates a new option table table merges several
option tables together, thus improving and simplifying usage string.
Resolves:
https://fedorahosted.org/sssd/ticket/2802
Reviewed-by: Pavel Reichl <preichl@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2811
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Memory context was not freed therefore we got stuck in tevent loop
that mocks D-Bus.
Resolves:
https://fedorahosted.org/sssd/ticket/2759
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Added support for logging via external log function.
Log provides information about rules evaluating (HBAC_DBG_INFO level)
and additionally can describe rules (HBAC_DBG_TRACE level).
Resolves:
https://fedorahosted.org/sssd/ticket/2703
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a bug with uninitialized pointer during solving ticket 2703.
More details:
rules[0]->services->names[1] is initialized on line 361, but
initializing of rules[0]->srchosts->names[1] was missing.
Resolves:
https://fedorahosted.org/sssd/ticket/2703
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|