| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
This patch switch the old switch-based cache req code to
the new plugin-based.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
| |
This patch adds all existing functionality into plugins.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
cache_req grown quite big from the original code and it turned out
that using switch statements to branch code for different cases
makes the code quite hard to read and further extend and any
modification to the logic itself is difficult.
This patch changes the switch statements to plugins with small
functions and separates logic into multiple modules. This gives
us better control over the code and improves readability and
maintainability while keeping code duplication to minimum.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Dlopen test was added to blacklist due to following reason:
> Disable running dlopen-tests under Valgrind as their use of dlclose
> makes Valgrind drop symbols and produce meaningless backtraces, which
> cannot be matched with specific suppressions.
It's true that dlclose makes meaningless backtraces but backtraces should
not be generated otherwise there is a bug in some library which need to be
fixed and not suppressed.
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The current code checks only for "HAVE_PYTHON_BINDINGS", which is not
even a valid check. Let's do the proper check according to the python
version (HAVE_PYTHON2_BINDINGS or HAVE_PYTHON3_BINDINGS).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2940
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2940
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch adds wbcCtxUnixIdsToSids() and wbcUnixIdsToSids() to SSSD's
libwbclient and implements the latter.
Resolves:
https://fedorahosted.org/sssd/ticket/3181
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
|
| |
In order for sssctl to work on platforms that do not use systemd,
we need to require /sbin/service them for sssd-tools so that the binary
can be invoked.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
If the target platform does not have the service executable, we must not
fail the build, but proceed, just disabling the functionality in sssctl.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
|
|
|
| |
The shell is executed for invocation of the service binary.
Therefore it is better to search the binary only in safe paths.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
| |
If systemd is used we leverage it's D-Bus API instead of running systemctl.
Resolves:
https://fedorahosted.org/sssd/ticket/3056
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When adding support for UPNs, email addresses and aliases the
SSS_NSS_GETSIDBYNAME and SSS_NSS_GETORIGBYNAME request were forgotten.
This patch adds the missing support because it might be irritating if
getpwnam() can resolve the name but the other requests fail. The same
logic as for the plain user lookup is used, this add some code
duplication which is expected to be removed when the nss responder will
be switched to use the new cache_req code.
Resolves https://fedorahosted.org/sssd/ticket/3194
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Print informational message and exit when multiple arguments are provided
for single-argument options with sss_cache
Resolves:
https://fedorahosted.org/sssd/ticket/3180
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
ldap_user_name and ldap_group_name have
different defalts then what the man page
states.
Resolves:
https://fedorahosted.org/sssd/ticket/3022
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
It is probably result of modifying the code
and not updating the man page properly.
Resolves:
https://fedorahosted.org/sssd/ticket/3205
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
|
|
|
|
|
|
|
|
| |
The debug message was introduced when I was testing 65a38b8c9, but ended
up not removed before submitting the patch.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Petr Cech <pcech@redhat.com>
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/3169
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
without this patch, valgrind was reporting:
==30955== Conditional jump or move depends on uninitialised value(s)
==30955== at 0xDBBACC3: ipa_subdomains_slave_search_done (ipa_subdomains.c:1111)
==30955== by 0xE73B34D: sdap_search_bases_ex_done (sdap_ops.c:222)
==30955== by 0xE6FFA98: sdap_get_generic_done (sdap_async.c:1872)
==30955== by 0xE6FF4E2: generic_ext_search_handler (sdap_async.c:1689)
==30955== by 0xE6FF840: sdap_get_and_parse_generic_done (sdap_async.c:1797)
==30955== by 0xE6FEFB5: sdap_get_generic_op_finished (sdap_async.c:1579)
==30955== by 0xE6FB1D2: sdap_process_message (sdap_async.c:353)
==30955== by 0xE6FAD51: sdap_process_result (sdap_async.c:197)
==30955== by 0xE6FAA14: sdap_ldap_next_result (sdap_async.c:145)
==30955== by 0x8E157FF: tevent_common_loop_timer_delay (tevent_timed.c:341)
==30955== by 0x8E16809: epoll_event_loop_once (tevent_epoll.c:911)
==30955== by 0x8E14F09: std_event_loop_once (tevent_standard.c:114)
==30955==
Resolves:
https://fedorahosted.org/sssd/ticket/3213
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
Previously, a generic 500 error code was returned. This patch adds a new
error message on a failure to contact the proxy server and returns 504,
"Gateway timeout" instead.
Resolves:
https://fedorahosted.org/sssd/ticket/3212
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
| |
s/filed/field/
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
| |
Normally we use errno_t for return codes and size_t for counting
objects.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Previously, it was not possible to follow the flow of the secrets
responder or find out what went wrong on error. This patch adds DEBUG
messages so that most failure cases have their own message. At the same
time, running sssd-secrets with debug_level <= 3 does not emit any
messages at all.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3168
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Otherwise the struct ldb_dn will be hanging on the mem_ctx till it gets
freed.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
There's no reason for those functions to be exposed.
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/3207
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/3207
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The regular expression used is quite specific for the two cases we
support:
- [secrets]
- [secrets/users/$uid]
It could be done a bit more generic, but the way it's right now it can
easily catch errors like: [secrets/usrs/$uid] or [secrets/].
Related:
https://fedorahosted.org/sssd/ticket/3207
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3053
Documents the API and the purpose of the sssd-secrets responder.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
| |
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
| |
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2813
Reviewed-by: Justin Stephenson <jstephen@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
This patch fixes creation of FQ username if krb5_map_user option
ise used.
Resolves:
https://fedorahosted.org/sssd/ticket/3188
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
|
|
|
|
|
|
|
| |
Fedora and epel contains macro %python_provide
for simpler renaming of python packages. It will generate correct
provides and obsoletes.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
|
|
| |
dict.keys() returns iterator in python3 and not list
Chaging data in dictionary while using iterator
fails with "RuntimeError: dictionary changed size during iteration"
https://fedorahosted.org/sssd/ticket/3107
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
|
|
|
|
|
|
|
| |
This adds a uniqueID property on User and Group InfoPipe objects. It has a
useful value on AD- and IPA-backed domains. For Active Directory, this is the
GUID.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
| |
Tests that running two duplicate SRV resolution queries succeeds
and returns a valid host name.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Multiple failover requests come in same time, the first one will
result in collapsing the meta server but multiple resolution of
SRV records are triggered. The first one finishes normally but the
others won't find any new server thus ends with an error.
This patch makes failover to proceed normally even in such case.
Resolves:
https://fedorahosted.org/sssd/ticket/3131
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
|
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|