sssd.git - Unnamed repository; edit this file 'description' to name the repository.

	Commit message (Collapse)	Author	Age	Files	Lines
...
*	test: Check ERR_LAST	Michal Zidek	2015-03-13	3	-1/+12
\| \| \| \| \| \|	Check if number of error codes and messages is the same. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
*	DEBUG: Add missing strings for error messages	Michal Zidek	2015-03-13	2	-1/+4
\| \| \| \| \| \| \| \|	We had more error codes than corresponding messages. Also order of two messages was wrong. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
*	MAN: libkrb5 and SSSD use different expansions	Pavel Reichl	2015-03-13	1	-0/+9
\| \| \| \| \| \| \| \| \| \| \|	Users often wrongly use SSSD expansions in libkrb5 expansion template for principals. State explicitly it won't work. Resolves: https://fedorahosted.org/sssd/ticket/2528 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 33b8bf140b1d82d2626eeeaaea29af49dcdb3c99)
*	NSS: Handle ENOENT when doing initgroups by UPN	Jakub Hrozek	2015-03-12	1	-18/+28
\| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/2598 We need to return an empty result in cases an initgroups lookup by UPN doesn't return anything. Please note testing with "id user" is not sufficient as id calls a getpwnam first. Reviewed-by: Pavel Reichl <preichl@redhat.com>
*	ldap_child: fix coverity warning	Pavel Reichl	2015-03-11	1	-2/+12
\| \| \| \| \| \| \| \|	In ldap_child_get_tgt_sync() variable 'ret' got overriden in done section without ever before being read. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> (cherry picked from commit 6ccda8691123bb27f5f2a88a0c80174af3e0fd0a)
*	Log reason in debug message why ldb_modify failed	Lukas Slebodnik	2015-03-11	8	-10/+68
\| \| \| \| \|	Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 04d138472cc086fb7961f0d378852b09961b1a33)
*	be_refresh: support groups	Pavel Březina	2015-03-08	5	-0/+63
\| \| \| \| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2346 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 61c8d13e55ebafc28da1b0b5ad9ae578d687e288)
*	be_refresh: support users	Pavel Březina	2015-03-08	5	-0/+62
\| \| \| \| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2346 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit e77d6366ff9e49dbbb607f1709f1ae4190b99489)
*	be_refresh: add sdap_refresh_init	Pavel Březina	2015-03-08	5	-30/+33
\| \| \| \| \|	Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 17531a398cc9084036cb08d69fe876a8f12707bb)
*	be_refresh: refactor netgroups refresh	Pavel Březina	2015-03-08	1	-32/+77
\| \| \| \| \| \| \| \|	This is a preparation to support other object types without introducing duplicated code. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit ab0eda3622b828df2bfb7850c96d1395f614eb13)
*	sdap_handle_acct_req_send: remove be_req	Pavel Březina	2015-03-08	4	-17/+13
\| \| \| \| \| \| \| \| \| \| \| \|	be_req was used only as a talloc context for subreq. This memory context was replace by state of the parent request which is more suitable for tevent coding style. This change will allow us to use this function in be_refresh where none be_req is available. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit a849d848d53f305a90613a74c1767a42b250deda)
*	be_refresh: refresh all domains in backend	Pavel Březina	2015-03-08	4	-37/+66
\| \| \| \| \|	Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit b0d3164ca2bd842e176268c26935c5ce54f7f76e)
*	SDAP: fix minor neglect in is_account_locked()	Pavel Reichl	2015-03-06	1	-0/+2
\| \| \| \| \| \| \| \| \| \|	It would be better to return explicit error code, although access is still denied and error message printed. Relates: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
*	SDAP: Lock out ssh keys when account naturally expires	Pavel Reichl	2015-03-06	5	-94/+254
\| \| \| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2534 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
*	UTIL: convert GeneralizedTime to unix time	Pavel Reichl	2015-03-06	6	-3/+121
\| \| \| \| \| \| \|	New utility function sss_utc_to_time_t to convert GeneralizedTime to unix time. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
*	ldap_child: initialized ccname_file_dummy	Sumit Bose	2015-03-06	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \|	ccname_file_dummy is used in the done-block which is called before ccname_file_dummy is set to a value. This patch initializes ccname_file_dummy to NULL. Related to https://fedorahosted.org/sssd/ticket/2592 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit cc0f9a541c5ecdad750a86b2de9baa1f07403e9e)
*	selinux: Delete existing user mapping on empty default	Jakub Hrozek	2015-03-04	2	-7/+17
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/2587 The case of SELinux default user mapping being an empty string is valid, it should translate into "pick the default context on the target machine". In case the context is empty, we need to delete the per-user mapping from the SELinux database to make sure the default is used. Reviewed-by: Michal Židek <mzidek@redhat.com> Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 01f78f755fde63997ccfded71fb8395569b11430)
*	LDAP: unlink ccname_file_dummy if there is an error	Daniel Hjorth	2015-03-04	1	-1/+11
\| \| \| \| \| \| \| \| \| \| \| \|	https://fedorahosted.org/sssd/ticket/2592 If there is an error after ccname_file_dummy is created but before it is renamed then the file isn't removed. This can cause a lot of files to be created and take up inodes in a filesystem. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit 2b20ff2e33ad3993a9cad910c4b4b828513613df)
*	SDAP: enable change phase of pw expire policy check	Pavel Reichl	2015-03-03	7	-1/+119
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	Implement new option which does checking password expiration policy in accounting phase. This allows SSSD to issue shadow expiration warning even if alternate authentication method is used. Resolves: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit c9b0071bfcb8eb8c71e40248de46d23aceecc0f3)
*	SDAP: refactor pwexpire policy	Pavel Reichl	2015-03-03	3	-32/+91
\| \| \| \| \| \| \| \| \| \|	Move part of pwexpire policy code to a separate function. Relates to: https://fedorahosted.org/sssd/ticket/2167 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit cdaa29d2c5724a4c72bfa0f42284ccfac3d5a464)
*	FO: Use SRV TTL in fail over code	Jakub Hrozek	2015-03-03	11	-9/+666
\| \| \| \| \| \| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/1884 Removes the hardcoded SRV TTL timeout and uses TTL from the DNS instead. Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 8df69bbc58c2f4d3f0b34be9756d9ddf24b1db6d)
*	resolv: Use the same default timeout for SRV queries as previously	Jakub Hrozek	2015-03-03	2	-1/+7
\| \| \| \| \| \| \| \| \| \| \| \|	When we changed the resolver code to use the TTL values from the DNS queries instead of harcoded ones, we changed the default value by accident. Add a separate SRV TTL that is backwards-compatible with the old harcoded value. Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit eafbc66c2ff6365478e62a8df3fd005bf80e5c7b)
*	PAM: check return value of confdb_get_string	Pavel Reichl	2015-02-27	1	-0/+6
\| \| \| \| \| \| \|	Coverity found this neglect. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit c5290f2175845f2c5e3f35ce279b6f52b1d51275)
*	PAM: warn all services about account expiration	Pavel Reichl	2015-02-23	1	-2/+17
\| \| \| \| \| \| \| \| \| \| \|	if pam_verbose is above one then output warning about account expiration for all services. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit f3c2dc1f9ccdf456fd78ed96197b9bf404cc29fc)
*	PAM: new option pam_account_expired_message	Pavel Reichl	2015-02-23	6	-5/+35
\| \| \| \| \| \| \| \| \| \| \|	This option sets string to be printed when authenticating using SSH keys and account is expired. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit e039f1aefecc65a7b3c2d4a13a612bff1dd367c8)
*	PAM: do not reject abruptly	Pavel Reichl	2015-02-23	3	-5/+130
\| \| \| \| \| \| \| \| \| \|	If account has expired then pass message. Resolves: https://fedorahosted.org/sssd/ticket/2050 Reviewed-by: Sumit Bose <sbose@redhat.com> (cherry picked from commit a61d6d01a4e89ec14175af135e84f1cac55af748)
*	Updating the version for the 1.12.5 release	Jakub Hrozek	2015-02-18	1	-1/+1
\|
*	Updating translations for the 1.12.4 releasesssd-1_12_4	Jakub Hrozek	2015-02-18	38	-10708/+11273
\|
*	RESPONDERS: Warn to syslog about colliding objects	Lukas Slebodnik	2015-02-18	3	-0/+22
\| \| \| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2203 Reviewed-by: Pavel Reichl <preichl@redhat.com>
*	LDAP: Handle ENOENT better in the cleanup task	Jakub Hrozek	2015-02-18	1	-9/+8
\| \| \| \| \| \| \| \| \|	The cleanup task handled both count=0 and ret=ENOENT separately which makes no sense, the count=0 handler was dead code previously. Set count=0 on ENOENT instead to just bubble through the DEBUG message gracefully as well. Reviewed-by: Pavel Reichl <preichl@redhat.com>
*	LDAP: Add better DEBUG messages to the cleanup task	Jakub Hrozek	2015-02-18	1	-0/+11
\| \| \| \| \| \| \| \|	Some failures would shortcut to the done handler without telling us anything about why it failed. This commit decorates the cleanup task with more DEBUG statements. Reviewed-by: Pavel Reichl <preichl@redhat.com>
*	GPO: Better debugging for gpo_child's mkdir	Jakub Hrozek	2015-02-18	1	-1/+6
\| \| \| \|	Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
*	CONFIGURE: Do not use macro AC_PROG_MKDIR_P twice	Lukas Slebodnik	2015-02-18	1	-2/+1
\| \| \| \| \| \| \|	Macro AC_PROG_MKDIR_P need to be used just conditionally This patch also fixes fallback of macro MKDIR_P Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
*	Add missing new lines to debug messages	Lukas Slebodnik	2015-02-18	49	-127/+131
\| \| \| \|	Reviewed-by: Pavel Reichl <preichl@redhat.com>
*	sbus_codegen: Port to python3	Lukas Slebodnik	2015-02-13	1	-8/+13
\| \| \| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2017 Reviewed-by: Petr Viktorin <pviktori@redhat.com>
*	Remove strict requirements of python2	Lukas Slebodnik	2015-02-13	8	-8/+7
\| \| \| \| \| \| \| \| \| \| \|	* fix hashbangs * remove strict requirements of python2 in build system Resolves: https://fedorahosted.org/sssd/ticket/2017 Reviewed-by: Petr Viktorin <pviktori@redhat.com> (cherry picked from commit e8058322725ba050014777ee2484f7e833ab1e3a)
*	SSSDConfig: Port missing parts to python3	Lukas Slebodnik	2015-02-13	2	-31/+34
\| \| \| \| \| \| \| \| \| \| \| \| \| \|	* fix incompatible imports * fix translation.[u]?gettext * fix dict method has_key * fix octal literals PEP 3127 * long is not defined in python3 Resolves: https://fedorahosted.org/sssd/ticket/2017 Reviewed-by: Petr Viktorin <pviktori@redhat.com> (cherry picked from commit a71004c112cd5d61d3a9e37a4cfc5760dc9a1cec)
*	SSSDConfig: Remove unused exception name	Lukas Slebodnik	2015-02-13	1	-3/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	"except ValueError, e:" was the syntax used for what is normally written as "except ValueError as e:" in modern Python. The old syntax is still supported in python2 for backwards compatibility. This means "except ValueError, KeyError:" is not equivalent to "except (ValueError, KeyError):" but to "except ValueError as KeyError:" and variable with name "KeyError" was not used in exception handler. Resolves: https://fedorahosted.org/sssd/ticket/2017 Reviewed-by: Petr Viktorin <pviktori@redhat.com> (cherry picked from commit 1ac368d0962ef8cc83dcd642c7fec8b3cba5b6fe)
*	BUILD: Include python-test.py in the tarball	Jakub Hrozek	2015-02-13	1	-1/+3
\| \| \| \|	(cherry picked from commit 51d65c4ad15c2cc23f38fa09dd6efeb15e4f3e86)
*	Python3 support in SSSD	Bohuslav Kabrda	2015-02-13	13	-146/+299
\| \| \| \| \|	https://fedorahosted.org/sssd/ticket/2017 (cherry picked from commit 341a00311680a440d7f979f06c34c70d86c9367a)
*	SELINUX: Check the return value of setuid and setgid	Jakub Hrozek	2015-02-13	1	-2/+12
\| \| \| \| \| \| \|	Silences a Coverity warning Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit b0f46a3019e0ff4f375ef07682ceb9418751707f)
*	resolv: Fix a typo	Jakub Hrozek	2015-02-13	1	-1/+1
\| \| \| \| \|	Reviewed-by: Pavel Reichl <preichl@redhat.com> (cherry picked from commit 842fe49b8c53d84b7f5b7cf67338abb038b5a617)
*	Add user_attributes to ifp section of API schema	Rob Crittenden	2015-02-13	1	-0/+1
\| \| \| \| \| \| \|	Resolves: https://fedorahosted.org/sssd/ticket/2586 Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 0e4d3214d95316f182c04c7166a6b92dfc92a85d)
*	MONITOR: Fix double free	Lukas Slebodnik	2015-02-12	1	-0/+3
\| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \| \|	If kill timer was successfully executed then it will be released by libtevent. So we should not released it in mt_svc_exit_handler for the second time. [sssd] [mt_svc_exit_handler] (0x0040): Child [ifp] terminated with signal [9] [sssd] [talloc_log_fn] (0x0010): talloc: access after free error - first free may be at ../tevent_timed.c:351 [sssd] [talloc_log_fn] (0x0010): Bad talloc magic value - access after free ==19129== Invalid read of size 4 ==19129== at 0x50470CD: talloc_chunk_from_ptr (talloc.c:372) ==19129== by 0x50470CD: _talloc_free (talloc.c:1559) ==19129== by 0x11086C: mt_svc_exit_handler (monitor.c:2754) ==19129== by 0x8AF9B2F: sss_child_invoke_cb (child_common.c:181) ==19129== by 0x4E39823: tevent_common_loop_immediate (tevent_immediate.c:135) ==19129== by 0x4E3AF4D: poll_event_loop_once (tevent_poll.c:649) ==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530) ==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677) ==19129== by 0x84C4B02: server_loop (server.c:668) ==19129== by 0x10D9A6: main (monitor.c:3028) ==19129== Address 0xb8a06c0 is 64 bytes inside a block of size 176 free'd ==19129== at 0x4C2ACE9: free (in /usr/lib64/valgrind/vgpreload_memcheck-amd64-linux.so) ==19129== by 0x50472F2: _talloc_free_internal (talloc.c:1057) ==19129== by 0x50472F2: _talloc_free (talloc.c:1581) ==19129== by 0x4E3D0A3: tevent_common_loop_timer_delay (tevent_timed.c:351) ==19129== by 0x4E3AF59: poll_event_loop_once (tevent_poll.c:653) ==19129== by 0x4E38FEC: _tevent_loop_once (tevent.c:530) ==19129== by 0x4E3AA4A: poll_event_loop_wait (tevent_poll.c:677) ==19129== by 0x84C4B02: server_loop (server.c:668) ==19129== by 0x10D9A6: main (monitor.c:3028) Resolves: https://fedorahosted.org/sssd/ticket/2572 Reviewed-by: Stephen Gallagher <sgallagh@redhat.com> (cherry picked from commit 373946b540eaa5d97c6efb39629195dbe2a1f015)
*	RESOLV: Add an internal function to read TTL from a DNS packet	Jakub Hrozek	2015-02-11	9	-5/+539
\| \| \| \| \| \| \| \| \| \| \| \| \|	Related: https://fedorahosted.org/sssd/ticket/1884 Adds an internal resolver function that reads the TTL for SRV records as specified by RFC-2181. Several internal c-ares definitions are used until c-ares contains a function that exposes all this information via a parsing function. Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit bf54fbed126ec3d459af40ea370ffadacd31c76d)
*	LDAP: Rename the _res output parameter to avoid clashing with libresolv in tests	Jakub Hrozek	2015-02-11	2	-4/+4
\| \| \| \| \|	Reviewed-by: Pavel Březina <pbrezina@redhat.com> (cherry picked from commit 4d7fe714fe74ad242497b2bdbeb7b4e0bf40141f)
*	fill_id() fix LE/BE issue with wrong data type	Sumit Bose	2015-01-30	1	-4/+6
\| \| \| \| \| \| \|	Related to https://fedorahosted.org/sssd/ticket/1588 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 866ab45027c83fafb7f7f45d34d3e1e7721b77dc)
*	AD: use GC for SID requests as well	Sumit Bose	2015-01-30	2	-10/+29
\| \| \| \| \| \| \| \| \| \|	If a universal group is looked up by SID the cross-domain members must be resolved with the help of the Global Catalog. Related to https://fedorahosted.org/sssd/ticket/2514 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 561ed2fd03bab04cfdddbc09c4b48563c9d9b87e)
*	ipa_s2n_save_objects: properly handle fully-qualified group names	Sumit Bose	2015-01-30	1	-1/+1
\| \| \| \| \| \| \| \| \| \| \|	Check if the given name is already fully-qualified instead of adding a domain name unconditionally. Related to https://fedorahosted.org/sssd/ticket/2529 and https://fedorahosted.org/sssd/ticket/2524 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> (cherry picked from commit 9ad346318dc2cc5d5a340d8d981ddfdcc6f632da)
*	MAN: amend sss_ssh_authorizedkeys	Pavel Reichl	2015-01-30	1	-2/+3
\| \| \| \| \| \| \| \|	Directive AuthorizedKeysCommand should be used in conjunction with AuthorizedKeysCommandUser. Reviewed-by: Jan Cholasta <jcholast@redhat.com> (cherry picked from commit ab5f9b58ae740868cb09e92379ed41d30b9401ac)