sssd.git/src/providers/ipa, branch token

krb5: Fetch ccname template from krb5.conf

2013-08-28T09:00:03+00:00

In order to use the same defaults in all system daemons that needs to know how
to generate or search for ccaches we introduce ode here to take advantage of
the new option called default_ccache_name provided by libkrb5.

If set this variable we establish the same default for all programs that surce
it out of krb5.conf therefore providing a consistent experience across the
system.

Related:
https://fedorahosted.org/sssd/ticket/2036

ipa_s2n_get_user_done: make sure ALIAS name is lower case

2013-08-19T10:36:07+00:00

Fixes https://fedorahosted.org/sssd/ticket/1630

ipa_s2n_get_user_done: free group_attrs as well

2013-08-19T10:36:07+00:00

Check whether servername is not empty string.

2013-08-19T08:14:34+00:00

Previous check was wrong, servername cannot be NULL.

Use GID if subdomain is not MPG

2013-07-29T10:54:36+00:00

https://fedorahosted.org/sssd/ticket/2032

In non-MPG subdomains (such as those that manage their IDs manually with
POSIX attributes), we need to set the GID ourself.

Fix possible dereference of a NULL pointer.

2013-07-23T16:18:03+00:00

We check if function ipa_get_ad_id_ctx returns NULL,
but function ipa_get_ad_id_ctx could never return NULL.
This issue was found by scan-build.

KRB5: Do not send PAC in server mode

2013-07-23T12:18:03+00:00

The krb5 child contacts the PAC responder for any user except for the
IPA native users if the PAC is configured. This works fine for the
general case but the ipa_server_mode is a special one. The PAC responder
is there, but since in the server mode we should be operating as AD
provider default, the PAC shouldn't be analyzed either in this case.

Fix the default FQDN format

2013-07-19T15:49:43+00:00

Commit 52ae806bd17c3c00d70bd1aed437f10f5ae51a1c changed the default FQDN
format by accident to the one we only ever user internally. This commit
fixes the mistake.

IPA: warn if full_name_format is customized in server mode

2013-07-19T11:47:05+00:00

https://fedorahosted.org/sssd/ticket/2009

If the IPA server mode is on and the SSSD is running on the IPA server,
then the server's extdom plugin calls getpwnam_r to read info about trusted
users from the AD server and return them to the clients that called the
extended operation.

The SSSD returns the subdomain users fully-qualified, ie "user@domain"
by default. The format of the fully qualified name is configurable.

However, the extdom plugin returns the user name without the domain
component.

With this patch, when ipa_server_mode is on, warn if the full_name_format
is set to a non-default value. That would prompt the admin to change the
format if he changed it to something exotic.

IPA: Look up AD users directly if IPA server mode is on

2013-06-28T20:22:20+00:00

https://fedorahosted.org/sssd/ticket/1962

If the ipa_server_mode is selected IPA subdomain user and group lookups
are not done with the help of the extdom plugin but directly against AD
using the AD ID code.