sssd2.git/src/db, branch sssd-1-8 System Security Services Daemon [okos' clone] sysdb: try dealing with binary-content attributes 2013-02-26T16:22:16+00:00 Jan Engelhardt jengelh@inai.de 2013-02-21T12:12:25+00:00 7cd86ef19cdde175f318aeca4ef2530d33158342 https://fedorahosted.org/sssd/ticket/1818 I have here a LDAP user entry which has this attribute loginAllowedTimeMap:: AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA In the function sysdb_attrs_add_string(), called from sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is the wrong thing to do. The result of strlen is then used to populate the .v_length member of a struct ldb_val - and this will set it to zero in this case. (There is also the problem that there may not be a '\0' at all in the blob.) Subsequently, .v_length being 0 makes ldb_modify(), called from sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End result is that users do not get stored in the sysdb, and programs like `id` or `getent ...` show incomplete information. The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave fine, but that may not mean that is the absolute lower boundary of introduction of the problem. 
https://fedorahosted.org/sssd/ticket/1818

I have here a LDAP user entry which has this attribute

	loginAllowedTimeMap::
	 AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA

In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)

Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.

The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.
SYSDB: Make sysdb_attrs_get_el_int() public 2012-08-21T10:33:15+00:00 Jakub Hrozek jhrozek@redhat.com 2012-08-21T10:33:15+00:00 e6709b54aae7cde6a3d6c73c756cb220a8129e2a Also rename it to sysdb_attrs_get_el_ext() 
Also rename it to sysdb_attrs_get_el_ext()
SYSDB: Handle user and group renames better 2012-05-11T16:17:16+00:00 Jakub Hrozek jhrozek@redhat.com 2012-05-11T14:27:46+00:00 4f2d70c17a68868b1295f2d6d7bf9e4acea3ae19 Fixes a regression in the local domain tools where sss_groupadd no longer detected a GID duplicate. The check for EEXIST is moved one level up into more high level function. The patch also adds the same rename support for users. I found it odd that we allowed a rename of groups but not users. There is a catch when storing a user -- his cached password would be gone. I think that renaming a user is such a rare operation that it's not severe, plus there is a warning in the logs. 
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.

The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
Save alias of the primary name, too 2012-03-21T15:22:39+00:00 Jakub Hrozek jhrozek@redhat.com 2012-03-19T07:03:32+00:00 6d46dc4f1d46ba4a3c568e41b62b6832474cb0e8 






SYSDB: Save only lowercased aliases in case-insensitive domains
2012-03-16T18:06:50+00:00

Stephen Gallagher
sgallagh@redhat.com

2012-03-15T19:43:34+00:00

2293a41a4c534ad0db42038628dbe6171a08819d

https://fedorahosted.org/sssd/ticket/1253





https://fedorahosted.org/sssd/ticket/1253







Search netgroups by alias, too
2012-03-06T20:29:40+00:00

Jakub Hrozek
jhrozek@redhat.com

2012-03-06T17:47:15+00:00

9027034fcfe8d967c9250eb78a78edcc0811c805

https://fedorahosted.org/sssd/ticket/1228





https://fedorahosted.org/sssd/ticket/1228







SSH: Add more debugging messages
2012-02-27T16:52:50+00:00

Jan Cholasta
jcholast@redhat.com

2012-02-27T09:43:34+00:00

3684f53f50bc8c07d3e8975ba0037ef77242c55e












SSH: Save SSH host name aliases
2012-02-27T16:52:50+00:00

Jan Cholasta
jcholast@redhat.com

2012-02-24T17:48:08+00:00

b193250ca7b71e4f07f3016e0addbc4ba521c6a5












Delete missing attributes from netgroups to be stored
2012-02-24T19:58:15+00:00

Jan Zeleny
jzeleny@redhat.com

2012-02-21T12:07:30+00:00

720396bedc032e2c3d6fd48b4f7913fcb0429641

https://fedorahosted.org/sssd/ticket/1136





https://fedorahosted.org/sssd/ticket/1136







Redesign purging of the sudo cache
2012-02-17T16:10:04+00:00

Pavel Březina
pbrezina@redhat.com

2012-02-07T13:08:55+00:00

061b0eaa22291bd1be59be43bf2c7aadf92a24c9

https://fedorahosted.org/sssd/ticket/1173





https://fedorahosted.org/sssd/ticket/1173