sssd2.git/src/db, branch sssd-1-9

Only try to relink ghost users if we're not enumerating

2013-04-29T18:44:19+00:00

https://fedorahosted.org/sssd/ticket/1893

When SSSD is not enumerating (which is the default), we are trying to
link any "ghost" entries with a newly created user entry. However, when
enumeration is on, this means a spurious search on adding any user.

sysdb: try dealing with binary-content attributes

2013-02-26T16:18:04+00:00

https://fedorahosted.org/sssd/ticket/1818

I have here a LDAP user entry which has this attribute

	loginAllowedTimeMap::
	 AAAAAAAAAP///38AAP///38AAP///38AAP///38AAP///38AAAAAAAAA

In the function sysdb_attrs_add_string(), called from
sdap_attrs_add_ldap_attr(), strlen() is called on this blob, which is
the wrong thing to do. The result of strlen is then used to populate
the .v_length member of a struct ldb_val - and this will set it to
zero in this case. (There is also the problem that there may not be
a '\0' at all in the blob.)

Subsequently, .v_length being 0 makes ldb_modify(), called from
sysdb_set_entry_attr(), return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX. End
result is that users do not get stored in the sysdb, and programs like
`id` or `getent ...` show incomplete information.

The bug was encountered with sssd-1.8.5. sssd-1.5.11 seemed to behave
fine, but that may not mean that is the absolute lower boundary of
introduction of the problem.

SYSDB: Expire group if adding ghost users fails with EEXIST

2013-01-23T16:34:06+00:00

SYSDB: make the sss_ldb_modify_permissive function public

2013-01-23T16:34:06+00:00

sudo responder: change num_rules type from size_t to uint32_t

2013-01-22T17:31:03+00:00

https://fedorahosted.org/sssd/ticket/1779

2^32 should be enough to store sudo rules. size_t type was causing
troubles on big endian architectures, because it wasn't used
correctly in combination with D-Bus.

LDAP: Compare lists of DNs when saving autofs entries

2013-01-21T15:00:18+00:00

https://fedorahosted.org/sssd/ticket/1758

The autofs entries do not have the key as an unique identifier, but
rather the full (key, value) tuple as some keys have a special meaning,
such as the direct mount key (/-) and may be present in a single map
multiple times.

Comparing the full DN that contains both the key and the value will
allow for working updates if either key or value changes.

SYSDB: Split a function to read all SELinux maps

2013-01-08T19:15:55+00:00

SYSDB: Remove duplicate selinux defines

2013-01-08T19:15:55+00:00

Translate LDB_ERR_ATTRIBUTE_OR_VALUE_EXISTS to EEXIST

2013-01-08T13:57:29+00:00

Currently only the LDB error code indicating that an entry already
exists is translated to EEXIST. To make debugging easier and return a
better indication of the reason for an error in the logs this patch
translates the LDB error code for an already existing attribute or value
to EEXIST as well.

SYSDB: Modify ghosts in permissive mode

2013-01-07T15:29:49+00:00

https://fedorahosted.org/sssd/ticket/1714

The attempt to delete all ghosts for users name and aliases was failing,
resulting into failure of whole user-add operation. In permissive mode,
the attempts to delete non-existent entries are not interpreted as
error.