sssd.git, branch sssctl

sssctl: call dbus instead of pam to refresh HBAC rules

2017-11-06T11:03:03+00:00

ifp: add method to refresh access control rules in domain

2017-11-06T11:03:01+00:00

ipa: implement method to refresh HBAC rules

2017-11-06T11:03:01+00:00

dp: add method to refresh access control rules

2017-11-06T11:02:58+00:00

dp: use void * to express empty output argument list

2017-11-02T13:58:05+00:00

Since we cannot use plain void type is function definition.

TOOLS: Add a new sssctl command access-report

2017-11-02T12:20:16+00:00

AD: Remember last site discovered in sysdb

2017-11-02T11:47:27+00:00

This can speed up sssd startup.

Resolves:
https://pagure.io/SSSD/sssd/issue/3265

Reviewed-by: Jakub Hrozek

sysdb: add functions to get/set client site

2017-11-02T11:47:23+00:00

Reviewed-by: Jakub Hrozek

AD: Remember last site discovered

2017-11-02T11:47:15+00:00

To discover Active Directory site for a client we must first contact any
directory controller for an LDAP ping. This is done by searching
domain-wide DNS tree which may however contain servers that are not
reachable from current site and than we face long timeouts or failure.

This patch makes sssd remember the last successfuly discovered site
and use this for DNS search to lookup a site and forest again similar
to what we do when ad_site option is set.

Resolves:
https://pagure.io/SSSD/sssd/issue/3265

Reviewed-by: Jakub Hrozek

sudo: always use srv_opts from id context

2017-10-31T22:04:27+00:00

Prior this patch, we remember id_ctx->srv_opts in sudo request to switch
the latest usn values. This works fine most of the time but it may cause
a crash.

If we have two concurrent sudo refresh and one of these fails, it causes
failover to try the next server and possibly replacing the old srv_opts
with new one and it causes an access after free in the other refresh.

Resolves:
https://pagure.io/SSSD/sssd/issue/3562

Reviewed-by: Jakub Hrozek