sssd.git/src/db, branch sssctl Unnamed repository; edit this file 'description' to name the repository. AD: Remember last site discovered in sysdb 2017-11-02T11:47:27+00:00 Pavel Březina pbrezina@redhat.com 2017-11-01T13:57:17+00:00 fb0431b13a9fcd8ac31e622503acbd10d2b73ac9 This can speed up sssd startup. Resolves: https://pagure.io/SSSD/sssd/issue/3265 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This can speed up sssd startup.

Resolves:
https://pagure.io/SSSD/sssd/issue/3265

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sysdb: add functions to get/set client site 2017-11-02T11:47:23+00:00 Pavel Březina pbrezina@redhat.com 2017-10-24T10:09:39+00:00 e16539779668dacff868999bd59dbf33e3eab872 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SYSDB: Prevent users and groups ID collision in MPG domains except for id_provider=local 2017-10-26T08:11:22+00:00 Jakub Hrozek jhrozek@redhat.com 2017-10-19T15:18:15+00:00 ac962e2b286988d8666b3b81bf8b55b1705b9ac0 This commit makes the check when adding an object in a MPG domain stricter in the sense that not only same names are allowed in a MPG domain, but also the same groups are not allowed either. This commit is a backwards-incompatible change, but one that is needed, otherwise requesting the duplicate group first and then requesting the user entry would yield two object when searching by GID. In order to keep backwards-compatibility, this uniqueness is NOT enforced with id_provider=local. This constraint can be removed in the future (or the local provider can be dropped altogether) Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
This commit makes the check when adding an object in a MPG domain
stricter in the sense that not only same names are allowed in a MPG
domain, but also the same groups are not allowed either.

This commit is a backwards-incompatible change, but one that is needed,
otherwise requesting the duplicate group first and then requesting the
user entry would yield two object when searching by GID.

In order to keep backwards-compatibility, this uniqueness is NOT
enforced with id_provider=local. This constraint can be removed in
the future (or the local provider can be dropped altogether)

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Fix minor spelling mistakes 2017-10-25T08:24:49+00:00 René Genz liebundartig@freenet.de 2017-10-22T20:24:27+00:00 a02a5ed51178b2cbede0396d66aed716b8898096 Merges: https://pagure.io/SSSD/sssd/pull-request/3556 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Merges: https://pagure.io/SSSD/sssd/pull-request/3556

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
LDAP: Add support for rhost access control 2017-10-19T14:05:06+00:00 Alexey Kamenskiy alexey.kamenskiy@chinanetcloud.com 2017-10-18T10:28:07+00:00 f34a8330c1615511795847b0a1454249d782db2a This patch implements verification of pam_rhost against rules stored in LDAP entry of a user. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
This patch implements verification of pam_rhost against
rules stored in LDAP entry of a user.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
sysdb: sanitize search filter input 2017-10-11T15:28:53+00:00 Sumit Bose sbose@redhat.com 2017-10-05T09:07:38+00:00 1f2662c8f97c9c0fa250055d4b6750abfc6d0835 This patch sanitizes the input for sysdb searches by UPN/email, SID and UUID. This security issue was assigned CVE-2017-12173 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch sanitizes the input for sysdb searches by UPN/email, SID and
UUID.

This security issue was assigned CVE-2017-12173

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
sysdb: add missing indices 2017-09-14T15:05:56+00:00 Sumit Bose sbose@redhat.com 2017-09-05T10:49:54+00:00 9acdf51bf32d7b4389f3faea0fc6b73c56b6da71 Resolves https://pagure.io/SSSD/sssd/issue/3472 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves https://pagure.io/SSSD/sssd/issue/3472

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SUDO: Use initgr_with_views when looking up a sudo user 2017-09-08T15:02:49+00:00 Jakub Hrozek jhrozek@redhat.com 2017-08-22T20:32:19+00:00 dee665060ba71ff61ad223e755ae61441118fbba The sudo responder code didn't take views into account when looking for rules, which resulted in sudo rules being ignored if the user's name was overriden. Please see the ticket for a detailed info on how to reproduce the bug. Resolves: https://pagure.io/SSSD/sssd/issue/3488 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
The sudo responder code didn't take views into account when looking for
rules, which resulted in sudo rules being ignored if the user's name was
overriden.

Please see the ticket for a detailed info on how to reproduce the bug.

Resolves:
https://pagure.io/SSSD/sssd/issue/3488

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
SYSDB: Add sysdb_search_by_orig_dn() 2017-09-05T09:13:16+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-06-02T11:26:49+00:00 e5c42c2630093d3020b3c4944cce1646325bc236 Three new methods have been added to sysdb's API in order to perform search by the orig dn (which is quite common in SSSD's code base). A common/base method called sysdb_search_by_orig_dn() is the most important one and then a few other helpers for searching users and groups groups directly. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Three new methods have been added to sysdb's API in order to perform
search by the orig dn (which is quite common in SSSD's code base).

A common/base method called sysdb_search_by_orig_dn() is the most
important one and then a few other helpers for searching users and
groups groups directly.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SYSDB: Add sessionRecording attribute macro 2017-07-27T08:32:41+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2017-03-17T10:35:51+00:00 90fb7d3e61423ff1375e9f552f4b58e5173ad3d1 Add a macro for sessionRecording attribute to sysdb.h. To be used for storing a boolean attribute signifying if session recording is enabled for the user. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Add a macro for sessionRecording attribute to sysdb.h.
To be used for storing a boolean attribute signifying if session
recording is enabled for the user.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>