sssd.git/src/providers/ldap, branch sudo Unnamed repository; edit this file 'description' to name the repository. sudo: always use srv_opts from id context 2017-10-31T09:48:55+00:00 Pavel Březina pbrezina@redhat.com 2017-10-19T08:39:21+00:00 e5ca30a04151e9b597363f4e1234674f96349706 Prior this patch, we remember id_ctx->srv_opts in sudo request to switch the latest usn values. This works fine most of the time but it may cause a crash. If we have two concurrent sudo refresh and one of these fails, it causes failover to try the next server and possibly replacing the old srv_opts with new one and it causes an access after free in the other refresh. 
Prior this patch, we remember id_ctx->srv_opts in sudo request to switch
the latest usn values. This works fine most of the time but it may cause
a crash.

If we have two concurrent sudo refresh and one of these fails, it causes
failover to try the next server and possibly replacing the old srv_opts
with new one and it causes an access after free in the other refresh.
ldap: Change ldap_user_certificate to userCertificate;binary 2017-10-04T06:54:41+00:00 amitkuma amitkuma@redhat.com 2017-09-06T18:01:45+00:00 d1d6f3a7f08cd1dc5128105eb6ad7ec311f281b8 IPA and AD providers default to userCertificate;binary for the ldap_user_certificate option. It will be good to default that value also for the generic LDAP provider. Resolves: https://pagure.io/SSSD/sssd/issue/3499 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
IPA and AD providers default to userCertificate;binary for the
ldap_user_certificate option. It will be good to default that value
also for the generic LDAP provider.

Resolves:
https://pagure.io/SSSD/sssd/issue/3499

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IPA: fix handling of certmap_ctx 2017-09-14T14:57:09+00:00 Sumit Bose sbose@redhat.com 2017-09-06T14:42:20+00:00 f2e70ec742cd7aab82b74d7e4b424ba3258da7aa This patch fixes a use-after-free in the AD provider part and initializes the certmap_ctx with data from the cache at startup. Related to https://pagure.io/SSSD/sssd/issue/3508 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch fixes a use-after-free in the AD provider part and
initializes the certmap_ctx with data from the cache at startup.

Related to https://pagure.io/SSSD/sssd/issue/3508

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SDAP: Use sysdb_search_*_by_orig_dn() in sdap_async_groups.c 2017-09-05T09:13:50+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-06-02T12:12:29+00:00 e3d9ce0ac22796cb08ad2daed006021b44b28c69 Methods for searching the users, groups and entries by their orig dn have been introduced in one of the previous commit. Let's make use of those whenever it makes sense. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Methods for searching the users, groups and entries by their orig dn
have been introduced in one of the previous commit.

Let's make use of those whenever it makes sense.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SDAP: Use sysdb_search_*_by_orig_dn() in sdap_async_nested_groups.c 2017-09-05T09:13:40+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-06-02T11:35:30+00:00 4c508463be960682cf94b4e5a39be2f8f49067c8 Methods for searching the users, groups and entries by their orig dn have been introduced in one of the previous commit. Let's make use of those whenever it makes sense. Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Methods for searching the users, groups and entries by their orig dn
have been introduced in one of the previous commit.

Let's make use of those whenever it makes sense.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SDAP: Don't call be_mark_offline() because sdap_id_conn_data_set_expire_timer() failed 2017-08-31T10:08:34+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-28T14:38:40+00:00 5a117d36030f589cc04430ea1c6c328a8fdb903f Marking the whole backend as offline because sdap_id_conn_data_set_expire_timer() failed doesn't look any right and from now on let's avoiding doing so. Related: https://pagure.io/SSSD/sssd/issue/2976 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Marking the whole backend as offline because
sdap_id_conn_data_set_expire_timer() failed doesn't look any right and
from now on let's avoiding doing so.

Related: https://pagure.io/SSSD/sssd/issue/2976

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SDAP: Add a debug message to explain why a backend was marked offline 2017-08-31T10:08:30+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-08-28T11:17:49+00:00 362b8a94c0ffaa63af3a5a5772c29303be009640 This new debug message may help us when debugging the cases where a backend was marked offline but it shouldn't be. Related: https://pagure.io/SSSD/sssd/issue/2976 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This new debug message may help us when debugging the cases where a
backend was marked offline but it shouldn't be.

Related: https://pagure.io/SSSD/sssd/issue/2976

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ldap_child: Removing duplicate log message 2017-08-25T17:37:46+00:00 AmitKumar amitkuma@redhat.com 2017-08-21T14:29:59+00:00 7aac90a357211379c71b33b5c97fa3dde306d047 Duplicate log messages were getting logged if trust relationship breaks for some reason from AD. That causes lot spam in syslog. This PR removes duplicate log entry and keeps extended log entry. Resolves: https://pagure.io/SSSD/sssd/issue/3450 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Duplicate log messages were getting logged if trust relationship
breaks for some reason from AD. That causes lot spam in syslog.
This PR removes duplicate log entry and keeps extended log entry.

Resolves:
https://pagure.io/SSSD/sssd/issue/3450

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Moving headers used by both server and client to special folder 2017-08-03T09:08:15+00:00 AmitKumar amitkuma@redhat.com 2017-07-22T23:49:27+00:00 3996e391054a1c02ab62e1541ae21a8204bd5d0a These are the header files which are used by both client and server: src/util/io.h src/util/murmurhash3.h src/util/util_safealign.h This patch is about moving these header files to special folder (src/shared). It will be easier to identify these headers when looking for them in the src tree. util_safalign.h is renamed as safalign.h because util_ namespace is appropriate when this file belonged to the util's folder which is no longer the case. Resolves: https://pagure.io/SSSD/sssd/issue/1898 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
These are the header files which are used by both client and server:
src/util/io.h
src/util/murmurhash3.h
src/util/util_safealign.h

This patch is about moving these header files to special folder
(src/shared). It will be easier to identify these headers when looking
for them in the src tree.
util_safalign.h is renamed as safalign.h because util_ namespace is
appropriate when this file belonged to the util's folder which is no
longer the case.

Resolves:
https://pagure.io/SSSD/sssd/issue/1898

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Revert "LDAP: Fix nesting level comparison" 2017-07-24T18:44:11+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-07-21T15:56:03+00:00 93493702980e23d5b0322d16681f4ba77d6dd999 This reverts commit 925a14d50edf0e3b800ce659b10b771ae1cde293. It broke a test for enumerate nested groups if they are part of non POSIX groups https://pagure.io/SSSD/sssd/issue/2406 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This reverts commit 925a14d50edf0e3b800ce659b10b771ae1cde293.

It broke a test for enumerate nested groups if they are part
of non POSIX groups https://pagure.io/SSSD/sssd/issue/2406

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>