sssd.git/src/providers, branch sudo Unnamed repository; edit this file 'description' to name the repository. sudo: always use srv_opts from id context 2017-10-31T09:48:55+00:00 Pavel Březina pbrezina@redhat.com 2017-10-19T08:39:21+00:00 e5ca30a04151e9b597363f4e1234674f96349706 Prior this patch, we remember id_ctx->srv_opts in sudo request to switch the latest usn values. This works fine most of the time but it may cause a crash. If we have two concurrent sudo refresh and one of these fails, it causes failover to try the next server and possibly replacing the old srv_opts with new one and it causes an access after free in the other refresh. 
Prior this patch, we remember id_ctx->srv_opts in sudo request to switch
the latest usn values. This works fine most of the time but it may cause
a crash.

If we have two concurrent sudo refresh and one of these fails, it causes
failover to try the next server and possibly replacing the old srv_opts
with new one and it causes an access after free in the other refresh.
DP: Log to syslog whether it's online or offline 2017-10-18T19:06:24+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-10-12T08:15:22+00:00 1185cbce8d5dd04e539ca74d8f9564e5715a78aa Instead of requiring that admins enable and look at our logs, let's log to syslog what's the DP status. Resolves: https://pagure.io/SSSD/sssd/issue/3307 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Instead of requiring that admins enable and look at our logs, let's log
to syslog what's the DP status.

Resolves:
https://pagure.io/SSSD/sssd/issue/3307

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
DP: Fix the output type used in dp_req_recv_ptr() 2017-10-18T19:06:15+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-10-12T08:08:21+00:00 60ec0db015c354349af445e0ec63f8b8421343fe Related: https://pagure.io/SSSD/sssd/issue/3307 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related: https://pagure.io/SSSD/sssd/issue/3307

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: sanitize name in override search filter 2017-10-18T10:35:59+00:00 Sumit Bose sbose@redhat.com 2017-10-16T09:47:46+00:00 c2dec0dc740ba426f26563563c0aea3a38f3c3c1 Resolves: https://pagure.io/SSSD/sssd/issue/3545 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Resolves:
https://pagure.io/SSSD/sssd/issue/3545

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
GPO: Don't use freed LDAPURLDesc if domain for AD DC cannot be found 2017-10-05T18:01:43+00:00 Jakub Hrozek jhrozek@redhat.com 2017-09-20T20:26:20+00:00 381bc154ef06fd3cc0660ce0fd62504367f420f5 If a referral returned during AD GPO processing cannot be assigned to a known domain, at the moment SSSD accesses memory that was freed previously with ldap_free_urldesc(). This patch moves the ldap_free_urldesc() call to both the error handler and the success branch after we are done working with the LDAPURLDesc instance. Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
If a referral returned during AD GPO processing cannot be assigned to a
known domain, at the moment SSSD accesses memory that was freed
previously with ldap_free_urldesc().

This patch moves the ldap_free_urldesc() call to both the error handler
and the success branch after we are done working with the LDAPURLDesc
instance.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
ldap: Change ldap_user_certificate to userCertificate;binary 2017-10-04T06:54:41+00:00 amitkuma amitkuma@redhat.com 2017-09-06T18:01:45+00:00 d1d6f3a7f08cd1dc5128105eb6ad7ec311f281b8 IPA and AD providers default to userCertificate;binary for the ldap_user_certificate option. It will be good to default that value also for the generic LDAP provider. Resolves: https://pagure.io/SSSD/sssd/issue/3499 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
IPA and AD providers default to userCertificate;binary for the
ldap_user_certificate option. It will be good to default that value
also for the generic LDAP provider.

Resolves:
https://pagure.io/SSSD/sssd/issue/3499

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IPA: fix handling of certmap_ctx 2017-09-14T14:57:09+00:00 Sumit Bose sbose@redhat.com 2017-09-06T14:42:20+00:00 f2e70ec742cd7aab82b74d7e4b424ba3258da7aa This patch fixes a use-after-free in the AD provider part and initializes the certmap_ctx with data from the cache at startup. Related to https://pagure.io/SSSD/sssd/issue/3508 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch fixes a use-after-free in the AD provider part and
initializes the certmap_ctx with data from the cache at startup.

Related to https://pagure.io/SSSD/sssd/issue/3508

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IPA: check if IPA hostname is fully qualified 2017-09-13T19:03:26+00:00 AmitKumar amitkuma@redhat.com 2017-08-10T14:43:49+00:00 efa0a019f1ede87bcdd4668e70c768b222c30167 Some users change the IPA hostname post-install which results in strange bugs. Code change make sure that the ipa_hostname contains at least one domain component. Resolves: https://pagure.io/SSSD/sssd/issue/1946 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
Some users change the IPA hostname post-install which results in
strange bugs. Code change make sure that the ipa_hostname contains
at least one domain component.

Resolves: https://pagure.io/SSSD/sssd/issue/1946

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
DP: Add Generic DP Request Probes 2017-09-08T14:09:30+00:00 Justin Stephenson jstephen@redhat.com 2017-05-03T20:36:57+00:00 d46d59e78600aa72176df7217c94743b7e71881a Add the ability to analyze performance and monitor Data Provider requests at a high-level, probes fire when a request is sent and when a request is completed. Request name, domain, target, method, and return code information is passed as target variables to the systemtap probe tapsets which can be used in systemtap scripts. Resolves: https://pagure.io/SSSD/sssd/issue/3061 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Add the ability to analyze performance and monitor Data Provider
requests at a high-level, probes fire when a request is sent and when
a request is completed.

Request name, domain, target, method, and return code information
is passed as target variables to the systemtap probe tapsets which
can be used in systemtap scripts.

Resolves:
https://pagure.io/SSSD/sssd/issue/3061

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ipa: make sure view name is initialized at startup 2017-09-06T14:28:26+00:00 Sumit Bose sbose@redhat.com 2017-08-31T20:30:25+00:00 f00591a4615720640cf01b1c408315b57dd397dc sysdb_master_domain_update() can only set the view name properly if it was not set before but it might be called multiple times before the view name is available if the cache is empty. Since ipa_apply_view() keeps track if the view name was already set at startup or not the name can safely be cleaned here before sysdb_master_domain_update() is called. Resolves: https://pagure.io/SSSD/sssd/issue/3501 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
sysdb_master_domain_update() can only set the view name properly if it was not
set before but it might be called multiple times before the view name is
available if the cache is empty. Since ipa_apply_view() keeps track if
the view name was already set at startup or not the name can safely be
cleaned here before sysdb_master_domain_update() is called.

Resolves:
https://pagure.io/SSSD/sssd/issue/3501

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>