sssd.git/src/util, branch tlog Unnamed repository; edit this file 'description' to name the repository. UTIL: Add session recording conf management module 2017-04-20T08:23:23+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2017-03-17T10:41:02+00:00 96f519ff9a9fa253191f7e5eec1f4d88f908f2d5 Add an util module for loading session recording configuration. To be used by responders and data provider. 
Add an util module for loading session recording configuration.
To be used by responders and data provider.
NSS: Move output name formatting to utils 2017-04-20T08:23:23+00:00 Nikolai Kondrashov Nikolai.Kondrashov@redhat.com 2017-03-22T12:32:35+00:00 26673165323859b9033ee956a2399dc94eae116b Move NSS nss_get_name_from_msg and the core of sized_output_name to the utils to make them available to provider and other responders. 
Move NSS nss_get_name_from_msg and the core of sized_output_name to the
utils to make them available to provider and other responders.
UTIL: Use max 15 characters for AD host UPN 2017-04-12T21:15:06+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-03-14T09:34:00+00:00 c6f1bc32774a7cf2f8678499dfbced420be3a3a1 We do not want to use host principal with AD "host/name.domain.tld@DOMAIN.TLD" because it does not work. We need to use correct user principal for AD hosts. And we cannot rely all fallback "*$" because of other principals in keytab. The NetBIOS naming convention allows for 16 characters in a NetBIOS name. Microsoft, however, limits NetBIOS names to 15 characters and uses the 16th character as a NetBIOS suffix. https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name Resolves: https://pagure.io/SSSD/sssd/issue/3329 Reviewed-by: Michal Židek <mzidek@redhat.com> 
We do not want to use host principal with AD
"host/name.domain.tld@DOMAIN.TLD" because it does not work.
We need to use correct user principal for AD hosts. And we cannot
rely all fallback "*$" because of other principals in keytab.

The NetBIOS naming convention allows for 16 characters in a NetBIOS
name. Microsoft, however, limits NetBIOS names to 15 characters and
uses the 16th character as a NetBIOS suffix.
https://support.microsoft.com/en-us/help/163409/netbios-suffixes-16th-character-of-the-netbios-name

Resolves:
https://pagure.io/SSSD/sssd/issue/3329

Reviewed-by: Michal Židek <mzidek@redhat.com>
selinux: Do not fail if SELinux is not managed 2017-04-06T11:41:33+00:00 Michal Židek mzidek@redhat.com 2017-02-08T11:01:37+00:00 78a08d30b5fbf6e1e3b589e0cf67022e0c1faa33 Previously we failed if semanage_is_managed returned 0 or -1 (not managed or error). With this patch we only fail in case of error and continue normally if selinux is not managed by libsemanage at all. Resolves: https://fedorahosted.org/sssd/ticket/3297 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Previously we failed if semanage_is_managed returned 0 or -1 (not
managed or error). With this patch we only fail in case of error and
continue normally if selinux is not managed by libsemanage at all.

Resolves:
https://fedorahosted.org/sssd/ticket/3297

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
libsss_certmap: Accept certificate with data before header 2017-04-03T08:43:07+00:00 David Kupka dkupka@redhat.com 2017-03-31T19:31:23+00:00 5231ba679402eeb0705a3ecd41f97fdd67d42a69 According to RFC 7468 parser must not fail when some data are present before the encapsulation boundary. sss_cert_pem_to_der didn't respect this and refused valid input. Changing it's code to first locate the certificate header fixes the issue. Resolves: https://pagure.io/SSSD/sssd/issue/3354 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
According to RFC 7468 parser must not fail when some data are present
before the encapsulation boundary. sss_cert_pem_to_der didn't respect
this and refused valid input. Changing it's code to first locate
the certificate header fixes the issue.

Resolves:
https://pagure.io/SSSD/sssd/issue/3354

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
sss_iobuf: fix 'read' shadows a global declaration 2017-03-30T17:08:25+00:00 Pavel Březina pbrezina@redhat.com 2017-03-28T13:26:52+00:00 18e4fe9d836e8f7bee52724374ffc0011172329f Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
tcurl: add support for http basic auth 2017-03-30T17:07:13+00:00 Pavel Březina pbrezina@redhat.com 2017-02-28T12:32:31+00:00 c2ea75da72b426d98ba489039e220d417bfb4c2a Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
tcurl: add support for ssl and raw output 2017-03-30T17:06:44+00:00 Pavel Březina pbrezina@redhat.com 2017-02-24T09:40:43+00:00 300b9e9217ee1ed8d845ed2370c5ccf5c87afb36 At first, this patch separates curl_easy handle from the multi-handle processing and makes it encapsulated in custom tcurl_request structure. This allows us to separate protocol initialization from its asynchonous logic which gives us the ability to set different options for each request without over-extending the parameter list. In this patch we implement options for peer verification for TLS-enabled protocols and to return response with body and headers together. Reviewed-by: Simo Sorce <simo@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
At first, this patch separates curl_easy handle from the multi-handle
processing and makes it encapsulated in custom tcurl_request structure.
This allows us to separate protocol initialization from its asynchonous
logic which gives us the ability to set different options for each
request without over-extending the parameter list.

In this patch we implement options for peer verification for TLS-enabled
protocols and to return response with body and headers together.

Reviewed-by: Simo Sorce <simo@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
CONFDB: Introduce SSSD domain type to distinguish POSIX and application domains 2017-03-30T12:09:02+00:00 Jakub Hrozek jhrozek@redhat.com 2017-03-22T11:53:17+00:00 6324eaf1fb321c41ca9883966118df6d45259b7e Related to: https://pagure.io/SSSD/sssd/issue/3310 Adds a new option that allows to distinguish domains that do contain POSIX users and groups and those that don't. The POSIX domains are the default. The non-POSIX domains are selected by selecting an "application" type domain. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Related to:
https://pagure.io/SSSD/sssd/issue/3310

Adds a new option that allows to distinguish domains that do contain
POSIX users and groups and those that don't. The POSIX domains are the
default. The non-POSIX domains are selected by selecting an
"application" type domain.

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
UTIL: Expose replace_char() as sss_replace_char() 2017-03-29T12:00:17+00:00 Fabiano Fidêncio fidencio@redhat.com 2017-03-26T00:49:53+00:00 1e437af958f59a0b8bf2f751d3c2ea28365ac64d This method is going to be used in the follow-up patch for replacing ',' by ':' so we can keep the domain resolution order option consitent with the way it's set on IPA side and still keep consistent with the way lists are represented on sssd.conf file. Related: https://pagure.io/SSSD/sssd/issue/3001 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
This method is going to be used in the follow-up patch for replacing ','
by ':' so we can keep the domain resolution order option consitent with
the way it's set on IPA side and still keep consistent with the way
lists are represented on sssd.conf file.

Related:
https://pagure.io/SSSD/sssd/issue/3001

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>