| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
| |
https://docs.python.org/3/whatsnew/3.6.html#deprecated-python-behavior
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 00172861b6908a72c41046e1b2b48d2b009127dd)
(cherry picked from commit 80e4d575c297358b40e2c8416bd6f22f5044a239)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Introducing valid usernames with a trailing newline character triggers
the removal of valid LDB cache entries.
Resolves:
https://pagure.io/SSSD/sssd/issue/3317
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit ee2906c1d50ab8001863b0a423fe957d4e0bcb37)
(cherry picked from commit 59868a81d99b400b9ec6aa972ed5f7de4b462ccf)
|
| |
|
|
|
|
|
|
|
|
|
| |
With this patch pam_sss checks if a conversation callback is available
before using it.
Resolves https://fedorahosted.org/sssd/ticket/3296
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 0965a77c4ff0b358d24582955cb7ae375ebaa0d2)
(cherry picked from commit ba8e3f2850e5a328bc3e732b471280fc4fa49c53)
|
| |
|
|
|
|
|
|
|
|
| |
We changed type forking into type notify as part of commit
d4063e9a21a4e203bee7e0a0144fa8cabb14cc46.
But we forgot to update template drop-in file for logging into journald.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 7b4704a10958bb7d3390db9eff863875d2b643f7)
(cherry picked from commit 14fe5a922c07da4c95feb65d1455d7f89d9e0f86)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In case on any krb5 related error, we tried to send string
interpretation of krb5 error to parrent in prepare_response.
However, we cannot use global krb5 context (krb5_error_ctx)
because the context is released every time in done section of
ldap_child_get_tgt_sync.
This patch rather return duplicated string to prevent use after free.
Backtrace:
#0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
100 ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory.
Thread 1 (Thread 0x7fc96cad5880 (LWP 11201)):
#0 __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
No locals.
#1 0x00007fc96be43725 in err_fmt_fmt (msg=0x7fc96d1cf8d0 "Cannot find KDC for requested realm",
code=-1765328230,
err_fmt=<optimized out>) at kerrs.c:152
buf = {buftype = K5BUF_DYNAMIC, data = 0x7fc96d1cdb10,
space = 128, len = 0}
p = <optimized out>
s = 0xdededededededede <Address 0xdededededededede out of bounds>
#2 krb5_get_error_message (ctx=<optimized out>,
code=code@entry=-1765328230) at kerrs.c:184
std = 0x7fc96d1cf8d0 "Cannot find KDC for requested realm"
#3 0x00007fc96cb224e5 in sss_krb5_get_error_message (ctx=<optimized out>,
ec=ec@entry=-1765328230) at src/util/sss_krb5.c:424
No locals.
#4 0x00007fc96cb1fbb0 in prepare_response (rsp=<synthetic pointer>,
kerr=-1765328230, expire_time=0,
ccname=0x0,
mem_ctx=0x7fc96d1cb390) at src/providers/ldap/ldap_child.c:553
ret = <optimized out>
r = 0x7fc96d1cd8b0
krb5_msg = 0x0
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit cb831fbbcb0dac8b6202037d4cd1a0d82db54f54)
(cherry picked from commit 7debfe2eb673d99667d9164bb2daef43ad33a200)
|
| |
|
|
|
|
|
|
|
|
| |
Improve debug messages during security filtering. It was not possible
to figure out why the GPO was filtered by reading the logs, because
we use the same debug message in various cases.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 47680083e7e4bf5c433657171bf84cceacc83339)
(cherry picked from commit 9bf6c4b5afb5054282f7b8c4c5f7bed26a259f5a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
We falsely stopped GPO processing when Group Policy Container
in AD did not contain gPCFunctionalityVersion. Such GPOs
should be ignored by SSSD according to MS-GPOL:
https://msdn.microsoft.com/en-us/library/cc232538.aspx
Resolves:
https://fedorahosted.org/sssd/ticket/3269
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 6a490b312075d2588ad87bbb8a63466f1ac6a106)
(cherry picked from commit 94903da8a3723094948b4b99b30f6449fed809da)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Client code does not anymore depend on libpthread in master.
This is a reason why we didn't notice any linking failure
in master. But the test should be linked with CLIENT_LIBS.
CCLD test_wbc_calls
/usr/bin/ld: src/sss_client/test_wbc_calls-common.o: undefined reference
to symbol 'pthread_mutexattr_setrobust@@GLIBC_2.12'
//lib/x86_64-linux-gnu/libpthread.so.0: error adding symbols: DSO missing
from command line
collect2: error: ld returned 1 exit status
Makefile:12460: recipe for target 'test_wbc_calls' failed
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit c369b062182c746849196e495db467198039edf4)
(cherry picked from commit 9e2190b898558ee51745da7e8aeef9ca6b049986)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Some caller might not be interested in some of the values wbcLookupSid()
returns and just pass NULL. Currently 'net ads user info' does this
because it is not interested in the domain. wbcLookupSid() should handle
this gracefully.
Resolves:
https://fedorahosted.org/sssd/ticket/3273
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 0b78b4e32955ced0f35c6d4685bd277bb03d04cb)
(cherry picked from commit 924122b5457f8f93687a81d8171757c8036c8b0f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
a System Error
It's often not clear to admins where to look further if the krb5_child
fails with a generic error. This patch just adds a DEBUG message
advising the admin to look into the krb5_child.log for more information.
Related:
https://fedorahosted.org/sssd/ticket/2955
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit b4dd0867c48e74703f8f7afbf9d5634238dffc1c)
(cherry picked from commit eb730befa09cbb69ee61bdedd14fc2c8bf8a3434)
|
| |
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3080
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit d4063e9a21a4e203bee7e0a0144fa8cabb14cc46)
(cherry picked from commit 12c36167aff5227d1b1f53988a748283dbb292d9)
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2978
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 08cd034c8584b6f058cf565ce66f7f9f7120622f)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When ldap doesn't contain any sudorule during the initial full refresh,
usn is set to 1 instead of remaining unset and we are trying to
search modifyTimestamp>=1 during smart refresh which doesn't return any result
on openldap servers.
Resolves:
https://fedorahosted.org/sssd/ticket/3257
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 46703740e83a66909974a5ee8d47df6a6e5076e7)
(cherry picked from commit 76e97affaa05ce45709efd59d120595c5992aa21)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When both TEVENT_FD_WRITE and TEVENT_FD_READ are set, and an error/EOF
occurs when reading from the socket, we will get a use after free
in the second call ares_process_fd. The first call will free the watch
structure via a callback.
Prevent this by calling ares_process_fd only once.
Invalid read of size 4
at fd_input_available (async_resolv.c:147)
by epoll_event_loop (tevent_epoll.c:728)
by epoll_event_loop_once (tevent_epoll.c:926)
by std_event_loop_once (tevent_standard.c:114)
by _tevent_loop_once (tevent.c:533)
by tevent_common_loop_wait (tevent.c:637)
by std_event_loop_wait (tevent_standard.c:140)
by server_loop (server.c:702)
by main (data_provider_be.c:587)
Address ... is 112 bytes inside a block of size 136 free'd
at free (vg_replace_malloc.c:530)
by _talloc_free_internal (talloc.c:1116)
by _talloc_free (talloc.c:1647)
by ares__close_sockets (ares__close_sockets.c:50)
by handle_error (ares_process.c:679)
by read_tcp_data (ares_process.c:391)
by processfds (ares_process.c:138)
by fd_input_available (async_resolv.c:144)
by epoll_event_loop (tevent_epoll.c:728)
by epoll_event_loop_once (tevent_epoll.c:926)
by std_event_loop_once (tevent_standard.c:114)
by _tevent_loop_once (tevent.c:533)
by tevent_common_loop_wait (tevent.c:637)
by std_event_loop_wait (tevent_standard.c:140)
by server_loop (server.c:702)
Resolves:
https://fedorahosted.org/sssd/ticket/3250
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 9676b464dd428557ff5a648e1351a3972440396f)
(cherry picked from commit fefdd70237cbe82af7d8845131e45401e73b3b07)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
dbus-1.11.8 added attributes for format string check to
few functions in public header files. And therefore there is a warning.
src/lib/sifp/sss_sifp_utils.c: In function ‘sss_sifp_set_io_error’:
src/lib/sifp/sss_sifp_utils.c:44:5: error: format not a string literal
and no format arguments [-Werror=format-security]
dbus_set_error(ctx->io_error, error->name, error->message);
^~~~~~~~~~~~~~
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 8618716d6ed4eadca2743eb2dfbbb8d11c4fb22f)
(cherry picked from commit 043862847cee673084a56f387d195deb82386de7)
|
| |
|
|
|
|
|
|
|
|
| |
Currently cert_verify_opts is only initialized when there is an option
in the config file. This might cause issues later when the struct is
accessed. Since parse_cert_verify_opts() can already handle an empty
option the additional check is not needed at all.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit ecd48ae244dbb6490989752fba99b58d84babfa6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Include internal wrapper header file for endian related functions.
The "util/sss_endian.h" include available header file on different
platform or it provides compatible macros in the worst case.
Breakage noticed when building SSSD on FreeBSD
CC src/util/cert/nss/libsss_cert_la-cert.lo
src/util/cert/nss/cert.c: In function 'cert_to_ssh_key':
src/util/cert/nss/cert.c:358: error: implicit declaration of function 'htobe32'
gmake[2]: *** [Makefile:12421: src/util/cert/nss/libsss_cert_la-cert.lo] Error 1
gmake[2]: Leaving directory '/root/sssd_from_git'
gmake[1]: *** [Makefile:20050: all-recursive] Error 1
gmake[1]: Leaving directory '/root/sssd_from_git'
gmake: *** [Makefile:7116: all] Error 2
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 58aa8d645fa95641431a2828e985f80c7fc36465)
(cherry picked from commit a70351fddb9c26763b2bf658f56ff043a7b3db6f)
|
| |
|
|
| |
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If domain is not case sensitive we add lowercase form of usernames
to sudoUser attributes. So we actually able to apply sudoRule on
user Administrator@... with login admnistrator@...
This patch is squashed with
Resolves:
https://fedorahosted.org/sssd/ticket/3203
(cherry picked from commit f4a1046bb88d7a0ab3617e49ae94bfa849d10645)
Squashed with:
SYSDB: Fixing of sudorule without a sudoUser
This patch solved a regression caused by the recent patches
to lowercase sudoUser -- in case sudoUser is missing completely,
we abort the processing of this rule and all others.
With this patch, we return ERR_MALFORMED_ENTRY and gracefully
skip the malformed rule instead.
Resolves:
https://fedorahosted.org/sssd/ticket/3241
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This typo prevented HAVE_INOTIFY from ever being set and as an effect,
prevented /etc/resolv.conf inotify detection from working
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
(cherry picked from commit 2927dc45b9bc810f4f55bce165bb96405129e693)
(cherry picked from commit 495289cfa922b00278aa91d433489403e792304e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We lowercase the keys to the hash table used to store netgroups
but do not lowercase it when reading the table. This results
in nested netgroups not being found when they should and
the processing fails.
The lowercasing does not seem to be necessary anymore (not
sure if it ever was) so we can skip it.
Resolves:
https://fedorahosted.org/sssd/ticket/3159
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit ff565da1011aa4312847e28e7af66e57fccf8b90)
(cherry picked from commit 7de33877c7e39f9a5cae6baf815dc18ae5a18597)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We can skip looking up other domains if
option ad_enabled_domains doesn't contain them.
Resolves:
https://fedorahosted.org/sssd/ticket/2828
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit ba26252f43409a2e4c3d2396e4e7a21584bd725a)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We can skip looking up other domains if option ad_enabled_domains
contains only master domain.
Resolves:
https://fedorahosted.org/sssd/ticket/2828
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 49f38702e62bbd1728757063ba407444e6270952)
|
| |
|
|
|
|
|
|
|
|
|
| |
We add ad_enabled_domains into ad_subdomains_ctx.
Resolves:
https://fedorahosted.org/sssd/ticket/2828
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit a82baf596bac1fdac6addca6419d8992111a8aa2)
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2828
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit d6342c92c226becbdd254f90a0005b8c00c300dc)
|
| |
|
|
|
|
|
| |
We ignored failures from sysdb_search_entry
Reviewed-by: Petr Čech <pcech@redhat.com>
(cherry picked from commit b969ccc2cc58fdf761e5d314de9217f2d914bc9b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There was a crash in nss responder when a group contained
a user with special charactes which shoudl be sanitized before
using in filter.
==31651== Conditional jump or move depends on uninitialised value(s)
==31651== at 0x8BEA7DE: _talloc_steal_loc (talloc.c:1215)
==31651== by 0x5264889: sysdb_get_user_members_recursively (sysdb_ops.c:4759)
==31651== by 0x5278F61: sysdb_add_group_member_overrides (sysdb_views.c:1375)
==31651== by 0x526677C: sysdb_getgrnam_with_views (sysdb_search.c:799)
==31651== by 0x1172F6: nss_cmd_getgrnam_search (nsssrv_cmd.c:3168)
==31651== by 0x119C67: nss_cmd_getby_dp_callback (nsssrv_cmd.c:1382)
==31651== by 0x10FD14: nsssrv_dp_send_acct_req_done (nsssrv_cmd.c:916)
==31651== by 0x12898B: sss_dp_internal_get_done (responder_dp.c:791)
==31651== by 0x58FF861: complete_pending_call_and_unlock (dbus-connection.c:2314)
==31651== by 0x5902B50: dbus_connection_dispatch (dbus-connection.c:4580)
==31651== by 0x527F261: sbus_dispatch (sssd_dbus_connection.c:96)
==31651== by 0x89D8B4E: tevent_common_loop_timer_delay (tevent_timed.c:341)
Resolves:
https://fedorahosted.org/sssd/ticket/3121
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 31fdda9759a8a03081b5ab6307a5e8ce4cbe50d2)
|
| |
|
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2948
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 1594701fbdc341069e11cff9a85e7a795e52db3d)
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 17bfd9f69251781140e4b2b55ffeb649d7a79e86)
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 160ba891ec483c5b7d2a3fcca5bd992fc790efe0)
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit f2e8a7c3230fac11175c0bd17c14c66a8e9b25ad)
|
| |
|
|
|
|
|
|
|
| |
Currently the main use-case for this new option is to not set the
KRB5CCNAME environment varible for services like 'sudo-i'.
Resolves https://fedorahosted.org/sssd/ticket/2296
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 11d2a1183d7017f3d453d0a7046004b6968fefb5)
(cherry picked from commit 6a96323fb511565908a5a7ce7b1d6e0d40aa647d)
|
| |
|
|
|
|
|
|
| |
EVP_MD_CTX and EVP_CIPHER_CTX are opaque in openssl-1.1
Reviewed-by: Tomas Mraz <tmraz@redhat.com>
(cherry picked from commit 8f1316a0c677f211eaaa1346e21a03446b8c4fb1)
(cherry picked from commit 81ebd058ab8f6ab08b05a7e35e04881812404d43)
|
| |
|
|
|
|
|
|
|
|
| |
The current code checks only for "HAVE_PYTHON_BINDINGS", which is not
even a valid check. Let's do the proper check according to the python
version (HAVE_PYTHON2_BINDINGS or HAVE_PYTHON3_BINDINGS).
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 8a681cc41672afd1532b4a0c7e9da3a4eb2014a7)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pyhbac.c: In function ‘HbacRuleElement_repr’:
src/python/pyhbac.c:506:59: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (strnames == NULL || strgroups == NULL || category == -1) {
^
src/python/pyhbac.c: In function ‘HbacRuleElement_to_native’:
src/python/pyhbac.c:614:51: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (!el->names || !el->groups || el->category == -1) {
^
The static function native_category had type of terurn value uint32_t
But it also could return -1 which indicated an error.
It's better to don't mix return code with returned value.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit f47a339d7794cd5a24d368b3b3640452686e45a5)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pysss_murmur.c: In function ‘py_murmurhash3’:
src/python/pysss_murmur.c:47:17: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
key_len > strlen(key)) {
^
uint32_t murmurhash3(const char *key, int len, uint32_t seed)
The second argument of the function murmurhash3 has type int.
But the code expects to be unsigned integer.
There is code in python wrapper py_murmurhash3
which check boundaries of that argument.
It should be an unsigned "key_len > INT_MAX || key_len < 0".
An exception should be thrown for negative number.
Moreover, the length should be shorter then a length of input string.
The strlen returns size_t which is unsigned and key_len is signed long.
We already checked that value is unsigned so
we can safely cast key_len to size_t
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 2ff8131cf02decaf0dd0754e843732fe7774fc59)
|
| |
|
|
|
|
|
|
|
|
|
| |
src/tools/tools_util.c: In function ‘parse_groups’:
src/tools/tools_util.c:116:19: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
for (i = 0; i < tokens; i++) {
^
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit d3f14ed93ef61268d0a68898ed9c44b4f773081c)
|
| |
|
|
|
|
|
|
|
|
|
| |
It is probably result of modifying the code
and not updating the man page properly.
Resolves:
https://fedorahosted.org/sssd/ticket/3205
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 3955667b6e5071cc1264422cb9d702534cf9bc21)
|
| |
|
|
|
|
|
|
|
|
| |
With this option SSSD can be used with the gdm Smartcard feature.
Resolves:
https://fedorahosted.org/sssd/ticket/2941
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 325ed9f92f1ea1f348fd7913229faecf3dc1d40b)
|
| |
|
|
|
|
|
|
| |
The PKCS11_LOGIN_TOKEN_NAME environment variable is e.g. used by the
Gnome Settings Daemon to determine the name of the token used for login.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit d86224608ff60ec5cc7e7cbf9e53d8a04e083530)
|
| |
|
|
|
|
|
|
|
|
|
| |
ldap_user_name and ldap_group_name have
different defalts then what the man page
states.
Resolves:
https://fedorahosted.org/sssd/ticket/3022
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Ticket:
https://fedorahosted.org/sssd/ticket/2751
Non-KVP break GPO processing. They are
used for values we are not interested in
so it is safe to ignore them.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Long living clients should be able to reinitialize
memory cache which was removed but it not initialized.
This patch also remove workaround in test_local_domain.py
Test for:
https://fedorahosted.org/sssd/ticket/2726
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit b28f5fb097e06a97a45e0ae348e506d9d1432cc8)
|
| |
|
|
|
| |
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit f106125bbd8f038a93d3fabe36899391c215f937)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The path to sssd nss module (libsss_nss.so) was
relative to prefix and expected subdirectory "lib".
32bit and 64bit platforms and different distributions
use different paths. This patch allows to use python module sssd_id
even with real module and not just integration tests.
It is just required to prepare "config.py" with right path.
e.g.
cd ~/sssd/src/tests/intg
[~/sssd/src/tests/intg]$ echo "NSS_MODULE_DIR = '/usr/lib64'" > config.py
[~/sssd/src/tests/intg]$ python
Python 2.7.12 (default, Jul 18 2016, 09:57:01)
[GCC 6.1.1 20160621 (Red Hat 6.1.1-3)] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> import sssd_id
>>> sssd_id.get_user_gids('user')
(1, 0, [5977, 1070, 5845, 1076, 1074, 10327, 5975, 5766])
Reviewed-by: Petr Čech <pcech@redhat.com>
(cherry picked from commit 70d47ad4c89152f1e2ac4599f75f9374b631b953)
|
| |
|
|
|
|
|
|
|
|
| |
Regression test for ticket #3184
Resolves:
https://fedorahosted.org/sssd/ticket/3184
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit bb14556c1df503314644fc424fbbf95759791db9)
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3179
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 1c72723cde8bea0d390b928c7cd29e48e7a7deab)
|
| |
|
|
|
|
|
| |
Adds FQDN variants of some already existing tests.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit f2d1d90a14267c01155eab7bb95b8eb34128acc9)
|
