| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
| |
The old search base iterator was difficult to read since its logic
spread through all functions. This patch also shorten names.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit d103c2e4a704b1dfffd39fea2b601c2f337d06d5)
|
| |
|
|
|
|
|
|
| |
This fix huge violation of tevent coding style.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit efa19bb588ce1dc6c3f4b94b94464886ad764d09)
|
| |
|
|
|
|
|
|
|
| |
Rearrage and rename functions in sdap_async_sudo.c to obey
tevent style and improve readability.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 24eac34a8c1f0a284cb697e8d5c09ff049181691)
|
| |
|
|
|
|
|
|
| |
Adds missing sdap_id_op_done call and retry logic.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 7e0158f9fdb1d299ab2d018e9d81cc71eed98c15)
|
| |
|
|
|
|
|
|
|
| |
This patch removes state->error and uses only ret instead since
state->error was only duplication anyway.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit fc19031212369d69a9693ac8777ce1e61a16fe93)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We let sdap_id_op decide if we are offline or not here but we
should not get to this code since ptask is disabled and we will
not get through sudo handler if offline.
This simplyfies the code and make it more similar to other providers.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 81f135f9e83031c4a021a3d19009b2bc179c8468)
|
| |
|
|
|
|
|
|
| |
sdap_sudo.c will contain only initialization and handlers.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 00fea5c2aaa0277bea522d2f61de75699ee2ed49)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This removes old sudo timer and simplyfies code a lot. It also
allows to manage offline/online state.
- Full and smart refresh are disabled when offline.
- Full refresh is run immediately when sssd is back online.
- Smart refresh is scheduled normally when sssd is back online.
Resolves:
https://fedorahosted.org/sssd/ticket/1943
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit a13cf3d295a4a6654dfa7e4193c0a2bc8bb78e92)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds debug message that inform user when KRB5_CHILD calls
PAC responder. This action might take a bit of time in case the cache
is not populated or up to date.
Resolves:
https://fedorahosted.org/sssd/ticket/2846
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 291a6c8af9759e41cec6f332cb72606ca90768c3)
|
| |
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 676bf6dda60776d9db79dad1c2506c0e57bb5503)
|
| |
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 9e6f8d1c66b4b3543bab67d807bd26f1d6256c75)
|
| |
|
|
|
|
|
| |
To avoid collisions when we want to work with them elsewhere in the code.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit f7ea0b1d46197275c87bdc73a6e38a6fd7f855ee)
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 50310d617e25abf118fbd867cbdc0fbc866277b5)
|
| |
|
|
| |
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2796
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Striker Leggette <striker@redhat.com>
(cherry picked from commit 773153893431bb9344259ba161d57e97f359678c)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Function get_object_from_cache() does not handle services.
This patch adds quick shortcut to avoid sending an LDAP query
to cache.
Resolves:
https://fedorahosted.org/sssd/ticket/2747
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 565e6d91814884054ec0dc4d770804d7bf472d3f)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
https://fedorahosted.org/sssd/ticket/2787
We already mention SSS_NSS_USE_MEMCACHE in sssd(8)
but it makes sense to note it in sssd.conf(5)
together with the memcache_timeout.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a3d9b7eea4a92a57b274e1c9df6108e916f823c8)
|
| |
|
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2830
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 1e6ad2b73851049197c7756787d14c78f64e1128)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1632
Adds the possibility to configure:
autofs_provider = ad
The AD autofs provider uses the rfc2307 (nis*) attribute maps. This is
different (at the moment) from using autofs_provider=ldap with
ldap_schema=ad.
Reviewed-by: Ondrej Valousek <ondrejv2@fedoraproject.org>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
(cherry picked from commit 03b859510dc13a13a456ca4aa94c0561a0e9684c)
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit f20c082881ba287c5de415b983c1e54fee987b4b)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2866
If the LDAP connection is still established when the client moves
offline, we rely on the search timeout to find out the client is
offline. The override search used the enum timeout defaults to 60 seconds.
That caused too long delays in going offline.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit a687f4473bf305bc2ccb075cd93154c9d661b638)
|
| |
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2868
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit e182d98a391b5f6d3562e442748254cdbcef0b81)
|
| |
|
|
|
|
|
| |
Related to https://fedorahosted.org/sssd/ticket/2868
Reviewed-by: Pavel Reichl <preichl@redhat.com>
(cherry picked from commit d432482627dc6dd67d44df4f1debcc21448fd6e5)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.
Resolves https://fedorahosted.org/sssd/ticket/2812
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 544a20de7667f05c1a406c4dea0706b0ab507430)
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently the first certificate was selected and if it was not valid
p11_child just returned an error. With this patch the validity is
checked first and the first valid certificate is selected.
Resolves https://fedorahosted.org/sssd/ticket/2801
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit d0de7701d44c7a75210a9cb04634913ce3a94bfb)
|
| |
|
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
(cherry picked from commit 5484044ea7bb632b915f706685fce509f6eacc48)
|
| |
|
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 1352cf0d037c21eb6245fed17f1e6596ea3a3ccd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
To only operation of p11_child which requires special privileges is the
communication to pcscd which handles the Smartcard access. pcscd uses
policy-kit for access control so access can easily be configured by
dropping config snippets into the right directory.
If SSSD is configured to run as un-privileged user this patch creates
the needed config snippet for policy-kit and installs it in a suitable
directory. As a result p11_child does not have to be installed with
SETUID or SETGID bits set.
Resolves https://fedorahosted.org/sssd/ticket/2755 by making it obsolete
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 3be9e26dcd169d44ae105f1b8a0674464c700b77)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
If the user name of a AD user is overridden with the name itself in an
IPA override object SSSD adds this name twice to the alias list causing
an ldb error when trying to write the user object to the cache. As a
result the user is not available.
This patch makes sure that there are no duplicated alias names.
Resolves https://fedorahosted.org/sssd/ticket/2874
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
There were warnings on 32 bit architecture related to 64bit integer constants.
/home/build/sssd/src/tests/sbus_codegen_tests.c:257:
warning: integer constant is too large for ‘long’ type
/home/build/sssd/src/tests/sbus_codegen_tests.c:259:
warning: integer constant is too large for ‘long’ type
INT${N}_C(value) are defined in the standard c99
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit 8dc21698c4ed699801d2b6f9135b3d6cb8512917)
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Introduce a new integration test for local view overrides.
Regression tests for: #2790, #2757 and #2802.
Resolves:
https://fedorahosted.org/sssd/ticket/2732
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
(based on commit 8d1dcb6af723f2968410c4b088d06d63d02b4fea)
(based on commit fed2fdded1060d24bd721fe3fe16034567a7e284)
(based on commit 3569ade3eaf9bf13c522d228019da228de55398a)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Add a bunch of LDAP tests.
* Adding/removing a user/group/membership with rfc2307(bis) schema.
* The effect of override_homedir option.
* The effect of fallback_homedir option.
* The effect of override_shell option.
* The effect of shell_fallback option.
* The effect of default_shell option.
* The effect of vetoed_shells option.
Reviewed-by: Michal Židek <mzidek@redhat.com>
(cherry picked from commit c20811708e584b49ef12ffe1950d71356604bd3b)
|
| |
|
|
|
|
|
|
|
| |
libdbus abort()s when a string argument is not valid UTF-8. Since the
arguments sometimes come from untrusted sources, it's better to check
the string validity explicitly.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 6b01dae732eedee808f32a9cdd4b5656a9f839c4)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2861
Messages passed from Data Provider to responder must be valid UTF-8
strings. Because providers might not be completely under our control,
we need to check if the messages we receive are valid UTF-8 and if they
are not, use a fallback.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit e8ae3af6724164048a85c374ea8045a368a2d34e)
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2861
All back end requests were using pam_strerror() to print additional info
about why request failed. Since pam_strerror() returns localized message
and we don't know the locale beforehand, this message failed to be
transferred through D-Bus, resulting in a crash.
Reviewed-by: Sumit Bose <sbose@redhat.com>
(cherry picked from commit 8bc6bc6d87127d615f7a81d7151cb46007feff63)
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 06d4c022874d4f12d70e79c3c749d52fe020dad6)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test groups_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated after
filter was created (or another given time).
groups_by_filter_valid() --> group_by_recent_filter_valid()
grous_by_recent_filter_valid()
The first of new tests, group_by_recent_filter_valid(), counts with two
groups. One is stored before filter request creation and the second
group is stored after filter request creation. So filter returns only
one group.
The second of new tests, groups_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two
groups are stored after filter request creation. So filter returns two
groups.
This patch adds groups_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 16212bbb2aaa55d0587515e72c0018479ae51be9)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We need little more in backroung of responder_cache_req tests. There
will be tests which will use three test groups. This patch add support
for it.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 5928fcbb57b92bfd18ad15aaaf4a5e1ab8dabe61)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test groups_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated after
filter was created (or another given time).
groups_by_filter_valid() --> group_by_recent_filter_valid()
grous_by_recent_filter_valid()
The first of new tests, group_by_recent_filter_valid(), counts with two
groups. One is stored before filter request creation and the second
group is stored after filter request creation. So filter returns only
one group.
The second of new tests, groups_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two
groups are stored after filter request creation. So filter returns two
groups.
This patch adds group_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit fe6dd669d1e8606862879127f92c177bb7fdc1bd)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test users_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated
after filter was created (or another given time).
users_by_filter_valid() --> user_by_recent_filter_valid()
users_by_recent_filter_valid()
The first of new tests, user_by_recent_filter_valid(), counts with
two users. One is stored before filter request creation and the second
user is stored after filter request creation. So filter returns only one
user.
The second of new tests, users_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two
users are stored after filter request creation. So filter returns two
users.
This patch adds users_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit a6a5a08a357d2adbb653b81bacc602ca3543c4c4)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This patch adds function are_values_in_array() to common test code. And
there is tc_are_values_in_array macro defined which is usefull for
talloc allocated values and arrays.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 6ae53d7b54ec2ece9fb51ed92c097f5ba8f9d849)
|
| |
|
|
|
|
|
|
|
|
|
|
| |
We need little more in background of responder_cache_req tests. There
will be tests which will use three test users. This patch add support
for it.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit c4d4fe1603420fe8f3d256a3a446974699563ff3)
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch only defines constant TEST_USER_PREFIX. So code will be more
redeable.
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit b0e8c1802557645e2ff6a88c54c520b0f0ff9ebb)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Test users_by_filter_valid() was removed in past. We will add two new
tests instead of it. Logic of those tests is connected to RECENT
filter. It returns only records which have been wrote or updated after
filter was created (or another given time).
users_by_filter_valid() --> user_by_recent_filter_valid()
users_by_recent_filter_valid()
The first of new tests, user_by_recent_filter_valid(), counts with two
users. One is stored before filter request creation and the second user
is stored after filter request creation. So filter returns only one
user.
The second of new tests, users_by_recent_filter_valid(), counts with
three users. One is stored before filter request creation and two users
are stored after filter request creation. So filter returns two users.
This patch adds user_by_recent_filter_valid().
Resolves:
https://fedorahosted.org/sssd/ticket/2730
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit da79bee1472a06b89be2df903fb0bd8ce600c610)
|
| |
|
|
|
|
|
|
| |
This debug message is mostly a left over from development and doesn't
give us any useful information. It is just annoying in the logs.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
(cherry picked from commit 499b60f44ecf7124e1906157bd4fca141f48e8d9)
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The function gettext was not detected properly with strict
cflags even thought it was part of glibc.
sh$ CFLAGS="-Werror" ./configure
sh$ grep gt_cv_func_gnugettext config.log
gt_cv_func_gnugettext1_libc=no
gt_cv_func_gnugettext1_libintl=no
sh$ objdump -T /lib64/libc.so.6 | grep gettext
000000000002fc60 w DF .text 0000000000000010 GLIBC_2.2.5 dcngettext
000000000002dc70 w DF .text 000000000000000f GLIBC_2.2.5 dcgettext
000000000002fc80 w DF .text 0000000000000016 GLIBC_2.2.5 ngettext
000000000002dc90 w DF .text 000000000000000f GLIBC_2.2.5 gettext
000000000002dc70 g DF .text 000000000000000f GLIBC_2.2.5 __dcgettext
000000000002dc80 w DF .text 000000000000000a GLIBC_2.2.5 dgettext
000000000002dc80 g DF .text 000000000000000a GLIBC_2.2.5 __dgettext
000000000002fc70 w DF .text 000000000000000b GLIBC_2.2.5 dngettext
Reviewed-by: Petr Cech <pcech@redhat.com>
(cherry picked from commit f0ea3ed816182fadf77f3e7f7ddb298b287007ad)
|
