| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
| |
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
| |
|
|
|
|
|
| |
do_update should be only set if there is a change, i.e if something was
added to the ldb_message.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
| |
netlogon_get_domain_info() does not fail if only the site is missing in
the CLDAP ping respond. If the site is not available a Global Catalog
can still be looked up with the forest name. Only if the forest name is
missing as well we fall back to the configured domain name.
Resolves:
https://fedorahosted.org/sssd/ticket/3104
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
netlogon_get_domain_info() should not fail if not all parameters can be
retrieved. It should be the responsibility of the caller to see if the
needed data is available and act accordingly.
Resolves:
https://fedorahosted.org/sssd/ticket/3104
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Only users and groups have timestamp data in separate cache.
It caused false positive warnings for autofs, netgroup ...
Reviewed-by: Petr Čech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
| |
Some messages did not have errno or name of problematic file.
There was also improper use of negative value.
The function strerror was called with -1 instead of errno
Reviewed-by: Petr Čech <pcech@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
the capaths for a single domain should be collected in a single
sub-section in the MIT Kerberos configuration not spread over multiple
one. See the capaths section of the krb5.conf man page for details.
Resolves:
https://fedorahosted.org/sssd/ticket/3103
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
Type: Unchecked return value
Reported by coverity
Reviewed-by: Petr Čech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There is a bug on debian_testing in bash.
sh$ valgrind /bin/bash
==25145== Memcheck, a memory error detector
==25145== Copyright (C) 2002-2015, and GNU GPL'd, by Julian Seward et al.
==25145== Using Valgrind-3.12.0.SVN and LibVEX; rerun with -h for copyright info
==25145== Command: /bin/bash
==25145==
==25145== Invalid read of size 1
==25145== at 0x4B90B1: ??? (in /bin/bash)
==25145== by 0x43FE9B: initialize_shell_variables (in /bin/bash)
==25145== by 0x41E4C0: ??? (in /bin/bash)
==25145== by 0x41F722: main (in /bin/bash)
==25145== Address 0x58307f8 is 8 bytes before a block of size 31 alloc'd
==25145== at 0x4C2BBCF: malloc (vg_replace_malloc.c:299)
==25145== by 0x475D1A: xmalloc (in /bin/bash)
==25145== by 0x4B7F4A: tilde_expand (in /bin/bash)
==25145== by 0x42E63D: bash_tilde_expand (in /bin/bash)
==25145== by 0x43FE79: initialize_shell_variables (in /bin/bash)
==25145== by 0x41E4C0: ??? (in /bin/bash)
==25145== by 0x41F722: main (in /bin/bash)
==25145==
malloc: .././variables.c:570: assertion botched
free: called with unallocated block argument
last command: (null)
Aborting...==25145==
And /bin/bash was used as a default SHELL in scripts generated by
configure+libtool. It starting to fail with the latest valgrind
valgrind-3.12.0~svn20160714-1
Workaround is to use /bin/sh which is a symlink to /bin/dash
Reviewed-by: Petr Cech <pcech@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
If there are alternative UPN suffixes found on the server we can safely
assume that the IPA server supports enterprise principals.
Resolves https://fedorahosted.org/sssd/ticket/3018
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
sysdb_subdomain_store() and sysdb_update_subdomains() can now update
upn_suffixes as well.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
sysdb_master_domain_update() and sysdb_master_domain_add_info() are now
aware of the UPN suffix attribute.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
| |
The test directory was not removed (tp_test_utils-test_utils)
because it contain the snippet for krb5_libdefaults.
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3096
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3024
Reviewed-by: Noam Meltzer <tsnoam@gmail.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We wrongly tried to store empty
user attributes instead of the
local user attributes with
ldap_rfc_2307_fallback_to_local_users
set to true. This gave us bad
initgroups results and caused
segfaults.
Resolves:
https://fedorahosted.org/sssd/ticket/3045
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
| |
|
|
| |
Reviewed-by: Fabiano Fidêncio <fabiano@fidencio.org>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes:
https://fedorahosted.org/sssd/ticket/3076
We segfaulted in this area once. This patch
makes the code more defensive and adds
some DEBUG messages.
Normally the structures are filled in online
and/or resolve callbacks.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3068
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Allow option "timeout" for all sevices.
Also remove unused macro CONFDB_SERVICE_TIMEOUT.
Resolves:
https://fedorahosted.org/sssd/ticket/3068
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
be_ctx had talloc_zero() initialized uid and gid which was used
in function dp_init(). Therefore back-end was every time started as root
and therefore non-root responders could not communicate with back-end
due to wrong permission of unix sockets.
This patch sets right uid and gid to data-providers if sssd runs
as non-root user.
Resolves:
https://fedorahosted.org/sssd/ticket/3077
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/tests/sysdb-tests.c: In function 'test_sysdb_memberof_close_loop':
src/tests/sysdb-tests.c:2740:5: warning: passing argument
1 of '_ck_assert_msg' makes integer from pointer without a cast
[enabled by default]
fail_unless(data->attrlist[0], "talloc_array failed.");
^
In file included from src/tests/sysdb-tests.c:23:0:
/usr/include/check.h:237:16: note: expected 'int' but argument
is of type 'const char *'
void CK_EXPORT _ck_assert_msg (int result, const char *file,
^
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Fixes:
https://fedorahosted.org/sssd/ticket/3068
Option user_attributes is also available in
NSS responder, but not in PAC responder.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
We read override_space from [sssd] not
[nss] section.
Resolves:
https://fedorahosted.org/sssd/ticket/3068
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
VAR_CHECK is called with (var, EOK, ...)
EOK would be returned in case of "var != EOK"
and output argument _attrs would not be initialized.
Therefore there could be dereference of null pointer
after calling function usermod_build_attrs.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The argument ttl was recently removed from negative cache functions
(sss_ncache_check_user, sss_ncache_check_uid, sss_ncache_check_sid,
sss_ncache_check_cert) but it was not removed from wrapped versions
in nss-srv-tests. It caused a crash on machine with big endian
and when configure wih --coverage.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Currently a new override for a non-default view cannot be displayed at
run-time. It even does not only require a restart but the view must be
un-applied and applied again to make the changes visible.
This patch fixes this and makes non-default view behave like the default
view where the data from a newly added override are displayed after the
cached entry of the related object is expired.
Resolves https://fedorahosted.org/sssd/ticket/3092
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
It looks like some special gcc optimalisation and special case
may cause to have unitialized output argument _dom when return
code is EOK
src/tools/sssctl/sssctl_cache.c: In function ‘sssctl_print_object’:
src/tools/sssctl/sssctl_cache.c:491:8: error: ‘dom’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
if (dom == NULL) {
^
src/tools/sssctl/sssctl_cache.c:447:15: error: ‘entry’ may be used
uninitialized in this function [-Werror=maybe-uninitialized]
*_entry = talloc_steal(mem_ctx, entry);
^~~~~~~~~~~~
src/tools/sssctl/sssctl_cache.c:412:25: note: ‘entry’ was declared here
struct sysdb_attrs *entry;
^~~~~
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
src/lib/ipa_hbac/ipa_hbac.h:68: warning: expected whitespace after [ command
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Warning: tag INPUT: input source `src/providers/ipa/ipa_hbac.h' does not exist
warning: source src/providers/ipa/ipa_hbac.h is not
a readable file or directory... skipping.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
src/tools/sssctl/sssctl_config.c: In function 'sssctl_config_check':
src/tools/sssctl/sssctl_config.c:93:14: warning: format '%lu' expects
argument of type 'long unsigned int', but argument 2 has type
'size_t {aka unsigned int}' [-Wformat=]
printf(_("Issues identified by validators: %lu\n"), num_errors);
^
src/tools/sssctl/sssctl_config.c:93:12: note: in expansion of macro '_'
printf(_("Issues identified by validators: %lu\n"), num_errors);
^
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
Resolves: https://fedorahosted.org/sssd/ticket/3009
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
Improve output when access check error
is detected by sssctl config-check command.
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Functions sysdb_user_base_dn() and sysdb_group_base_dn() expect
that struct sss_domain_info contains pointer to struct sysdb_ctx.
This is not true in case of sysdb_upgrade functions.
This patch fixes the situation and revert code to the state before
12a000c8c7c07259e438fb1e992134bdd07d9a30 commit.
Resolves:
https://fedorahosted.org/sssd/ticket/3023
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/3055
Reviewed-by: Michal Židek <mzidek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
| |
In the ssh keys a leading 0 is added to the bignums of the RSA modulus
and exponent if the leading bit is set to avoid the interpretation as a
negative number.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
