| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
| |
Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Currently it happens for default domain, if someone configures
different ldap_idmap_default_domain_sid for two domains in
sssd.conf. There is no check preventing this in sdap_idmap.c, it's simply:
sdap_idmap_add_domain(idmap_ctx, dom_name,sid_str, 0). However, I believe
here is the best place to check it since there may be different use of
sss_idmap_calculate_ranges in the future.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
If there are only OIDs in a <EKU> part of a matching rule a NULL pointer
dereference might occur.
Related to https://pagure.io/SSSD/sssd/issue/3508
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Older version of gcc(e.g. gcc-4.8.5-11.el7) had a false positive warning
with c99 struct initialisation "{ 0 }".
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=53119
https://gcc.gnu.org/bugzilla/show_bug.cgi?id=64709
CC src/lib/certmap/libsss_certmap_la-sss_cert_content_nss.lo
src/lib/certmap/sss_cert_content_nss.c:
In function 'add_pkinit_princ_to_san_list':
src/lib/certmap/sss_cert_content_nss.c:475:12:
error: missing braces around initializer [-Werror=missing-braces]
struct kerberos_principal_name kname = { 0 };
^
src/lib/certmap/sss_cert_content_nss.c:475:12:
error: (near initialization for 'kname.realm') [-Werror=missing-braces]
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
The OpenSSL 1.1 API is used but there is a short macro block which
should added the needed compatibility if and older OpenSSL version is
used.
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
These are the header files which are used by both client and server:
src/util/io.h
src/util/murmurhash3.h
src/util/util_safealign.h
This patch is about moving these header files to special folder
(src/shared). It will be easier to identify these headers when looking
for them in the src tree.
util_safalign.h is renamed as safalign.h because util_ namespace is
appropriate when this file belonged to the util's folder which is no
longer the case.
Resolves:
https://pagure.io/SSSD/sssd/issue/1898
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Related to https://pagure.io/SSSD/sssd/issue/1960
Related to https://pagure.io/SSSD/sssd/issue/1938
Related to https://pagure.io/SSSD/sssd/issue/1844
Related to https://pagure.io/SSSD/sssd/issue/1593
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
| |
Patch also replace util.h on place where it was not needed directly
and directly include required header files.
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
|
|
| |
ctype.h is not used directly by util/util.h. The header file ctype.h
must be included in 32 files and after removing it from util.h it had to be
added only to 8 missing files
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
| |
Related to https://pagure.io/SSSD/sssd/issue/3292
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With this library it would be possible to map certificates and users not
only by adding the full certificate to the user's LDAP object but by
adding e.g. only parts like the issuer and subject name. Additionally
the library is also able to flexible select/match certificates based on
values in the certificate.
Details about mapping and matching rules can be found in the included
man page.
Related to https://pagure.io/SSSD/sssd/issue/3050
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
dbus-1.11.8 added attributes for format string check to
few functions in public header files. And therefore there is a warning.
src/lib/sifp/sss_sifp_utils.c: In function ‘sss_sifp_set_io_error’:
src/lib/sifp/sss_sifp_utils.c:44:5: error: format not a string literal
and no format arguments [-Werror=format-security]
dbus_set_error(ctx->io_error, error->name, error->message);
^~~~~~~~~~~~~~
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
| |
Reviewed-by: Nikolai Kondrashov <Nikolai.Kondrashov@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
sssd-1.14.1/src/lib/sifp/sss_sifp_dbus.c:51: check_return:
Calling "dbus_message_append_args_valist" without checking return value
(as is done elsewhere 4 out of 5 times).
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
src/lib/ipa_hbac/ipa_hbac.h:68: warning: expected whitespace after [ command
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
Warning: tag INPUT: input source `src/providers/ipa/ipa_hbac.h' does not exist
warning: source src/providers/ipa/ipa_hbac.h is not
a readable file or directory... skipping.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/confdb/confdb.h:572: warning: argument 'memctx' of command @param
is not found in the argument list of
confdb_get_sub_sections(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
const char *section, char ***sections, int *num_sections)
src/confdb/confdb.h:592: warning: The following parameters of
confdb_get_sub_sections(TALLOC_CTX *mem_ctx, struct confdb_ctx *cdb,
const char *section, char ***sections, int *num_sections)
are not documented:
src/lib/idmap/sss_idmap.h:315: warning: argument 's_cv' of command @param
is not found in the argument list of
sss_idmap_add_auto_domain_ex(struct sss_idmap_ctx *ctx,
const char *domain_name, const char *domain_sid,
struct sss_idmap_range *range, const char *range_id, uint32_t rid,
bool external_mapping, idmap_store_cb cb, void *pvt)
src/lib/idmap/sss_idmap.h:94: warning: The following parameters of
sss_idmap_add_auto_domain_ex(struct sss_idmap_ctx *ctx,
const char *domain_name, const char *domain_sid,
struct sss_idmap_range *range, const char *range_id, uint32_t rid,
bool external_mapping, idmap_store_cb cb, void *pvt)
are not documented:
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
| |
So the caller is able to get error description.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Current version of infopipe leverage different interfaces and
object paths which were not accessible through the simple ifp
library. This patch changes the API, which is ok since it was
never declared as a public library and beside deprecated
openlmi there are no known users. We will use this in sssctl tool.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
| |
With this plugin winbind can use the same id-mapping as SSSD which makes
it possible to run both together in a consistent way.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Moving the library to the lib directory will force maintainers to think
twice about changes, because it would be obvious this is a library.
Also don't use includes from sssd source tree paths, but add the util
path to Makefile's CFLAGS so that other projects can copy the
hbac_evaluator.c file verbatim.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Domain SID (not name) is part of identification string for helper range
in generate_sec_slice_name().
Use more generic name for range identifier when calculating range for
new slice in sss_idmap_calculate_range().
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
| |
Some ID ranges are precalculated when ID mapping is being initialized.
This patch utilizes these (helper) ranges when new domains are generated
if appropriate.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2188
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Create new internal structure idmap_range_params by merging ID mapping
range relevant fields from idmap_domain_info and remove corrsponding
fields.
Resolves:
https://fedorahosted.org/sssd/ticket/2188
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Max value of id mapping range was 1 unit too high.
Resolves:
https://fedorahosted.org/sssd/ticket/2922
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
There are two cases that may happen when a user calls Get or GetAll:
1) the attribute is missing
2) the attribute is empty
sss_sifp has two error code to distinguish between those two cases:
1) SSS_SIFP_ATTR_MISSING
2) SSS_SIFP_ATTR_NULL
Usually the caller is not interested on situations when the attribute
is empty and it can be considered as error. Having it as a separate
error code instead of setting the output value to NULL is necesarry
since attribute does not have to be a pointer.
This patch however sets pointer type attributes to NULL since it may
simplify the code path when the caller is actually interested in
this information (e. g. empty server list on domain objects).
It is not possible to send a NULL string over a D-Bus nor it is
possible to have hash table NULL with current code so these two
scenarios are not tested. However, it is handled in sss_sifp_attr
code for completeness.
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Version symbol files will help package systems to catch backward compatible
changes (newly added functions) into library.
The difference between libraries libsss_nss_idmap_test.so and
libsss_nss_idmap.so is that the 1st library will not be installed and has more
exported functions, which are necessary for mocking with cmocka for test
sss_nss_idmap-test.
Resolves:
https://fedorahosted.org/sssd/ticket/2194
Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
| |
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2254
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| | |
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2133
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
| |
If POSIX IDs are managed externally e.g. by AD it might be possible that
the IDs are centrally manages for the whole forest. Hence there might
not be a single ID range for each member domain in the forest but only a
single ID range for the whole forest. This means that we have to allow
collisions if ID ranges in this case.
Unit tests are added to make sure that the collisions are only allowed
for external mappings.
|
| | |
|
| | |
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1534
|
| | |
|
