sssd.git, branch gdm_sc_fix Unnamed repository; edit this file to name it for gitweb. pam_sss: check PKCS11_LOGIN_TOKEN_NAME 2016-09-13T08:46:21+00:00 Sumit Bose sbose@redhat.com 2016-09-09T15:16:38+00:00 40eb8cefbf1ac1d136595c33fd6ee1922629ed96 






p11: return a fully-qualified name
2016-09-13T07:25:01+00:00

Sumit Bose
sbose@redhat.com

2016-09-01T10:40:27+00:00

5fba420d886b41235bbabdac75032981a2ea251a

Related to https://fedorahosted.org/sssd/ticket/3165





Related to https://fedorahosted.org/sssd/ticket/3165







p11: only set PKCS11_LOGIN_TOKEN_NAME if gdm-smartcard is used
2016-09-13T07:25:01+00:00

Sumit Bose
sbose@redhat.com

2016-08-31T12:32:31+00:00

9ff09c2458f7cc35fcb35d4cf748f6a8d9544d24

Resolves https://fedorahosted.org/sssd/ticket/3165





Resolves https://fedorahosted.org/sssd/ticket/3165







MONITOR: Add disable_netlink option
2016-09-12T08:23:41+00:00

Justin Stephenson
jstephen@redhat.com

2016-08-26T21:43:25+00:00

081c6d8c7c8e75487d1c4e42862964be1e85b575

Adding a new monitor boolean option to disable netlink support.
This will give users more control over sssd state changes without
having to modify systemd unit files.

Resolves:
https://fedorahosted.org/sssd/ticket/3142

Reviewed-by: Petr Cech <pcech@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





Adding a new monitor boolean option to disable netlink support.
This will give users more control over sssd state changes without
having to modify systemd unit files.

Resolves:
https://fedorahosted.org/sssd/ticket/3142

Reviewed-by: Petr Cech <pcech@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







MONITOR: Remove --disable-netlink command-line option
2016-09-12T08:23:33+00:00

Justin Stephenson
jstephen@redhat.com

2016-08-26T19:15:32+00:00

632fc5d8991d167eea20769c823163551c3f1d8c

    Removing monitor command-line option, to be superceded by
    sssd.conf option

Reviewed-by: Petr Cech <pcech@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





    Removing monitor command-line option, to be superceded by
    sssd.conf option

Reviewed-by: Petr Cech <pcech@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







KRB5: Send the output username, not internal fqname to krb5_child
2016-09-08T21:04:30+00:00

Jakub Hrozek
jhrozek@redhat.com

2016-09-07T10:07:36+00:00

fedfb7c62b4efa89d18d0d3a7895a2a34ec4ce42

krb5_child calls krb5_kuserok() during the access phase which checks if
a particular user is allowed to authenticate as a particular principal.
We used to pass the internal fqname to krb5_kuserok() which broke the
functionality and all users were denied access.

This patch changes that to send the 'output' username to krb5_child,
because that's the username the system receives through getpwnam() or
getpwuid() anyway. The patch also adds a new structure member fo the
krb5child_req structure to avoid reusing the pd->user variable but have
an explicit one that serves as the input for the child process.

Resolves:
https://fedorahosted.org/sssd/ticket/3172

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>





krb5_child calls krb5_kuserok() during the access phase which checks if
a particular user is allowed to authenticate as a particular principal.
We used to pass the internal fqname to krb5_kuserok() which broke the
functionality and all users were denied access.

This patch changes that to send the 'output' username to krb5_child,
because that's the username the system receives through getpwnam() or
getpwuid() anyway. The patch also adds a new structure member fo the
krb5child_req structure to avoid reusing the pd->user variable but have
an explicit one that serves as the input for the child process.

Resolves:
https://fedorahosted.org/sssd/ticket/3172

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>







TESTS: Add FQDN variants for some tests
2016-09-07T18:38:54+00:00

Michal Židek
mzidek@redhat.com

2016-09-07T13:00:12+00:00

f2d1d90a14267c01155eab7bb95b8eb34128acc9

Adds FQDN variants of some already existing tests.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>





Adds FQDN variants of some already existing tests.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>







TOOLS: sss_mc_refresh_nested_group short/fqname usage
2016-09-07T18:38:54+00:00

Michal Židek
mzidek@redhat.com

2016-09-07T12:43:13+00:00

cb54dbad6be907d277ce6aa39524338643e2f5a4

We use shortname to refresh memory cache, but in case of nested groups,
we used internal_fqname to refresh parent groups.

We also wrongly used the shortname for sysdb_search operation.
Which caused error message to be printed when sss_usermod -a or
sss_groupmod -a where called.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>





We use shortname to refresh memory cache, but in case of nested groups,
we used internal_fqname to refresh parent groups.

We also wrongly used the shortname for sysdb_search operation.
Which caused error message to be printed when sss_usermod -a or
sss_groupmod -a where called.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>







TESTS: Test for sss_user/groupmod -a
2016-09-07T18:38:54+00:00

Michal Židek
mzidek@redhat.com

2016-09-07T11:08:59+00:00

7fa4964d84f41bd80a6d971ffaeef87a7c2f19be

Regression tests for ticket #3178.

Resolves:
https://fedorahosted.org/sssd/ticket/3178

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>





Regression tests for ticket #3178.

Resolves:
https://fedorahosted.org/sssd/ticket/3178

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>







TOOLS: use internal fqdn for DN
2016-09-07T18:38:54+00:00

Michal Židek
mzidek@redhat.com

2016-09-07T08:58:25+00:00

5e2142b66589e5e50cb404fc972ed5418bbaa772

Use internal fqdn when creating sysdb group dn.

Resolves:
https://fedorahosted.org/sssd/ticket/3178

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>





Use internal fqdn when creating sysdb group dn.

Resolves:
https://fedorahosted.org/sssd/ticket/3178

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>