sssd.git/src/providers/ipa, branch prompting Unnamed repository; edit this file to name it for gitweb. IPA: use forest name when looking up the Global Catalog 2016-05-24T08:45:19+00:00 Sumit Bose sbose@redhat.com 2016-05-17T09:54:10+00:00 149174acae677d1e72a0da431bf0850d55f2ccb4 Resolves https://fedorahosted.org/sssd/ticket/3015 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves https://fedorahosted.org/sssd/ticket/3015

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
UTIL: exit() the forked process if exec()-ing a child process fails 2016-05-19T11:56:57+00:00 Jakub Hrozek jhrozek@redhat.com 2016-05-17T09:52:00+00:00 de8815aba87d08b6b7ac5d502dcb1755787e0857 When exec() fails, we should not attempt to continue, but just kill the forked process. The patch adds this logic to the exec_child() and exec_child_ex() functions to avoid code duplication Resolves: https://fedorahosted.org/sssd/ticket/3016 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
When exec() fails, we should not attempt to continue, but just kill the
forked process. The patch adds this logic to the exec_child() and
exec_child_ex() functions to avoid code duplication

Resolves:
https://fedorahosted.org/sssd/ticket/3016

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
IPA: terminate properly if view name lookup fails 2016-04-22T16:35:54+00:00 Sumit Bose sbose@redhat.com 2016-04-19T13:07:18+00:00 57d8b4b9254442a568838cb60ea16068965f2df0 Since commit 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 the view name lookup is the last step in the subdomain lookup request. In case of an error the request should be finished and no previous step should be called again. Resolves https://fedorahosted.org/sssd/ticket/2993 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Since commit 5a5f1e1053415efaa99bb4d5bc7ce7ac0a95b757 the view name
lookup is the last step in the subdomain lookup request. In case of an
error the request should be finished and no previous step should be
called again.

Resolves https://fedorahosted.org/sssd/ticket/2993

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
IPA_SUDO: Prevent dereference of NULL pointer 2016-04-18T16:17:51+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-04-13T15:29:57+00:00 e547eb597ade731f49b679ce264bbfd907363ff8 Error: NULL_RETURNS (CWE-476): [#def31] sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964: returned_null: "ipa_sudo_conv_lookup" returns null. sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:149:9: return_null: Explicitly returning null. sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964: var_assigned: Assigning: "cmdgroup" = null return value from "ipa_sudo_conv_lookup". sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:966: dereference: Dereferencing a null pointer "cmdgroup". # 964| cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn); # 965| # 966|-> ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded, # 967| false, discard_const(&values)); # 968| if (ret != EOK) { Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Error: NULL_RETURNS (CWE-476): [#def31]
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    returned_null: "ipa_sudo_conv_lookup" returns null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:149:9:
    return_null: Explicitly returning null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    var_assigned: Assigning: "cmdgroup" = null return value
                  from "ipa_sudo_conv_lookup".
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:966:
    dereference: Dereferencing a null pointer "cmdgroup".
 #  964|           cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn);
 #  965|
 #  966|->         ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded,
 #  967|                                   false, discard_const(&values));
 #  968|           if (ret != EOK) {

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: resolve PAC for trusted users on IPA clients 2016-04-13T08:43:19+00:00 Sumit Bose sbose@redhat.com 2016-03-04T15:32:49+00:00 c371993cce13edb9185a5f0db76fbee03f0edc04 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: ipa_s2n_get_list_send() allow other list types 2016-04-13T08:43:18+00:00 Sumit Bose sbose@redhat.com 2016-03-01T10:35:17+00:00 1df6751f81f7d9c225463f76b9789b0cc7a0de8b Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: rename ipa_s2n_get_fqlist* to ipa_s2n_get_list* 2016-04-13T08:43:18+00:00 Sumit Bose sbose@redhat.com 2016-03-01T09:50:28+00:00 aa0f39c7c09a55efc8d2282ca56e0e93e220aeba Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
IPA: Check RDN in ipa_add_ad_memberships_get_next 2016-04-12T21:25:07+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-04-11T12:46:47+00:00 22eead9590e11c7adab33ec5ab8b46d3c3cb4406 LDB functions ldb_dn_get_component_val and ldb_dn_get_rdn_val validate dn before returning component value. It should be valid DN according to RFC4514. IPA/389ds might return problematic DN due to replication conflicts. e.g. "cn=System: Read Service Delegations+nsuniqueid=b0736336-d06e11e5-8e8acabe-ce8d458d,cn=permissions,dc=example,dc=com" It's better to check return value of these LDb function rather than crash because of dereference of NULL pointer. Resolves: https://fedorahosted.org/sssd/ticket/2980 Reviewed-by: Sumit Bose <sbose@redhat.com> 
LDB functions ldb_dn_get_component_val and ldb_dn_get_rdn_val
validate dn before returning component value.
It should be valid DN according to RFC4514.

IPA/389ds might return problematic DN due to replication conflicts.
e.g. "cn=System: Read Service Delegations+nsuniqueid=b0736336-d06e11e5-8e8acabe-ce8d458d,cn=permissions,dc=example,dc=com"

It's better to check return value of these LDb function rather than
crash because of dereference of NULL pointer.

Resolves:
https://fedorahosted.org/sssd/ticket/2980

Reviewed-by: Sumit Bose <sbose@redhat.com>
IPA: Remove unused parameter from ipa_ext_group_member_check 2016-04-05T08:02:47+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-03-31T05:51:19+00:00 b4456f3944e7d02f2976ac77f74aa379a7b06032 Reviewed-by: Pavel Reichl <preichl@redhat.com> 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
UTIL: Allow to append new line in sss_vdebug_fn 2016-03-23T11:07:10+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-03-09T16:09:06+00:00 7c30eade4ae794ed809845f2ef70dda849b6e7c9 libldb is not consistent with appending line feed in debug messages. AS a result of this two messages can be on the same line in sssd log files. Which makes analyzing log files more difficult. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
libldb is not consistent with appending line feed
in debug messages. AS a result of this two messages can be on the same line
in sssd log files. Which makes analyzing log files more difficult.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>