sssd.git/src/providers/ldap, branch certificate_mapping Unnamed repository; edit this file to name it for gitweb. IPA: add certmap support (wip) 2017-02-13T16:31:48+00:00 Sumit Bose sbose@redhat.com 2017-02-06T09:28:46+00:00 20b1e6eba52caaea74eef0131ecf628f0760ae3d 






sss_cert_derb64_to_ldap_filter: add sss_certmap support
2017-02-13T16:31:48+00:00

Sumit Bose
sbose@redhat.com

2017-02-02T15:34:32+00:00

167dce9a55c07b3aed46f9542b2f2607a9f64f15












LDAP: always store the certificate from the request
2017-02-13T16:31:48+00:00

Sumit Bose
sbose@redhat.com

2015-11-30T11:14:55+00:00

1f348c2d315c1b96deb4531c720be97fbba41e4f












sdap_get_users_send(): new argument extra_attrs
2017-02-13T16:31:48+00:00

Sumit Bose
sbose@redhat.com

2015-09-21T10:44:37+00:00

efa8153ea95b305ef558e92e2b03844c4e188a3e

extra_attrs can be a list of sysdb_attrs which are not available on the
server side but should be store with the cached user entry.





extra_attrs can be a list of sysdb_attrs which are not available on the
server side but should be store with the cached user entry.







SYSDB: Removing of sysdb_try_to_find_expected_dn()
2017-02-08T09:53:19+00:00

Petr Čech
pcech@redhat.com

2017-01-04T14:33:30+00:00

3ee411625aee19afda7477bb10b52c3da378b6fb

Currently in order to match multiple LDAP search results we
use two different functions - we have sysdb_try_to_find_expected_dn()
but also sdap_object_in_domain().

This patch removes sysdb_try_to_find_expected_dn() and add new
sdap_search_initgr_user_in_batch() based on sdap_object_in_domain().
This function covers necessary logic.

Resolves:
https://fedorahosted.org/sssd/ticket/3230

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





Currently in order to match multiple LDAP search results we
use two different functions - we have sysdb_try_to_find_expected_dn()
but also sdap_object_in_domain().

This patch removes sysdb_try_to_find_expected_dn() and add new
sdap_search_initgr_user_in_batch() based on sdap_object_in_domain().
This function covers necessary logic.

Resolves:
https://fedorahosted.org/sssd/ticket/3230

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







LDAP: Better logging message
2017-02-08T09:53:11+00:00

Petr Čech
pcech@redhat.com

2017-01-19T11:51:27+00:00

c3593f06da54315c88a08a46cfc0def366acad43

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







ldap_child: Fix use after free
2017-02-01T13:42:56+00:00

Lukas Slebodnik
lslebodn@redhat.com

2017-01-17T09:17:24+00:00

cb831fbbcb0dac8b6202037d4cd1a0d82db54f54

In case on any krb5 related error, we tried to send string
interpretation of krb5 error tb parrent in prepare_response.

However, we cannot use global krb5 context (krb5_error_ctx)
because the context is every time released in done section of
ldap_child_get_tgt_sync.

This patch rather return duplicated string to prevent use after free.

Backtrace:
 #0  __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
 100     ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory.

 Thread 1 (Thread 0x7fc96cad5880 (LWP 11201)):
 #0  __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
 No locals.
 #1  0x00007fc96be43725 in err_fmt_fmt (msg=0x7fc96d1cf8d0 "Cannot find KDC for requested realm",
                                        code=-1765328230,
                                        err_fmt=<optimized out>) at kerrs.c:152
        buf = {buftype = K5BUF_DYNAMIC, data = 0x7fc96d1cdb10,
               space = 128, len = 0}
        p = <optimized out>
        s = 0xdededededededede <Address 0xdededededededede out of bounds>
 #2  krb5_get_error_message (ctx=<optimized out>,
                             code=code@entry=-1765328230) at kerrs.c:184
        std = 0x7fc96d1cf8d0 "Cannot find KDC for requested realm"
 #3  0x00007fc96cb224e5 in sss_krb5_get_error_message (ctx=<optimized out>,
                                                       ec=ec@entry=-1765328230) at src/util/sss_krb5.c:424
 No locals.
 #4  0x00007fc96cb1fbb0 in prepare_response (rsp=<synthetic pointer>,
                                             kerr=-1765328230, expire_time=0,
                                             ccname=0x0,
                                             mem_ctx=0x7fc96d1cb390) at src/providers/ldap/ldap_child.c:553
        ret = <optimized out>
        r = 0x7fc96d1cd8b0
        krb5_msg = 0x0

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>





In case on any krb5 related error, we tried to send string
interpretation of krb5 error tb parrent in prepare_response.

However, we cannot use global krb5 context (krb5_error_ctx)
because the context is every time released in done section of
ldap_child_get_tgt_sync.

This patch rather return duplicated string to prevent use after free.

Backtrace:
 #0  __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
 100     ../sysdeps/x86_64/multiarch/strchr.S: No such file or directory.

 Thread 1 (Thread 0x7fc96cad5880 (LWP 11201)):
 #0  __strchr_sse42 () at ../sysdeps/x86_64/multiarch/strchr.S:100
 No locals.
 #1  0x00007fc96be43725 in err_fmt_fmt (msg=0x7fc96d1cf8d0 "Cannot find KDC for requested realm",
                                        code=-1765328230,
                                        err_fmt=<optimized out>) at kerrs.c:152
        buf = {buftype = K5BUF_DYNAMIC, data = 0x7fc96d1cdb10,
               space = 128, len = 0}
        p = <optimized out>
        s = 0xdededededededede <Address 0xdededededededede out of bounds>
 #2  krb5_get_error_message (ctx=<optimized out>,
                             code=code@entry=-1765328230) at kerrs.c:184
        std = 0x7fc96d1cf8d0 "Cannot find KDC for requested realm"
 #3  0x00007fc96cb224e5 in sss_krb5_get_error_message (ctx=<optimized out>,
                                                       ec=ec@entry=-1765328230) at src/util/sss_krb5.c:424
 No locals.
 #4  0x00007fc96cb1fbb0 in prepare_response (rsp=<synthetic pointer>,
                                             kerr=-1765328230, expire_time=0,
                                             ccname=0x0,
                                             mem_ctx=0x7fc96d1cb390) at src/providers/ldap/ldap_child.c:553
        ret = <optimized out>
        r = 0x7fc96d1cd8b0
        krb5_msg = 0x0

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>







Suppres implicit-fallthrough from gcc 7
2017-02-01T13:10:44+00:00

Lukas Slebodnik
lslebodn@redhat.com

2017-01-30T11:17:25+00:00

2e505786d6d9d537f5b6631099862f6b93e2e687

Some kind of comments are recognized by gcc7 but they are ignored with
-Wimplicit-fallthrough=5 and only attributes disable the warning.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>





Some kind of comments are recognized by gcc7 but they are ignored with
-Wimplicit-fallthrough=5 and only attributes disable the warning.

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>







LDAP: Remove attrs_type related TODO comments
2017-01-16T08:58:20+00:00

Lukas Slebodnik
lslebodn@redhat.com

2017-01-13T16:07:06+00:00

3f2f973fa7452ed6687a1146a314cf72b93c7344

Reviewed-by: Michal Židek <mzidek@redhat.com>





Reviewed-by: Michal Židek <mzidek@redhat.com>







DP: Remove unused attr_type from struct dp_id_data
2017-01-16T08:58:15+00:00

Lukas Slebodnik
lslebodn@redhat.com

2017-01-06T14:58:17+00:00

ca68b1b4ba06b1cda316ae8af470647bd7015a5a

Structure member attr_type was set to BE_ATTR_CORE on all places
and there was a single place src/providers/ldap/ldap_id.c where
we checked to other values. It is not used anymore; it's better to
remove it.

Reviewed-by: Michal Židek <mzidek@redhat.com>





Structure member attr_type was set to BE_ATTR_CORE on all places
and there was a single place src/providers/ldap/ldap_id.c where
we checked to other values. It is not used anymore; it's better to
remove it.

Reviewed-by: Michal Židek <mzidek@redhat.com>