sssd.git/src/responder/ssh, branch certificate_mapping Unnamed repository; edit this file to name it for gitweb. ssh: fix typo 2017-02-08T20:25:42+00:00 Pavel Březina pbrezina@redhat.com 2017-02-08T12:22:11+00:00 2ffa245e79a5ed66e69d141f4001c13697e01450 Those macros are the same so there is no functional difference. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Those macros are the same so there is no functional difference.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
ssh: rewrite ssh responder to use cache_req 2017-02-08T10:05:51+00:00 Pavel Březina pbrezina@redhat.com 2017-01-18T11:49:48+00:00 a8191ce7ad5364801ad9458c3194075a7ca77b8a This is a bigger change since both supported commands could be rewritten for cache_req and the logic could be deleted. I decided to also split the file into more modules and follow similar pattern as with nss responder. Resolves: https://fedorahosted.org/sssd/ticket/1126 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This is a bigger change since both supported commands could be
rewritten for cache_req and the logic could be deleted. I decided
to also split the file into more modules and follow similar pattern
as with nss responder.

Resolves:
https://fedorahosted.org/sssd/ticket/1126

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
cache_req: add host by name search 2017-02-08T10:05:46+00:00 Pavel Březina pbrezina@redhat.com 2017-01-18T11:12:01+00:00 53c31b83e4d06ea4c2813eec2f1e647a613b4a2b Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ssh: do not create again fq name 2017-02-08T10:05:18+00:00 Pavel Březina pbrezina@redhat.com 2017-01-17T10:58:06+00:00 e33744e8cc82390153c94ace53c16f72365b9fd9 We store fully qualified name in sysdb so there is no need to append the domain part again which result in name@domain@domain string. This field is not actually used in ssh client so it doesn't cause any issue but we should stay correct here. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
We store fully qualified name in sysdb so there is no need to append
the domain part again which result in name@domain@domain string.
This field is not actually used in ssh client so it doesn't cause
any issue but we should stay correct here.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
ssh: fix number of output certificates 2017-02-08T10:05:08+00:00 Pavel Březina pbrezina@redhat.com 2017-01-17T11:00:31+00:00 d8c459feab7659a51c23c941fea486867c2b9dae SSH responder returned invalid number of certificates when original ad pubkey attribute was not empty. Since we always return all certificates to the client we should add number of results to the output not override it. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
SSH responder returned invalid number of certificates when
original ad pubkey attribute was not empty. Since we always
return all certificates to the client we should add number
of results to the output not override it.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSH: Make SSH responder socket-activatable 2017-01-23T17:46:37+00:00 Fabiano Fidêncio fidencio@redhat.com 2016-11-17T00:09:56+00:00 b33c275ebac86695f7a2fa866e5766d469e2c578 As part of the effort of making all responder socket-activatable, let's make SSH responder ready for this by providing its systemd's units. In case the administrators want to use SSH responder taking advantage of socket-activation they will need to enable sssd-ssh.socket and after a restart of the sssd service, the SSH socket will be ready waiting for any activity in order to start the SSH responder. Also, the SSH responder must be removed from the services line on sssd.conf. The SSH responder service is binded to the SSSD service, which means that the responder will be restarted in case SSSD is restarted and shutdown in case SSSD is shutdown/crashes. Related: https://fedorahosted.org/sssd/ticket/2243 Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com> Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
As part of the effort of making all responder socket-activatable, let's
make SSH responder ready for this by providing its systemd's units.

In case the administrators want to use SSH responder taking advantage
of socket-activation they will need to enable sssd-ssh.socket and after
a restart of the sssd service, the SSH socket will be ready waiting for
any activity in order to start the SSH responder. Also, the SSH
responder must be removed from the services line on sssd.conf.

The SSH responder service is binded to the SSSD service, which means
that the responder will be restarted in case SSSD is restarted and
shutdown in case SSSD is shutdown/crashes.

Related:
https://fedorahosted.org/sssd/ticket/2243

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SSH: Use default_domain_suffix for users' authorized keys 2016-12-06T09:28:29+00:00 Jakub Hrozek jhrozek@redhat.com 2016-11-24T17:07:56+00:00 ed71fba97dfcf5b3f0f1834c06660c481b9ab3ce In commit eeecc48d22a28bb69da56f6ffd8824163fc9bf00 we disabled default_domain_suffix for the SSH responder, but in a wrong way -- we disabled the functionality completely, also for users, not only for computers. This might have been correct at the time, since SSH keys in ID overrides are a relatively new feature, but it's definitely not correct in general. Instead, this patch restores the use of default_domain_suffix, but only for looking up public keys of users, not of computers. Resolves: https://fedorahosted.org/sssd/ticket/3259 Reviewed-by: Petr Cech <pcech@redhat.com> 
In commit eeecc48d22a28bb69da56f6ffd8824163fc9bf00 we disabled
default_domain_suffix for the SSH responder, but in a wrong way -- we
disabled the functionality completely, also for users, not only for
computers. This might have been correct at the time, since SSH keys in ID
overrides are a relatively new feature, but it's definitely not correct
in general.

Instead, this patch restores the use of default_domain_suffix, but only
for looking up public keys of users, not of computers.

Resolves:
https://fedorahosted.org/sssd/ticket/3259

Reviewed-by: Petr Cech <pcech@redhat.com>
MONITOR: Remove unused shutDown sbus method 2016-11-09T12:32:32+00:00 Jakub Hrozek jhrozek@redhat.com 2016-11-07T11:39:08+00:00 fd25e68446ae86135489edb0823607b394f4ec40 The shutDown method has not been used or set for a long time. Trim the internal interface by removing all references to this internal method. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
The shutDown method has not been used or set for a long time. Trim the
internal interface by removing all references to this internal method.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
MONITOR: Remove deprecated pong sbus method 2016-11-09T12:32:27+00:00 Jakub Hrozek jhrozek@redhat.com 2016-11-07T11:37:22+00:00 ab792150c97bd6eba1f8cd46653f41a0c64fd765 The pong method is deprecated since we started using the watchdog. Since this is dead code, it makes sense to just remove it. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
The pong method is deprecated since we started using the watchdog. Since
this is dead code, it makes sense to just remove it.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
DP: Remove old data provider interface 2016-08-16T12:54:50+00:00 Pavel Březina pbrezina@redhat.com 2016-07-19T12:24:16+00:00 04e870d99e72aa3160bdb6ab05d986fb4005c3ed Reverse data provider interface is moved to a better location in NSS responder. All responders now can have an sbus interface defined per data provider connection. The unused old data provider interface is removed. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reverse data provider interface is moved to a better location in
NSS responder. All responders now can have an sbus interface
defined per data provider connection. The unused old data provider
interface is removed.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>