sssd.git/src/responder/ssh, branch prompting Unnamed repository; edit this file to name it for gitweb. Just return NULL if tevent_req_create() fails 2016-02-11T13:39:12+00:00 Sumit Bose sbose@redhat.com 2016-02-10T14:15:41+00:00 a0c764a36f2f432e6063de84be6f6af7e96ec159 In general we just return NULL if tevent_req_create() fails because there is nothing we can do with the request anyway. Especially tevent_req_error() should not be called because it tries to dereference req. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
In general we just return NULL if tevent_req_create() fails because
there is nothing we can do with the request anyway. Especially
tevent_req_error() should not be called because it tries to dereference
req.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
p11: enable ocsp checks 2015-11-26T15:39:49+00:00 Sumit Bose sbose@redhat.com 2015-11-05T17:20:27+00:00 544a20de7667f05c1a406c4dea0706b0ab507430 This patch enables the Online Certificate Status Protocol in NSS and adds an option to disable it if needed. To make further tuning of certificate verification more easy it is not an option on its own but an option to the new certificate_verification configuration option. Resolves https://fedorahosted.org/sssd/ticket/2812 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSH: Use sss_unique_file_ex to create the known hosts file 2015-08-17T13:22:15+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-12T11:05:32+00:00 84493af37d4b57294e94b7bb0596dec51e06b7b0 Simplifies the code. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Simplifies the code.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
ssh: generate public keys from certificate 2015-07-31T07:52:06+00:00 Sumit Bose sbose@redhat.com 2015-07-15T07:40:00+00:00 4de84af23db74e13e867985c9093f394c9fa8d51 Resolves: https://fedorahosted.org/sssd/ticket/2711 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2711

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
responders: reset ncache after domains are discovered during startup 2015-04-09T06:35:23+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-29T14:31:19+00:00 0528fdec17d0031996e919fcd852459e86592c35 After responders start, they add a lookup operation that discovers the subdomains so that qualifying users works. After this operation is finishes, we need to reset negcache to allow users to be added into the newly discovered domains. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
After responders start, they add a lookup operation that discovers the
subdomains so that qualifying users works. After this operation is
finishes, we need to reset negcache to allow users to be added into the
newly discovered domains.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SSH: Ignore the default_domain_suffix 2015-04-01T11:50:21+00:00 Jakub Hrozek jhrozek@redhat.com 2015-03-24T20:19:03+00:00 eeecc48d22a28bb69da56f6ffd8824163fc9bf00 https://fedorahosted.org/sssd/ticket/2609 In a trust setup, hosts are normally only stored on the IPA server. The default_domain_suffix option is only recommended for the IPA-AD trust scenario as well. Therefore we should ignore this option in the SSH provider. Reviewed-by: Pavel Březina <pbrezina@redhat.com> Reviewed-by: Jan Cholasta <jcholast@redhat.com> 
https://fedorahosted.org/sssd/ticket/2609

In a trust setup, hosts are normally only stored on the IPA server. The
default_domain_suffix option is only recommended for the IPA-AD trust
scenario as well. Therefore we should ignore this option in the SSH
provider.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
Reviewed-by: Jan Cholasta <jcholast@redhat.com>
Fix: always check return value of unlink() 2014-11-28T15:16:37+00:00 Pavel Reichl preichl@redhat.com 2014-11-28T13:17:44+00:00 aff8b0e3b41644c70704b78e15501779d52b6ff4 Resolves: https://fedorahosted.org/sssd/ticket/2506 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Resolves:
https://fedorahosted.org/sssd/ticket/2506

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
Views: apply user SSH public key override 2014-11-05T14:26:36+00:00 Sumit Bose sbose@redhat.com 2014-10-16T11:17:37+00:00 ab355eced46b5f488ed62a79a7f2e5ac2b6a574c With this patch the SSH public key override attribute is read from the FreeIPA server and saved in the cache with the other override data. Since it is possible to have multiple public SSH keys this override value does not replace any other data but will be added to existing values. Fixes https://fedorahosted.org/sssd/ticket/2454 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
With this patch the SSH public key override attribute is read from the
FreeIPA server and saved in the cache with the other override data.

Since it is possible to have multiple public SSH keys this override
value does not replace any other data but will be added to existing
values.

Fixes https://fedorahosted.org/sssd/ticket/2454

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
RESPONDERS: Set default value for umask 2014-10-29T09:41:06+00:00 Pavel Reichl preichl@redhat.com 2014-10-24T11:42:50+00:00 458f5245dd5130d12666cce6faf8ef1ec7f80169 Resolves: https://fedorahosted.org/sssd/ticket/2468 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Resolves: https://fedorahosted.org/sssd/ticket/2468

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
SSH: Run the ssh responder as the SSSD user 2014-10-22T13:44:53+00:00 Jakub Hrozek jhrozek@redhat.com 2014-10-17T16:14:53+00:00 76c8dafad2a18cf1514635aa766062085c23a5c8 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Simo Sorce <simo@redhat.com> 
Reviewed-by: Pavel Reichl <preichl@redhat.com>
Reviewed-by: Simo Sorce <simo@redhat.com>