sssd.git/src/sss_client, branch certificate_mapping Unnamed repository; edit this file to name it for gitweb. pam_sss: Suppress warning format-truncation 2017-02-01T13:10:50+00:00 Lukas Slebodnik lslebodn@redhat.com 2017-01-30T11:49:13+00:00 cbb0e683ff11d7800328da3991f3e75ef88f937f src/sss_client/pam_sss.c: In function ‘send_and_receive’: src/sss_client/pam_sss.c:742:39: error: ‘%.*s’ directive output between 0 and 18446744073709551615 bytes may cause result to exceed ‘INT_MAX’ [-Werror=format-truncation=] ret = snprintf(user_msg, bufsize, "%s%s%.*s", ^~~~~~~~~~ sssd/src/sss_client/pam_sss.c:742:39: note: assuming directive output of 4294967295 bytes Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
src/sss_client/pam_sss.c: In function ‘send_and_receive’:
src/sss_client/pam_sss.c:742:39: error: ‘%.*s’ directive output
  between 0 and 18446744073709551615 bytes may cause result to exceed
  ‘INT_MAX’ [-Werror=format-truncation=]
     ret = snprintf(user_msg, bufsize, "%s%s%.*s",
                                       ^~~~~~~~~~
sssd/src/sss_client/pam_sss.c:742:39: note: assuming directive output
  of 4294967295 bytes

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
libwbclient-sssd: wbcLookupSid() allow NULL arguments 2017-01-21T19:13:56+00:00 Sumit Bose sbose@redhat.com 2016-12-22T10:15:17+00:00 0b78b4e32955ced0f35c6d4685bd277bb03d04cb Some caller might not be interested in some of the values wbcLookupSid() returns and just pass NULL. Currently 'net ads user info' does this because it is not interested in the domain. wbcLookupSid() should handle this gracefully. Resolves: https://fedorahosted.org/sssd/ticket/3273 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Some caller might not be interested in some of the values wbcLookupSid()
returns and just pass NULL. Currently 'net ads user info' does this
because it is not interested in the domain. wbcLookupSid() should handle
this gracefully.

Resolves:
https://fedorahosted.org/sssd/ticket/3273

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
sss_client: Defer thread cancellation until completion of nss/pam operations 2016-11-24T11:12:46+00:00 Howard Guo hguo@suse.com 2016-10-11T08:35:13+00:00 d2f93542650c2f9613043acfa8e2f368972a70cd The client code is not cancellation-safe, an application which has cancelled an NSS operation will experience subtle bugs, hence thread cancellation is deferred until completion of client operations. Resolves: https://fedorahosted.org/sssd/ticket/3156 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Florian Weimer <fweimer@redhat.com> 
The client code is not cancellation-safe, an application which
has cancelled an NSS operation will experience subtle bugs,
hence thread cancellation is deferred until completion of client
operations.

Resolves:
https://fedorahosted.org/sssd/ticket/3156

Reviewed-by: Sumit Bose <sbose@redhat.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>
libwbclient-sssd: update interface to version 0.13 2016-10-14T16:42:54+00:00 Sumit Bose sbose@redhat.com 2016-10-07T15:47:59+00:00 f3347a0c72afc75b4d829e9981d1bac6b05a8306 This patch adds wbcCtxUnixIdsToSids() and wbcUnixIdsToSids() to SSSD's libwbclient and implements the latter. Resolves: https://fedorahosted.org/sssd/ticket/3181 Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com> 
This patch adds wbcCtxUnixIdsToSids() and wbcUnixIdsToSids() to SSSD's
libwbclient and implements the latter.

Resolves:
https://fedorahosted.org/sssd/ticket/3181

Reviewed-by: Fabiano Fidêncio <fidencio@redhat.com>
Remove double semicolon at the end of line 2016-09-21T13:10:11+00:00 Lukas Slebodnik lslebodn@redhat.com 2016-09-17T19:05:36+00:00 b9941359b3181c42f415530d5ccad0f4664d85fa Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
PAM: call free only when memory is expected to be allocated 2016-09-19T11:11:45+00:00 Sumit Bose sbose@redhat.com 2016-09-19T08:53:51+00:00 a8631161c47cbaefe7fd14b88202238bbdcc3dc8 Reborted by Coverity Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reborted by Coverity

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
pam_sss: check PKCS11_LOGIN_TOKEN_NAME 2016-09-16T13:05:17+00:00 Sumit Bose sbose@redhat.com 2016-09-16T09:48:18+00:00 35ba922bc51416f02877b53a6f25c04104ae5f03 Check if PKCS11_LOGIN_TOKEN_NAME is set and prompt the user if the matching Smartcard is not inserted. Related to https://fedorahosted.org/sssd/ticket/3165 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Check if PKCS11_LOGIN_TOKEN_NAME is set and prompt the user if the
matching Smartcard is not inserted.

Related to https://fedorahosted.org/sssd/ticket/3165

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
PAM/KRB5: optional otp and password prompting 2016-07-07T10:39:36+00:00 Sumit Bose sbose@redhat.com 2016-05-26T11:20:59+00:00 78027feeb56d6fe216f699be86a4716aaef3f628 Depending on the available Kerberos pre-authentication methods pam_sss will prompt the user for a password, 2 authentication factors or both. Resolves https://fedorahosted.org/sssd/ticket/2988 Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Depending on the available Kerberos pre-authentication methods pam_sss
will prompt the user for a password, 2 authentication factors or both.

Resolves https://fedorahosted.org/sssd/ticket/2988

Reviewed-by: Nathaniel McCallum <npmccallum@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
SSH: Do not print an error message if sss_ssh_authorizedkeys is asked for a local user 2016-07-01T13:28:33+00:00 Jakub Hrozek jhrozek@redhat.com 2016-04-28T08:31:45+00:00 fcbcfa69f9291936f01f24b5fcb5a7672dca46f3 If an IPA client uses the SSH integration and a local user logs in with SSH, the sss_ssh_authorizedkeys looks up their keys in the SSH responder, which doesn't find the user and returns ENOENT. The sss_ssh_authorizedkeys reports a failure on any error, including ENOENT which produced a confusing error message in the logs. This patch adds a new error code that handles users that are not found by SSSD but exist on the system and also special cases root with the same error code. Therefore, logging in as a local user no longer prints an error message. Resolves: https://fedorahosted.org/sssd/ticket/3003 Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
If an IPA client uses the SSH integration and a local user logs in with
SSH, the sss_ssh_authorizedkeys looks up their keys in the SSH
responder, which doesn't find the user and returns ENOENT. The
sss_ssh_authorizedkeys reports a failure on any error, including ENOENT
which produced a confusing error message in the logs.

This patch adds a new error code that handles users that are not found
by SSSD but exist on the system and also special cases root with the
same error code. Therefore, logging in as a local user no longer prints
an error message.

Resolves:
https://fedorahosted.org/sssd/ticket/3003

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
nss-idmap: add sss_nss_getnamebycert() 2016-06-09T14:12:25+00:00 Sumit Bose sbose@redhat.com 2016-04-26T11:13:43+00:00 9c88f837ffacf6548c13825589b327de1a5525f3 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>