| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Commit 29752834fbf3a19e4e117668abfce4e4c7c48ee4 (Add expandable sequences
to krb5_ccachedir) introduce a new behavior that tried to take in account
the fact that parent directories may need to be created as accessible to
anyone by setting them to 01777 permissions.
However the test that determines whether the path shuld be public or not
is flawed and bleeds into pure file templates with undeiserable consequences.
Theis patch corrects thi behavior by clearly returning a specific path if it
need to be made public and preserves any subdir in the template with user
private ownership.
Resolves:
https://fedorahosted.org/sssd/ticket/2071
|
|
|
|
|
|
|
|
|
| |
Consolidate all the code that decides what the ccache name will be
in one function. Conditionalize checking for the old ccache only on
the fact that the new and old name (if any) are actually the same.
Resolves:
https://fedorahosted.org/sssd/ticket/2053
|
|
|
|
|
|
|
|
|
|
|
| |
Fix a check for an error return code that can be returned when
the ccache is not found.
Even in case of other errors still do not fail authentication
but allow it to proceed using a new ccache file if necessary.
Related:
https://fedorahosted.org/sssd/ticket/2053
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2068
With the current design, downloading master domain data was tied to
subdomains refresh, triggered by responders. But because enumeration is
a background task that can't be triggered on its own, we can't rely on
responders to download the master domain data and we need to check the
master domain on each enumeration request.
|
|
|
|
| |
AD provider will override the default with its own.
|
|
|
|
| |
Adds a reusable async request to download the master domain info.
|
|
|
|
|
|
|
|
| |
If the SSSD is compiled with journald support, then all sss_log()
statements will include a new field called "SSSD_DOMAIN" that includes
the domain name. Filtering only messages from the single domain is then
as easy as:
# journalctl SSSD_DOMAIN=foo.example.com
|
| |
|
| |
|
|
|
|
|
| |
Even if HAVE_SYSTEMD_LOGIN is set to 0 #ifdef will still see it as
defined.
|
| |
|
|
|
|
|
|
|
|
| |
When comparing username and his groups to access list, we will
obey case sensitivity of object from access list.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
|
|
|
|
| |
Recent simple access provider patches started using
be_ctx during access check. This caused segfault in
unit tests, since be_ctx wasn't initialized.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
|
|
|
| |
This function will parse object name into name and domain
name part and return appropriate sss domain.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function takes domain SID (doesn't have the last component)
or object SID (have all components) and returns subdomain.
The subdomain is found by comparing domain->domainid with the SID.
E.g.
domain SID: S-1-5-21-3940105347-3434501867-2690409756
object SID: S-1-5-21-3940105347-3434501867-2690409756-513
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
| |
|
|
|
|
| |
Remove code duplication.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.
Resolves:
https://fedorahosted.org/sssd/ticket/2084
|
| |
|
|
|
|
|
|
| |
If the environment variable _SSS_MC_SPECIAL is set to "NO", the
mmap cache is skipped in the client code. The name is not very
descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
|
|
|
|
|
|
|
|
|
| |
This option got already deprecated on the ipa server side.
Option is undocumented and warning is printed both to the sssd log files
and syslog.
Resolves:
https://fedorahosted.org/sssd/ticket/1918
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1187
|
| |
|
|
|
|
|
| |
Parameter "int *dp_err" and parameter "int *pam_status" were unused
in static function krb5_auth_prepare_ccache_name.
|
|
|
|
| |
mem_ctx was unused in function get_domain_or_subdomain
|
|
|
|
|
|
| |
The tmpl variable was only ever used to default to FILE backend in case
absolute patch w/o ccache type was selected. Since backends are no
longer there, we can remove the variable, too.
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1945
|
| |
|
| |
|
| |
|
|
|
|
| |
format specifies type 'int' but the argument has type 'const char *'
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
struct ldb_message_element.num_values is unsigned
This patch indirectly fixes printf format string warning.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
|
| |
When the SSSD changes serves (and hence lastUSN) we perform a cleanup as
well. However, after recent changes, we didn't set the cleanup timestamp
correctly, which made the lastUSN logic fail.
|