| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2164
The patch adds a new error code and special cases the new code so that
access is denied and a nicer log message is shown.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
The patch makes sure that a completely lower-cased version of a fully
qualified name is used for case insensitive searches. Currently there
are code paths where the domain name was used as configured and was not
lower-cased.
To make sure this patch does not break with old entries in the cache or
case sensitive domains a third template was added to the related filters
templates which is either filled with a completely lower-cased version or
with the old version. The other two template values are unchanged.
|
| |
|
|
|
|
|
|
| |
Properly align buffer address to sizeof(char *) when storing
pointers to strings.
resolves:
https://fedorahosted.org/sssd/ticket/1359
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
A bit more elegant way of detection of what domain the group member belongs to
Resolves:
https://fedorahosted.org/sssd/ticket/2132
|
| | |
|
| |
|
|
|
|
|
|
| |
Specific error message is logged for missing sssd.conf file. New sssd specific
error value is introduced for this case.
Resolves:
https://fedorahosted.org/sssd/ticket/2156
|
| | |
|
| |
|
|
|
| |
sss_tc_fqname2() is similar to sss_tc_fqname() but expects domain and
flat domain name as string arguments instead of a domain struct.
|
| |
|
|
|
| |
If no domain name is specified the global name pattern and regular
expression will be returned.
|
| | |
|
| |
|
|
|
|
|
|
| |
sig_term() was never used as a real signal handler, but only called by tevent
signal handlers in the kerberos and ldap children.
Also the same code was duplicated with separate local guard variables in other
functions.
Unify orderly termination handling, between all these functions.
|
| |
|
|
|
| |
SIGHUP handling is implemented later using a tevent handler so sig_hup() is
useless.
|
| |
|
|
| |
Cleanup unused signal functions
|
| | |
|
| | |
|
| |
|
|
| |
Changing style of including header files from outside of sssd tree - from "header.h" to <header.h>
|
| |
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1968
|
| | |
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2123
Previously, the subdomains were always unbound even if the administrator
limited the ranges with min_id/max_id. This could have posed problems
when running programs that scan the whole ID space, such as "groupadd
-r".
|
| | |
|
| |
|
|
|
|
| |
I find it more readable to include headers from outside the sssd tree
with <foo.h>, not "foo.h". The latter should be used for in-tree headers
only.
|
| |
|
|
|
| |
Added functions to check if given IP address is a special address
(broadcast, multicast...).
|
| |
|
|
|
|
|
| |
Supporting the latest INI release brought an incompatible change. Lines
beginning with a whitespace were treated as continuation of the previous
line. This patch reverts to ignoring the whitespace as we did previously
so that the existing configurations keep working.
|
| |
|
|
|
|
|
|
|
|
|
|
| |
If there are member domains in a trusted forest which are DNS-wise not
proper children of the forest root the IPA KDC needs some help to
determine the right authentication path. In general this should be done
internally by the IPA KDC but this works requires more effort than
letting sssd write the needed data to the include file for krb5.conf.
If this functionality is available for the IPA KDC this patch might be
removed from the sssd tree.
Fixes https://fedorahosted.org/sssd/ticket/2093
|
| |
|
|
|
| |
In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of
the forest must be known for a member domain of the forest.
|
| |
|
|
|
|
|
| |
This function will return head of the domain list.
Resolves:
https://fedorahosted.org/sssd/ticket/2066
|
| |
|
|
|
|
|
|
| |
systemd-login still fails with su/sudo login shells, so always fall back
for now.
Resolves:
https://fedorahosted.org/sssd/ticket/2094
|
| |
|
|
|
| |
Declarations of public functions was in header files,
but header files was not included in implementation file.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
struct sss_mc_rec had two hash members (hash1 and hash2) but only one next
member. This was a big problem in case of higher probability of hash collision.
structure sss_mc_rec will have two next members (next1, next2) with this patch.
next1 is related to hash1 and next2 is related to hash1.
Iterating over chains is changed, because we need to choose right next pointer.
Right next pointer will be chosen after comparing record hashes.
This behaviour is wrapped in function sss_mc_next_slot_with_hash.
Adding new record to chain is also changed. The situation is very similar to
iterating. We need to choose right next pointer (next1 or next2).
Right next pointer will be chosen after comparing record hashes.
Adding reference to next slot is wrapped in function
sss_mc_chain_slot_to_record_with_hash
Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes.
Resolves:
https://fedorahosted.org/sssd/ticket/2049
|
| | |
|
| |
|
|
|
|
|
|
| |
If the SSSD is compiled with journald support, then all sss_log()
statements will include a new field called "SSSD_DOMAIN" that includes
the domain name. Filtering only messages from the single domain is then
as easy as:
# journalctl SSSD_DOMAIN=foo.example.com
|
| | |
|
| |
|
|
|
|
|
|
| |
This function will parse object name into name and domain
name part and return appropriate sss domain.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function takes domain SID (doesn't have the last component)
or object SID (have all components) and returns subdomain.
The subdomain is found by comparing domain->domainid with the SID.
E.g.
domain SID: S-1-5-21-3940105347-3434501867-2690409756
object SID: S-1-5-21-3940105347-3434501867-2690409756-513
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
| |
|
|
| |
Remove code duplication.
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Use systemd-lgin in preference to check if the user is logged in or not.
Fall back to the old method if no systemd-login support is available at compile
time or if it returns a fatal error, and can't determine the status of the user
on its own.
This will allow to consider a user really active (in order to reuse or refresh
crdentials) only if it really is logged into the system, and not just if one
of the user's processes is stuck around.
Resolves:
https://fedorahosted.org/sssd/ticket/2084
|
| |
|
|
| |
https://fedorahosted.org/sssd/ticket/1945
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
these functions are not needed anymore.
Related:
https://fedorahosted.org/sssd/ticket/2061
|
| |
|
|
|
| |
Related:
https://fedorahosted.org/sssd/ticket/2061
|
| |
|
|
|
|
|
| |
check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
