| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| ... | |
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pyhbac.c: In function ‘HbacRuleElement_repr’:
src/python/pyhbac.c:506:59: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (strnames == NULL || strgroups == NULL || category == -1) {
^
src/python/pyhbac.c: In function ‘HbacRuleElement_to_native’:
src/python/pyhbac.c:614:51: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
if (!el->names || !el->groups || el->category == -1) {
^
The static function native_category had type of terurn value uint32_t
But it also could return -1 which indicated an error.
It's better to don't mix return code with returned value.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
src/python/pysss_murmur.c: In function ‘py_murmurhash3’:
src/python/pysss_murmur.c:47:17: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
key_len > strlen(key)) {
^
uint32_t murmurhash3(const char *key, int len, uint32_t seed)
The second argument of the function murmurhash3 has type int.
But the code expects to be unsigned integer.
There is code in python wrapper py_murmurhash3
which check boundaries of that argument.
It should be an unsigned "key_len > INT_MAX || key_len < 0".
An exception should be thrown for negative number.
Moreover, the length should be shorter then a length of input string.
The strlen returns size_t which is unsigned and key_len is signed long.
We already checked that value is unsigned so
we can safely cast key_len to size_t
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
src/tools/tools_util.c: In function ‘parse_groups’:
src/tools/tools_util.c:116:19: error: comparison between
signed and unsigned integer expressions [-Werror=sign-compare]
for (i = 0; i < tokens; i++) {
^
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This is needed for LOCAL view but also creates a shortcut for
server side overrides.
Resolves:
https://fedorahosted.org/sssd/ticket/2849
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
This patch is related to commit 50c9d542e8bf641412debaa82a4dcf67ddb72258
"tests: Use unique name for TEST_PATH"
It's better to do IO operation in common test directory
to prevent conflict with other test (copy & paste errors)
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
Adds support to get SELINUX context and make code more abstract so
that struct ucred (if availale) can be used w/o redefining uid,gid,pid to
int32. Also gives a layer of indirection that may come handy if we want
to improve the code further in the future.
Signed-off-by: Lukas Slebodnik <lslebodn@redhat.com>
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When refresh_expired_interval was not zero,
the NSS responder only refreshed netgroup cache
using background periodic task and ignored
SYSDB_CACHE_EXPIRE attribute.
With this behaviour it was impossible to
get new netgroup from remote server even
after sss_cache tool was used to expire
existing entry in the cache.
Resolves:
https://fedorahosted.org/sssd/ticket/2912
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2188
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
Create new internal structure idmap_range_params by merging ID mapping
range relevant fields from idmap_domain_info and remove corrsponding
fields.
Resolves:
https://fedorahosted.org/sssd/ticket/2188
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
| |
Max value of id mapping range was 1 unit too high.
Resolves:
https://fedorahosted.org/sssd/ticket/2922
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
Resolves https://fedorahosted.org/sssd/ticket/2925
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2791
When a modern IPA client is connected to an old (3.x) IPA server, the
attribute dereferenced during the ID views lookup does not exist, which
triggers an error during the dereference processing and also a confusing
syslog message.
This patch suppresses the syslog message.
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/2904
Reviewed-by: Michal Židek <mzidek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
AD expects its clients to renew the machine account password on a
regular basis, be default every 30 days. Even if a client does not renew
the password it might not cause issues because AD does not enforce the
renewal. But the password age might be used to identify unused machine
accounts in large environments which might get disabled or deleted
automatically.
With this patch SSSD calls an external program to check the age of the
machine account password and renew it if needed. Currently 'adcli' is
used as external program which is able to renew the password since
version 0.8.0.
Resolves https://fedorahosted.org/sssd/ticket/1041
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
Currently the SSSD default options like e.g. --debug-level are added
unconditionally to the command line options of a child process when
started with the child helper functions.
If a binary from a different source should be started as a child by SSSD
those options might not be known or used differently. This patch adds an
option to exec_child_ex() which allows to skip the default options and
only add specific options.
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
usn >= current && usn != currect is equivalent to usn >= current + 1
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
This condition always disabled smart refresh when full refresh
interval was set to zero and thus disabling periodic refresh
functionality completelely.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
When we switched to be_ptaks full_refresh_done has become obsolete since
timing is handled in a better way. In case of unknown USN we assume zero
which allows us to disable full refresh completely in configuration.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
When we switched to be_ptask this variable has become obsolete.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
This is less error prone.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/XXXX
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
|
| |
This patch implement logic to choose between IPA and LDAP schema. From
this point the sudo support in IPA is removed if sudo search base is
not set specifically, it will be brought back in furter patches.
Resolves:
https://fedorahosted.org/sssd/ticket/1108
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
To exploit knowledge of IPA LDAP hierarchy.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
| |
Removes code duplication.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
| |
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
More generic name is used now since it is not used only for id
filters. Probably all references will be deleted when the code
uses sdap_search_in_bases istead of custom search base iterators.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
| |
We often need to iterate over many search bases but we always use
mostly copy&paste iterator. This will reduce code duplication and
simplify code flow.
Reviewed-by: Sumit Bose <sbose@redhat.com>
|
| |
|
|
|
|
|
|
|
|
| |
It is possible to end up with not-processed referrals when
using AD provider and ldap_referrals=true.
Resolves:
https://fedorahosted.org/sssd/ticket/2906
Reviewed-by: Stephen Gallagher <sgallagh@redhat.com>
|
