summaryrefslogtreecommitdiffstats
path: root/src
Commit message (Collapse)AuthorAgeFilesLines
...
* sudo: search with view even if user is foundPavel Březina2015-10-141-1/+4
| | | | | | | | | If an overriden name is provided and the user is already cache we fail to refresh it since we won't search with VIEW flag. This patch fix it. Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* nss: send original name and id with local views if possiblePavel Březina2015-10-141-3/+128
| | | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2833 Reviewed-by: Sumit Bose <sbose@redhat.com> Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* LDAP: remove unused param. in sdap_fallback_local_userPavel Reichl2015-10-124-8/+4
| | | | | | Remove unused sdap_options parameter. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* autofs: remove unused params in del_autofs_entriesPavel Reichl2015-10-121-4/+1
| | | | | | Remove unused sdap_options and map parameters. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sudo: remove unused param. in ldap_get_sudo_optionsPavel Reichl2015-10-123-5/+3
| | | | | | Remove unused talloc memory context. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Do not use non-existent pre-incrementNikolai Kondrashov2015-10-111-2/+4
| | | | | | | | | | Do not try to use the pre-increment operator which doesn't exist in Python (and is in fact two "identity" operators - opposites of "negation" operators). Use addition and assignment instead. This fixes infinite loops on failed slapd starting and stopping. Reviewed-by: Michal Židek <mzidek@redhat.com>
* LDAP: Inform about small range sizeStephen Gallagher2015-10-091-0/+7
| | | | | | | | | | When a returned RID has a higher value than the ldap_idmap_range_size, it means that the administrator did not plan appropriately for the size of their network. We need to alert the admin at a severe notification level that their configuration will fail on entries with a high RID and point them at the explanation in the manual. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Fix RFC2307bis group member creationNikolai Kondrashov2015-10-091-14/+7
| | | | | | | Fix creation of mixed user/group "member" attribute for RFC2307bis group entries in ldap_ent.py. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Reduce sssd.conf duplication in test_ldap.pyNikolai Kondrashov2015-10-091-95/+45
| | | | | | | Use a function to generate basic sssd.conf in test_ldap.py to reduce code duplication. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Split LDAP test fixtures for flexibilityNikolai Kondrashov2015-10-091-30/+83
| | | | | | | Split ldap_test.py fixtures into several functions to allow for partial fixtures and direct use within tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Add support for specifying all user attrsNikolai Kondrashov2015-10-091-12/+39
| | | | | | | Support passing all user attributes to ldap_ent.py's user-creation functions, in integration tests. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* intg: Get base DN from LDAP connection objectNikolai Kondrashov2015-10-092-5/+5
| | | | | | | | Don't use the global LDAP_BASE_DN in integration tests and fixtures, but instead take it from the LDAP connection object (ldap_conn) passed to them explicitly. This makes the tests and fixtures a bit more modular. Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* tests: Fix compilation warningJakub Hrozek2015-10-091-8/+8
| | | | Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sss_override: steal msgs string to objsPavel Březina2015-10-081-0/+9
| | | | | | | | | | Since msgs is attached to tmp_ctx then all the strings are freed with tmp_ctx. Now steal the strings to objs. Resolves: https://fedorahosted.org/sssd/ticket/2826 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: explicitly set ret = EOKPavel Březina2015-10-081-0/+2
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* sss_override: fix comment describing formatPavel Březina2015-10-081-1/+1
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* intg: fix typosPavel Březina2015-10-081-8/+8
| | | | Reviewed-by: Pavel Reichl <preichl@redhat.com>
* HBAC: remove misleading comment about deny rulesPavel Reichl2015-10-081-4/+0
| | | | | | | | | HBAC deny rules are no longer supported. This comment should have been removed as part of 'Remove HBAC DENY rules from SSSD' https://fedorahosted.org/sssd/ticket/912 Reviewed-by: Michal Židek <mzidek@redhat.com>
* intg: fix assert messages in test_memory_cachePavel Reichl2015-10-081-10/+10
| | | | Reviewed-by: Michal Židek <mzidek@redhat.com>
* nss: fix UPN lookups for sub-domain usersSumit Bose2015-10-082-3/+11
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix upn cache_req for sub-domain usersSumit Bose2015-10-081-2/+7
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* fix ldb_search usageSumit Bose2015-10-081-8/+1
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: remove raw_name and do not touch orig_namePavel Březina2015-10-081-23/+29
| | | | | | | Parsed name or UPN is now stored in input->name instead of touching orig_name and storing the original name in raw_name. Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req tests: reduce code duplicationPavel Březina2015-10-081-1230/+394
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: add support for UPNPavel Březina2015-10-089-42/+674
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* cache_req: provide extra flag for oob requestPavel Březina2015-10-081-5/+6
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* man: Note filter_groups are not affecting nestingNikolai Kondrashov2015-10-071-0/+8
| | | | | | | Note that the "filter_groups" option doesn't affect nested member inheritance, on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* man: Mention groups in filter_groups descriptionNikolai Kondrashov2015-10-071-5/+5
| | | | | | | | Mention groups (not only users) in the combined "filter_users"/"filter_groups" option description on the sssd.conf(5) manpage. Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* AD: Consolidate connection list construction on ad_common.cJakub Hrozek2015-10-074-17/+71
| | | | Reviewed-by: Sumit Bose <sbose@redhat.com>
* AD: Provide common connection list construction functionsJakub Hrozek2015-10-075-34/+80
| | | | | | | | | | https://fedorahosted.org/sssd/ticket/2810 Provides a new AD common function ad_ldap_conn_list() that creates a list of AD connection to use along with properties to avoid mistakes when manually constructing these lists. Reviewed-by: Sumit Bose <sbose@redhat.com>
* TESTS: Make whitespace_test pass without whitespaceNikolai Kondrashov2015-10-071-1/+6
| | | | | | | | | | Make whitespace_test pass if no trailing whitespace was detected at all. Add two comments explaining how searching and failure handling works. Fixes: https://fedorahosted.org/sssd/ticket/2816 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* DYNDNS: improve nsupdate_msg_add_fwd()Pavel Reichl2015-10-052-20/+316
| | | | | | | | | | | | | | | | | | | | | Update nsupdate_msg_add_fwd() to group commands by address family processed IP address belongs to. It's better to group removing old A addresses and adding new A addresses in a single transaction. Same goes for AAAA addresses. Separate transaction for A and AAAA addresses updates are important because server might block updates for one of these families and thus the update even for the non-blocked address family would unnecessarily fail. For more details please see: https://fedorahosted.org/sssd/wiki/DesignDocs/DDNSMessagesUpdate Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* DYNDNS: use realm and server commands only as fallbackPavel Reichl2015-10-055-40/+35
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2495 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss_override: amend man page - overrides do not stackPavel Reichl2015-10-041-2/+6
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* PROXY: fix minor memory leakPavel Reichl2015-10-021-2/+2
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: fix minor memory leakPavel Reichl2015-10-022-2/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* IPA: fix minor memory leakPavel Reichl2015-10-021-1/+1
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: fix minor memory leakPavel Reichl2015-10-021-2/+3
| | | | Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* SDAP: Relax POSIX checkPavel Reichl2015-10-021-4/+6
| | | | | | | | | | | Relax the check on UID or GID just to check if at least one of them is present but do not require them to be positive numbers. Add requirement on objectclass attributes to be user or group to make check more reliable. Resolves: https://fedorahosted.org/sssd/ticket/2800
* MAN: proxy and krb5 are valid access control modulesJakub Hrozek2015-10-021-0/+10
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* MAN: Clarify pam_trusted_users option descriptionJakub Hrozek2015-10-021-5/+9
| | | | Reviewed-by: Alexander Bokovoy <abokovoy@redhat.com>
* Add Catalan translation to LINGUASRobert Antoni Buj Gelonch2015-10-021-0/+1
| | | | Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
* sss tools: improve option handlingPavel Březina2015-10-022-20/+30
| | | | | | | | | | | | The crash describe by ticket #2802 is caused by providing NULL options in popt and yet trying to iterate over them. Instead of simply testing for NULL this patch creates a new option table table merges several option tables together, thus improving and simplifying usage string. Resolves: https://fedorahosted.org/sssd/ticket/2802 Reviewed-by: Pavel Reichl <preichl@redhat.com>
* PAM: only allow missing user name for certificate authenticationSumit Bose2015-10-022-3/+47
| | | | | | | Resolves: https://fedorahosted.org/sssd/ticket/2811 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* sbus codegen tests: free ctxPavel Březina2015-10-021-0/+2
| | | | | | | | | | Memory context was not freed therefore we got stuck in tevent loop that mocks D-Bus. Resolves: https://fedorahosted.org/sssd/ticket/2759 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
* HBAC: Better libhbac debuggingPetr Cech2015-10-014-2/+243
| | | | | | | | | | | | | Added support for logging via external log function. Log provides information about rules evaluating (HBAC_DBG_INFO level) and additionally can describe rules (HBAC_DBG_TRACE level). Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* TESTS: Fixing of uninitialized pointer.Petr Cech2015-10-011-1/+1
| | | | | | | | | | | | | | | There was a bug with uninitialized pointer during solving ticket 2703. More details: rules[0]->services->names[1] is initialized on line 361, but initializing of rules[0]->srchosts->names[1] was missing. Resolves: https://fedorahosted.org/sssd/ticket/2703 Reviewed-by: Pavel Reichl <preichl@redhat.com> Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> Reviewed-by: Michal Židek <mzidek@redhat.com>
* confdb: warn if memcache_timeout > than entry_cachePavel Reichl2015-09-301-0/+25
| | | | | | | | | | Only group and user records are cached in memory cache so only timeouts for those are checked. Resolves: https://fedorahosted.org/sssd/ticket/2176 Reviewed-by: Pavel Březina <pbrezina@redhat.com>
* AD: add debug messages for netlogon get infoPavel Reichl2015-09-301-1/+4
| | | | Reviewed-by: Petr Cech <pcech@redhat.com>
* Updating translations for the 1.13.1 releaseJakub Hrozek2015-09-3016-8043/+13684
|
generated by cgit (git 2.34.1) at 2025-09-27 06:47:08 +0000