Age | Commit message (Collapse) | Author | Files | Lines |
|
In responder a negative cache is used to indicate that the record has
not been found by previous lookup. This approach is however not
applicable for netgroup lookup because the design of their lookup is a
little different.
This patch removes some pieces of code working with negative cache,
because they didn't fuction well. Instead a new flag has been added to
the positive cache. This flag indicates if the record in the cache
is a record of existing netgroup or it's just a placeholder.
https://fedorahosted.org/sssd/ticket/820
|
|
https://fedorahosted.org/sssd/ticket/700
|
|
The function now supports finding principal in keytab not only based on
realm, but based on both realm and primary/instance parts. The function
also supports * wildcard at the beginning or at the end of primary
principal part. The function for finding principal has been moved to
util/sss_krb5.c, so it can be used in other parts of the code.
|
|
When reconnecting to the LDAP server supporting USNs (either because of new incomming
id operation or invokation of callback responsible for checking status
of the backend), detect whether the highest USN is lower than the one
SSSD has recorded. If so, setup enumeration/cleanup to refresh
potentionally changed account information in the SSSD cache.
Related ticket:
https://fedorahosted.org/sssd/ticket/734
|
|
Related:
https://fedorahosted.org/sssd/ticket/734
|
|
https://fedorahosted.org/sssd/ticket/647
|
|
Previously, we only generated it when performing a password change,
but this didn't play nicely with kpasswd.
|
|
|
|
If we change any of the special entries such as indexes or plugins,
we need to close and reopen the LDB to ensure that they take effect.
|
|
Previously, if we were upgrading from version 0.4 or older, we
would only run sysdb_upgrade_04() and exit, instead of also
running sysdb_upgrade_05()
|
|
|
|
|
|
|
|
|
|
|
|
Large memberof delete operations can cause quite a number of searches
and the results are attached to a delop operation structure.
Make sure we free this payload once the operation is done and these
results are not used anymore so that we get a smaller total memory footprint.
|
|
We were skipping the check on the next value in the added list when a match
was found for the currentr value being checked.
|
|
|
|
|
|
Now that gecos can come from either the 'gecos' or 'cn' attributes,
we need to ensure that we never remove it from the cache.
|
|
https://fedorahosted.org/sssd/ticket/837
|
|
This patch fixes the provided systemd unit file so it is the same
as the one Jóhann B. Guðmundsson provided in Red Hat Bugzilla #689853
except for hardcoded paths.
|
|
The in-tree SRV record parsing is used with very old c-ares libraries
that don't implement the parsing themselves (c-ares < 1.7, used in e.g.
RHEL5)
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/798
|
|
https://fedorahosted.org/sssd/ticket/643
|
|
The failover code is not strictly in charge of resolving. Its main
function is to provide a server to connect to for a service.
It is legal, although not currently used, to have a server that has no
name (server->common == NULL). In this case, no resolving should be done
and it is assumed that the failover user, which are the SSSD back ends
in our case, would perform any resolving out of band, perhaps using the
user_data attribute of fo_server structure.
|
|
|
|
We were not fully compliant with section 5.3 of RFC 2307 which
states:
An account's GECOS field is preferably determined by a value of the
gecos attribute. If no gecos attribute exists, the value of the cn
attribute MUST be used. (The existence of the gecos attribute allows
information embedded in the GECOS field, such as a user's telephone
number, to be returned to the client without overloading the cn
attribute. It also accommodates directories where the common name
does not contain the user's full name.)
|
|
|
|
|
|
If the loop ran through at least one
sdap_process_missing_member_2307() call and errored out later, we
were not canceling the transaction.
|
|
|
|
|
|
There is a python bug (http://bugs.python.org/issue11236) where
getpass.getpass() does not throw KeyboardInterrupt on ctrl+c. This
workaround is the closest we can get: if we detect the control
character in the string that we read, we'll cancel.
|
|
|
|
https://fedorahosted.org/sssd/ticket/746
|
|
Coverity 10737
|
|
Coverity 10738
|
|
Coverity 10740 and 10739
|
|
This routine will replace the use of sysdb_attrs_to_list() for any
case where we're trying to get the name of the entry. It's a
necessary precaution in case the name is multi-valued.
|
|
|
|
https://fedorahosted.org/sssd/ticket/822
|
|
|
|
Groups in ldap with multiple values for their groupname attribute
will now be compared against the RDN of the entry to determine the
"primary" group name. We will save only this primary group name to
the ldb cache.
|
|
Groups in ldap with multiple values for their groupname attribute
will now be compared against the RDN of the entry to determine the
"primary" group name. We will save only this primary group name
to the ldb cache.
|
|
Users in ldap with multiple values for their username attribute
will now be compared against the RDN of the entry to determine the
"primary" username. We will save only this primary name to the ldb
cache.
|