Age | Commit message (Collapse) | Author | Files | Lines |
|
The version is both fake and unused, so we'll stop creating the
versioned file and use only the unversioned .so. This is safe to
do for now because all of the plugins are built at the same time
as the interface.
|
|
|
|
|
|
Instead of issuing N LDAP requests when processing a group with N users,
utilize the dereference functionality to pull down all the members in a
single LDAP request.
https://fedorahosted.org/sssd/ticket/799
|
|
This patch splits checking cache and hash tables into standalone
functions. This will make it easy to reuse the code in a new branch that
uses dereferencing.
|
|
Instead of downloading complete user data which is potentionally very
slow, only download the necessary minimum information and store the
users as dummy entries.
|
|
RFC2307bis code relies heavily on originalDN, so the fake users need to
have an option to store it, too.
|
|
A generic wrapper around ASQ and OpenLDAP dereference searches.
https://fedorahosted.org/sssd/ticket/635
|
|
This dereference method is supported at least by OpenLDAP and
389DS/RHDS
For more details, see:
http://tools.ietf.org/html/draft-masarati-ldap-deref-00
|
|
For more details on ASQ, see:
http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
|
|
These will be shared by both dereference methods in a later patch.
|
|
Add a private sdap_get_generic_ext_send()/_recv() request that
exposes more of ldap_search_ext options, in particular the server
contols. The existing sdap_generic_search_send()/_recv() request
is now a thin wrapper around the new _ext request.
The other important change is that an entry parsing is a callback now.
That was done in order to allow custom parsing for results such as
OpenLDAP deref or Attribute Scoped Queries.
|
|
https://fedorahosted.org/sssd/ticket/742
|
|
https://fedorahosted.org/sssd/ticket/551
|
|
https://fedorahosted.org/sssd/ticket/742
|
|
Related ticket:
https://fedorahosted.org/sssd/ticket/855
|
|
The label was named fail but used also in success cases.
|
|
This function was not used anywhere
|
|
|
|
https://fedorahosted.org/sssd/ticket/865
|
|
https://fedorahosted.org/sssd/ticket/857
|
|
https://fedorahosted.org/sssd/ticket/858
|
|
|
|
|
|
This error caused that monitor didn't pass --debug-to-files option to
nss and pam services when creating them.
|
|
https://fedorahosted.org/sssd/ticket/867
|
|
|
|
|
|
We will now re-read the confdb debug_level value when processing
the monitor_common_logrotate() function, which occurs when the
monitor receives a SIGHUP.
|
|
This was implemented almost identically for both the responders
and the providers. It is easier to maintain as a single routine.
This patch also adds the ability to provide a private context to
attach to the sbus_connection for later use.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also create a routine to initialize it
|
|
This patch fixes some issues with setting lastUSN attribute and it adds
check against the highest user/group USN after enumeration to keep
better track of the real highest USN. Optimal solution here would be to
schedule a check of rootDSE entry right after the enumeration finishes,
but for the moment this is good enough.
|
|
This patch also makes the following changes:
1) The [sssd] debug_level setting no longer acts as a default for
all other sections.
2) We will now skip passing the debug argument to the child
processes from the master unless the SSSD was run with a
command-line argument for the debug level.
https://fedorahosted.org/sssd/ticket/764
|
|
|
|
|
|
select is limited to fd numbers up to 1024, we need to use poll() here
to avoid causing memory corruption in the calling process.
Fixes: https://fedorahosted.org/sssd/ticket/861
|
|
https://fedorahosted.org/sssd/ticket/825
|
|
A previous patch changed a talloc_steal() into a talloc_move(). Now it
is not enough to change the parent memory context with talloc_steal to
give back the data, but it has to be assigned back too.
Additionally this patch uses the missing pam data as an indication that
a renewal request for this data is currently running.
|
|
|
|
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
|
|
We were trying to request the krb5 keytab from the auth provider
configuration, but it hasn't yet been set up. Much better to use
the value in the ID provider.
|
|
|