Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
This patch changes handling of krb5 child error codes so that it's on
par with the 1.8 branch after Joschi Brauchle reviewed the 1.8 backport.
|
|
https://fedorahosted.org/sssd/ticket/1310
|
|
Localized sssd_krb5_locator_plugin manpages were added into main
sssd package instead of client.
https://fedorahosted.org/sssd/ticket/1394
|
|
https://fedorahosted.org/sssd/ticket/1521
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1513
This is a counterpart of the FreeIPA ticket https://fedorahosted.org/freeipa/ticket/3045
During an e-mail discussion, it was decided that
* if the default is set in the IPA config object, the SSSD would use
that default no matter what
* if the default is not set (aka empty or missing), the SSSD
would just use the system default and skip creating the login
file altogether
|
|
There's no point in checking if the object already exists because we always
wipe the whole sysdb subtree. We were also immediatelly cancelling the
transaction because we'd jump to goto, even though it was with EOK.
|
|
The list of resolved servers is allocated on the back end context and
kept in the fo_service structure. However, a single request often
resolves a server and keeps a pointer until the end of a request and
only then gives feedback about the server based on the request result.
This presents a big race condition in case the SRV resolution is used.
When there are requests coming in in parallel, it is possible that an
incoming request will invalidate a server until another request that
holds a pointer to the original server is able to give a feedback.
This patch simply checks if a server is in the list of servers
maintained by a service before reading its status.
https://fedorahosted.org/sssd/ticket/1364
|
|
https://fedorahosted.org/sssd/ticket/1438
|
|
https://fedorahosted.org/sssd/ticket/1458
When the responder is disabled and sudo_provider is set explicitly,
a warning is print and the module will be initialized.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1519
IPA host refactoring changed mapping of memberOf attribute
which caused SSSD being unable to retrieve membership of
hostgroup when being interpreted as netgroup.
|
|
Made obsolete by commit e2d17ea806d273784b621583dd0490c2f69f237d
|
|
|
|
|
|
selinux-policy-targeted contains the /etc/selinux/targeted/logins
directory that is checked during build time to determine if the platform
supports SELinux user logins.
|
|
https://fedorahosted.org/sssd/ticket/1515
|
|
https://fedorahosted.org/sssd/ticket/1516
If sysdb_set_user_attr failed, we would cancel the transaction, then go
to the error handler and attempt to close it again.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1509
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1488
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1492
|
|
|
|
https://fedorahosted.org/sssd/ticket/1500
|
|
https://fedorahosted.org/sssd/ticket/1460
|
|
|
|
To validate a TGT a keytab entry from the client realm is preferred but
if none ca be found the last entry should be used. But the entry was
freed and zeroed before it could be used.
This should also fix the trusted domain use case mentioned in
https://fedorahosted.org/sssd/ticket/1396
although a different approach then suggested in the ticket is used.
|
|
https://fedorahosted.org/sssd/ticket/1365
|
|
Removing bad examples of usage of sysdb_transaction_start/commit/end
functions and making it more consistent (all files except of
src/db/sysdb_*.c).
|
|
https://fedorahosted.org/sssd/ticket/1434
|
|
https://fedorahosted.org/sssd/ticket/734
We successfully detect when the server is reinitialized by testing
the new lastUSN value. The maximum USN values are set to zero, but
the current cache content remains.
This patch removes records that were deleted from the server.
It uses the following approach:
1. remove entryUSN attribute from all entries
2. run enumeration
3. remove records that doesn't have entryUSN attribute updated
We don't need to do this for sudo rules, they will be refreshed
automatically during next smart/full refresh, or when an expired rule
is deleted.
|
|
|
|
|
|
|
|
ldap_destroy() is not present in RHEL5
|
|
We were not closing LDAP connection when using SSL
with invalid certificate.
https://fedorahosted.org/sssd/ticket/1490
|