| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=846664
If the first group was cached when processing the nested group membership,
we would call tevent_req_done, effectivelly marking the whole nesting
level as done.
|
|
https://fedorahosted.org/sssd/ticket/1472
|
|
group members with groups outside nesting limit.
https://fedorahosted.org/sssd/ticket/1194
|
|
https://fedorahosted.org/sssd/ticket/1463
|
|
https://fedorahosted.org/sssd/ticket/1462
|
|
It does not contain name of the object class attribute but the value
itself. I renamed it to avoid confusion.
|
|
https://fedorahosted.org/sssd/ticket/1393
|
|
This patch adds support for new config options krb5_backup_server and
krb5_backup_kpasswd. The description of this option's functionality
is included in man page in one of previous patches.
|
|
This patch adds support for new config option ldap_backup_uri. The
description of this option's functionality is included in man page in
previous patch.
|
|
This patch adds support for the primary server functionality into LDAP
provider. No backup servers are added at the moment, just the basic
support is in place.
|
|
This patch adds support for marking existing connections as being
disconnected. Each such connection can't be used for new queries and a
new one has to be created instead if necessary. This will ensure that
pending operations will end gracefully during reconnection. Also all new
queries to the server we are reconnecting to will use another (probably
newly created) connection.
|
|
Now there are two list of servers for each service. If currently
selected server is only backup, then an event will be scheduled which
tries to get connection to one of primary servers and if it succeeds,
it starts using this server instead of the one which is currently
connected to.
|
|
Patch bc76428246c4ce532abd0eadcd539069fc1d94a8 changed the data
type of sasl_minssf from int to ber_len_t. Unfortunately, default
value of ldap_sasl_minssf is -1 but ber_len_t is defined as
unsigned long. This made SASL mechanism inoperative.
|
|
https://fedorahosted.org/sssd/ticket/1420
sudoHost attribute may contain hostname or fqdn of the machine.
Sudo itself supports only one hostname and its fqdn - the one that
is returned by gethostbyname().
This patch implements autoconfiguration of hostname and fqdn if
it has not been set manually by ldap_sudo_hostnames option.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1379
|
|
|
|
The attribute is supposed to contain number of days since the epoch, not
the number of seconds.
|
|
Coverity #12770
|
|
Coverity #12797
|
|
Coverity #12802
|
|
* This broke corner cases when used with
default_tkt_types = des-cbc-crc
and DES enabled on an AD domain.
* This is fixed in kerberos instead, in a more correct way
and in a way which we cannot replicate.
|
|
This will eliminate ambiguity for the AD provider
|
|
This function is not supposed to return any newly-allocated memory
directly. It was actually leaking the memory for krb5_servers if
krb5_kdcip was being used, though it was undetectable because it
was allocated on the provided memctx.
This patch removes the memctx parameter and allocates krb5_servers
temporarily on NULL and ensures that it is freed on all exit
conditions. It is not necessary to retain this memory, as
dp_opt_set_string() performs a talloc_strdup onto the appropriate
context internally.
It also updates the DEBUG messages for this function to the
appropriate new macro levels.
|
|
* This is similar to the code in ipa_dyndns_update_send()
|
|
|
|
Sudo support is optional, when it is not configured sudorules_map is not
initialized and dereferencing it will cause a segmentation fault.
|
|
sudoHost attribute may contain IPv4 or IPv6 host/network address.
This patch adds support for autoconfiguration of these information.
|
|
Add host information to LDAP filters.
|
|
|
|
We need to load host information during provider initialization.
Currently it loads only values from configuration files, but it is
implemented as an asynchrounous request as it will later try to
autodetect these settings (which will need to contact DNS).
|
|
Adds some option that allows to manually configure a host filter.
ldap_sudo_use_host_filter - if false, we will download all rules regardless their sudoHost attribute
ldap_sudo_hostnames - list hostnames and/or fqdn that should be downloaded, separated with spaces
ldap_sudo_ip - list of IPv4/6 address and/or network that should be downloaded, separated with spaces
ldap_sudo_include_netgroups - include rules that contains netgroup in sudoHost
ldap_sudo_include_regexp - include rules that contains regular expression in sudoHost
|
|
I had to create a new context structure to store additional
information such as ip addresses and hostnames.
|
|
|
|
|
|
When an expired rule is not present on the server server during specific rule
refresh, the provider will notify the sudo responder that it has been deleted.
Because there is a high probability that some other rules were deleted from
the server as well, we want to remove them from sysdb as soon as possible.
Once the responder is notified, it will schedule an out of band full refresh.
This is issued by responder, because we already have a mechanism that
prohibits creation of similar request (i.e. once the OOB full refresh is
scheduled, there won't be another).
The notification is done by returning:
DP error = DP_ERR_OK, error = ENOENT
|
|
sdap_sudo_refresh_recv()
|
|
When SSSD is started, then full refresh is scheduled.
The smart refresh is scheduled after this full refresh,
if USN (or modifyTimestamp) values are available.
If full refresh interval <= smart refresh interval then
full refresh will be disabled.
If both refresh types are 0 then smart refresh interval
is set to default value.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
