Age | Commit message (Collapse) | Author | Files | Lines |
|
https://fedorahosted.org/sssd/ticket/1804
|
|
The default authtok type in the LDAP provider (unlike the new IPA and AD
providers) is "password". This oddity dates back to when password was
the only supported authtok type in the SSSD, so configuration specifying
only the password and bind DN was valid.
We need to check the authtok validity as well before attempting to use
it.
|
|
Fixes https://fedorahosted.org/sssd/ticket/1766
|
|
- Use a double-linked list for domains and subdomains.
- Never remove a subdomain, simply mark it as disabled if it becomes
unused.
- Rework the way subdomains are refreshed.
Now sysdb_update_subdomains() actually updates the current subdomains
and marks as disabled the ones not found in the sysdb or add new ones
found. It never removes them.
Removal of missing domains from sysdb is deferred to the providers,
which will perform it at refresh time, for the ipa provider that is
done by ipa_subdomains_write_mappings() now.
sysdb_update_subdomains() is then used to update the memory hierarchy
of the subdomains.
- Removes sysdb_get_subdomains()
- Removes copy_subdomain()
- Add sysdb_subdomain_delete()
|
|
struct sss_domain_info is always used to represent domains now.
Adjust tests accordingly.
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1805
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1512
If directory where a ccache file was stored was missing and user
was still logged in, we erroneously considered the ccache file
still active. Thus the ccache file was not recreated and user was
unable to login.
|
|
https://fedorahosted.org/sssd/ticket/1783
When dn in member attribute is invalid (e.g. rdn instead of dn)
or it is outside of configured search bases, we might hit a situation
when tevent_req is marked as done before any callback could be
attached on it.
|
|
Found by coverity.
https://fedorahosted.org/sssd/ticket/1790
|
|
https://fedorahosted.org/sssd/ticket/1776
Although cb->list got updated when the callback is removed,
this change did not propagate to be_ctx->*_cb_list which
caused dlist having invalid records.
|
|
|
|
|
|
In preparation for making struct be_req opaque.
|
|
In preparation for making be_req opaque
|
|
|
|
Call it everywhere instead of directly dereferencing be_req->fn
This is in preparation of making be_req opaque.
|
|
|
|
|
|
Need to split out the function or new additions to the handler funtion will not
allow simple access tests to compile anymore.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also make ipa_hbac_save_list() static
|
|
|
|
|
|
|
|
|
|
|
|
|
|
The sysdb context is already available through the 'domain' context.
|
|
The sysdb context is already available through the 'domain' structure.
|
|
It was confusing to see the ldap provider own handler mixed with the generic
ldap access code used also by the ipa and ad providers.
So move the ldap provider handler code in its own file.
|
|
https://fedorahosted.org/sssd/ticket/1758
The autofs entries do not have the key as an unique identifier, but
rather the full (key, value) tuple as some keys have a special meaning,
such as the direct mount key (/-) and may be present in a single map
multiple times.
Comparing the full DN that contains both the key and the value will
allow for working updates if either key or value changes.
|
|
|
|
Related to https://fedorahosted.org/sssd/ticket/1757
Previously we would optimize the mc invalidate code for cases where the
user was a member of some groups. But if the user was removed from the
server while being in memory cache, we would only invalidate the mc
record if he was a member of at least one supplementary group.
|
|
This code should not be necessary anymore since June 2010 with commit:
90acbcf20b5f896ca8f631923afe946c90d90de7
|
|
https://fedorahosted.org/sssd/ticket/1761
The function tried to be smart and realloc only when needed, but that
only lead to hard-to find bugs where the logic would not allocate the
proper space. Remove the reallocation and prefer readability over speed
in this case.
|
|
|
|
|
|
|