Age | Commit message (Collapse) | Author | Files | Lines |
|
https://fedorahosted.org/sssd/ticket/1893
When SSSD is not enumerating (which is the default), we are trying to
link any "ghost" entries with a newly created user entry. However, when
enumeration is on, this means a spurious search on adding any user.
|
|
|
|
* Remove check-specific failure reporting from common_check.c
* Check-specific abstraction over memleak checks
* Rename common_check.c to leak_check.c
|
|
https://fedorahosted.org/sssd/ticket/1713
In the simple access provider, we need to only canonicalize user names when
comparing with values in the ACL, not when searching the cache. The sysdb
searches might do a base search with a DN constructed with the username
which fails if the username is lower case.
|
|
|
|
|
|
Definition of structure sss_auth_token was removed from header file
authtok.h and there left only declaration of this structure.
Therefore only way how to use this structure is to use accessory function from
same header file.
To creating new empty authotok can only be used newly created function
sss_authtok_new(). TALLOC context was removed from copy and setter functions,
because pointer to stuct sss_auth_token is used as a memory context.
All declaration of struct sss_auth_token variables was replaced with
pointer to this structure and related changes was made in source code.
Function copy_pam_data can copy from argument src which was dynamically
allocated with function create_pam_data() or zero initialized struct pam_data
allocated on stack.
https://fedorahosted.org/sssd/ticket/1830
|
|
Function create_pam_data() should be only one way how to create new
struct pam_data, because it also initialize destructor to created
object.
|
|
const char const * --> const char *const
|
|
Print warning if sysdb-tests or sysdb-ssh test are run
individually and LDB_MODULES_PATH was not set.
https://fedorahosted.org/sssd/ticket/1820
|
|
Changes the simple access provider's interface to be asynchronous. When
the simple access provider encounters a group that has gid, but no
meaningful name, it attempts to resolve the name using the
be_file_account_request function.
Some providers (like the AD provider) might perform initgroups
without resolving the group names. In order for the simple access
provider to work correctly, we need to resolve the groups before
performing the access check. In AD provider, the situation is
even more tricky b/c the groups HAVE name, but their name
attribute is set to SID and they are set as non-POSIX
|
|
I realized that the current unit tests for the simple access provider
only tested the user directives. To have a baseline and be able to
detect new bugs in the upcoming patch, I implemented unit tests for the
group lists, too.
|
|
Variables dir_cc and file_cc are used in three
modules: krb5_common.c, krb5_utils.c, krb5_child-test.c, therefore should be
declared with extern in krb5_utils.h.
|
|
https://fedorahosted.org/sssd/ticket/1811
|
|
This condition is invalid because different_realm is not set, when
EINVAL is returned. It can make the test fail sometimes.
|
|
https://fedorahosted.org/sssd/ticket/1833
state is expected to be a pointer
|
|
|
|
There was shared code for several unit tests that connected to their own
sysdb instance. This patch adds common code to run a generic request to
completion or connect to a test sysdb.
|
|
This prevents reportin false errors when internal functions return
a generic EINVAL or EACCES that should just be treated as internal
errors.
|
|
- Use a double-linked list for domains and subdomains.
- Never remove a subdomain, simply mark it as disabled if it becomes
unused.
- Rework the way subdomains are refreshed.
Now sysdb_update_subdomains() actually updates the current subdomains
and marks as disabled the ones not found in the sysdb or add new ones
found. It never removes them.
Removal of missing domains from sysdb is deferred to the providers,
which will perform it at refresh time, for the ipa provider that is
done by ipa_subdomains_write_mappings() now.
sysdb_update_subdomains() is then used to update the memory hierarchy
of the subdomains.
- Removes sysdb_get_subdomains()
- Removes copy_subdomain()
- Add sysdb_subdomain_delete()
|
|
struct sss_domain_info is always used to represent domains now.
Adjust tests accordingly.
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1763
|
|
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard links.
This security problem was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
also fix sysdb_svc_add declarations
|
|
|
|
|
|
|
|
|
|
Also remove sysdb_delete_domgroup()
|
|
Also remove sysdb_delete_domuser()
|
|
|
|
Also changes sysdb_search_custom_by_name()
|
|
|
|
|
|
|
|
|
|
Also remove sysdb_store_domgroup()
|
|
Also remove sysdb_store_domuser()
|
|
|
|
|