Age | Commit message (Collapse) | Author | Files | Lines |
|
This is when krb5_timestamp_to_sfstring is not available
and thus the helper variables are not used.
In future heimdal's krb5_format_time could be used
on the heimdal side.
|
|
krb5_free_unparsed_name is deprecated in heimdal.
Also use the wrapper in places where it is not yet used.
|
|
|
|
According to asprintf(3) the content off errmsg is undefined
on error, lets set it to NULL.
|
|
https://fedorahosted.org/sssd/ticket/1534
|
|
|
|
In order to fix https://fedorahosted.org/sssd/ticket/2093 the name of
the forest must be known for a member domain of the forest.
|
|
We need to work with distinguish names when processing
cross-domain membership, because groups and users may
be stored in different sysdb tree.
Resolves:
https://fedorahosted.org/sssd/ticket/2066
|
|
Declarations of public functions was in header files,
but header files was not included in implementation file.
|
|
Recent simple access provider patches started using
be_ctx during access check. This caused segfault in
unit tests, since be_ctx wasn't initialized.
Resolves:
https://fedorahosted.org/sssd/ticket/2034
|
|
|
|
The tmpl variable was only ever used to default to FILE backend in case
absolute patch w/o ccache type was selected. Since backends are no
longer there, we can remove the variable, too.
|
|
|
|
|
|
Remove struct sss_krb5_cc_be and the remaining functions that reference
it as they are all unused now.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
|
Only 2 types (FILE and DIR) need to precreate files or directories
on the file system, and the 2 functions were basically identical.
Consolidate all in one common function and use that function directly
where needed instead of using indirection.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
|
This completely replaces the per-ccache-type custom code to remove old cacches
and instead uses libkrb5 base doperations (krb5_cc_destroy) and operating as
the user owner.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
|
This tests dlopens and resolves all symbols to make sure there are no missing
symbols in our provider modules.
|
|
Recently support was added to use also libkrb5 style expansions that
uses a %{varname} type of template.
There are a number of templates we do not care/can't expand in sssd.
The current code misses tests and failed to properly preserve some of
the templates we do not want to handle.
Addiotionally in order to be future proof this patch treats unknown
templates as pass-through templates and defer any error checking to
libkrb5, so that sssd is consistent with how kinit would behave.
Resolves:
https://fedorahosted.org/sssd/ticket/2076
|
|
|
|
|
|
|
|
It is better to use standard constant for maximum value of type size_t,
instead of reinventing wheel with own defined constant SIZE_T_MAX
This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
|
|
The enumerate flag will be read from the cache for subdomains and
the domain object will be created accordingly.
|
|
|
|
Kerberos now supports multiple types of collection caches, not just
DIR: caches. We should add a macro for generic collection behavior
and use that where appropriate.
|
|
During initgroups request we read the SID of a group from the server but
do not save it to the cache. This patch fixes this and might help to
avoid an additional lookup of the SID later.
|
|
|
|
Wait for c-ares to finish before checking for memory leaks.
https://fedorahosted.org/sssd/ticket/1899
|
|
https://fedorahosted.org/sssd/ticket/2023
When the option values are copied using dp_opt_copy_map, the .val member
is used if it's not NULL. At the same time, the bool options are never
NULL, unlike integers or strings that can have special NULL-like values
such as NULL_STRING. This effectively means that when copying a bool
option, the .val member is always used.
But in the AD maps, some .val fields were set differently from the
.def_val fields. The effect was that when the AD subdomain provider was
initialized from IPA subdomain provider using only the defaults, some
options (notably referral chasing) were set to a value that didn't make
sense for the AD provider.
This patch makes sure that for all boolean option, the .val is always
the same as .def_val.
|
|
warning: format string is not a string literal (potentially insecure)
[-Wformat-security]
|
|
https://fedorahosted.org/sssd/ticket/1992
dyndns test will crash with this patch
|
|
https://fedorahosted.org/sssd/ticket/1778
When trying to copy special file, only message is logged now.
|
|
|
|
The mpg flag will be read from the cache for subdomains and the domain
object will be created accordingly.
|
|
The information of a subdomain will use magic private groups (mpg) or
not will be stored together with other information about the domain in
the cache.
|
|
This patch implements some unit tests for the recent enhancements to
libsss_idmap.
|
|
https://fedorahosted.org/sssd/ticket/1972
Coverity IDs: 11870,11871
Do not call unlink with NULL pointer.
|
|
This patch modifies the PAC responder so that it can be used with the AD
provider as well. The main difference is that the POSIX UIDs and GIDs
are now lookup up with the help of the SID instead of being calculated
algorithmically. This was necessary because the AD provider allows
either algorithmic mapping or reading the value from attributes stored
in AD.
Fixes https://fedorahosted.org/sssd/ticket/1558
|
|
https://fedorahosted.org/sssd/ticket/1648
Adds another expansion in the printf format that allows the user to use
the domain flat name in the format.
|
|
Empty directory tests_path is removed in function test_dom_suite_cleanup.
Function test_dom_suite_cleanup is reused in other tests.
|
|
--removed duplicated test-io
--reusing library libsss_test_common in other tests
--cmocka test sss_nss_idmap-tests was moved to cmocka dir
--moved leak_check.c to libsss_test_common
--moved common_tev.c,common_dom.c to libsss_test_common
(leak_check.c,common_tev.c,common_dom.c) are test framework independent
|
|
The dyndns init function was starting the timer even if the updates were
set to False. This patch splits the init of dynamic updates and the
timer into two functions so that the back end can start the updates
separately from reading the options.
|
|
The tests_set_cwd() function was called twice in the dyndns unit test.
|
|
https://fedorahosted.org/sssd/ticket/1504
Implements dynamic DNS updates for the AD provider. By default, the
updates also update the reverse zone and run periodically every 24
hours.
|
|
This options is mostly provided for future expansion. Currently it is
undocumented and both IPA and AD dynamic DNS updates default to
GSS-TSIG. Allowed values are GSS-TSIG and none.
|
|
https://fedorahosted.org/sssd/ticket/1831
Adds a new option that can be used to force nsupdate to only use TCP to
communicate with the DNS server.
|
|
This is a requirement to update the PTR records.
Includes a unit test.
|
|
This new options adds the possibility of updating the DNS entries
periodically regardless if they have changed or not. This feature
will be useful mainly in AD environments where the Windows clients
periodically update their DNS records.
|
|
This patch introduces new options for dynamic DNS updates that are not
specific to any back end. The current ipa dyndns options are still
usable, just with a deprecation warning.
|