| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
|
|
|
|
these functions are not needed anymore.
Related:
https://fedorahosted.org/sssd/ticket/2061
|
|
Related:
https://fedorahosted.org/sssd/ticket/2061
|
|
check_for_valid_tgt() is used exclusively in krb5_uitls.c so move it there.
Resolves:
https://fedorahosted.org/sssd/ticket/2061
|
|
|
|
The new SAFEALIGN macros name turned to be inappropriate because
they do not reflect what the macros really do.
|
|
It is better to use standard constant for maximum value of type size_t,
instead of reinventing wheel with own defined constant SIZE_T_MAX
This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
|
|
We use constant AF_INET6 in util.c, but we do not explicitly include header
file sys/socket.h. This header file was indirectly incuded by another header
file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can
have other dependencies among header files.
|
|
Some platform have header file endian.h and anothers have sys/endian.h.
We nedd to use conditional build to handle it correctly, therefore new header
file sss_endian.h was created.
|
|
|
|
The enumerate flag will be read from the cache for subdomains and
the domain object will be created accordingly.
|
|
In order to use the same defaults in all system daemons that needs to know how
to generate or search for ccaches we introduce ode here to take advantage of
the new option called default_ccache_name provided by libkrb5.
If set this variable we establish the same default for all programs that surce
it out of krb5.conf therefore providing a consistent experience across the
system.
Related:
https://fedorahosted.org/sssd/ticket/2036
|
|
https://fedorahosted.org/sssd/ticket/2036
|
|
|
|
warning reported by cppcheck
|
|
warnings reported by cppcheck.
|
|
Kerberos now supports multiple types of collection caches, not just
DIR: caches. We should add a macro for generic collection behavior
and use that where appropriate.
|
|
We introduced new way to check integrity of memcache in the
client code. We should use similiar checks in the responder.
|
|
Removes off by one error when using macro MC_SIZE_TO_SLOTS
and adds new macro MC_SLOT_WITHIN_BOUNDS.
|
|
All supported tevent releases contain these macros.
|
|
This patch prevents jumping outside of allocated memory in
case of corrupted slot or name_ptr values. It is not proper
solution, just hotfix until we find out what is the root cause
of ticket https://fedorahosted.org/sssd/ticket/2018
|
|
|
|
https://fedorahosted.org/sssd/ticket/2009
If the IPA server mode is on and the SSSD is running on the IPA server,
then the server's extdom plugin calls getpwnam_r to read info about trusted
users from the AD server and return them to the clients that called the
extended operation.
The SSSD returns the subdomain users fully-qualified, ie "user@domain"
by default. The format of the fully qualified name is configurable.
However, the extdom plugin returns the user name without the domain
component.
With this patch, when ipa_server_mode is on, warn if the full_name_format
is set to a non-default value. That would prompt the admin to change the
format if he changed it to something exotic.
|
|
|
|
warning: format string is not a string literal (potentially insecure)
[-Wformat-security]
|
|
https://fedorahosted.org/sssd/ticket/1992
|
|
Some krb5 functions needn't be available for retrieving ccache
with principal. Therefore ifdef is used to solve this situation with older
version of libkrb5. There were two functions with similar functionality
in krb5_child and krb5_utils. They were merged to one universal function, which
was moved to file src/util/sss_krb5.c
|
|
The mpg flag will be read from the cache for subdomains and the domain
object will be created accordingly.
|
|
|
|
This patch reuses the code from IPA provider to make sure that
domain-realm mappings are written even for AD sub domains.
|
|
DIR:/run/user/1000/krb5cc is valid ccname, but function sss_krb5_cc_file_path
returned NULL in this case.
|
|
https://fedorahosted.org/sssd/ticket/1947
Otherwise we risk that the meta server is removed from the server list,
but without a chance to return, because there may be no fo_server with
srv_data = meta.
Also if state->meta->next is NULL (it is still orphaned because we try
to errornously expand it without invoking collapse first), state->out
will be NULL and SSSD will crash.
New error code: ERR_SRV_DUPLICATES
|
|
https://fedorahosted.org/sssd/ticket/1815
|
|
https://fedorahosted.org/sssd/ticket/1873
KRB preauthentication error was later mishandled like authentication error.
|
|
https://fedorahosted.org/sssd/ticket/1971
Coverity IDs: 11851, 11852, 11853
The NULL check on "entry" "service" and "enable" line string parts is
not necessary and triggers warnings in coverity scans.
|
|
Instead of copying a block of code that checks whether domain is a subdomain
and uses only name of FQDN as appropriate, wrap the logic into a function.
|
|
The utility function will be reused to guess search base from the base
DN of AD trusted domains.
|
|
https://fedorahosted.org/sssd/ticket/1648
Adds another expansion in the printf format that allows the user to use
the domain flat name in the format.
|
|
Adds a sanity check of the fqname pattern. Fails if the username pattern
is not specified at all and warns if the domain pattern is not
specified.
|
|
Instead of using printf-like functions directly, provide two wrappers
that would encapsulate formatting the fully-qualified names. No
functional change is present in this patch.
|
|
https://fedorahosted.org/sssd/ticket/1785
nscd.conf file is now checked for the presence of caching settings for
databases controlled by SSSD. Syslog warning is now written only if NSCD
is running with interfering configuration or if configuration file
couldn't be loaded.
New configure option added to support non-standard locations
--with-nscd-conf=PATH (defaultly set to /etc/nscd.conf)
This is just a workaround until the following bugzilla is resolved:
https://bugzilla.redhat.com/show_bug.cgi?id=963908
|
|
Preparation for the following patch which will include the nscd.c in the
monitor code due to newly introduced function for checking the nscd
configuration file.
|
|
https://fedorahosted.org/sssd/ticket/1934
|
|
https://fedorahosted.org/sssd/ticket/1772
SAFEALIGN macros have been renamed in this patch to
make it easy to pick the right macro when data is copied
from byte buffer to a variable or vice versa.
The renamed macros are placed in new header file to
avoid code duplication (the old ones were defined in
two files, one for the client code and one for the rest
of sssd).
|
|
Instead of appending @domain to names when the --domain option of sss_ssh_* is
used, put domain name in a separate field in client requests.
|
|
This function allows initializing sss_names_ctx using a regular expression and
fully qualified format string specified in its arguments.
|
|
|
|
Provides two new layers instead of the previous IPA specific layer:
1) dp_dyndns.c -- a very generic dyndns layer on the DP level. Its
purpose it to make it possible for any back end to use dynamic DNS
updates.
2) sdap_dyndns.c -- a wrapper around dp_dyndns.c that utilizes some
LDAP-specific features like autodetecting the address from the LDAP
connection.
Also converts the dyndns code to new specific error codes.
|
