| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
This patch fixes some issues with setting lastUSN attribute and it adds
check against the highest user/group USN after enumeration to keep
better track of the real highest USN. Optimal solution here would be to
schedule a check of rootDSE entry right after the enumeration finishes,
but for the moment this is good enough.
|
|
This patch also makes the following changes:
1) The [sssd] debug_level setting no longer acts as a default for
all other sections.
2) We will now skip passing the debug argument to the child
processes from the master unless the SSSD was run with a
command-line argument for the debug level.
https://fedorahosted.org/sssd/ticket/764
|
|
|
|
|
|
select is limited to fd numbers up to 1024, we need to use poll() here
to avoid causing memory corruption in the calling process.
Fixes: https://fedorahosted.org/sssd/ticket/861
|
|
https://fedorahosted.org/sssd/ticket/825
|
|
A previous patch changed a talloc_steal() into a talloc_move(). Now it
is not enough to change the parent memory context with talloc_steal to
give back the data, but it has to be assigned back too.
Additionally this patch uses the missing pam data as an indication that
a renewal request for this data is currently running.
|
|
|
|
Fixes CVE-2011-1758, https://fedorahosted.org/sssd/ticket/856
|
|
We were trying to request the krb5 keytab from the auth provider
configuration, but it hasn't yet been set up. Much better to use
the value in the ID provider.
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/850
|
|
|
|
|
|
|
|
|
|
|
|
Currently we construct the principal as host/fqdn@REALM. The problem
with this is that this principal doesn't have to be in the keytab. In
that case the provider fails to start. It is better to scan the keytab
and find the most suitable principal to use. Only in case no suitable
principal is found the backend should fail to start.
The second issue solved by this patch is that the realm we are
authenticating the machine to can be in general different from the realm
our users are part of (in case of cross Kerberos trust).
The patch adds new configuration option SDAP_SASL_REALM.
https://fedorahosted.org/sssd/ticket/781
|
|
|
|
https://fedorahosted.org/sssd/ticket/808
|
|
These changes are all related to following ticket:
https://fedorahosted.org/sssd/ticket/763
Changes in SSSDConfig.py merge old and new domain record instead of just
deleting the old and inserting the new one. The old approach let to loss
of some information like comments and blank lines in the config file.
Changes in API config were performed so our Python scripts (like
sss_obfuscate) don't add extra config options to the config file.
|
|
In responder a negative cache is used to indicate that the record has
not been found by previous lookup. This approach is however not
applicable for netgroup lookup because the design of their lookup is a
little different.
This patch removes some pieces of code working with negative cache,
because they didn't fuction well. Instead a new flag has been added to
the positive cache. This flag indicates if the record in the cache
is a record of existing netgroup or it's just a placeholder.
https://fedorahosted.org/sssd/ticket/820
|
|
https://fedorahosted.org/sssd/ticket/700
|
|
The function now supports finding principal in keytab not only based on
realm, but based on both realm and primary/instance parts. The function
also supports * wildcard at the beginning or at the end of primary
principal part. The function for finding principal has been moved to
util/sss_krb5.c, so it can be used in other parts of the code.
|
|
When reconnecting to the LDAP server supporting USNs (either because of new incomming
id operation or invokation of callback responsible for checking status
of the backend), detect whether the highest USN is lower than the one
SSSD has recorded. If so, setup enumeration/cleanup to refresh
potentionally changed account information in the SSSD cache.
Related ticket:
https://fedorahosted.org/sssd/ticket/734
|
|
Related:
https://fedorahosted.org/sssd/ticket/734
|
|
https://fedorahosted.org/sssd/ticket/647
|
|
Previously, we only generated it when performing a password change,
but this didn't play nicely with kpasswd.
|
|
|
|
If we change any of the special entries such as indexes or plugins,
we need to close and reopen the LDB to ensure that they take effect.
|
|
Previously, if we were upgrading from version 0.4 or older, we
would only run sysdb_upgrade_04() and exit, instead of also
running sysdb_upgrade_05()
|
|
|
|
|
|
|
|
|
|
|
|
Large memberof delete operations can cause quite a number of searches
and the results are attached to a delop operation structure.
Make sure we free this payload once the operation is done and these
results are not used anymore so that we get a smaller total memory footprint.
|
|
We were skipping the check on the next value in the added list when a match
was found for the currentr value being checked.
|
|
|
|
Now that gecos can come from either the 'gecos' or 'cn' attributes,
we need to ensure that we never remove it from the cache.
|
|
https://fedorahosted.org/sssd/ticket/837
|
|
This patch fixes the provided systemd unit file so it is the same
as the one Jóhann B. Guðmundsson provided in Red Hat Bugzilla #689853
except for hardcoded paths.
|
|
The in-tree SRV record parsing is used with very old c-ares libraries
that don't implement the parsing themselves (c-ares < 1.7, used in e.g.
RHEL5)
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/798
|
