Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
This patch also removes the references to 'cvs' and 'nscd' from
BUILD.txt, as they are no longer necessary.
|
|
|
|
This patch modifies behavior of SSSD when putting together content of
the file for pam_selinux. SSSD will now pick only the first user map in
the priority list which matches to the user logging in. Other maps are
ignored.
https://fedorahosted.org/sssd/ticket/1360
|
|
This patch fixes an issue which resulted in a need to initialize
responder with data from local domain, otherwise it would not correctly
detect requests for subdomains. Similar situation can occur if new
subdomain is added at runtime.
The solution is to ask for a list of subdomains in case there is a
candidate domain identified in the process of matching re_expressions
with given name.
|
|
The recent fixes for per-domain parsing can cause a segfault in
the netgroup processing if the domain isn't set to NULL when it's
parsed as "any domain".
https://fedorahosted.org/sssd/ticket/1383
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This adds support for parsing PAC and storing information contained
within. In particular the user and all his memberships are stored. In
case it is necessary, getgrgid() requests are sent to provider for group
resolution.
|
|
|
|
This adds only the basic outline of the PAC responder, it won't support
any operations, it will just start and initialize itself.
|
|
Older platfroms like RHEL5 do not have support for O_CLOEXC and need an
explicit fcntl after the fd is created.
Add it conditionally so it can be clearly removed once we declared those
platfroms obsolete and unsupported.
|
|
We need to make sure the mc socket is not leaked otherwise child processes will
pile up leaked file descriptors.
Add O_CLOEXEC when opening the cache.
|
|
* These are common lines of debug output when starting
up sssd
https://bugzilla.redhat.com/show_bug.cgi?id=811113
|
|
|
|
|
|
|
|
Note we set MSG_NOSIGNAL to avoid
having to fiddle with signal masks
but also do not want to die in case
SIGPIPE gets raised and the application
does not handle it.
|
|
|
|
|
|
|
|
|
|
The variable 'dirname' is a publicly declared variable in libgen.h
on older systems such as RHEL 5
|
|
We can't support the DIR cache features in systems with kerberos
libraries older than 1.10. Make sure we don't build it on those
systems.
|
|
|
|
|
|
This would cause a crash if we jump to the done: label before it
has been allocated.
|
|
|
|
|
|
At this moment we will support only asterisk, designating "all
services".
https://fedorahosted.org/sssd/ticket/1360
|
|
|
|
Passing Kerberos context to sss_krb5_get_error_message will allow us to
get better error messages.
|
|
https://fedorahosted.org/sssd/ticket/974
|
|
To be able to add support for new credential cache types easily, this
patch creates a new structure sss_krb5_cc_be that defines common
operations with a credential cache, such as create, check if used or remove.
|
|
With the DIR cache support, it's perfectly legal to specify a ccname
directory that ends with a slash. The create_dir function did not handle
that situation correctly.
|
|
Kerberos credential caches can be specified by TYPE:RESIDUAL. This patch
adds a couple of utilities to support parsing if ccache locations,
checking types etc.
|
|
https://fedorahosted.org/sssd/ticket/1127
|
|
krb5-child-test will be another consumer. It also makes the code more
readable by splitting a huge function.
|
|
The krb5-child-test will want to run the child from the current
directory.
|
|
https://fedorahosted.org/sssd/ticket/1225
|
|
* Allocation check was missing
* a DEBUG statement overwrote errno
|
|
There was an issue with ghost members in nested groups. Consider a
scenario with two groups A and B, B being member of A and having some
ghost members. In such case SSSD stored both groups, then added
membership between them and then added ghost members to the group B.
The problem was that adding ghost members to group B didn't propagate
these ghost members to group A. This functionality could have been
solved by memberof plugin but the logic is far more complicated that
changes this patch introduces.
The change is simple: add ghost members at the same time as the group is
created, even if groups are supposed to be stored in two passes. That
way ghost members will be present at the time A -> B membership is
created and they will be propagated as expected.
|
|
This patch extends the RootDSE lookup so that we will perform a
second request to test whether the match rule syntax can be used.
If both groups and initgroups are disabled in the configuration,
this lookup request can be skipped.
|
|
|
|
|