[Pkg-sssd-devel] sssd: Changes to 'debian-experimental'
Timo Aaltonen
tjaalton-guest at alioth.debian.org
Thu May 24 12:11:33 UTC 2012
New branch 'debian-experimental' available with the following commits:
commit 0bad13b8c0b970c12a19aef10798f93457b48dd0
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu May 24 15:10:59 2012 +0300
Update the packaging for the new version, thanks Esko Järnfors!
- Add libsss-idmap0, libsss-idmap-dev packages
- Add sssd Depends on libsss-idmap0
- Add /var/lib/sss/mc directory for the new mmap cache
commit 80d12619eb05a30b4cbc303aea3643cf1bc2fac2
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu May 24 14:50:06 2012 +0300
update the changelog
commit c9e78ae0dd978b1b48a6e5e31c53a44a699cae15
Merge: f6cf67c 580d1ab
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu May 24 14:43:42 2012 +0300
Merge branch 'debian-unstable' into debian-experimental-n
commit f6cf67c38ded48bd5d2984fd12c9f53eda4d3915
Merge: 2056487 1e7c3cc
Author: Timo Aaltonen <tjaalton at ubuntu.com>
Date: Thu May 24 14:43:31 2012 +0300
Merge branch 'upstream-unstable' into debian-experimental-n
commit 2056487e6d50a95faefc00038890905bda422d92
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Fri May 11 15:03:42 2012 -0400
Bumping version to 1.8.91 for 1.9.0 beta 1 release
commit e59e09b5010f262228bbdeb92a79b733bf5854b3
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Fri May 11 15:02:02 2012 -0400
Updating translations for 1.9.0 beta 1 release
commit d248b68f90e60a1dd1cca1f694cc51bc3007c8b1
Author: Jan Engelhardt <jengelh at inai.de>
Date: Fri May 11 14:23:51 2012 -0400
build: resolve link failure
libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -fno-strict-aliasing -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,--version-script -Wl,./src/providers/sssd_be.exports -o sssd_be src/providers/data_provider_be.o src/providers/data_provider_fo.o src/providers/data_provider_opts.o src/providers/data_provider_callbacks.o src/providers/fail_over.o src/resolv/async_resolv.o -Wl,--export-dynamic -lpam -lcares ./.libs/libsss_util.a -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config -lcollection -ldhash -llber -lldap -ltdb -lunistring -lcrypto
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: src/providers/data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5'
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: note: 'dlsym@@GLIBC_2.2.5' is defined in DSO /lib64/libdl.so.2 so try adding it to the linker command line
/lib64/libdl.so.2: could not read symbols: Invalid operation
collect2: error: ld returned 1 exit status
make[2]: *** [sssd_be] Error 1
Signed-off-by: Stephen Gallagher <sgallagh at redhat.com>
commit 79a93ba6dc35ebe525e2d7587bc7e293e8cf3b81
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Fri May 11 16:27:46 2012 +0200
SYSDB: Handle user and group renames better
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.
The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
commit 3db7aca0479a30f4a1e66a35b4b7b7bcfd81a78f
Author: Ariel Barria <arielb at fedoraproject.org>
Date: Thu May 10 22:18:52 2012 -0500
Bad check for id_provider=local and access_provider=permit
documentation-access_provider
Signed-off-by: Stephen Gallagher <sgallagh at redhat.com>
commit 2d34690ae92215d355b0272001d9e68214dc80f6
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Tue May 8 15:33:17 2012 +0200
sysdb: return proper error code from sysdb_sudo_purge_all
commit 62826f0052c1d6b71f62c1149c894d40549828ad
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Jul 4 17:16:31 2011 -0400
Filter out IP addresses inappropriate for DNS forward records
https://fedorahosted.org/sssd/ticket/949
commit 388214d8cc47968fa7f53c5a6624746b42865dde
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Tue May 8 14:14:07 2012 +0200
subdomains: Fix error handling in Data Provider
The subdomains back end request was sending replies in a format the
responder did not understand in case the request failed.
commit 85e82e6a0de8668a1d0d9b29b61e731924871527
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu May 10 13:09:05 2012 +0200
Send the correct enumeration request
https://fedorahosted.org/sssd/ticket/1329
commit ae8d047122c7ba8123f72b2eac68944868ac37d4
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue May 8 08:47:33 2012 -0400
LDAP: Handle very large Active Directory groups
Active Directory 2008R2 allows only 1500 group members to be
retrieved in a single lookup. However, when we hit such a
situation, we can take advantage of the ASQ lookups, which are not
similarly limited.
With this patch, we will add any members found by ASQ that were
not found by the initial lookup so we will end with a complete
group listing.
https://fedorahosted.org/sssd/ticket/783
commit ca4b7b92738f3dd463914e3de5757cd98d37a983
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue May 8 13:37:14 2012 -0400
LDAP: Add attr_count return value to build_attrs_from_map()
This is necessary because in several places in the code, we are
appending to the attrs returned from this value, and if we relied
on the map size macro, we would be appending after the NULL
terminator if one or more attributes were defined as NULL.
commit e2a59ba258ab98a6f50a1af627bc4cdceaa59101
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue May 8 14:48:14 2012 -0400
SYSDB: Add better error logging to sysdb_set_entry_attr()
commit 312818233ce48471c56d1a7589579892d9726e3b
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed May 9 12:43:06 2012 -0400
NSS: Add default_shell option
This option will allow administrators to set a default shell to be
used if a user does not have one set in the identity provider.
https://fedorahosted.org/sssd/ticket/1289
commit f6dbb235373b122ae15643ef5dbbe821ee1307d9
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed May 9 11:07:31 2012 -0400
NSS: Add fallback_homedir option
This option is similar to override_homedir, except that it will
take effect only for users that do not have an explicit home
directory specified in LDAP.
https://fedorahosted.org/sssd/ticket/1250
commit 163a17f00c42f2405d8fb0a2af3bc9d8b7309260
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed May 9 18:31:21 2012 +0200
Try all KDCs when getting TGT for LDAP
When the ldap child process is killed after a timeout, try the next KDC.
When none of the ldap child processes succeed, just abort the connection
because we wouldn't be able to authenticate to the LDAP server anyway.
https://fedorahosted.org/sssd/ticket/1324
commit 0327d4d33a0fba0590d9066ace18f7128b2de2c5
Author: Stef Walter <stefw at gnome.org>
Date: Wed May 9 13:29:14 2012 +0200
Clearer documentation for use_fully_qualified_names
* Previously only the side effect was described.
commit 4e3b55b5f6be51b03c8c51f764aa71677d184847
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Fri May 4 16:24:50 2012 +0200
Only reset kpasswd server status when performing a chpass operation
https://fedorahosted.org/sssd/ticket/1316
commit 06ca37517d873ff240422c4c004d97e1d067af14
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon May 7 15:42:29 2012 +0200
krb5 locator: Do not leak addrinfo
commit 4627cf4d8a949d1d7b4a9b24f9ad3b9a06d5b5bc
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Fri May 4 16:52:49 2012 +0200
Special-case LDAP_SIZELIMIT_EXCEEDED
Previous version of the SSSD did not abort the async LDAP search
operation on errors. In cases where the request ended in progress, such
as when the paging was very strictly limited, the old versions at least
returned partial data.
This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a
user-visible regression.
https://fedorahosted.org/sssd/ticket/1322
commit 7efbb82f43d5b7c17c4f7a4bfc363e6bf0291281
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon May 7 11:52:34 2012 +0200
Kerberos locator: Include the correct krb5.h header file
https://fedorahosted.org/sssd/ticket/1325
commit 4246f60ebd574a30392f3bcf5048c2379a17399f
Author: Pavel Březina <pbrezina at redhat.com>
Date: Mon May 7 18:51:08 2012 +0200
Fix typo in debug message
commit 4c157ecedd52602f75574605ef48d0c48e9bfbe8
Author: Stef Walter <stefw at gnome.org>
Date: Tue Apr 10 22:20:53 2012 +0200
Limit krb5_get_init_creds_keytab() to etypes in keytab
* Load the enctypes for the keys in the keytab and pass
them to krb5_get_init_creds_keytab().
* This fixes the problem where the server offers a enctype
that krb5 supports, but we don't have a key for in the keytab.
https://bugzilla.redhat.com/show_bug.cgi?id=811375
commit 5b1a798a2a792c74e5f11f744f4f5b663c8b93c3
Author: Stef Walter <stefw at gnome.org>
Date: Mon May 7 10:41:24 2012 +0200
Remove erroneous failure message in find_principal_in_keytab
* When it's actually a failure, then the callers will print
a message. Fine tune this.
commit 4d1a261202d828efc84e3a84d16c30548f29f76d
Author: Stef Walter <stefw at gnome.org>
Date: Wed Apr 11 12:12:57 2012 +0200
If canon'ing principals, write ccache with updated default principal
* When calling krb5_get_init_creds_keytab() with
krb5_get_init_creds_opt_set_canonicalize() the credential
principal can get updated.
* Create the cache file with the correct default credential.
* LDAP GSSAPI SASL would fail due to the mismatched credentials
before this patch.
https://bugzilla.redhat.com/show_bug.cgi?id=811518
commit 077ec9ac6dfef339c16ecc9c2f60cd77e62c9272
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Fri May 4 13:59:51 2012 -0400
SSSDConfigAPI: Fix missing option in tests
commit bf8cce77a35cb0a3cdb0d21fb9c39b7b6372bc11
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Tue May 1 03:36:37 2012 -0400
Modify behavior of pam_pwd_expiration_warning
New option pwd_expiration_warning is introduced which can be set per
domain and can override the value specified by the original
pam_pwd_expiration_warning.
If the value of expiration warning is set to zero, the filter isn't
apllied at all - if backend server returns the warning, it will be
automatically displayed.
Default value for Kerberos: 7 days
Default value for LDAP: don't apply the filter
Technical note: default value when creating the domain is -1. This is
important so we can distinguish between "no value set" and 0. Without
this possibility it would be impossible to set different values for LDAP
and Kerberos provider.
commit 9fd2775fe1ced6ff6a9a3ff7db124fcb52dade5d
Author: Sumit Bose <sbose at redhat.com>
Date: Thu May 3 12:51:55 2012 +0200
Fix endian issue in SID conversion
Since the byte-order is only important when dealing with the binary SID
the sub-auth values are stored in host order and are only converted
while reading or writing the binary SID.
commit aef21bb77289a61796436eff7a08f64480f813ce
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed May 2 19:51:27 2012 -0400
LDAP: Add support for enumeration of ID-mapped users and groups
commit a23919ed39d212f9f5694d9b103c84641fdb7680
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue Apr 24 14:21:40 2012 -0400
MAN: Add manpage for ID mapping
commit c20a339d54b39120b4051f690ca759e6d079f177
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Mon Apr 23 08:40:07 2012 -0400
LDAP: Treat groups with unmappable SIDs as non-POSIX groups
commit 8be5e4497e5008f7807178acdfcbf97365ec4e73
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Mon Apr 23 08:05:07 2012 -0400
LDAP: Add helper function to map IDs
This function will also auto-create a new ID map if the domain has
not been seen previously.
commit 3f2fa4c9290afdb393c760419a0ff686045a1ab3
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Mon Apr 23 08:58:54 2012 -0400
LDAP: Do not remove uidNumber and gidNumber attributes when saving id-mapped entries
commit 58d02e0d3d6d48c97fccdb2ad7212e065671ad6d
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Mon Apr 23 08:55:58 2012 -0400
LDAP: Add helper routine to convert LDAP blob to SID string
commit 532eb49e129bedf57cdbd0a66f39ad228b8f2482
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 20:52:58 2012 -0400
LDAP: Map the user's primaryGroupID
commit c0dc67f92a4abee6bcce304117bf2a2362ad812c
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 15:22:08 2012 -0400
LDAP: Enable looking up id-mapped groups by GID
commit 2aae75b167f1d9d5cf65d5529c585cfb18c6207b
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 15:14:22 2012 -0400
LDAP: Allow looking up ID-mapped groups by name
commit 28f9836c888ce351400f8d1fd42eac905ce99f1d
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 11:12:00 2012 -0400
LDAP: Enable looking up id-mapped users by UID
commit 1a79825cfbbd26ef12ad085487247e5adf4d657d
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sat Apr 21 10:33:15 2012 -0400
LDAP: Allow automatically-provisioning a domain and range
If we get a user who is a member of a domain we haven't seen
before, add a domain entry (auto-assigning its slice).
Since we don't know the domain's real name, we'll just save the
domain SID string as the name as well.
commit 45f75fc8e98092fa48faa3d180fd42f7efd51486
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sat Apr 21 10:32:13 2012 -0400
LDAP: Add routine to extract domain SID from an object SID
Also makes the domain prefix macros from sss_idmap public.
commit 4f3fd1fb264a7eaf3a9d062d49e071b0d17e4deb
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sat Apr 21 09:31:36 2012 -0400
LDAP: Allow setting a default domain for id-mapping slice 0
commit 2fd5864ac8eb2c4cfa0fafe7c0431a74f2ebe1fb
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sat Apr 21 09:09:43 2012 -0400
LDAP: Add autorid compatibility mode
commit 8538f3d5109c548049c344fa042684d9d40f04d6
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 14:05:30 2012 -0400
LDAP: Enable looking up ID-mapped users by name
commit d0a10e530823d6d8eff31ef164eee9ba2fb71c63
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 13:59:57 2012 -0400
LDAP: Initialize ID mapping when configured
commit 13c88d62a09c152983abc99d989bb077fa987acb
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 13:57:54 2012 -0400
LDAP: Add ID mapping range settings
commit 505e75ba28b42bb3de7a6d55de825091b70cc2b2
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sun Apr 22 13:52:51 2012 -0400
LDAP: Add helper routines for ID-mapping
commit 817b1bcafff27cc67630dd0cbd36df708c05fccc
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Sat Apr 21 17:21:38 2012 -0400
SYSDB: Add sysdb routines for ID-mapping
commit d38cd6a211d3b68036ceb7bc875f832433afd035
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed Apr 11 21:06:36 2012 -0400
LDAP: Add id-mapping option
commit 4f07a5ba197b902afd3a785baf6bd9967f50dfd2
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue Apr 10 20:00:36 2012 -0400
LDAP: Add objectSID config option
commit dbdf6911688315515a36bb91786108a95d033128
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu May 3 17:15:09 2012 +0200
Read sysdb attribute name, not LDAP attribute map name
https://fedorahosted.org/sssd/ticket/1320
commit b42b5d5aaf4da165582e73ad985fdff6e34e61e4
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 18 14:27:44 2012 +0200
SSH: Add dp_get_host_send to common responder code
Instead of using account_info request, creates a new ssh specific
request. This improves code readability and will make the code more
flexible in the future.
https://fedorahosted.org/sssd/ticket/1176
commit d226a2a0f8e6738507874f3e04bf281c2bf526b1
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Tue Apr 24 11:15:04 2012 +0200
Rename split_service_name_filter
The function was used outside services code which was confusing due to
its name. This patch renames it to sound more netrual.
commit e927bf39fc8e01ee5bec7734b50c2b2e76c6330b
Author: Sumit Bose <sbose at redhat.com>
Date: Thu May 3 10:15:47 2012 +0200
Fix typo in spec file
commit cff916f5352fe7c3a679571130090efdb935618a
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Wed May 2 13:25:05 2012 -0400
SYSDB: Handle upgrade script failures better
There was a bug in finish_upgrade() where it would return EOK if
it succeeded in canceling the transaction due to an error. We
should instead be returning the original error.
commit 5f93f452e4a80d6b0243eaf3c583d0caf9981ca0
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 26 13:06:26 2012 +0200
AUTOFS: remove unused assignments
Also changes setautomntent_send so that is only return NULL in case the
tevent_req creation fails.
commit 07002c911aa643000856f78707f1fee72b5eea29
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 26 11:21:59 2012 +0200
IPA: Check return values
commit c9041cb7addc1a49e0771246d17de101662fbcbc
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 17:15:21 2012 +0200
PROXY: return correct return codes
We were reporting on the value of "status" instead of "ret'. We also
didn't set ret to EOK in cases group contained no members.
commit 3353308213d623b2ad0f0044859039c0f8cb7ef5
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 16:45:06 2012 +0200
SSS_DEBUGLEVEL: silence analyzer warnings
Errno was returned instead of ret.
The other hunk removes return code from fread - it is not needed, the
NULL termination of the string is ensured by initializing the buffer.
commit f69456de37d7a4bf9ffd527c747a3ccb14fc0635
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed May 2 16:52:43 2012 +0200
NSS: fix returning group from cache
commit e9597202540eca119b9a292cd5430de33fb793c1
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue May 1 16:30:42 2012 -0400
Handle endianness issues on older systems
Older versions of glibc (like that on RHEL 5) do not have the
le32toh() function exposed. We need this for handling the Active
Directory ID-mapping, so we'll copy these macros from endian.h on
a newer glibc.
commit 8a90e3ce2d2e47ea8c031493e9aaaf551aaa30ad
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 26 13:00:49 2012 +0200
DP: return correct error message when subdomains back end target is not configured
The done handler uses the value of status, not ret.
commit 6d7781a0cfef141a647436cc0cc3e339fd3f413d
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 26 11:30:36 2012 +0200
HBAC: Prevent NULL dereference in hbac_evaluate
'info' is optional parameter and can be set to NULL
commit 236f2207266afed01367d1f6d1cfd7d8c3dff34c
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 26 11:23:09 2012 +0200
ipa_get_config_send: remove unused assignment
commit 66b927a4f19f18f2ed07be416747817037b47909
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 26 11:20:13 2012 +0200
IPA netgroups: return EOK when there are no netgroups to process
If the code fell through the loop, ret would have been random value.
commit 26d72997b0a97a24015b776e41a430e8c874995f
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 26 11:12:35 2012 +0200
NSS: Check return code of sss_mmap_cache_gr_store
commit 3c6a4eead4e9186d0ea2e9ac7092f1a7a9e0bf6d
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 17:18:10 2012 +0200
PAM_SSS: report error code if write fails
clang had reported this as "value of ret is never used", I think it
would be nice to report a meaningful error message.
commit e625a14490d913aeb415a3acecb02af9e57ea233
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 17:08:58 2012 +0200
PYHBAC: Return NULL on failure
The error handler would simply fall through instead of returning NULL.
commit c3f4aaa1a26035d05e60238d3e2df7fb4429ae28
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 17:00:50 2012 +0200
RESPONDER: check return value from confdb_get_int
sss_process_init forgot to check return value of confdb_get_int
commit 067379e78f2295462be246d8ecafb1c693b4a5f7
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 16:57:06 2012 +0200
LDAP: check return value of sysdb_attrs_get_el
commit 33aa72ea4d6b04549be0b47e8ec6ff9375621de8
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 16:54:48 2012 +0200
SERVER: use the correct return code of sss_atomic_write_s
commit c6c4b5a848735dfad4a071c09c00184791409b3f
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 16:51:00 2012 +0200
SSH: return NULL on error in ssh_host_pubkeys_format_known_host_plain
The 'result' pointer must be initialized tin order to always return a
defined value.
commit debccfee089ff6e952733f44c891840b74e243ec
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 16:27:12 2012 +0200
SYSDB: check return value
In addition to testing the number of elements, also check the return
value of sysdb_attrs_get_el.
commit 20aee697450e41423ca0e2fc749e659d18f19976
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 16:20:59 2012 +0200
SYSDB: return EOK if empty message is passed into get_rm_msg
If the code never entered the loop in get_rm_message, we would return
arbitrary return value.
commit 69e7d6649b58c66675ef38084868fc5356c5a240
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 25 16:17:35 2012 +0200
SUDO: Return ret, not EOK
This patch fixes bad refactoring - the function used to return value
directly on error and EOK as the last statement. If was then converted
into using goto label, but the last statement was still returning EOK
instead of the value it should.
commit b6dfbf81c61d4431aaa81687ec53e892f8b71edb
Author: Sumit Bose <sbose at redhat.com>
Date: Wed Apr 25 09:16:41 2012 +0200
Allow different SID representations in libidmap
Besides as strings it is now possible to use binary SIDs or a struct
containing all SID information. Functions to convert between these
formats are added as well.
commit c8a124ac1b03d83016bda02cad5a369ce6fb1cd7
Author: Stef Walter <stefw at gnome.org>
Date: Tue Apr 24 11:32:04 2012 +0200
execv, excvp and exec_child never return EOK
* So don't need to handle that case
commit 24ba5b87c9a2c01deddc9be867e4951e2a397146
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Tue Apr 24 23:52:13 2012 +0200
NSS: Only return data from initgroups once
Do not let nss_cmd_initgroups_search() return data itself, but let the
caller return data. This is more intuitive and more consistent with the
rest of the nss_cmd_*_search() functions.
Also fixes a typo - nss_cmd_initgroups_cb used to call getpw_send_reply
instead of initgr_send_reply.
commit 25912ba00b14f06db32b982fd067c3fa0a09e99f
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Tue Apr 24 15:48:53 2012 +0200
Lowercase group members in case-insensitive domains
https://fedorahosted.org/sssd/ticket/1312
commit f34e96625d745c8fd13bf31107e0c66f1fbf1a65
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Tue Apr 24 09:06:41 2012 -0400
murmurhash: Relax inline requirement
commit 2c68b4a680e64d8e506794d5976367394133504b
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Tue Apr 24 13:25:18 2012 -0400
Two fixes in responder subdomain code
commit 53dae47b4e8995be624c74cb2d4838c6856b0ba4
Author: Pavel Březina <pbrezina at redhat.com>
Date: Mon Apr 23 14:42:19 2012 +0200
fix copy and paste error in comment
commit 4fa3ef8d8a8a3cddf8025d306c3b90b37dd431bc
Author: Jan Cholasta <jcholast at redhat.com>
Date: Wed Apr 18 07:05:29 2012 -0400
SSH: Add support for hashed known_hosts
https://fedorahosted.org/sssd/ticket/1203
commit b35f20cd8ecdc8308a3201e55752fb0443ec6ae4
Author: Jan Cholasta <jcholast at redhat.com>
Date: Tue Apr 17 11:03:23 2012 -0400
UTIL: Add HMAC-SHA-1 function
commit 84c5d214242c3846a1b4c8f80e1935e77fe1c5c7
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 14 06:02:17 2012 -0400
Utilize sysdb context within be_req in HBAC
commit 55d21766613d11646da3e2e7df69ca02c03ee053
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 14 05:29:45 2012 -0400
Detect subdomain request in IPA access provider
commit a0f186208e39a88b9e18d875121c5032531e7705
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 14 05:28:46 2012 -0400
Accept be_req instead if be_ctx in LDAP access provider
commit 8a5d5947a640a7208fa8ed732676bf10ab451fbc
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 14 04:56:37 2012 -0400
Carry sysdb context and domain info in be_req structure
commit 6d485cdb11d3c2b8855a6380f759ae2df6e5c35b
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Mon Mar 5 04:04:28 2012 -0500
Basic support for subdomains in auth provider
commit 8aec6ca927c4cb08933d3725447765d08553c4de
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Mon Mar 5 03:51:07 2012 -0500
Send PAM requests for subdomains to the right provider
commit 881c4ba834b23ae651ac01db667801f314eb0a5d
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Thu Feb 16 09:55:13 2012 -0500
Add ID operations in subdomains
commit 36a12aea020a935ffa40505fa02860c3d921ad0c
Author: Sumit Bose <sbose at redhat.com>
Date: Thu Feb 16 09:53:53 2012 -0500
Add s2n extended operation
commit 29be7d76c949b82350c7603cfd362a1fcb47eb1b
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 14 06:09:03 2012 -0400
Moved expand_homedir_template() from NSS responder to utility code
commit 8ccb0de226ccb9330f5a6865de487d6f0313902d
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 14 06:18:45 2012 -0400
New config option for subdomains
subdomain_homedir - if set, it contains default value, can be overriden
in further processing
commit d1cec5a8fc58293231c72c1f967ef5421a24a33b
Author: Sumit Bose <sbose at redhat.com>
Date: Fri Dec 23 18:59:52 2011 +0100
Add domain name to get_account_info request
commit 81165faf5d951aca69f410713730c26ff048ec44
Author: Sumit Bose <sbose at redhat.com>
Date: Mon Dec 19 17:54:40 2011 +0100
IPA: Add get-domains target
commit fe1ac2443811a7125f2ddd0382a3f437f20377de
Author: Sumit Bose <sbose at redhat.com>
Date: Fri Dec 16 12:19:59 2011 +0100
data provider: added subdomains
commit 10894343a975174b7efe5a178641df71c7ef9f57
Author: Sumit Bose <sbose at redhat.com>
Date: Wed Feb 15 06:14:26 2012 -0500
Check sub-domains in nss_cmd_get{pwuid|grgid}_search()
commit 3d715363a3bfac489b7500dd70de6b6bdc7aa405
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Thu Mar 29 08:06:47 2012 -0400
Ask for subdomains in responder in the first request after startup
commit f2d943ee47bb313e0bb7276122587989a3c54fb4
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Thu Dec 15 05:16:10 2011 -0500
Retrieve subdomains if there is a request for fully qualified user
commit 6fdde3913a11cd6148627696fa8717c34e8460fc
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 28 07:54:26 2012 -0400
Modified responder_get_domain()
Now it checks for subdomains as well as for the domain itself
commit c0f9698cd951b7223f251ff2511c4b22a6e4ba60
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Thu Mar 29 04:30:34 2012 -0400
Responder part of the subdomain retrieval work
commit d3f2fd9cb21cc10dce663a2f7d0deda07074e44e
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Thu Mar 29 04:39:42 2012 -0400
Add conn_name to allow different names for domains and connections
commit 20d0bc6d587f346238062df4da5edfde815e59b1
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Wed Mar 28 07:53:53 2012 -0400
Add some utility functions for subdomains
commit e76d78338026fa47dca32eaf7f5c15eabb1b951a
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Mon Feb 13 11:44:22 2012 -0500
Sysdb routines for subdomains
commit 9973a3ae3095fd9bccfc48ec70b987fdd9907bc7
Author: Yuri Chornoivan <yurchor at ukr.net>
Date: Fri Apr 20 19:22:37 2012 +0300
Fix typo: retreiving->retrieving
commit 7070641527c4bf94f77a3756ba24824cf664b959
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Fri Apr 20 11:08:39 2012 +0200
Get the RootDSE after binding if not successfull before
https://fedorahosted.org/sssd/ticket/1258
commit 2b7349575770521243a34611e97d73790946a961
Author: Stephen Gallagher <sgallagh at redhat.com>
Date: Fri Apr 20 12:25:43 2012 -0400
Fix linker issue with pam_sss
commit 32472cc4c9c42e49673e3282095f164531c6eb41
Author: Marco Pizzoli <marco.pizzoli at gmail.com>
Date: Sun Feb 12 12:14:53 2012 +0100
Two manual pages fixes
commit 374bf54785365273b20690bd3792c25a44738041
Author: Pavel Březina <pbrezina at redhat.com>
Date: Fri Mar 23 14:23:58 2012 +0100
Install and uninstall all documentation
Every directory listed in SSSD_DOCS in Makefile.am
will be installed as documentation.
commit 5cdf893b7d0991e459911145b3c9b1011d31ca6b
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 11 09:37:16 2012 +0100
Test RFC2307bis and RFC2307 option maps
https://fedorahosted.org/sssd/ticket/1281
Only user, group and autofs maps are different. Services and netgroups
are using the same map.
commit 1c1b73f82d98d3289b924f3ea499157195660af0
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 16 16:34:53 2012 +0200
Warn on 'make update-po' if there are manpages not listed in po4a.cfg
https://fedorahosted.org/sssd/ticket/1219
commit 9b3f37cb0c70c7b18c49b657e3799094a8711cad
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 16 10:38:05 2012 +0200
Document sss_tools better
https://fedorahosted.org/sssd/ticket/917
commit 9d7d4458d94d0aac0a7edf999368eb18f89cb76a
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 2 17:26:05 2012 -0400
Convert read and write operations to sss_atomic_read
https://fedorahosted.org/sssd/ticket/1209
commit 9959c512ac3ba36f7a0db7614f0357ce0bae748f
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 9 23:30:58 2012 +0200
Move atomic io function to a separate module
We'll be using it on various places of the SSSD. The function is in its
own file to allow using just the one piece without having to drag in the
whole util.c module.
commit e3c99ae355408933b03357220f3db09423bd40dd
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 2 17:22:16 2012 -0400
sss_atomic_io: Do not fail reads with EPIPE if there is not enough data to read
Also adds a unit test for sss_atomic_io()
commit f34a9f4bd791d9ba7b4bb1df5011e68eb9f6d485
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Apr 18 12:54:21 2012 +0200
sdap_check_aliases must not error when detects the same user
https://fedorahosted.org/sssd/ticket/1307
commit b83e43eb88879c7fb3114aafcc525356ff7d4235
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 16 12:01:37 2012 +0200
Make the monitor SIGKILL time configurable
https://fedorahosted.org/sssd/ticket/1119
commit cdf4599ba44a6b17818cb5e77f3a727491b7e85e
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Tue Apr 10 15:24:33 2012 +0200
Free controls in sdap_rebind_proc
commit 51773686d354b82081830444c048706d83d43d65
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Thu Apr 12 18:21:48 2012 +0200
proxy: new option proxy_fast_alias
commit 28d1ff294f7d612f6d37c82ed426b8bf5c34bfaf
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Wed Mar 28 01:04:52 2012 +0200
proxy: Canonicalize user and group names
https://fedorahosted.org/sssd/ticket/1249
commit 421bf81e49f430f8fe5f1a58333edad1696372fb
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 16 10:56:55 2012 +0200
MAN: document the hostid and autofs providers
commit 16f925f39f7428b2b1aaede44971bfbfcd151d3f
Author: Jakub Hrozek <jhrozek at redhat.com>
Date: Mon Apr 16 10:04:35 2012 +0200
MAN: timeout can be specified for services, too
commit 3074b0ba08df922c5a266ed2962d07e1db7261bd
Author: Jan Zeleny <jzeleny at redhat.com>
Date: Tue Apr 17 09:02:55 2012 -0400
Fixed minor memory leak in ldap provider
More information about the Pkg-sssd-devel
mailing list