Skip to content

Commits

Permalink
url_in_hbac
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on May 12, 2016

  1. Empty request does not mean we do not need to compare the attributes

    @KamikazeCZ
    KamikazeCZ committed May 12, 2016
    Copy the full SHA
    99b4167 View commit details
    Browse the repository at this point in the history

Commits on May 8, 2016

  1. correct attribute evaluation order

    @KamikazeCZ
    KamikazeCZ committed May 8, 2016
    Copy the full SHA
    537fb9f View commit details
    Browse the repository at this point in the history

Commits on May 5, 2016

  1. Fixed evaluation order - schemeAndHost and URI first, otherwise longe… 

    …st-prefix matching will not work
    @KamikazeCZ
    KamikazeCZ committed May 5, 2016
    Copy the full SHA
    64670a9 View commit details
    Browse the repository at this point in the history

  2. ipaHBACRuleURI

    @KamikazeCZ
    KamikazeCZ committed May 5, 2016
    Copy the full SHA
    1c593b4 View commit details
    Browse the repository at this point in the history

Commits on Apr 27, 2016

  1. Added URL to HBAC rule in FreeIPA. Changed SSSD to get it from there … 

    …and evaluate based on it. Also added a way for the client to include URI in a PAM request.
    @lhellebr @KamikazeCZ
    lhellebr authored and KamikazeCZ committed Apr 27, 2016
    Copy the full SHA
    7dde19b View commit details
    Browse the repository at this point in the history

  2. LDAP: Print port in sdap_print_server 

    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    @jhrozek
    Lukas Slebodnik authored and jhrozek committed Apr 27, 2016
    Copy the full SHA
    878237a View commit details
    Browse the repository at this point in the history

Commits on Apr 22, 2016

  1. IPA: terminate properly if view name lookup fails 

    Since commit 5a5f1e1 the view name
lookup is the last step in the subdomain lookup request. In case of an
error the request should be finished and no previous step should be
called again.

Resolves https://fedorahosted.org/sssd/ticket/2993

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
    @sumit-bose @jhrozek
    sumit-bose authored and jhrozek committed Apr 22, 2016
    Copy the full SHA
    57d8b4b View commit details
    Browse the repository at this point in the history

  2. intg: Use different uid range for add_remove tests 

    Most linux distribution create local users from UID 1000.
We used similar UID space in sssd but it might caused
issues in add remove tests becuase sssd in cwrap enviroment
run in the same PID space. If sssd try to remove user
with uid 1001 it will fail because the local user with the same UID
is active and sssd does not remove active users.

Reviewed-by: Petr Cech <pcech@redhat.com>
    @jhrozek
    Lukas Slebodnik authored and jhrozek committed Apr 22, 2016
    Copy the full SHA
    e97d997 View commit details
    Browse the repository at this point in the history

Commits on Apr 21, 2016

  1. build: move ndr_krb5pac check to the other Samba checks 

    Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @sumit-bose
    sumit-bose authored and Lukas Slebodnik committed Apr 21, 2016
    Copy the full SHA
    91d3120 View commit details
    Browse the repository at this point in the history

Commits on Apr 20, 2016

  1. TOOL: Invalidation of sudo rules at sss_cache 

    This patch adds new functionality to sss_cach for invalidation of given
sudo rule or all sudo rules.

Resolves:
https://fedorahosted.org/sssd/ticket/2081

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @celestian
    celestian authored and Lukas Slebodnik committed Apr 20, 2016
    Copy the full SHA
    fd3cbf6 View commit details
    Browse the repository at this point in the history

  2. SSS_CACHE: Refactor 

    Refactor of sss_cache tool.

Resolves:
https://fedorahosted.org/sssd/ticket/2081

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @celestian
    celestian authored and Lukas Slebodnik committed Apr 20, 2016
    Copy the full SHA
    be6d25e View commit details
    Browse the repository at this point in the history

  3. TESTS: Test of sysdb_search_sudo_rules 

    There are tests functions of sysdb_sudo_rules.

Resolves:
https://fedorahosted.org/sssd/ticket/2081

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @celestian
    celestian authored and Lukas Slebodnik committed Apr 20, 2016
    Copy the full SHA
    27a7ded View commit details
    Browse the repository at this point in the history

  4. SYSDB: Add new funtions into sysdb_sudo 

    This patch adds two new functions into public
API of sysdb_sudo:
* sysdb_search_sudo_rules
* sysdb_set_sudo_rule_attr

Resolves:
https://fedorahosted.org/sssd/ticket/2081

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @celestian
    celestian authored and Lukas Slebodnik committed Apr 20, 2016
    Copy the full SHA
    e2d26e9 View commit details
    Browse the repository at this point in the history

  5. NEGCACHE: Removing of condition for ttl = -1 

    If ttl = -1 then function sss_ncache_check_str() returns EEXIST without
checking negcache. This behaviour is out of logic.

We use ttl = 0 for permanent caching.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @celestian
    celestian authored and Lukas Slebodnik committed Apr 20, 2016
    Copy the full SHA
    85a9d31 View commit details
    Browse the repository at this point in the history

  6. NEGCACHE: Fixing typo in test_sss_ncache_gid() 

    There were sss_ncache_*_uid() functions instead of
sss_ncache_*_gid() functions.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @celestian
    celestian authored and Lukas Slebodnik committed Apr 20, 2016
    Copy the full SHA
    ee4be57 View commit details
    Browse the repository at this point in the history

Commits on Apr 19, 2016

  1. sudo: convert get_sudorules to tevent 

    There was a lot of confusion with different error codes
and where to call sudosrv_cmd_done to finish the client
request. Converting it whole to tevent makes it much
more simpler to read and follow the request logic.

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @pbrezina
    pbrezina authored and Lukas Slebodnik committed Apr 19, 2016
    Copy the full SHA
    b3ca357 View commit details
    Browse the repository at this point in the history

  2. sudo: do not use tevent when parsing query 

    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @pbrezina
    pbrezina authored and Lukas Slebodnik committed Apr 19, 2016
    Copy the full SHA
    15d41c8 View commit details
    Browse the repository at this point in the history

  3. sudo: use cache_req for initgroups 

    This is just blind code change, the next patch will improve it so
for example we don't do initgroups during query-parsing phase.

Resolves:
https://fedorahosted.org/sssd/ticket/1126

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @pbrezina
    pbrezina authored and Lukas Slebodnik committed Apr 19, 2016
    Copy the full SHA
    52300e3 View commit details
    Browse the repository at this point in the history

  4. sudo: remove unused structure sudo_dp_request 

    Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @pbrezina
    pbrezina authored and Lukas Slebodnik committed Apr 19, 2016
    Copy the full SHA
    536dcc7 View commit details
    Browse the repository at this point in the history

  5. krb5_auth_store_creds: silence spurious debug message 

    During a pre-authentication request there are always messages like:

... [krb5_auth_store_creds] (0x0010): unsupported PAM command [249].
... [krb5_auth_store_creds] (0x0010): password not available, offline auth may not work.

This patch removes them.

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @sumit-bose
    sumit-bose authored and Lukas Slebodnik committed Apr 19, 2016
    Copy the full SHA
    c3d2f8c View commit details
    Browse the repository at this point in the history

Commits on Apr 18, 2016

  1. IPA_SUDO: Prevent dereference of NULL pointer 

    Error: NULL_RETURNS (CWE-476): [#def31]
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    returned_null: "ipa_sudo_conv_lookup" returns null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:149:9:
    return_null: Explicitly returning null.
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:964:
    var_assigned: Assigning: "cmdgroup" = null return value
                  from "ipa_sudo_conv_lookup".
sssd-1.13.4/src/providers/ipa/ipa_sudo_conversion.c:966:
    dereference: Dereferencing a null pointer "cmdgroup".
 #  964|           cmdgroup = ipa_sudo_conv_lookup(conv->cmdgroups, listitem->dn);
 #  965|
 #  966|->         ret = add_strings_lists(mem_ctx, values, cmdgroup->expanded,
 #  967|                                   false, discard_const(&values));
 #  968|           if (ret != EOK) {

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    Lukas Slebodnik committed Apr 18, 2016
    Copy the full SHA
    e547eb5 View commit details
    Browse the repository at this point in the history

  2. SYSDB_SUDO: Remove useless test 

    The function sysdb_search_custom cannot return EOK
and together set output argument count to zero.
This case is already handled in function sysdb_search_entry
which is used inside sysdb_search_custom.

Such useless test can just cause read of unitialized variable
in case of other errors returned from sysdb_search_custom.

Error: UNINIT (CWE-457): [#def1]
sssd-1.13.4/src/db/sysdb_sudo.c:678:
    var_decl: Declaring variable "count" without initializer.
sssd-1.13.4/src/db/sysdb_sudo.c:698:
    uninit_use: Using uninitialized value "count".
 #  696|                                 SUDORULE_SUBDIR, attrs,
 #  697|                                 &count, &msgs);
 #  698|->     if (ret == ENOENT || count == 0) {
 #  699|           DEBUG(SSSDBG_TRACE_FUNC, "No rules matched\n");
 #  700|           ret = EOK;

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    Lukas Slebodnik committed Apr 18, 2016
    Copy the full SHA
    aeb3cef View commit details
    Browse the repository at this point in the history

Commits on Apr 13, 2016

  1. test_ad_common: Include missing header if building with NSS 

    There was a compile time warning if building with NSS crypto
libraries.

src/tests/cmocka/test_ad_common.c: In function ‘main’:
src/tests/cmocka/test_ad_common.c:873:5: error: implicit declaration of function ‘nspr_nss_cleanu’ [-Werror=implicit-function-declaration]
     nspr_nss_cleanup();
     ^~~~~~~~~~~~~~~~

Reviewed-by: Pavel Reichl <preichl@redhat.com>
    Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    60e54ce View commit details
    Browse the repository at this point in the history

  2. tests: Check NULL context in sysdb-tests when removing group members 

    This is done to make sure the memberof module does not leak memory.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @jhrozek
    jhrozek authored and Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    883fb90 View commit details
    Browse the repository at this point in the history

  3. memberof: Don't allocate on NULL when deleting memberUids 

    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @jhrozek
    jhrozek authored and Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    27a0be2 View commit details
    Browse the repository at this point in the history

  4. memberof: Fix a memory leak when removing ghost users 

    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @jhrozek
    jhrozek authored and Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    c07fb3f View commit details
    Browse the repository at this point in the history

  5. test_be_ptask: Check leaks in tests 

    Reviewed-by: Sumit Bose <sbose@redhat.com>
    Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    f818dba View commit details
    Browse the repository at this point in the history

  6. dp_ptask: Fix memory leak in synchronous ptask 

    structure be_ptask_sync_ctx was not released anywhere when
be_ptask_create_sync was used.

Reviewed-by: Sumit Bose <sbose@redhat.com>
    Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    cf9a3fd View commit details
    Browse the repository at this point in the history

  7. intg: local override for user with mixed case name 

    Test for users with fully-qualified and mixed-cased names are added.

Resolves:
https://fedorahosted.org/sssd/ticket/2989

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @sumit-bose
    sumit-bose authored and Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    32dd0dd View commit details
    Browse the repository at this point in the history

  8. sss_override: only add domain if name is not fully qualified 

    Resolves:
https://fedorahosted.org/sssd/ticket/2989

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @sumit-bose
    sumit-bose authored and Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    e45096a View commit details
    Browse the repository at this point in the history

  9. tools: read additional data of the master domain 

    Resolves:
https://fedorahosted.org/sssd/ticket/2989

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @sumit-bose
    sumit-bose authored and Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    3a8b5cc View commit details
    Browse the repository at this point in the history

  10. sss_override: do not generate DN, search object 

    DNs of existing objects can not be generate reliable because the use of
fully qualified names and upper and lower cases in names has to be
considered. The most reliable way to get the DN is to search the object
and take the DN from the result.

Resolves:
https://fedorahosted.org/sssd/ticket/2989

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
    @sumit-bose
    sumit-bose authored and Lukas Slebodnik committed Apr 13, 2016
    Copy the full SHA
    e6e2d15 View commit details
    Browse the repository at this point in the history

  11. PAC: only save PAC blob into the cache 

    Resolves https://fedorahosted.org/sssd/ticket/2158

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @sumit-bose @jhrozek
    sumit-bose authored and jhrozek committed Apr 13, 2016
    Copy the full SHA
    d0d7de6 View commit details
    Browse the repository at this point in the history

  12. IPA: resolve PAC for trusted users on IPA clients 

    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @sumit-bose @jhrozek
    sumit-bose authored and jhrozek committed Apr 13, 2016
    Copy the full SHA
    c371993 View commit details
    Browse the repository at this point in the history

  13. IPA: ipa_s2n_get_list_send() allow other list types 

    Reviewed-by: Pavel Březina <pbrezina@redhat.com>
    @sumit-bose @jhrozek
    sumit-bose authored and jhrozek committed Apr 13, 2016
    Copy the full SHA
    1df6751 View commit details
    Browse the repository at this point in the history
Older