| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
|
|
Similar to Simo's patch that fixed the tools, this one converts the
python bindings to the start_transaction/end_transaction functions.
Also fixes memory hierarchy so that tools_ctx is allocated in every
operation and used as memory context for the operation instead of
self->mem_ctx which simplifies cleanup.
|
|
- add a hint to the man page about permissions on sssd.conf
- add a test if a symbolic link can be opened
|
|
Use this new utility call to ensure that the config file is safe
to read from.
|
|
Patch adds ability to read
configuration using already open
file descriptor.
Started by Steve G and refined a bit by me.
|
|
|
|
This patch continues work started
with the previous patch.
It resolves message attribute.
Message attribute is a special attribute
in the event that may contain
references to other attributes in the
event. When message is resolved the
references are replaced with actual
values of the referenced attributes.
|
|
Started working on the async processing
and realised that I need to have a good
copy of the event with all the fields resolved
so this patch has some foundation for the async
functions (module elapi_async.c) but they
are mostly stubbed out.
The actual code will be added down the road.
Instead the patch focuses on the code
introduced in elapi_resolve.c module
and the use of the functions from it.
It also adds the implementation of the
high level calls that initialize ELAPI
with the external callbacks to be used
during async processing (elapi_log.c).
|
|
|
|
This is a feature that helps ELAPI.
It makes lookup of the fields that need
to be resolved for every event a bit faster.
The idea is to be able to put a 'pin'
into a specific place while iterating
the collection and make this place a new
"wrap around" place for the collection.
This means that next time you
iterate this collection you will start
iterating from the next item and
the item you got before pin will be last
in your iteration cycle.
Here is the example:
Assume you have two collections that you need
to compare and perform some action on collection
1 based on the presense of the item in collection 2.
Collection1 = A, B, C, D, E. F
Collection2 = A, C, F
The usual approach is to try A from collection 1
against A, B, C from collection 2. "A" will be found
right away. But to find "F" it has to be compared
to "A" and "C" first. The fact that the collections
are to some extent ordered can in some cases
help to reduce the number of comparisons.
If we found "C" in the list we can put a "pin"
into the collection there causing the iterator
to warp at this "pin" point. Since "D" and "E"
are not in the second collection we will have
to make same amount of comparisons in traditional
or "pinned" case to not find them.
To find "F" in pinned case there will be just one
comparison.
Traditional case = 1 + 3 + 2 + 3 + 3 + 3 = 15
Pinned case = 1 + 3 + 1 + 3 + 3 + 1 = 12
It is a 20% comparison reduction.
|
|
Created a new module to hold functions
related to iterator and iterating
collections. Planning to add new functions
but the main collection module is already
too big. So this patch just moves code around
and fixes the build making foundation for
the next patch.
|
|
Needed item comparison functions and realized
that the easiest way to test them would be using
sorting. Since there already been a ticket #73
to do that I added function to sort collection
based on different properties of the item.
COLLECTION Fixing issues with comparisons
COLLECTION Adding do-while to macro
|
|
Always use the network timeout defined in the options.
But raise defaults to 60 seconds or enumerations can easily fail.
|
|
Tools were using nested loops that are illegal.
(and enforced in latest tevent with a nice abort())
Fix them by creating appropriate synchronous transaction calls.
Also fix tools_ctx mem hierarchy setup.
|
|
Inits krb5 credentials, if sasl mech is GSSAPI.
Tested with GSSAPI and host keytab as well as user credentials.
Updates also manpages with the new options.
|
|
|
|
|
|
|
|
|
|
Loop control variable was not being incremented.
I also converted a goto loop into a do...while loop to make it
easier to follow the logic.
|
|
SSSD may contain passwords and other sensitive data, make sure we always keep its
permission tight. Also make /etc/sssd permission very strict, just in case,
admins may inadvertently copy an sssd.conf file without checking it's
permissions.
|
|
Update gettext strings
|
|
- this fixes a compiler warning about the redefinition of
SIZEOF_OFF_T in the python bindings, because python is
compiled with large file support.
|
|
Timers always come before fd events, wait 5 microseconds between processing
operations so that tevent has a chance of cactching an fd event in between.
This allows the backend to reply to pings even while processing very large ldap
results (importanty especially during the first enumeration).
|
|
|
|
|
|
Introduces a new option --debug-to-files which makes SSSD output its
debug information to a file instead of stderr, which is still the
default.
Also introduces a new confdb option debug_to_files which does the same,
but can be specified per-service in the config file.
The logfiles are stored in /var/log/sssd by default.
Changes the initscript to log to files by default.
|
|
|
|
|
|
|
|
|
|
|
|
This converts a great many configuration options to the new
standard format.
|
|
|
|
The backends do not honor the reloadConfig SBUS message right now,
so if an admin changes the sssd.conf file, it will update only the
monitor, potentially leaving the SSSD as a whole in a bad state.
This patch will simply comment out monitor_config_file() for the
time being until https://fedorahosted.org/sssd/ticket/91 is fixed.
|
|
- make the build of the locator plugin optional
- added a man page for the locator plugin
- use krb5.h if krb5/krb5.h cannot be found
- added alternatives for missing functions
- set -DDBUS_API_SUBJECT_TO_CHANGE if libdbus version
is lesser than 1.0.0
|
|
When a laptop is suspended it may be dormant for hours.
Do not check just the kast time a ping was successful, keep a counter with the
failed pings instead.
|
|
|
|
Remove this provider type, as well as any references in the docs and
examples to the "LEGACYLOCAL" migration domain.
Fixes: #165
|
|
|
|
Fixes a segfault seen in the wild with providers=files
|
|
|
|
Allow entering parent groups for groupadd,useradd,usermod as FQDN. Since
members and parents must be from the same domain, error out if we can't
determine the domain of member.
Fixes: #121
|
|
This reverts commit 8c50bd085c0efe5fde354deee2c8118887aae29d.
Amended: commit 1016af2b1b97ad4290ccce8fa462cc7e3c191b2e also made
use of the SYSLOG_ERROR() macro, so those portions of that code
also needed to be reverted.
|
|
Older python versions (such as that used in RHEL5) do not have a
python-config executable to report CFLAGS and LIBS. In order to
support such versions of python, we will duplicate the logic that
python-config would have performed directly in our configure
script
|
|
members
|
|
1) Add get_entry_as_bool function
2) Make all parameters in confdb_get_domain_internal() use macro
names for the attributes. This will make it easer to convert
them to the version 2 config file.
|
|
|
|
This is just a band-aid until ELAPI is fully functional and ready to
use.
|
|
Implement a set of python bindings for the sysdb with feature set
similar to what is available in the tools. The primary
consumers would be applications like system-config-users.
Resolves: Ticket #102
|
