Age | Commit message (Collapse) | Author | Files | Lines |
|
We weren't properly setting read/write flags on the tevent fd
events, so c-ares was unable to perform bidirectional
communication for TCP DNS (in situations where the response is too
large to send by UDP)
|
|
This object allows creation the arrays
with the reference count. Usefull when
there are many instances of some object
have to reference dynamically allocated array
which is common for all these instances.
In case of ELAPI the event object
keeps a referecne to the common array
of the sinks in the fail over order.
We decided that it will be a common object
not specific only to ELAPI.
All the review concerns related to this
object have been addressed in this patch.
It also has been moved to the common area.
|
|
The original implementation was compressing the list,
throwing away empty strings.
The function that did that was pretty brain damaging.
I cleaned it up and adjusted so that it could return
list with empty values and without them.
The old function was turned into a wrapper and a new
high level function was intorduced to provide
ability to get both empty and non empty strings.
|
|
|
|
This target is available only if building from a git checkout.
It will automatically populate the PRERELEASE_VERSION in
version.m4 with the current datestamp and git commit id for
creating an RPM.
|
|
This target is available only if building from a git checkout.
It will automatically populate the PRERELEASE_VERSION in
version.m4 with the current datestamp and git commit id for
creating an SRPM.
|
|
This is the preferred way of setting the version in a file, as
autotools will properly monitor this file for changes and rerun
autoconf/configure when necessary to update the version. This
means that we don't need to manually perform an autoreconf in
order to build a new RPM
|
|
|
|
Right now, the pkg-config checks for the system version of
libdhash are forcibly disabled, requiring the SSSD to build it
from its own tree. In the future, when we split the libraries off
from the SSSD, it will be easy to switch this check to the
external library.
|
|
|
|
|
|
This fixes two issues:
1) Eliminates a double-free when a timeout occurs (we were freeing
the running event context)
2) Ensures that we don't continue to schedule unnecessary timeout
checks
|
|
The manual pages for userdel and groupdel utilities incorrectly
stated that deleting a nonexistent user or group is a noop. We
changed that behavior, but forgot to sync the documentation.
|
|
|
|
The code for authentication against a cached password is moved from the
pam responder to a generic sysdb tevent request. The new code can be
used by other components of sssd to verify passwords on their own.
Tests for the sysdb_cache_password and sysdb_cache_auth request are
added and some unneeded or unused code and variables are removed.
|
|
This patch adds a utility called sss_groupshow that allows user to
print properties of a group in the local domain.
Fixes: #306
|
|
This shouldn't be set to 1.1.0 until it's ready for release
|
|
|
|
|
|
Some reformatting to stay within 79 char line length.
Better definition of server vs. machine usage in failover section.
|
|
When the resolv context destructor is invoked, the callbacks for pending
queries could have been called with ARES_EDESTRUCTION and try to re-send
the query.
|
|
Since ares_process_fd() might also cause fd_event() to be called again,
calling ares_process_fd() is unwise. The bug will cause a crash if
c-ares is using tcp connections.
Fixes: #384
|
|
Since we only call c-ares to process input on FD when there is an
activity on them, c-ares never gets a chance to react to a timed-out
request. This caused SSSD to hang.
Fixes: #381
|
|
We will allow 5s per DNS server, no retries.
|
|
|
|
Fixes: #378
|
|
Update tests to reflect these removals.
|
|
|
|
|
|
Fixes CVE-2010-0014
|
|
|
|
|
|
Tevent frees timer handlers once done, so freeing the timer within the event is
going to cause double frees. Just attach the timer event to the request it
depends on and make sure to steal it on NULL if we are going to free the
request from within the handler.
|
|
|
|
This was missing from the SSSDConfig API, though it was supported
by the daemon.
|
|
|
|
|
|
|
|
The timeout handler was not a child of the request so it could fire even though
the request was already freed.
The code wouldn't use async writes to the children so it could incur in a short
write with no way to detect or recover from it.
Also fixed style of some helper functions to pass explicit paramters instead of
a general structure.
Add common code to do async writes to pipes.
Fixed async write issue for the krb5_child as well.
Fix also sdap_kinit_done(), a return statement was missing and we were mixing
SDAP_AUTH and errno return codes in state->result
Remove usless helper function that just replicates talloc_strndup()
|
|
Do not handle a missing ccache file as inactive by default, check if
there are still active processes of the user.
|
|
|
|
If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we
generate a separate call to the sssd to validate the old password before
asking for a new password and sending the change password request.
|
|
|
|
We support installed access providers as well as permit and deny
|
|
This matches the DEBUG logging available for groups.
|
|
|
|
|
|
The first fix only fixed tight loops caused by setting 'timeout=0'
in services. This patch also fixes it for domains.
|
|
|
|
The DEBUG level of the result should not be lower than the DEBUG
level of the request. It generates too much noise when enumerate
is enabled or initgroups deals with groups with large numbers of
users.
|