Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
|
|
The memcpy calls introduced in the memalign patches are ugly. This patch
hides them behind a set of macros.
|
|
|
|
|
|
|
|
|
|
Previously, the PAM responses could contain an arbitrary number of
arguments. This is not acceptable by the D-BUS protocol, as there
is no way to introspect it. This patch converts the response
objects to be an array of D-BUS structs.
It also fixes two potential memory leaks by not unref'ing the
reply object if we get an error.
|
|
Previously it was a string being passed and converted into an
integer. It will be more efficient this way (and simpler for other
implementers)
|
|
|
|
|
|
Fixes: #398
|
|
ELAPI now lives in its own project at
https://fedorahosted.org/ELAPI
|
|
|
|
|
|
This practice is not recommended and can also be dangerous.
|
|
This patch fixes the following issues:
* man page issues (#395)
* show info on MPGs (#396)
* recursively print indirect members (#397)
* the list of groupnames is comma separated (#398)
* output inconsistencies (#399)
|
|
|
|
Similar to George McCollister's patch to the pam code, this patch fixes
other places in the code where we forced data into 32-bit alignment.
Fixes: #390
|
|
* sssd.conf
* sbus_timeout was used in an example but explained nowhere
* enum_cache_timeout unit was not defined
* same for entry_cache_timeout
* store_legacy_passwords option does not exist anymore
* better example than domain/LOCAL - domain/LDAP which uses krb5/ldap
* sssd.conf(5) listed sssd.conf(5) in SEE ALSO section
* sssd-krb5, sssd-ldap
* these include each other in SEE ALSO section
Fixes: #393
|
|
- return PAM_AUTHTOK_ERR instead of PAM_SYSTEM_ERR if the password
change operation fails
- send a message to the user if the system is offline and the password
cannot be changed
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Older versions of openLDAP do not provide a connection callback. This
patch adds a configure check to see if the callback is available and
activates the old way of handling the file description of the LDAP
connection. This also means that it is not possible to follow referrals.
|
|
Also add list_mandatory_options() to both SSSDService and
SSSDDomain objects.
There is a new list_options_with_mandatory() function that will
return a longer tuple than list_options(), including the mandatory
flag directly.
|
|
|
|
|
|
crypto_sha512crypt.c is a clone of nss_sha512crypt.c with the exception that
all usage of NSS and related libraries has been switched to libcrypto.
I renamed nss_sha512crypt.h to sha512crypt.h since it is common to both
crypto_sha512crypt.c and nss_sha512crypt.c. Note that the random number
generator is not seeded manually and thus relies on seeding done
automatically by libcrypto. On some systems without /dev/urandom
seeding may not be performed.
See http://www.openssl.org/docs/crypto/RAND_add.html.
Signed-off-by: George McCollister <georgem@novatech-llc.com>
|
|
|
|
It can be overridden in the sssd.conf or on the commandline with
--debug-timestamps=0
|
|
When CK_FORK is set to 'no' the fixtures are executed for every new test
inside of the same process. Global variables must be set to the expected
values by the fixtures.
check_and_open-tests.c: the filename template for mkstemp() was a
globally defined character string. After the first call to mkstemp() the
trailing XXXXXX are substituted by random values, a second call to
mkstemp() with this character string fails. This patch initialize the
filename template before mkstemp() is called with the help of strdup()
and the memory is freed in the teardown fixture.
krb5_utils-tests.c: this patch sets the just freed global talloc context
to NULL to make a consistency check in the setup fixture pass.
|
|
The leak checking code which is used by the resolve and failover tests
frees talloc's autofree context which is not recommended. As a
consequence the initialization of tevent failed when it was called by
the second test and CF_FORK=no, because it holds some data in the
autofree context.
This patch introduces a global talloc context which should be uses by
the test as the root of their memory hierarchy instead of NULL. This
global context is used in the leak checking routines.
Not all types of memory leaks can be detected by the new version , it is
recommended to use valgrind or similar tools additionally.
|
|
|
|
|
|
|
|
|
|
|
|
The null-terminator would have been written one byte past the end
of the array (and there may have been an extra garbage character
in the index before it)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|