Age | Commit message (Collapse) | Author | Files | Lines |
|
crypto_sha512crypt.c is a clone of nss_sha512crypt.c with the exception that
all usage of NSS and related libraries has been switched to libcrypto.
I renamed nss_sha512crypt.h to sha512crypt.h since it is common to both
crypto_sha512crypt.c and nss_sha512crypt.c. Note that the random number
generator is not seeded manually and thus relies on seeding done
automatically by libcrypto. On some systems without /dev/urandom
seeding may not be performed.
See http://www.openssl.org/docs/crypto/RAND_add.html.
Signed-off-by: George McCollister <georgem@novatech-llc.com>
|
|
|
|
It can be overridden in the sssd.conf or on the commandline with
--debug-timestamps=0
|
|
When CK_FORK is set to 'no' the fixtures are executed for every new test
inside of the same process. Global variables must be set to the expected
values by the fixtures.
check_and_open-tests.c: the filename template for mkstemp() was a
globally defined character string. After the first call to mkstemp() the
trailing XXXXXX are substituted by random values, a second call to
mkstemp() with this character string fails. This patch initialize the
filename template before mkstemp() is called with the help of strdup()
and the memory is freed in the teardown fixture.
krb5_utils-tests.c: this patch sets the just freed global talloc context
to NULL to make a consistency check in the setup fixture pass.
|
|
The leak checking code which is used by the resolve and failover tests
frees talloc's autofree context which is not recommended. As a
consequence the initialization of tevent failed when it was called by
the second test and CF_FORK=no, because it holds some data in the
autofree context.
This patch introduces a global talloc context which should be uses by
the test as the root of their memory hierarchy instead of NULL. This
global context is used in the leak checking routines.
Not all types of memory leaks can be detected by the new version , it is
recommended to use valgrind or similar tools additionally.
|
|
|
|
|
|
|
|
|
|
|
|
The null-terminator would have been written one byte past the end
of the array (and there may have been an extra garbage character
in the index before it)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
This patch includes following functionality:
1) Fixed the invalid handling of the pointers in the collection
when last element is removed from the collection.
2) Added unit test to verify the fix.
3) Modified the three unit test to be verbose on demand.
4) Switched the main of the unit test to use array of functions
rather than big if statement.
|
|
If the monitor receives SIGUSR1, it will instruct all providers to
enter offline operation. If any individual provider receives
SIGUSR1, it alone will enter offline operation.
|
|
To avoid unnecessary messages in the log files of the system we only
send log messages for PAM modules type which are explicitly handled by
sssd. Furthermore only the authentication modules sends a log message
when the operation was successful. All other modules only sends a
message if an error occurs.
This patch should fix bz556534.
|
|
|
|
|
|
|
|
|
|
|
|
uint32_t pointers must point to 32 bit aligned data on ARM. Instead of padding the data to force it into alignment I altered the code to memcpy the data to an aligned location. I'd appreciate any and all feedback especially on whether I took the best approach.
pam_test_client auth and pam_test_client acct now work on my armeb-xscale-linux-gnueabi target.
Signed-off-by: George McCollister <georgem@opteron.novatech-llc.com>
|
|
We weren't properly setting read/write flags on the tevent fd
events, so c-ares was unable to perform bidirectional
communication for TCP DNS (in situations where the response is too
large to send by UDP)
|
|
This object allows creation the arrays
with the reference count. Usefull when
there are many instances of some object
have to reference dynamically allocated array
which is common for all these instances.
In case of ELAPI the event object
keeps a referecne to the common array
of the sinks in the fail over order.
We decided that it will be a common object
not specific only to ELAPI.
All the review concerns related to this
object have been addressed in this patch.
It also has been moved to the common area.
|
|
The original implementation was compressing the list,
throwing away empty strings.
The function that did that was pretty brain damaging.
I cleaned it up and adjusted so that it could return
list with empty values and without them.
The old function was turned into a wrapper and a new
high level function was intorduced to provide
ability to get both empty and non empty strings.
|
|
|
|
This target is available only if building from a git checkout.
It will automatically populate the PRERELEASE_VERSION in
version.m4 with the current datestamp and git commit id for
creating an RPM.
|
|
This target is available only if building from a git checkout.
It will automatically populate the PRERELEASE_VERSION in
version.m4 with the current datestamp and git commit id for
creating an SRPM.
|
|
This is the preferred way of setting the version in a file, as
autotools will properly monitor this file for changes and rerun
autoconf/configure when necessary to update the version. This
means that we don't need to manually perform an autoreconf in
order to build a new RPM
|
|
|
|
Right now, the pkg-config checks for the system version of
libdhash are forcibly disabled, requiring the SSSD to build it
from its own tree. In the future, when we split the libraries off
from the SSSD, it will be easy to switch this check to the
external library.
|
|
|
|
|
|
This fixes two issues:
1) Eliminates a double-free when a timeout occurs (we were freeing
the running event context)
2) Ensures that we don't continue to schedule unnecessary timeout
checks
|
|
The manual pages for userdel and groupdel utilities incorrectly
stated that deleting a nonexistent user or group is a noop. We
changed that behavior, but forgot to sync the documentation.
|
|
|
|
The code for authentication against a cached password is moved from the
pam responder to a generic sysdb tevent request. The new code can be
used by other components of sssd to verify passwords on their own.
Tests for the sysdb_cache_password and sysdb_cache_auth request are
added and some unneeded or unused code and variables are removed.
|
|
This patch adds a utility called sss_groupshow that allows user to
print properties of a group in the local domain.
Fixes: #306
|