Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
Prevent freeing the sdap_handle by failing in the destructor if we
are trying to recurse.
|
|
Always just mark the sdap_handle as not connected and let later _send()
functions to take care of freeing the handle before reconnecting.
Introduce restart functions to avoid calling _send() functions in _done()
functions error paths as this would have the same effect as directly freeing
the sdap_handle and cause access to freed memory in sdap_handle_release()
By freeing sdap_handle only in the connection _recv() function we
guarantee it can never be done within sdap_handle_release() but only
in a following event.
|
|
|
|
We had a hard-coded timeout of five seconds for DNS lookups in the
async resolver. This patch adds an option 'dns_resolver_timeout'
to specify this value (Default: 5)
|
|
Comment object will store
the comments found in the INI file.
It is based on the ref_array
interface.
Fixing review comments for comment obj.
|
|
Added functions to inert, delete, replace
swap the array elements.
Unit test and docs have been updated accordingly.
Fixing review comments for refarray.
|
|
If there was a failure during a password change a wrong return value was
send back to the PAM stack.
|
|
Due to the way RPM processes the %configure macro, these variables
were not actually being passed down to recursive configure
invocations. In other words, they were useless.
Futhermore, in more recent Fedora versions (13+), some of the
dependencies have moved from -lnss to -lnspr4. As a result, it is
safer to rely on the complete output of 'pkg-config nss --libs'
instead of restricting to -lnss. The downside to this is that it
may result in linking unnecessarily against other NSS components
such as libsmime3 and libplc4 (among others). However, since these
are already dependencies of libnss itself, there should be no risk
of them being unavailable on the platform when installed.
|
|
|
|
Adds a new failover API call fo_add_srv_server that allows the caller
to specify a server that is later resolved into a list of specific
servers using SRV requests.
Also adds a new failover option that specifies how often should the
servers resolved from SRV query considered valid until we need a
refresh.
The "real" servers to connect to are returned to the user as usual,
using the fo_resolve_service_{send,recv} calls.
Make SRV resolution work with c-ares 1.6
|
|
|
|
RFC 2782 defines a way to sort replies to a SRV query. In short, the
algorithm sorts all replies by priority and then does a weight-based
selection for every priority level.
For details, please see the sections "Usage rules" for overview of the
algorithm and section "The 'Weight' field" for description on the weight
selection.
|
|
|
|
|
|
Depending on the version of the OpenLDAP libraries we use two different
schemes to find the file descriptor of the connection to the LDAP
server. This patch removes the related ifdefs from the main code and
introduces helper functions which can handle the specific cases.
|
|
|
|
|
|
If read() returns with errno set to EINTR -1 is added to total_len.
|
|
Time came to split ini_config.c
into many much smaller pieces.
1) ini_parse.c - will have parsing functions
2) ini_get_value.c - will have single value
interpretation functions
3) ini_get_array.c - will have array interpretation
functions.
4) ini_print.c - error printing
5) ini_defines.h - common constants
6) ini_parse.h header for parsing functions
7) ini_list.c - will have list processing functions
|
|
|
|
The correct memory deallocation sequence is:
- clear pointer to memory first
- then deallocate memory
|
|
Using sssm_*_init() as the name of the initialization function for
identity providers was a holdover from earlier development when we
thought we would only have a single "provider" entry in the config
file.
As we have now separated out the initialization functions for
auth, chpass and access, we should rename sssm_*_init() to
sssm_*_id_init() for a cleaner interface.
|
|
Resolves: https://fedorahosted.org/sssd/ticket/438
|
|
This is the second attempt to let the PAM client and the PAM responder
exchange their credentials, i.e. uid, gid and pid. Because this approach
does not require any message interchange between the client and the
server the protocol version number is not changed.
On the client side the connection is terminated it the responder is not
run by root. On the server side the effective uid and gid and the pid of
the client are available for future use.
The following additional changes are made by this patch:
- the checks of the ownership and the permissions on the PAM sockets are
enhanced
- internal error codes are introduced on the client side to generate
more specific log messages if an error occurs
|
|
This reverts commit 5a88e963744e5da453e88b5c36499f04712df097.
|
|
|
|
|
|
|
|
When running 'make distcheck', the entire source directory is set
to read-only, to ensure that the build process only has write
access to $builddir. As a result, this was causing the unit test
for file mode to fail, since the file it was testing resides in
the $srcdir.
This patch guarantees that the test file has the correct
permissions prior to running the access test.
|
|
When we converted to the synchronous sysdb interface, the
synchronous-simulating function test_loop() became unnecessary,
but we forgot to remove it.
|
|
|
|
[TRACE] Adding macros for signed numbers
|
|
1) Fixed the issue that metadata was saved
as numbers. Was supposed to be saved as strings.
2) Added two functions. One is to check permissions
on the config file. Another to check if the file
has changed and thus the cinfiguration needs
to be reread.
3) Added unit test will sample code
and comments how to use the functions.
4) Added doxygen description in the comments.
5) Fixed couple typos and ommisions here and there.
[INI] Fixing crash detected on 64-bit system
This patch corrects original code to be
more on the safe side and check parameters
before using.
Instead of dereferencing metadata it is now
passed as reference to the next level.
It is not used there yet so no other new changes
needed so far.
[INI] Addressing review comments
[INI] Addressing comments.
|
|
|
|
This patch implements function that collects
stats and saves them in the ACCESS section
inside metadata.
|
|
This patch:
1) Adds the definition of the metadata interface
to the header file. The functions that were exposed
for no good reason are now hidden.
2) Previously exposed functions and their descriptions
are removed from the public header and placed into
the source code for now.
3) The function that reads the config file no longer
tries to close file in case of error.
4) Lines collection is still passed in into the reading
function but as a collection itself not as a pointer
to it.
5) All the parts related to processing lines are currently
ifdefed using HAVE_VALIDATION that is currently is not defined.
This is done to disable creation of the lines collection
utill it is actually needed. I did not want to blindly remove
it though and loose already done work that will be useful
in future.
6) Version of the library and interface is updated
7) New header and source modules are introduced to hold functions
related to the meta data. They are mostly stubbed out.
This is incomplete patch. It builds and make check runs.
It is created just to simplify the review a bit.
|
|
|
|
|
|
|
|
|
|
|
|
Since the sysdb is now synchronous and creates its own event context we
don't need an explicit event context anymore in the tools.
|
|
I tried to convert this code as mechanically as possible from the
previously existing code. I am not sure it works right, and it will
probably recurse infinetly as circular group memberships are
admitted in sysdb. The original code had the same issues.
This code should be probably discarded and redone from scratch.
|
|
This commit completes the migration to a synchronous sysdb
|
|
|
|
|
|
|
|
fill_pwent should return the number of users actually processed. Otherwise in
case of a recoverable error we may end up skipping a large chunk of users.
fill_grent doesn't need to distinguish between number of entries and number of
groups to process since we started adding memberuid. Remove remnants that are
not useful anymore.
|
|
|