Age | Commit message (Collapse) | Author | Files | Lines |
|
Do not handle a missing ccache file as inactive by default, check if
there are still active processes of the user.
|
|
|
|
If pam_sm_chauthtok is called with the flag PAM_PRELIM_CHECK set we
generate a separate call to the sssd to validate the old password before
asking for a new password and sending the change password request.
|
|
|
|
We support installed access providers as well as permit and deny
|
|
This matches the DEBUG logging available for groups.
|
|
|
|
The first fix only fixed tight loops caused by setting 'timeout=0'
in services. This patch also fixes it for domains.
|
|
|
|
The DEBUG level of the result should not be lower than the DEBUG
level of the request. It generates too much noise when enumerate
is enabled or initgroups deals with groups with large numbers of
users.
|
|
|
|
Function definition was missing "void" to denote that it took no
arguments.
|
|
|
|
If the domain heartbeat time was explicitly set in the
configuration to 0, we would enter a tight loop in the heartbeat
check and never answer requests from the child processes.
|
|
|
|
Move the upgrade function first and check explicitly for the old ldb name.
Perform upgrades up to v02 first if necessary.
Then proceed as normal letting the normal init functions perform further
upgrades if necessary.
This now works also if there is no "local" provider in the current
configuration.
|
|
This is necessary so that any process managing our startup and
shutdown (e.g. authconfig) does not block and stall waiting for
stderr to terminate.
Fixes bug https://fedorahosted.org/sssd/ticket/324
|
|
|
|
|
|
This requires increasing the required autoconf version to 2.59 for
use of $(abs_builddir).
Fix uninstallation of python files as well
|
|
Test loops and _i are only available since 0.9.5.
|
|
|
|
The logic of selecting the server to fail over to was changed so
that we start from the server next to the one that didn't work the last
time. This is because the status of a server that failed last time might
get reset before we try another one. This can cause that we try to use
the nonworking server repeatedly, not giving a chance to other servers.
Fixes: #321
|
|
There were two problems with the code. We were using
fo_set_server_status() instead of fo_set_port_status() when we failed to
connect to a service. This is a problem because if two services use the
same server, or we want to use one server with two different ports,
marking the whole server as bad is incorrect. The other problem was that
be_resolve_server_done() was comparing the hostent structures -- these
are, however, equal across multiple server:port pairs with the same
server addresses.
Fixes: #321
|
|
|
|
|
|
|
|
|
|
|
|
|
|
There were two functions for parsing strings by a separator. This patch
consolidates on the one previously used in confdb. This also allows
stripping the tokens of whitespace.
Fixes: #319
|
|
We were never filling the group attrs because of an inverse return check.
Plus fix a crash bug for using a pointer that is not a memory context.
|
|
|
|
Previously, we were just casting the strings to bool, but this
meant that all boolean values were "True".
This patch solves the problem and adds regression tests for it.
|
|
Update tests to include IPA options
|
|
Fixes: #309
|
|
|
|
This task allows us to rebuild memberuid and memberof attributes throughout the
database. This way we can upgrade from version 0.4 databases that didn't
generate and store memberuid.
The task can be invoked by adding a speaicl named entry to the ldb file.
The entry dn to use is: @MEMBEROF-REBUILD, the entry has no attributes and any
attribute is ignored at present.
The entry will not be stored in the database but will just trigger the task to
execute a rebuild of the memberof and memberuid attributes
|
|
|
|
|
|
|
|
|
|
The macro STATUS_DIFF() was wrong causing the result to always be lower
than 0, therefore the timeout was never reached.
Fixes: #302
|
|
These were very useful for debugging and hopefully still will be in the
future.
|
|
Previously, we were accidentally filtering out domains that were
not configured, so deleted domains might still appear in the
active domain list.
This patch should ensure that this never happens.
|
|
|
|
|
|
|
|
* Rename structure accordingly to ares upstream
* Use new ares parsing functions in the wrappers
* fix tests for ares 1.7
|
|
deactivate_domain() would crash if it attempted to deactivate an
already-inactive domain
|