Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
https://fedorahosted.org/sssd/ticket/1785
nscd.conf file is now checked for the presence of caching settings for
databases controlled by SSSD. Syslog warning is now written only if NSCD
is running with interfering configuration or if configuration file
couldn't be loaded.
New configure option added to support non-standard locations
--with-nscd-conf=PATH (defaultly set to /etc/nscd.conf)
This is just a workaround until the following bugzilla is resolved:
https://bugzilla.redhat.com/show_bug.cgi?id=963908
|
|
https://fedorahosted.org/sssd/ticket/1786
Since we need to support the old interface as well, the configure scritp
is modified and correct ini interface is chosen.
|
|
https://fedorahosted.org/sssd/ticket/1625
Amending errors messages and add other error codes to be more specific
and avoid confusion.
|
|
https://fedorahosted.org/sssd/ticket/1414
Error code was added and strerror(errno) to show cause in sss_log
|
|
This parameter was never used.
https://fedorahosted.org/sssd/ticket/1765
|
|
Use this function instead of explicitly calling domain->next
This function allows to get the next primary domain or to descend into the
subdomains and replaces also get_next_dom_or_subdom()
|
|
Change the way sysdbs are initialized. Make callers responsible for providing
the list of domains.
Remove the returned array of sysdb contexts, it was used only by sss_cache
and not really necessary there either as that tool can easily iterate the
domains.
Make sysdb ctx children of their respective domains.
Neither sysdb context nor domains are ever freed until a program is done so
there shouldn't be any memory hierarchy issue. As plus we simplify the code by
removing a destructor and a setter function.
|
|
In order for sss_cache to work correctly, we must also signal the autofs
responder to invalidate the hash table requests.
|
|
The monitor sends calls different sbus methods to different responders.
Instead of including headers of the particular responders directly in
monitor, which breaks layering a little, create a common header file
that will be included from src/responder/common/
|
|
https://fedorahosted.org/sssd/ticket/1686
|
|
https://fedorahosted.org/sssd/ticket/1669
|
|
If global variable debug_level has value SSSDBG_UNRESOLVED, we should
print at least fatal and critical errors.
https://fedorahosted.org/sssd/ticket/1345
|
|
In case a service is restarted while the DP is not ready yet, it gets
restarted again immediatelly, which means the DP might still not be
ready. The allowed number of restarts is then depleted quickly.
This patch changes the restart mechanism such that the first restart
happens immediatelly, the second is scheduled after 2 second, then 4
etc..
https://fedorahosted.org/sssd/ticket/1528
|
|
https://fedorahosted.org/sssd/ticket/1589
Added check for determining, whether database version is higher or
lower than expected. To distinguish it from other errors it uses
following retun values (further used for appropriate error message):
EMEDIUMTYPE for lower version than expected
EUCLEAN for higher version than expected
When SSSD or one of it's tools fails on DB version mismatch, new error
message is showed suggesting how to proceed.
|
|
Since the PAC responder is used during the authentication of users from
trusted realms it is started automatically if the IPA ID provider is
configured for a domain to simplify the configuration.
Fixes https://fedorahosted.org/sssd/ticket/1613
|
|
|
|
Related to https://fedorahosted.org/sssd/ticket/1357
We realized that sysv and systemd does not use pid file existence
as a notification of finished initialization. Therefore, we create
the pid file in server_setup() again.
We are removing check_file() from monitor main(), it is handled
by server_setup() during pid file creation. This check was
previously included in e7dd2a5102ba6cfd28be6eccdd62768e9758d9f4.
|
|
https://fedorahosted.org/sssd/ticket/1357
Neither systemd or our init script use pid file as a notification
that sssd is finished initializing. They will continue starting up
next service right after the original (not daemonized) sssd process
is terminated.
If any of the responders fail to start, we will never terminate
the original process via signal and "service sssd start" will hang.
Thus we take this as an error and terminate the daemon with
a non-zero value. This will also terminate the original process
and init script or systemd will print failure.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1602
|
|
https://fedorahosted.org/sssd/ticket/1495
|
|
If a provider is terminated and the monitor tries to restart it,
it goes again through mark_service_as_started() which
will try to create pid file again because number of running
services didn't change.
Because the pid file cannot be created twice, it will not return
EOK and the whole SSSD is terminated.
|
|
After we switched to writing pidfile after the responders started, we
forgot that starting a second SSSD instance would first overwrite the
pipes and sockets and only then the SSSD would find out there already is
a pidfile.
This patch checks for existing pidfile before proceeding with startup.
|
|
https://fedorahosted.org/sssd/ticket/1562
|
|
https://fedorahosted.org/sssd/ticket/1357
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1371
|
|
Made obsolete by commit e2d17ea806d273784b621583dd0490c2f69f237d
|
|
|
|
https://fedorahosted.org/sssd/ticket/1345
When the monitor is unable to load configuration and non debug
level is set (e.g. when sssd is started via 'service'), none
message was saved into logs. This patch forces debug messages
to be written in this scenario.
|
|
|
|
This adds only the basic outline of the PAC responder, it won't support
any operations, it will just start and initialize itself.
|
|
* These are common lines of debug output when starting
up sssd
https://bugzilla.redhat.com/show_bug.cgi?id=811113
|
|
https://fedorahosted.org/sssd/ticket/1209
|
|
https://fedorahosted.org/sssd/ticket/1119
|
|
|
|
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1090
|
|
https://fedorahosted.org/sssd/ticket/953
|
|
We want to confine access to the keyring to the current process
and not let root easily peek into the keyring contents.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1034
|
|
|
|
This is mostly a cosmetic patch.
The purpose of wrapping a multi-line macro in a do { } while(0) is to
make the macro usable as a regular statement, not a compound statement.
When the while(0) is terminated with a semicolon, the do { } while(0);
block becomes a compound statement again.
|