Age | Commit message (Collapse) | Author | Files | Lines |
|
https://fedorahosted.org/sssd/ticket/1495
|
|
Fixes https://fedorahosted.org/sssd/ticket/1517
|
|
https://fedorahosted.org/sssd/ticket/1458
When the responder is disabled and sudo_provider is set explicitly,
a warning is print and the module will be initialized.
|
|
|
|
|
|
The DP was sending the reply in a format the responder did not expect,
so the responder always failed to parse the message.
|
|
This patch keeps a local copy of the subdomains in the ipa subdomains plugin
context.
This has 2 advantages:
1. allows to check if anything changed w/o always hitting the sysdb.
2. later will allows us to dump this information w/o having to retrieve it
again. The timestamp also allows to avoid refreshing too often.
|
|
I am all for readable names, but there is a tradeof between expressing purpose
and compactness.
|
|
The idea is to rename session provider to selinux provider. Processing
of SELinux rules has to be performed in account stack in order to ensure
that pam_selinux (which is the first module in PAM session stack) will
get the correct input from SSSD.
Processing of account PAM stack is bound to access provider. That means
we need to have two providers executed when SSS_PAM_ACCT_MGMT message
is received from PAM responder. Change in data_provider_be.c ensures
just that - after access provider finishes its actions, the control is
given to selinux provider and only after this provider finishes is the
result returned to PAM responder.
|
|
|
|
In case of error the request wasn't freed and the callback just ended.
|
|
|
|
|
|
* These are common lines of debug output when starting
up sssd
https://bugzilla.redhat.com/show_bug.cgi?id=811113
|
|
The subdomains back end request was sending replies in a format the
responder did not understand in case the request failed.
|
|
Instead of using account_info request, creates a new ssh specific
request. This improves code readability and will make the code more
flexible in the future.
https://fedorahosted.org/sssd/ticket/1176
|
|
The function was used outside services code which was confusing due to
its name. This patch renames it to sound more netrual.
|
|
configured
The done handler uses the value of status, not ret.
|
|
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1270
|
|
This function alters the memory hierarchy of the be_req
to ensure memory safety during shutdown. It creates a
spy on the be_cli object so that it will free the be_req
if the client is freed.
It is generally allocated atop the private data context
for the appropriate back-end against which it is being
filed.
https://fedorahosted.org/sssd/ticket/1226
|
|
|
|
We now have a session module that is only available for the IPA
provider. We should not be logging noisily that other providers
do not have the session provider configured.
https://fedorahosted.org/sssd/ticket/1211
|
|
|
|
If the dbus_message_get_args() failed, we would have been
dereferencing a NULL be_req.
Coverity #12490
|
|
Coverity #12529
|
|
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1143
|
|
Also remove the old request implementation
https://fedorahosted.org/sssd/ticket/1115
|
|
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1034
|
|
Removed:
SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED)
Added new macro:
CONVERT_AND_SET_DEBUG_LEVEL(new_value)
Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0
so DEBUG macro could be reduced by one condition. Anyway, it has a minor
effect, every time you want to load debug_level from command line parameters,
you have to use following pattern:
/* Set debug level to invalid value so we can deside if -d 0 was used. */
debug_level = SSSDBG_INVALID;
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) { ... }
CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
|
|
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
|
We will now re-read the confdb debug_level value when processing
the monitor_common_logrotate() function, which occurs when the
monitor receives a SIGHUP.
|
|
This was implemented almost identically for both the responders
and the providers. It is easier to maintain as a single routine.
This patch also adds the ability to provide a private context to
attach to the sbus_connection for later use.
|
|
|
|
|
|
Before setting the backend to online during a reset offline request the
check_online method if the ID provider is called. If the check_online
method returns that the ID provider is still not reachable the backend
stays offline. Otherwise the backend is switched to online and the
related callbacks are run.
Additionally the check online test is called during the res_init request
because a change in /etc/resolve.conf might also make a server reachable
which was assumed offline before.
|