Age | Commit message (Collapse) | Author | Files | Lines |
|
https://fedorahosted.org/sssd/ticket/1886
|
|
https://fedorahosted.org/sssd/ticket/1929
|
|
|
|
https://fedorahosted.org/sssd/ticket/1032
Removes hard coded SRV lookup code with a plugin call. This patch
breaks SRV lookups as there is currently no plugin in use. It is
fixed in next patch.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1032
Introduces two new error codes:
- ERR_SRV_NOT_FOUND
- ERR_SRV_LOOKUP_ERROR
Since id_provider is authoritative in case of SRV plugin choise,
ability to override the selected pluging during runtime is not
desirable. We rely on the fact that id_provider is initialized
before all other providers, thus the plugin is set correctly.
|
|
https://fedorahosted.org/sssd/ticket/1679
The problem is when we are about to reset the server status, we don't
get through the timeout (30 seconds) because the "switch to primary
server" task is scheduled 30 seconds after fall back to a backup
server. Thus the server status remains "not working" and is resetted
after another 30 seconds.
We need to make sure that the server status is tried after the
timeout period. retry_timeout is currently hardcoded to 30, thus
the change in man page.
|
|
https://fedorahosted.org/sssd/ticket/920
|
|
The list of resolved servers is allocated on the back end context and
kept in the fo_service structure. However, a single request often
resolves a server and keeps a pointer until the end of a request and
only then gives feedback about the server based on the request result.
This presents a big race condition in case the SRV resolution is used.
When there are requests coming in in parallel, it is possible that an
incoming request will invalidate a server until another request that
holds a pointer to the original server is able to give a feedback.
This patch simply checks if a server is in the list of servers
maintained by a service before reading its status.
https://fedorahosted.org/sssd/ticket/1364
|
|
The caller should issue a next request, which would just shortcut with
ENOENT.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1472
|
|
|
|
https://fedorahosted.org/sssd/ticket/1459
|
|
In the failover, we treat both KDC and LDAP on the IPA server as a single
"port", numbered 0. This was done in order to make sure that the SSSD
always talks to the same server for both LDAP and Kerberos.
However, this clever hack breaks when the IPA provider needs to establish an
GSSAPI encrypted LDAP connection because we're asking the fail over code to
yield a server while no server has yet been marked as tried. This triggers a
fail over for the KDC, so in effect, the TGT is received from second server.
If the second server is not available for some reason, the whole provider
goes offline.
The fail over needs to detect that the server asked for is still being
resolved and return the same pointer.
|
|
This bug was producing harmless, but annoying error messages.
|
|
Now there are two list of servers for each service. If currently
selected server is only backup, then an event will be scheduled which
tries to get connection to one of primary servers and if it succeeds,
it starts using this server instead of the one which is currently
connected to.
|
|
* These are common lines of debug output when starting
up sssd
https://bugzilla.redhat.com/show_bug.cgi?id=811113
|
|
https://fedorahosted.org/sssd/ticket/1274
|
|
https://fedorahosted.org/sssd/ticket/1214
|
|
https://fedorahosted.org/sssd/ticket/976
|
|
|
|
This is mostly a cosmetic patch.
The purpose of wrapping a multi-line macro in a do { } while(0) is to
make the macro usable as a regular statement, not a compound statement.
When the while(0) is terminated with a semicolon, the do { } while(0);
block becomes a compound statement again.
|
|
Allows to be more concise in tests and more defensive in resolve
callbacks
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/825
|
|
|
|
|
|
The failover code is not strictly in charge of resolving. Its main
function is to provide a server to connect to for a service.
It is legal, although not currently used, to have a server that has no
name (server->common == NULL). In this case, no resolving should be done
and it is assumed that the failover user, which are the SSSD back ends
in our case, would perform any resolving out of band, perhaps using the
user_data attribute of fo_server structure.
|
|
|
|
The previous version of the patch only expired a resolved host name
if the port was being reset. We want to always expire it so we notice
IP address changes even if the previous server is still up.
|
|
|
|
https://fedorahosted.org/sssd/ticket/809
|
|
|
|
For backwards-compatibility with older versions of the SSSD (such
as 1.2.x), we need to be able to have our DNS SRV record lookup be
capable of falling back to using the SSSD domain name as the DNS
discovery domain.
This patch modifies our DNS lookups so that they behave as
follows:
If dns_discovery_domain is specified, it is considered
authoritative. No other discovery domains will be attempted.
If dns_discovery_domain is not specified, we first attempt to look
up the SRV records using the domain portion of the machine's
hostname. If this returns "NOTFOUND", we will try performing an
SRV record query using the SSSD domain name as the DNS discovery
domain.
https://fedorahosted.org/sssd/ticket/754
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/721
|
|
https://fedorahosted.org/sssd/ticket/717
|
|
Before setting the backend to online during a reset offline request the
check_online method if the ID provider is called. If the check_online
method returns that the ID provider is still not reachable the backend
stays offline. Otherwise the backend is switched to online and the
related callbacks are run.
Additionally the check online test is called during the res_init request
because a change in /etc/resolve.conf might also make a server reachable
which was assumed offline before.
|
|
https://fedorahosted.org/sssd/ticket/691
|
|
|
|
In fail_over.c, there was a small bug causing subrequest to have
wrong parent memory context. This patch fixes it.
|
|
Fixes: #587
|
|
server was unexpectedly dropped.
|
|
through SRV records) failover servers.
|
|
The service discovery used to use the SSSD domain name to perform DNS
queries. This is not an optimal solution, for example from the point of
view of authconfig.
This patch introduces a new option "dns_discovery_domain" that allows to set
the domain part of a DNS SRV query. If this option is not set, the
default behavior is to use the domain part of the machine's hostname.
Fixes: #479
|
|
Fixes: #518
|
|
Fixes: #505
|