Age | Commit message (Collapse) | Author | Files | Lines |
|
Use this function instead of explicitly calling domain->next
This function allows to get the next primary domain or to descend into the
subdomains and replaces also get_next_dom_or_subdom()
|
|
|
|
|
|
|
|
|
|
Change the way sysdbs are initialized. Make callers responsible for providing
the list of domains.
Remove the returned array of sysdb contexts, it was used only by sss_cache
and not really necessary there either as that tool can easily iterate the
domains.
Make sysdb ctx children of their respective domains.
Neither sysdb context nor domains are ever freed until a program is done so
there shouldn't be any memory hierarchy issue. As plus we simplify the code by
removing a destructor and a setter function.
|
|
Currently only the flat name of the configured domain is updated if it
is not already set. This patch updates the domain ID as well. This is
typically the case when trust support is enabled on the server side
while sssd is running.
|
|
Added new parameter to split_on_separator that allows to skip
empty values.
The whole function was rewritten. Unit test case was added to
check the new implementation.
https://fedorahosted.org/sssd/ticket/1484
|
|
This is an additional proteciont in case the provider misbheaves to avoid
having requests pending forever.
Fixes: https://fedorahosted.org/sssd/ticket/1717
|
|
The monitor sends calls different sbus methods to different responders.
Instead of including headers of the particular responders directly in
monitor, which breaks layering a little, create a common header file
that will be included from src/responder/common/
|
|
This is used for the new calls back from the data provider.
|
|
https://fedorahosted.org/sssd/ticket/1683
The result of the percent calculation was always 0 as it used plain
ints. The patch switches to using explicit floats to avoid reintroducing
the bug again even with brackets.
|
|
https://fedorahosted.org/sssd/ticket/1589
Added check for determining, whether database version is higher or
lower than expected. To distinguish it from other errors it uses
following retun values (further used for appropriate error message):
EMEDIUMTYPE for lower version than expected
EUCLEAN for higher version than expected
When SSSD or one of it's tools fails on DB version mismatch, new error
message is showed suggesting how to proceed.
|
|
If force is true, ret may stay uninitialized and if ret == 0
after the subrequest is send, we will go to immediate label.
Data provider request is sent, but the answer is never processed.
This prohibited subdomain from working correctly.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1571
The patch changes the subdomains discovery to use the tevent_req
style. Previously, the code violated several rules which made the code
very unreadable and led to memory hierarchy issues and use-after-free
errors.
|
|
https://fedorahosted.org/sssd/ticket/1514
We were experiencing crash duting responder shut down. This happened
when there were some unresolved dp request during the shut down.
The memory hierarchy is main_ctx->specific_ctx->rctx, where
specific_ctx may be one of the pam, nss, sudo, etc. contexts.
If we try to call dp request callback as a result of responder
termination, the specific context is already semi freed, which may
cause crash.
|
|
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1436
Now subdomains are not evaluated for local domains.
|
|
Rename the structure to use a standard name prefix so it is properly
name-spaced, in preparation for changing the structure itself.
|
|
The name context was not being initialized for local provider
domains because it was handled after skipping over the back-end
initialization routine. This patch moves the name context init
routine to occur earlier.
https://fedorahosted.org/sssd/ticket/1412
|
|
A check for allowed UIDs is added in the common responder code directly
after accept(). If the platform does not support reading the UID of the
peer but allowed UIDs are configured, access is denied.
Currently only the PAC responder sets the allowed UIDs for a socket. The
default is that only root is allowed to access the socket of the PAC
responder.
Fixes: https://fedorahosted.org/sssd/ticket/1382
|
|
* These are common lines of debug output when starting
up sssd
https://bugzilla.redhat.com/show_bug.cgi?id=811113
|
|
|
|
|
|
|
|
* Allows different user/domain qualified names for different
domains. For example Domain\User or user@domain.
* The global re_expression and full_name_format options remain
as defaults for the domains.
* Subdomains get the re_expression and full_name_format of
their parent domain.
https://bugzilla.redhat.com/show_bug.cgi?id=811663
|
|
Instead of using account_info request, creates a new ssh specific
request. This improves code readability and will make the code more
flexible in the future.
https://fedorahosted.org/sssd/ticket/1176
|
|
sss_process_init forgot to check return value of confdb_get_int
|
|
|
|
|
|
Now it checks for subdomains as well as for the domain itself
|
|
|
|
|
|
|
|
The function that handled pending requests on reconnect was checking an
orphaned global variable that was never used, redenring the whole function
uselsess.
This fixes a very nasty bug that was causing requests for which we never
received an answer for (for example because the backend failed and was
restarted) to be never removed and therefore causing a black hole effect for
any other request of the same type.
Fixes: https://fedorahosted.org/sssd/ticket/1229
|
|
This code will now attempt first to see if it has privilege to set
the value as specified, and if not it will fall back to the
previous behavior. So on systems with the CAP_SYS_RESOURCE
capability granted to SSSD, it will be able to ignore the
limits.conf hard limit.
https://fedorahosted.org/sssd/ticket/1197
|
|
This patch will increase the file descriptor limit to 8k or the
limits.conf maximum, whichever is lesser.
https://fedorahosted.org/sssd/ticket/1197
|
|
|
|
Also adds some more debugging and fixes a code style issue.
https://fedorahosted.org/sssd/ticket/1182
|
|
Host requests are directed to the host info handler.
|
|
|
|
|
|
Makes the setent_add_ref() and setent_notify_*() functions more generic
to be reusable by the autofs responder.
|
|
The common function could be reused in new responders
|
|
|