Age | Commit message (Collapse) | Author | Files | Lines |
|
struct sss_mc_rec had two hash members (hash1 and hash2) but only one next
member. This was a big problem in case of higher probability of hash collision.
structure sss_mc_rec will have two next members (next1, next2) with this patch.
next1 is related to hash1 and next2 is related to hash1.
Iterating over chains is changed, because we need to choose right next pointer.
Right next pointer will be chosen after comparing record hashes.
This behaviour is wrapped in function sss_mc_next_slot_with_hash.
Adding new record to chain is also changed. The situation is very similar to
iterating. We need to choose right next pointer (next1 or next2).
Right next pointer will be chosen after comparing record hashes.
Adding reference to next slot is wrapped in function
sss_mc_chain_slot_to_record_with_hash
Size of structure sss_mc_rec was increased from 32 bytes to 40 bytes.
Resolves:
https://fedorahosted.org/sssd/ticket/2049
|
|
If the environment variable _SSS_MC_SPECIAL is set to "NO", the
mmap cache is skipped in the client code. The name is not very
descriptive. This patch renames the variable to SSS_NSS_USE_MEMCACHE.
|
|
last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.
|
|
Removes off by one error when using macro MC_SIZE_TO_SLOTS
and adds new macro MC_SLOT_WITHIN_BOUNDS.
|
|
We had pattern in client code with 3 conditions
that can be replaced with one.
|
|
data->name value must be checked to prevent segfaults in
case of corrupted memory cache.
resolves:
https://fedorahosted.org/sssd/ticket/2018
|
|
This patch prevents jumping outside of allocated memory in
case of corrupted slot or name_ptr values. It is not proper
solution, just hotfix until we find out what is the root cause
of ticket https://fedorahosted.org/sssd/ticket/2018
|
|
|
|
This patch modifies the PAC responder so that it can be used with the AD
provider as well. The main difference is that the POSIX UIDs and GIDs
are now lookup up with the help of the SID instead of being calculated
algorithmically. This was necessary because the AD provider allows
either algorithmic mapping or reading the value from attributes stored
in AD.
Fixes https://fedorahosted.org/sssd/ticket/1558
|
|
https://fedorahosted.org/sssd/ticket/1772
SAFEALIGN macros have been renamed in this patch to
make it easy to pick the right macro when data is copied
from byte buffer to a variable or vice versa.
The renamed macros are placed in new header file to
avoid code duplication (the old ones were defined in
two files, one for the client code and one for the rest
of sssd).
|
|
Instead of appending @domain to names when the --domain option of sss_ssh_* is
used, put domain name in a separate field in client requests.
|
|
This patch add a library for client side lookups for a SID or with a
SID through the calls:
- sss_nss_getsidbyname
- sss_nss_getsidbyid
- sss_nss_getnamebysid
- sss_nss_getidbysid
The library is called libsss_nss_idmap and the contributed spec file
will create two new packages libsss_nss_idmap and
libsss_nss_idmap-devel.
|
|
https://fedorahosted.org/sssd/ticket/1889
Fixes two minor coverity issues.
|
|
Adding missing dependencies for linker. Missing dependency was
introduced by commit 22d381367c27910fe82f476a76b9f4ede555e35a
in changed file src/sss_client/nss_mc_common.c
All function declaration for io.c was moved from util.h to separate file io.h,
https://fedorahosted.org/sssd/ticket/1838
|
|
Header file "providers.h" is not included in any other
file and function "dp_process_init" declared in this header file
has no implementation.
Header file protos.h is not also included in any other file and even
hole content is commented out.
|
|
Functions open_cloexec and openat_cloexec were renamed with prefix
"sss_" and moved to separete file. Replacing duplicated code of
function sss_open_cloexec everywhere in the source code.
https://fedorahosted.org/sssd/ticket/1794
|
|
krb5 1.11 adds support for a new method for responding to
structured data queries. This method, called the responder,
provides an alternative to the prompter interface.
This patch adds support for this method. It takes the password
and provides it via a responder instead of the prompter. In the
case of OTP authentication, it also disables the caching of
credentials (since the credentials are one-time only).
|
|
https://fedorahosted.org/sssd/ticket/1819
|
|
This reverts commit 30c76633788c498b7d34e7e5944a3d36f26ec2db.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1748
|
|
https://fedorahosted.org/sssd/ticket/1724
|
|
We have 2 places where we memcpy memory and need barriers protection.
Use a macro so we can consolidate code in one place.
Second fix for: https://fedorahosted.org/sssd/ticket/1694
|
|
Fixes https://fedorahosted.org/sssd/ticket/1694
|
|
|
|
Eliminates a compiler warning
|
|
This caused troubles with subdomain users and it is not really
necessary. This patch does not change the protocol itself, that
should be done on the earliest possible occasion.
Part of https://fedorahosted.org/sssd/ticket/1616
|
|
https://fedorahosted.org/sssd/ticket/1495
|
|
* Protect the fd with a mutex when closing
* Set it to a safe value after closing
|
|
|
|
https://fedorahosted.org/sssd/ticket/1569
|
|
This cause troubles when we send data to a pipe and close the
file descriptor before data is read. The pipe is still readable,
but POLLHUP is detected and we fail to read them.
For example, this may cause a user beeing unable to log in.
Now if POLLHUP appears, we read the pipe and then close it on
the client side too.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1460
|
|
https://fedorahosted.org/sssd/ticket/1415
|
|
|
|
The idea is to rename session provider to selinux provider. Processing
of SELinux rules has to be performed in account stack in order to ensure
that pam_selinux (which is the first module in PAM session stack) will
get the correct input from SSSD.
Processing of account PAM stack is bound to access provider. That means
we need to have two providers executed when SSS_PAM_ACCT_MGMT message
is received from PAM responder. Change in data_provider_be.c ensures
just that - after access provider finishes its actions, the control is
given to selinux provider and only after this provider finishes is the
result returned to PAM responder.
|
|
https://fedorahosted.org/sssd/ticket/1379
|
|
SIGSEGV occured when sss_sudo_cli was run without any arguments.
|
|
Fixes https://fedorahosted.org/sssd/ticket/1409
|
|
Coverity #12803
|
|
|
|
https://fedorahosted.org/sssd/ticket/1239
Test client was changed accordingly. The new usage is:
sss_sudo_cli username [uid]
If uid is not set, getpwnam(username) is called. It will retrieve
both default options and rules.
|
|
|
|
|
|
|
|
This adds support for parsing PAC and storing information contained
within. In particular the user and all his memberships are stored. In
case it is necessary, getgrgid() requests are sent to provider for group
resolution.
|
|
Older platfroms like RHEL5 do not have support for O_CLOEXC and need an
explicit fcntl after the fd is created.
Add it conditionally so it can be clearly removed once we declared those
platfroms obsolete and unsupported.
|