Age | Commit message (Collapse) | Author | Files | Lines |
|
sss_mc_set_recycled is a static function, that should not
be used outside nsssrv_mmap_cache.c. The sss_cache tool
is an exception, because in the case when sssd is not running,
sss_cache must invalidate the memory cache file. That is why
sss_mc_set_recycled was copied to the tools_mc_util.c
(as helper function for sss_memcache_invalidate function).
It was duplicated to allow this function to remain static
(and invisible to any .h files), so that it is not used anywhere else.
Wrong usage of this function might cause race conditions and corrupt
the cache.
I'll add comments about the duplication to the code.
|
|
When requested entry was not found in one domain, an ERROR message
was written to the user even if the entry was found in
the next domain and deleted properly.
|
|
https://fedorahosted.org/sssd/ticket/1741
|
|
On success, waitpid() returns pid of terminated child, not 0.
|
|
Coverity bugs.
https://fedorahosted.org/sssd/ticket/1865
|
|
https://fedorahosted.org/sssd/ticket/1862
|
|
Functions open_cloexec and openat_cloexec were renamed with prefix
"sss_" and moved to separete file. Replacing duplicated code of
function sss_open_cloexec everywhere in the source code.
https://fedorahosted.org/sssd/ticket/1794
|
|
This parameter was never used.
https://fedorahosted.org/sssd/ticket/1765
|
|
https://fedorahosted.org/sssd/ticket/1756
Messages from poptStrerror() passed to BAD_POPT_PARAMS macro were
printed out to the console without new line character at the end of the
message. BAD_POPT_PARAMS should now behave correctly with strings both
with or without new line character at the end.
|
|
Use this function instead of explicitly calling domain->next
This function allows to get the next primary domain or to descend into the
subdomains and replaces also get_next_dom_or_subdom()
|
|
Found by coverity.
https://fedorahosted.org/sssd/ticket/1791
|
|
Provides compatible declarations for modern file management functions
such as futimens or opening with the O_CLOEXEC flag
|
|
When creating a home directory, the destination tree can be modified in
various ways while it is being constructed because directory permissions
are set before populating the directory. This can lead to file creation
and permission changes outside the target directory tree, using hard links.
This security problem was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
|
|
The removal of a home directory is sensitive to concurrent modification
of the directory tree being removed and can unlink files outside the
directory tree.
This security issue was assigned CVE-2013-0219
https://fedorahosted.org/sssd/ticket/1782
|
|
https://fedorahosted.org/sssd/ticket/1775
In addition to invalidating the group being added to when adding a
member group/user, we also need to invalidate all its parent groups,
otherwise this getgrnam("parent") wouldn't report the members newly
added to its child groups.
|
|
Tools for LOCAL domain should require FQDN if option
'use_fuly_quallified_names = TRUE' was configured.
https://fedorahosted.org/sssd/ticket/1746
|
|
If bad parameteres were passed to sss_cache, the init
function returned without calling DEBUG_INIT macro and
unnecessary level 1 debug message was printed.
https://fedorahosted.org/sssd/ticket/1745
|
|
|
|
|
|
The tools query the responder in order to sync the memcache after
performing changes to the local database. The functions will be reused
by other tools so I split them into a separate functions.
|
|
The upcoming patches will link only users of this file with client libs,
so it's better to have it separate.
There is no functional change in this patch
|
|
|
|
also fix sysdb_svc_add declarations
|
|
|
|
|
|
|
|
|
|
Also changes sysdb_search_custom_by_name()
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also remove unused sysdb_search_domgroup_by_name()
|
|
Also remove unused sysdb_search_domuser_by_name()
|
|
Also allows us to remove sysdb_subdom_get<pw/gr>nam() wrappers and restore
fqnames proper value in subdomains, by testing for a parent domain being
present or not.
|
|
|
|
|
|
We are deprecating sysdb->domain so kill the function that gives access to
this member as we should stop relying on it being available (or correct).
|
|
Bring it out of sysdb, which will slowly remove internal dependencies on
domains and instead will always require them to be passed by callers.
|
|
Change the way sysdbs are initialized. Make callers responsible for providing
the list of domains.
Remove the returned array of sysdb contexts, it was used only by sss_cache
and not really necessary there either as that tool can easily iterate the
domains.
Make sysdb ctx children of their respective domains.
Neither sysdb context nor domains are ever freed until a program is done so
there shouldn't be any memory hierarchy issue. As plus we simplify the code by
removing a destructor and a setter function.
|
|
Also fixes https://fedorahosted.org/sssd/ticket/1754
|
|
This reverts commit d698499602461b98fd56f2d550f80c6cb25f12a9.
And adds the correct fix.
Also makes the function static,as it is used nowehere else.
|
|
Besides adding the missing default this patch suppresses a compiler
warning about ret being uninitialized.
|
|
Using a vtable like this has various drawacks, including the fact prototypes
are not checked by the compiler so the code could silently break and still
compile fine (in fact I found this out changing one of the prototypes).
A switch statement is also better because it catches if the enum changed and
won't risk allowing to access the table out of bounds.
|
|
sss_cache did not accept fully quaified domain names.
https://fedorahosted.org/sssd/ticket/1620
|
|
https://fedorahosted.org/sssd/ticket/1659
|
|
The logic that checks if sssd_nss is running and then
sends SIGHUP to monitor or removes the caches was moved
to a function sss_memcache_clear_all() and made public in
tools_util.h.
|
|
https://fedorahosted.org/sssd/ticket/1612
This patch changes the handling of ghost attributes when saving the
actual user entry. Instead of always linking all groups that contained
the ghost attribute with the new user entry, the original member
attributes are now saved in the group object and the user entry is only
linked with its direct parents.
As the member attribute is compared against the originalDN of the user,
if either the originalDN or the originalMember attributes are missing,
the user object is linked with all the groups as a fallback.
The original member attributes are only saved if the LDAP schema
supports nesting.
|