| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Removed:
SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED)
Added new macro:
CONVERT_AND_SET_DEBUG_LEVEL(new_value)
Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0
so DEBUG macro could be reduced by one condition. Anyway, it has a minor
effect, every time you want to load debug_level from command line parameters,
you have to use following pattern:
/* Set debug level to invalid value so we can deside if -d 0 was used. */
debug_level = SSSDBG_INVALID;
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) { ... }
CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
|
|
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
|
https://fedorahosted.org/sssd/ticket/925
Modified: DEBUG() macro to work with new levels
There are several new macros in util/util.h:
- DEBUG_MSG(level, function, message) which will format the debug message
like "(time) [prg_name] [function] (level): message\n"
- DEBUG_IS_SET(level) that you should use to check if the level is allowed
to be logged
You can use it like: if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {...}
|
|
https://fedorahosted.org/sssd/ticket/925
Added functions:
- debug_convert_old_level() to convert levels 0-9 to appropriate bitmask
debug_convert_old_level(5) returns 0x03F0 (= 0 | 1 | 2 | 3 | 4 | 5)
- debug_get_level() to convert old level number to its new value
debug_get_level(5) returns 0x0200 (= 5)
There are several new macros in util/util.h:
- SSSDBG_* to reflect a debug level (same names as in the ticket) - please,
don't use magic numbers anymore
|
|
In some cases, where there would be no response from the LDAP server,
there would be no R/W events on the LDAP fd, so
sdap_async_sys_connect_done would never be called.
This patch adds a tevent timer that cancels the connection after
SDAP_NETWORK_TIMEOUT seconds.
|
|
|
|
sssd set the O_NONBLOCK flag on the LDAP socket twice. First in
set_fd_flags_and_opts(). And the second time in sdap_async_sys_connect_send()
after storing a backup in the local state structure. The backup is later
used to restore the original flags (after connect() succeeded). As NONBLOCK
was already set before it didn't correctly reset that flag.
https://fedorahosted.org/sssd/ticket/952
|
|
Fixed: could not overwrite debug_timestamps when set in sssd.conf
Fixed: invalid description of debug_timestamps in sssd man page
|
|
Several parts of the HBAC python bindings did not work with old Python
versions, such as the one shipped in RHEL5.
The changes include:
* a compatibility wrapper around python set object
* PyModule_AddIntMacro compat macro
* Py_ssize_t compat definition
* Do not use PyUnicode_FromFormat
* several function prototypes and structures used to have "char
arguments where they have "const char *" in recent versions.
This caused compilation warnings this patch mitigates by using
the discard_const hack on python 2.4
|
|
|
|
|
|
|
|
Coverity 10886
|
|
|
|
https://fedorahosted.org/sssd/ticket/871
|
|
|
|
On RHEL 5 and other older platforms, failing to set _GNU_SOURCE
early would cause some functions - such as strndup() - to be
unavailable.
|
|
|
|
For more details on ASQ, see:
http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx
http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
|
|
https://fedorahosted.org/sssd/ticket/857
|
|
https://fedorahosted.org/sssd/ticket/858
|
|
We will now re-read the confdb debug_level value when processing
the monitor_common_logrotate() function, which occurs when the
monitor receives a SIGHUP.
|
|
|
|
This patch also makes the following changes:
1) The [sssd] debug_level setting no longer acts as a default for
all other sections.
2) We will now skip passing the debug argument to the child
processes from the master unless the SSSD was run with a
command-line argument for the debug level.
https://fedorahosted.org/sssd/ticket/764
|
|
Currently we construct the principal as host/fqdn@REALM. The problem
with this is that this principal doesn't have to be in the keytab. In
that case the provider fails to start. It is better to scan the keytab
and find the most suitable principal to use. Only in case no suitable
principal is found the backend should fail to start.
The second issue solved by this patch is that the realm we are
authenticating the machine to can be in general different from the realm
our users are part of (in case of cross Kerberos trust).
The patch adds new configuration option SDAP_SASL_REALM.
https://fedorahosted.org/sssd/ticket/781
|
|
The function now supports finding principal in keytab not only based on
realm, but based on both realm and primary/instance parts. The function
also supports * wildcard at the beginning or at the end of primary
principal part. The function for finding principal has been moved to
util/sss_krb5.c, so it can be used in other parts of the code.
|
|
https://fedorahosted.org/sssd/ticket/643
|
|
|
|
https://fedorahosted.org/sssd/ticket/752
|
|
|
|
Specially crafted packages might lead to an integer overflow and the
parsing of the input buffer might not continue as expected. This issue
was identified by Sebastian Krahmer <krahmer@suse.de>.
|
|
|
|
https://fedorahosted.org/sssd/ticket/711
|
|
https://fedorahosted.org/sssd/ticket/730
|
|
https://fedorahosted.org/sssd/ticket/720
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Also adds a unit test.
|
|
|
|
|
|
If there is a problem with reopening the logs, it can be an audit
trail issue.
|
|
We used strtol() on a number of places to convert into uid_t or gid_t
from a string representation such as LDAP attribute, but on some
platforms, unsigned long might be necessary to store big id_t values.
This patch converts to using strtoul() instead.
|
|
strcasecmp() is defined in strings.h which might not be included under
certain conditions.
|
|
sss_hash_create() produces a dhash table living in the talloc
hierarchy.
|
|
|
|
|
