summaryrefslogtreecommitdiff
path: root/src/util
AgeCommit message (Collapse)AuthorFilesLines
2011-08-25New DEBUG facility - SSSDBG_UNRESOLVED changed from -1 to 0Pavel Březina3-13/+11
Removed: SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED) Added new macro: CONVERT_AND_SET_DEBUG_LEVEL(new_value) Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0 so DEBUG macro could be reduced by one condition. Anyway, it has a minor effect, every time you want to load debug_level from command line parameters, you have to use following pattern: /* Set debug level to invalid value so we can deside if -d 0 was used. */ debug_level = SSSDBG_INVALID; pc = poptGetContext(argv[0], argc, argv, long_options, 0); while((opt = poptGetNextOpt(pc)) != -1) { ... } CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
2011-08-25New DEBUG facility - conversionPavel Březina3-21/+11
https://fedorahosted.org/sssd/ticket/925 Conversion of the old debug_level format to the new one. (only where it was necessary) Removed: SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
2011-08-25New DEBUG facility - modified DEBUGPavel Březina1-6/+41
https://fedorahosted.org/sssd/ticket/925 Modified: DEBUG() macro to work with new levels There are several new macros in util/util.h: - DEBUG_MSG(level, function, message) which will format the debug message like "(time) [prg_name] [function] (level): message\n" - DEBUG_IS_SET(level) that you should use to check if the level is allowed to be logged You can use it like: if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {...}
2011-08-25New DEBUG facility - new levelsPavel Březina2-2/+89
https://fedorahosted.org/sssd/ticket/925 Added functions: - debug_convert_old_level() to convert levels 0-9 to appropriate bitmask debug_convert_old_level(5) returns 0x03F0 (= 0 | 1 | 2 | 3 | 4 | 5) - debug_get_level() to convert old level number to its new value debug_get_level(5) returns 0x0200 (= 5) There are several new macros in util/util.h: - SSSDBG_* to reflect a debug level (same names as in the ticket) - please, don't use magic numbers anymore
2011-08-15Handle timeout during sss_ldap_init_sendJakub Hrozek2-2/+36
In some cases, where there would be no response from the LDAP server, there would be no R/W events on the LDAP fd, so sdap_async_sys_connect_done would never be called. This patch adds a tevent timer that cancels the connection after SDAP_NETWORK_TIMEOUT seconds.
2011-08-15Handle errno properly in set_debug_file_from_fd()Jakub Hrozek1-2/+5
2011-08-11Allow the O_NONBLOCK flag to be reset correctlyRalf Haferkamp1-14/+0
sssd set the O_NONBLOCK flag on the LDAP socket twice. First in set_fd_flags_and_opts(). And the second time in sdap_async_sys_connect_send() after storing a backup in the local state structure. The backup is later used to restore the original flags (after connect() succeeded). As NONBLOCK was already set before it didn't correctly reset that flag. https://fedorahosted.org/sssd/ticket/952
2011-08-08debug_timestamps fixesPavel Březina3-11/+16
Fixed: could not overwrite debug_timestamps when set in sssd.conf Fixed: invalid description of debug_timestamps in sssd man page
2011-07-13Fix python HBAC bindings for python <= 2.4Jakub Hrozek2-0/+167
Several parts of the HBAC python bindings did not work with old Python versions, such as the one shipped in RHEL5. The changes include: * a compatibility wrapper around python set object * PyModule_AddIntMacro compat macro * Py_ssize_t compat definition * Do not use PyUnicode_FromFormat * several function prototypes and structures used to have "char arguments where they have "const char *" in recent versions. This caused compilation warnings this patch mitigates by using the discard_const hack on python 2.4
2011-07-11Move IP adress escaping from the LDAP namespaceJakub Hrozek4-11/+11
2011-07-05Call ldap_install_tls() on ldaps connectionsSumit Bose1-0/+15
2011-07-01Do not access state after tevent_req_done() is called.Sumit Bose1-10/+16
2011-07-01Do not attempt to close() a file descriptor < 0Stephen Gallagher1-1/+3
Coverity 10886
2011-06-30Use ldap_init_fd() instead of ldap_initialize() if availableSumit Bose2-0/+346
2011-06-15Make parse_args skip extra spacesJakub Hrozek1-16/+24
https://fedorahosted.org/sssd/ticket/871
2011-06-02Add a utility function to escape IPv6 address for use in URIsJakub Hrozek2-0/+11
2011-05-23Import config.h earlierStephen Gallagher1-2/+1
On RHEL 5 and other older platforms, failing to set _GNU_SOURCE early would cause some functions - such as strndup() - to be unavailable.
2011-05-23Set _GNU_SOURCE globallySumit Bose5-6/+6
2011-05-20Add support for Attribute Scoped QueriesJakub Hrozek1-0/+4
For more details on ASQ, see: http://msdn.microsoft.com/en-us/library/aa366976%28VS.85%29.aspx http://msdn.microsoft.com/en-us/library/aa746418%28v=VS.85%29.aspx
2011-05-16Fixed unitialized pointer in select_principal_from_keytabJan Zeleny1-1/+1
https://fedorahosted.org/sssd/ticket/857
2011-05-16Fixed unitialized return value in match_principalJan Zeleny1-2/+1
https://fedorahosted.org/sssd/ticket/858
2011-05-06Allow changing the log level without restartStephen Gallagher2-3/+24
We will now re-read the confdb debug_level value when processing the monitor_common_logrotate() function, which occurs when the monitor receives a SIGHUP.
2011-05-05Added some kerberos functions for building on RHEL5Jan Zeleny2-5/+188
2011-05-04Override config file debug_level with command-lineStephen Gallagher3-9/+16
This patch also makes the following changes: 1) The [sssd] debug_level setting no longer acts as a default for all other sections. 2) We will now skip passing the debug argument to the child processes from the master unless the SSSD was run with a command-line argument for the debug level. https://fedorahosted.org/sssd/ticket/764
2011-04-25Modify principal selection for keytab authenticationJan Zeleny2-2/+180
Currently we construct the principal as host/fqdn@REALM. The problem with this is that this principal doesn't have to be in the keytab. In that case the provider fails to start. It is better to scan the keytab and find the most suitable principal to use. Only in case no suitable principal is found the backend should fail to start. The second issue solved by this patch is that the realm we are authenticating the machine to can be in general different from the realm our users are part of (in case of cross Kerberos trust). The patch adds new configuration option SDAP_SASL_REALM. https://fedorahosted.org/sssd/ticket/781
2011-04-25Extend and move function for finding principal in keytabJan Zeleny2-0/+161
The function now supports finding principal in keytab not only based on realm, but based on both realm and primary/instance parts. The function also supports * wildcard at the beginning or at the end of primary principal part. The function for finding principal has been moved to util/sss_krb5.c, so it can be used in other parts of the code.
2011-04-08Don't pass NULL to printf for TLS errorsJakub Hrozek2-0/+33
https://fedorahosted.org/sssd/ticket/643
2011-01-21Fix uninitialized value errorSumit Bose1-1/+1
2011-01-20NSS obfuscation code cleanupJakub Hrozek1-38/+97
https://fedorahosted.org/sssd/ticket/752
2011-01-11Add overflow check to SAFEALIGN_COPY_*_CHECK macrosSumit Bose1-3/+6
2011-01-11Validate user supplied size of data itemsSumit Bose1-0/+5
Specially crafted packages might lead to an integer overflow and the parsing of the input buffer might not continue as expected. This issue was identified by Sebastian Krahmer <krahmer@suse.de>.
2010-12-20Introduce sss_hash_create_ex()Sumit Bose2-6/+29
2010-12-17Fix unchecked return value in sss_krb5_verify_keytab_exStephen Gallagher1-1/+8
https://fedorahosted.org/sssd/ticket/711
2010-12-16Fix invalid sizeof in pidfileStephen Gallagher1-1/+1
https://fedorahosted.org/sssd/ticket/730
2010-12-14Add missing break statement to sss_hash_createStephen Gallagher1-0/+1
https://fedorahosted.org/sssd/ticket/720
2010-12-08Fix build issue with older Kerberos librarySumit Bose1-0/+7
2010-12-07Add support for FAST in krb5 providerSumit Bose2-0/+62
2010-12-03krb5_child returns TGT lifetimeSumit Bose1-0/+6
2010-12-02Add a special filter type to handle enumerationsSumit Bose1-0/+2
2010-12-02Make default SIGTERM and SIGINT handlers use teventStephen Gallagher1-1/+33
2010-11-18Add missing error codeSumit Bose1-0/+1
2010-11-15Add utility function to sanitize LDAP/LDB filtersStephen Gallagher2-0/+63
Also adds a unit test.
2010-11-05Handle errors during log reopening betterStephen Gallagher1-2/+28
2010-10-26Always use uint32_t for UID/GID numbersJakub Hrozek2-4/+4
2010-10-19Write log opening failures to the syslogStephen Gallagher1-0/+3
If there is a problem with reopening the logs, it can be an audit trail issue.
2010-10-18Use unsigned long for conversion to id_tJakub Hrozek1-4/+4
We used strtol() on a number of places to convert into uid_t or gid_t from a string representation such as LDAP attribute, but on some platforms, unsigned long might be necessary to store big id_t values. This patch converts to using strtoul() instead.
2010-10-13Add a missing include fileSumit Bose1-0/+1
strcasecmp() is defined in strings.h which might not be included under certain conditions.
2010-10-08Add common hash table setupStephen Gallagher2-0/+58
sss_hash_create() produces a dhash table living in the talloc hierarchy.
2010-09-23Use new MIT krb5 API for better password expiration warningsSumit Bose2-2/+26
2010-09-15Fix parameter order when initializing decryptionJakub Hrozek1-1/+1