Age | Commit message (Collapse) | Author | Files | Lines |
|
|
|
https://fedorahosted.org/sssd/ticket/1581
If the namingContext attribute had no values or multiple values, then
our code would dereference a NULL pointer.
|
|
|
|
|
|
|
|
The IPA has a defined directory tree structure that allows us to guess
the username from a DN without having to look up the DN in LDAP.
https://fedorahosted.org/sssd/ticket/1319
|
|
https://fedorahosted.org/sssd/ticket/1574
|
|
There are case where the extdom extended operation will return the flat
or NetBIOS name of a domain instead of the DNS domain name. If this name
is available for the current domain we accept it as well.
Related to https://fedorahosted.org/sssd/ticket/1561
|
|
Fixes https://fedorahosted.org/sssd/ticket/1561
|
|
|
|
* Protect the fd with a mutex when closing
* Set it to a safe value after closing
|
|
If the debug level contains SSSDBG_TRACE_ALL, then the logs would also
include tracing information from libkrb5.
https://fedorahosted.org/sssd/ticket/1539
|
|
There was an unused structure member in the krb5_child.
Declaration of __krb5_error_msg was shadowing the same variable from
sss_krb5.h which is not nice. Also we might actually use the error
context directly instead of passing it as parameter.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1569
|
|
https://fedorahosted.org/sssd/ticket/1571
The patch changes the subdomains discovery to use the tevent_req
style. Previously, the code violated several rules which made the code
very unreadable and led to memory hierarchy issues and use-after-free
errors.
|
|
https://fedorahosted.org/sssd/ticket/1551
|
|
https://fedorahosted.org/sssd/ticket/1514
We were experiencing crash duting responder shut down. This happened
when there were some unresolved dp request during the shut down.
The memory hierarchy is main_ctx->specific_ctx->rctx, where
specific_ctx may be one of the pam, nss, sudo, etc. contexts.
If we try to call dp request callback as a result of responder
termination, the specific context is already semi freed, which may
cause crash.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1499
Adds log message about not finding appropriate entry in keytab and using
the last keytab entry when validation is enabled.
Adds more information about validation into manpage.
|
|
If there was no SID attribute, then we would have detected it by
checking the number of values of an element. We would however happily
return EOK in that case and save garbage into the sid_str.
This was causing segfault when the entry was supposed to be ID-mapped by
had no SID.
|
|
This cause troubles when we send data to a pipe and close the
file descriptor before data is read. The pipe is still readable,
but POLLHUP is detected and we fail to read them.
For example, this may cause a user beeing unable to log in.
Now if POLLHUP appears, we read the pipe and then close it on
the client side too.
|
|
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1563
|
|
If a provider is terminated and the monitor tries to restart it,
it goes again through mark_service_as_started() which
will try to create pid file again because number of running
services didn't change.
Because the pid file cannot be created twice, it will not return
EOK and the whole SSSD is terminated.
|
|
https://fedorahosted.org/sssd/ticket/1540
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/1537
changes upper limit of slices to 2000200000 in providers code and
manpage.
|
|
|
|
fixes https://fedorahosted.org/sssd/ticket/1533
ccache file template is now checked for appended XXXXXX for use with
mkstemp. When those characters are not present, warning is written to log.
|
|
After we switched to writing pidfile after the responders started, we
forgot that starting a second SSSD instance would first overwrite the
pipes and sockets and only then the SSSD would find out there already is
a pidfile.
This patch checks for existing pidfile before proceeding with startup.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1562
|
|
base.
https://fedorahosted.org/sssd/ticket/1471
|
|
|
|
https://fedorahosted.org/sssd/ticket/1553
|
|
sss_seed fails if password file specified with -p or
--password-file option contains password longer than
PASS_MAX.
Man pages inform about PASS_MAX limitation.
|
|
When file is used to specify a password in sss_seed, then only
first line of this file is used.
Also empty passwords are treated as errors.
https://fedorahosted.org/sssd/ticket/1548
|
|
https://fedorahosted.org/sssd/ticket/1549
|
|
debug_level was set before the parameters were parsed, so the
default debug_level value was always used. Also CHECK_ROOT
macro was used on bad place, so only root was able to
run sss_seed --help/-?.
|
|
|
|
https://fedorahosted.org/sssd/ticket/1535
|
|
Fixes: https://fedorahosted.org/sssd/ticket/1525
|
|
https://fedorahosted.org/sssd/ticket/1303
Domain start up was taking too long when there are many principals
in a kerberos keytab. We were looking up in the keytab two times.
The first time we try to select a proper principal and remember it.
The second call happens almost right after the first one and
it is just a check if the principal exists in the keytab, without
any output information other than success/failure. It is
probably a left over from https://fedorahosted.org/sssd/ticket/781.
This patch removes the second call.
|
|
https://fedorahosted.org/sssd/ticket/1357
|
|
|
|
https://fedorahosted.org/sssd/ticket/1541
|