Age | Commit message (Collapse) | Author | Files | Lines |
|
https://fedorahosted.org/sssd/ticket/972
--debug-timestamps=1 is now passed to providers
|
|
Removed:
SSS_UNRESOLVED_DEBUG_LEVEL (completely replaced with SSSDBG_UNRESOLVED)
Added new macro:
CONVERT_AND_SET_DEBUG_LEVEL(new_value)
Changes unresolved debug level value (SSSDBG_UNRESOLVED) from -1 to 0
so DEBUG macro could be reduced by one condition. Anyway, it has a minor
effect, every time you want to load debug_level from command line parameters,
you have to use following pattern:
/* Set debug level to invalid value so we can deside if -d 0 was used. */
debug_level = SSSDBG_INVALID;
pc = poptGetContext(argv[0], argc, argv, long_options, 0);
while((opt = poptGetNextOpt(pc)) != -1) { ... }
CONVERT_AND_SET_DEBUG_LEVEL(debug_level);
|
|
https://fedorahosted.org/sssd/ticket/925
|
|
https://fedorahosted.org/sssd/ticket/925
Modified sssd and sssd.conf man pages to reflect new levels.
Added new man include: include/debug_levels.xml
|
|
https://fedorahosted.org/sssd/ticket/925
Conversion of the old debug_level format to the new one.
(only where it was necessary)
Removed:
SSS_DEFAULT_DEBUG_LEVEL (completely replaced with SSSDBG_DEFAULT)
|
|
https://fedorahosted.org/sssd/ticket/925
Modified: DEBUG() macro to work with new levels
There are several new macros in util/util.h:
- DEBUG_MSG(level, function, message) which will format the debug message
like "(time) [prg_name] [function] (level): message\n"
- DEBUG_IS_SET(level) that you should use to check if the level is allowed
to be logged
You can use it like: if (DEBUG_IS_SET(SSSDBG_TRACE_LIBS)) {...}
|
|
https://fedorahosted.org/sssd/ticket/925
Added functions:
- debug_convert_old_level() to convert levels 0-9 to appropriate bitmask
debug_convert_old_level(5) returns 0x03F0 (= 0 | 1 | 2 | 3 | 4 | 5)
- debug_get_level() to convert old level number to its new value
debug_get_level(5) returns 0x0200 (= 5)
There are several new macros in util/util.h:
- SSSDBG_* to reflect a debug level (same names as in the ticket) - please,
don't use magic numbers anymore
|
|
Instead of returning PAM_SYSTEM_ERR if they necessary attributes for the
requested password policy cannot be found we return PAM_PERM_DENIED.
Additionally the log message says that the access is denied.
|
|
match RDN
https://fedorahosted.org/sssd/ticket/926
|
|
https://fedorahosted.org/sssd/ticket/963
|
|
In some cases, where there would be no response from the LDAP server,
there would be no R/W events on the LDAP fd, so
sdap_async_sys_connect_done would never be called.
This patch adds a tevent timer that cancels the connection after
SDAP_NETWORK_TIMEOUT seconds.
|
|
|
|
|
|
|
|
|
|
|
|
The file has been split in three:
sdap_async_users.c
sdap_async_groups.c
sdap_async_initgroups.c
https://fedorahosted.org/sssd/ticket/864
|
|
memctx to mem_ctx
tmpctx to tmp_ctx
|
|
This patch deletes memory context parameter in those places in sysdb
where it is not necessary. The code using modified functions has been
updated. Tests updated as well.
|
|
The patch also updates code using modified functions. Tests have also
been adjusted.
|
|
|
|
|
|
|
|
sssd set the O_NONBLOCK flag on the LDAP socket twice. First in
set_fd_flags_and_opts(). And the second time in sdap_async_sys_connect_send()
after storing a backup in the local state structure. The backup is later
used to restore the original flags (after connect() succeeded). As NONBLOCK
was already set before it didn't correctly reset that flag.
https://fedorahosted.org/sssd/ticket/952
|
|
tmp_ctx is a child of ctx.
|
|
|
|
|
|
https://fedorahosted.org/sssd/ticket/954
|
|
|
|
Fixed: could not overwrite debug_timestamps when set in sssd.conf
Fixed: invalid description of debug_timestamps in sssd man page
|
|
This file should not be installed by default. It leads to user
confusion. We will instead install it as documentation.
Fix incorrect example of entry_cache_nowait_percentage
|
|
This reverts commit b0b9c38dfce3e3ccbfaa4d00fdf2ea08a70d41a6.
|
|
https://fedorahosted.org/sssd/ticket/951
|
|
|
|
|
|
|
|
Previously, we were only displaying expiration warnings if the
password was going to expire within a day. We'll allow LDAP to
make this decision (by whether it passes us the expiration time).
In the future, we can add an option to clamp this down to a
shorter period if the local admin prefers it.
|
|
https://fedorahosted.org/sssd/ticket/940
|
|
https://fedorahosted.org/sssd/ticket/943
|
|
https://fedorahosted.org/sssd/ticket/944
|
|
https://fedorahosted.org/sssd/ticket/943
|
|
This caused no ill effects, since it wasn't used in the callback.
However, it is a layering violation (especially since req is freed
in the callback)
|
|
|
|
These two functions were almost identical. Better to maintain them
as a single function.
|
|
https://fedorahosted.org/sssd/ticket/936
|
|
https://fedorahosted.org/sssd/ticket/933
|
|
There may be users in LDAP that have a valid but unwelcome shell
set in their account. This adds a blacklist of shells that should
always be replaced by the fallback_shell.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
If a pam or nss module is dlcolse()d and unloaded we were leaking
the file descriptor used to communicate to sssd in the process.
Make sure the fucntion used to close the socket file descriptor is
called on dlclose()
Silence autoconf 2.28 warnings (Patch by Jakub Hrozek)
|
|
|
|
|