sssd.git/src/util, branch misc sssd with jhrozek's patches UTIL: More restrictive umask on sss_unique_file() 2015-11-05T15:07:55+00:00 Petr Cech pcech@redhat.com 2015-10-21T12:06:19+00:00 56e067109659886408789c936d37c1e86fe46695 There is no need to have executable unique_file. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
There is no need to have executable unique_file.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
LDAP: Fix leak of file descriptors 2015-11-05T09:31:46+00:00 Lukas Slebodnik lslebodn@redhat.com 2015-10-22T08:30:12+00:00 a10f67d4c64f3b1243de5d86a996475361adf0ac The state "struct sss_ldap_init_state" contains socket created in function sss_ldap_init_send. We register callback sdap_async_sys_connect_timeout for handling issue with connection The tevent request "sss_ldap_init_send" is usually (nested) subrequest of "struct resolve_service_state" related request created in fucntion fo_resolve_service_send. Function fo_resolve_service_send also register timeout callback fo_resolve_service_timeout to state "struct resolve_service_state". It might happen that fo_resolve_service_timeout will be called before sss_ldap_init_send timeout and we could not handle tiemout error for state "struct sss_ldap_init_state" and therefore created socket was not closed. We tried to release resources in function sdap_handle_release. But the structure "struct sdap_handle" had not been initialized yet with LDAP handle and therefore associated file descriptor could not be closed. [fo_resolve_service_timeout] (0x0080): Service resolving timeout reached [fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110] [sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory [be_resolve_server_done] (0x1000): Server resolution failed: 14 [be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14] [check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)] Resolves: https://fedorahosted.org/sssd/ticket/2792 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
The state "struct sss_ldap_init_state" contains socket
created in function sss_ldap_init_send. We register callback
sdap_async_sys_connect_timeout for handling issue with connection

The tevent request "sss_ldap_init_send" is usually (nested) subrequest
of "struct resolve_service_state" related request created in fucntion
fo_resolve_service_send. Function fo_resolve_service_send also register
timeout callback fo_resolve_service_timeout to state "struct
resolve_service_state".

It might happen that fo_resolve_service_timeout will be called before
sss_ldap_init_send timeout and we could not handle tiemout error
for state "struct sss_ldap_init_state" and therefore created socket
was not closed.

We tried to release resources in function sdap_handle_release.
But the structure "struct sdap_handle" had not been initialized yet
with LDAP handle and therefore associated file descriptor could not be closed.

[fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
[fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110]
[sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory
[be_resolve_server_done] (0x1000): Server resolution failed: 14
[be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14]
[check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)]

Resolves:
https://fedorahosted.org/sssd/ticket/2792

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
server_setup: Log failed attempt to set locale 2015-11-04T08:09:30+00:00 Michal Židek mzidek@redhat.com 2015-10-19T13:49:02+00:00 a0c8aae6b31867f29e83e4f8a2a7ef037a82569e Failed setlocale call could cause unexpected behaviour. It is better to generate DEBUG message if this happens. Reviewed-by: Michal Židek <mzidek@redhat.com> 
Failed setlocale call could cause unexpected
behaviour. It is better to generate DEBUG
message if this happens.

Reviewed-by: Michal Židek <mzidek@redhat.com>
DEBUG: Preventing chown_debug_file if journald on 2015-10-27T09:44:02+00:00 Petr Cech pcech@redhat.com 2015-09-10T14:05:59+00:00 152fed23797c8950ca18cf6dc2bddb61a3f615c8 There is function chown_debug_file() which didn't check if the SSSD is compiled with journald support. This patch add simple checking of this state. Resolves: https://fedorahosted.org/sssd/ticket/2493 Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com> 
There is function chown_debug_file() which didn't check
if the SSSD is compiled with journald support.

This patch add simple checking of this state.

Resolves:
https://fedorahosted.org/sssd/ticket/2493

Reviewed-by: Lukáš Slebodník <lslebodn@redhat.com>
util: Update get_next_domain's interface 2015-10-23T08:32:23+00:00 Michal Židek mzidek@redhat.com 2015-09-09T12:37:48+00:00 877b92e80bde510d5cd9f03dbf01e2bcf73ab072 Update get next domain to be able to include disbled domains and change the interface to accept flags instead of multiple booleans. Ticket: https://fedorahosted.org/sssd/ticket/2673 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
Update get next domain to be able to
include disbled domains and change the
interface to accept flags instead of
multiple booleans.

Ticket:
https://fedorahosted.org/sssd/ticket/2673

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
UTILS: More restrictive permissions in domain_info 2015-10-14T11:27:21+00:00 Petr Cech pcech@redhat.com 2015-10-06T11:57:17+00:00 a0ad4f2a4a342214acd4ab4b77cc5ccce22b35ad There are two occurances of creating temp. file under SSS_DFL_X_UMASK permissions which enable possibility to grant executable permission. After writting to those temp. files, they are renamed and they get 0644 permissions. So SSS_DFL_UMASK is good enough fot this case. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
There are two occurances of creating temp. file under SSS_DFL_X_UMASK
permissions which enable possibility to grant executable permission.
After writting to those temp. files, they are renamed and they
get 0644 permissions. So SSS_DFL_UMASK is good enough fot this case.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
REFACTOR: umask(077) --> umask(SSS_DFL_X_UMASK) 2015-10-14T11:27:13+00:00 Petr Cech pcech@redhat.com 2015-10-05T14:12:36+00:00 f8e337540d280f944098cd4dd7d670e2f7166b54 There are many calls of umask function with 077 argument. This patch add new constant SSS_DFL_X_UMASK which stands fot 077. So all occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
There are many calls of umask function with 077 argument. This patch
add new constant SSS_DFL_X_UMASK which stands fot 077. So all
occurences of umask(077) are replaced by constant SSS_DFL_X_UMASK.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
REFACTOR: umask(0177) --> umask(SSS_DFL_UMASK) 2015-10-14T11:27:02+00:00 Petr Cech pcech@redhat.com 2015-10-05T13:38:10+00:00 c299f997e20011536e365bc18e59e73f68629d2c There are many calls of umask function with 0177 argument. This patch add new constant SSS_DFL_UMASK which stands for 0177. So all occurences of umask(0177) (except responder code) are replaced by constant SSS_DFL_UMASK. Resolves: https://fedorahosted.org/sssd/ticket/2424 Reviewed-by: Jakub Hrozek <jhrozek@redhat.com> 
There are many calls of umask function with 0177 argument. This patch
add new constant SSS_DFL_UMASK which stands for 0177. So all occurences
of umask(0177) (except responder code) are replaced by constant
SSS_DFL_UMASK.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
UTIL: Convert domain->disabled into tri-state with domain states 2015-09-21T15:03:01+00:00 Jakub Hrozek jhrozek@redhat.com 2015-08-18T15:15:44+00:00 b5825c74b6bf7a99ae2172392dbecb51179013a6 Required for: https://fedorahosted.org/sssd/ticket/2637 This is a first step towards making it possible for domain to be around, but not contacted by Data Provider. Also explicitly create domains as active, previously we only relied on talloc_zero marking dom->disabled as false. Reviewed-by: Pavel Březina <pbrezina@redhat.com> 
Required for:
https://fedorahosted.org/sssd/ticket/2637

This is a first step towards making it possible for domain to be around,
but not contacted by Data Provider.

Also explicitly create domains as active, previously we only relied on
talloc_zero marking dom->disabled as false.

Reviewed-by: Pavel Březina <pbrezina@redhat.com>
KRB5: Don't error out reading a minimal krb5.conf 2015-09-16T14:53:33+00:00 Jakub Hrozek jhrozek@redhat.com 2015-09-04T08:30:03+00:00 f0815f5dff315576c8d1b6fedf00165a4161f8c0 With some setups, krb5.conf can be really minimal. In those cases, we should ignore PROF_NO_RELATION and PROF_NO_SECTION and just return "false" as in "no proxy" without a loud debug message. Reviewed-by: Petr Cech <pcech@redhat.com> 
With some setups, krb5.conf can be really minimal. In those cases, we
should ignore PROF_NO_RELATION and PROF_NO_SECTION and just return
"false" as in "no proxy" without a loud debug message.

Reviewed-by: Petr Cech <pcech@redhat.com>