sssd.git/src/util, branch sysdb sssd with jhrozek's patches foo2 2016-01-13T14:31:29+00:00 Jakub Hrozek jhrozek@redhat.com 2016-01-13T14:04:52+00:00 17c77befe6e9bb9fd67ae5d226d7ffcc233acd43 






sysdb: Unify name format for groups and users
2016-01-13T10:28:45+00:00

Michal Zidek
mzidek@redhat.com

2015-02-10T16:30:00+00:00

23674dfef4225b90d45c27b88fe72dc37b22e32d

This is WIP patch to unify format of
usernames and groupnames in sssd internals.

In current form it breaks just about everything.

The sysdb update function is just placeholder
and it's contents are irelevant.

Currently I am working on fqname attribute
removal because it seems to just add confusion.

If you decide to look into the code, please use
sunglasses or other other protective gear and play
some calm music in your backgroun to prevent
eye or brain injury.





This is WIP patch to unify format of
usernames and groupnames in sssd internals.

In current form it breaks just about everything.

The sysdb update function is just placeholder
and it's contents are irelevant.

Currently I am working on fqname attribute
removal because it seems to just add confusion.

If you decide to look into the code, please use
sunglasses or other other protective gear and play
some calm music in your backgroun to prevent
eye or brain injury.







util: sss_ioname2internal
2016-01-13T10:28:44+00:00

Michal Židek
mzidek@redhat.com

2015-10-07T17:31:12+00:00

31642de7cab2952ead08479955ce2768d34283c3












util: Add function to create internal fqname
2016-01-13T10:28:44+00:00

Michal Zidek
mzidek@redhat.com

2015-04-21T15:28:23+00:00

4af587e90c866f27ddea8e479925db7563d4392c

Add function to create internal fqname in format
shortname@domname where domain portion is lowercased.





Add function to create internal fqname in format
shortname@domname where domain portion is lowercased.







util: Add function to parse internal fqname format
2016-01-13T10:28:44+00:00

Michal Zidek
mzidek@redhat.com

2015-04-21T15:40:46+00:00

9d7cc3df00fde4c582ff64a19b6ac67839692fe9

Add lightweight function to parse internal fqname format
(shortname@domain). This function does not require the
sss_names to be initialized.





Add lightweight function to parse internal fqname format
(shortname@domain). This function does not require the
sss_names to be initialized.







p11: enable ocsp checks
2015-11-26T15:39:49+00:00

Sumit Bose
sbose@redhat.com

2015-11-05T17:20:27+00:00

544a20de7667f05c1a406c4dea0706b0ab507430

This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





This patch enables the Online Certificate Status Protocol in NSS and
adds an option to disable it if needed. To make further tuning of
certificate verification more easy it is not an option on its own but an
option to the new certificate_verification configuration option.

Resolves https://fedorahosted.org/sssd/ticket/2812

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







UTIL: Fix memory leak in switch_creds
2015-11-11T11:10:34+00:00

Lukas Slebodnik
lslebodn@redhat.com

2015-10-24T12:19:11+00:00

5455da4f944145239295a2d8344f1a7602b4454d

If we are already requested used then we needn't to call
setreeuid(), setresgid(). But we forgot to relase local
struct sss_creds *ssc, which is used for returnig saved credentials.

Reviewed-by: Petr Cech <pcech@redhat.com>





If we are already requested used then we needn't to call
setreeuid(), setresgid(). But we forgot to relase local
struct sss_creds *ssc, which is used for returnig saved credentials.

Reviewed-by: Petr Cech <pcech@redhat.com>







UTIL: More restrictive umask on sss_unique_file()
2015-11-05T15:07:55+00:00

Petr Cech
pcech@redhat.com

2015-10-21T12:06:19+00:00

56e067109659886408789c936d37c1e86fe46695

There is no need to have executable unique_file.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





There is no need to have executable unique_file.

Resolves:
https://fedorahosted.org/sssd/ticket/2424

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







LDAP: Fix leak of file descriptors
2015-11-05T09:31:46+00:00

Lukas Slebodnik
lslebodn@redhat.com

2015-10-22T08:30:12+00:00

a10f67d4c64f3b1243de5d86a996475361adf0ac

The state "struct sss_ldap_init_state" contains socket
created in function sss_ldap_init_send. We register callback
sdap_async_sys_connect_timeout for handling issue with connection

The tevent request "sss_ldap_init_send" is usually (nested) subrequest
of "struct resolve_service_state" related request created in fucntion
fo_resolve_service_send. Function fo_resolve_service_send also register
timeout callback fo_resolve_service_timeout to state "struct
resolve_service_state".

It might happen that fo_resolve_service_timeout will be called before
sss_ldap_init_send timeout and we could not handle tiemout error
for state "struct sss_ldap_init_state" and therefore created socket
was not closed.

We tried to release resources in function sdap_handle_release.
But the structure "struct sdap_handle" had not been initialized yet
with LDAP handle and therefore associated file descriptor could not be closed.

[fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
[fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110]
[sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory
[be_resolve_server_done] (0x1000): Server resolution failed: 14
[be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14]
[check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)]

Resolves:
https://fedorahosted.org/sssd/ticket/2792

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>





The state "struct sss_ldap_init_state" contains socket
created in function sss_ldap_init_send. We register callback
sdap_async_sys_connect_timeout for handling issue with connection

The tevent request "sss_ldap_init_send" is usually (nested) subrequest
of "struct resolve_service_state" related request created in fucntion
fo_resolve_service_send. Function fo_resolve_service_send also register
timeout callback fo_resolve_service_timeout to state "struct
resolve_service_state".

It might happen that fo_resolve_service_timeout will be called before
sss_ldap_init_send timeout and we could not handle tiemout error
for state "struct sss_ldap_init_state" and therefore created socket
was not closed.

We tried to release resources in function sdap_handle_release.
But the structure "struct sdap_handle" had not been initialized yet
with LDAP handle and therefore associated file descriptor could not be closed.

[fo_resolve_service_timeout] (0x0080): Service resolving timeout reached
[fo_resolve_service_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[110]
[sdap_handle_release] (0x2000): Trace: sh[0x7f6713410270], connected[0], ops[(nil)], ldap[(nil)], destructor_lock[0], release_memory
[be_resolve_server_done] (0x1000): Server resolution failed: 14
[be_resolve_server_recv] (0x0020): TEVENT_REQ_RETURN_ON_ERROR ret[14]
[check_online_callback] (0x0100): Backend returned: (1, 0, <NULL>) [Provider is Offline (Success)]

Resolves:
https://fedorahosted.org/sssd/ticket/2792

Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>







server_setup: Log failed attempt to set locale
2015-11-04T08:09:30+00:00

Michal Židek
mzidek@redhat.com

2015-10-19T13:49:02+00:00

a0c8aae6b31867f29e83e4f8a2a7ef037a82569e

Failed setlocale call could cause unexpected
behaviour. It is better to generate DEBUG
message if this happens.

Reviewed-by: Michal Židek <mzidek@redhat.com>





Failed setlocale call could cause unexpected
behaviour. It is better to generate DEBUG
message if this happens.

Reviewed-by: Michal Židek <mzidek@redhat.com>