| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The list of resolved servers is allocated on the back end context and
kept in the fo_service structure. However, a single request often
resolves a server and keeps a pointer until the end of a request and
only then gives feedback about the server based on the request result.
This presents a big race condition in case the SRV resolution is used.
When there are requests coming in in parallel, it is possible that an
incoming request will invalidate a server until another request that
holds a pointer to the original server is able to give a feedback.
This patch simply checks if a server is in the list of servers
maintained by a service before reading its status.
https://fedorahosted.org/sssd/ticket/1364
|
| |
|
|
|
|
|
|
|
|
| |
Note we set MSG_NOSIGNAL to avoid
having to fiddle with signal masks
but also do not want to die in case
SIGPIPE gets raised and the application
does not handle it.
|
| |
|
| |
|
|
|
|
|
| |
The attribute is supposed to contain number of days since the epoch, not
the number of seconds.
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1348
NSS: Restore original protocol for getservbyport
When fixing an endianness bug, we changed the protocol unnecessarily.
|
| |
|
|
|
|
|
|
| |
structure
https://fedorahosted.org/sssd/ticket/1343
|
|
|
|
|
|
|
|
| |
The fact that we were keeping it in memory for the full duration
of the cache timeout meant that we would never reap the benefits
of the midpoint cache refresh.
https://fedorahosted.org/sssd/ticket/1340
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.
The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1329
|
|
|
|
|
|
|
|
|
|
|
|
| |
Previous version of the SSSD did not abort the async LDAP search
operation on errors. In cases where the request ended in progress, such
as when the paging was very strictly limited, the old versions at least
returned partial data.
This patch special-cases the LDAP_SIZELIMIT_EXCEEDED error to avoid a
user-visible regression.
https://fedorahosted.org/sssd/ticket/1322
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1320
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1312
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1307
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1258
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1237
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1234
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1270
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1291
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1274
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1269
|
|
|
|
|
|
|
|
|
|
| |
Add sss_get_cased_name_list utility function
LDAP services: Save lowercased protocol names in case-insensitive domains
https://fedorahosted.org/sssd/ticket/1260
Proxy services: Save lowercased protocol names and aliases in case-insensitive domains
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1259
|
|
|
|
|
|
|
|
| |
SSSD needs to be started before NFS-related processes or they will
mount with the username 'nobody' if they would have otherwise used
LDAP accounts.
https://fedorahosted.org/sssd/ticket/1273
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1268
|
|
|
|
|
|
|
|
| |
If we can't reach the RootDSE, let's just proceed as if it's
unavailable with reasonable defaults. If we fail later on, that's
fine.
Fixes https://fedorahosted.org/sssd/ticket/1257
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1253
|
|
|
|
|
|
|
|
|
|
|
| |
SSH: Allow clients to explicitly specify host alias
This change removes the need to canonicalize host names on the responder
side - the relevant code was removed.
SSH: Canonicalize host name and do reverse DNS lookup in sss_ssh_knownhostsproxy
https://fedorahosted.org/sssd/ticket/1245
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Include new manpages in translations
Updating translations for SSSD 1.8.1
Fix validation errors in translations
|
| |
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1242
Handle empty elements in proxy netgroups:
|
| |
|
|
|
|
|
|
|
| |
Instead of keeping the number of parent groups in "state" and having to
reset the count when moving to another group on the same level, keep
track of the all groups on a particular level along with their parents
and parent count.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This function alters the memory hierarchy of the be_req
to ensure memory safety during shutdown. It creates a
spy on the be_cli object so that it will free the be_req
if the client is freed.
It is generally allocated atop the private data context
for the appropriate back-end against which it is being
filed.
https://fedorahosted.org/sssd/ticket/1226
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1228
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1224
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1215
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1227
|