| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1683
The result of the percent calculation was always 0 as it used plain
ints. The patch switches to using explicit floats to avoid reintroducing
the bug again even with brackets.
|
|
|
|
|
|
|
| |
This is an additional proteciont in case the provider misbheaves to avoid
having requests pending forever.
Fixes: https://fedorahosted.org/sssd/ticket/1717
|
| |
|
| |
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1581
If the namingContext attribute had no values or multiple values, then
our code would dereference a NULL pointer.
|
|
|
|
|
|
|
|
| |
Certain LDAP servers can return an empty string as the value of
namingContexts. We need to treat these as NULL so that we can fail
gracefully.
https://fedorahosted.org/sssd/ticket/1542
|
|
|
|
|
|
| |
Fixes
https://fedorahosted.org/sssd/ticket/1526
in the 1.8 branch
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The list of resolved servers is allocated on the back end context and
kept in the fo_service structure. However, a single request often
resolves a server and keeps a pointer until the end of a request and
only then gives feedback about the server based on the request result.
This presents a big race condition in case the SRV resolution is used.
When there are requests coming in in parallel, it is possible that an
incoming request will invalidate a server until another request that
holds a pointer to the original server is able to give a feedback.
This patch simply checks if a server is in the list of servers
maintained by a service before reading its status.
https://fedorahosted.org/sssd/ticket/1364
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1515
|
|
|
|
|
|
|
| |
Stops the session stack from returning an error when SELinux is not
used.
Partial backport from commit 7016947229edcaa268a82bf69fde37e521b13233
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1460
|
|
|
|
|
| |
The attribute is supposed to contain number of days since the epoch, not
the number of seconds.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1452
|
|
|
|
| |
Also rename it to sysdb_attrs_get_el_ext()
|
|
|
|
|
|
|
|
| |
https://bugzilla.redhat.com/show_bug.cgi?id=846664
If the first group was cached when processing the nested group membership,
we would call tevent_req_done, effectivelly marking the whole nesting
level as done.
|
| |
|
| |
|
|
|
|
|
|
|
|
| |
Note we set MSG_NOSIGNAL to avoid
having to fiddle with signal masks
but also do not want to die in case
SIGPIPE gets raised and the application
does not handle it.
|
| |
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1329
|
|
|
|
|
|
|
| |
At this moment we will support only asterisk, designating "all
services".
https://fedorahosted.org/sssd/ticket/1360
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1271
|
|
|
|
|
|
| |
missing
https://fedorahosted.org/sssd/ticket/1356
|
| |
|
|
|
|
|
| |
Don't use GlobalKnownHostsFile2 in ssh_config, as it has been deprecated in
OpenSSH 5.9.
|
| |
|
| |
|
| |
|
|
|
|
| |
When fixing an endianness bug, we changed the protocol unnecessarily.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1348
|
| |
|
|
|
|
|
|
| |
There was an issue when IPA provider didn't set PAM_SUCCESS when
successfully finished loading SELinux user maps. This lead to the map
not being read in the responder.
|
|
|
|
|
|
| |
structure
https://fedorahosted.org/sssd/ticket/1343
|
|
|
|
|
| |
* When it's actually a failure, then the callers will print
a message. Fine tune this.
|
|
|
|
|
|
|
|
|
|
|
| |
* When calling krb5_get_init_creds_keytab() with
krb5_get_init_creds_opt_set_canonicalize() the credential
principal can get updated.
* Create the cache file with the correct default credential.
* LDAP GSSAPI SASL would fail due to the mismatched credentials
before this patch.
https://bugzilla.redhat.com/show_bug.cgi?id=811518
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1330
|
|
|
|
|
|
|
|
|
| |
* Load the enctypes for the keys in the keytab and pass
them to krb5_get_init_creds_keytab().
* This fixes the problem where the server offers a enctype
that krb5 supports, but we don't have a key for in the keytab.
https://bugzilla.redhat.com/show_bug.cgi?id=811375
|
| |
|
|
|
|
|
|
|
|
| |
The fact that we were keeping it in memory for the full duration
of the cache timeout meant that we would never reap the benefits
of the midpoint cache refresh.
https://fedorahosted.org/sssd/ticket/1340
|
| |
|
|
|
|
|
|
|
|
|
|
| |
Our previous detection for this was flawed, because the %{rhel}
macro did not exist on the version of RPM shipped with RHEL 5, but
it worked when building for RHEL 5 through mock. This new patch
relies on grepping /etc/redhat-release for the version
information.
https://fedorahosted.org/sssd/ticket/1206
|
| |
|
| |
|
|
|
|
|
|
|
|
|
|
|
| |
libtool: link: gcc -Wall -Wshadow -Wstrict-prototypes -Wpointer-arith -Wcast-qual -Wcast-align -Wwrite-strings -Werror-implicit-function-declaration -fno-strict-aliasing -fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -g -D_FILE_OFFSET_BITS=64 -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -Wl,--version-script -Wl,./src/providers/sssd_be.exports -o sssd_be src/providers/data_provider_be.o src/providers/data_provider_fo.o src/providers/data_provider_opts.o src/providers/data_provider_callbacks.o src/providers/fail_over.o src/resolv/async_resolv.o -Wl,--export-dynamic -lpam -lcares ./.libs/libsss_util.a -ltevent -ltalloc -lpopt -lldb -ldbus-1 -lpcre -lini_config -lcollection -ldhash -llber -lldap -ltdb -lunistring -lcrypto
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: src/providers/data_provider_be.o: undefined reference to symbol 'dlsym@@GLIBC_2.2.5'
/usr/lib64/gcc/x86_64-suse-linux/4.7/../../../../x86_64-suse-linux/bin/ld: note: 'dlsym@@GLIBC_2.2.5' is defined in DSO /lib64/libdl.so.2 so try adding it to the linker command line
/lib64/libdl.so.2: could not read symbols: Invalid operation
collect2: error: ld returned 1 exit status
make[2]: *** [sssd_be] Error 1
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
Fixes a regression in the local domain tools where sss_groupadd no longer
detected a GID duplicate. The check for EEXIST is moved one level up into
more high level function.
The patch also adds the same rename support for users. I found it odd that
we allowed a rename of groups but not users. There is a catch when storing
a user -- his cached password would be gone. I think that renaming a user
is such a rare operation that it's not severe, plus there is a warning in
the logs.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1329
|
|
|
|
|
|
|
|
| |
When the ldap child process is killed after a timeout, try the next KDC.
When none of the ldap child processes succeed, just abort the connection
because we wouldn't be able to authenticate to the LDAP server anyway.
https://fedorahosted.org/sssd/ticket/1324
|
| |
|