| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
|
| |
We checked only header file "sys/inotify" for detection whether inotify
works. Some platforms do not have built in inotify, but contain library,
which provides inotify-compatible interface.
This patch adds more robust detection of inotify in configuration time and
appends linker flags to Makefile if inotify is provided by library.
|
|
|
|
|
|
|
|
| |
We used pkg-config only as a fallback if header files was not found,
but detection of library failed in case of available header file and
linking problem (missing -Ldir).
This patch prefers pkg-config.
|
|
|
|
|
| |
We check whether HAVE_INTPTR_T is defined in definition of macro
discard_const_p, but autootols macro AC_CHECK_TYPE did not generate it.
|
|
|
|
|
|
|
|
|
| |
If $libdir is not in default library path libunistring cannot be
found. (pkg-config can not be used in this case).
This patch helps to search libunistring in "$libdir" directory.
In refactoring part, indentation was updated to be more readable
and some duplicated parts were removed.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
Function gettext needn't be included in libc, it can be part of another
library. Autotools macro AM_GNU_GETTEXT generate makefile variables
(LIBINTL, LTLIBINTL), which contain necessary linker flags.
checking for GNU gettext in libc... no
checking for iconv... yes
checking for GNU gettext in libintl... yes
checking whether to use NLS... yes
checking where the gettext function comes from... external libintl
|
| |
|
|
|
|
|
| |
AC_MSG_RESULT was not used everywhere after AC_MSG_CHECKING.
Therefore two lines from configure output was mixed in some cases.
|
|
|
|
|
| |
Detect directory with python libraries and add this
directory to the list of directories to be searched for linker.
|
|
|
|
|
|
|
|
|
|
|
| |
It is not very likely, that record will have the same hash1 and hash2, but it
is possible. In this situation, it does not make sense to remove record twice.
Function sss_mc_rm_rec_from_chain was not robust and sssd_nss could crash
in this situation. It was only possible if record was alone in chain.
Resolves:
https://fedorahosted.org/sssd/ticket/2049
|
|
|
|
| |
Fixes https://fedorahosted.org/sssd/ticket/1892
|
|
|
|
|
|
|
| |
It is better to use standard constant for maximum value of type size_t,
instead of reinventing wheel with own defined constant SIZE_T_MAX
This patch replace string "SIZE_T_MAX" -> "SIZE_MAX"
|
| |
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1992
|
| |
|
|
|
|
|
|
|
|
| |
struct hbac_eval_req is defined in header file and it has attribute
request_time with type time_t, but header file "time.h" was not included.
It was not problem, because time.h was indirectly included by stdlib.h
(stdlib.h -> sys/types.h -> time.h) in implementation files,
but other platforms can have other dependencies among header files.
|
| |
|
|
|
|
|
|
|
| |
We use constant AF_INET6 in util.c, but we do not explicitly include header
file sys/socket.h. This header file was indirectly incuded by another header
file netdb.h (netdb.h -> netinet/in.h -> sys/socket.h), but other platform can
have other dependencies among header files.
|
|
|
|
|
|
|
| |
Function monitor_config_file_fallback was defined inside of conditional
block "#ifdef HAVE_SYS_INOTIFY_H", but it was also used out of this block.
This patch move declaration of function before start of conditional build
section.
|
|
|
|
|
|
| |
last argument of function sss_strnlen "size_t *len" is output variable.
We need to increment value of size_t being pointed to by pointer instead of
incrementing pointer.
|
|
|
|
|
|
| |
Some platform have header file endian.h and anothers have sys/endian.h.
We nedd to use conditional build to handle it correctly, therefore new header
file sss_endian.h was created.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2057
|
|
|
|
| |
ht_size is size of hash_table in bytes, but hash keys have type uint32_t
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The code uses 2 hashes for each record, but only one hash table to
index them both, furthermore each record has only one single 'next'
pointer.
This means that in certain conditions a record main end up being on a
hash chain even though its hashes do not match the hash chain. This can
happen when another record 'drags' it in from another hash chain where
they both belong.
If the record without matching hashes happens to be the second of the
chain and the first record is removed, then the non matching record is
left on the wrong chain. On removal of the non-matching record the hash
chain will not be updated and the hash chain will end up pointing to an
invalid slot.
This slot may be later reused for another record and may not be the
first slot of this new record. In this case the hash chain will point to
arbitrary data and may cause issues if the slot is interpreted as the
head of a record.
By skipping any block that has no matching hashes upon removing the
first record in a chain we insure that dangling references cannot be
left in the hash table
Resolves:
https://fedorahosted.org/sssd/ticket/2049
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2059
If len % SSSSRV_PACKET_MEM_SIZE == 0 or some low number,
we can end up with totlen < len and return EINVAL.
It also does not pad the length, but usually allocates
much more memory than is desired.
len = 1024
n = 1024 % 512 + 1 = 0 + 1 = 1
totlen = 1 * 512 = 512
=> totlen < len
len = 511
n = 511 % 512 + 1 = 511 + 1
totlen = 512 * 512 = 262144
totlen is way bigger than it was supposed to be
|
|
|
|
|
| |
Resolves:
https://fedorahosted.org/sssd/ticket/1825
|
|
|
|
|
| |
This patch adds function to store corrupted mmap cache file to
disk for further analysis.
|
|
|
|
|
| |
We introduced new way to check integrity of memcache in the
client code. We should use similiar checks in the responder.
|
|
|
|
|
| |
Removes off by one error when using macro MC_SIZE_TO_SLOTS
and adds new macro MC_SLOT_WITHIN_BOUNDS.
|
|
|
|
|
| |
We had pattern in client code with 3 conditions
that can be replaced with one.
|
|
|
|
|
|
|
|
| |
data->name value must be checked to prevent segfaults in
case of corrupted memory cache.
resolves:
https://fedorahosted.org/sssd/ticket/2018
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1827
|
|
|
|
|
|
|
|
| |
Print more descriptive message when wrong current password
is given during password change operation.
resolves:
https://fedorahosted.org/sssd/ticket/2029
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
Add new option refresh_expired_interval.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1713
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1891
|
|
|
|
|
|
|
| |
This patch prevents jumping outside of allocated memory in
case of corrupted slot or name_ptr values. It is not proper
solution, just hotfix until we find out what is the root cause
of ticket https://fedorahosted.org/sssd/ticket/2018
|
|
|
|
|
|
| |
Wait for c-ares to finish before checking for memory leaks.
https://fedorahosted.org/sssd/ticket/1899
|
|
|
|
|
|
|
| |
Partially solves ticket: https://fedorahosted.org/sssd/ticket/1966
To avoid the problem mentioned in the ticket above, option
dns_discovery_domain must be set properly
|
|
|
|
|
|
|
|
| |
c-ares timeout to wait for response from DNS server
before moving to next DNS server is lowered from 5s
to 2s.
Partially solves https://fedorahosted.org/sssd/ticket/1966
|
|
|
|
|
|
|
|
|
|
|
|
| |
Explanation:
In order to use a common style when creating commits a commit template will be
helpful espcially to new developers.
The commit template can be activated with the following command:
git config commit.template .git-commit-template
When this is done any new commit will use the template as the default commit
message.
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/1959
|
|
|
|
|
|
|
| |
Previously, these contained hard-coded paths. Now they are
populated correctly by the configure script.
https://fedorahosted.org/sssd/ticket/1986
|
| |
|
|
|
|
|
|
|
|
| |
Function sysdb_getpwnam return more results than 1 and therefore sss_cmd_done
was called. Inside of function sss_cmd_done memory was freed,
but this freed memory was used in caller functions, therefore sssd crashed.
https://fedorahosted.org/sssd/ticket/1980
|
|
|
|
|
|
|
|
|
| |
https://fedorahosted.org/sssd/ticket/2005
Some users were confused by our description of min_id/max_id and thought
the limits only applied to returning entries from the NSS responder.
However, the limits are actually enforced on the back end side, so the
entries are not even saved to cache.
|
|
|
|
|
|
|
| |
In order for sss_cache to work correctly, we must also signal the nss
responder to invalidate the hash table requests.
https://fedorahosted.org/sssd/ticket/1759
|
|
|
|
|
|
|
|
|
| |
There is a timed desctructor in the nss responder that, when the
entry timeout passes, removes the netgroup from the hash table while
the netgroup is freed. This patch adds a hash delete callback so that if the
netgroup is removed from the hash table with hash_delete, its hash table
pointer will be invalidated. Later, when the entry is being freed, the
destructor won't attempt to remove it from the hash table.
|